Fintech Regulation in the Middle East and North Africa

Alexander Apostolides (CCAF), Sarah Ombija (CCAF), Zain Umer (CCAF), Pedro Schilling de Carvalho (CCAF), Philip Rowan (CCAF), Diego M Serralde (CCAF), Herman Smit (CCAF), Bryan Zhang (CCAF), Valeria Gallo (Independent), Gabrielle Inzirillo (Independent) and Ian P. Moloney (Independent).

Download the report

This is the second in a series of three studies reviewing regional fintech landscapes, following an already published Sub-Saharan Africa report and a soon-to-be published report for the Asia-Pacific region. It reviews how MENA jurisdictions have responded to the opportunities and challenges associated with fintech and wider Digital Financial Services (DFS) through regulatory efforts and processes, as well as regulatory innovation initiatives. By comparing experiences across jurisdictions within MENA and across regions, this study seeks to shed light on the dynamic and evolving landscape of fintech regulation and provide evidence and insights to inform policymaking and industry development.

Highlights from the report

Observed impact

  • The COVID-19 pandemic has accelerated the perception of MENA regulators of the importance of fintech. Regulators highlighted the supportive role of fintech in achieving their objectives. For example, most surveyed regulators perceived fintech to be supportive in market development (85%), promoting financial inclusion (77%), promoting competition (69%) and in promoting the broader adoption of digital financial services (62%). It is notable that regulators from MENA viewed fintech to be more supportive to their objectives than the global average, and the difference is particularly striking in terms of market development (85% in MENA relative to 61% globally) and in promoting competition (62% in MENA relative to 47% globally).
  • As a response to the challenges relating to the COVID-19 pandemic, 46% of regulators surveyed in MENA have introduced new measures relating to KYC, AML and digital identity. In addition, regulators have launched measures and initiatives to support economic relief (46%), business continuity (38%) and cybersecurity (23%).
  • 75% of MENA regulators who responded to the COVID-19 survey perceived an increase in cybersecurity risk related to fintech during the pandemic. This was in addition to a perceived increase in operational risks (67%), fraud and scams (33%) and consumer protection risks (25%). The concerns of MENA regulators regarding cybersecurity and operational risks are generally shared by regulators around the globe, although it is notable that there is an enhanced perception of the increasing risks of fraud in the region when compared to the global average (33% in MENA compared with 18% globally).

Regulatory frameworks

Fintech specific

  • 92% of sampled jurisdictions in MENA have established regulatory frameworks for payments, with 8% of these frameworks specific to digital payments. Relative to other fintech verticals, in the MENA region the payments subsector dominates in terms of the level of business and start-up activity.
  • 92% of the sampled jurisdictions in MENA have established a regulatory framework for e-money. In 8% of sampled jurisdictions, they do not regulate e-money, while 50% regulate emoney through a general payments framework, and 42% have created a specific e-money framework. Agents acting on behalf of financial service providers play a pivotal role in broadening the use of e-money and are permitted in the regulatory frameworks of 90% of the sampled MENA jurisdictions.
  • 80% of the sampled MENA jurisdictions have a regulatory framework for international remittances in place, with a further 10% having one under development and only 10% treating it as unregulated or self-regulated. Of those jurisdictions with a regulatory framework, 70% include international remittances within a general payments framework, with the other 10% regulating through other frameworks.
  • 67% of sampled jurisdictions in MENA have a bespoke framework that regulates P2P lending and a further 17% of jurisdictions are planning to introduce a framework. 17% of jurisdictions have prohibited P2P lending, while 17% treat it as unregulated or self-regulated.The MENA regions’ use of bespoke regulatory frameworks to regulate P2P lending mirrors APAC, where half of the jurisdictions reviewed also took this approach. Two jurisdictions, Morocco and Turkey, have prohibited P2P lending activities.
  • 69% of the sampled MENA jurisdictions have a bespoke equity crowdfunding framework, with a further 8% planning to introduce a framework. 8% of sampled jurisdictions have prohibited this activity, and 15% treat it as unregulated or self-regulated. The prevalence of bespoke regulatory frameworks in the MENA region is similar to APAC where 50% of the jurisdictions reviewed established bespoke regulatory frameworks, in contrast with the SSA region, where only 17% of the jurisdictions reviewed used bespoke regulatory frameworks to oversee ECF.

Cross sectoral

  • 92% of sampled jurisdictions in MENA have a general regulatory framework for cybersecurity in place while a further 8% have a roadmap or strategy for cybersecurity. It is also notable that 54% of the sampled jurisdictions have introduced additional measures on cybersecurity since the start of the COVID-19 pandemic, mainly focusing on raising awareness of ongoing cybersecurity threats among market participants. In addition, in 54% of sampled jurisdictions at least one financial regulator has implemented a financial services sector specific cybersecurity framework.
  • 69% of the sampled MENA jurisdictions have a broad framework for data protection in place, with 23% planning to adopt one and 8% having no framework. In addition, in 85% of sampled jurisdictions, at least one financial regulator has implemented a financial services specific data protection framework. Concerns regarding fraud and cyber risk have led to increased activity by regulators to ensure financial sector data protection and cybersecurity frameworks are in place.
  • 23% of the sampled jurisdictions in the MENA sample have regulatory frameworks in place for open banking, with a further 54% planning to introduce a framework. While this could be a positive development, the modest amount of regulatory activity could be explained by the number of low and middle level income countries with fewer resources and capabilities on open banking in the region. According to the World Bank Income Group classification, all sampled jurisdictions graded ‘high income’ and ‘upper middle income’ either have an existing or planned open banking initiative, while none of the ‘lower middle income’ jurisdictions currently have one.
  • 92% of sampled jurisdictions have financial consumer protection frameworks in place. Jurisdictions have implemented these frameworks in a variety of ways: some, such as Morocco have general consumer protection laws with a set of explicit provisions regarding financial services. Others, such as Bahrain, have specific consumer protection provisions within their financial sector legal framework, alongside a more general consumer protection law.
  • Financial consumer protection is an area of concern that has been elevated by the COVID-19 pandemic, with 64% of surveyed jurisdictions introducing additional measures since the onset. Such measures focused on enacting additional legislation to minimise the emerging risks to consumer data arising from increased e-commerce activities.
  • In terms of Anti-Money Laundering (AML) and Combatting the Financing of Terrorism (CFT), all sampled jurisdictions have a framework. There is a tendency in MENA to have the central bank (46%) as the main regulator of AML/CFT issues, while 38% of jurisdictions have multiple authorities with a mandate for AML/CTF.
  • e-KYC frameworks exist in 67% of the sampled jurisdictions. 42% of these are e-KYC specific frameworks and 25% are general KYC frameworks that enable e-KYC. A further 8% of jurisdictions are planning to introduce a framework, while 17% of jurisdictions expressly forbid e-KYC. Market firms in MENA noted an urgent need for regulatory support for e-KYC (33%) and remote onboarding (40%), highlighting them as a key demand of market participants to regulators.

Regulatory innovation initiatives

  • A review of all MENA jurisdictions for regulatory innovation initiatives reveals a significant increase in activity over the last two years. This study identified 12 innovation offices across the region (with a further one planned), up from five in 2019. There are also 11 regulatory sandboxes in place (with a further five planned), up from four in 2019.
  • These initiatives may help to facilitate increased engagement between regulators and fintech firms, while helping to create an environment that is more conducive to the growth of the fintech sector. They may also be useful in streamlining authorisation processes and reducing the time it takes for firms to get to market. This is reflected in the high demand by the private sector for regulatory innovation initiatives, with 59% of fintech firms surveyed in MENA suggesting they “urgently need” exemptions to operate new financial services or products, and 54% demanding a faster turnaround for the authorisation and licensing of new activities.

Hurdles faced

  • MENA regulators reported several hurdles in the establishment of regulatory frameworks and innovation initiatives. The obstacles in forming regulatory frameworks include limited technical skills, as (reported by 75% of surveyed regulators), the need to coordinate activities of multiple regulators (50%), limited funding/resources for the regulator (50%), and the small size of the industry making it harder to justify a supervision regime (50%).
  • Regulators have cited several factors related to the pandemic which are affecting their ability to effectively develop their responses to fintech, with 62% of surveyed regulators identifying challenges in performing core functions while working remotely(e.g. carrying out on-site visits) and 31% highlighting an increased demand on resources. It is notable that 69% of regulators responded that coordination with other agencies has also been an issue.
  • It is also notable that surveyed MENA regulators perceived that they had a similar level of preparedness for the COVID-19 pandemic relative to our global sample (55% relative to 54% globally). While in a separate question, 55% those surveyed stated there was a low adequacy of resources to respond to the COVID-19 pandemic, slightly below the assessment of regulators globally at 59%).