The Financial Supervisory Authority issues a periodical on measures to enhance cyber security in insurance companies
As a continuation of the efforts to activate the digital transformation process within the non-banking financial system, especially the insurance market, the Financial Supervisory Authority, headed by Dr. Mohamed Farid, issued Circular No. 3 of 2023 regarding procedures for enhancing cybersecurity in insurance companies, in support of companies to reach all segments of society, in order to achieve inclusion. insurance.
This comes within the framework of the authority’s keenness to enhance cybersecurity measures in the Egyptian insurance sector, and to facilitate companies, if they apply for a license, to provide insurance products electronically, in implementation of Resolution No. 140 of 2023 regarding digital identity, digital contracts, digital registry, and areas of using financial technology to conduct financial activities. Non-banking, compliance requirements.
According to the periodic book, companies are committed to equipment, technological infrastructure, information systems, and means of protection and insurance in accordance with Resolution No. 139 of 2023, which includes that the company’s customer database be within the Arab Republic of Egypt. That this includes following information security controls. According to Resolution No. 139 of 2023, companies shall prepare a guide for policies and procedures in relation to information security, and provide the Authority with it after its approval by the company’s Board of Directors, provided that this is done within a period not exceeding 15 working days. The implementation of these instructions should not exceed 6 months from the date of issuance of the periodic book.
The periodical also included the need for companies to commit to preparing a framework for information technology governance, preparing a framework for managing cybersecurity, and providing the authority with them after being approved by the company’s board of directors, provided that this takes place within a period not exceeding 15 working days, and the implementation of these instructions does not exceed 12 days. months from the date of issuance of the periodic book.