{ "schema_version": "0.2.0", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "title": "Swiss FINMA GRC and ICS software", "cluster": "ordinis", "last_reviewed": "2026-04-30", "evidence_cutoff": "2026-04-30", "publisher": { "name": "Finray Technologies Ltd", "url": "https://finray.tech", "legal_form": "Cyprus Limited Company", "registry": "Cyprus Companies Registry HE 445903" }, "license": "https://creativecommons.org/licenses/by/4.0/", "citation_attribution": "Finray Intelligence; finray.tech", "review_methodology": "https://finray.tech/intelligence/methodology/", "related_surfaces": { "editorial_html": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "editorial_markdown": "https://finray.tech/intelligence/swiss-finma-grc-ics.md", "graph_dataset_json": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "site_manifest": "https://finray.tech/agents.json", "llms_txt": "https://finray.tech/llms.txt", "llms_full_txt_intelligence": "https://finray.tech/intelligence/llms-full.txt" }, "citations_count": 171, "delta": { "slug": "swiss-finma-grc-ics", "fromCutoff": null, "toCutoff": "2026-04-30", "isInitial": true, "nodesAdded": [], "nodesRemoved": [], "nodesChanged": [], "edgesAdded": 0, "edgesRemoved": 0, "idChurnSuspected": false }, "snapshot_urls": [ { "cutoff": "2026-04-30", "url": "https://finray.tech/intelligence/swiss-finma-grc-ics/snapshots/2026-04-30.json" } ], "citations": [ { "primary_source_url": "FDPIC official website, https://www.edoeb.admin.ch/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "fdpic", "label": "FDPIC", "type": "regulator", "subtype": "data-protection-supervisor", "role": "Swiss Federal Data Protection and Information Commissioner." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "fdpic", "label": "FDPIC", "type": "regulator", "subtype": "data-protection-supervisor", "role": "Swiss Federal Data Protection and Information Commissioner." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINMASA, https://www.fedlex.admin.ch/eli/cc/2008/736/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma", "label": "FINMA", "type": "regulator", "subtype": "financial-market-supervisor", "role": "Swiss Financial Market Supervisory Authority." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2023/01 Operational risks and resilience - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "snb", "label": "SNB", "type": "regulator", "subtype": "central-bank-financial-stability", "role": "Swiss National Bank financial-stability authority relevant to systemically important banks." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA official website, https://www.finma.ch/en/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma", "label": "FINMA", "type": "regulator", "subtype": "financial-market-supervisor", "role": "Swiss Financial Market Supervisory Authority." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "SNB Swiss banking sector, https://www.snb.ch/en/the-snb/mandates-goals/financial-stability/swiss-banking-sector", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "snb", "label": "SNB", "type": "regulator", "subtype": "central-bank-financial-stability", "role": "Swiss National Bank financial-stability authority relevant to systemically important banks." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FDPIC official website, https://www.edoeb.admin.ch/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "fadp-dsg", "label": "Swiss FADP / DSG", "type": "regulation", "subtype": "statute", "role": "Revised Swiss Federal Act on Data Protection, in force from 1 September 2023." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLA, https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "amla", "label": "AMLA", "type": "regulation", "subtype": "statute", "role": "Swiss Anti-Money Laundering Act." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLO, https://www.fedlex.admin.ch/eli/cc/2015/791/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "amlo", "label": "AMLO", "type": "regulation", "subtype": "ordinance", "role": "Swiss Anti-Money Laundering Ordinance." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex BankG, https://www.fedlex.admin.ch/eli/cc/51/117_121_129/de", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "bankg", "label": "BankG", "type": "regulation", "subtype": "statute", "role": "Swiss Banking Act." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex CISA, https://www.fedlex.admin.ch/eli/cc/2006/822/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "cisa", "label": "CISA", "type": "regulation", "subtype": "statute", "role": "Swiss Collective Investment Schemes Act." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "fadp-dsg", "label": "Swiss FADP / DSG", "type": "regulation", "subtype": "statute", "role": "Revised Swiss Federal Act on Data Protection, in force from 1 September 2023." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINIG, https://www.fedlex.admin.ch/eli/cc/2018/801/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finig", "label": "FINIG", "type": "regulation", "subtype": "statute", "role": "Swiss Financial Institutions Act." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINMASA, https://www.fedlex.admin.ch/eli/cc/2008/736/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finmasa", "label": "FINMASA", "type": "regulation", "subtype": "statute", "role": "Federal Act on the Swiss Financial Market Supervisory Authority." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINSA, https://www.fedlex.admin.ch/eli/cc/2019/758/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finsa", "label": "FINSA", "type": "regulation", "subtype": "statute", "role": "Swiss Financial Services Act." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex ISA, https://www.fedlex.admin.ch/eli/cc/2005/734/de", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "isa", "label": "ISA", "type": "regulation", "subtype": "statute", "role": "Swiss Insurance Supervision Act." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2017/01 Corporate governance - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2017-01-20200101.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma-circ-2017-01", "label": "FINMA Circular 2017/01 Corporate governance — banks", "type": "regulation", "subtype": "finma-circular", "role": "Current bank corporate-governance and internal-control reference retrieved for this session." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2018/03 Outsourcing, https://www.finma.ch/en/~/media/finma/dokumente/rundschreiben-archiv/2018/rs-18-03/finma-rs-2018-03---20170921.pdf?la=en [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma-circ-2018-03", "label": "FINMA Circular 2018/03 Outsourcing — banks and insurers", "type": "regulation", "subtype": "finma-circular", "role": "FINMA outsourcing circular for banks and insurers." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2023/01 Operational risks and resilience - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma-circ-2023-01", "label": "FINMA Circular 2023/01 Operational risks and resilience — banks", "type": "regulation", "subtype": "finma-circular", "role": "FINMA operational-risk and resilience circular for banks, effective from 2024." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular archive 2008/24 Supervision and internal control - banks, https://www.finma.ch/en/documentation/archiv/rundschreiben/archiv-2008/ [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma-circ-2008-24", "label": "FINMA Circular 2008/24 Supervision and internal control — banks", "type": "regulation", "subtype": "finma-circular-archived", "role": "Historical FINMA circular anchor for bank supervision and internal control." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AICPA SOC 2, https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "isae-3402-soc2", "label": "ISAE 3402 / SOC 2", "type": "standard", "subtype": "third-party-assurance", "role": "Assurance-report standards used in outsourcing and vendor-risk due diligence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "BIS BCBS 239, https://www.bis.org/publ/bcbs239.htm [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "bcbs-239", "label": "BCBS 239", "type": "standard", "subtype": "risk-data-aggregation", "role": "Basel principles for risk data aggregation and risk reporting." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "COSO Internal Control - Integrated Framework, https://www.coso.org/guidance-on-ic [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "coso-2013", "label": "COSO 2013 Internal Control framework", "type": "standard", "subtype": "internal-control-framework", "role": "Internal-control reference architecture for control environment, risk assessment, control activities, information/communication and monitoring." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IAASB ISAE 3402 staff overview, https://www.iaasb.org/publications/staff-overview-international-standard-assurance-engagements-isae-3402-assurance-reports-controls [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "isae-3402-soc2", "label": "ISAE 3402 / SOC 2", "type": "standard", "subtype": "third-party-assurance", "role": "Assurance-report standards used in outsourcing and vendor-risk due diligence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ISO/IEC 27001 information security management, https://www.iso.org/standard/27001 [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "iso-27001-27002", "label": "ISO/IEC 27001 / 27002", "type": "standard", "subtype": "information-security", "role": "Information-security management and control-reference standards." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ISO/IEC 27002 information security controls, https://www.iso.org/standard/75652.html [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "iso-27001-27002", "label": "ISO/IEC 27001 / 27002", "type": "standard", "subtype": "information-security", "role": "Information-security management and control-reference standards." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NIST Cybersecurity Framework 2.0, https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/final", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "nist-csf-2", "label": "NIST Cybersecurity Framework 2.0", "type": "standard", "subtype": "cybersecurity-framework", "role": "Cybersecurity framework commonly mapped to risk and resilience controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AICPA SOC 2, https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "outsourcing-register-materiality", "label": "Outsourcing register and material-outsourcing assessment", "type": "control", "subtype": "outsourcing-evidence", "role": "Register, materiality analysis, due diligence, audit rights, subcontracting, exit and concentration-risk evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "BIS BCBS 239, https://www.bis.org/publ/bcbs239.htm [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "operational-risk-resilience-evidence", "label": "Operational-risk and resilience evidence", "type": "control", "subtype": "operational-resilience-evidence", "role": "ICT risk, BCM, scenario testing, critical-function, incident and third-party concentration evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "COSO Internal Control - Integrated Framework, https://www.coso.org/guidance-on-ic [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ics-evidence-bundle", "label": "ICS evidence bundle", "type": "control", "subtype": "internal-control-evidence", "role": "Control register, testing, exceptions, attestations and remediation evidence for the internal control system." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "COSO Internal Control - Integrated Framework, https://www.coso.org/guidance-on-ic [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "internal-audit-sod", "label": "Internal audit and SoD", "type": "control", "subtype": "audit-and-segregation", "role": "Internal audit workflows, 4-eyes controls, two-line/three-line ownership and periodic re-attestation evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FDPIC official website, https://www.edoeb.admin.ch/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "data-protection-evidence", "label": "Data-protection evidence", "type": "control", "subtype": "privacy-evidence", "role": "DPIA, processing register, breach response, privacy incidents and data-protection governance evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLA, https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "aml-cft-evidence", "label": "AML/CFT evidence", "type": "control", "subtype": "aml-evidence", "role": "KYC/CDD lifecycle, transaction-monitoring, investigations and suspicious-activity reporting evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLO, https://www.fedlex.admin.ch/eli/cc/2015/791/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "aml-cft-evidence", "label": "AML/CFT evidence", "type": "control", "subtype": "aml-evidence", "role": "KYC/CDD lifecycle, transaction-monitoring, investigations and suspicious-activity reporting evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "data-protection-evidence", "label": "Data-protection evidence", "type": "control", "subtype": "privacy-evidence", "role": "DPIA, processing register, breach response, privacy incidents and data-protection governance evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINMASA, https://www.fedlex.admin.ch/eli/cc/2008/736/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "regulator-interaction-evidence", "label": "Regulator interaction evidence", "type": "control", "subtype": "supervisory-evidence", "role": "FINMA audit reports, supervisory correspondence, ad-hoc notifications, action plans and supervisory disclosure packs." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2017/01 Corporate governance - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2017-01-20200101.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ics-evidence-bundle", "label": "ICS evidence bundle", "type": "control", "subtype": "internal-control-evidence", "role": "Control register, testing, exceptions, attestations and remediation evidence for the internal control system." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2017/01 Corporate governance - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2017-01-20200101.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "internal-audit-sod", "label": "Internal audit and SoD", "type": "control", "subtype": "audit-and-segregation", "role": "Internal audit workflows, 4-eyes controls, two-line/three-line ownership and periodic re-attestation evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2018/03 Outsourcing, https://www.finma.ch/en/~/media/finma/dokumente/rundschreiben-archiv/2018/rs-18-03/finma-rs-2018-03---20170921.pdf?la=en [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "outsourcing-register-materiality", "label": "Outsourcing register and material-outsourcing assessment", "type": "control", "subtype": "outsourcing-evidence", "role": "Register, materiality analysis, due diligence, audit rights, subcontracting, exit and concentration-risk evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2023/01 Operational risks and resilience - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "operational-risk-resilience-evidence", "label": "Operational-risk and resilience evidence", "type": "control", "subtype": "operational-resilience-evidence", "role": "ICT risk, BCM, scenario testing, critical-function, incident and third-party concentration evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular archive 2008/24 Supervision and internal control - banks, https://www.finma.ch/en/documentation/archiv/rundschreiben/archiv-2008/ [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ics-evidence-bundle", "label": "ICS evidence bundle", "type": "control", "subtype": "internal-control-evidence", "role": "Control register, testing, exceptions, attestations and remediation evidence for the internal control system." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA official website, https://www.finma.ch/en/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "regulator-interaction-evidence", "label": "Regulator interaction evidence", "type": "control", "subtype": "supervisory-evidence", "role": "FINMA audit reports, supervisory correspondence, ad-hoc notifications, action plans and supervisory disclosure packs." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IAASB ISAE 3402 staff overview, https://www.iaasb.org/publications/staff-overview-international-standard-assurance-engagements-isae-3402-assurance-reports-controls [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "outsourcing-register-materiality", "label": "Outsourcing register and material-outsourcing assessment", "type": "control", "subtype": "outsourcing-evidence", "role": "Register, materiality analysis, due diligence, audit rights, subcontracting, exit and concentration-risk evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ISO/IEC 27001 information security management, https://www.iso.org/standard/27001 [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "operational-risk-resilience-evidence", "label": "Operational-risk and resilience evidence", "type": "control", "subtype": "operational-resilience-evidence", "role": "ICT risk, BCM, scenario testing, critical-function, incident and third-party concentration evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ISO/IEC 27001 information security management, https://www.iso.org/standard/27001 [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "data-protection-evidence", "label": "Data-protection evidence", "type": "control", "subtype": "privacy-evidence", "role": "DPIA, processing register, breach response, privacy incidents and data-protection governance evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NIST Cybersecurity Framework 2.0, https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/final", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "operational-risk-resilience-evidence", "label": "Operational-risk and resilience evidence", "type": "control", "subtype": "operational-resilience-evidence", "role": "ICT risk, BCM, scenario testing, critical-function, incident and third-party concentration evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Archer GRC solutions, https://www.archerirm.com/solutions", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "archer-integrated-risk-management", "label": "Archer Integrated Risk Management", "type": "vendor", "subtype": "integrated-risk-vendor", "role": "Archer provides integrated risk management products and risk quantification." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Archer website, https://www.archerirm.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "archer-integrated-risk-management", "label": "Archer Integrated Risk Management", "type": "vendor", "subtype": "integrated-risk-vendor", "role": "Archer provides integrated risk management products and risk quantification." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AuditBoard announces CrossComply, https://auditboard.com/blog/auditboard-announces-crosscomply?utm_campaign=&utm_content=&utm_medium=&utm_offer=%3Fwtime&utm_source=", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-optro-inc", "label": "AuditBoard / Optro", "type": "vendor", "subtype": "grc-vendor", "role": "AuditBoard has rebranded as Optro and provides audit, risk and compliance software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent One Platform, https://www.diligent.com/platform/diligent-one", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-corp", "label": "Diligent Corp.", "type": "vendor", "subtype": "governance-grc-vendor", "role": "Diligent provides Diligent One, HighBond, ESG and board-governance products." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent website, https://www.diligent.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-corp", "label": "Diligent Corp.", "type": "vendor", "subtype": "governance-grc-vendor", "role": "Diligent provides Diligent One, HighBond, ESG and board-governance products." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Finray Ordinis, https://finray.tech/platforms/ordinis/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finray-technologies-ltd", "label": "Finray Technologies Ltd", "type": "vendor", "subtype": "swiss-fintech-vendor", "role": "Finray provides infrastructure and control systems for regulated financial institutions, including Ordinis." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Finray Technologies, https://finray.tech/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finray-technologies-ltd", "label": "Finray Technologies Ltd", "type": "vendor", "subtype": "swiss-fintech-vendor", "role": "Finray provides infrastructure and control systems for regulated financial institutions, including Ordinis." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IBM OpenPages, https://www.ibm.com/products/openpages", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ibm", "label": "IBM", "type": "vendor", "subtype": "enterprise-software-vendor", "role": "IBM provides OpenPages as its GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Kroll acquires Resolver, https://www.kroll.com/en/newsroom/kroll-acquires-resolver-leader-risk-intelligence-technology [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-kroll", "label": "Resolver / Kroll", "type": "vendor", "subtype": "risk-intelligence-vendor", "role": "Resolver provides risk intelligence, risk management and compliance management software and is part of Kroll." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate Risk Cloud platform, https://www.logicgate.com/platform/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-inc", "label": "LogicGate Inc.", "type": "vendor", "subtype": "grc-vendor", "role": "LogicGate provides the Risk Cloud GRC platform and configurable risk/compliance applications." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate website, https://www.logicgate.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-inc", "label": "LogicGate Inc.", "type": "vendor", "subtype": "grc-vendor", "role": "LogicGate provides the Risk Cloud GRC platform and configurable risk/compliance applications." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream GRC Platform, https://www.metricstream.com/platform.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-inc", "label": "MetricStream Inc.", "type": "vendor", "subtype": "integrated-grc-vendor", "role": "MetricStream provides GRC and integrated risk management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream website, https://www.metricstream.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-inc", "label": "MetricStream Inc.", "type": "vendor", "subtype": "integrated-grc-vendor", "role": "MetricStream provides GRC and integrated risk management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX Global acquires Lockpath, https://www.navex.com/en-us/company/press-room/navex-global-acquires-lockpath-inc/ [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex", "label": "NAVEX", "type": "vendor", "subtype": "grc-vendor", "role": "NAVEX provides NAVEX One and legacy Lockpath risk/governance capabilities." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX One platform, https://www.navex.com/en-us/platform/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex", "label": "NAVEX", "type": "vendor", "subtype": "grc-vendor", "role": "NAVEX provides NAVEX One and legacy Lockpath risk/governance capabilities." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX website, https://www.navex.com/en-us/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex", "label": "NAVEX", "type": "vendor", "subtype": "grc-vendor", "role": "NAVEX provides NAVEX One and legacy Lockpath risk/governance capabilities." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust Tech Risk and Compliance, https://www.onetrust.com/solutions/tech-risk-and-compliance/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-llc", "label": "OneTrust LLC", "type": "vendor", "subtype": "privacy-grc-vendor", "role": "OneTrust provides privacy, third-party risk, technology risk and GRC-related products." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust website, https://www.onetrust.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-llc", "label": "OneTrust LLC", "type": "vendor", "subtype": "privacy-grc-vendor", "role": "OneTrust provides privacy, third-party risk, technology risk and GRC-related products." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Optro formerly AuditBoard website, https://optro.ai/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-optro-inc", "label": "AuditBoard / Optro", "type": "vendor", "subtype": "grc-vendor", "role": "AuditBoard has rebranded as Optro and provides audit, risk and compliance software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Resolver GRC software, https://www.resolver.com/grc-software/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-kroll", "label": "Resolver / Kroll", "type": "vendor", "subtype": "risk-intelligence-vendor", "role": "Resolver provides risk intelligence, risk management and compliance management software and is part of Kroll." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Resolver website, https://www.resolver.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-kroll", "label": "Resolver / Kroll", "type": "vendor", "subtype": "risk-intelligence-vendor", "role": "Resolver provides risk intelligence, risk management and compliance management software and is part of Kroll." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "SAI360 Integrated GRC, https://www.sai360.com/solutions/integrated-grc", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "sai360", "label": "SAI360", "type": "vendor", "subtype": "grc-vendor", "role": "SAI360 provides integrated risk and compliance management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "SAI360 website, https://www.sai360.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "sai360", "label": "SAI360", "type": "vendor", "subtype": "grc-vendor", "role": "SAI360 provides integrated risk and compliance management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Governance, Risk and Compliance, https://www.servicenow.com/products/governance-risk-and-compliance.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-inc", "label": "ServiceNow Inc.", "type": "vendor", "subtype": "platform-vendor", "role": "ServiceNow provides integrated risk, operational-risk and vendor-risk products on the Now Platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Integrated Risk Management, https://www.servicenow.com/products/integrated-risk-management.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-inc", "label": "ServiceNow Inc.", "type": "vendor", "subtype": "platform-vendor", "role": "ServiceNow provides integrated risk, operational-risk and vendor-risk products on the Now Platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Swiss GRC solutions, https://swissgrc.com/en/solutions/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-grc-ag", "label": "Swiss GRC AG", "type": "vendor", "subtype": "swiss-grc-vendor", "role": "Swiss GRC provides GRC Toolbox software from Switzerland." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Swiss GRC website, https://swissgrc.com/en/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-grc-ag", "label": "Swiss GRC AG", "type": "vendor", "subtype": "swiss-grc-vendor", "role": "Swiss GRC provides GRC Toolbox software from Switzerland." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Workiva platform, https://www.workiva.com/platform", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "workiva-inc", "label": "Workiva Inc.", "type": "vendor", "subtype": "reporting-grc-vendor", "role": "Workiva provides connected reporting, GRC, internal-control and audit-management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Workiva website, https://www.workiva.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "workiva-inc", "label": "Workiva Inc.", "type": "vendor", "subtype": "reporting-grc-vendor", "role": "Workiva provides connected reporting, GRC, internal-control and audit-management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Archer GRC solutions, https://www.archerirm.com/solutions", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "archer-suite", "label": "Archer Suite", "type": "product", "subtype": "grc-product", "role": "Archer integrated risk management suite." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Archer Insight risk quantification, https://www.archerirm.com/archer-insight-risk-quantification", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "archer-insight", "label": "Archer Insight", "type": "product", "subtype": "grc-product", "role": "Archer risk quantification and prioritisation product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Archer Suite documentation, https://help.archerirm.cloud/platform_2024_11/en-us/content/shared_topics/archer_suite.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "archer-suite", "label": "Archer Suite", "type": "product", "subtype": "grc-product", "role": "Archer integrated risk management suite." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AuditBoard announces CrossComply, https://auditboard.com/blog/auditboard-announces-crosscomply?utm_campaign=&utm_content=&utm_medium=&utm_offer=%3Fwtime&utm_source=", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-crosscomply", "label": "AuditBoard CrossComply", "type": "product", "subtype": "grc-product", "role": "AuditBoard CrossComply compliance product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AuditBoard compliance solutions, https://auditboard.com/solutions/compliance?utm_campaign=&utm_content=&utm_medium=&utm_offer=%3Fwtime&utm_source=", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-riskoversight", "label": "AuditBoard RiskOversight", "type": "product", "subtype": "grc-product", "role": "AuditBoard RiskOversight product label requiring current public evidence confirmation." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AuditBoard CrossComply Live, https://resources.optro.ai/auditboard-live-compliance.html?utm_campaign=&utm_content=&utm_medium=&utm_offer=%3Fwtime&utm_source=", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-crosscomply", "label": "AuditBoard CrossComply", "type": "product", "subtype": "grc-product", "role": "AuditBoard CrossComply compliance product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "AuditBoard OpsAudit Live, https://resources.optro.ai/opsaudit-live-may.html?utm_campaign=&utm_content=&utm_medium=&utm_offer=%3Fwtime&utm_source=", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-opsaudit", "label": "AuditBoard OpsAudit", "type": "product", "subtype": "grc-product", "role": "AuditBoard OpsAudit internal audit product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent board management software, https://www.diligent.com/lp/board-management-software-enterprise", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-boards", "label": "Diligent Boards", "type": "product", "subtype": "grc-product", "role": "Diligent board management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent ESG features, https://www.diligent.com/solutions/esg-features", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-esg", "label": "Diligent ESG", "type": "product", "subtype": "grc-product", "role": "Diligent ESG reporting and governance product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent ESG, https://www.diligent.com/products/diligent-esg", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-esg", "label": "Diligent ESG", "type": "product", "subtype": "grc-product", "role": "Diligent ESG reporting and governance product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent HighBond API, https://developer.diligent.com/api/highbond", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-highbond", "label": "Diligent HighBond", "type": "product", "subtype": "grc-product", "role": "Diligent HighBond GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent HighBond platform product sheet, https://www.diligent.com/-/media/project/diligent/master/landing-pages/rsa-conference-2022/product-sheet--highbond-platform.pdf?hash=A93B6B2E3B646ECBEEE3904DC21813E8&rev=d7b454b0-e2c2-455d-92e0-94508fa8c2d4 [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-highbond", "label": "Diligent HighBond", "type": "product", "subtype": "grc-product", "role": "Diligent HighBond GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Diligent One Platform, https://www.diligent.com/platform/diligent-one", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "diligent-boards", "label": "Diligent Boards", "type": "product", "subtype": "grc-product", "role": "Diligent board management software." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Finray Ordinis, https://finray.tech/platforms/ordinis/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finray-ordinis", "label": "Ordinis", "type": "product", "subtype": "grc-product", "role": "Finray Ordinis is a governance, risk, compliance, approvals and audit-evidence product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Finray Technologies, https://finray.tech/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finray-ordinis", "label": "Ordinis", "type": "product", "subtype": "grc-product", "role": "Finray Ordinis is a governance, risk, compliance, approvals and audit-evidence product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IBM OpenPages GRC solutions documentation, https://www.ibm.com/docs/en/openpages/9.0.0?topic=guide-openpages-grc-solutions", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ibm-openpages", "label": "IBM OpenPages", "type": "product", "subtype": "grc-product", "role": "IBM OpenPages GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IBM OpenPages Operational Risk, https://www.ibm.com/products/openpages/operational-risk", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ibm-openpages", "label": "IBM OpenPages", "type": "product", "subtype": "grc-product", "role": "IBM OpenPages GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IBM OpenPages Regulatory Compliance, https://www.ibm.com/products/openpages/regulatory-compliance", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ibm-openpages", "label": "IBM OpenPages", "type": "product", "subtype": "grc-product", "role": "IBM OpenPages GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "IBM OpenPages, https://www.ibm.com/products/openpages", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "ibm-openpages", "label": "IBM OpenPages", "type": "product", "subtype": "grc-product", "role": "IBM OpenPages GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate Enterprise Risk Management application, https://www.logicgate.com/platform/applications/enterprise-risk-management-application/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-erm", "label": "LogicGate ERM", "type": "product", "subtype": "grc-product", "role": "LogicGate enterprise risk management application." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate Enterprise Risk Management solution, https://www.logicgate.com/solutions/enterprise-risk-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-erm", "label": "LogicGate ERM", "type": "product", "subtype": "grc-product", "role": "LogicGate enterprise risk management application." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate Regulatory Compliance Management, https://www.logicgate.com/solutions/regulatory-compliance-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-rcm", "label": "LogicGate Regulatory Compliance Management", "type": "product", "subtype": "grc-product", "role": "LogicGate regulatory compliance management solution." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate Risk Cloud platform, https://www.logicgate.com/platform/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-risk-cloud", "label": "LogicGate Risk Cloud", "type": "product", "subtype": "grc-product", "role": "LogicGate Risk Cloud GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate Risk Cloud platform, https://www.logicgate.com/platform/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-it-risk", "label": "LogicGate IT Risk", "type": "product", "subtype": "grc-product", "role": "LogicGate IT-risk-adjacent capability within Risk Cloud." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate risk management team solutions, https://www.logicgate.com/solutions/team/risk-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-it-risk", "label": "LogicGate IT Risk", "type": "product", "subtype": "grc-product", "role": "LogicGate IT-risk-adjacent capability within Risk Cloud." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "LogicGate website, https://www.logicgate.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "logicgate-risk-cloud", "label": "LogicGate Risk Cloud", "type": "product", "subtype": "grc-product", "role": "LogicGate Risk Cloud GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream Compliance Management, https://www.metricstream.com/products/compliance-management.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-compliance", "label": "MetricStream Compliance Management", "type": "product", "subtype": "grc-product", "role": "MetricStream compliance and regulatory compliance product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream GRC Platform, https://www.metricstream.com/platform.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-m7-platform", "label": "MetricStream M7 platform", "type": "product", "subtype": "grc-product", "role": "Legacy MetricStream integrated risk platform product name." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream GRC Platform, https://www.metricstream.com/platform.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-risk-cloud", "label": "MetricStream Risk Cloud", "type": "product", "subtype": "grc-product", "role": "MetricStream risk management platform/product label to be verified." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream GRC Platform, https://www.metricstream.com/platform.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-internal-audit", "label": "MetricStream Internal Audit Management", "type": "product", "subtype": "grc-product", "role": "MetricStream internal-audit product label requiring direct evidence confirmation." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream M7 integrated risk platform announcement, https://www.metricstream.com/pressNews/pr-956-MetricStream-launches-M7-integrated-risk-platform.htm [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-m7-platform", "label": "MetricStream M7 platform", "type": "product", "subtype": "grc-product", "role": "Legacy MetricStream integrated risk platform product name." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream Operational Risk Management, https://www.metricstream.com/products/operational-risk-management.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-oprisk", "label": "MetricStream Operational Risk Management", "type": "product", "subtype": "grc-product", "role": "MetricStream operational risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream Regulatory Compliance, https://www.metricstream.com/products/regulatory-compliance.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-compliance", "label": "MetricStream Compliance Management", "type": "product", "subtype": "grc-product", "role": "MetricStream compliance and regulatory compliance product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream Risk Management Software, https://www.metricstream.com/products/risk-management.htm", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-risk-cloud", "label": "MetricStream Risk Cloud", "type": "product", "subtype": "grc-product", "role": "MetricStream risk management platform/product label to be verified." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "MetricStream website, https://www.metricstream.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "metricstream-internal-audit", "label": "MetricStream Internal Audit Management", "type": "product", "subtype": "grc-product", "role": "MetricStream internal-audit product label requiring direct evidence confirmation." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX Global announces upgrade to Lockpath Keylight risk management platform, https://www.navex.com/en-us/company/press-room/navex-global-announces-upgrade-to-lockpath-risk-management-platform/ [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex-lockpath-keylight", "label": "Lockpath Keylight", "type": "product", "subtype": "grc-product", "role": "Legacy Lockpath Keylight risk management platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX Lockpath Operational Risk Management datasheet, https://www.navex.com/en-us/resources/datasheets/operational-risk-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex-risk-manager", "label": "NAVEX One Risk & Governance / Risk Manager", "type": "product", "subtype": "grc-product", "role": "NAVEX One risk governance and compliance capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX Lockpath support topic, https://support.navex.com/s/topic/0TO1T000000bMVQWA2/lockpath?language=en_US", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex-lockpath-keylight", "label": "Lockpath Keylight", "type": "product", "subtype": "grc-product", "role": "Legacy Lockpath Keylight risk management platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX One platform, https://www.navex.com/en-us/platform/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex-risk-manager", "label": "NAVEX One Risk & Governance / Risk Manager", "type": "product", "subtype": "grc-product", "role": "NAVEX One risk governance and compliance capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX One Risk Governance and Compliance, https://www.navex.com/en-us/platform/risk-governance-irm/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex-risk-manager", "label": "NAVEX One Risk & Governance / Risk Manager", "type": "product", "subtype": "grc-product", "role": "NAVEX One risk governance and compliance capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "NAVEX regulatory compliance and risk management for financial services, https://www.navex.com/en-us/resources/datasheets/regulatory-compliance-and-risk-management-financial-services/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "navex-risk-manager", "label": "NAVEX One Risk & Governance / Risk Manager", "type": "product", "subtype": "grc-product", "role": "NAVEX One risk governance and compliance capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust GRC glossary, https://www.onetrust.com/glossary/governance-risk-and-compliance-grc/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-grc", "label": "OneTrust GRC / Tech Risk and Compliance", "type": "product", "subtype": "grc-product", "role": "OneTrust technology risk and compliance/GRC capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust Privacy Operations, https://www.onetrust.com/products/privacy-operations/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-privacy", "label": "OneTrust Privacy Operations", "type": "product", "subtype": "grc-product", "role": "OneTrust privacy operations product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust Tech Risk and Compliance, https://www.onetrust.com/solutions/tech-risk-and-compliance/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-grc", "label": "OneTrust GRC / Tech Risk and Compliance", "type": "product", "subtype": "grc-product", "role": "OneTrust technology risk and compliance/GRC capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust Third-Party Management solutions, https://www.onetrust.com/solutions/third-party-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-third-party-risk", "label": "OneTrust Third-Party Risk Management", "type": "product", "subtype": "grc-product", "role": "OneTrust third-party risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "OneTrust Third-Party Risk Management, https://www.onetrust.com/products/third-party-risk-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "onetrust-third-party-risk", "label": "OneTrust Third-Party Risk Management", "type": "product", "subtype": "grc-product", "role": "OneTrust third-party risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Optro ESG product, https://optro.ai/product/esg", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-esg", "label": "AuditBoard / Optro ESG", "type": "product", "subtype": "grc-product", "role": "Optro ESG product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Optro formerly AuditBoard website, https://optro.ai/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-opsaudit", "label": "AuditBoard OpsAudit", "type": "product", "subtype": "grc-product", "role": "AuditBoard OpsAudit internal audit product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Optro formerly AuditBoard website, https://optro.ai/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "auditboard-riskoversight", "label": "AuditBoard RiskOversight", "type": "product", "subtype": "grc-product", "role": "AuditBoard RiskOversight product label requiring current public evidence confirmation." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Resolver Compliance Management Software, https://www.resolver.com/grc-software/compliance-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-compliance", "label": "Resolver Compliance", "type": "product", "subtype": "grc-product", "role": "Resolver compliance management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Resolver Enterprise Risk Management Software, https://www.resolver.com/grc-software/risk-management/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-risk", "label": "Resolver Risk", "type": "product", "subtype": "grc-product", "role": "Resolver risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Resolver GRC software, https://www.resolver.com/grc-software/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-risk", "label": "Resolver Risk", "type": "product", "subtype": "grc-product", "role": "Resolver risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Resolver integrated GRC software, https://www.resolver.com/solutions/integrated-grc-software/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "resolver-compliance", "label": "Resolver Compliance", "type": "product", "subtype": "grc-product", "role": "Resolver compliance management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "SAI360 Integrated GRC, https://www.sai360.com/solutions/integrated-grc", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "sai360-grc-platform", "label": "SAI360 GRC platform", "type": "product", "subtype": "grc-product", "role": "SAI360 integrated GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "SAI360 website, https://www.sai360.com/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "sai360-grc-platform", "label": "SAI360 GRC platform", "type": "product", "subtype": "grc-product", "role": "SAI360 integrated GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Governance, Risk and Compliance, https://www.servicenow.com/products/governance-risk-and-compliance.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-irm-grc", "label": "ServiceNow IRM / GRC suite", "type": "product", "subtype": "grc-product", "role": "ServiceNow integrated risk management and GRC suite." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Integrated Risk Management, https://www.servicenow.com/products/integrated-risk-management.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-irm-grc", "label": "ServiceNow IRM / GRC suite", "type": "product", "subtype": "grc-product", "role": "ServiceNow integrated risk management and GRC suite." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Operational Risk dashboard documentation, https://www.servicenow.com/docs/r/governance-risk-compliance/grc-risk-management-workspace/operational-risk-dashboard.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-operational-risk-management", "label": "ServiceNow Operational Risk Management", "type": "product", "subtype": "grc-product", "role": "ServiceNow operational risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Operational Risk Management, https://www.servicenow.com/products/operational-risk-management.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-operational-risk-management", "label": "ServiceNow Operational Risk Management", "type": "product", "subtype": "grc-product", "role": "ServiceNow operational risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Third-Party Risk Management, https://www.servicenow.com/products/third-party-risk-management.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-vendor-risk-management", "label": "ServiceNow Vendor Risk Management", "type": "product", "subtype": "grc-product", "role": "ServiceNow vendor or third-party risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "ServiceNow Vendor Risk Management, https://www.servicenow.com/uk/products/vendor-risk-management.html", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "servicenow-vendor-risk-management", "label": "ServiceNow Vendor Risk Management", "type": "product", "subtype": "grc-product", "role": "ServiceNow vendor or third-party risk management product." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Swiss GRC Internal Control Software ICS, https://swissgrc.com/en/internal-control-software-ics/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-grc-toolbox", "label": "Swiss GRC Toolbox", "type": "product", "subtype": "grc-product", "role": "Swiss GRC Toolbox GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Swiss GRC Risk Management Software, https://swissgrc.com/en/risk-management-software/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-grc-toolbox", "label": "Swiss GRC Toolbox", "type": "product", "subtype": "grc-product", "role": "Swiss GRC Toolbox GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Swiss GRC solutions, https://swissgrc.com/en/solutions/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-grc-toolbox", "label": "Swiss GRC Toolbox", "type": "product", "subtype": "grc-product", "role": "Swiss GRC Toolbox GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Swiss GRC website, https://swissgrc.com/en/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-grc-toolbox", "label": "Swiss GRC Toolbox", "type": "product", "subtype": "grc-product", "role": "Swiss GRC Toolbox GRC platform." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Workiva Financial Reporting and Disclosure Management, https://www.workiva.com/resources/workiva-financial-reporting-and-disclosure-management", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "workiva-reporting", "label": "Workiva Reporting", "type": "product", "subtype": "grc-product", "role": "Workiva reporting and disclosure management capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Workiva platform, https://www.workiva.com/platform", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "workiva-wdesk", "label": "Workiva Wdesk", "type": "product", "subtype": "grc-product", "role": "Legacy Workiva Wdesk label for connected controls and reporting workflows." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Workiva platform, https://www.workiva.com/platform", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "workiva-reporting", "label": "Workiva Reporting", "type": "product", "subtype": "grc-product", "role": "Workiva reporting and disclosure management capability." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Workiva Wdesk SOX Controls Management implementation guide, https://www.workiva.com/resources/implementation-guide-sox-controls-management [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "workiva-wdesk", "label": "Workiva Wdesk", "type": "product", "subtype": "grc-product", "role": "Legacy Workiva Wdesk label for connected controls and reporting workflows." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLA, https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-securities-firm-finig", "label": "Swiss securities firm under FINIG", "type": "firm-segment", "subtype": "securities-firm", "role": "FINMA-authorised securities firm requiring governance, conduct, AML and outsourcing controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLA, https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-portfolio-manager-trustee-finig", "label": "Swiss portfolio manager or trustee under FINIG", "type": "firm-segment", "subtype": "portfolio-manager-trustee", "role": "Portfolio managers and trustees requiring proportionate governance, conduct, AML and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLA, https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-insurer-isa", "label": "Swiss insurer under ISA", "type": "firm-segment", "subtype": "insurer", "role": "FINMA-supervised insurer requiring governance, outsourcing, operational-risk, privacy and, where applicable, AML evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLA, https://www.fedlex.admin.ch/eli/cc/1998/892_892_892/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-asset-manager-cisa-finig", "label": "Swiss asset manager or fund house under CISA/FINIG", "type": "firm-segment", "subtype": "asset-manager-fund-house", "role": "Asset managers and fund houses requiring fund-governance, conduct, AML, outsourcing and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLO, https://www.fedlex.admin.ch/eli/cc/2015/791/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-securities-firm-finig", "label": "Swiss securities firm under FINIG", "type": "firm-segment", "subtype": "securities-firm", "role": "FINMA-authorised securities firm requiring governance, conduct, AML and outsourcing controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex AMLO, https://www.fedlex.admin.ch/eli/cc/2015/791/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-portfolio-manager-trustee-finig", "label": "Swiss portfolio manager or trustee under FINIG", "type": "firm-segment", "subtype": "portfolio-manager-trustee", "role": "Portfolio managers and trustees requiring proportionate governance, conduct, AML and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex BankG, https://www.fedlex.admin.ch/eli/cc/51/117_121_129/de", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-bank-bankg", "label": "Swiss bank under BankG", "type": "firm-segment", "subtype": "bank", "role": "FINMA-authorised banking institution requiring board-level governance, ICS, outsourcing and operational-resilience evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex CISA, https://www.fedlex.admin.ch/eli/cc/2006/822/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-asset-manager-cisa-finig", "label": "Swiss asset manager or fund house under CISA/FINIG", "type": "firm-segment", "subtype": "asset-manager-fund-house", "role": "Asset managers and fund houses requiring fund-governance, conduct, AML, outsourcing and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-securities-firm-finig", "label": "Swiss securities firm under FINIG", "type": "firm-segment", "subtype": "securities-firm", "role": "FINMA-authorised securities firm requiring governance, conduct, AML and outsourcing controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-portfolio-manager-trustee-finig", "label": "Swiss portfolio manager or trustee under FINIG", "type": "firm-segment", "subtype": "portfolio-manager-trustee", "role": "Portfolio managers and trustees requiring proportionate governance, conduct, AML and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-insurer-isa", "label": "Swiss insurer under ISA", "type": "firm-segment", "subtype": "insurer", "role": "FINMA-supervised insurer requiring governance, outsourcing, operational-risk, privacy and, where applicable, AML evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FADP/DSG, https://www.fedlex.admin.ch/eli/cc/2022/491/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-asset-manager-cisa-finig", "label": "Swiss asset manager or fund house under CISA/FINIG", "type": "firm-segment", "subtype": "asset-manager-fund-house", "role": "Asset managers and fund houses requiring fund-governance, conduct, AML, outsourcing and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINIG, https://www.fedlex.admin.ch/eli/cc/2018/801/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-securities-firm-finig", "label": "Swiss securities firm under FINIG", "type": "firm-segment", "subtype": "securities-firm", "role": "FINMA-authorised securities firm requiring governance, conduct, AML and outsourcing controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINIG, https://www.fedlex.admin.ch/eli/cc/2018/801/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-portfolio-manager-trustee-finig", "label": "Swiss portfolio manager or trustee under FINIG", "type": "firm-segment", "subtype": "portfolio-manager-trustee", "role": "Portfolio managers and trustees requiring proportionate governance, conduct, AML and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINIG, https://www.fedlex.admin.ch/eli/cc/2018/801/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-asset-manager-cisa-finig", "label": "Swiss asset manager or fund house under CISA/FINIG", "type": "firm-segment", "subtype": "asset-manager-fund-house", "role": "Asset managers and fund houses requiring fund-governance, conduct, AML, outsourcing and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINMASA, https://www.fedlex.admin.ch/eli/cc/2008/736/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-bank-bankg", "label": "Swiss bank under BankG", "type": "firm-segment", "subtype": "bank", "role": "FINMA-authorised banking institution requiring board-level governance, ICS, outsourcing and operational-resilience evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINMASA, https://www.fedlex.admin.ch/eli/cc/2008/736/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-insurer-isa", "label": "Swiss insurer under ISA", "type": "firm-segment", "subtype": "insurer", "role": "FINMA-supervised insurer requiring governance, outsourcing, operational-risk, privacy and, where applicable, AML evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINMASA, https://www.fedlex.admin.ch/eli/cc/2008/736/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma-licence-applicant", "label": "FINMA licence applicant", "type": "firm-segment", "subtype": "licence-applicant", "role": "Applicant institution needing application-grade governance evidence before authorisation." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINSA, https://www.fedlex.admin.ch/eli/cc/2019/758/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-securities-firm-finig", "label": "Swiss securities firm under FINIG", "type": "firm-segment", "subtype": "securities-firm", "role": "FINMA-authorised securities firm requiring governance, conduct, AML and outsourcing controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINSA, https://www.fedlex.admin.ch/eli/cc/2019/758/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-portfolio-manager-trustee-finig", "label": "Swiss portfolio manager or trustee under FINIG", "type": "firm-segment", "subtype": "portfolio-manager-trustee", "role": "Portfolio managers and trustees requiring proportionate governance, conduct, AML and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex FINSA, https://www.fedlex.admin.ch/eli/cc/2019/758/en", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-asset-manager-cisa-finig", "label": "Swiss asset manager or fund house under CISA/FINIG", "type": "firm-segment", "subtype": "asset-manager-fund-house", "role": "Asset managers and fund houses requiring fund-governance, conduct, AML, outsourcing and data-protection controls." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "Fedlex ISA, https://www.fedlex.admin.ch/eli/cc/2005/734/de", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-insurer-isa", "label": "Swiss insurer under ISA", "type": "firm-segment", "subtype": "insurer", "role": "FINMA-supervised insurer requiring governance, outsourcing, operational-risk, privacy and, where applicable, AML evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2017/01 Corporate governance - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2017-01-20200101.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-bank-bankg", "label": "Swiss bank under BankG", "type": "firm-segment", "subtype": "bank", "role": "FINMA-authorised banking institution requiring board-level governance, ICS, outsourcing and operational-resilience evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2018/03 Outsourcing, https://www.finma.ch/en/~/media/finma/dokumente/rundschreiben-archiv/2018/rs-18-03/finma-rs-2018-03---20170921.pdf?la=en [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-bank-bankg", "label": "Swiss bank under BankG", "type": "firm-segment", "subtype": "bank", "role": "FINMA-authorised banking institution requiring board-level governance, ICS, outsourcing and operational-resilience evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2018/03 Outsourcing, https://www.finma.ch/en/~/media/finma/dokumente/rundschreiben-archiv/2018/rs-18-03/finma-rs-2018-03---20170921.pdf?la=en [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-insurer-isa", "label": "Swiss insurer under ISA", "type": "firm-segment", "subtype": "insurer", "role": "FINMA-supervised insurer requiring governance, outsourcing, operational-risk, privacy and, where applicable, AML evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA Circular 2023/01 Operational risks and resilience - banks, https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/rundschreiben/finma-rs-2023-01-20221207.pdf [stale — older than 2024]", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "swiss-bank-bankg", "label": "Swiss bank under BankG", "type": "firm-segment", "subtype": "bank", "role": "FINMA-authorised banking institution requiring board-level governance, ICS, outsourcing and operational-resilience evidence." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } }, { "primary_source_url": "FINMA official website, https://www.finma.ch/en/", "accessed_date": "2026-04-30", "finray_reviewed": true, "license": "CC-BY-4.0", "supports_node": { "id": "finma-licence-applicant", "label": "FINMA licence applicant", "type": "firm-segment", "subtype": "licence-applicant", "role": "Applicant institution needing application-grade governance evidence before authorisation." }, "review_record": { "reviewer": "Finray Intelligence", "page": "https://finray.tech/intelligence/swiss-finma-grc-ics/", "graph": "https://finray.tech/intelligence/swiss-finma-grc-ics.json", "review_date": "2026-04-30" } } ], "generated_at": "2026-05-15T23:58:21.467Z" }