Financial Crime World

Cybercrime on the Rise: Switzerland’s Financial Sector Takes a Stand

The rise of cybercrime has been a growing concern for financial institutions worldwide, with Switzerland being no exception. As digitalization accelerates and the COVID-19 pandemic continues to shape our new normal, lawmakers and regulators are stepping up their response to combat this threat.

Reporting Obligations: A New Era of Transparency

In an effort to enhance transparency and cooperation, several reporting obligations have been introduced in Switzerland. These include:

  • FINMA’s Guidance on the Duty to Report Cyber Attacks: Requiring financial institutions to report major cyber attacks on business-critical functions within 24 hours.
  • Amendment to the Swiss Information Security Act: Introducing an obligation for critical infrastructure providers to report certain cyber-attacks and information security weaknesses to the National Cybersecurity Centre (NCSC) within 24 hours.

FINMA’s Guidance: A Roadmap for Financial Institutions

FINMA’s Guidance provides a comprehensive framework for financial institutions to follow when dealing with cyber attacks. It outlines the criteria for determining whether an incident is of “substantial importance” and requires institutions to conduct a root cause analysis, including identifying the reasons behind the attack and its impact on regulatory compliance.

NCSC: A New Player in Cybersecurity

The NCSC is a newly established organization that aims to enhance Switzerland’s cybersecurity landscape. Its role will be to coordinate reporting processes with FINMA, ensuring that overlaps and redundancies are avoided. The NCSC will also work closely with financial institutions to promote best practices and crisis management.

Industry-Led Initiatives: A Collaborative Approach

The Swiss Financial Sector Cyber Security Centre (FS-CSC) is an industry-led initiative aimed at promoting collaboration between financial institutions and authorities on strategic and operational issues related to cybersecurity. Its members include major players such as the Swiss Bankers Association, SIX, and the Swiss National Bank.

Recommendations

To minimize exposure to cyber threats, Swiss financial institutions should:

  1. Familiarize themselves with FINMA’s Guidance on the Duty to Report Cyber Attacks
  2. Ensure compliance with reporting obligations to both FINMA and the NCSC
  3. Implement robust cybersecurity measures to prevent and mitigate cyber attacks
  4. Join industry-led initiatives such as the FS-CSC to stay informed about best practices and crisis management

By taking proactive steps, Swiss financial institutions can maintain a strong reputation in the market while minimizing their exposure to cyber threats.