Financial Crime World

Here is the rewritten article in markdown format:

Switzerland’s Financial Sector Prepares for New Data Protection Act

The new Data Protection Act (nDPA) in Switzerland has introduced significant changes to strengthen data protection regulations in the financial sector. The nDPA, which came into effect on September 1, 2023, aims to enhance transparency and accountability by establishing explicit expectations for data controllers and processors.

Three Key Changes Impacting Financial Institutions

The nDPA has brought about three key changes that will have a direct impact on financial institutions in Switzerland:

  • Rule-Based Approach: The new act introduces a rule-based approach, shifting away from the principle-based approach of the GDPR. This means that financial institutions must adapt their existing frameworks to meet more stringent and precisely defined requirements.
  • Record of Processing Activities (ROPA): The nDPA requires organizations to maintain a comprehensive ROPA, similar to Article 30 of the GDPR. This record will serve as an inventory detailing all data processing activities conducted by the organization, providing transparency and accountability.
  • New Approach to Sanctions: The nDPA introduces a new approach to sanctions, imposing fines on individuals for violations against data protection regulations. In contrast to the GDPR’s fines imposed by data protection authorities, the nDPA allows public prosecutors to handle violations, potentially leading to enforcement actions beyond Switzerland’s borders.

Challenges Ahead

Financial institutions in Switzerland will need to navigate these changes and adapt their data processing practices accordingly. The process of establishing a ROPA retroactively may be challenging for large organizations with complex data processing operations. Additionally, the new sanctions regime may require financial institutions to consider the potential legal consequences in various jurisdictions.

Next Steps

To ensure compliance with the nDPA, financial institutions should:

  • Conduct a comprehensive assessment of their existing data processing practices and identify areas that need adjustment.
  • Involve stakeholders from various departments, including IT, legal, compliance, and senior leadership.
  • Establish a robust data protection framework that meets the new requirements.

Expert Guidance

KPMG Switzerland is a leading expert in guiding financial institutions to achieve compliance with both the nDPA and the GDPR. With extensive experience in the field, we offer tailored solutions, ensuring robust data protection measures and enhanced transparency. Our proven track record makes us a trusted partner for seamless compliance in the Swiss financial industry.