Cloud Compliance Center

Egypt

Select a Topic
Quick Links
Start Comparison
Rules for cloud outsourcing
2. Are there any rules that apply to cloud use by financial institutions (e.g., rules regarding outsourcing or the use of cloud services)?

Subject to exceptions, Egyptian law is silent on the storage of data by financial institutions that use cloud service providers. However, entities regulated by the Central Bank of Egypt (CBE) are subject to strict confidentiality requirements whereby all information related to customers, their accounts, their deposits, and their safety deposit boxes held by the CBE-regulated entities must be kept strictly confidential and may only be shared with the consent of the customer. 

Any outsourcing provider to financial institutions, including those providing services in respect of customer data, must be registered with the CBE and will be bound by the same confidentiality requirements as the outsourcing financial institution, or CBE-regulated entity, in question. As part of its due diligence process prior to registration, the CBE may require the outsourcing provider to supply such documentation as it deems necessary. Generally speaking, the CBE does not register companies located outside of Egypt.

The CBE has issued specific rules that must be observed when a bank or CBE-regulated entity outsources services to third party providers. According to the CBE Supervisory Regulations, internal policies adopted by banks on the solicitation and use of external service providers (ESP) for outsourcing must include the following minimum requirements:

  • A written contract between the ESP and the bank.
  • Confidentiality obligations on the ESP for information related to the bank and its clients.
  • Appropriate criteria to ensure the ESP's ability to perform its duties to the required standard according to its contractual obligations.
  • Observance of corporate governance rules on conflicts of interest.

As for entities regulated by the Financial Regulatory Authority (FRA), Decree No. 1005 of 2013 allows for the use of cloud networks through service providers in relation to data shared between stock brokerage companies, the stock exchange and the Misr for Central Clearing, Depository and Registry (MCDR).

There are further requirements in respect of the National Telecom Regulatory Authority for cloud storage outsourcing discussed at Q&A 3.

Quick Links
{{ $store.state.loadingScreen.message }} ...