The revised circular is out for consultation until the end of January. The notice from FINMA also notes that the requirements for insurance companies under the circular have been relaxed.
The FINMA notice lays out the major points in the circular:
Internal and external outsourcing placed on a par
FINMA expects intra-group outsourcing to be treated with the same caution and subjected to the same level of monitoring as external outsourcing. The key implication here is that all the requirements defined in the circular will now apply equally to intra-group outsourcing.
New requirements for systemically important banks
Where the outsourcing of critical services is concerned, systemically important banks must now meet additional requirements which are intended to prevent detrimental impacts on potential restructuring and resolution activities. The new requirements also ensure that the emergency plans of these institutions take adequate account of outsourced activities and that critical services are no longer outsourced to banks in the same financial group.
Appropriate selection, instruction and control of service providers
The circular specifies that institutions must maintain an inventory of outsourced services. This provides clarity regarding the range of outsourced activities, particularly if an institution has to be restructured. Similarly, if activities are outsourced abroad, all the information required for recovery, resolution or liquidation must now be accessible in Switzerland at all times. The rules governing the selection, instruction and control of service providers have also been revised in order to ensure that institutions take account of potential interdependencies and cluster risks when selecting outsourcing partners.
Circular based consistently on regulatory law
The revised circular omits any reference to data protection law since this is regulated definitively under civil law in the Data Protection Act.
FINMA Press Release
“Information relevant to the consultation” paper
“Key points” circular