FINMA Revisits Corporate Governance Guidelines for Banks

On 1 November 2016, the Swiss Financial Market Supervisory Authority FINMA (FINMA) announced its publication of a new circular relating to the supervisory requirements for banks, specifically with regards to corporate governance, internal control systems and risk management. At the same time, FINMA published amendments to existing circulars in relation to remuneration schemes and operational risks for institutions. These combined new and modified requirements incorporate the latest international corporate governance standards as well as post-financial crisis risk management conclusions.

By Philippe Weber / Christina Del Vecchio (Reference: CapLaw-2016-46)

1) Introduction

On 1 November 2016, FINMA published its new circular 2017/1 entitled “Corporate governance – banks” relating to the supervisory requirements for banks in connection with corporate governance, internal control systems and risk management. The new circular further consolidates the provisions of circular 2008/24 (“Supervision and internal control – banks”), the associated FAQ and requirements defined in other circulars. On the same date, FINMA published amendments to existing circulars in relation to remuneration schemes and operational risks for institutions. These combined new and modified requirements incorporate fundamental international developments in corporate governance as well as risk management conclusions following the global financial crisis. The new circular and the amendments to existing circulars will enter into force on 1 July 2017.

The press release and the accompanying new and amended circulars can be accessed directly on FINMA’s website at

2) Corporate Governance Circular: Overview of Key Provisions

The new FINMA circular follows a principles-based approach to the regulation and oversight of supervised banks and other financial groups (collectively, “institutions”). Furthermore, it expressly recognizes the principle of proportionality in the application of the supervisory requirements. Through a principle-based approach, institutions will have a certain degree of discretion in how to implement the circular’s requirements in accordance with the specific needs, business model and risks that each institution’s businesses and operations face.

In addition, the circular provides specific guidance on the requirements for corporate governance, internal control systems and risk management, each briefly summarized below. Importantly, the circular does distinguish in certain instances between the requirements that apply to all institutions and those that only apply to larger (e.g. FINMA supervisory categories 1-3, but not 4-5) or systemically relevant institutions. Nevertheless it remains possible in certain circumstances to apply for exemptions from FINMA.

a) Corporate Governance

In essence, the new circular provides for a “checks and balances” approach to the structure of an institution’s board of directors and executive management and sets out the division of responsibilities between the board of directors and the executive management in greater detail. The circular also revisits the requirements for board members, setting certain minimum requirements (including with regards to independence, but not with regards to diversity).

FINMA is also separately considering amendments and extensions of the corporate governance disclosure requirements for all banks (FINMA Circular 2016/1 Disclosure – Banks). It is anticipated that this revised circular will be released in December 2016.

b) Internal Control Systems

In the new circular, FINMA further outlines the minimum requirements for the organization of internal control systems at institutions. Furthermore, FINMA notes that effective internal control systems need to focus on both risk management and compliance, each tailored for the respective institution’s size and complexity. The new circular also outlines the parameters and requirements for an institution’s internal audit function.

c) Risk Management

All supervised institutions will also need to develop a risk management framework that is approved by the institution’s board of directors. In addition, all institutions included in FINMA supervisory categories 1 through 3 will need to appoint a chief risk officer that oversees risk management matters. However, the chief risk officer will also be permitted to oversee other non-profit generating functions, such as compliance. While smaller institutions will be permitted to have combined audit and risk committees, larger institutions will need to have separate audit and risk committees.

3) Amendments to existing FINMA Circulars: Remuneration Schemes and Operational Risks

On 1 November 2016, FINMA also noted the amendments to the circulars relating to remuneration schemes (2010/1 FINMA Circular Remuneration Schemes) and the assessment of operational risks at banks (2008/21 FINMA Circular Operational Risks Banks).

The key amendments to the FINMA circular relating to remuneration schemes include (i) the extension of the circular’s application in full to banks, securities dealers, financial groups and conglomerates, insurance companies, insurance groups and conglomerates that are subject to Swiss financial market supervision (subject to equity capital thresholds) and (ii) the explicit prohibition of hedging transactions that run counter to the effectiveness of the elements of a firm’s remuneration system.

The revisions to the circular addressing operational risks at banks introduces new guidelines on the management of information technology, including client data, and cyber risks and also incorporates principles relating to legal and reputational risks in cross-border financial services. In essence, the amendments are intended to better reflect the diversity of operational risks that the financial services industry currently faces.

4) Outlook and Conclusion

Following the financial crisis, global regulators have revisited the regulation and oversight of financial markets and institutions, paying particular close attention to corporate governance and effective risk management. Indeed, FINMA’s most recent contributions announced on 1 November 2016 are consistent with this global effort. Notably, while the circular relating to corporate governance comes into force on 1 July 2017, institutions will, subject to certain exceptions, have a transitional period of one year to comply with newly imposed requirements.

Philippe Weber (
Christina Del Vecchio (