Here’s the rewritten article in markdown format:

Cyber Risk Regulation in Switzerland: Key Points for Financial Institutions

Switzerland’s financial institutions must navigate a complex regulatory environment to mitigate cyber risks. Here are the key points to consider:

FINMA Guidance on Reporting Cyber Attacks

The Swiss Financial Market Supervisory Authority (FINMA) has issued guidelines for reporting cyber attacks to FINMA. This is crucial for institutions to ensure compliance and minimize potential consequences.

Key Requirements

• Institutions must report cyber attacks “immediately” within 24 hours of detection and assessment by the responsible account manager.
• A comprehensive report must be submitted within 72 hours.
• For severe or high cyber attacks, a conclusive root cause analysis must be submitted once the institution has finished processing the case.

Consequences of Non-Compliance

Violating reporting obligations is subject to criminal sanctions under FINMASA, including imprisonment and fines. This highlights the importance of strict compliance with regulatory requirements.

New Obligation to Report Cyber Attacks to NCSC

Draft legislation introduces an obligation for critical infrastructure providers to report certain cyber attacks and information security weaknesses to the Swiss National Cyber Security Centre (NCSC). While the final provisions are not yet settled, it is clear that stricter reporting obligations are on the horizon.

Enhancing Cybersecurity with FS-CSC

FINMA has established the Swiss Financial Sector Cyber Security Centre (FS-CSC) as an affiliate, aiming to enhance the financial sector’s ability to withstand cyber risks. This development reflects the increasing focus on cybersecurity and information sharing among institutions.

Conclusion

The regulatory environment surrounding cyber risk in Switzerland is evolving rapidly. Financial institutions must stay informed about changing requirements and obligations to ensure compliance and mitigate potential risks.