by Andrea Benito

Emirates NBD accelerates spending on digital transformation, security

Jun 27, 20205 mins
Digital TransformationFinancial Services IndustryIT Strategy

Hisham Mohamed, CISO of the financial institution's Egyptian arm, explains how the bank is integrating a new transaction platform into its IT infrastructure, and taking a more proactive cyberscecurity stance.

hisham mohamed2
Credit: Hisham Mohamed/Emirates NBD

Despite the coronavirus pandemic and its economic impact, Emirates NBD is sticking to its strategic plan to increase spending on digital transformation, particularly for cybersecurity — one of the biggest concerns that banks have today.

A security breach can have negative consequences for private and corporate customers, but also the loss of reputation for the bank itself. Meanwhile, the pandemic has escalated the risk of malicious cyberattacks as organisations large and small increase their reliance on remote working and online services.

“Emirates NBD now spends more on resources dedicated to preventing cyberattacks” than ever before, says Hisham Mohamed, CISO at Emirates NBD Egypt. “This means that extra IT personnel is required, extra training for all staff and more resources allocated to analysing their cybersecurity and performing risk assessments. It also means that more robust policies and processes must be introduced.”

The banking industry is one of the sectors most at risk for security issues, given the sensitivity of the data financial institutions hold. As a result, banks are investing more in developing their digital infrastructure in ways that strengthen their security and protect the data of the clients.

Bank takes a proactive approach to security

“Relying on the technology became a must, we are facing many attack vectors nowadays and tackling those attacks is not easy at all,” explains Mohamed. “These attack vectors should be tackled with a proactive security approach, and also organisations should apply defense-in-depth models, including preventive and detective controls, applying matured security governance. We cannot depend on the traditional reactive cybersecurity approach only.”

As cyberattacks increase around the globe and in the Middle East, regulators are responding with new security and data laws. New audit powers and mandatory reporting requirements are putting businesses in the spotlight, Mohamed says. “A serious attack could mean significant reputational and financial impact and loss of customers,” he notes. “Cyber is not just a technology issue, this is now a major legal risk.”

Regulators are now mandating reports related to remote access and working from home to ensure that all security controls are applied to avoid cybersecurity risks, he noted.

Emirates NBD’s security efforts are part of the banking group’s AED1 billion (US$60 million) commitment to digital transformation.

The bank, for example, recently announced a planned end-to-end digital transformation of its transaction banking platform. The transformation is part of the banking group’s AED1 billion commitment to digitise operations and products, enhancing its service proposition to corporate clients and retail customers. This strategy is built on the three key pillars of culture, co-creation, and community — in alignment with UAE’s vision to be one of the most innovative countries in the world.

Online transaction offerings appeal to millennials

“The main focus of [the] digital journey will be to meet the expectations of millennials with a multitude of online offerings and enable them to perform almost all transactions online without the need to visit brick-and-mortar branches,” explains Mohamed. “We will also look to automate our back-office processes to improve our operational efficiency. The goal will be to achieve quick TAT [turnaround time] and increase straight-through processing.” In straight-through processing, transactions are processed electronically, end-to-end, without manual intervention.

As part of this overall effort, Emirates NBD is investing in a new digital transaction platform to strengthen its position as the country’s market leader in transaction banking – services that enable cash, securities and payment management, as well as trade settlement and cross-border trading.

“The project integrates iGTB’s Digital Transaction Banking platform, powered by an integrated front-end, omnichannel portal to deliver a seamless user experience to Emirates NBD’s corporate clients,” Mohamed says.

Transaction platform integrates security

London-based iGTB’s digital banking platform is designed to offer component-based UI development, and provide developers with a production-ready application container runtime environment. It features SDKs for configuring and extending the capabilities of the baseline product. Security features include API gateways with support for access tokens, HMAC request signing, JSON Web tokens, OpenID Connect, LDAP, Social OAuth, and legacy authentication provider.

As the bank’s chief information security officer, though, Mohamed’s main goals this year have been affected by the crisis. “One of my top priorities in 2020 is how to maintain the same security maturity level in light of the challenges we are facing due to the current pandemic,” adds.

And for that, Mohamed’s main goal is to educate the company’s employees to think like a CISO. “We have to get people on board to understand what security needs.”