Kiteworks and FCA Compliance Secure Customer Data and Streamline Operational Risk Management

The Financial Conduct Authority (FCA) is a regulatory body in the United Kingdom that oversees the financial industry to ensure that it operates in a fair and transparent manner. The FCA is responsible for regulating and supervising financial firms, protecting consumers, and maintaining the integrity of the UK’s financial markets. The FCA mandates robust IT security measures for UK businesses to protect sensitive and confidential customer data from unauthorized access, theft, and loss. This includes implementing risk-based, proactive monitoring of staff, encrypting all data, securing backup data, and being vigilant about data loss risks. The FCA also mandates that firms establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in their processes and systems. To support these mandates, Kiteworks offers a comprehensive platform that enables organizations to secure customer data and streamline operational risk management through monitoring emails and content, encrypting files and emails, providing audit logs, and enforcing granular security and governance controls.

Secure Customer Data

The FCA mandates a set of IT security measures that require businesses to implement risk-based, proactive monitoring of staff to ensure that they access or modify data for legitimate business reasons, and are using good password standards. All data must be encrypted, and backup data must be secured. Kiteworks supports the FCA’s mandate making financial institutions responsible for securing customer data and protecting it from fraudsters. Kiteworks enables files and email encryption with strong TLS 1.2 encryption in transit and AES-256 encryption at rest, plus files are scanned for data loss prevention (DLP), antivirus, and advanced threat protection (APT) as they move through a hardened virtual appliance.

Businesses must also be vigilant about the risks of data loss or theft when employees work from home or use portable devices such as laptops to store customer data. Kiteworks enables firms to monitor emails and their content even after they have been sent, providing visibility into who read the message, downloaded files, and more. Customers can see file uploads, downloads, new versions, and comments of content on the platform, as all file activity is recorded and tracked, providing a comprehensive audit trail. With the Kiteworks audit log, all sensitive information entering and leaving the organization is viewable in a standardized log of all transactions covering secure MFT, secure email, secure file sharing, secure web forms, and application programming interfaces (APIs).

Streamline Operational Risk Management

The FCA mandates firms establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in processes and systems. Kiteworks supports these organizations with the Private Content Network (PCN), a dedicated content communication platform that unifies, tracks, controls, and secures the interchange of private information with internal users and third parties. Plus, with the Kiteworks audit log, users can easily visualize all sensitive information entering and leaving the organization, track the inventory of digital assets in motion, and detect suspicious activity for fast incident response. Real-time inspection enables complete compliance and control, while security analytics helps prevent breaches before they happen by analyzing behavior and content and automatically detecting threats with advanced machine learning.

Additionally, firms must establish and maintain appropriate systems and controls for the management of their IT system risks and information security risks, including confidentiality, integrity, availability, authentication, nonrepudiation, and accountability. The Kiteworks PCN provides a single point of control so that organizations can more easily manage, monitor, and audit the exchange of personal data and other confidential information. Kiteworks also allows for granular security and governance controls, like higher protection for external users and specific domains, recipient authentication options, and digital fingerprinting. File owners can easily designate access privileges and decide with whom to share files and folders, and folder owners can even request new or revised files from external third parties. The integration with email, mobile, office, and enterprise apps makes accessing files and folders easy, increasing productivity without sacrificing security.

Finally, firms should understand the effect of differences in processes and systems at separate geographic locations on their operational risk profile. Kiteworks allows firms to ensure customer data stays where it belongs with geofencing by setting block-lists and allow-lists for IP address ranges. Organizations around the world use Kiteworks to comply with relevant regulations and standards like NIST 800-171, NIS 2, GDPR, CMMC, ISO 27001, FedRAMP, and more. Firms can utilize Kiteworks’ granular policy controls, reporting, and privacy protections to support audits and demonstrate compliance with internal auditors and regulatory bodies all over the world.

The FCA mandates robust IT security measures to protect sensitive and confidential customer data, including encrypting data, securing backup data, and implementing risk-based, proactive monitoring of staff. To support these mandates, Kiteworks enables firms to secure customer data through monitoring and encrypting emails and files, providing audit logs, and enforcing granular security and governance controls. Additionally, Kiteworks supports organizations with the PCN, a dedicated content communication platform that unifies, tracks, controls, and secures the interchange of private information with internal users and third parties.