Establishing a digital bank in Iraq is subject to the Iraqi Banking Law and the regulatory authority of the Central Bank of Iraq (CBI). Digital banking activities are treated as banking services, meaning that any entity seeking to operate a fully digital or branch-light bank must obtain a banking license from the CBI and comply with all applicable prudential, governance, and compliance requirements.

While Iraq does not currently have a standalone “digital-only bank license,” digital banks are licensed within the existing banking framework, with additional scrutiny on technology, cybersecurity, and consumer protection.

What Is Considered a Digital Bank in Iraq?

A digital bank typically operates through:

• Digital onboarding and account opening
• Online and mobile banking platforms
• Electronic payments and digital wallets
• Limited or no physical branches
• Technology-driven service delivery

Regardless of delivery model, digital banks are regulated as full banks under CBI supervision.

Key Regulatory Requirements: Applicants seeking to establish a digital bank must demonstrate:

• Minimum capital as prescribed by the Central Bank of Iraq
• Transparent ownership and shareholder structure
• Fit and proper shareholders, board members, and senior management
• Robust corporate governance framework
• Strong AML/CFT, KYC, and sanctions compliance systems
• Secure IT infrastructure and cybersecurity controls
• Data protection and consumer protection mechanisms
• Viable digital banking business model

Foreign investors are subject to enhanced due diligence and additional regulatory review.

Step-by-Step Licensing Process

Initial Application to the Central Bank of Iraq: Submit a formal request describing the proposed digital banking model, ownership structure, and scope of services.

Submission of Business & Technology Plan: Applicants must provide detailed documentation covering:

• Digital banking strategy and services
• Financial projections
• Governance and management structure
• AML/CFT and compliance framework
• IT architecture, cybersecurity, and data protection

Regulatory Due Diligence: The CBI conducts in-depth review of:

• Shareholders and source of funds
• Board and management suitability
• Compliance readiness
• Technology and operational resilience

Capital Deposit: Upon preliminary approval, the required capital must be deposited with a CBI-designated bank.

Company Incorporation: The bank is incorporated under the Iraqi Companies Law and registered with the Companies Registration Department.

Final Banking License: After satisfying all regulatory conditions, the CBI issues the final banking license, authorizing digital banking operations.

Operational Readiness & Launch: Before launch, the digital bank must:

• Complete system testing and security audits
• Appoint compliance and risk officers
• Finalize internal policies and reporting systems
• Obtain any additional approvals required by the CBI

Ongoing Compliance Obligations: Digital banks in Iraq are subject to continuous supervision and must comply with:

• Capital adequacy and liquidity requirements
• CBI reporting and inspections
• AML/CFT and transaction monitoring rules
• Cybersecurity and data protection standards
• Consumer protection and transparency requirements

Failure to comply may result in regulatory sanctions or license suspension.

Indicative Timeline: The licensing and establishment process typically takes several months, depending on regulatory review, completeness of documentation, and technical readiness.