EGYPT Law and Practice Contributed by: Dina Kamel, Helal El Hossary, Omar Fouda and Kareem Hashem, Zaki Hashem
sion. The Unified Insurance Law confirms that the FRA has exclusive competence for the “licensing, supervi - sion and oversight” of insurance activities. Insurers must establish technical provisions based on any report prepared by an actuary “registered with the Authority”, and those provisions must follow “techni - cal bases approved by the Authority’s board”. For dig - ital underwriting and issuance, the law allows certain standardised policies to be issued electronically – but only if the insurer obtains the FRA’s prior approval and complies with FRA control measures (Law No 155 of 2024; the “Unified Insurance Law”). 8.2 Treatment of Different Types of Insurance Different types of insurance are treated differently by both industry participants and the regulator. The Uni - fied Insurance Law categorises insurance into distinct types and branches, and applies different technical expectations accordingly under FRA oversight. The law distinguishes “persons insurance and capi - tal formation operations” (eg, life, long-term personal accident, long-term medical, pension and capital for - mation insurance) from “property and liability insur - ance” (including fire, transport and related liabilities, marine hull, aviation hull, comprehensive motor and compulsory motor liability, engineering, petroleum, energy, agricultural, miscellaneous accident and liabil - ity, credit, short-term medical and cyber insurance), and it also recognises specialised categories such as medical insurance and microinsurance. This classification matters in practice because liabili - ties and risk dynamics differ accordingly. Technical provisions and prudential treatment are not uniform across lines, and the law also imposes specific con - duct constraints on persons and capital formation insurance, including a prohibition on applying differ - ent terms or conditions to policies within the same category unless authorised by the FRA board.
or PSOs, the primary regulator is the CBE under the Central Bank and Banking System Law. In practice, regtech vendors are bound by the regulated client’s mandatory requirements for confidentiality, cyber - security, auditability, business continuity, incident response and outsourcing controls, and must be registered in the CBE Outsourcing Service Providers Register. If the product is used by NBFS firms, the primary regulator is the FRA, anchored in Law No 10 of 2009 and the Law Regulating and Developing the Use of Financial Technology in Non‑Banking Financial Activi - ties. The most directly relevant pieces of legislation for regtech vendors are the FRA board of director decrees (Decree No 139 of 2023, Decree No 140 of 2023, and Decree No 141 of 2023, as amended by Decree No 68 of 2025 (amending Decrees 140 and 141) that opera - tionalise technology governance and outsourcing for fintechs providing NBFS. Vendors must be registered in the FRA Outsourcing Service Providers Register. Even where the regtech provider is “simply a ven - dor”, horizontal regimes still apply. The PDPL applies to controllers and processors and provides security, governance and cross-border transfer requirements, although it includes an exemption for personal data held by the CBE and entities subject to its control and supervision. Therefore, bank-facing regtech is primar - ily driven by CBE confidentiality and security require - ments, while for NBFS use cases the PDPL applies. 9.2 Contractual Terms to Ensure Performance and Accuracy In Egypt, regulated firms typically rely on a few key contractual terms pertaining to: • detailed service level agreements (SLAs) and key performance indicators (KPIs); • testing and validation duties (especially where ana - lytics affect customer outcomes); • audit and inspection rights; • mandatory incident notification timelines; • change-of-management controls; • subcontractor restrictions; • data minimisation, duplication and retention; and • clear allocation of responsibility for false positives/ negatives and resulting customer harm.
9. Regtech 9.1 Regulation of Regtech Providers
Regtech is not specifically regulated, and the appli - cable regime depends on how and where a regtech product is used. If the product is used by banks, PSPs
230 CHAMBERS.COM
Powered by FlippingBook