The Swiss Financial Market Supervisory Authority FINMA has published today the definitive version of its partially revised Circular "Operational risks at Banks". The Circular sets out qualitative requirements for managing operational risks. In particular, it provides guidelines for handling electronic client data. The Circular enters into force on 1 January 2015.
The Circular "Operational risks at Banks" (FINMA-Circ. 08/21) has been partially revised. Its partial revision sought to include key international standards for handling operational risks in the Swiss regulatory framework. The term "operational risks" includes a wide range of events extending from legal cases and fraud offences to incidents involving IT issues.
Six international principles included
The Circular sets out the "Principles for the Sound Management of Operational Risk" issued in June 2011 by the Basel Committee on Banking Supervision as six thematic principles. Those principles specify that responsibility for the management of operational risks lies with top management. They also require banks to have in place a systematic approach, systems and controls, reporting and an IT infrastructure that identify, limit and monitor these risks appropriately.
Specific requirements for electronic client data
Where necessary, FINMA can in future lay down specific requirements for managing operational risks in certain areas. Since in recent years in Switzerland attention has been drawn to the operational risks involved when handling electronic client data, FINMA has now defined additional rules in Annex 3 to the Circular. Nine principles thus set out the proper management of the risks involved in order to preserve the confidentiality of electronic client data, i.e. those of individuals (private clients).
Size of bank determines application
The qualitative requirements described in the Circular are in relation to the size of the bank. "Small Banks" have been exempted from applying certain provisions. This group comprises banks and securities dealers in category 4 and in certain cases in category 5.
Changes relative to the consultation draft
Reaction to the consultation on the partially revised Circular was mixed. The amount of detail outlined in Annex 3 was particularly criticised. FINMA thus revised the part referring to the handling of electronic client data, taking a number of arguments made for adjusting and simplifying the details into account. The partially revised Circular enters into force on 1 January 2015 which allows adequate time for supervised institutions to prepare for compliance with the new rules.
Vinzenz Mathys, Media Spokesperson, phone +41 31 327 19 77, firstname.lastname@example.org