The Financial Control Authority issues 3 executive decisions to start the digital transformation process
The Board of Directors of the Financial Regulatory Authority issued a package of executive decisions to activate Law No. 5 of 2022 regarding the regulation and development of the use of financial technology in non-banking financial activities, which are decisions “139, 140 and 141”, which would pave the way for the start of a new era for the non-banking sector using Technology, to achieve financial inclusion.
It is expected that these decisions, with their activation, will contribute to accelerating the pace of the digital transformation process necessary to complete non-banking financial transactions electronically, which supports and is consistent with the Authority’s vision to achieve financing, investment and insurance inclusion.
Licensing of new companies
These decisions include facilitating the establishment and licensing of new companies that engage in non-banking financial activities using financial technology, and opening the way for companies and entities that have licenses from the Authority to practice any of the non-banking financial activities under the umbrella of other laws, in order to obtain the approval of the Authority to carry out these activities using some areas of technology. Finance itself, or through an outsourcing entity under the umbrella of Law No. 5 of 2022.
It also facilitates the process of issuing digital identity, digital records, digital contracts and digital accounts to complete non-banking financial transactions electronically, and establishing an outsourcing registry to register outsourcing service providers in the areas of financial technology to practice non-banking financial activities.
The parties addressed by the three decisions
• The entities addressed by the three decisions included companies wishing to obtain a new license to provide a non-banking financial service using technology.
• Companies and entities that engage in any non-banking financial activities, and wish to obtain the approval of the Authority to conduct these activities using some areas of financial technology by themselves, or through an outsourcing entity.
• Companies wishing to provide financial technology outsourcing services for non-banking financial activities.
New decisions issued by the Board of Directors of the Financial Regulatory Authority
The new decisions issued by the Board of Directors of the Financial Regulatory Authority to start completing the process of digital transformation required for transactions in the non-banking financial system include the following:
• First Decision No. 139
The decision specifies the requirements that must be met by companies wishing to obtain a license or approval to engage in non-banking financial activities using technology, including:
1- Technological equipment and infrastructure, including the equipment needed to access the basic facilities, and the infrastructure of devices and systems necessary for information centers (basic and alternative), which includes networking and data transmission devices, computers and storage devices.
2- Information systems are systems consisting of applications and databases that are developed to perform specific tasks in support of the targeted operations and work cycles.
3- Means of protection and insurance, which are the mechanisms and methodologies used to provide the following:
A- The ability to prevent the occurrence of technological risks (Technology Risk Prevention)
B- Endurance and flexibility to recover and restore capabilities, functions and data after the occurrence of risks (After-Risk Recovery & Resiliency). The decision also specified the governance frameworks necessary to manage information technology services and manage their risks and security.
• Second Resolution No. 140
The resolution defines the digital identity, digital contracts, digital record, digital platform, digital transaction, as well as electronic signature, electronic recognition and contracting with the customer, as well as areas of using financial technology to conduct non-banking financial activities, and compliance requirements.
The digital identity is set through three sub-processes, which are identification, verification, and authentication, while the digital identity is created or renewed by completing the identification, verification, and authentication processes of the physical identity. That the sub-processes necessary to set the digital identity depend on more than one qualitative group of identification, verification and authentication factors. The qualitative groups are divided into three groups, namely:
A- The knowledge factor group: including the username, password, and answers to personal questions.
B- Possession factor group: identity document, e-mail box, mobile phone number, device number used or SIM number associated with the mobile phone number, cashless payment account, and approved electronic signature.
C- Presence and vitality factor group: biometric characteristics of the face print, voice print, fingerprint, palm geometry, eye print, reaction vitality, geographical location determinants, cyber location determinants, and transaction time determinants.
Digital contract controls
The service provider is obligated to verify the identity of the customer and his satisfaction, and he is also obligated to save the contract electronically, in accordance with the following requirements:
A- Verifying the identity of the customer.
b- Verifying the customer's satisfaction by confirming his knowledge of the terms of the contract and his approval thereof
C- Electronic memorization of the contract.
Digital record
Each digital platform shall have a digital record, divided as follows:
1- The digital record of digital identity operations, which includes transactions for creating, modifying, updating, renewing, and canceling a digital identity.
2- The digital record of customer identification operations, including transactions for creating, modifying, updating, renewing, and canceling a digital customer account.
3- The digital record of electronic contracting operations, which includes transactions for establishing, modifying, updating, renewing, and canceling a digital non-banking financial product account.
4- The digital record of transactions related to the non-banking financial product, which includes the transactions of creating, modifying, updating, renewing and canceling a transaction on the account of a digital non-banking financial product, and it is related to its nature.
Areas of using financial technology to carry out non-banking activities
The Authority identifies the basic areas necessary for the use of financial technology in conducting non-banking financial activities, to which the parties addressed are committed to the provisions of this decision, including:
A- The field of electronic identification, verification and authentication.
B- The field of electronic customer identification operations.
C- The field of electronically concluding contracts on non-bank financial products.
D- The field of electronic recording, preservation and retrieval of digital records.