Shehata & Partners (“SP”) has prepared this brief comprising the key highlights of the new law on Non-Banking FinTech No. 5/2022 (the “Law”) which will be regulated under the umbrella of the Financial Regulatory Authority (“FRA”).

SP Executive Summary

SP has noted (10) core issues under the Law that anyone interested in FinTech should be worried about as follows:

1. There is still a lot left to be clarified through the executive regulations and/or decrees to be issued by FRA.
2. The Grace Period is for a minimum of (6) months from the date of issuing the Executive Regulations.
3. Non-Banking FinTech is now only available for (4) sub-sectors: 1) Financial Advisory Apps; 2) Nano Finance Apps; 3) Insurance Apps, and 4) Consumer Finance Apps. However, FRA has the discretion to add on other sub-sectors within the same realm. 
4. The status of other sub-sectors that could arguably be considered as a Non-Banking FinTech activity is still a GREY AREA.
5. Smart Contracts regulations have arrived in Egypt.
6. Foreign Companies offering Non-Banking FinTech in Egypt should incorporate in Egypt and apply for FRA’s license/approval; otherwise, they will be considered liable and might be penalized by FRA.
7. The 25% to be owned by a Financial Institution as a requirement previously issued by FRA for several non-banking activities is not yet clear whether it will apply to FinTechs operating under this Law.
8. FRA has created a Sandbox and a Temporary License Regime for Startups.
9. Any FinTech has to worry about how they procured their data. Otherwise, the PENALTY might be too hefty!
10. ALWAYS Be Worry about the GREY AREA! Consult a Lawyer before going down this road or the PENALTY might be too much!

SP Full Summary:

SP has prepared the below summary along with SP Notes on some occasions to focus on certain issues that are yet not clear under the Law and should be further developed by FRA down the road. Also, we have included the articles from the Law for ease of reference for FinTech Enthusiasts.

Issue	Description	Article
1.   Grace Period	The Law provides that there will be a 6-month grace period for anyone who is conducting Non-Banking FinTech activities. This period will start to run upon the issuance of the Executive Regulations for the Law. Further, this period could be extended for a similar period(s) not exceeding 2 years in total. However, the Prime Minister could extend it further for an additional two-year period.SP Note: We believe that a blockchain-based smart contract is included within the definition as well by extension; subject to further confirmation by FRA officials. This means that the Grace Period could range from 6 months to arguably 4 years subject to FRA and the Prime Minister’s discretion.	Article (4) of the Issuance Introductory Articles.
2.   Non-Banking FinTech: What does it mean?	The Law defines the only currently available sub-sectors for licensing and approvals[1]: 1.   Financial Advisory App: Includes all financial advisory and consultations conducted in an innovative way by virtue of technological means that includes Artificial Intelligence (AI).2.   Nano Finance App: it is defined as finance provided to individuals for economic activities. No specific reference is made to the SMEs Financing laws or the Nano Finance decree issued previously by FRA.3.   Insurance App: it is not clear whether it includes insurance brokerage activities or not.4.   Consumer Finance App: This should be inclusive of consumer finance activities as defined under the Consumer Finance Law of 2018. It is not clear to us whether FRA will include “Buy Now Pay Later” (BNPL) activities just yet. It must be noted that FRA has the discretion to add on other sub-sectors within the same realm. SP Note: We believe that a blockchain-based smart contract is included within the definition as well by extension; subject to further confirmation by FRA officials.  It should be noted that FRA has reserved its discretion to include further sub-activities under the Law when meeting certain criteria.[2] It must be noted that earlier drafts of the Law included crowdfunding and other promising sub-sectors as well. But the Law only specified these four (4) sub-sectors mentioned above as a starting point.	Article (1) – Definitions – Items (4) and (5) + Article (8).
3.   Digital & Smart Contracts	The Law has defined the term “digital contract” which includes any contract documenting the liabilities and obligations of the concerned parties in a technological format. More importantly, a smart contract is included within the digital contract definition.The Law also mentioned that FRA will issue the executive regulations and decrees for enabling the conclusion and performance of such digital contracts.SP Note: We believe that a blockchain-based smart contract is included within the definition as well by extension; subject to further confirmation by FRA officials.	Article (1) – Definitions – Item (12) + Article (11).
4.   Financial Inclusion	It is important to note that financial inclusion has been set as the primary purpose of this Law and the main factor in opening the doors for FinTech in the Non-Banking sector. In this regard, a broad definition has been set out for the term “Financial Inclusion” under the Law whereby it is clear that the government is aiming at enabling financial solutions for more and more tranches in Egyptian Society.	Article (1) – Definitions – Item (18) + Article (2).
5.   Extraterritorial Reach	The Law has explicitly mentioned that its provisions will apply to any of the following:-       FinTechs operating in Egypt; or–       FinTechs operating outside Egypt but serving customers/clients residing in Egypt. SP Note: This means that any FinTech that is already operating in Egypt while incorporated abroad will be required to abide by the provisions of the Law. In other words, foreign FinTechs that wish to extend their services to either Egyptian clients or customers must incorporate an Operating Entity in Egypt and must obtain the required FRA license/approval, whatever the case may be.	Article (3).
6.   Regulatory Scheme	There are two different schemes depending upon whether applicant FinTech is not still regulated by FRA or not. The below table explains the core differences between both types and the relevant complication in this respect:Type/IssueShareholding Structure FeesLicensing Regime for FinTechs who do not have an FRA License for a Non-Banking Activity:The chief requirement is submitting the direct and indirect shareholding structure of the applicant FinTech. FRA should still issue specific regulations within such a realm. For instance, insurance brokerages amongst other non-banking sectors are in fact required to have 25% of their direct shareholding structure owned by a Financial Institution (as per the limited definition under FRA’s decree issued in 2020). Accordingly, we need to wait and see if FinTechs will be treated differently on this front.Should not exceed EGP 50,000 (Around USD 3,200). Not clear if this is a one-time fee or an annual one.Approval Regime for FinTechs who have an FRA License for a Non-Banking Activity Left to a subsequent decision by FRA. However, these companies should anyhow be compliant with FRA’s decrees including the 25% Financial Institution direct shareholding requirement. Should not exceed EGP 25,000 (Around USD 1,600). Not clear if this is a one-time fee or an annual one.	Articles (4) and (5).
7.   FRA’ Sandbox	The Law has explicitly mentioned that FRA[3] will have its own sandbox for Non-Banking FinTech activities enabling startups to test their FinTech products with real consumers under the supervision of FRA.	Article (9).
8.   Startups Temporary License	FRA is entitled to issue a temporary license not exceeding a period of two (2) years for innovative startups in the Non-Banking FinTech sector.  Further, FRA will still issue the decrees extrapolating on the required conditions for such a temporary license. FRA only mentioned the minimum issued capital for such startups to be not less than EGP 250,000.[4] In addition, FRA has mentioned explicitly that it will waive the licensing fees (capped at EGP 50,000) for such startups.SP Note: The Law did not clarify explicitly whether the sandbox regime is a separate mechanism from the temporary license scheme. In other words, do startups need to apply first for the sandbox and then apply for the temporary license after their sandbox period is successful. This is to be further confirmed by the FRA officials.	Article (9).
9.   Data Protection	In addition to the Data Protection Law obligations (No. 151/2020), the Law has added that any information concerning the end customers shall be kept confidential and should not be disclosed to any third party except with the prior written consent (whether physically or through digital means) of such customers and within the scope of such consent. The confidential information under the Law includes both:–       Identification information of the consumers; or-       Information concerning the transactions of the consumers.SP Note: The Law has explicitly paved the way for electronic and digital consents to be procured from the consumers. This is primarily to facilitate the operations of FinTechs.	Article (13).
10.                 Penalties	The Main Penalties under the Law are as follows:Operating a Non-Banking FinTech without an FRA License/Approval = Imprisonment no less than 6 Months + A Fine between EGP 200,000- EGP 1 Million or either penalty.Operating a Non-Banking FinTech without complying with the FRA License/Approval terms or conditions = A Fine between EGP 50,000- EGP 500,000.Violating the Data Protection Requirements[5] = Imprisonment no less than 3 Months + A Fine between EGP 200,000- EGP 1 Million or either penalty.SP Note: First of all, the above-mentioned penalties should apply only upon the lapse of the Grace Period mentioned under item (1) above. Secondly, it is still not clear whether having a technology implemented in a sector other than the (4) already established sectors would be penalized by the above penalties or not. This is yet to be confirmed by FRA officials.	Articles (18), (19), and (21).

[1] Check Item (6) for the difference between licensing and approvals schemes under the Law.

[2] These criteria set out under the Law mostly focus upon: (1) cybersecurity compliance, (2) data protection compliance, and (3) money-laundering compliance.

[3] The Law mentioned that this sandbox could be created by FRA on its own or through partnering with/delegating to another institution.

[4] This is already the minimum required capital for any Joint Stock Company incorporated in Egypt.

[5] The requirements are mentioned explicitly under Item (9) above.