Request Demo
Platform CapabilitiesPolicy Creation and ManagementFile Sharing and CollaborationFile Transfer AutomationFully Governed Email DataData Streaming with Next-gen DRMControlled AI Data AccessSecure Data Intake Via Online FormsUse CasesControl Data ExchangeMeet Regulatory RequirementsSafeguard Private AI DataPartnersTechnology PartnersMSP & MSSP PartnersResellers & Channel PartnersResourcesResource CenterDevelopersCustomersCompanyAbout UsManagementInvestorsCareersTechnical SupportNewsroomTrust PageVulnerability CenterContact UsRequest Demo
Mouseover to personalize your Kiteworks website experience

FINMA Circular 2023/1

Meet Swiss financial regulatory requirements for operational resilience, outsourcing governance, and ICT risk management with comprehensive controls and continuous monitoring.

How Kiteworks Supports FINMA Circular 2023/1 Compliance

How Kiteworks Supports FINMA Circular 2023/1 Compliance

FINMA Circular 2023/1 establishes the Swiss Financial Market Supervisory Authority's requirements for operational resilience and outsourcing oversight for financial institutions. The circular mandates comprehensive ICT risk management, business continuity planning, and robust governance of outsourced services. Kiteworks helps Swiss financial institutions meet these requirements through its secure, resilient platform for managing sensitive data exchange.

Understanding FINMA Circular 2023/1

The circular consolidates and updates FINMA's expectations for operational risk management, with particular focus on ICT risks, cyber resilience, and the governance of critical outsourcing arrangements. It requires financial institutions to identify critical functions, assess risks, implement protective controls, and maintain the ability to continue operations during disruptions.

ICT Risk Management

Kiteworks supports FINMA's ICT risk management requirements through comprehensive security controls:

  • Hardened Virtual Appliance: Pre-configured security baselines with built-in WAF, intrusion detection, and network firewalls

  • Vulnerability Management: Regular security assessments, penetration testing, and automated patch management

  • Encryption Controls: AES-256 encryption at rest and TLS 1.3 in transit with customer-controlled encryption keys

  • Access Governance: Role-based access controls with multi-factor authentication and SSO integration

Operational Resilience and Business Continuity

FINMA requires financial institutions to demonstrate operational resilience for critical functions. Kiteworks supports this through:

  • High Availability Architecture: Redundant infrastructure with automatic failover capabilities

  • Disaster Recovery: Documented recovery procedures with regular testing and validation

  • Geographic Redundancy: Deploy across multiple locations to ensure continued operations during regional disruptions

  • SLA Commitments: Guaranteed uptime and performance metrics for critical communication services

Outsourcing Governance

When financial institutions use Kiteworks as part of their outsourcing arrangements, the platform provides the controls and transparency FINMA requires:

  • Single-Tenant Architecture: Dedicated, isolated instances with no shared resources eliminate cross-tenant risks

  • Data Sovereignty Controls: Deploy within Switzerland or designated jurisdictions to maintain data residency

  • Comprehensive Audit Trails: Immutable logs document all activities for regulatory review and oversight

  • Vendor Transparency: Regular security assessments and certifications demonstrate ongoing compliance

Incident Management and Reporting

FINMA requires prompt identification and reporting of significant operational incidents. Kiteworks provides real-time monitoring through the CISO Dashboard, automated anomaly detection, and detailed logging that enables financial institutions to quickly identify, assess, and report incidents as required by the circular.

Data Protection and Confidentiality

Swiss financial institutions must protect client confidentiality and banking secrecy. Kiteworks ensures data protection through customer-controlled encryption keys, zero-access architecture preventing even Kiteworks personnel from accessing client data, and granular digital rights management controlling how sensitive documents can be used by recipients.

Regulatory Reporting and Compliance Evidence

Kiteworks simplifies regulatory reporting through one-click compliance reports, comprehensive audit trail exports, and SIEM integration for centralized monitoring. Financial institutions can quickly produce evidence of compliance during FINMA examinations and ongoing supervisory reviews.

Why Choose Kiteworks for FINMA Circular 2023/1 Compliance

Kiteworks provides Swiss financial institutions with a secure, resilient platform that addresses FINMA Circular 2023/1 requirements across ICT risk management, operational resilience, outsourcing governance, and incident reporting. The platform's Swiss deployment options, single-tenant architecture, and comprehensive compliance capabilities make it an ideal solution for financial institutions subject to FINMA oversight.