In its 2024 Risk Monitor, the Swiss Financial Market Supervisory Authority FINMA has identified nine significant principal risks for the financial sector. It derives its supervisory focus from these. In times of heightened geopolitical tensions, FINMA has also identified increased risks in the area of sanctions and in the number of cyberattacks, particularly via third parties.
FINMA today publishes its 2024 Risk Monitor. This report provides an overview of what FINMA believes are the most important risks currently facing supervised institutions and describes the resulting focus of its supervisory activity.
Lower risk of interest rate shocks but increased geopolitical risks
The likelihood of interest rate shocks has diminished compared with last year given the current level of interest rates and the fall in inflation and FINMA no longer classifies interest rate risk as a principal risk in the 2024 Risk Monitor. However, the lower risk of interest rate shocks should be viewed with caution due to the increased geopolitical risks and the impact on sovereign or corporate credit spreads. The financial market environment continues to be afflicted by a whole range of uncertainties due to the current geopolitical dynamics and tensions. FINMA’s CEO Stefan Walter says: “In the current situation, we should not rule out a possible re-newed widening of sovereign or corporate credit spreads in view of the high debt levels in certain countries or in the corporate sector, which could be exacerbated by increased geopolitical tensions.”
Stronger focus on non-financial risks by FINMA
The principal risks addressed by FINMA in the 2024 Risk Monitor are both financial and non-financial in nature. “We have observed an increase in non-financial risks in particular in recent years. Last year, we included outsourcing risks for the first time and this year sanctions risks for financial institutions are listed as a separate principal risk in the 2024 Risk Monitor,” says Stefan Walter.
In addition, cyber risks remain very high and are therefore at the top of the agenda for supervisory measures. It is striking that a third of the cyberattacks reported to FINMA have an indirect impact on financial institutions via affected third parties. For this reason, the third parties of particular importance to the financial institutions are the focus of increased supervisory activity. Due to the tendency of financial institutions to outsource to a small number of service providers, this threat is further exacerbated by such a concentration.
Reasons for the increased risks of sanctions and cyberattacks
The provision of certain financial services or financing is prohibited as a result of trade sanctions and harbours the risk of violating sanctions for financial institutions. The legal and reputational risks for financial institutions in the area of foreign primary and secondary sanctions have increased considerably and are very difficult to contain. If the risks are realised, the consequences for the individual institutions and the reputation of the financial centre can be very serious.
In relation to the sanctions on Russia, FINMA has further expanded its access to data and carries out on-site reviews and investigations of sanctions management at various supervised institutions with high exposures. “Financial institutions must ensure that they comply with the risk tolerance they have defined, which must be commensurate with their business activities, in order to avoid reputational risks and legal consequences and protect the good reputation of the Swiss financial centre,” says Stefan Walter.
As regards the increased cyberattacks on service providers, it is apparent that the level of maturity for dealing with cyber risks is not always as high as at the financial institutions. FINMA has also identified a need for improvement at financial institutions with regard to responsibilities and control activities vis-à-vis their service providers as part of on-site reviews of outsourcing arrangements. As a result, FINMA will concentrate on the effective handling of outsourcing arrangements by financial institutions on the one hand, and on carrying out more on-site supervisory reviews of key service providers on the topic of cyber risks on the other.
The nine principal risks in the 2024 Risk Monitor
The principal financial risks addressed by FINMA in the 2024 Risk Monitor are credit risks associated with real estate and mortgages, credit risks associated with other loans, credit spread risks, liquidity and funding risks.
On the non-financial side, they are risks of sanctions, risks due to restrictions on cross-border market access, risks in the area of combating money laundering, risks associated with the outsourcing of business activities and risks resulting from cyberattacks.
