Auditing for financial market infrastructures

Following the entry into force of the Financial Market Infrastructure Act (FMIA) on 1 January 2016, supervised institutions were required to apply for or renew their authorisation. A uniform approach to auditing these institutions was also developed and integrated into FINMA's previous audit practice. Audit firms, acting on FINMA's behalf, play a central role in regulatory auditing.

FINMA is also responsible for supervising financial market infrastructures. However, the Financial Market Infrastructure Act (FMIA) states that systemically important financial market infrastructures are also subject to monitoring by the Swiss National Bank (SNB). In order to avoid overlaps in supervisory practice, FINMA and the SNB have defined their respective roles. On the one hand, the two authorities will exchange information and views, while on the other, key audit documents (risk analysis, audit strategy and reporting) will have to be provided simultaneously to both the SNB and FINMA. This will give both authorities access to equivalent information, enabling appropriate supervision and monitoring.

Risk analysis and audit strategy

Audit firms conduct a detailed independent assessment of the risk situation of supervised institutions and use a standard form to communicate the results to FINMA. The SNB is also informed in the case of systemically important financial market infrastructures. The purpose of the risk analysis is to examine all audit areas and quantify the net risk posed by the combined risk factors. It forms the basis for developing the audit strategy. This determines the audit depth and the frequency with which a supervised institution's individual audit areas are audited.

The Financial Market Infrastructure Act (FMIA) defines a number of authorisation types (e.g. trading venues, central counterparties, central securities depositories, trade repositories and payment systems). To avoid having to produce a separate appendix for each authorisation type, the respective authorisation type can be selected in both the risk analysis and the audit strategy. Once this has been done, only those audit areas which are specific to that authorisation type are displayed. Many audit areas are relevant to more than one authorisation type. In the case of systemically important financial market infrastructures, both FINMA and the SNB were involved in designing both standard forms.


Once an audit firm has completed a regulatory audit of a financial market infrastructure, it communicates the results to FINMA in the form of a standardised report. Where the infrastructure in question is systemically important, the results are also shared with the SNB. The report contains information about the conduct of the audit, a declaration of independence on the part of the audit firm, and further information about the business activities and organisation of the audited institution. It also contains the audit firm's opinion of each individual audit area. The final section of the report contains detailed comments on all irregularities which have been identified or on recommendations for improvements.

Audit mandataries

In exceptional circumstances, FINMA can appoint an audit mandatary. Potential candidates for this role are approved audit firms and independent third parties with relevant experience and specialist knowledge.


Annexes to Auditing Circular

Guidelines for Auditing Circular


Für Prüfgesellschaften von Finanzmarktinfrastrukturen

Updated: 20.02.2017 Size: 0,31  MB
  • Language(s):
  • DE
Add to personal download list
Model report on regulatory auditing for financial market infrastructures

Applicable from 2018 (supervisory reports for audit periods starting from 1 January 2017 or later)

Updated: 20.09.2017 Size: 0,24  MB
  • Language(s):
  • DE
  • EN
Add to personal download list

Change of audit firm