The Challenge
For a Swiss start-up that unites blockchain technology and banking, receiving approval from FINMA (the Swiss Financial Market Supervisory Authority) required defining and implementing IT security policies and standards.
How we solved it
When establishing new policies, as well as managing regulatory authorities, it’s best to have a dedicated resource to handle all planning, supervising, coordinating and controlling tasks.
Arco IT provided the client with a CISO (Chief Information Security Officer) on a part-time basis. We took a hybrid approach, by combining best practices from other banks and analyzing the specific technical and operational risks of the new blockchain technologies to derive additional control requirements.
Working with the IT department, external suppliers, the executive board and the regulator, the CISO created IT security standards and operational processes, as well as a prioritized controls catalogue to manage the risks going forward.
Implementation of the high-priority controls was started immediately and effectiveness was documented. In anticipation of the inherent risks associated with a growing business, further controls were prepared and additional services were offered.
The Results:
- Confidence instilled in the regulators and investors
- Banking license pre-approval and final approval obtained within 6 months
- Successful go-live as the world’s first digital asset bank
- Institutional and private investors can use secure and convenient banking services for digital assets
- A scalable security management process that always keeps risk at manageable levels while allowing the company to grow rapidly.