Kiteworks and FCA Compliance Secure Customer Data and Streamline Operational Risk Management
COMPLIANCE BRIEF
www.kiteworks.com
Kiteworks and FCA
Compliance Secure Customer
Data and Streamline
Operational Risk Management
Enhance IT Security Measures and Operational Risk
Management With Comprehensive Monitoring,
Encryption, and Granular Governance Controls
The Financial Conduct Authority (FCA) is a regulatory body in the United Kingdom that oversees the financial industry to ensure
that it operates in a fair and transparent manner. The FCA is responsible for regulating and supervising financial firms, protecting
consumers, and maintaining the integrity of the UK’s financial markets. The FCA mandates robust IT security measures for UK
businesses to protect sensitive and confidential customer data from unauthorized access, theft, and loss. This includes implementing
risk-based, proactive monitoring of staff, encrypting all data, securing backup data, and being vigilant about data loss risks. The FCA
also mandates that firms establish and maintain appropriate systems and controls for managing operational risks that can arise from
inadequacies or failures in their processes and systems. To support these mandates, Kiteworks offers a comprehensive platform that
enables organizations to secure customer data and streamline operational risk management through monitoring emails and content,
encrypting files and emails, providing audit logs, and enforcing granular security and governance controls.
Secure Customer Data
The FCA mandates a set of IT security measures that require businesses to implement risk-based, proactive monitoring of staff
to ensure that they access or modify data for legitimate business reasons, and are using good password standards. All data must
be encrypted, and backup data must be secured. Kiteworks supports the FCA’s mandate making financial institutions responsible
for securing customer data and protecting it from fraudsters. Kiteworks enables files and email encryption with strong TLS 1.2
encryption in transit and AES-256 encryption at rest, plus files are scanned for data loss prevention (DLP), antivirus, and advanced
threat protection (APT) as they move through a hardened virtual appliance.
Businesses must also be vigilant about the risks of data loss or theft when employees work from home or use portable devices such
as laptops to store customer data. Kiteworks enables firms to monitor emails and their content even after they have been sent,
providing visibility into who read the message, downloaded files, and more. Customers can see file uploads, downloads, new versions,
and comments of content on the platform, as all file activity is recorded and tracked, providing a comprehensive audit trail. With the
Kiteworks audit log, all sensitive information entering and leaving the organization is viewable in a standardized log of all transactions
covering secure MFT, secure email, secure file sharing, secure web forms, and application programming interfaces (APIs).
Streamline Operational Risk Management
The FCA mandates firms establish and maintain appropriate systems and controls for managing operational risks that can arise from
inadequacies or failures in processes and systems. Kiteworks supports these organizations with the Private Content Network (PCN),
a dedicated content communication platform that unifies, tracks, controls, and secures the interchange of private information with
internal users and third parties. Plus, with the Kiteworks audit log, users can easily visualize all sensitive information entering and leaving
the organization, track the inventory of digital assets in motion, and detect suspicious activity for fast incident response. Real-time
inspection enables complete compliance and control, while security analytics helps prevent breaches before they happen by analyzing
behavior and content and automatically detecting threats with advanced machine learning.
Kiteworks and FCA Compliance Secure Customer Data and Streamline
Operational Risk Management
COMPLIANCE BRIEF
Copyright © 2023 Kiteworks. Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and
save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance,
compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their
organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.
www.kiteworks.comApril 2023
Additionally, firms must establish and maintain appropriate systems and controls for the management of their IT system risks and
information security risks, including confidentiality, integrity, availability, authentication, nonrepudiation, and accountability. The
Kiteworks PCN provides a single point of control so that organizations can more easily manage, monitor, and audit the exchange
of personal data and other confidential information. Kiteworks also allows for granular security and governance controls, like higher
protection for external users and specific domains, recipient authentication options, and digital fingerprinting. File owners can
easily designate access privileges and decide with whom to share files and folders, and folder owners can even request new or
revised files from external third parties. The integration with email, mobile, office, and enterprise apps makes accessing files and
folders easy, increasing productivity without sacrificing security.
Finally, firms should understand the effect of differences in processes and systems at separate geographic locations on their
operational risk profile. Kiteworks allows firms to ensure customer data stays where it belongs with geofencing by setting block-
lists and allow-lists for IP address ranges. Organizations around the world use Kiteworks to comply with relevant regulations and
standards like NIST 800-171, NIS 2, GDPR, CMMC, ISO 27001, FedRAMP, and more. Firms can utilize Kiteworks’ granular policy
controls, reporting, and privacy protections to support audits and demonstrate compliance with internal auditors and regulatory
bodies all over the world.
The FCA mandates robust IT security measures to protect sensitive and confidential customer data, including encrypting data,
securing backup data, and implementing risk-based, proactive monitoring of staff. To support these mandates, Kiteworks
enables firms to secure customer data through monitoring and encrypting emails and files, providing audit logs, and enforcing
granular security and governance controls. Additionally, Kiteworks supports organizations with the PCN, a dedicated content
communication platform that unifies, tracks, controls, and secures the interchange of private information with internal users and
third parties.