Cybersecurity Supervision Audit for Financial Service Providers in Switzerland

March 3, 2021
Download PDF

The Swiss Federal Council adopted a strategic approach for critical infrastructure protection on 8 December 2017 for the period covering 2018 to 2022.  This resulted in an audit carried out at the Swiss Financial Market Supervisory Authority (“FINMA”) by the Swiss Federal Audit Office (“SFAO”) with a goal to reviewing the current state of financial services providers’ cybersecurity supervision.  Below are the SFAO’s three main findings:

The progress of these provisions in Switzerland is still not up in to speed

It has been found that there have been gaps in the cyber-risk framework for a number of years.  Due to the ongoing need to understand the overall relevant responsibilities and proficiencies, cyber-risk provisions are moving ahead slower than expected.

Adequate supervision is reliant upon the availability of resources

For FINMA, cyber-risk supervision is one of the six main risks, which has been evolving as resources became readily available.  However, there are other planned activities that have not been initiated or solidified yet.  This was indicated by FINMA at the beginning of 2020 which has led to organisational and formal adjustments.

The duty imposed on regulated financial institutions to report cyber incidents

The findings indicate that there have been reported cases of regulated financial institutions providing insufficient cyber incident reports.  The ensuing consequences have not been enforced as of now, even though proper procedures have been put in place.  

As of 15 February 2021, four recommendations have been issued by FINMA:

  1. Supervisory requirements in relation to cyber-risks have been extended to theinsurance sector and corresponding regulatory work will begin in 2021.
  2. Supervised entities must fulfil their reporting obligations of major cyberattacks (as per the notification sent out by FINMA in May 2020) and those who fail to comply will be dealt with by FINMA.
  3. FINMA will emphasise cybersecurity in its on-site inspections and plans to increase the number of visits in 2021.
  4. Surveys and audit results shall be conducted by the audit firms in a more systematic manner.

lecocqassociate is available to assist you regarding this update.  Please contact us with your queries

No items found.

Related resources

Breaking Data Breaches (Social Media Data Leaks in April 2021)

Read article
Ethos
Practice & expertise
News
Insights
Team
Careers
Contact us
Locations
Brochure
Privacy Policy
LinkedIn
Twitter
Instagram

Geneva

Boutique Law Firm
Ave de la Gare des Eaux-Vives 28,
CH-1208 Geneva, Switzerland
t:
+41 22 707 9333
f:
+41 22 786 1468

Malta

Regulatory Advisory Practice
Swiss Urban Factory,
The Regulatory Suite
5, Saint Frederick Street,
Valletta VLT 1470 Malta
t:
+356 224 82910
f:
+356 224 82919

Dubai

Structuring Advisory Practice
Central Park Offices,
Office 15-32,
Dubai International Financial Centre
(DIFC), P.O.Box 506652, Dubai, UAE
t:
+971 4 242 7843
f:
+971 4 242 8081

Abu Dhabi

Legal Consultants
Al Sila Tower, Office 2478,
Al Maryah Island,
Abu Dhabi Global Market Square,
(ADGM), P.O.Box 128666, Abu Dhabi, UAE
t:
+971 2 694 8693
f:
Open cookie preferences