FINMA warns super- vised institutions of cybersecurity risks and provides guidance


The Swiss Financial Market Supervisory Authority (“FINMA”) identifies significant gaps in both the awareness of cyber risks and the implementation of corresponding regulatory requirements by financial institutions.

In June 2024, FINMA issued two new guidances on operational risks, with a particular focus on cyber risks. This Spotlight provides an overview of the legal obligations of supervised institutions regarding cyber risks, presents FINMA’s latest findings and recommendations in this area, and proposes a way forward for financial institutions to effectively manage their evolving cyber risks while ensuring compliance.

FINMA Issues Guidance on Cyber Risks and the Manage- ment of Operational Risk Management

In its new guidances, FINMA highlights shortcomings identified in its supervisory activities and outlines its expecta- tions on how supervised institutions should handle cyber risks and establish an appropriate operational risk management framework:

1. FINMA Guidance 03/2024 (“Cyber Risks“) summarizes FINMA’s findings from its supervisory activities on cyber risks. It offers guidance on how to manage cyber risks and clari- fies how to report cyber attacks and conduct…

Read More…