B-01-11

From 1 January 2025, banks, insurance companies and financial market infrastructures will have to report cyber attacks to the Federal Office for Cyber Security (FOCS) within 24 hours. The Federal Council has just put out to consultation the draft ordinance that implements art. 74a ff of the Federal Act on Information Security (obligation to report cyber attacks). As we explained earlier (see Hirsch, cdbf.ch/1261), banks will now have to inform the OFCS in the event of a cyber attack. The[...]

FINMA has published a draft of a new circular entitled "Rules of Conduct under the Investment Services Financing Act and the Investment Services Financing Ordinance". The aim of the draft is to enhance legal certainty two years after the end of the transitional period following the entry into force of these standards and the first prudential audit cycle on this subject. Overall, it is a relatively modest project. Rather than extending the scope or providing a general commentary, it is[...]

In its report of 10 April 2024 on bank stability, the Federal Council proposes the development of a senior managers' regime (SMR) as part of the "Too Big To Fail" (TBTF) framework. An SMR assigns specific responsibilities to the most senior managers and makes it easier for the supervisory authorities to identify those at fault. This commentary focuses on one of the 37 measures analysed by the Federal Council in its report (for a general commentary on the report, see[...]

Obtaining the relevant extracts from the database needed to assess FINMA's guarantees of irreproachable activity (formerly Watchlist) is a real crossroads for an employee who has temporarily given up exercising an activity subject to FINMA. The Federal Administrative Court (FAT) has confirmed that art. 8 aLPD (now art. 25 LPD) does not allow access to the documents that justified inclusion on the Watchlist to the same extent as in a genuine procedure on the merits to determine whether an individual[...]