1 Legal and enforcement framework

1.1 In broad terms, which legislative and regulatory provisions govern the fintech space in your jurisdiction?

This Q&A discusses the legal framework for fintech as applicable in Federal Iraq, with the exclusion of the Kurdistan Region of Iraq.

The fintech space is not subject to specific legislative and regulatory provisions in Iraq. However, fintech companies may be subject to specific laws and regulations applying to banks, financial institutions and insurance companies if they carry out such regulated activities.

The main laws and regulations that may apply to fintechs, depending on the types of activities that they carry out include the following:

Technology laws and regulations:

  • E-signature and E-transactions Law (78/2012); and
  • Electronic Payment Services System Regulation (3/2014);

Banking laws and regulations:

  • Central Bank of Iraq Regulation (28/2/1994);
  • Central Bank Law (56/2004);
  • Banking Law (94/2004);
  • Financial Investment Companies Regulation (6/2011);
  • Central Bank of Iraq Regulation (611/14 of 2019); and
  • Central Bank of Iraq Regulation (1/2018) as amended by Regulation 30/12/2019.

Other laws and regulations:

  • Civil Code (40/1951);
  • Penal Code (111/1969);
  • Companies Law (21/1997);
  • Capital Markets Interim Law (74/2004);
  • Insurance Business Regulation (10/2005);
  • Consumer Protection Law (1/2010); and
  • Anti-money Laundering and Counter-Terrorism Financing Law (39/2015).

1.2 Do any special regimes apply to specific areas of the fintech space?

Iraq has not enacted a specific regime applying to the fintech space.

However, a special regime may apply to certain regulated activities carried out by fintech companies, such as the provision of electronic payment services. Based on the Electronic Payment Services System Regulation (3/2014), the providers of electronic payment services must obtain a licence from the Central Bank of Iraq (CBI).

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

The main regulators responsible for enforcing the laws and regulations applicable to fintechs that conduct regulated activities are as follows:

  • The CBI is responsible for granting licences to institutions that conduct banking operations and to electronic payment service providers;
  • The Iraqi Insurance Diwan is responsible for granting licences to institutions that carry out insurance activities; and
  • The Iraq Securities Commission is responsible for supervising the Iraq Stock Exchange and issuing laws relating to investment management activities and investment advice for brokers, banks and securities companies.

1.4 What is the regulators' general approach to fintech?

The CBI has taken a rather favourable approach to fintech, as reflected in its Decision 14/611 of 2019 on governance and institutional management of information and communication technology in the banking sector. This decision sets out certain criteria to be implemented by banks, financial institutions and other licensed institutions when dealing with cloud computing service providers. Moreover, the Electronic Payment Services System Regulation (3/2014) authorises non-bank payment service providers to provide electronic payment services, subject to a licence from the CBI.

However, the CBI's attitude to the use of cryptocurrency is not favourable. In a statement issued on 3 December 2017, it prohibited the use of cryptocurrencies, subject to sanctions under the Anti-money Laundering and Counter-Terrorism Financing Law.

The Iraq Securities Commission has not yet issued any fintech-related laws and regulations governing the licensing and operations of crowdfunding platforms.

Regarding insurtech, the Iraqi Insurance Diwan has not yet issued any laws or regulations authorising or prohibiting the same.

1.5 Are there any trade associations for the fintech sector?

There are no trade associations for the fintech sector in Iraq.

2 Fintech market

2.1 Which sub-sectors of the fintech industry have become most embedded in your jurisdiction?

The fintech industry in Iraq covers a limited range of sub-sectors, such as mobile and electronic payments and telecommunications; these are reportedly the only two competitive tech sectors in Iraq.

Other nascent tech areas that remain underdeveloped include online shopping, trading and electronic services, and smartphone applications.

Iraq is adopting fintech at a slow pace, and overall investment in fintech and the enactment of related regulations have been low, compared to other countries in the region. This is due to many factors, including:

  • the large unbanked population – according to an analytical note entitled "Bringing Back Business in Iraq" published on 1 January 2019 by the World Bank Group, only 23% of Iraqi households have access to an account with a financial institution;
  • the cost of internet and mobile services, relative to income, which limits demand for digital financial services; and
  • the fact that Iraqis prefer cash on delivery in e-commerce transactions, due to concerns about security of online payments.

2.2 What products and services are offered?

While mobile and electronic payment services are increasing, they are not as widely used as in other countries in the region. The most common payment methods remain cash on delivery and bank transfer, with limited credit card use. E-commerce (food, real estate, shipping, transportation and travel services), e-banking and digital payments are reported as major underdeveloped sectors in Iraq.

Electronic payment services authorised in Iraq include managing deposits and cash withdrawals through automated teller machines and executing electronic debit and credit payments. Such electronic payments are made through any means of digital communication and information technology, or network operator acting as an intermediary between the user and the supplier of services, or any other recipient, through mobile phone transfers.

Electronic payment service providers licensed in Iraq may also facilitate access to loans from banks, disbursed directly to the user's credit card.

2.3 How are fintech players generally structured?

Electronic transactions are regulated in Iraq under the E-signature and E-transactions Law. However, online and technology businesses are not regulated as such in Iraq. This means that e-commerce sites and mobile applications are not legally considered as businesses, unless they have a physical office address in Iraq. Therefore, tech start-ups generally elect to register their businesses as ‘bricks and mortar' companies for legal recognition.

Fintech services are also provided by banks that operate based on a licence from the Central Bank of Iraq (CBI).

2.4 How are they generally financed?

Financing options for fintech companies operating in Iraq are very limited.

Many start-ups in Iraq self-finance their fintech businesses or seek funding from family and friends. Other financing options may include donations, seed funds and grants from incubators. A less accessible option for fintech start-ups in Iraq is investment by angel investors; the terms of such investments are often unfavourable to fintech entrepreneurs, as angel investors often seek a majority stake in the start-up.

2.5 How are they positioned within the broader financial services landscape?

The lack of electronic payments makes the expansion of fintech companies challenging. Fintechs in Iraq do not yet constitute a competitive threat to institutions offering traditional financial services. Authorised electronic payment service providers rely on banks to facilitate client access to certain products, such as loans, which are credited by banks directly to customers' credit cards.

2.6 Do start-ups generally outsource back office functions and is there a developed market for them to access? What are the legal implications of outsourcing?

We believe that the most relevant outsourcing by fintechs in Iraq currently concerns cloud computing.

Banks, financial institutions, payment service providers, exchange counters and other licensed institutions must comply with Central Bank of Iraq Decision 14/611 of 2019 when outsourcing to cloud computing service providers. Upon engaging in such activities, these institutions must take into account operational risks and factors such as confidentiality, integrity, cybersecurity, regulatory compliance and data transfer. The measures to be implemented by banks, financial institutions and other licensed institutions to ensure the safety of operations include:

  • user identity management systems;
  • identification and protection of personal data; and
  • security and protection systems that prevent hacks and attacks.

The legal issues associated with outsourcing to cloud computing service providers include cybersecurity risks and protection of personal data by cloud computing service providers. In order to mitigate such risks, banks must have the cloud computing service provider sign a non-disclosure agreement. Banks must further ensure that they have the right to audit the cloud computing service provider, to verify its ability to protect the safety and integrity of data. Banks much ensure that the cloud computing service provider returns all data upon termination of the agreement and destroys any copies thereof in its possession.

3 Technologies

3.1 How are the following key technologies in the fintech space regulated and what specific legal issues are associated with each? (a) Internet (e-commerce); (b) Mobile (m-commerce); (c) Big data (mining); (d) Cloud computing; (e) Artificial intelligence; and (f) Distributed ledger technology (Blockchain, cryptocurrencies)

(a) Internet (e-commerce)

The E-signature and E-transactions Law sets out the legal framework for transactions carried out through electronic means. The Electronic Payment Services Regulation governs the electronic transfer of money. Electronic payment service providers must be licensed by the Central Bank of Iraq (CBI).

Every payment service provider must take steps, among other things, to:

  • provide safe services to customers;
  • take the necessary risk mitigation measures;
  • store and protect data against disclosure, destruction, misuse, loss and theft;
  • facilitate the CBI's access to its systems for supervision purposes; and
  • maintain secrecy in banking transactions.

Electronic documents and contracts have the same probative value as paper documents and contracts, provided that, among other things:

  • they are stored with a possibility of retrieval;
  • they are kept in the same form as created, sent or received, or in any way that facilitates the verification of the accuracy of the information; and
  • the sender, receiver and date and time of sending and receipt of such electronic documents and contracts are all identifiable.

Specific legal issues associated with e-commerce in Iraq include the absence of specific data protection and cybersecurity legislation. Iraq has prepared draft laws on cybercrimes and telecommunications and information technology, but these drafts have not yet been enacted.

(b) Mobile (m-commerce)

Mobile commerce is governed by the same legislation and regulation applicable to e-commerce (see question 3.1(a)).

Mobile payment service providers are bound by the same obligations as payment service providers and must further undertake the following actions, among other things:

  • entering into contracts with mobile operators and providing copies thereof to the CBI; and
  • settling payments in Iraq in the national currency.

Specific legal issues associated with m-commerce in Iraq include the absence of specific data protection and cybersecurity legislation. Iraq has prepared draft laws on cybercrimes and telecommunications and information technology, but these drafts have not yet been enacted.

(c) Big data (mining)

There are no specific big data-related regulations in the fintech space in Iraq.

(d) Cloud computing

CBI Decision 14/611 of 2019 sets out certain criteria to be implemented by banks, financial institutions, payment service providers, exchange counters and other licensed institutions when dealing with cloud computing service providers. Upon engaging in such activities, these institutions must take into account operational risks and factors such as confidentiality, integrity, cybersecurity, regulatory compliance and data transfer. The measures to be implemented by banks, financial institutions and other licensed institutions to ensure the safety of the operations include:

  • user identity management systems;
  • identification and protection of personal data; and
  • security and protection systems that prevent hacks and attacks.

The legal issues associated with outsourcing to cloud computing service providers include cybersecurity risks and protection of personal data by cloud computing service providers. In order to mitigate such risks, banks must have the cloud computing service provider sign a non-disclosure agreement. Banks must further ensure that they have the right to audit the cloud computing service provider, to verify its ability to protect the safety and integrity of data. Banks much ensure that the cloud computing service provider returns all data upon termination of the agreement and destroys any copies thereof in its possession.

(e) Artificial intelligence

Artificial intelligence is not expressly regulated under Iraqi law.

(f) Distributed ledger technology (Blockchain, cryptocurrencies)

Blockchain and cryptocurrencies are not expressly regulated in Iraq.

4 Activities

4.1 How are the following key activities in the fintech space regulated and what specific legal issues are associated with each? (a) Crowdfunding, peer-to-peer lending; (b) Online lending and other forms of alternative finance; (c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb); (d) Forex; (e) Trading; (f) Investment and asset management; (g) Risk management; (h) Roboadvice; and (i) Insurtech.

(a) Crowdfunding, peer-to-peer lending

Crowdfunding and peer-to-peer lending are not expressly regulated in Iraq.

(b) Online lending and other forms of alternative finance

Online lending activities are not specifically regulated in Iraq. Nevertheless, we believe that the Consumer Protection Law (1/2010) and the E-signature and E-transactions Law (78/2012) are applicable to such activities.

Regarding forms of alternative finance, Iraq has an emerging microfinance sector that provides financing for low-income Iraqi entrepreneurs through credit-focused micro-finance institutions operating across Iraq. However, the sector's overall growth and development have been hindered by the lack of a specific legal and regulatory framework. Micro-finance institutions are usually established as non-governmental organisations, and thus mainly rely on grants and are not authorised to raise equity or accept deposits.

(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb)

Electronic payment services are governed by the Electronic Payment Services System Regulation.

Electronic payment services authorised in Iraq include managing deposits and cash withdrawals through automated teller machines and executing electronic debit and credit payments. Such electronic payments are made through any means of digital communication and information technology, or network operator acting as an intermediary between the user and the supplier of services, or any other recipient, through mobile phone transfers.

These services are subject to the supervision of the CBI. Payment service providers must take all necessary measures and submit all requested documents to ensure the efficiency of such supervision.

(d) Forex

Forex companies are regulated under CBI Regulation 1/2018, as amended by CBI Regulation 30/12/2019, and are generally required to be established as a company limited by shares.

A licence from the CBI must be obtained in order for the forex company to conclude forex operations which include:

  • acting as a broker for the purchase and sale of foreign currencies;
  • purchasing and selling foreign currencies for its own account, with a ceiling not exceeding 75% of its capital in one day;
  • opening bank accounts in local and foreign currencies with a licensed bank in Iraq in the name of the company, provided that all of the company's funds are deposited in its accounts;
  • initiating and receiving internal transfers (inside Iraq) in local or foreign currencies; and
  • obtaining credit facilities in an amount not exceeding 50% of the company's capital from licensed banks for the purpose of providing cash liquidity to fulfil the company's objectives.

In order to ensure compliance with the provisions of the licence granted, a forex company must:

  • provide the CBI with a bank guarantee equivalent to 50% of its capital from a licensed bank in Iraq; or
  • deposit an amount of IQD 100 million in a securities account at a licensed bank in Iraq.

However, certain operations are prohibited, including the following:

  • opening accounts for clients in its own books;
  • acting as broker for the purchase and sale of precious metals;
  • granting any direct or indirect loans, guarantees or facilities;
  • discounting commercial notes;
  • conducting foreign transfers; and
  • accepting deposits of any kind.

Additionally, the company's records and transactions are subject to audit and inspection by the Forex Supervision Department of the CBI. The forex company is obliged to submit its annual financial statements to the CBI and to establish an electronic information system that includes the following:

  • sales and daily purchases of customers;
  • quarterly and annual accounts; and
  • accounting procedure programmes.

Forex companies are subject to:

  • CBI Decision 14/611 of 2019, which sets out certain criteria for conducting electronic payment services and dealing with cloud computing service providers (see question 3.1(d)); and
  • CBI Decision 5/9/468 of 2017, which sets out certain anti-money laundering for forex companies.

(e) Trading

Trading on the Iraq Stock Exchange is reserved to authorised brokers, as per the Capital Markets Interim Law (74/2004). This law sets out the conditions and requirements that must be satisfied by an Iraqi company for listing on the Iraq Stock Exchange.

Brokers authorised to trade on the capital markets may be local or foreign banks authorised by the CBI or companies specialised in the trading of stocks, asset management or investment consultancy.

Authorised brokers must adhere to the following obligations:

  • Protect confidential information of investors;
  • Act with honesty and integrity, and adhere to market rules and business principles;
  • Work in favour of and for the benefit of investors and preserve their rights; and
  • Refrain from engaging in fictitious transactions and all forms of market manipulation that could mislead and deceive investors or create a false impression of market effectiveness.

(f) Investment and asset management

Investment companies must be licensed by the CBI as per the Financial Investment Companies Regulation (6/2011). The records and financial statements of investment companies are subject to inspection and audit by the CBI.

Investment companies' activities include:

  • purchase and sale of treasury bills and governmental bonds through banks for their own account or for the account of their clients;
  • purchase and sale of securities, bonds and other permitted financial instruments;
  • investment in other companies;
  • management of investment portfolios for their own account or for the account of their clients;
  • issuance of loan bonds and deposit certificates;
  • investment of part of their funds in fixed deposits with banks; and
  • preparation of economic, technical and financial studies for Iraqi and foreign investors' projects.

Investment companies may further obtain the approval of the Iraq Stock Exchange to practise brokerage activities for the sale and purchase of securities.

Regulated investment companies are also vested with the right to manage investment portfolios for their own account or for the account of their clients.

Banks are also vested with the power to preserve and manage valuable securities as per the Banking Law (94/2004).

(g) Risk management

Banks, brokerage firms and all licensed electronic payment service providers are required, under CBI Decision 611/14 of 2019, to establish risk management measures including the following:

  • a risk management committee constituted from the institution's board of directors, vested with the power to develop a risk management strategy and set out risk management roles and responsibilities;
  • a risk management department that takes charge of all risk management activities regarding information and communication technology (ICT);
  • a systematic and coordinated framework for ICT risk management which identifies and evaluates threats, risks and vulnerabilities that may arise and implements international standards (eg, ISO 31000, NIST, COBIT for RISK and ISO/IEC 27005:2018); and
  • an effective internal control practice to achieve data confidentiality and system security, reliability, flexibility and recoverability.

(h) Robo Advice

Robo advice activities are not specifically regulated in Iraq.

(i) Insurtech

There is no specific legislation governing insurtech activities in Iraq. We believe that such activities may be subject to the Insurance Business Regulation Act (10/2005), which regulates traditional insurance activities in Iraq.

The Iraqi Insurance Diwan is a department of the Ministry of Finance that is responsible for licensing and regulation of the insurance sector in Iraq. Insurance activities in Iraq may be conducted only by:

  • Iraqi public companies;
  • Iraqi joint stock companies (private/mixed);
  • branches of foreign insurers registered in Iraq;
  • takaful or retakaful entities; and
  • insurers or reinsurers that have the financial capacity to perform such activities.

Thus, fintechs must fall into one of the above categories in order to provide insurance services, and must comply with the requirements of the Insurance Business Regulation Act, including the condition to obtain a licence from the Iraqi Insurance Diwan, minimum capital requirements and tax obligations.

Fintechs licensed by the Iraqi Insurance Diwan may:

  • use electronic and computer data as evidence of insurance activities, as may be permitted by a court of law at its discretion;
  • substitute original documents, reports and statements with microfilms; and
  • use computers and other modern technology devices to organise their financial operations. The information derived from these operations is of equal value to that in the trade books that are legally required to be held by insurance companies.

5 Data security and cybersecurity

5.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?

There is no specific data protection regime in Iraq. Generally, the processing of personal data is governed by the general rules under applicable Iraqi laws, including the Iraqi Constitution of 2005, the Civil Code and the Penal Code.

In general, the Iraqi Constitution protects the right to personal privacy, so long as it does not contradict the rights of others and public morals. It further stipulates that the freedom of communication and correspondence shall be guaranteed and may not be monitored, wiretapped or disclosed, except for legal and security reasons necessitated by judicial decision. Certain criminal acts as defined in the Penal Code may be linked to the improper use of personal data, such as defamation and disclosure of confidential information.

More specifically, certain provisions of several laws and regulations are applicable to data protection in the fintech space. These include the following:

  • The Banking Law (94/2004) requires banks to maintain banking and professional secrecy with regard to accounts, deposits, securities and clients' deposit boxes. Clients' data must not be directly or indirectly disclosed without their written consent.
  • Employees of the Iraq Securities Commission, established by virtue of Coalition Provisional Authority Order 74/2004, must not disclose any confidential information that comes to their knowledge in the course of their job, subject to sanctions imposed by the commission. Moreover, brokers must keep investors' private information confidential.
  • Payment service providers must take the necessary steps to store and protect clients' data against disclosure, destruction, misuse, loss and theft, and maintain secrecy in banking transactions.

5.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?

There is no general cybersecurity regime in Iraq. Draft laws on cybercrimes and telecommunications and information technology have been prepared, but have not yet been enacted, and their content may be subject to review by the Iraqi Parliament before their enactment.

Nevertheless, certain provisions found in several laws and regulations are applicable to cybersecurity in the fintech space. These include the E-signature and E-transactions Law (78/2012), the Electronic Payment Services Regulation (3/2014) and Central Bank of Iraq Decision 14/611 of 2019, which compel banks, financial institutions and other licensed institutions such as payment service providers to implement measures to mitigate cybersecurity risks. These measures include:

  • user identity management systems;
  • identification and protection of personal data and security; and
  • protection systems that prevent hacks and attacks.

6 Financial crime

6.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for fintech companies?

Money laundering is governed by the Anti-money Laundering and Counter-Terrorism Financing Law (39/2015).

Payment service providers and other parties that undertake financial activities or execute transactions for or on behalf of customers are obliged to take all necessary customer due diligence measures before or in the course of opening an account or establishing a business relationship, and before carrying out a transaction or a wire transfer above a certain threshold for an incidental customer. Such financial activities or transactions include the following:

  • accepting deposits and other repayable funds from the public, including private banking services;
  • lending;
  • providing money or value transfer services;
  • issuing and managing means of payment, such as credit and debit cards, bills, traveller's cheques and electronic money;
  • trading in money market instruments, financial derivatives, foreign exchange and securities;
  • investing, administering or managing funds; and
  • concluding life insurance contracts and other types of investment-related insurance as a provider or broker of the insurance contract.

Financial institutions must also, among other things, adhere to the following obligations:

  • Establish and implement anti-money laundering and counter-terrorism financing programmes;
  • Establish policies, procedures, systems and internal controls to assess and mitigate risks;
  • Provide supervisory authorities with such risk assessment;
  • Establish an independent audit function to assess the effectiveness of policies and procedures and their implementation;
  • Report any suspicious transactions; and
  • Refrain from opening anonymous accounts and from dealing with persons who are subject to international or local sanctions.

Financial institutions must adhere to these obligations at the level of the financial group, including branches and majority-owned subsidiaries of institutions operating outside Iraq, as long as these provisions do not contradict to provisions of laws in effect in the other country.

Other financial crimes are regulated under:

  • the Criminal Code (111/1969);
  • the Law on Integrity and Illegitimate Gain (30/2011);
  • the Income Tax Law (113/1982);
  • the Regulation on Trading on the Stock Exchange (16/2011); and
  • bilateral and multilateral cooperation agreements signed by Iraq.

Such crimes include breach of trust, forgery, fraud, bribery, corruption, embezzlement, market manipulation, insider trading and tax evasion.

The main challenge for fintechs that specifically provide payment services is to ensure compliance with applicable financial laws and regulations, given the money laundering, terrorist financing and tax evasion risks associated with online payments and money transfers.

7 Competition

7.1 Does the fintech sector present any specific challenges or concerns from a competition perspective? Are there any pro-competition measures that are targeted specifically at fintech companies?

The Competition and Antitrust Law (14/2010), which promotes competition and prohibits anti-competitive practices, applies to natural and legal persons undertaking production or trade activities or providing services. The law provides for the establishment of an Antitrust Council; however, as yet this council has not been established.

Any activity or agreement which has the purpose of disrupting competition – including fixing the prices of goods and services or conditions of sale, obstructing market entry or gaining competitive advantage by selling at a loss – is prohibited.

No pro-competition measures are targeted specifically at fintechs. However, fintech companies undertaking production or trade activities or providing services are subject to the Competition and Antitrust Law and benefit from the protections granted thereunder.

8 Innovation

8.1 How is innovation in the fintech space protected in your jurisdiction?

Innovation in the fintech space is protected primarily under the following IP laws:

  • the Patents and Industrial Designs Law (65/1970);
  • the Copyright Protection Law (3/1971); and
  • the Trademarks Law (21/1957).

Innovations in the field of computer programs (software), including source codes and processed data, are protected by copyrights as ‘literary works'. Copyrights do not require registration; they are inherent in a literary work and belong to the creator.

A patent is awarded for an invention which is novel, is innovative and has industrial applicability. The invention can be for either a new industrial product or process or the application of a previously known process. A patent grants its registered owner protection against unauthorised usage or copying for a period of 20 years as from the date of filing.

Trademarks relating to innovations in the fintech space may be registered to prevent unauthorised use of identical or similar signs.

In addition to the above protections granted by the relevant IP laws, further protections to fintech innovations and related confidential trade secrets may be contractually agreed.

8.2 How is innovation in the fintech space incentivised in your jurisdiction?

Innovation in technology is incentivised under the Creators' Incentives Law (1/1998) when it involves, among other things, the introduction of new and evolving systems, methods or work contexts that lead to improved and developed performance and production, or reduced cost and time; or that make an integral and distinguished contribution to the fields of science, technology, thought, literature or the arts. Title is granted by the Evaluating Innovation Committee within each ministerial or non-ministerial body, where the product or project fulfils one of the conditions listed in the Creators' Incentives Law.

Moreover, low income-generating projects in which the number of employees does not exceed 10 are supported by the Small Enterprises Support Fund, established under Law 10/2012. Such projects are exempt from income tax and certain fees, depending on the project. This law encourages the establishment of incubators that aim to support the development of small economic projects.

9 Talent acquisition

9.1 What is the applicable employment regime in your jurisdiction and what specific implications does this have for fintech companies?

Employment in the private sector in Federal Iraq is governed by the Iraqi Labour Law (37/2015). Other sources of law further regulate employment, such as governmental decrees and decisions of the Ministry of Labour and Social Affairs, collective agreements, the Retirement and Social Security Law (39/1971), customary practices and international treaties.

Employees' rights include the following:

  • a minimum monthly wage of IQD 350,000 (approximately $293.29);
  • an annual holiday of 21 days that increases gradually with years of service;
  • a cap of 48 working hours per week that can be increased only in certain conditions and subject to payment of an overtime wage;
  • family leave such as maternity leave;
  • annual sick leave of 30 days;
  • severance pay equivalent to two weeks' pay for each year of service;
  • a statutory notice period of at least 30 days;
  • protection against unfair dismissal; and
  • freedom to establish and join trade unions.

Employees are protected against discrimination, including any distinction, exclusion or preference based on race, colour, sex, religion, sect, political opinion and belief, origin, nationality, age, health, economic or social conditions, affiliation to a trade union or trade union activity. The Labour Law prohibits sexual harassment and any other behaviour that creates a hostile, intimidating or offending work environment.

Fintechs operating in Iraq must check whether any collective agreements must be considered before signing an employment contract. In determining the terms and conditions of the employment contract, fintechs must pay attention to the mandatory provisions of the law and the minimum rights granted to employees, such as working hours and termination rights. It is always recommended that fintechs seek local legal advice when developing internal HR regulations and drafting model employment contracts.

9.2 How can fintech companies attract specialist talent from overseas where necessary?

The employment of foreigners in Federal Iraq is contingent on the obtainment of work permits. These are delivered for a one-year period and are renewable annually, depending on the needs of the national economy. Certain restrictions on foreign employment aimed at favouring local employment apply.

Certain nationalities may be exempt from the requirement to obtain a work permit as per international conventions and treaties signed by Iraq. Exemptions also apply to foreigners providing expertise, maintenance or technical consultancy services in Iraq for a maximum period of 30 days.

10 Trends and predictions

10.1 How would you describe the current fintech landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

The Iraqi financial sector offers substantial growth potential. Technology and mobile banking are highly attractive, especially given the numerous out-of-date banking practices. The Iraqi population is largely unbanked, but despite the challenges, fintechs are contributing to the empowerment of this population and are attempting to move the economy from a cash-based economy to a digital economy.

However, fintechs face many challenges, including the following:

  • the lack of specific legislation and regulation governing fintechs;
  • the need to register their business as an incorporated company, with all of the related financial and time constraints, including the need for a physical address;
  • difficulties in attracting the right skills and talent; and
  • difficulties in attracting foreign investment.

Security surveillance systems, e-governance, telecommunications, database management, internet services and electronic and mobile financing are reportedly government priority areas for investment.

At the time of writing (January 2020), draft laws on cybercrime and telecommunications and information technology have been prepared, but have not yet been enacted, and their content may be subject to review by the Iraqi Parliament before their enactment.

11 Tips and traps

11.1 What are your top tips for fintech players seeking to enter your jurisdiction and what potential sticking points would you highlight?

Fintechs that provide electronic payment services, online lending and e-commerce services have a high potential of growth and success in Iraq, given the demographics of the Iraqi market (around 60% of the population are under 25).

Before operating in Iraq, fintechs must seek legal advice on any specific registration or authorisation requirements, depending mainly on whether the fintech undertakes a regulated activity such as electronic payment services that requires a licence from the Central Bank of Iraq.

Given the possible need to hire foreign talent, fintechs must carefully consider the specific regulations that apply to foreign workers in Iraq.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.