Microsoft 365 E7 and Copilot: What Swiss Private Banks Should Consider

Microsoft 365 E7 bundles Copilot into enterprise licensing. For Swiss private banks, the opportunity is real — but so are the governance, data sovereignty, and supervisory questions.

Mike Mannion

Microsoft 365 E7 makes AI-assisted productivity commercially accessible for the front office. But for a Swiss private bank, the licence is the easy part. Confidentiality, data sovereignty, FINMA expectations, and the US CLOUD Act all shape whether — and how — Copilot can be deployed safely.

Microsoft announced Microsoft 365 E7 on 9 March 2026, with general availability from 1 May 2026. The suite packages Microsoft 365 E5, Microsoft 365 Copilot, Agent 365, and the Microsoft Entra Suite into a single licence. For private banks evaluating AI-assisted productivity in the front office, this makes the commercial case straightforward for the first time.

The value proposition is easy to see. Relationship managers and assistants spend substantial time drafting, reworking, translating, and polishing client communications. Copilot works across Outlook, Word, Teams, and Excel — precisely the tools the front office already uses. Early use cases such as drafting routine messages, translating approved content, summarising meeting notes, and adapting tone for international clientele are well within the tool’s capabilities.

There is also a market-timing argument. FINMA’s 2025 survey found that about half of surveyed Swiss financial institutions already use AI in day-to-day work. A bank exploring this space is not acting unusually — it is moving with an industry trend that is already well underway.

But the licence is not the hard part. The control model is.

The real question

For a Swiss private bank, the question is not whether Copilot can speed up email drafting. It can. The question is whether AI-assisted drafting can be permitted while preserving confidentiality, conduct discipline, suitability controls, auditability, and supervisory defensibility.

FINMA’s Guidance 08/2024 is directly on point. Supervised institutions are expected to identify, assess, manage, and monitor risks arising from both internal and external AI applications. That guidance does not prohibit the use of tools like Copilot, but it sets a clear expectation: AI belongs inside governance structures, not outside them.

Three risks that matter

Permission amplification. Microsoft states that Copilot only accesses data a user is already authorised to access, inheriting existing permissions, labels, and retention controls. That sounds reassuring — but it means weak entitlement hygiene becomes more dangerous, not less. If SharePoint, Exchange, Teams, or OneDrive permissions are loose, Copilot makes overexposed information easier to discover and reuse.

Data-boundary gaps. Microsoft says prompts and responses under enterprise data protection are not used to train foundation models — an important safeguard. However, Microsoft’s EU Data Boundary documentation states that web search queries are excluded from the boundary, and that Anthropic model usage falls outside it when those models are invoked in certain Copilot experiences. For a Swiss bank, this does not rule the platform out, but it means feature-level decisions matter.

Output risk. In private banking, a plausible-sounding but inaccurate draft can create legal, conduct, reputational, or supervisory problems. Wording may touch investment positioning, product framing, performance implications, or confidential relationship context. Generative AI does not understand the regulatory weight of what it writes.

Data sovereignty is not just about the datacentre

Microsoft operates two Azure regions in Switzerland — Zurich and Geneva. Core Microsoft 365 workloads can be provisioned with data-at-rest in these regions. The infrastructure for keeping data in Switzerland exists.

But Copilot introduces processing flows that go beyond storage. When a user invokes Copilot, the prompt and surrounding context are sent to a large language model for inference. Microsoft has committed to processing EU Data Boundary customers’ data within the EU — but Switzerland is not in the EU. Whether Microsoft contractually commits to processing Swiss tenants’ Copilot prompts within Swiss or EU boundaries is a question that requires verification. Web search grounding and Anthropic-backed model invocations are explicitly outside the EU Data Boundary — concrete paths by which data can leave Switzerland even if the underlying mailbox stays in Zurich.

The deeper issue is legal jurisdiction. Microsoft is a US-headquartered company subject to the US CLOUD Act, which can compel US providers to produce data regardless of where it is stored, and to potential FISA Section 702 exposure for non-US persons’ data. Swiss banking secrecy under Art. 47 of the Banking Act creates a direct tension. A bank storing client communication data in a Microsoft tenancy — even a Swiss-hosted one — needs to assess whether US government access requests could force disclosure that would violate Swiss law.

The FDPIC — the Swiss Federal Data Protection and Information Commissioner — has published guidance on cloud data processing and positions on the use of US cloud providers that are directly relevant here. Any bank conducting its CLOUD Act risk assessment should consider the FDPIC’s guidance alongside its FINMA-required risk evaluation, as the Commissioner’s views on cross-border data access and US jurisdictional reach inform the standard of care expected under Swiss data protection law.

“Swiss datacentre” and “Swiss data sovereignty” are not the same thing.

What a controlled rollout looks like

The prudent course is conditional approval within a defined governance framework, not open-ended rollout. The appropriate posture is that Copilot may assist with drafting, rewriting, summarising, and formatting, but a human banker remains accountable for every outbound client communication.

A control framework ahead of any front-office deployment would typically include:

  • Defined permitted use cases. Drafting routine service emails, translating approved wording, summarising meeting notes, adapting tone to house style — yes. Free-form generation of investment advice, legal commitments, or product statements — no, unless tightly template-bound and separately controlled.
  • Data-access hygiene review. Because Copilot inherits existing authorisations, a permissions clean-up across Exchange, SharePoint, Teams, and OneDrive is not optional — it is part of readiness.
  • Feature-level decisions. Web grounding, agent creation, and any features invoking models or processing paths outside preferred boundaries should be evaluated individually. Microsoft’s documentation is explicit about which features have distinct data-boundary implications.
  • Human review before sending. All client-facing emails generated or materially rewritten by AI should be reviewed by the responsible banker before dispatch. AI may propose; it should not autonomously communicate.
  • Monitoring and evidence. Sampling of generated drafts, categorisation of failure modes, language-quality checks, confidentiality incident review, and a documented decision log. FINMA expects supervised institutions to manage and monitor AI-related risks, and such evidence would matter in any supervisory review.

The bottom line

A Swiss private bank can make a credible case for Microsoft 365 E7 and Copilot in the front office. The near-term productivity gains — particularly for multilingual drafting and communication support — are real. But the correct framing is not “buy E7 and let bankers use AI.” The correct framing is: license E7, then introduce AI-assisted client communications under a narrowly defined, monitored, review-based control regime.

That is the version most likely to deliver productivity without creating a governance problem that did not need to exist.