The Swiss Financial Market Supervisory Authority FINMA is opening a consultation on the partial revision of FINMA Circular 2008/21 on "Operational risks at banks". While the partially revised Circular focuses on general qualitative requirements for managing operational risks, it also contains new provisions on risk-related issues. Moreover, it provides guidelines for handling electronic client data. The consultation closes on 1 July 2013.
FINMA's aim in partially revising this Circular is to have key international standards for handling operational risks included in the Swiss regulatory framework. Operational risks include a wide range of events extending from legal cases and fraud offences to incidents involving IT issues. The Circular sets out the "Principles for the Sound Management of Operational risk" issued in June 2011 by the Basel Committee on Banking Supervision as six thematic principles. The main focus is on core issues related to the handling of operational risks which are of particular relevance and have not already been addressed in other Swiss regulations. Principles on areas of responsibility, systems and controls, reporting and infrastructure are defined in the Circular.
Specific requirements for electronic client data
Alongside general qualitative requirements, FINMA can lay down specific requirements in certain areas. In recent years, attention has been drawn in particular to the operational risks involved when handling electronic client data. In this regard, the draft circular now contains guidelines on preserving the confidentiality of data handled electronically.
The partially revised Circular provides for differentiation in qualitative requirements depending on the size of the bank. Small banks and securities dealers whose business activities are not notably complex have been exempted from applying certain provisions. Quantitative (capital) requirements are in general not included in the partial revision of this Circular and thus remain unchanged.
Tobias Lux, Media Spokesperson, phone +41 31 327 91 71, firstname.lastname@example.org