Lebanon FinTech Comparative Guide

Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

RESULTS: Answers

4. Results: Answers

FinTech

Close all

Open all

Technologies

3.1

How are the following key technologies in the fintech space regulated and what specific legal issues are associated with each? (a) Internet (e-commerce); (b) Mobile (m-commerce); (c) Big data (mining); (d) Cloud computing; (e) Artificial intelligence; and (f) Distributed ledger technology (Blockchain, cryptocurrencies)

Lebanon

Aljad Law

Answer ... (a) Internet (e-commerce)

The Electronic Transactions and Personal Data Law sets out the legal framework for transactions carried out through electronic means. It regulates e-commerce, e-contracts, electronic documents and digital signatures. E-commerce is also generally subject to:

the Code of Commerce;
the Code of Obligations and Contracts;
the Code of Civil Procedure; and
the Consumer Protection Law.

Fintechs offering e-commerce services must adhere to certain measures/restrictions, including the following:

providing easy and direct access to clients on their identification information and contact information, and detailed information on prices, including fees, expenses, taxes and so on;
refraining from communicating unsolicited marketing and advertising emails without the recipient’s prior consent or without obtaining the recipient’s details through a previous communication; and
ensuring that certain details are communicated to the client when offering an e-contract, such as:
- the terms and conditions, with the option to copy and duplicate them;
- the steps for concluding the electronic contract; and
- the official language of the contract.

Electronic documents and contracts have the same probative value as paper documents and contracts, subject to certain conditions, including the following:

The sender of the electronic document must be identifiable; and
The electronic documents and contracts must be organised and stored in a manner that ensures their safety.

The electronic transfer of money is regulated by the BDL, primarily through BDL Basic Circular 69/2000 on Electronic Financial and Banking Operations. The Electronic Transactions and Personal Data Law grants the BDL further extensive authority for the regulation of electronic banking and financial services. E-payments and money transfers may only be carried out by banks, financial institutions or other institutions legally authorised or licensed by the BDL.

E-payment service providers must take steps, among other things, to:

provide clear and explicit terms and conditions of e-payments to the client pursuant to the BDL’s regulations, including rights and obligations relating to electronic banking services, fees, expenses and so on;
obtain the client’s prior written consent to the conditions governing e-payments, transfers and their cancellation;
take all necessary risk mitigation measures;
store and protect data against disclosure, destruction, misuse, loss and theft;
facilitate the BDL’s access to its systems for supervision purposes;
have their external auditors prepare an annual report concerning electronic operations;
maintain secrecy in transactions; and
ensure compliance with applicable laws, regulations and guides on data protection, cybersecurity, anti-money laundering (AML), counter-terrorist financing and so on.

Specific legal issues associated with e-commerce in Lebanon include the absence of implementing regulations for the Electronic Transactions and Personal Data Law and specific cybersecurity legislation. Cybersecurity is governed only by BDL Basic Circular 144/2017 and a guide on combating financial cybercrime issued jointly by the BDL and the Anti-cybercrime and Intellectual Property Rights Bureau, which sets out preventive measures and corrective actions both for the financial sector and for non-financial companies.

(b) Mobile (m-commerce)

M-commerce is governed by the same legislation as applies to e-commerce. Mobile payment service providers and banks offering mobile services are bound by the same obligations as licensed and authorised electronic payment service providers (see question 3.1(a)).

Banking operations executed by mobile between customers of different banks are prohibited, except for the receipt by a bank of a bank transfer request from a customer, provided that:

the transfer is not instantly executed through a mobile application or software;
the back office of the relevant bank verifies that the transfer request complies with the applicable laws and regulations; and
the transfer is executed solely through the usual conventional methods (ie, through SWIFT).

However, customers of different banks may carry out electronic banking or financial operations through applications and software installed on mobile and electronic devices, using bank cards and/or accounts, provided that, among other things:

the BLD’s prior approval is obtained for such applications and software;
the operations are executed instantly between the customers;
the value of such operations does not exceed certain thresholds, as determined by the BDL; and
the operations are in line with the applicable compliance and AML laws and regulations.

(c) Big data (mining)

No specific legislation deals expressly with big data in the fintech space.

However, any processing, storage or transmission of personal data must be compliant with the provisions of the Electronic Transactions and Personal Data Law (see question 5 for more details) and the Consumer Protection Law.

Moreover, the BDL has issued Basic Circular 146/2018 requiring all banks, financial institutions and other regulated institutions to take all appropriate measures in line with the provisions of the General Data Protection Regulation (GDPR) promulgated by the European Parliament and the Council of the European Union on 27 April 2016, and notify the compliance unit at the BDL of the procedures and measures adopted in this regard.

(d) Cloud computing

There are no specific regulations on cloud computing in Lebanon. Nevertheless, any cloud computing involving personal data must comply with the Electronic Transactions and Personal Data Law and the Consumer Protection Law.

However, cloud computing is specifically prohibited with regard to certain activities, such as crowdfunding; and crowdfunding licensed institutions are prohibited from storing databases through any form of shared cloud computing. Moreover, although there is no express legal prohibition against banks using cloud computing, the Banking Secrecy Law seems to be an obstacle for Lebanese banks, due to the requirements on the protection of client data under that law. It has been informally reported that the BDL does not seem amenable to banks’ use of cloud computing in light of this issue.

(e) Artificial intelligence

Artificial intelligence is not expressly regulated under Lebanese law.

(f) Distributed ledger technology (Blockchain, cryptocurrencies)

The BDL has long adopted a rather unfavourable stance towards cryptocurrencies and has warned Lebanese banks and financial institutions against their use, pending the enactment of relevant laws and regulations. However, it was recently reported in the press that the governor of the BDL may be launching a Lebanese cryptocurrency. The BDL is vested under the Electronic Transactions and Personal Data Law with extensive authority with regard to the issuance and regulation of electronic and digital money.

No specific regulations explicitly regulate blockchain in Lebanon.

For more information about this answer please contact: Lama Abou Ali from Aljad Law

Contributors

Topic

FinTech