Board of Directors Decision No. 2 of 2021 Regarding Supervisory Controls for Anti-Money Laundering and Combating the Financing of Terrorism in Non-Banking Financial Activities

 Year 194 H Issued on Monday, 19 Jumada al-Thani 1442 AH (corresponding to February 1, 2021) Number 25 (Continued)

Electronic copy considered valid for trading Egyptian Gazette – No. 25 (Continued) on February 1, 2021

2 Financial Regulatory Authority Board of Directors Decision No. 2 of 2021 dated 2021/1/18 regarding Supervisory Controls in the Field of Anti-Money Laundering and Combating the Financing of Terrorism for Entities Operating in Non-Banking Financial Activities

The Board of Directors of the Financial Regulatory Authority Having reviewed the Law on Private Insurance Funds issued by Law No. 54 of 1975; And the Law on Supervision and Control of Insurance in Egypt issued by Law No. 10 of 1981; And Law No. 146 of 1988 regarding companies operating in the field of receiving funds for investment; And the Capital Market Law issued by Law No. 95 of 1992; And the Central Deposit and Registration of Securities and Financial Instruments Law issued by Law No. 93 of 2000; And the Real Estate Financing Law issued by Law No. 148 of 2001; And the Anti-Money Laundering Law issued by Law No. 80 of 2002; And Law No. 10 of 2009 regulating supervision over non-banking financial markets and instruments; And Law No. 141 of 2014 regulating the activity of financing medium, small, and micro-enterprises; And Law No. 8 of 2015 concerning the regulation of lists of terrorist entities and terrorists; And the Counter-Terrorism Law issued by Law No. 94 of 2015;

Electronic copy considered valid for trading Egyptian Gazette – No. 25 (Continued) on February 1, 2021

3 And the Law regulating the activities of financial leasing and factoring issued by Law No. 176 of 2018; And the Law regulating consumer financing activity issued by Law No. 18 of 2020; And Presidential Decision No. 191 of 2009 regarding the rules governing the management of the Egyptian Exchange and its financial affairs; And the Statute of the Financial Regulatory Authority issued by Presidential Decision No. 192 of 2009; And Board Decision No. 53 of 2018 regarding conditions for granting and renewing licenses and share ownership rules for companies operating in non-banking financial activities; And Board Decision No. 94 of 2018 regarding rules and procedures for trading unlisted securities on the Egyptian Exchange and transfer of ownership procedures; And Board Decision No. 120 of 2019 regarding AML/CFT controls for entities operating in non-banking financial activities; And Board Decision No. 121 of 2019 regarding registration of AML/CFT officers at entities operating in non-banking financial activities with the Authority; And Board Decision No. 23 of 2020 regarding supervisory controls on targeted sanctions and financial restrictions in the field of counter-terrorism and non-proliferation of weapons of mass destruction for entities operating in non-banking financial activities;

Electronic copy considered valid for trading Egyptian Gazette – No. 25 (Continued) on February 1, 2021

4 And Board Decision No. 62 of 2020 regarding AML/CFT controls for companies operating in consumer financing; And Board Decision No. 100 of 2020 regarding corporate governance rules for companies operating in non-banking financial activities; And after coordination with the Anti-Money Laundering and Combating the Financing of Terrorism Unit; And after approval by the Board of Directors in its meeting held on 2021/1/18; Decided: Chapter One: Scope of Application and Definitions (Article One) Scope of Application The AML/CFT controls stipulated in this Decision shall apply to the Egyptian Exchange, financial institutions, and natural persons licensed by the Authority to conduct any non-banking financial activity. The provisions of the Anti-Money Laundering Law, its Executive Regulation, and decisions issued thereunder shall also apply to matters not specifically addressed in this Decision. (Article Two) Definitions For the purpose of applying the provisions of this Decision, the following terms shall have the meanings set forth alongside each: Authority: The Financial Regulatory Authority. Unit: The Anti-Money Laundering and Combating the Financing of Terrorism Unit established pursuant to Law No. 80 of 2002. Law and its Executive Regulation: The Anti-Money Laundering Law issued by Law No. 80 of 2002, its Executive Regulation, and their amendments. Financial Institutions: Legal persons licensed by the Authority to conduct non-banking financial activities. Money Laundering: Any act stipulated in Article (2) of the Anti-Money Laundering Law issued by Law No. 80 of 2002. Terrorist Financing: Any act stipulated in Article (3) of the Counter-Terrorism Law No. 94 of 2015. Terrorist Entities: Associations, organizations, groups, gangs, cells, companies, unions, or similar entities or any other assemblies, regardless of their nature or legal or factual form, that commit any of the acts stipulated in Article (1) of the Law regulating lists of terrorist entities and terrorists No. 8 of 2015. Negative Lists: Lists of terrorist entities and terrorists established pursuant to Law No. (8) of 2015, and lists issued by the UN Security Council related to terrorist financing and financing of weapons of mass proliferation, as well as any other lists prepared by financial institutions or deemed necessary to consult. Unusual Transactions: Transactions that appear exceptional compared to the customer's usual pattern and are identified through reports and internal systems of financial institutions. Suspicious Transactions: Transactions that, upon examination, reveal objective grounds for suspicion that they constitute proceeds of any crime or involve money laundering or terrorist financing.

Electronic copy considered valid for trading Egyptian Gazette – No. 25 (Continued) on February 1, 2021

5 Proceeds: Funds resulting or derived, directly or indirectly, from the commission of any predicate crime. Predicate Crime: Any act constituting a felony or misdemeanor under Egyptian law, whether committed inside or outside the country, provided it is punishable in both jurisdictions. Customer: A natural person, legal entity, or legal arrangement for whom a financial institution opens an account, executes a transaction on their behalf, or provides a service. Beneficial Owner: The natural person who ultimately owns or controls the customer, or the natural person on whose behalf a transaction is being executed, including persons who effectively exercise control over the customer, whether the customer is a legal entity or a legal arrangement. Chapter Two: General Provisions (Article Three) Basic Principles Entities subject to this Decision shall adhere to the following principles: Principle One - Responsibility: Establishing a clear policy on AML/CFT, and formulating internal rules, procedures, and systems to achieve this, taking into account the nature, size, customer base, and products/services offered, and continuously ensuring full compliance with legal requirements and regulatory procedures under the Law, its Executive Regulation, these controls, and other relevant rules. Principle Two - Risk-Based Approach: Adopting a risk-based approach in accordance with the Law, its Executive Regulation, and the controls in this Decision, including identifying, assessing, and understanding potential AML/CFT risks, documenting them in writing and electronically, and periodically updating this assessment and related information, while considering any locally identified risks and any variables that may change AML/CFT risk levels. Entities subject to this Decision must also identify and assess AML/CFT risks arising from the use of modern technological systems in providing services/products, or offering new products/services based on these systems, and take appropriate measures to manage such risks. When identifying and assessing AML/CFT risks, they must consider at least the following elements:

• Types of current and prospective customers.
• Products and services offered or planned.
• Technologies used or planned.
• Risks of relying on third parties, and geographical risks. They must also take necessary measures and procedures to address identified risks. Principle Three - Due Care and Continuous Training: Adopting adequate policies and procedures for selecting and appointing competent and skilled personnel, ensuring their integrity, and subjecting current and new employees to continuous training in AML/CFT as stipulated in this Decision.

Electronic copy considered valid for trading Egyptian Gazette – No. 25 (Continued) on February 1, 2021

6 (Article Four) Customer Due Diligence Procedures Entities subject to this Decision must comply with customer due diligence procedures and other relevant AML/CFT rules and procedures issued by the Unit, immediately upon establishing internal rules for identifying customers (natural persons, legal entities) and beneficial owners. (Article Five) Internal Control Systems Entities subject to this Decision must prepare an internal operations manual approved by their Board of Directors and submit it to the Authority upon approval. It must include systems and procedures to ensure proper application of AML/CFT rules, considering the Law and its Executive Regulation. This manual must be periodically reviewed for updates and improvements, and must include at least the following: -1 Clear detailed procedures to combat money laundering and terrorist financing, including written procedures that precisely define duties and responsibilities. -2 Mechanisms to verify compliance with internal systems established to combat money laundering and terrorist financing. -3 Requirements for effectively managing AML/CFT risks, including human expertise capable of handling these risks and the necessary technological infrastructure. -4 Internal control systems for identifying unusual transactions or suspicious customers, and reporting them to the AML/CFT officer. -5 Procedures to detect if customers are on negative lists, and steps to verify customer identity when opening accounts or starting contracts, plus re-screening procedures when lists are updated. -6 Customer classification systems based on AML/CFT risk levels and risk management, to be updated periodically. -7 Procedures to ensure no collusion between the entity's employees and its customers. -8 Systems ensuring the internal auditor or audit committees, as applicable, in coordination with the AML/CFT officer, review established systems to verify their effectiveness in combating money laundering and terrorist financing, and propose necessary preventive measures or updates. -9 Record and document retention rules that entities must maintain, specifying retention methods. -10 Developing training plans and programs to raise employee awareness and competence regarding AML/CFT rules and systems. Financial institutions with subsidiaries or branches outside Egypt must also implement AML/CFT programs tailored to risks and business volume, covering the policies, procedures, and internal controls in the above items, plus the following: Establish an independent audit unit to test the AML/CFT system. Establish policies and procedures to exchange necessary information for customer due diligence and AML/CFT risk management between financial institutions and their subsidiaries or branches.

Electronic copy considered valid for trading Egyptian Gazette – No. 25 (Continued) on February 1, 2021

7 Establish a mechanism to obtain customer, account, and transaction information from branches or subsidiaries through the internal auditor, internal controller, and/or AML/CFT officer when necessary for compliance, including analysis of all information, reports, or unusual transactions, and must inform the AML/CFT officer at branches/subsidiaries of this information. In all cases, these institutions must ensure their subsidiaries or branches comply with AML/CFT rules under the Law, its Executive Regulation, and this Decision. (Article Six) Reporting Procedures for Suspicious Transactions Entities subject to this Decision must immediately notify the Unit of all transactions suspected of constituting money laundering or terrorist financing, including attempted transactions regardless of amount, within two working days from when the AML/CFT officer has grounds for suspicion. Notification must be on the form prepared by the Unit for this purpose, specifically including suspected transactions or attempts, and particularly: -1 Description of the suspected transaction, parties involved, circumstances of discovery, and current status. -2 Identification of amounts involved in the suspected transaction. -3 Reasons and grounds for suspicion relied upon. -4