Cyber Risik & Cyber Security

Cyber Risik; Banks; Corporate Governance; Regulatory Compliance; Penetration Test


Cyber security is on the radar of the Swiss regulator. FINMA revised its corporate gov-ernance requirements for banks by consolidating the provisions of circular 2008/24 ("Su-pervision and internal control - banks"), the associated FAQ, and requirements defined in other circulars into a new circular 2017/1 entitled "Corporate governance – banks". FINMA has also revised circulars 2008/21 ("Operational risks - banks") and 2010/1 ("Remunera-tion schemes"), which have entered into force on 1 July 2017.

The revised "Operational risks" circular introduces new rules on managing IT and cyber risks. Under the revised circular the top management is obliged to develop and implement a general IT risk management concept as well as a detailed risk management concept concerning cyber risks.

Furthermore, the banks are, under the revised "Operational risks" circular, obliged to do regular vulnerability analyses and penetration tests to protect critical and/or sensitive data and IT-Systems against cyber attacks.



Please read here our full article in German. 

Your team


In need of legal, tax or compliance advice? We look forward to contacting you.