Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
About FINMA
The Financial Market Supervisory Authority (Eidgenössische Finanzmarktaufsicht, FINMA) regulates independent financial markets in Switzerland. It ensures that Swiss financial markets function effectively. It has prudential supervision over banks, insurance companies, exchanges, securities dealers, and other financial institutions.
FINMA published Circular 2023/1 Operational risks and resilience to define the requirements that banks, securities dealers, and insurance companies must follow when they outsource to a service provider any functions that are significant to the company's business activities. Any company that outsources its business activities is accountable to FINMA just as it would be if it carried out the outsourced functions itself.
Microsoft and FINMA
To help guide financial institutions in Switzerland considering outsourcing business functions to the cloud, Microsoft published A compliance checklist for financial institutions in Switzerland. By reviewing and completing the checklist, financial organizations can adopt Microsoft business cloud services with the confidence that they're complying with applicable regulatory requirements.
When Swiss financial institutions outsource business activities, they must comply with the requirements of FINMA and be aware of other requirements and guidelines that include those of the Swiss Bank Act, the Swiss Bank Ordinance, and the Swiss Insurance Supervision Act.
The Microsoft checklist helps Swiss financial firms conducting due-diligence assessments of Microsoft business cloud services and includes:
- An overview of the regulatory landscape for context.
- A checklist that sets forth the issues to address and maps Microsoft Azure, Microsoft Dynamics 365, and Microsoft 365 services against those regulatory obligations. The checklist can be used as a tool to measure compliance against a regulatory framework and provide an internal structure for documenting compliance, and help customers conduct their own risk assessments of Microsoft business cloud services.
Microsoft in-scope cloud platforms and services
How to implement
- Compliance checklist: Switzerland: Financial firms can get help in conducting risk assessments of Microsoft business cloud services.
- Financial use cases: Use case overviews, tutorials, and other resources to build Azure solutions for financial services.
Frequently asked questions
Is regulatory approval required?
No. The FINMA permits the use of public cloud computing without approval, as long as you comply with the requirements set out in the regulations and guidelines listed earlier.
Are there any mandatory terms that must be included in the contract with the cloud services provider?
Yes. In Part 2 of the Compliance Checklist, we map these terms against the sections in the Microsoft contractual documents where you find them addressed. In addition, the Swiss Federal Data Protection and Information Commissioner (FDPIC) supplies a sample contract for transborder outsourcing of data processing. This contract is the same as the Standard Contractual Clauses (also known as EU Model Clauses) under the Microsoft Online Services Terms.