15/06/22
With the full revision of the ‘Operational Risk – Banks’ circular 2008/21, FINMA refines its supervisory practice regarding the management of operational risks. The areas information and communication technology (ICT), dealing with critical data, and cyber risks are materially changed. The to-be-approved circular will newly also cover requirements to operational resilience.
The new circular contains eight principles. Seven of them directly evolve from the previous principles and/or other sources of regulatory requirements already in effect. One of the eight principles, operational resilience, is new.
The following four principles are expected to affect financial institutions the most:
Principle 2: Management of ICT risks
Principle 2 is linked to the former principle on IT infrastructure. It specifies the regulatory requirements described in the revisions to the ‘Principles for the Sound Management of Operational Risk’ BCBS paper.
Principle 3: Management of cyber risks
The provisions on the management of cyber risks were extended within Principle 3: the new circular will include the requirement of a scenario analysis on cyber risks and further testing requirements.
Principle 4: Management of critical data risks
Principle 4 expands the qualitative requirements described in the BCBS papers, now including any type of data that are perceived as critical regarding confidentiality, integrity and availability.
Principle 7: Operational resilience
Principle 7 is new in the circular and is based on the ‘Principles for Operational Resilience’ issued by BCBS and aligns with international standards.
Start now using the time to prepare and to secure budgets that will be required for the significant changes, especially in the areas of ICT and operational resilience.
If you are interested in an exchange on how we can support you in becoming compliant with the new circular, talk to us to get the conversation going.
References:
1 ‘Recommendations for Business Continuity Management’ by the Swiss Banking Association.
2 ‘Principles of Operational Resilience’ (POR) and the revised ‘Principles of the Sound Management of Operational Risk’ (PSMOR) by the Basel Committee on Banking Supervision (BSBS).
#social#
Manager, Financial Services Risk Consulting, PwC Switzerland
Tel: +41 58 792 28 72
Senior Manager, Financial Services Risk Consulting, PwC Switzerland
Tel: +41 58 792 44 10