Egypt’s central bank orders exchange firms to adopt goAML to curb money laundering risks

FeaturedBanksEgypt News
By Yomna Yasser
Egypt Central Bank of Egypt's
The Central Bank of Egypt's (CBE) headquarters in the new administrative capital (CBE Photo)

Egypt’s central bank has instructed exchange companies to implement the goAML reporting system, stepping up efforts to combat money laundering and tighten oversight of suspicious financial transactions.

In a circular issued on Thursday, the Central Bank of Egypt (CBE) said the system would serve as the official electronic platform for notifying the country’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) Unit of suspicious activities.

The directive builds on regulatory rules issued on 1 Sept., 2025, particularly Clause 6-3, which requires firms to report all suspicious transactions through the unit’s systems and any future platforms it introduces.

The central bank said the adoption of goAML aligns with international best practices and aims to enhance reporting mechanisms while ensuring data confidentiality and safeguarding the financial system.

Tightened Technical Controls

Under the new rules, exchange firms must access the system through a dedicated device connected to the central bank’s network via a secure line. The device must be fully isolated from the company’s internal systems and the internet.

Companies are required to install antivirus, anti-spyware, and anti-malware protections, with automatic updates enabled to ensure continuous protection.

They must also prohibit the use of external storage devices on machines used to access the platform, as part of broader controls to secure infrastructure, software, and applications.

Only licensed operating systems are permitted, with updates applied regularly in accordance with associated risk levels.

Governance and Monitoring Requirements

Firms must maintain audit logs tracking all activity on the system, with regular reviews conducted by the designated AML/CFT officer.

A structured permissions matrix must be implemented to control user access, with ongoing reviews to prevent unauthorised entry. The AML/CFT officer is responsible for assigning and overseeing these access rights.

The central bank also barred granting access to external parties, including vendors responsible for maintaining hardware or operating systems.

Business Continuity Measures

Exchange companies are required to establish contingency plans to ensure continuity of operations in emergencies, as well as controls restricting installed applications on system devices to an approved list.

The exchange firms have been given six months from the date of the circular to comply with the new requirements.

Attribution: Amwal Al Ghad English

Download
Leave a comment