Swiss Financial Institution Risk Management Gets a Major Overhaul

The Swiss Financial Market Supervisory Authority (FINMA) has published a fully revised circular on operational risks at banks, taking into account advancements in technology and clarifying its supervisory practice. The circular will come into effect on January 1, 2024.

Key Changes and Objectives

• Provides guidance on managing operational risks, particularly those related to:
  • Information and communication technology
  • Critical data
  • Cyber risks
• Adopts the revised principles for managing operational risks and new principles on operational resilience published by the Basel Committee on Banking Supervision in March 2021

Consultation and Entry into Force Date

FINMA conducted a consultation prior to the full revision and received numerous responses from participants regarding the introduction timeline. As a result, it has changed the entry into force date to January 1, 2024.

From that date, the circular will replace the Swiss Bankers Association’s “Recommendations for Business Continuity Management” (BCM), which are currently recognized as a minimum standard.

Gradual Transitional Provisions

FINMA has introduced gradual transitional provisions over two years to ensure operational resilience and refined the definition of critical data. It has also clarified the dependencies and delimitations between business continuity management and ensuring operational resilience.

Contact Information

For further information, please contact FINMA spokesperson Vinzenz Mathys at:

• Phone: +41 31 327 19 77
• Email: vinzenz.mathys@finma.ch

Circular Updates

The revised circular updates FINMA Circular 08/21 “Operational Risks - Banks” and partially revises FINMA Circular 2013/3 “Prüfwesen”. The English version of the circular can be downloaded from the FINMA website.