The decision No. 141 of 2023 issued by the Financial Regulatory Authority (“FRA”) (“Decision 141”) regulates the creation of the register whereby fintech outsourcing service providers shall be enrolled and penalties should any service provider fails to maintain the requirement(s).

Establishment of the Register:

A register shall be established at the FRA to register fintech outsourcing service providers which operate in the non-banking financial activities (“Register”). The Register shall include the main data and information of the outsourcing service providers.

Conditions for Registration in the Register:

Without prejudice to any applicable laws, the FRA has imposed certain conditions to be able to enrolled in the Register, which include but not limited to:

1. Companies shall be an Egyptian joint stock company, or any other form, provided that it undertakes to convert its legal form into a joint stock company within a maximum of 12 months from the date of its entry in the register.
2. Satisfying the minimum capital as may be determined by the FRA.
3. Have suitable expertise according to the field.
4. The company must have the necessary governance rules that ensures an adequate internal control environment.
5. To have the necessary technological capabilities to ensure the security of the data of outsourcing party customers, protect the privacy and confidentiality of data related to the service.

Once a company is enrolled in the Register, it shall normally operate unless notified otherwise by the FRA. It is also worth highlighting that the enrolment expires upon the lapse of one year, where companies have a grace period of one month to renew the enrolment, otherwise, it will not be considered enrolled. In this respect, the Decision 141 also outlines the process which shall be taken by companies who wish to be enrolled/renew their enrollment in the Register.

Administrative measures:

If FRA’s board of directors (“BoD”) finds that a service provider has violated any of the aforementioned conditions/requirements or has failed to comply with any of the obligations stipulated in the applicable laws and regulations, the BoD may take any of the following measures against the outsourcing service providers:

1. Serve a warning(s) of the alleged violations and specify time period required to rectify and be compliant with the applicable laws and regulations.
2. Temporary suspension of registration in the registry for a period not exceeding one year.
3. Invite the company’s board of directors, or its management, to convene, as the case may be, to consider the matter of the violations attributed to it, and oblige it to take the necessary measures to rectify its status.
4. strike the company off from the Register.

In conclusion, the Decision 141 sets clear guidelines and conditions for outsourcing fintech activities in non-banking financial sectors. It is presumed that the establishment of the Register would entitle the FRA to have sort of supervisory powers on the fintech outsourcing service providers which will ultimately ensure compliance promoting information security and client data protection.

Our team of qualified and specialized lawyers at GLA would be happy to advise further on all of your queries.

Authors:  Hegui Taha, Partner, Maha El Meihy, Legal Director and Habiba Wadhan, Associate.

For further information, please contact Alex Saleh (alex.saleh@glaco.com) and Hegui Taha (hegui.taha@glaco.com).