Regulatory Playbook: Egypt¶
| Field | Value |
|---|---|
| Market | Egypt (EG) |
| Regulator | Central Bank of Egypt (CBE) |
| Status | Draft — requires local compliance review |
| Owner | Country Manager EG (TBD) / CDO |
| Created | 2026-04-06 |
| Review | Semi-annually |
| Reference | Cross-Border Compliance Framework |
Purpose¶
This is the operational playbook for Simpaisa's Egypt operations. Egypt is a target market for expansion under Strategic Goal 4 (Market Expansion Through Licensing and Global Network Activation). Egypt represents the largest economy in the MENA region with a population of 110M+ and a rapidly growing digital payments ecosystem driven by CBE's financial inclusion initiatives.
Regulatory Landscape¶
| Dimension | Requirement | Source |
|---|---|---|
| Primary licence | Payment Service Provider (PSP) licence under CBE Law No. 194 of 2020 | CBE Licensing Rules (June 2025) |
| Entity requirement | Egyptian joint stock company exclusively dedicated to payment services | CBE Licensing Rules |
| Capital (Category A PSP) | EGP 30 million minimum paid-up capital | CBE Licensing Rules |
| Capital (Category B PSP) | EGP 10 million minimum paid-up capital | CBE Licensing Rules |
| Financial guarantee | Unconditional bank letter of guarantee = 2% of paid-up capital, irrevocable, auto-renewing | CBE Licensing Rules |
| AML/KYC | Law No. 80 of 2002. EMLCU is the FIU. CDD/EDD per FATF standards. STR filing with EMLCU. | AML Law, PM Decree 3331/2023 |
| Data protection | Personal Data Protection Law No. 151 of 2020. Cross-border transfer requires licence from data protection authority. | PDPL 2020 |
| Data localisation | CBE requires financial transaction data to be processed and stored within Egypt or through CBE-approved arrangements | CBE regulations |
| Transaction reporting | Transaction reporting to CBE. STR filing with EMLCU. | AML Law |
| Audit | Annual external audit. CBE inspection at CBE's discretion. | CBE Licensing Rules |
| Incident reporting | Notify CBE of significant security incidents. Timeline per CBE cybersecurity directives. | CBE regulations |
| Consumer protection | CBE consumer protection framework. Transparent pricing. Dispute resolution. | CBE Law 194/2020 |
| Record retention | Transaction records: minimum 5 years. AML records: minimum 5 years. | AML Law |
| Transition deadline | Existing PSOs/PSPs must regularise and obtain licence by June 2026 | CBE Licensing Rules |
Current Compliance Status¶
| Requirement | Status | Gap | Risk |
|---|---|---|---|
| PSP Licence | Not yet applied | Full gap — no entity in Egypt | HIGH |
| Egyptian joint stock company | Does not exist | Full gap — entity incorporation required | HIGH |
| Capital (EGP 30M Category A) | N/A | Requires capital allocation (~$600K USD at current rates) | MEDIUM |
| Financial guarantee | N/A | 2% of paid-up capital via Egyptian bank | MEDIUM |
| AML/KYC processes | N/A | New market — must establish from scratch using Simpaisa group standards | HIGH |
| Data localisation | N/A | Will need Egypt-hosted infrastructure or CBE-approved arrangement | HIGH |
| Local banking partner | None | Required for on/off-ramp, settlement, and guarantee letter | HIGH |
Operational Processes¶
1. Market Entry Process¶
EGYPT MARKET ENTRY FLOW
─────────────────────────────────────────────────────
Legal Entity Regulatory Banking Technical
──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ Incorp. │──▶│ PSP │──▶│ Banking │──▶│ Platform │
│ Egyptian │ │ Licence │ │ Partner │ │ Extension│
│ JSC │ │ Application │ Agreement│ │ Egypt │
└──────────┘ └──────────┘ └──────────┘ └──────────┘
Owner: Legal Regulatory Commercial CDO
SLA: 8-12 weeks 12-24 weeks 8-12 weeks 4-8 weeks
Total: 6-12 months from decision to live
Phase 1: Entity Establishment (8-12 weeks) - Incorporate Egyptian joint stock company - Register with Commercial Registry - Obtain tax registration - Open corporate bank account - Appoint local directors/officers as required
Phase 2: Licence Application (12-24 weeks) - Prepare CBE PSP licence application - Demonstrate capital adequacy (EGP 30M for Category A) - Submit financial guarantee (2% of capital) - Provide evidence of: financial soundness, qualified staff, managerial expertise, technology readiness - CBE review and assessment - Obtain licence
Phase 3: Banking & Partner Setup (8-12 weeks, parallel with Phase 2) - Establish banking relationship for settlement - Identify local payment partners (Fawry, Vodafone Cash, Orange Money, Etisalat Cash) - Negotiate partner agreements - Technical integration with local payment channels
Phase 4: Platform Extension (4-8 weeks) - Extend Simpaisa platform to Egypt corridor - Configure Egypt-specific: FX rates (EGP), settlement cycles, regulatory reporting - Deploy Egypt-hosted infrastructure if required by CBE - Testing and certification with banking partners
2. Merchant Onboarding (Egypt)¶
MERCHANT ONBOARDING FLOW (EG)
─────────────────────────────────────────────────────
Application CDD/KYC Technical Go-Live
──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ Merchant │──▶│ Identity │──▶│ API Key │──▶│ Live │
│ applies │ │ verified │ │ Sandbox │ │ traffic │
│ │ │ Docs │ │ Testing │ │ │
└──────────┘ │ checked │ │ Webhook │ └──────────┘
└──────────┘ │ config │
└──────────┘
Owner: Commercial (EG) Compliance (EG) Engineering Operations (EG)
SLA: 2 business days 5 business days 3 business days 1 business day
Total: 11 business days target
Required documents for CDD (Egypt): - Commercial Registry extract - Tax card - National ID of authorised signatories and beneficial owners - Bank account verification - Beneficial ownership declaration (>25% shareholders) - Company articles of association
Enhanced Due Diligence triggers: - High-risk merchant category (gambling is restricted in Egypt; crypto per CBE guidance; precious metals) - PEP (Politically Exposed Person) as beneficial owner - Adverse media screening hit - Monthly volume > EGP 5M
3. Transaction Monitoring¶
| Check | Frequency | Threshold | Action |
|---|---|---|---|
| Velocity check | Real-time | > 100 transactions/minute per merchant | Alert + temporary hold |
| Amount anomaly | Real-time | > 3x average daily volume | Alert + manual review |
| New merchant spike | Daily | > 10x first-day average within first 30 days | Manual review |
| Dormant reactivation | On event | No transactions > 90 days, then sudden high volume | Manual review + re-KYC |
| STR screening | Daily batch | Rule-based pattern matching | STR filed with EMLCU within regulatory timeframe |
4. Incident Response (Egypt-Specific)¶
| Requirement | SLA | Owner |
|---|---|---|
| CBE notification for significant security incidents | Per CBE cybersecurity directives (within 24 hours recommended) | Country Manager EG + CDO |
| Data breach notification | Per Personal Data Protection Law No. 151/2020 | Country Manager EG + CDO |
5. Data Localisation¶
Target architecture (per DA-06): - Financial transaction data processed and stored within Egypt or via CBE-approved arrangement - Simpaisa platform extended to Egypt region (AWS me-south-1 Cairo or local DC) - Only aggregated/anonymised data flows to UAE for group reporting - Cross-border personal data transfer requires licence from data protection authority per PDPL 2020
6. Reporting Calendar¶
| Report | Frequency | Due Date | Recipient | Owner |
|---|---|---|---|---|
| Transaction reporting | Per CBE requirements | Per CBE schedule | CBE | Operations EG |
| Suspicious Transaction Reports | As needed | Per EMLCU requirements | EMLCU | Compliance EG |
| Annual compliance report | Annually | Per CBE schedule | CBE | Compliance EG + CDO |
| External audit report | Annually | Per CBE schedule | CBE | Finance + CDO |
| Data protection compliance | Annually | Per PDPL requirements | Data Protection Authority | CDO |
7. Key Contacts¶
| Role | Responsibility | Name |
|---|---|---|
| Country Manager EG | Overall Egypt operations, CBE relationship | TBD |
| Compliance Officer EG | AML/KYC, STR filing, regulatory reporting | TBD |
| Operations Lead EG | Transaction monitoring, merchant support | TBD |
| CDO | Technology, security, data architecture decisions | Daniel O'Reilly |
Payment Channels (Target)¶
| Channel | Provider | Type | Status |
|---|---|---|---|
| Mobile Wallet | Vodafone Cash | Mobile money | Target partner |
| Mobile Wallet | Orange Money | Mobile money | Target partner |
| Mobile Wallet | Etisalat Cash | Mobile money | Target partner |
| E-Payment | Fawry | Bill payment / e-commerce | Target partner |
| Bank Transfer | InstaPay | Instant payment network | Target partner |
| Bank Transfer | ACH Egypt | Interbank clearing | Target partner |
| Card Networks | Visa / Mastercard / Meeza | Card acquiring | Target partner |
Meeza is Egypt's national payment scheme (operated by Egyptian Banks Company). Supporting Meeza is likely a CBE expectation for licensed PSPs.
Remediation Priorities¶
| Priority | Item | Risk | Owner | Target |
|---|---|---|---|---|
| 1 | Decision to enter Egypt market | Strategic | CEO | Q2 2026 (offsite) |
| 2 | Legal entity incorporation | Blocking | Legal + Country Mgr EG | Q3 2026 |
| 3 | CBE PSP licence application | Blocking | Regulatory + Country Mgr EG | Q3-Q4 2026 |
| 4 | Local banking partner | Blocking | Commercial + Country Mgr EG | Q3 2026 |
| 5 | Data localisation infrastructure | HIGH | CDO | Q4 2026 |
| 6 | AML/KYC programme setup | HIGH | Compliance EG | Q4 2026 |
| 7 | Payment channel integrations | MEDIUM | CDO + Partners | Q1 2027 |
Connection to Strategy¶
This playbook directly supports: - SG4 (Market Expansion): Egypt is one of the target markets for geographic expansion - SG5 (Revenue Diversification): Egypt's 110M+ population and growing digital payments market reduces concentration risk on Pakistan - Foundational Support #5 (Standardised global network): Egypt follows the standard market onboarding pattern established by the Pakistan playbook
Template Compliance¶
This playbook follows the same structure as the Pakistan (PK) exemplar playbook. Market-specific differences are captured in the regulatory landscape, payment channels, and capital requirements sections.