Cyber Risik & Cyber Security

Cyber Risik; Banks; Corporate Governance; Regulatory Compliance; Penetration Test


Cyber security is on the radar of the Swiss regulator. FINMA revised its corporate gov-ernance requirements for banks by consolidating the provisions of circular 2008/24 ("Su-pervision and internal control - banks"), the associated FAQ, and requirements defined in other circulars into a new circular 2017/1 entitled "Corporate governance – banks". FINMA has also revised circulars 2008/21 ("Operational risks - banks") and 2010/1 ("Remunera-tion schemes"), which have entered into force on 1 July 2017.

The revised "Operational risks" circular introduces new rules on managing IT and cyber risks. Under the revised circular the top management is obliged to develop and implement a general IT risk management concept as well as a detailed risk management concept concerning cyber risks.

Furthermore, the banks are, under the revised "Operational risks" circular, obliged to do regular vulnerability analyses and penetration tests to protect critical and/or sensitive data and IT-Systems against cyber attacks.



Please read here our full article in German. 

Your team


In need of legal, tax or compliance advice? We look forward to contacting you.

From the magazine

Virtual General Assembly

For more than ten years, the revision of company law has been discussed and with it the introduction of the virtual general assembly.

Robo Advisor

In the investment advisory and asset management business, personal advice from the financial services provider has so far been the main focus. In the course of the omnipresent digitalization, this area is also experiencing the beginning of a new age. Banks, securities dealers, asset managers, investment advisors and also software developers, often start-ups, are increasingly offering their customers services controlled by artificial intelligence. The so-called "Robo-Advisor", which uses automated and algorithm-based methods to determine investment recommendations and, if necessary, also makes and executes investment decisions for the client, is opening up exciting new business models with not insignificant scaling potential. Especially in the field of virtual assets, such applications are currently emerging. However, the use of such software in a highly regulated area such as the financial market brings with it many questions, some of which are still unresolved from a regulatory perspective. Depending on the focus of the offering and the business model, providers of such services require a license from the Swiss Financial Market Supervisory Authority ("FINMA") or affiliation with a supervisory organization ("AO") or a self-regulatory organization ("SRO"). This article outlines the main features of the relevant financial market regulation and the questions that are currently open.

All magazine reports


All publications