The Trusted Payments Operator
Risk Management & Compliance
Our Robust Risk Management Operating ModelDefines our Approach to Business Resilience.
As we embrace the opportunities offered by the emerging technologies, open banking and system integration, evolving regulatory and market developments, we are fully aware of the increasingly potential exposure associated with such opportunities.
To ensure our business resilience, we continuously optimize our risk management framework and operating model to ensure proactive and effective risk management in accordance with local and international regulations and standards.
Risk management and compliance are strategic priorities for EBC that are equally important at strategic management and operational levels. Risk assessment and effective control are embedded in business plans and policies, practiced as part of the day-to-day operations and evaluated independently to ensure continuous improvement.
As the operator of the national payment schemes and as a provider of Third Party Processing services, EBC strictly complies with the following regulations and standards:
Nonetheless, we recognize that our strict adherence to the law is not enough to run a growing organization. Beyond compliance, our commitment—to ourselves, our investors, and to all of our stakeholders—is to manage EBC with integrity, everything we do rests on this foundation.
Compliance is everyone’s
Commitment to Compliance
Policies & Procedures
Compliance policies and procedures are in place to address regulatory, legal and reputational exposure. A solid organization of compliance professionals are responsible for ensuring adherence to compliance policies and procedures. As we conduct our business, our vendors and service providers are expected to share the commitment to compliance codes and policies, as relevant. This includes policies of KYC, AML, CFT, conflict of interest in addition to our code of conduct.
Ensuring Cyber Resilience and
Safeguarding Payments Security
across National Payments
As we embrace emerging technologies to foster adoption and accessibility of electronic payments, we are fully aware of our responsibility for securing payment systems and protecting user data. Our commitment to delivering a safe and secure payment experience goes beyond the adherence to global standards, to adopting to building organizational resilience.
EBC implements an adaptive and comprehensive Information Security Management framework that accentuates the importance of continuous risk management, adaptive security controls, in addition to adherence to payment security global standards and regulatory requirements.
Effective risk assessments and monitoring are indispensable for the robustness of our Information System. Our risk management methodology embraces a proactive approach towards identifying and mitigation of potential vulnerabilities in systems, networks and applications developed by EBC.
Vendor risk assessment is equally important to ensure vendors’ compliance with regulatory requirement and that they implement sufficient security controls. The risk management methodology involves a rigorous process of risk identification, analysis, evaluation, treatment and risk review. Cyber Defense & Security Operation Center 24/7
- The cybersecurity framework of the Central Bank of Egypt represents the regulatory context for information security management at EBC, defining mandatory requirements, policies and procedures to ensure regulatory compliance of Information Security Management.
- PCI DSS v4: EBC adheres to the security standards by the PCI council which sets the requirement for protecting cardholder’s data covering data processing, transmission and storage.
- PCI PIN: PIN management processes are fully compliant with the requirements of PCI PIN, related to the encryption and key management of the PIN based transactions.
- EBC’s Information Security Management System “ISMS” is designed and operated in line with the requirements of ISO 27001.
- Standard Reporting of security and technology controls is conducted in accordance with system and organization controls of SOC 2 reporting, which is a standard method of reporting through a third party or outsourced auditor
Cybersecurity threats are evolving and getting more sophisticated, making it vital for businesses to fortify cybersecurity posture. In order to stay ahead of emerging threats, EBC relies on its Cyber threat intelligence in terms of information and capability to continue
Our team is our human firewall. Employee awareness is the most important component of our Information Security strategy. Building a culture of cyber readiness is foundational to prevent and mitigate user risks.
- Setting the tone at the top through management involvement and support.
- Updating and communicating Cyber safety guidelines and policies.
- Adopting an interactive conversational approach in training classes.
- Providing helpful information and tips as necessary.
- Making it easy to report cyber concerns