Protecting financial market clients and ensuring the proper functioning of the financial centre is FINMA’s core responsibility. Alongside its direct supervisory activities, audit firms make a significant contribution to achieving this responsibility by undertaking regulatory auditing tasks. They serve to extend FINMA’s reach and perform their duties on its behalf. Audit firms are thus expected to be consistent in exercising this role.
The auditing process assesses institutions’ compliance with supervisory requirements and whether they can continue to adhere to these requirements for the foreseeable future. Audit firms are requested by the supervised institutions to carry out these audits, which are conducted in line with FINMA's specifications.
The auditing process comprises the basic audit and the additional audit.
The basic audit involves carrying out a regular assessment of all supervised institutions in a particular supervisory area or a clearly defined group of supervised institutions to ensure compliance with fundamental requirements set out in supervisory law. FINMA defines a minimum standard audit strategy for each supervisory area.
Additional audits assess audit areas depending on the business model or risk situation of a particular supervised institution.
As the basis for their regulatory audits, audit firms generally issue FINMA with an annual risk analysis on each supervised institution. As part of this risk analysis, FINMA expects auditors to present a forward-looking view of the audited institution’s risk situation. This can have a significant impact on the audit areas, and the frequency and depth of the audit to be performed.
Where required - if specialist expertise is needed, for example, or if FINMA requires an independent opinion on a specific subject - FINMA may appoint mandataries for additional case-related audits, each of which results in a separate report.