Board of Directors Decision of the Egyptian Financial Supervisory Authority No. (68) of 2012 dated 8/10/2012

Board of Directors of the Egyptian Financial Supervisory Authority

Having reviewed the Capital Market Law issued by Law No. (95) of 1992 and its Executive Regulations,

and the Central Depository and Registration of Securities Law issued by Law No. (93) of 2000 and its Executive Regulations,

and Law No. (10) of 2009 regulating supervision over non-banking financial markets and instruments,

and Presidential Decree No. (192) of 2009 issuing the Basic Statute of the Egyptian Financial Supervisory Authority,

and the approval of the Authority's Board of Directors in its session held on 8/10/2012.

Decided

(Article One)

Brokerage companies wishing to receive buy and sell orders for securities from their clients via the global information network (Internet) shall comply with the executive rules for conducting this activity set forth in Annexes No. (1) and (2) attached to this Decision, and submit a certificate from the Central Depository and Registration of Securities Company confirming compliance with the requirements and conditions stipulated in the aforementioned Annexes.

(Article Two)

Brokerage companies that have obtained the Authority's approval for the services referred to in Article One shall formalize their status in accordance with the provisions of this Decision and its Annexes within six months from the date of its implementation.

(Article Three)

This Decision and its Annexes shall be published in the Egyptian Gazette, and on the websites of the Authority and the Egyptian Exchange, and shall take effect from the day following its publication in the Egyptian Gazette, repealing any provision contrary to the provisions of this Decision and its Annexes.

Dr. Ashraf El-Sharkawy
Chairman of the Board of Directors of the Authority
Office of the Chairman of the Authority
47076

---

Egyptian Financial Supervisory Authority
Egyptian Financial Supervisory Authority (EFSA)

---

Main Address: Smart Village, Building 15-B, Km 28, Cairo/Alexandria Desert Road, Giza Governorate, Postal Code: 11577
Phone: +202 3537 0040
Fax: +202 3537 0041
Email: info@efsa.gov.eg
Website: www.efsa.gov.eg

---

Annex No. (1)

Functional and Technical Specifications for Information Systems and Communications and Systems Infrastructure ### Required to be Available at Securities Brokerage Companies

First: Functional and Technical Specifications for Information Systems Required to be Available at Securities Brokerage Companies:

The Company is required to have a complete and secure information system for recording and processing client data and orders, and for automatically executing and settling these orders. The functional specifications of this system must comply with all operational regulations issued or approved by the Authority, including trading and central depository rules, and the Company must implement any amendments that may be made to such regulations.

The system consists of a set of applications and databases covering all transactions of the brokerage company with clients, and may be provided from any of the following sources:

• A specialized company that supplies, leases, or develops these automated systems in accordance with the Authority's conditions and requirements.
• The brokerage company developing its own system in compliance with the Authority's conditions and requirements.
• A specialized company providing the service to brokerage companies on an ASP (Application Service Provider) basis.

In all cases, the system must provide the following functions and features:

1 - Client Accounts

Opening and managing a separate account at the Company for each client, with the ability to extract the client's cash balance. The Company's transactions on clients' cash accounts are considered for the following purposes:

• Receiving and disbursing cash to and from clients and recording these movements in their accounts.
• Debiting the client's account to pay for purchases.
• Issuing checks, payment orders, or transfers for the benefit of the client.
• Deducting brokerage commissions via a debit advice according to the rates agreed upon with the client.

2 - Settlement

The Company is obligated to settle the client's position according to the time period required for clearing and settlement of different securities, and to do the following:

• Notifying the client automatically or manually via a registered letter with acknowledgment of receipt regarding settlement, with the notification including (the traded securities, trading price, value, and commissions collected).
• Disclosing and settling the daily position with clearing and settlement accounts and information, and transfer movements to and from client accounts.

3 - Receiving and Managing Client Orders

Companies may receive client orders through any of the following means:

• Receiving orders in writing during the client's presence at the Company or its branches.
• Receiving orders by phone, for companies licensed to do so.
• Receiving orders via the global information network (Internet), for companies licensed to do so.
• Receiving orders via email, provided they are signed by the client with a valid electronic signature certificate issued by one of the entities licensed by the Information Technology Industry Development Agency (ITIDA), and the signature may be on the email message itself or on an electronic document attached to the message.

In all cases, the means of receiving orders must be disclosed to the client, and written consent must be obtained from the client for their use in dealings with the Company.

The order receiving means must meet the following requirements:

• Verifying the client's status and identity before receiving their orders.
• Receiving, recording, and timestamping client orders in a manner that prevents denial by either party.
• Allowing the order receiving means to be audited retrospectively for the period during which records and documents must be retained.

Furthermore, the client order receiving and management system at the brokerage company must achieve the following:

• Verifying the client's identity, status, and spending capacity.
• Recording information exchanged between the client and the Company.
• Recording the client's orders and their sequence with the order receipt timestamp.
• Verifying the availability of client balances (cash or securities) in accordance with governing rules.
• Verifying that the client's order complies with the trading limits set by the Company for that client according to the Company's applied risk policy.
• Automatically entering the order into the trading system after Company approval (fully automatic or semi-automatic) of the order.
• Providing the client with confirmation of the order's nature, volume, and terms.
• Recording the time the client's order was sent for execution.
• The system must allow the client, during the period the order is pending execution, to do the following:
  • Inquire about the order status.
  • Issue a cancellation order for a previous order (with notifying the client that cancellation is subject to non-completion of execution at the Exchange before the cancellation order arrives). The cancellation order is subject to the other provisions and conditions of execution orders.
  • Receive and automatically record the order status from the Exchange's trading system.

4 - Internal Regulatory and Audit Reports

• Issuing a report compiling the Company's trading activities daily, weekly, monthly, quarterly, and annually.
• Issuing a daily report of the Company's client order log, and issuing a daily electronic copy of this report.
• The Company is obligated to retain these electronic copies for at least five years in PDF file format.
• Comparing the Company's trading volume with its net capital and calculating capital adequacy ratios during periods stipulated by laws, regulations, and decisions issued on this matter.
• Ability to print a list of all the Company's clients.
• Generating a report of registered client data at the Company.
• Ease for regulatory authorities to access and obtain electronically recorded data, whether at the headquarters or branches.

5 - System Security and Integrity

The Company's technical information systems must operate to achieve the following:

• Protecting the confidentiality of client accounts, data, and related information.
• Preventing modification or deletion of any data or information once recorded or processed through this system.

6 - Document Retention System

Trading and back-office systems must contain Transaction Logs, which shall be retained for at least five years and cover all transactions. In the event of a legal dispute with a client, the Company is obligated to retain all documents and records until the dispute is resolved or a final judicial ruling is issued.

7 - Inspection and Supervision of Communications and Systems Infrastructure

1 - Communication Lines

The Company must provide the infrastructure for automatic connection to the Exchange's trading system according to the technical specifications set by the Exchange and approved by the Authority. This shall be through a primary communication line and a backup line, and both lines may operate in active-active or active-passive mode, such that line utilization does not exceed 70% of the total effective capacity for more than 15 minutes per week, consecutively or intermittently. A communication line must also be available between the Company's backup center and the Egyptian Clearing Company, with a capacity of no less than 512 kb.

2 - Financial Information Exchange (FIX) Message Sending and Receiving System

The Company must be equipped with a FIX system that automatically sends orders to both the Exchange and the Egyptian Clearing and Depository Company. It also receives the status of previously sent orders regarding order acceptance or rejection. The client's back-office system must also be compatible with the FIX system, including all definitions clarifying the order source, with orders executed through a broker licensed by the Authority and the Exchange.

3 - Protection and Security Systems

• A firewall system must be installed to secure all external communication networks – i.e., internet connection networks as well as networks connected to various market participants – which may be achieved through multiple firewall exits.
• Periodic operational maintenance of firewall devices and security rules must be conducted, with regular updates to the rules, configurations, and patches.
• Periodic updates must be applied to various operating systems and applications, including security patches issued by manufacturers.

4 - Central Computers

The Company's central computers must include the following:

• A modern operating system compatible with central server systems (dedicated or virtual).
• An operating system functioning as an application server.
• Central computers acting as database servers featuring continuous operation systems: cluster, hot-standby, or fault-tolerant.
• A dedicated server for running the FIX message sending and receiving system.

5 - Operating Procedures

The Company must have – whether through direct hiring or contracting with a service provider – technically qualified specialists in the following fields: databases – operating systems – communication networks – information system security.

6 - Supervision and Inspection of the Company's Technical Infrastructure for Information Systems

Specifications of all devices, central computers, and communication equipment to be installed at the Company's premises must be submitted to the Authority, and approval must be obtained before use.

All systems, equipment, and operating methods must be subject to external supervision and inspection in accordance with the rules established by the Egyptian Financial Supervisory Authority, the Egyptian Exchange, and the Egyptian Clearing and Depository Company.

Office of the Chairman of the Authority
47076