It is argued that finance would only react to the expectation of growth, however, researchers have evidenced that the financial development plays a prominent role in the entire nation’s growth. Egypt is currently witnessing the development of the non-banking financial sector through a series of decisions issued by the Financial Regulatory Authority (“FRA”) to regulate the operations, safeguards the consumer and supervise the operations of the operators. These series of articles will tackle the key take aways of the three decisions issued by the FRA and published in the official gazette on 11 July 2023; which in brief, tackles the following subject matters:

1. Decision No. 139 of 2023:

• Rules on the required infrastructure;
• Rules on the required information systems;
• means of protection and guarantee to use financial technology to operate in the activities of non-banking finance.

2. Decision No. 140 of 2023:

• Digital identity;
• Digital contracts; and
• Digital register.

3. Decision No. 141 of 2023:

• Rules on register of outsourcing companies which provide outsourcing services in the non-banking financial sector.

(Decisions Nos. 139-141 of 2023 shall be referred collectively as the “FRA Decisions”)

The scope of application of the FRA Decisions are the companies which:

1. wish to obtain a license to carry out non-banking financial activities using fintech techniques under the Law (as defined below);
2. operating in the non-banking financial sector; or
3. operate as outsourcing service providers.

WHAT ARE THE NON-BANKING FINANCIAL ACTIVITIES & FINANCIAL TECHNOLOGY?

Law No. 5 of 2022 regulating use of financial technology in non-banking financial activities (the “Law”) defined the non-banking financial activities to include the markets and financial tools which are regulated by the FRA, including capital market, insurance, financial leasing, factoring and micro, small and medium enterprises financing. The Law has further defined financial technology (A.K.A. fintech) to be a mechanism which uses advanced financial technology in the non-banking financing sector and facilitates the services, activities through software applications, program, digital platforms or artificial intelligence.

At the outset, while the FRA recent decisions are mostly of technical nature, we will highlight the major notes with respect to Decision No. 140 of 2023 (“Decision 140”) particularly given its importance for the companies operating in the sector and for the consumers who purchases the services.

Digital Identity

Digital identity is, in short, the data which allows the evaluation and accreditation of the transactions by being able to identify the person undertaking such transactions through digital platforms. Having said that, the FRA has put in place conditions for the digital identity to ultimately ensure that setting up the digital identity is a secure process through three subprocesses being: identification, verification and authentication of the digital identify.

These subprocesses are divided into the following:

• Knowledge: this includes username and password.
• Possession: this includes the identity documents, email, certified electronic signature, mobile number and cashless payment account.
• Biometrics: this includes finger print, face ID, geographic location and voice print.

Using the above subprocess, the FRA requires companies based on the following risk factor to use multi-layer authentication factor:

• Low risk transaction: basic credibility level requires two (2) elements from the knowledge factor group, three (3) elements from the biometrics group and four (4) elements from the possession factor group;
• Medium risk transaction: the general credibility level same as low-risk transactions in addition to the possession of a non-cash payment account; and

High risk transaction: the high credibility level – the elements required in the medium risk transactions in addition to the possession of certified electronic signature.

Digital Contracts Regulations

In the digital contracts, the service provider is obligated to verify the identity of the customer and his consent, and to ensure the electronic storage of the data.

• Verify the customer’s identity: The identity of the customer shall be verified by applying the same digital identity controls that are required to access the digital platform (as briefly clarified above).
• Verify the customer’s consent: The service provider shall verify the customer’s consent through the availability of capacity, and the provisions of offer and acceptance, especially proving that the customer is aware of all the terms of the contract.
• Storage of the contract electronically: The contract must be saved in the digital register using the appropriate coding technology approved by FRA.

Digital register

Each digital platform shall have digital register, which is divisible into sub-digital registries, each of which is dedicated to one type of operations and transactions related to each of the services of the digital platform, (e.g., register for the digital identity and another for the electronic contracts).

This digital register shall be capable of keeping and retrieving the following:

• Data and details of the transaction; and
• Digital documents related to the transaction.

Storage means of adequate storage capacity shall be provided to preserve and archive digital registries and documents for a period of at least five (5) years after the expiry date of the registered digital document. In case there is a judicial or arbitration case, the registries and documents shall be kept until the dispute is settled.

In conclusion, Decision 140 establishes essential regulations governing digital identity, digital contracts, and digital registries in fintech used to carry out non-banking financial activities. It emphasizes on secure verification processes, trust-building measures in digital contracts, and the need for digital registry. This decree marks a significant step towards fostering transparency, efficiency, and compliance requirements in the rapidly evolving fintech field.

We are happy to assist with any queries with respect to any of the above.

Authors:  Hegui Taha, Partner, Maha El Meihy, Legal Director and Habiba Wahdan, Associate.

For further information, please contact Alex Saleh (alex.saleh@glaco.com) and Hegui Taha (hegui.taha@glaco.com).