Egypt’s capital markets landscape shifted decisively when the Financial Regulatory Authority (FRA) issued Decree No. 332 on 24 December 2025, creating the country’s first comprehensive framework for brokerage firms that receive client orders through digital platforms. Published on 3 February 2026 and effective the following day, the decree demands immediate action from capital markets lawyers Egypt-wide, broker-dealers, digital platform managers and compliance officers alike. Simultaneously, evolving EGX prospectus standards and Capital Market Law amendments have tightened IPO disclosure obligations, changing the practical checklist every issuer and its counsel must follow. This guide consolidates the obligations, timelines and implementation steps that market participants need to address now.
The period from late 2025 through early 2026 produced a concentrated burst of regulatory activity affecting virtually every participant in the Egyptian securities market. Understanding which instruments apply, and when, is the essential first step for any compliance programme.
Capital Market Law No. 95 of 1992 remains the primary legislative foundation, supplemented by its Executive Regulations. However, successive FRA decrees, EGX rule updates and MCSD procedural circulars have layered additional requirements on top of that foundation. The most significant of these is FRA Decree No. 332, but it does not operate in isolation.
The FRA had already begun expanding its digital-regulation footprint throughout 2025, issuing guidance on electronic customer identification, remote account opening and data-security standards for non-bank financial institutions. Decree No. 332 builds on that work by creating a dedicated licensing and oversight regime for brokerages that accept orders via third-party digital platforms. At the same time, the EGX updated its listing and disclosure rules, strengthening requirements around prospectus content, ongoing disclosure triggers and the role of sponsors in IPO transactions.
| Date | Instrument | Practical Effect |
|---|---|---|
| 2025 (ongoing) | FRA guidance on electronic KYC and remote account opening | Established baseline digital-identity and data-security standards for non-bank financial institutions |
| 24 December 2025 | FRA Decree No. 332, issued | Created the authorisation framework for brokerages receiving client orders via digital platforms; defined “platform manager” duties |
| 3 February 2026 | FRA Decree No. 332, published in the Official Gazette | Publication date triggered the countdown to enforceability |
| 4 February 2026 | FRA Decree No. 332, effective | All covered brokerages and platform managers must now hold FRA approval before accepting digital orders |
| Q1 2026 | EGX listing-rule and prospectus-content updates | Expanded mandatory prospectus disclosures, tightened sponsor responsibilities and introduced digital-distribution disclosure requirements |
| Ongoing | Capital Market Law No. 95/1992 and Executive Regulations (as amended) | Continued foundation for IPO disclosure obligations, insider-trading prohibitions and issuer governance standards |
FRA Decree No. 332 represents the first time Egypt’s regulator has established a dedicated authorisation and compliance regime for the digital reception of securities-trading orders. Before the decree, brokerage firms that channelled orders through mobile applications or web-based platforms operated within a regulatory grey area, relying on general FRA licensing without platform-specific obligations. The decree eliminates that ambiguity.
At its core, the decree requires any brokerage firm wishing to receive client orders for trading securities through a digital platform to obtain prior FRA approval. It simultaneously regulates the “platform manager”, the entity that develops, operates or maintains the digital infrastructure through which those orders are transmitted. Both the brokerage and the platform manager carry distinct but interlocking compliance obligations.
The decree establishes a two-track approval process. Brokerage firms must apply directly to the FRA, demonstrating that they, or their contracted platform manager, satisfy the decree’s technical, operational and governance requirements. The application must include documentation of the platform’s architecture, data-security protocols, client-disclosure mechanisms and the contractual arrangement between the brokerage and the platform manager.
Industry observers expect that applications will be reviewed on a rolling basis, with the FRA prioritising firms that are already operational. The decree does not specify a fixed timeline for FRA review, but early indications suggest a target processing window of four to eight weeks from submission of a complete application package. Incomplete submissions are likely to be returned without review, so assembling a thorough dossier at the outset is critical.
Key procedural steps include:
The decree mandates a baseline of technical controls that must be embedded in any digital platform used for order reception. These include end-to-end encryption of order data, a tamper-evident audit trail that records every order instruction from receipt through execution, and data-retention policies that ensure records remain available for FRA inspection for a defined period. The platform must also display specific disclosures to clients, including risk warnings, fee structures and the identity of the licensed brokerage, before an order can be submitted.
Brokerage platform regulation under the decree further requires segregation between the platform manager’s operational environment and the brokerage’s execution infrastructure. Client funds and securities positions must at all times be held through authorised custodial arrangements, separate from the platform manager’s own assets.
Translating FRA Decree No. 332 from regulatory text into operational reality requires a disciplined, step-by-step compliance programme. The following playbook is designed for heads of compliance, CTOs and legal counsel at brokerage firms and platform-management entities that need to achieve, and maintain, digital broker compliance.
Governance and licensing. Appoint a dedicated compliance officer responsible for the digital order-reception channel. This individual should sit on or report directly to the firm’s board-level risk committee. Ensure the firm’s FRA licence is current and that the licence category covers brokerage activities involving digital channels. If the platform manager is a separate entity, verify that its corporate status, beneficial ownership and directors have been disclosed to the FRA.
Client onboarding, KYC and suitability. Digital onboarding must satisfy the same know-your-customer standards that apply to in-branch account opening under Egyptian anti-money-laundering legislation. This includes identity verification using government-issued documents, electronic verification where permissible, and a suitability assessment before the client is enabled to trade. All KYC records must be stored digitally with encryption and remain accessible for FRA audit.
Order transmission, encryption and proof of receipt. Every order instruction transmitted through the digital platform must be encrypted in transit and at rest. The system must generate a time-stamped, immutable record confirming when the order was received, the terms of the instruction and the identity of the client. This proof-of-receipt mechanism is central to the FRA’s enforcement capability and must be designed so that neither the brokerage nor the platform manager can alter it retroactively.
Segregation of duties, custody versus execution. The platform manager may not hold client funds or securities positions. Custody must be performed by an entity authorised by the FRA and the Misr for Central Clearing, Depository and Registry (MCSD). Execution remains the brokerage’s responsibility. The contractual arrangement between the brokerage and the platform manager should clearly delineate these boundaries.
Outsourcing and vendor management. Where the platform manager subcontracts any function, hosting, data storage, cybersecurity monitoring, the brokerage remains ultimately responsible to the FRA. Service-level agreements must include FRA audit-access rights, incident-notification obligations and data-localisation requirements where applicable.
Incident response and FRA reporting. Establish a documented incident-response plan covering data breaches, system outages, unauthorised access and order-processing failures. Material incidents must be reported to the FRA within the timeframe specified in the decree and any supplementary guidance. Maintain a log of all incidents, including near-misses, for FRA inspection.
AML/CTF intersections. Digital broker compliance does not operate in a silo. Ensure that the platform’s transaction-monitoring capabilities satisfy the requirements of Egypt’s Anti-Money Laundering Law and the directives of the Money Laundering and Terrorist Financing Combating Unit (EMLCU). Suspicious-transaction reporting obligations apply to digitally received orders in exactly the same way as they do to orders received in person or by telephone.
| Control | Description | Implementation Note |
|---|---|---|
| End-to-end encryption | All order data encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent) | Applies to client-facing interfaces and back-end APIs between platform and brokerage |
| Tamper-evident audit trail | Immutable, time-stamped log of every order instruction, modification and cancellation | Use append-only data stores or blockchain-anchored hashing for integrity verification |
| Data retention | Records retained and accessible for FRA inspection for a minimum period aligned with Capital Market Law requirements | Align retention schedule with both FRA decree and AML record-keeping obligations |
| Access controls | Role-based access with multi-factor authentication for administrative functions | Restrict privileged access to named individuals; log all access events |
| Business continuity | Redundant infrastructure and disaster-recovery plan ensuring order-reception availability | Test failover procedures at least annually; document results for FRA review |
Before a client can submit an order through the digital platform, the interface must display, prominently and in Arabic, the following information:
The 2026 reforms do not only affect broker-dealers and digital platforms. Issuers preparing for an initial public offering face a revised set of IPO disclosure Egypt obligations that reflect both Capital Market Law 2026 amendments and updated EGX listing rules. Capital markets lawyers Egypt-based practitioners advise should begin the IPO-readiness process earlier than in previous years, given the expanded documentation and review requirements.
Under Capital Market Law No. 95/1992 and its Executive Regulations (as amended), a public offering of securities requires FRA approval and compliance with prospectus content standards. The 2025–2026 updates have expanded several categories of mandatory disclosure, including governance structures, related-party transactions, environmental and social-risk factors, and, critically, any arrangements involving digital distribution of the offering through platforms regulated under Decree No. 332.
The EGX’s updated listing rules reinforce these requirements by requiring the sponsor (typically an investment bank or financial adviser licensed by the FRA) to certify that the prospectus complies with all applicable laws and rules. Sponsors face heightened scrutiny and potential liability for material omissions.
| Prospectus Item | Why Required | Where to File / Attach |
|---|---|---|
| Issuer corporate history, capital structure and ownership | Foundational disclosure under Capital Market Law Executive Regulations | Main prospectus body; attach constitutional documents and share capital records |
| Audited financial statements (3 years) | Required by FRA and EGX listing rules for investor assessment | Annex to prospectus; file separately with EGX and MCSD |
| Risk factors, market, operational, regulatory, ESG | Expanded under 2026 EGX rules to include environmental and social risk disclosures | Dedicated risk-factor section in the prospectus |
| Related-party transactions and conflicts of interest | Enhanced disclosure required under Capital Market Law amendments | Prospectus body; supporting schedule of all related-party contracts |
| Use-of-proceeds statement | Mandatory under EGX listing rules; subject to ongoing compliance monitoring | Prospectus body; updated post-IPO in periodic filings |
| Digital distribution arrangements | If the offering will be distributed via a digital platform regulated under Decree No. 332, full disclosure of the platform, its manager and the brokerage is required | Prospectus body and any supplementary offering circular |
| Sponsor certification and responsibility statement | EGX requirement; sponsor confirms compliance and accepts liability for material omissions | Signed certification filed with FRA and EGX |
The practical timeline for an EGX IPO under the 2026 rules generally follows this sequence, though exact durations depend on FRA review capacity and the completeness of submissions:
Egypt’s capital markets have remained broadly open to foreign investor participation, but the 2026 regulatory framework introduces procedural steps that issuers and their counsel must account for during IPO planning and ongoing compliance. Understanding these practicalities is critical for any Egypt capital markets IPO targeting international allocations.
Foreign investors must register with the MCSD and obtain a unique investor code before they can participate in any EGX-listed offering or secondary-market trading. The registration process requires submission of identity documentation, appointment of a local custodian authorised by the FRA and MCSD, and compliance with Central Bank of Egypt (CBE) foreign-exchange regulations governing the repatriation of investment proceeds.
Repatriation of capital and dividends is permitted under Egypt’s foreign-exchange regime, subject to compliance with CBE documentation requirements. In practice, the local custodian handles the conversion and transfer process, but issuers should ensure their prospectus clearly discloses any FX risks, withholding-tax obligations and repatriation procedures relevant to foreign subscribers.
The FRA’s enforcement powers under Decree No. 332 and the broader Capital Market Law framework are substantial. The authority may suspend or revoke a brokerage’s licence, impose financial penalties, bar individuals from serving as directors or officers of regulated entities, and refer matters for criminal prosecution where warranted.
Industry observers expect the FRA’s initial enforcement focus to concentrate on three areas: brokerages operating digital order-reception channels without having obtained FRA approval; platforms that fail to display the required client disclosures; and entities with inadequate or manipulable audit trails. Early indications suggest the FRA is building supervisory capacity specifically to conduct remote inspections of platform infrastructure, meaning that technical compliance is not merely a paper exercise.
Common pitfalls that market participants should guard against include:
| Entity Type | Key Regulatory Obligations (FRA / EGX) | Practical Next Steps |
|---|---|---|
| Licensed brokerage | Obtain FRA approval for digital order reception; maintain encrypted audit trail; ensure client-disclosure compliance; file periodic reports with FRA; comply with AML/CTF requirements | Conduct gap analysis against Decree 332; prepare and submit FRA application; update compliance manual and train front-office staff |
| Digital platform manager | Satisfy FRA technical and security standards; segregate platform operations from custody/execution; maintain data-retention and incident-response protocols; allow FRA audit access | Document platform architecture and security controls; execute or amend service-level agreement with brokerage; establish incident-response procedures |
| Issuer preparing IPO | File FRA-approved prospectus meeting expanded disclosure requirements; register with EGX and MCSD; disclose digital-distribution arrangements; comply with ongoing reporting post-listing | Engage sponsor and capital markets counsel early; complete corporate housekeeping; draft prospectus with updated risk-factor and related-party sections |
| Custodian / MCSD participant | Maintain segregated client accounts; process foreign-investor registrations; comply with MCSD settlement rules; support FRA inspections of custodial records | Review custodial agreements for decree-alignment; ensure MCSD registration procedures can accommodate digital-channel investors; update operational manuals |
The following eight-step action plan provides a structured path from current state to full compliance with Decree No. 332 and the updated IPO disclosure framework:
This article was produced by Global Law Experts. For specialist advice on this topic, contact Omneya Anas at Shalakany, a member of the Global Law Experts network.
posted 4 minutes ago
posted 25 minutes ago
posted 28 minutes ago
posted 49 minutes ago
posted 1 hour ago
posted 1 hour ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
posted 2 hours ago
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message