+41 44 51 52 59 0

Newly released FINMA regulations for Swiss banks, securities and insurance providers.

Beginning on April 1, 2018, FINMA (The Swiss Financial Market Supervisory Authority) will begin enforcing a number of new regulations on Banks and Insurance companies. Officially the 2018/03 Outsourcing – Banks and Insurance Companies, the new circular requires a range of new requirements to be adhered to by Swiss banks, securities dealers and insurance companies with regards to outsourcing their business operations to other third-parties and service providers.

The new legislation outlines a new type of principle-based attitude which is positioned to present a less intrusive and more neutral approach toward the use of technology for financial business. Technology and other means are able to be implemented into business operations to assist in improving risk management and business operations.

Outlined below are the major changes to the framework:

— These new outsourcing regulations now apply to insurance companies and insurance companies with legal domicile in Switzerland, branches and also foreign insurance businesses. The framework also applies to Swiss banks, securities dealers and the Swiss branches of foreign banks and securities dealers.

— The way in which companies determine whether their outsourcing activities are within the scope of this new framework has been redesigned to be more abstract and ambiguous. Those who operate within this scope are responsible for determining whether this function is ‘material’, with regard to the business model of the governing company. The new framework describes a ‘material’ function as one which is required to comply with provisions and regulations and when major financial supervision is required.

— Data protection and bank secrecy are no longer listed within the framework, though, there are still the original requirements when outsourcing agreements are concerned.

— Financial businesses within the scope of the new framework are now required to keep inventory tabs of all functions which have been outsourced. This new requirement may cause a minor financial load on these businesses.

— All outsourcing activities must be pre-planned and there must also be a risk analysis conducted in direct relation to the outsourcing activities before they take place.

There are no major specific exceptions outlined in the framework which are relevant to intragroup outsourcing agreements. That said, there are some regulatory requirements which must still be adhered to. There also may be exceptions if the intragroup;

  • has demonstrably non-existent risks when regarding the specific outsourcing,
  • the requirements regarding the framework do not exist or are irrelevant
  • the requirements are regulated elsewhere by another framework or body
  • foreign companies which are used by Swiss companies as service providers are now required to prove that they are not being audited by a foreign or external auditor who is enforcing audit rights based on legal opinions or by certificates and letters from a foreign authority. These providers must keep Swiss related information secure. On top of this, the outsourcing company must be in a position to where FINMA and other authors are able to successfully audit the operations.

– Previously there was a FINMA requirement for Swiss financial companies to disclose to their customers that their data and information is being outsourced to a foreign service provider. This is no longer required. Though, there are still frameworks in place which require the Swiss companies, on occasion, to notify their customer that there is a third party involved.

These changes are all subject to a 5-year transition period. Within the next 5 years, all of the above changes must be amended and added to banks and securities dealers operations. This also requires amendments with outsourcing companies to be made.

Once a bank or-or securities dealer makes these changes, the new rules are immediately required to come into effect, regardless of when, within the 5 years, the changes were made.

On April 1, 2018, all new insurance companies will be required to follow the regulations set out in the new framework. All existing insurance companies are required follow the new rules either within the 5 year transition period or as soon as their business plan and internal regulations are updated.

Source: FINMA