Records management with

360 Documents

Product features

Conformance with ISO 15489-1:2016 and GeBüV

Swiss legal retention periods for clarifications and documents supporting the executed transactions under the Anti-Money Laundering Act (AMLA)


Last update: 17 May 2025

"The electronic storage of documents must meet the requirements of the Swiss Ordinance on Business Records. If the server used is not located in Switzerland, the FI must have up-to-date physical or electronic copies of the relevant documents in Switzerland"

(Art. 74 para. 4 AMLO-FINMA)

Definition and typology


Swiss Banks and financial institutions must retain for 10 years the following records as per Art. 74 para. 1 AMLO-FINMA (here):


  • All documents used to identify the contracting partner, controlling person, BO, as well as Forms A or K
  • A written note on the results of the application of the criteria for identifying business relationships with increased risks ("customer risk scoring")
  • A written note or the documents containing the findings of the additional investigations into business relationships or transactions with increased risks
  • The documents underlying the executed transactions
  • A copy of suspicious activity reports (SARs) filed to the Money Laundering Reporting Office Switzerland (MROS)
  • A list of all business relationships subject to the Swiss AML Act


While ordinary Swiss companies can retain their accounting documents (apart from the share register and its equivalents) in foreign data centres, FINMA-regulated financial institutions must store the above records and file notes "in a secure location in Switzerland that is accessible at all times" (Art. 74 para. 3 AMLO-FINMA).


It should be noted that "if the server used is not located in Switzerland, the financial intermediary must have up-to-date physical or electronic copies of the relevant documents in Switzerland" (ibid., para. 4).

Quick start

Ingestion: Upload, Outlook, scanner

Data acquisition

OCR technology: text recognition

Text recognition

Indexation along your folder structure

Indexation

Full-text search with results highlighting

Full-text search

Product features of 360 Documents

Business logic


  • Capture documents and associated metadata: Via simple upload, drag & drop from Outlook, bulk scanning or via API calls
  • Support of over 100 file extensions: Ingest and display documents in commonly used file formats
  • File sharing: Give internal and external access, set passwords and link expirations
  • Capture email attachments: As linked records or as a single compound record
  • Import digital records and associated metadata: Migrate directly from an external application, either in bulk or individually
  • Date of origination: When migrating, set a retention trigger predating a record's creation in 360 Documents
  • Link workflows associated with records: Annotate records, validate metadata, post "To do" entries, sign with Swiss and EU electronic signatures
  • Duplicate records: Use them in multiple business contexts (for example, in both the accounting and HR department)
  • Lifecycle management: Produce reports on records capture, usage and disposal
  • Website archiving

Usability


  • Hands-on in-app documentation in 4 languages including the foundations of records mangement
  • Full-text enterprise search: Advanced filtering, keyword and synonyms search in EN, DE, FR, IT
  • OCR and business data extraction: Industry-leading computer vision stack with high confidence scores
  • Data extraction at scale: Automatically detect and capture pre-existing metadata
  • Automatic document recognition: Detect over 30 document types (invoices, Swiss QR bills, IDs, tickets)
  • Business intelligence: Translate, summarize and question PDFs across all major LLMs
  • Contextual metadata service: Define and capture custom metadata
  • Metadata templates: Capture entity metadata according to one or several pre-determined templates
  • Validate custom metadata values against syntactical standards (booleans, enums, numbers, strings, URLs, phones, timestamps)
  • Classification service: Associate records and folders to their business context (for example, Accounting, HR, Sales, AML, etc.)
  • Create, manage and maintain business classes

Regulatory


  • Global compliance: ISO 15489-1:2016, ISO 16175-1:2020, DoD 5015.2-STD, MoReq2010
  • Swiss compliance: CO, GeBüV, FADP, eCH-0026, eCH-0038, eCH-0160, eCH-0164 (Swiss disposal schedules come preconfigured)
  • Disposal scheduling service: Allocate legal retention periods for records and folders, modify and replace existing disposal schedules to meet new legal or business demands
  • Retain residual metadata after record disposal: As stipulated by applicable jurisdictional standards
  • FADP compliance: Comply with Art. 25 et seq. of the Swiss Data Protection Act ("Rights of the Data Subject"), especially in terms of being able to provide information about "the retention period for the personal data"
  • Legal holding service: Pause record disposal preventing records from being disposed of during lawsuits, audits or governmental inquiries
  • Transfer records of continuing value together with their metadata to a public archive
  • Retention triggers: date of creation / origination, from last addition to folder timestamp, from folder closed timestamp, customized triggers

Security


  • User and user group service: Apply security and access restrictions on record, folder, document type and business class level ensuring that only authorized agents can access records
  • Historical user data: Trace all actions of all past users of 360 Documents
  • Model role service: Assign user roles choosing from over 200 function definitions (FND)
  • Security logging: Create and maintain access, usage and security metadata, generating event logs for each system interaction
  • Object lock: Protect records from any alteration on network level
  • Generate checksums to support integrity and duplicates detection
  • Authenticate users via 2FA before giving access
  • Perform malware detection when uploading files
  • Swiss data centers in compliance with ISO 27001 and FINMA requirements
  • 3-2-1-Backup: Regular backups offline on tape in Switzerland to prevent ransomware

Related reading



360core archiving Add-in on Microsoft AppSource (here)


FINMA (2023) Anti-Money Laundering Ordinance-FINMA (here)


FINRA (2017) Regulatory Notice 17-18. Social Media and Digital Communications. Guidance on Social Networking Websites and Business Communications (here)


Dieter Pfaff, Ruud Flemming (2019) Schweizer Leitfaden zum Internen Kontrollsystem (IKS) (here)


Swiss Banking Ombudsman (Case number 2017/26) Time limits for retaining and providing bank documents (here)

Introduce 360 Documents in our financial institution