Your bank refuses to access your SharePoint. You need to transmit files. And nobody knows which solution is really acceptable. This is exactly the situation one of our Geneva-based customers encountered last year.
Infologo, an IT service provider based in Geneva and Lausanne, regularly assists SMEs in French-speaking Switzerland in this type of impasse, where the technical problem is in reality a problem of dialogue with the financial institution.
Why do banks often refuse to use standard cloud tools?
Banks don’t refuse SharePoint on a whim. They have strict security policies, often dictated by their internal IT teams or compliance department, which forbid their employees from authenticating a third-party Microsoft account from their workstation. The risk they seek to avoid is real: a SharePoint link shared by email can be intercepted, reused or inadvertently expose other documents in the document tree.
This refusal is legitimate. The problem arises when it is not accompanied by any proposed alternative, and the customer is left to improvise with unvalidated solutions: email with a large attachment, SwissTransfer, WeTransfer, or even a USB key.
During an exchange with an IT manager from a Lausanne-based fiduciary, we discovered that one of their partner banks was still communicating via SFTP with a client-side certificate, while another required a dedicated platform provided by the bank itself. Same sector, same type of data, two radically different protocols. There is no universal standard.
What you pass on changes everything
The right transfer method depends less on the tool than on the nature of the data being exchanged. Distinguishing the type of document is the first step.
Account statements and bank positions are sensitive data, but their compromise does not have the same consequences as an intercepted and altered payment order. A transfer order or trading instruction must imperatively pass through an authenticated channel, with end-to-end traceability and, ideally, an electronic signature or confirmation mechanism.
For reporting documents without payment instructions, a secure portal with two-factor authentication may suffice. For payment orders, this level of protection is insufficient.
Our customer didn’t make this distinction at the outset. They were looking for a single solution for everything, which unnecessarily complicated the issue.
The right approach: ask the bank directly
Most SMEs try to find a technical solution themselves, then submit it to the bank, which rejects it. This process is reversed.
The right approach is to formally ask the bank which transfer channels it accepts, by type of document. This request should be made to the right person: not the commercial relationship manager, but the bank’s IT department or security correspondent. In Switzerland, most major banks have documented procedures for exchanges with corporate clients. They don’t communicate them spontaneously, but they do exist.
At our Geneva-based customer, this simple procedure (a formal email to the right department) meant that within a week we had a clear list of accepted methods, with the level of security required depending on the type of data. What appeared to be a technical blockage was in fact a lack of structured communication between the teams.
What we recommend at Infologo
There is no one-size-fits-all solution for exchanging files with a banking institution, and to pretend otherwise would be to waste your time. Our recommendation is never to choose a tool before obtaining the bank’s requirements in writing.
Once these requirements are known, we work with you to evaluate the most suitable solution: SFTP with key authentication, a dedicated banking portal, AS2 protocol for automated exchanges or other. The choice also depends on your existing infrastructure and the frequency of exchanges.
Of the projects we’ve supported this year involving bank transfers, none has resulted in the same technical configuration. This is precisely why a standardized approach doesn’t work in this context.
If you’re in a similar situation, start by clarifying the bank’s requirements before deciding on the technical solution. We can help you structure this process and evaluate the options once the constraints have been established.
Contact us to discuss your requirements.
