CH · Framework

FINMA — FINMA Circular on Cyber Risk

FINMA Circular 2023/1 codifies expectations for operational resilience and cyber risk management at Swiss banks, covering baseline controls, governance requirements and ICT reporting.

What it is

FINMA Circular 2023/1 codifies expectations for operational resilience and cyber risk management at Swiss banks, covering baseline controls, governance requirements and ICT reporting.

Switzerland · In force 1 January 2024

Who it binds

Swiss banks and securities dealers under FINMA supervision, with proportionate application based on categorisation.

Key obligations

A board-approved cyber risk management framework
ICT baseline security controls for all relevant systems
Reporting of significant cyber incidents to FINMA
Annual cyber risk reporting to the management body

How CCI addresses it

CySSURANCE maps FINMA circular controls and computes the compliance gap; EviGen collects the evidence Swiss institutions need for annual reporting.

CySSURANCE platform → EviGen →

Official source

FINMA Circular 2023/1 — Operational Risks and Resilience — Banks

https://www.finma.ch/en/documentation/circulars/

The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.

← All frameworks