IT security, especially dealing with cyberrisks, remains a priority for banks and for FINMA’s supervisory activities. Supervision in 2019 will centre on the continuation of on-site supervisory reviews as part of direct supervision. FINMA will also look at the planning and execution of scenario analyses to review how banks manage crises caused by cyberthreats. Moreover, FINMA will exchange information with other national and international bodies on these issues. The increase in banks’ outsourcing operations will be a supervisory focal point in 2019. FINMA will concentrate in particular on on-site supervisory reviews of banks and key service providers, including notably cloud computing.
FINMA successfully set up two teams for managing on-site reviews and intensive supervision. It will focus more strongly on increased operational risks in the future. It will also pay close attention to cyberrisks and the replacement of LIBOR.
As was the case last year, in 2019 the focus will be on strengthening the resilience of Switzerland’s financial market infrastructure against cyberattacks. A review based on the CPMI-IOSCO Guidance on cyberresilience for FMIs revealed in which areas there is still potential for improvement. Within FINMA, this issue is being addressed across the entire organisation so as to allow comparisons to be made between all the entities subject to supervision by FINMA.
FINMA believes that fund management companies and collective investment schemes will face challenges not only in the form of IT and cyberrisks but also from the rising trend towards outsourcing data and services to cloud providers. This topic is currently being analysed by means of a survey of these market players.
(From the Annual Report 2018)