FINMA Circular 2023/1 - What does it mean for your data strategy and data management?

23/02/23

On 13 December 2022, the Swiss Financial Market Supervisory Authority FINMA published the fully revised circular on operational risks and resilience at banks (FINMA Circular 2023/1). With this circular, FINMA refines its supervisory practice regarding the management of operational risks, particularly in connection with information and communication technology, handling of critical data and cyber risks. In addition, the revision incorporates the requirements for operational resilience.

The circular will enter into force on 1 January 2024, where additional gradual transitional provisions for ensuring operational resilience apply over two years.

What changes for data management?

Chapter IV, letter D – ‘Critical data risk management’ of the FINMA Circular 2023/1 expands the previous focus on confidentiality of Client Identification Data (CID) to include the dimensions integrity and availability of critical data. Critical data is defined as data considered to be significant for the successful and sustainable provision of services or data required for regulatory purposes.

Key action items

To ensure compliance with the requirements regarding critical data risk management of FINMA Circular 2023/1, organisations need to specifically address the following topics:

  • Establish a data strategy which needs to be linked to the overarching business strategy of the institution, as well as other relevant strategies, e.g. IT strategy, and needs to be approved by the Board of Directors (BoD).
  • Define and implement data governance structures – based on our experience, the definition of clear tasks, competencies and responsibilities for dealing with critical data is a challenging topic, as it is very often also a political discussion.
  • Define a structured methodology to identify and categorise critical data regarding confidentiality, integrity and availability.
  • Define appropriate processes, procedures and controls for dealing with critical data along the entire data lifecycle.

Please do not hesitate to contact us if you are interested in an exchange on how we can support you in becoming compliant with the FINMA Circular 2023/1 or require assistance for any other topic related to data management.


FINMA Circular 2023/1 - What does it mean for your data strategy and data management?

Learn more in our flyer

#social#

Contact us

Prafull Sharma

Prafull Sharma

Partner, Cloud & Digital Leader, PwC Switzerland

Tel: +41 58 792 18 72

Beate Fessler

Beate Fessler

Director, Risk Consulting, PwC Switzerland

Tel: +41 58 792 19 67