Egypt Financial Regulatory Authority sets out cyber security strategy for non-bank finance and reiterates penetration testing and cyber insurance requirements

Speaking at the CAISEC 2026 conference, the chair of the Egypt Financial Regulatory Authority set out the authority's cyber security priorities for non-bank financial activities and recapped the regulatory framework it has built for fintech under Egypt's 2022 law. He said the framework is designed to support digital delivery of financial services while requiring firms to manage information security and technology risk, as artificial intelligence expands both defensive tools and threats such as deepfakes. The regime covers electronic know your customer (e-KYC), digital contracts, digital record creation and management, digital identity, governance, data protection and information security. Firms under the authority's supervision must develop dedicated information security policies, upgrade protection systems, conduct regular penetration tests and report the results to the authority, and maintain cyber insurance as a condition for continuing their licence. He also pointed to the authority's regulatory sandbox, which has admitted five projects, and said that by the end of 2025 more than 345,000 e-KYC checks and about 190,000 digital contracts had been completed across non-bank financial activities. The authority said it will continue strengthening cyber security in the non-bank financial sector through a three-pillar strategy of regulation and incentives, supervisory monitoring and readiness assessments, and training and capacity building.