The Cairo ICT 2023 international technology exhibition and conference hosted a session on governance and risk management in banks and financial institutions. The session was moderated by Wessam Maher, Chief Information Security Officer at AUC, who explained the concept and significance of the governance, risk, and compliance (GRC) system as a practical application for ensuring cybersecurity in the banking sector. He emphasized the need for implementing this system in any institution, regardless of its size.
Abeer Khedr, Group Head of Cybersecurity at the National Bank of Egypt, said that the GRC system is the way to apply governance and risk management principles to technological systems, which are part of the institutional framework, especially in banks and financial institutions. She stressed the need for a unified framework for GRC systems across different institutions, following general standards, especially with the evolution of technological services. Khedr also mentioned the Central Bank of Egypt’s direction to apply the highest protection and security standards for financial and digital transaction systems in Egyptian society in the previous year.
She added that protection standards are crucial in the banking sector, regulated by various insurance frameworks and rules issued by the central bank, as well as international standards. These standards are applied to ensure the protection and security of customer data and infrastructure in various banks and financial institutions.
Khedr stated that applying these standards is mandatory, not optional, to ensure business continuity in all countries.
Rania El Roby, Chief Information Security Officer at Banque Misr, highlighted the importance of identifying all elements of the digital system in banks and financial institutions, including applications, individuals, and all system components, to determine who performs various tasks.
She also stressed the importance of conducting risk assessments for the digital system, the services it provides, and the applications used in this system. Then, define the steps followed for digital insurance and protection.
El Roby added that no system is 100% secure, so the implementation of the governance concept is essential to ensure the continuity of cybersecurity, especially in banks, financial institutions, and the banking sector. This is done by identifying risks that may occur and prioritizing dealing with these risks.
Ahmed Abdullah, Territory Sales Manager for Africa at Archer Technologies, said that part of the GRC system deals with cybersecurity, while other parts are related to various activities in institutions, not necessarily related to cybersecurity.
He pointed out that many people use multiple applications to transfer money and conduct financial transactions, requiring secure services to protect these transactions by identifying and managing risks through the GRC concept in various financial institutions.
Bishoy Wasfy, the Director of the GRC at Cyshield, emphasized the importance of applying the GRC concept, considering it a comprehensive umbrella for cybersecurity. He clarified that security issues do not lie in using the latest technology or specific types of technologies but in the ability to manage and govern the digital system as part of managing the entire institution.
He added that the success of the GRC system lies in dealing with it as a lifestyle or “lifestyle,” adapting to daily technological developments and risks we encounter.