ContinentalPrivate · Bank
Open Account
Return home
Trust

Security at Continental

Security at Continental is part of the relationship, not a feature. Every layer — encryption, access, settlement, audit — is engineered, witnessed, and reviewed.

HTTPS/TLS protectedEncrypted browser connection in productionApproved access onlyPortal access is role-scopedAudit loggedAccount changes write an audit recordPrivacy controlsLeast-privilege account access

1. Data security

All client data is encrypted in transit using TLS 1.3 and at rest using AES-256. Client files held in Geneva are stored on hardware kept within Swiss federal jurisdiction and subject to physical access logging.

Browser sessions to the portal are protected by HSTS, secure cookies, CSRF tokens, and a strict Content Security Policy. The portal is delivered over HTTP/3 from edge nodes that hold no client data.

2. Authentication & access

Sign-in to the portal is protected by password and, by default, time-based one-time codes (TOTP). Account holders can enrol hardware security keys on request.

Every sign-in is recorded against your account with timestamp, device, location, and IP. You can review the history at any time on the Security page.

Officers authenticate against a separate identity provider with phishing-resistant credentials, scoped per role (Super, Finance, Support). No officer can access more than their role permits.

3. Outbound funds

Continental never auto-settles outbound funds. Every withdrawal is reviewed by a named officer against the client's mandate parameters before settlement. Above the dual-approval threshold a second officer must co-sign.

Withdrawal destinations are only valid once approved against the client's KYC file. New beneficiaries trigger an explicit verification with the receiving institution.

4. Audit & accountability

Every officer action against a client account writes an immutable record to the bank's audit ledger — actor, timestamp, prior state, new state, IP address, and free-text justification. Audit rows cannot be amended or deleted by any role.

Balance changes are mirrored into a separate immutable ledger that retains the before/after balance, the responsible officer, and the cited reason. Reconciliations are performed quarterly and on demand.

5. Reporting a concern

If you suspect any compromise of your account, please write to the Private Client Office through the Secure Message Center, or call your relationship manager directly. We will lock the account, freeze any open instructions, and brief you within the hour.

For responsible disclosure of platform vulnerabilities, write to security@continental.example.