For Evertec, a multinational company listed on the NYSE (New York Stock Exchange) with operations in over 26 countries (and offices in eleven of them), security means trust and risk mitigation. What risks does Evertec mitigate? The answer is as diverse as you can imagine, as we are required to be in compliance with the regulations of 26 countries and to implement the best practices established by international organizations. However, here are some of the key areas we cover:
Information Security
Evertec has established security measures to protect the information in its control against loss, misuse, tampering, or unauthorized destruction. We use industry-recognized security safeguards such as access control devices (firewalls), antivirus, intrusion detection systems, and operational procedures to detect and prevent unauthorized access to our systems. We have measures in place to mitigate fraud against issuers, acquirers, and merchants using tools like 3DS and Risk Center. We also employ administrative, physical, and electronic safeguards to protect your personal information as required by law and our Privacy Policy. These security measures include restricted access to computers, files, and buildings. Computers and servers holding personally identifiable information are kept in a secure environment.
Privacy and Protection of Personal Data
In addition to the security measures mentioned above, Evertec has policies and procedures, in our role as the party responsible and in charge, for handling the personal data of our customers and users for purposes that have been outlined in detail in our Privacy Policy, available on our website. This ensures our compliance with the Gramm-Leach-Bliley Act, Regulation P, the Health Insurance Portability and Accountability Act (HIPAA), U.S. state laws, Law 1581 of 2012 and Law 1266 of 2008 in Colombia, the Brazilian General Data Protection Law (LGPD), the Personal Data Protection Organic Law of Ecuador, Law 8968 on Personal Data Protection in Costa Rica, Mexico’s Federal Law on the Protection of Personal Data held by Private Parties, Law 81 on Personal Data Protection in Panama, Law 172-13 on Personal Data Protection in the Dominican Republic, Guatemala’s Decree 57-2008 on the Law on Access to Public Information, Law 18331 on Personal Data Protection in Uruguay, and Law 19628 on the Protection of Private Life enacted by the Ministry General Secretariat of the Presidency of Chile.
Operational Risks
Our company has a Risk Management System based on standard ISO 31000, which is a best industry practice we have adopted for the prompt and proactive management of risks that could impact the normal operation of our business.
Our system also allows us to address materialized risks so that the operational loss may be mitigated through the implementation of controls.
The program is based on the stages of identification, measurement, control, and monitoring and includes internal training plans.
Anti-Corruption and Anti-Bribery
- International organizations like Transparency International, the United Nations Office on Drugs and Crime (UNODC), and governments from around the world have joined efforts to combat two of the greatest blights that undermine economies: corruption and bribery. As part of these efforts, and using standard ISO 37001 as a reference (among others), Evertec has established Business Ethics and Transparency Programs. These consist of Anti-Corruption and Anti-Bribery policies and procedures (such as due diligence, tracking expenses involving public officials, and monitoring sponsorships and donations), as well as principles of Good Governance and rules of conduct for employees and suppliers. This enables us to comply with the U.S. Foreign Corrupt Practices Act (FCPA), the U.K. Bribery Act, and Chapter 13 of the Basic Legal Circular of the Superintendence of Companies, among others.
Prevention of Money Laundering, the Financing of Terrorism and the Financing of the Proliferation of Weapons of Mass Destruction
(LA/FT/FPADM, by its Spanish acronym) – The international Financial Action Task Force (FATF), as an intergovernmental entity, has released several best practices aimed at addressing these crimes, including the 40 Recommendations, which have been followed by different countries. Additionally, the various governments have introduced regulations to prevent these risks from materializing in every area (public, private, individuals, and companies). This is why Evertec has established policies and procedures (such as due diligence and monitoring, among others) using standard ISO 31000 as reference, which allow us to comply with U.S. OFAC regulations and Chapter 10 of the Basic Legal Circular of the Superintendence of Companies, which deals with SAGRILAFT/FPADM, among others.
The work described above is performed following clear standards and best industry practices, and it extends to all the regions where Evertec operates. This has led our clients, users, suppliers, and other third parties to continue trusting us, building on our 25 years of experience in the market.