The Trusted Payments Operator

Risk Management & Compliance

Our Robust Risk Management Operating ModelDefines our Approach to Business Resilience.

As we embrace the opportunities offered by the emerging technologies, open banking and system integration, evolving regulatory and market developments, we are fully aware of the increasingly potential exposure associated with such opportunities.

To ensure our business resilience, we continuously optimize our risk management framework and operating model to ensure proactive and effective risk management in accordance with local and international regulations and standards.

Risk management and compliance are strategic priorities for EBC that are equally important at strategic management and operational levels. Risk assessment and effective control are embedded in business plans and policies, practiced as part of the day-to-day operations and evaluated independently to ensure continuous improvement.

Compliance

EBC adopts corporate governance standards following the international and domestic guidelines, and in line with the CBE internal control framework. In pursuit of good governance and effective risk management, EBC has adopted an integrated compliance management program to ensure effective control of legal, regulatory and reputational risks while prompting the organizational commitment to EBC’s code of conduct and adherence to compliance policies and procedures.

As the operator of the national payment schemes and as a provider of Third Party Processing services, EBC strictly complies with the following regulations and standards:

 
  • Local Laws & bylaws
  • Regulations by the Central Bank of Egypt
  • MLCU regulations

Nonetheless, we recognize that our strict adherence to the law is not enough to run a growing organization. Beyond compliance, our commitment—to ourselves, our investors, and to all of our stakeholders—is to manage EBC with integrity, everything we do rests on this foundation.

 

Compliance is everyone’s
responsibility

EBC is an ethical community holding a profound commitment to the organizations’ Code of Ethics and Professional Conduct. We ensure our code of ethics remains our creed through awareness, leadership and compliance supervision.
Compliance is a shared responsibility where all staff members contribute to safeguarding the organization against compliance risks. EBC staff are encouraged to report information related to incompliance, fraud or violation of the code of conduct, under the protections of the whistleblowing policy. The compliance team acts as advisors for the entire organization on compliance matters and conducts regular awareness programs on the applicable laws, regulations and standards.

Commitment to Compliance
Policies & Procedures

Compliance policies and procedures are in place to address regulatory, legal and reputational exposure. A solid organization of compliance professionals are responsible for ensuring adherence to compliance policies and procedures. As we conduct our business, our vendors and service providers are expected to share the commitment to compliance codes and policies, as relevant. This includes policies of KYC, AML, CFT, conflict of interest in addition to our code of conduct.

Information Security
Ensuring Cyber Resilience and
Safeguarding Payments Security
across National Payments
Systems

As we embrace emerging technologies to foster adoption and accessibility of electronic payments, we are fully aware of our responsibility for securing payment systems and protecting user data. Our commitment to delivering a safe and secure payment experience goes beyond the adherence to global standards, to adopting to building organizational resilience.

EBC implements an adaptive and comprehensive Information Security Management framework that accentuates the importance of continuous risk management, adaptive security controls, in addition to adherence to payment security global standards and regulatory requirements.

Proactive

Effective risk assessments and monitoring are indispensable for the robustness of our Information System. Our risk management methodology embraces a proactive approach towards identifying and mitigation of potential vulnerabilities in systems, networks and applications developed by EBC.

Vendor risk assessment is equally important to ensure vendors’ compliance with regulatory requirement and that they implement sufficient security controls.  The risk management methodology involves a rigorous process of risk identification, analysis, evaluation, treatment and risk review. Cyber Defense & Security Operation Center 24/7

Read More Collapse

Compliant

  • The cybersecurity framework of the Central Bank of Egypt represents the regulatory context for information security management at EBC, defining mandatory requirements, policies and procedures to ensure regulatory compliance of Information Security Management.
  • PCI DSS v4: EBC adheres to the security standards by the PCI council which sets the requirement for protecting cardholder’s data covering data processing, transmission and storage.
  • PCI PIN: PIN management processes are fully compliant with the requirements of PCI PIN, related to the encryption and key management of the PIN based transactions.
  • EBC’s Information Security Management System “ISMS” is designed and operated in line with the requirements of ISO 27001.
  • Standard Reporting of security and technology controls is conducted in accordance with system and organization controls of SOC 2 reporting, which is a standard method of reporting through a third party or outsourced auditor
Read More Collapse

Adaptive

Cybersecurity threats are evolving and getting more sophisticated, making it vital for businesses to fortify cybersecurity posture. In order to stay ahead of emerging threats, EBC relies on its Cyber threat intelligence in terms of information and capability to continue

By conducting regular security assessments and audits via reputable firms, EBC obtains independent assurance and validation on the effectiveness of the control measures.

Read More Collapse

Vigilant

Our team is our human firewall. Employee awareness is the most important component of our Information Security strategy. Building a culture of cyber readiness is foundational to prevent and mitigate user risks.

EBC embraces a long-term, enterprise-wide approach emphasizing ongoing communication, positive reinforcement and regular evaluation of cyber security awareness. We ensure our team is our first line of defense through a comprehensive and structured approach that involves:
  • Setting the tone at the top through management involvement and support.
  • Updating and communicating Cyber safety guidelines and policies.
  • Adopting an interactive conversational approach in training classes.
  • Providing helpful information and tips as necessary.
  • Making it easy to report cyber concerns
Read More Collapse
This is a staging environment