More stringent rules for governing bodies and risk management
The “Corporate governance – banks” circular outlines the principles for corporate governance, the internal control system and risk management. Its provisions reflect findings from the financial market crisis and the revised international standards. Principles and structures for supreme governing bodies and executive boards have either been introduced or taken over from existing FAQs, as have the specific risk management requirements. For example, the supreme governing bodies of larger banks (supervisory categories 1 to 3) will be obliged to appoint an audit committee and risk committee and create the role of an independent chief risk officer. All banks will have to adhere to certain corporate governance disclosure requirements. Larger banks have extended disclosure obligations similar to the corporate governance guidelines for the Swiss exchange.
Wider range of operational risks
Supervisory practice has shown that operational risks in banking have become more diverse. As a result, Circular 2008/21 “Operational risks – banks” is to be updated and the corporate governance provisions removed. The risk management principle on technological infrastructure now specifically includes IT and cyber risks. A new principle on risks in cross-border services is also being added.
Binding provisions on remuneration systems restricted to large institutions
In principle, the provisions of Circular 2010/1 “Remuneration schemes” are now to apply only for institutions with complex remuneration systems and materially relevant compensation levels. The threshold for mandatory implementation of this circular is being amended accordingly and is now restricted to the two big banks and the largest insurance groups. However, FINMA may also oblige other banks to implement some or all of the provisions outlined in the circular where there are grounds for doing so.