New regulations requiring insurance companies to link databases with the Financial Regulatory Authority in Egypt
-
Legal Development 12 April 2023 12 April 2023
-
Africa, Middle East
-
Data Protection & Privacy
On 10 March 2023, the Financial Regulatory Authority (FRA) issued a decree (Decree) requiring insurance companies in Egypt to update their technology infrastructure, and to link their databases with the FRA’s database, in accordance with relevant requirements, within a six month period from the date of the issuance of the Decree.
Scope of the data
The Decree is intended to facilitate the FRA’s desire to establish an industry-wide online platform which includes sensitive data, and to link such data with the FRA’s database in real time.
The FRA has specified that the data required from insurance companies, to be made available through the online platform, will include:
- persons and entities rejected for insurance, including the reasons for rejection;
- borrowers who have defaulted on their loans under credit insurance;
- the insurance policies issuance register, including data with respect to issuance, amendments or cancellations, settlements, and collections of premiums;
- the risks covered, and the reimbursement or indemnity paid by insurance companies against losses, and their settlement under the insurance policies;
- the register of reserved funds (that is, the register outlining the funding set aside by insurance companies);
- the register of the reinsurance agreements and recaptures;
- the debt and credit balance of reinsurers;
- the premises and branches of the insurance companies; and
- any other data, as requested by the FRA.
Confidentiality and sensitive data protection
The Decree emphasises the importance of maintaining confidentiality of insurance holders and their relevant data. The Decree requires that all data must only be shared with the FRA and that the FRA will be the entity accountable for establishing the necessary controls to ensure the proper management of sensitive information once shared.
It remains to be seen how the Decree will interplay with the Data Protection Law recently implemented in Egypt.
Grace period
In accordance with the Decree, insurance companies have been granted a grace period of six months to comply with the requirements above, which may be extended by an additional six months. The extension is subject to submission of justifications that are deemed acceptable by the FRA.
If you would like further information, or advice on the Decree’s requirements, please contact us.
End