Egypt’s Financial Regulatory Authority has launched the country’s first official register for technology-based risk assessment firms operating in non-banking financial activities, tightening oversight of a fast-growing segment that underpins digital lending, insurance and capital markets. The move bars non-banking financial companies and related entities from dealing with unregistered providers, a step regulators say is designed to strengthen consumer protection, data governance and market integrity as algorithmic tools become central to credit and risk decisions.The authority said the register will apply to companies offering automated or technology-enabled risk evaluation services across non-banking finance, including consumer finance, microfinance, leasing, factoring and insurance distribution. Firms must meet governance, cybersecurity, transparency and auditability standards before they can operate. Transactions or outsourcing arrangements with unregistered providers will be prohibited, with supervisory action available where breaches are identified.
The initiative places Egypt alongside jurisdictions that have moved to supervise fintech infrastructure rather than only end-user financial institutions. Digital risk assessment has expanded rapidly as lenders rely on alternative data, machine learning models and automated scoring to reach underbanked customers and speed up approvals. Regulators have grown more cautious about opacity, bias, data misuse and systemic dependencies created by third-party technology vendors.
Officials at the Financial Regulatory Authority said the register is intended to create a clear line of accountability for firms whose models influence pricing, eligibility and portfolio risk across non-banking finance. Registration will require disclosure of ownership, governance structures, model validation processes, data sources, cybersecurity controls and business continuity plans. Providers will also be expected to submit to periodic reviews and notify the regulator of material changes to algorithms or datasets.
The decision reflects a broader policy effort to modernise Egypt’s non-banking financial framework as digital channels expand. Consumer finance and microfinance have seen strong uptake of app-based onboarding and instant credit decisions, while insurers increasingly deploy automated underwriting and fraud detection. Market participants say the absence of a formal registry had created uncertainty about due diligence standards when institutions outsourced critical risk functions.
By making registration a prerequisite for doing business, the regulator aims to curb practices that could expose consumers to unfair outcomes or institutions to hidden risks. Concerns have included discriminatory model outputs, weak explainability of automated decisions, and vulnerabilities in data handling. Supervisory clarity is also expected to improve investor confidence in fintech partnerships and securitised portfolios that rely on algorithmic scoring.
Industry reaction has been broadly supportive, though some providers caution about compliance costs and timelines. Larger fintech firms with established governance frameworks are expected to adapt more easily, while smaller start-ups may need support to meet documentation and audit requirements. The authority has indicated that transitional arrangements will be communicated to allow existing providers to apply for registration without disrupting ongoing contracts.
The register dovetails with Egypt’s wider digital finance agenda, which seeks to balance innovation with safeguards. Authorities have previously signalled a preference for activity-based regulation that focuses on functions posing systemic or consumer risks, regardless of whether they are performed by banks, non-bank lenders or technology vendors. Aligning risk assessment oversight with this approach is seen as a logical extension.
Experts note that the prohibition on dealing with unregistered providers shifts responsibility squarely onto non-banking financial companies to vet their partners. Institutions will need to review contracts, ensure models used in decision-making are registered, and maintain oversight of outsourced analytics. Failure to do so could invite sanctions or remediation orders, adding an incentive for prompt compliance.
The move may also influence market structure. Standardised expectations could encourage consolidation among risk assessment providers, favouring firms able to invest in governance, model validation and cybersecurity. At the same time, clearer rules may attract new entrants confident that regulatory expectations are defined, potentially spurring innovation in explainable AI and privacy-preserving analytics.
Topics
Live News