Egypt Financial Regulatory Authority sets licensing, real-time API and cybersecurity rules for digital insurance brokers

The Egypt Financial Regulatory Authority issued Board Decision No. 198 of 2025 establishing requirements for licensed insurance brokerage firms that want to conduct brokerage activities digitally. The framework ties digital operation to regulatory approval, sets platform, cybersecurity and data-handling obligations, and introduces customer protection and payment-handling rules. Firms seeking to operate digitally must hold a valid brokerage licence, obtain approval to conduct the activity digitally, submit a board-approved business plan, and specify the digital products and services to be offered. Before launch, they must provide the authority with a live demonstration of the platform including penetration and vulnerability test results, and comply with the authority’s existing digital services and cybersecurity requirements. The decision requires real-time issuance of insurance quotations and policies via Web Service API links between the broker platform and insurers’ systems, with brokers responsible for confirming insurers’ technological readiness for instant connectivity and data exchange. Brokers must store customer and insurer data on secure servers, keep information confidential within legal limits, disclose their licence and the authority’s approval on the platform, and obtain customer review and consent to required declarations and product terms prior to policy issuance. The platform must provide direct customer service contact, enable neutral comparisons of same-type products, and prohibit premium or fee collection via any method that routes funds into the broker’s account, limiting collection to the insurer’s non-cash channels. Ongoing cybersecurity obligations include at least annual penetration testing and additional tests after any material systems change, plus vulnerability testing at least every three months and after material changes, with results submitted to the authority. Insurers contracting with a digital broker must verify the broker has the authority’s approval before contracting, restrict the electronic link to brokerage purposes, quote prices based on approved technical bases, ensure readiness for real-time integration, notify the authority immediately of breaches or violations, and provide electronic premium collection channels through companies listed in the authority’s registry for electronic insurance premium collection so funds transfer directly to the insurer.