B-04-49 FINMA Guidance 08/2024

The credit scoring company must explain to the person concerned the procedure and principles applied in practice to establish his or her solvency profile. Furthermore, the company's business secrecy does not preclude the communication of information to the authority or the court, which must weigh up the interests involved (judgment of the CJEU of 27 February 2025 in case C-203/22). A mobile phone operator refused to allow an Austrian national (CK) to conclude a mobile phone contract, which would have[...]

Following on from the EU's General Data Protection Regulation (GDPR), the European Regulation on Intelligence artificial (AI Act) provides for a broad territorial scope, covering not only companies incorporated within the EU, but also some located in third countries such as Switzerland. Swiss financial intermediaries may therefore be affected by the AI Act, the extraterritorial dimension of which is presented in this commentary. A. Criteria for determining the territorial scope of the AI Act We will discuss here the two[...]

Banks and financial institutions are increasingly integrating artificial intelligence (AI) into their internal services and processes (see e.g. Jotterand, cdbf.ch/1377). In particular, this use can present operational, legal and reputational risks (see e.g. Levis, cdbf.ch/1380), as well as a growing dependence on third-party suppliers, especially for AI models and cloud services. Added to this is the difficulty of assigning clear responsibilities in the event of errors in the AI system or model. The use of AI by banks and financial[...]

The European Regulation on Artificial Intelligence (AI Act) adopts an approach based on the risks that an artificial intelligence system (AIS, cf. Caballero Cuevas, cdbf.ch/1382) may pose to the health, safety and fundamental rights of individuals. AIS are divided into four categories, respectively AIS presenting an unacceptable risk, AIS presenting a high risk, AIS presenting a limited risk and AIS presenting a minimal risk. This commentary focuses on the first three categories of AIS. A. AIS presenting an unacceptable risk[...]