Financial Crime World

FINMA’s New Regulation: A Wake-Up Call for Swiss Financial Institutions to Strengthen Critical Data Risk Management

The recently published FINMA circular 2023/01, “Operational Risks and Resilience - Banks,” has sent a clear message to financial institutions in Switzerland: effective management of critical data is no longer an option, but a regulatory requirement.

The Need for Effective Critical Data Management

The supervisory body has outlined the need for banks to ensure that their management of critical data is adequate, highlighting the potential risks associated with the loss or compromise of sensitive information. This emphasizes the importance of prioritizing effective management and protection of critical data assets to comply with FINMA circular 2023/01.

Deloitte’s Five-Step Approach

To help organizations meet the new regulatory requirements and manage effectively the risks associated with critical data, Deloitte recommends a five-step approach:

Step 1: Define Critical Data Consistently Across the Business

  • Identify factors such as impact on market, bank, clients, and regulators
  • Consider the potential risks associated with each factor

Step 2: Identify Critical Data

  • Understand your data landscape through:
    • Data modelling
    • Process mapping
    • Combination of both
  • Identify potential risks associated with each phase of the data life cycle, from creation to disposal

Step 3: Manage the Data Life Cycle

  • Segment the data life cycle into five phases:
    • Creation
    • Processing
    • Storage
    • Transmission
    • Disposal
  • Assess and mitigate different risks posed by each phase through appropriate measures

Step 4: Implement Risk Mitigation Measures

  • Generic groups of mitigation measures include:
    • ICT/cyber measures
    • Data management measures
  • Varying measures depending on the organization’s data strategy

Step 5: Demonstrate Effective Risk Management

  • Show that appropriate measures have been taken to mitigate risks

Conclusion

Financial institutions in Switzerland must prioritize effective management and protection of critical data assets to comply with FINMA circular 2023/01. Deloitte’s five-step approach can help organizations define critical data, identify potential risks, establish a data lifecycle management process, pinpoint key risks, and define appropriate risk mitigation measures to safeguard critical data.

Contact

For more information on how Deloitte can support your organization in addressing the challenges of critical data risk management, please contact:

  • Florian Widmer, Partner, Risk Advisory
  • Tobias Menz, Partner, Financial Risk Management
  • Vincenzo Chiochia, Director, Analytics and Information Management
  • Christian Daehler, Director, Risk Advisory

Deloitte is a leading global professional services firm providing audit, consulting, financial advisory, risk management, and tax services.