EBC’s proprietary platform is built with compliance verification at its core.
Leveraging new technologies and partners to keep the Bank and our customers safe.
Effective Regulatory Framework
EBC’s Anti-Money Laundering (AML) program deters, detects, and reports suspected money laundering and terrorist financing activity.
Proprietary Software
EBC’s proprietary software is core to facilitating “Know Your Customer” (KYC) best practices, prudent due diligence, and effective transaction monitoring.
Strong Governance
Our Board of Directors oversees regulatory compliance and risk management programs, and ensures EBC’s internal control framework is effective on an enterprise-wide level.
Trust Credentials
Secure by Design
- Threat Management
- Data Security
- Product Security
- Privacy
Penetration Testing
A third-party penetration testing firm is annually engaged to perform pen tests of our networks, web apps, and API suite.
Vulnerability Scanning
We regularly scan and patch vulnerabilities to limit our risk of attack vectors.
Endpoint Detection and Response
Every workstation is secured with a top-tier EDR monitored by our Information Security team and an active threat hunting group.
Data Encrypted At-Rest
EBC uses string encryption to keep your data safe, even when it’s resting. This includes production data and backups.
Data Encrypted In-Transit
We use modern, non-deprecated cryptographic algorithms to secure data in motion.
Multi-Factor Authentication (MFA)
We use MFA on all entry points to our critical systems. Conditional access Policies are applied to ensure successful logins originate only from approved devices and locations.
Single-Sign On (SSO)
We use SSO internally to control Identity & Access Management. EBC clients may also enable SSO in our EBC environments via a SAML integration.
Role-Based Access Control (RBAC)
Granular RBAC is engrained in our systems to ensure users and admins operate under the principle of least privilege.
Audit Logs
We maintain extensive audit logs to provide insight when you need it.
IP-Based Access Control
Access to EBC platforms is limited to whitelisted IPs to further restrict access to our clients’ sensitive data.
Production Segregation
The production environment is segregated from test and development environments.
Privacy Policy
We take privacy seriously. View our Privacy Policy to better understand how our processes enforce your rights.
Data Retention Policy
Data is retained for the minimum amount of time required by regulatory and contractual requirements.
Data Processing Addendum
Data in our systems is protected by rigorous security and privacy controls. You can request our data processing agreement for review.
Threat Management
Penetration Testing
A third-party penetration testing firm is annually engaged to perform pen tests of our networks, web apps, and API suite.
Vulnerability Scanning
We regularly scan and patch vulnerabilities to limit our risk of attack vectors.
Endpoint Detection and Response
Every workstation is secured with a top-tier EDR monitored by our Information Security team and an active threat hunting group.
Data Security
Data Encrypted At-Rest
EBC uses string encryption to keep your data safe, even when it’s resting. This includes production data and backups.
Data Encrypted In-Transit
We use modern, non-deprecated cryptographic algorithms to secure data in motion.
Product Security
Multi-Factor Authentication (MFA)
We use MFA on all entry points to our critical systems. Conditional access Policies are applied to ensure successful logins originate only from approved devices and locations.
Single-Sign On (SSO)
We use SSO internally to control Identity & Access Management. EBC clients may also enable SSO in our EBC environments via a SAML integration.
Role-Based Access Control (RBAC)
Granular RBAC is engrained in our systems to ensure users and admins operate under the principle of least privilege.
Audit Logs
We maintain extensive audit logs to provide insight when you need it.
IP-Based Access Control
Access to EBC platforms is limited to whitelisted IPs to further restrict access to our clients’ sensitive data.
Production Segregation
The production environment is segregated from test and development environments.
Privacy
Privacy Policy
We take privacy seriously. View our Privacy Policy to better understand how our processes enforce your rights.
Data Retention Policy
Data is retained for the minimum amount of time required by regulatory and contractual requirements.
Data Processing Addendum
Data in our systems is protected by rigorous security and privacy controls. You can request our data processing agreement for review.
Questions?
We are happy to answer all your security-related questions
