EGYPT Law and Practice Contributed by: Dina Kamel, Helal El Hossary, Omar Fouda and Kareem Hashem, Zaki Hashem
The PDPL imposes fines and custodial penalties for unlawful data processing, sensitive data misuse, cross-border violations and marketing breaches (Arti - cles 36–43). If a fintech NBFS company breaches the FinTech Law or its implementing regulations, ceases to meet any licensing condition or engages in activities that threat - en market stability or the interests of its shareholders or clients, the FRA board may take one or more of the following measures: • issue a warning requiring rectification within a specified period and under specific conditions; • require the company’s board or General Assembly to convene in the presence of an FRA representa - tive to address the violations and adopt corrective actions; • dissolve the board and appoint a commissioner to manage the company for up to six months, extend - able once for a further six months, during which time the commissioner must refer the matter to the General Assembly to appoint a new board in accordance with the law; • prohibit the company from conducting business or entering into new contracts for up to six months; and/or • revoke the licence to carry on the activity. 2.11 Implications of Additional, Non- Financial Services Regulations The following are of relevance. • Data protection: The PDPL is one of the primary horizontal regimes, governing lawful basis, security, records, data protection officers (DPOs), breach reporting, licensing/authorisation for sensitive data and cross-border transfers and penalties (Arti - cles 2–17, 26–28 and 36–42). It applies equally to legacy and fintech in relation to all non-CBE regu - lated players and activities – the CBE has its own separate data protection rules, which apply only to CBE-regulated entities. • Cybercrime: Cybercrimes Law 175/2018 and ER 1699/2020 set security controls pertaining to Advanced Encryption Standard 256-level encryp - tion with secure key management, digital evidence handling and provider obligations.
• Consumer protection (CPA): Law No 181 of 2018 (the “the Consumer Protection Law”) applies horizontally to suppliers and service providers, mandating consumer disclosures and governing complaint handling. It tends to affect fintechs more in practice because onboarding, remote contract - ing and marketing are predominantly digital. • Media: Law No 180 of 2018 (Supreme Council for Media Regulation – SCMR) regulates online media and advertising content, and legacy players are usually less exposed than fintechs because fintech customer acquisition relies heavily on social media and online campaigns. • Telecoms: Where products rely on telecoms infra - structure – eg, one-time passwords (OTPs), short message service (SMS), short codes, comms deliv - ery – the Telecommunications Law and National Telecommunication Regulatory Authority (NTRA) licensing and sector rules apply. • E-signatures: Law No 15 of 2004 (Information Technology Industry Development Agency – ITIDA) is relevant where the model depends on legally effective e-signatures and electronic transaction trust services – an area in which fully digital fin - techs are more heavily dependent compared to non-digital legacy players. • Intellectual property: IP Law No 82 of 2002 (as amended) governs key risks related to code owner - ship, licensing, branding, trade marking and pro - tection (specifically trade secret protection) – this is typically more relevant to fintechs given that their value lies in software and data. 2.12 Review of Industry Participants by Parties Other Than Regulators External accounting and auditing firms are the only entities beside regulators that may review the activi - ties of industry participants to ensure compliance and the accuracy of financial records. 2.13 Conjunction of Unregulated and Regulated Products and Services Entities offering services regulated by the CBE, and NBFS companies regulated by the FRA, are author - ised to offer only the services covered by their licenc - es. A single legal entity may engage in multiple activi - ties, subject to prior approval by the relevant regulator.
223 CHAMBERS.COM
Powered by FlippingBook