LogoRegulatory Alerts
2026-01-09 | 13791

Electronic Banking and Financial Operations

The Central Bank of Lebanon issued Circular No. 750 (Decision No. 13791) to amend Decision No. 7548, establishing a comprehensive regulatory framework for electronic banking and financial operations. The circular mandates prior approval or notification for services such as KYC-E, Money-E, electronic payments, lending, trading, and virtual card issuance, while imposing strict data hosting, protection, and consumer safeguarding requirements. It further prohibits banks and financial institutions from issuing or dealing in virtual assets without central bank authorization, sets compliance and security standards for electronic signatures and customer onboarding, and defines administrative and criminal penalties for violations.

Banque du Liban logo

Lebanon

Banque du Liban

Click to view thumbnail

Central Bank of Lebanon Circular No. 750

For Banks and Financial Institutions

We hereby enclose a copy of Decision No. 13791 dated January 9, 2026, concerning the amendment of Decision No. 7548 dated March 30, 2000 (Electronic Banking and Financial Operations), attached to Circular No. 69.

Beirut, January 9, 2026 Governor of the Central Bank of Lebanon Karim Saeed

Decision No. 13791

Amendment of Decision No. 7548 dated March 30, 2000 Concerning Electronic Banking and Financial Operations

The Governor of the Central Bank of Lebanon, Pursuant to Articles 70 and 174 of the Monetary and Exchange Law, Pursuant to Law No. 133 dated October 26, 1999, concerning the duties of the Central Bank, Pursuant to Decision No. 7548 dated March 30, 2000, and its amendments concerning electronic banking and financial operations, Pursuant to the decision of the Central Bank Board taken during its session held on January 7, 2026,

Has approved the following:

Article 1

Articles (1) to (25) of Decision No. 7548 dated March 30, 2000 are hereby repealed, along with all its appendices, and replaced by the following:

Article 1: Definitions For the purpose of applying the provisions of this Decision, the following terms are understood to have the meanings set forth below:

    1. Electronic Means: Any tool, system, or technical method used to execute electronic banking and financial operations.
    1. Electronic Banking and Financial Operations (and Services): Banking and financial operations executed, wholly or partially, via electronic means, including the following: • Electronic Payments (Digital payments/P2P, P2M, P2Gov, …) • Local and/or Cross-Border Money Transfer Service: Sending or receiving funds domestically via a local network or internationally through contracts with foreign companies. • "Know Your Customer Electronically" (KYC-E): The definition referenced in Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services). • Electronic Lending: Loans and advances granted via electronic means. • Electronic Trading: Sale and purchase of financial instruments (shares, bonds, investment funds..., etc.) via electronic means. • Issuing Virtual Cards: Issuance, management, and use of electronic banking cards via electronic means. • Electronic Payment Gateway: The definition referenced in Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services). • "Electronic Money" Service (Money-E): A service provided exclusively by financial institutions, for which the definition referenced in Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services) is adopted.
    1. Virtual Assets: The definition referenced in Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services) is adopted.

Article 2: Prior Notification and/or Approval of the Central Bank

First: Banks and financial institutions registered with the Central Bank may conduct "Electronic Banking and Financial Operations" subject to:

    1. Obtaining prior approval from the Central Bank for providing: a. "Know Your Customer Electronically" (KYC-E) service, as specified in Article (4) below, for banks and financial institutions. b. "Electronic Money" (Money-E) service, as specified in Article (3) below, for financial institutions only.
    1. Prior notification to the Central Bank via written letter of their intention to conduct any operations under this Decision, except as mentioned in item (1) of the "First" section above, at least 90 days before commencing the operation or prior promotion thereof, or any subsequent amendment to the previously authorized operation.
    1. Including in the letter a description of the services to be provided, associated risks, and applicable technical procedures.

Second: Banks and financial institutions wishing to provide local and/or cross-border electronic money transfer services must comply, in addition to items (2) and (3) of the "First" section of this Article, with the conditions specified for Categories B and C in Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services).

Third: The Central Bank and the Banking Control Commission reserve the right to request additional information or impose special conditions on these operations.

Article 3: "Electronic Money" Service (Money-E)

Financial institutions registered with the Central Bank, excluding banks, may provide the "Electronic Money" (Money-E) service subject to obtaining prior authorization from the Central Bank and complying with the conditions specified for Category A in Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services).

Article 4: "Know Your Customer Electronically" (KYC-E) Service

First: Banks and financial institutions may onboard new customers (natural persons) by adopting the "Know Your Customer Electronically" (KYC-E) model to open accounts not exceeding 10,000 USD and/or conduct banking and financial operations, as applicable, subject to obtaining prior approval from the Central Bank and providing documentation related to the electronic technologies, mechanisms, and software to be used for this purpose. The approval request must confirm that the concerned banks and financial institutions:

    1. Comply with applicable laws and regulations, particularly those related to compliance and combating money laundering and terrorist financing, specifically: a. Verifying and confirming customer identity through: Enhanced Due Procedures (EDD); adoption of Digital ID Systems (including Identity proofing and enrolment, and identity and Authentication lifecycle management as specified in FATF Guidance on Digital ID). b. Ongoing Monitoring of electronic transactions continuously according to adopted standards, including those specified in Decision No. 7818 dated May 18, 2001, concerning the system for monitoring banking and financial operations to combat money laundering and terrorist financing, attached hereto. c. Adopting a mechanism to classify all customers based on their risk categories (high, medium, low) and risks arising from transaction ceilings.
    1. The "Know Your Customer Electronically" (KYC-E) model includes, at minimum, the information set forth in Appendix No. (2) attached hereto.
    1. Confirming the availability of electronic signature conditions stipulated in this Decision.
    1. Adopting appropriate security and compliance procedures ensuring the highest legal and technical protection levels, considering customer risks and available transaction ceilings.
    1. Notifying the customer of executed operation details immediately upon execution via an App Notification and/or email and/or SMS to their mobile phone.
    1. Electronically notifying the customer, when necessary, with a detailed monthly statement of executed operations.

Second: The Central Bank may exceptionally approve banks for a ceiling higher than 10,000 USD specified above, upon a justified request submitted by the concerned bank to the Central Bank.

Third: The "Know Your Customer Electronically" (KYC-E) model may be adopted for renewing and/or amending the standard "Know Your Customer" (KYC) model.

Article 5: Electronic Signature

Banks and financial institutions may adopt electronic signatures subject to the following combined conditions:

    1. Obtaining customer consent regarding potential risks when using electronic signatures.
    1. Taking appropriate measures to ensure the highest security levels, under the full responsibility of the concerned parties.
    1. The electronic signature being uniquely linked to the signatory and organized/preserved in a manner ensuring its validity and integrity of customer personal data.
    1. Being capable of identifying the person who issued the electronic signature.
    1. Using known electronic signature creation data systems to generate the electronic signature, enabling the signatory to use it with a high level of confidence under their sole control.
    1. Being linked to the signed data in such a way that any subsequent change in the data is detectable.
    1. Using One-Time Password (OTP) as an electronic customer signature.

Article 6: Customer Dealing Conditions

Banks and financial institutions conducting "electronic banking and financial operations" must:

    1. Not deal with any customer under eighteen years of age or lacking full contractual capacity except through their legal guardian.
    1. Cooperate to facilitate regulatory examinations, including technical audits conducted by the Central Bank or the Banking Control Commission.
    1. Notify all non-bank financial institution managers registered with the Central Bank and the Banking Control Commission of any amendments to their operating systems and technical rules followed in executing electronic operations under this Decision.
    1. Request their internal audit officers to prepare annual reports on their electronic operations and related technical and regulatory status, and submit a copy to all non-bank financial institution managers registered with the Central Bank and the Banking Control Commission by April 30 of each year.
    1. Adhere to principles of integrity and transparency, taking necessary measures to ensure the security of electronic operations.
    1. Comply with the operating system and technical rules referenced in Appendix No. (1) attached hereto.
    1. Display on their website and electronic application the authorization number issued by the Central Bank.

Article 7: Data Hosting

Banks and financial institutions conducting "electronic banking and financial operations" must host (store locally) customer data and executed operation data in Lebanon.

Article 8: Data Protection

Banks and financial institutions conducting "electronic banking and financial operations" must apply personal data protection procedures, specifically:

    1. Taking measures ensuring the highest security levels for protecting personal data of customers, their processing methods, storage, and lawful usage as controllers.
    1. Restricting the right to access personal data to the minimum necessary for business operations (know-to-need basis).
    1. Refraining from sharing personal data with any third party or authority, except the Central Bank, Banking Control Commission, Special Investigation Authority, and judicial/legal authorities.
    1. When contracting with any third party to process these data or perform operations leading to their processing: a. Notifying the customer that personal data processing will be performed by a third party, and obtaining the customer's explicit, written, and purpose-limited consent for processing their personal data. b. Including in the contract: • That customer personal data processing by the third party is limited to the stated purpose and cannot be subsequently processed in a manner inconsistent with declared purposes as per the contract, conducted faithfully according to legitimate and necessary objectives. • Binding the third party to adopt the highest security standards to ensure data integrity, storage, security, and prevent distortion, damage, or unauthorized access. • That the bank/financial institution remains responsible to the customer for protecting personal data and ensuring lawful usage by the third party, as well as for any misuse by the latter.

Article 9: Consumer Protection

Banks and financial institutions conducting "electronic banking and financial operations" must prepare a detailed policy on consumer protection procedures, including at least:

    1. Measures taken to protect information privacy.
    1. Types of fees and commissions to be applied to provided services.
    1. Dispute resolution mechanism with customers and the role of the authority responsible for receiving customer reviews.

Article 10: Prohibition on Virtual Assets

Banks and financial institutions are prohibited from issuing, dealing with, or facilitating the dealing of virtual assets in any form, except as issued by the Central Bank for this purpose.

Article 11: Transitional Provisions

First: Financial institutions that previously obtained Central Bank approval to provide services becoming subject to Decision No. 13790 dated January 9, 2026 (concerning providers of electronic payment services) must regularize their status and take necessary measures to comply with the provisions of the aforementioned Decision within 6 months from its date. Second: Banks and financial institutions are granted a 6-month period to comply with the provisions of Article (7) of this Decision. Third: The requirement for financial institutions to submit prior approval requests from the Central Bank to provide the "Electronic Money" (Money-E) service mentioned in this Decision is suspended until further notice.

Article 12: Role of the Banking Control Commission

The Banking Control Commission is responsible for monitoring the proper implementation of this Decision's provisions and issuing implementing texts as needed.

Article 13: Violation of Decision Provisions

Any violation of this Decision's provisions subjects the violating institution to administrative penalties stipulated in Article 208 of the Monetary and Exchange Law. Additionally, violation constitutes a criminal offense under Article 770 of the Penal Code, and the Central Bank shall pursue any violating institution before the competent judicial authority.

Article 14

This Decision takes effect upon its issuance.

Article 15

This Decision shall be published in the Official Gazette.

Second Article: This Decision takes effect upon its issuance. Third Article: This Decision shall be published in the Official Gazette.

Beirut, January 9, 2026 Governor of the Central Bank of Lebanon Karim Saeed

Appendix No. 1

Documents Related to Operating Systems and Technical Rules

  1. Customer onboarding mechanisms, including multifactor authentication procedure, and operational verification mechanism (OTP, Face ID or other secure dynamic code).
  2. Distribution of authorities to the information system (List Control Access).
  3. Inventory of all devices, operating systems, applications, database systems, network systems, and adopted protection/security systems.
  4. Graphical diagram of the technical design for the adopted communication network (Network & Infrastructure Topology).
  5. Specification of primary and backup internet lines adopted to ensure service continuity.
  6. Information logging mechanism (System Logs) via an adopted SIEM system for storing logs, facilitating reading, and conducting appropriate auditing and monitoring.
  7. Adopted system protection programs (Antivirus, Antispam, Firewall, Proxy, Intrusion Detection, …).
  8. Network protection procedures.
  9. Encryption algorithms.
  10. Device and system hardening procedures.
  11. Adopted self-protection application programs against cyberattacks (Application Self-Protection).
  12. Backup and data preservation procedures.
  13. Money laundering and terrorist financing combating procedures, including the adopted auditing and monitoring program.
  14. Emergency plan and operational follow-up for the institution's operations and information system.
  15. Commitment to conduct penetration testing of systems and network by specialized, reputable companies (Intrusion Penetration Test) after obtaining authorization.
  16. Documents related to adopted technical programs for hosting data locally (Data Local Hosting) or a Letter of Intent from the contracted company for this purpose.
  17. Documents related to adopted technical programs for providing "Electronic Payment Gateway" service (Payment Gateway) or a Letter of Intent from the contracted company for this purpose.

Appendix No. 2

"Know Your Customer Electronically" Model

To apply compliance and necessary due diligence procedures, the following information must be available at minimum in the "Know Your Customer Electronically" model:

  • Full name (Three names)
  • Mother's name and maiden name
  • Gender
  • Date of birth
  • Place of birth
  • Residence location and record number
  • Nationality
  • Any other nationality
  • Marital status (Single/Married/Divorced/Widowed)
  • Spouse's name and maiden name / Wife's name and maiden name
  • Country of residence
  • Full residential address (City/District/Street/Building name/Floor) and phone number
  • Occupation/Profession
  • Rank
  • Workplace (Company name)
  • Full workplace address and phone number
  • Salary or annual income
  • Any other income sources
  • Beneficial owner
  • Must not have been convicted in the last ten years for any ordinary crime, theft, breach of trust, fraud, or misdemeanor subject to fraud/embezzlement/issuance of worthless checks penalties, or concealing proceeds from such offenses.
  • Must not have ties (residence, work, or any activity/income source) with FATF high-risk jurisdictions subject to call for action (Iran, North Korea, Myanmar).
Share