Executive Summary, Key Findings and Recommendations

Switzerland has recently made major enhancements in the practice of banking supervision and now has a high level of compliance with the Basel Core Principles for Effective Banking Supervision (BCPs). Not all the results of improvement to date are embedded in the system or yet observable. The Swiss banking system is very large relative to the size of the economy, conducts significant transactions with non-residents, and contains two G-SIFIs with large international operations and a number of banks that are systemically important in domestic terms. The sector faces a number of challenges to parts of its business model as expectations related to transparency and tax authorities increase. Major Swiss banks are also adjusting to the new international prudential standards. More recently, several material issues have arisen in domestic or cross-border markets that have indicated weaknesses in controls or practices that are being dealt with by banks and the authorities. Given the nature of the Swiss banking system and its importance to the country and globally, it is essential that the supervisory system meet the highest standards for effectiveness. To reach that goal, Swiss authorities need to go farther along the path they have already started and aim for a higher level of intensive supervision.

Significant portions of guidance and legislation related to qualitative risk management and control standards are not as detailed or comprehensive as in many other major countries and need to be updated and selectively strengthened. Supervisory risk assessments and guidance to auditors, as the extended supervisory arm of the Swiss Financial Market Supervisory Authority (FINMA), need to be further materially improved, beyond what is now envisioned. Additional skilled resources within FINMA are necessary to meet these goals and to conduct more on-site supervisory work. The assessors saw many examples of high quality initiatives and practices in FINMA. The model of using auditors is understandable given the structure of the Swiss banking system to multiply FINMA expertise and take advantage of auditor’s global networks, but needs to be handled carefully. Switzerland has one of the most principles based approaches to rules and guidance among major countries. It remains considerably focused on capital and liquidity metrics, and less focused than necessary on qualitative elements of risk management and robustness of internal controls. The recommendations in this report would add to the effectiveness of supervision, would increase FINMA’s ability to assess the quality and completeness of information coming from auditors, and would put more incentive on auditors to perform in a better and more consistent manner. FSAP assessments focus solely on whether the core principles are met in practice, and take no position to endorse or otherwise a country’s basic supervisory approach.

Introduction

1. This assessment of the current state of the implementation of the Basel Core Principles for Effective Banking Supervision (BCP) in Switzerland has been completed as a part of a Financial Sector Assessment Program (FSAP) update undertaken by the International Monetary Fund (IMF) during 2013. It reflects the regulatory and supervisory framework in place as of the date of the completion of the assessment. It is not intended to represent an analysis of the state of the banking sector or crisis management framework, which have been addressed in the broader FSAP exercise.

2. An assessment of the effectiveness of banking supervision requires a review of the legal framework, and detailed examination of the policies and practices of the institution(s) responsible for banking regulation and supervision. In line with the BCP methodology, the assessment focused on banking supervision and regulation in Switzerland and did not cover the specificities of regulation and supervision of other financial intermediaries, which are covered by other assessments conducted in this FSAP.

3. The Swiss authorities agreed to be assessed according to the Revised Core Principles Methodology issued by the BCBS (Basel Committee of Banking Supervision) in September 2012. This assessment was thus performed according to a significantly revised content and methodology as compared with the previous BCP assessment carried out in 2002 which was conducted under the first BCP methodology.¹ It is important to note that this assessment cannot and should not be compared to the previous undertaking, as the revised BCP have a heightened focus on risk management and its practice by supervised institutions and its assessment by the supervisory authority, raising the bar to measure the effectiveness of a supervisory framework (see box for more information on the Revised BCP).

4. The Swiss authorities also chose to be assessed and rated against the Essential and Additional Criteria. In order to assess compliance, the BCP Methodology uses a set of essential and additional assessment criteria for each principle. The essential criteria (EC) were usually the only elements on which to gauge full compliance with a CP. The additional criteria (AC) are recommended best practices against which the Swiss authorities have agreed to be assessed and rated.² The assessment of compliance with each principle is made on a qualitative basis. A four-part grading system is used: compliant; largely compliant; materially noncompliant; and noncompliant. This is explained below in the detailed assessment section. The assessment of compliance with each CP is made on a qualitative basis to allow a judgment on whether the criteria are fulfilled in practice. Effective application of relevant laws and regulations is essential to provide indication that the criteria are met.

5. The assessors reviewed the framework of laws, rules, and other materials provided and held extensive meetings with officials of the Swiss Financial Market Supervisory Authority (FINMA), and additional meetings with auditing firms, and banking sector participants. The authorities provided a self-assessment of the CPs, as well as responses to additional questionnaires, and provided access to supervisory documents and files, staff and systems.

6. The assessors appreciated the cooperation received from the authorities. The team extends its thanks to staff of the authorities who provided cooperation, including provision of documentation and access, at a time when staff was burdened by many initiatives related to global regulatory changes and changes in Swiss supervisory processes.

7. The standards were evaluated in the context of the Swiss financial system’s structure and complexity. The CPs must be capable of application to a wide range of jurisdictions whose banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of application, according to the methodology, a proportionate approach is adopted, both in terms of the expectations on supervisors for the discharge of their own functions and in terms of the standards that supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize that its supervisory practices should be commensurate with the complexity, interconnectedness, size, risk profile and cross-border operation of the banks being supervised. The assessment considers the context in which the supervisory practices are applied. The concept of proportionality underpins all assessment criteria. For these reasons, an assessment of one jurisdiction will not be directly comparable to that of another.

8. An assessment of compliance with the BCPs is not, and is not intended to be, an exact science. Reaching conclusions required judgments by the assessment team.³ Nevertheless, by adhering to a common, agreed methodology, the assessment should provide the Swiss authorities with an internationally consistent measure of the quality of its banking supervision in relation to the BCPs, which are internationally acknowledged as minimum standards.

9. To determine the observation of each principle, the assessment has made use of five categories: compliant; largely compliant, materially noncompliant, noncompliant, and non-applicable. An assessment of “compliant” is given when all EC and ACs are met without any significant deficiencies, including instances where the principle has been achieved by other means. A “largely compliant” assessment is given when there are only minor shortcomings, which do not raise serious concerns about the authority’s ability to achieve the objective of the principle and there is clear intent to achieve full compliance with the principle within a prescribed period of time (for instance, the regulatory framework is agreed but has not yet been fully implemented). A principle is considered to be “materially noncompliant” in case of severe shortcomings, despite the existence of formal rules and procedures and there is evidence that supervision has clearly not been effective, the practical implementation is weak or that the shortcomings are sufficient to raise doubts about the authority’s ability to achieve compliance. A principle is assessed “noncompliant” if it is not substantially implemented, several ECs are not complied with, or supervision is manifestly ineffective. Finally, a category of “non-applicable” is reserved for those cases that the criteria would not relate to the country’s circumstances.

Institutional and Market Structure – Overview

10. Switzerland has a diversified financial sector that is systemically important to the global markets. It comprises a few significant global players in banking and insurance, two dozen cantonal banks, regional financial institutions, private banks, foreign banks, internationally oriented insurance companies, and many pension funds. It has one of the largest banking sectors globally in terms of assets to GDP. The two large banks rank among the world’s top ten banks and are designated as Global Systemically Important Banks (G-SIBs). Switzerland is a global leader in private wealth management with a market share of more than a quarter in global cross-border private banking. The Swiss financial system contributes about 10 percent to Swiss GDP and employs over 5 percent of the labor force.

11. The banking industry is highly concentrated, but also it has a large number of medium and small banks. The banking sector has approximately 70 percent of the total financial sector assets with CHF 2.7 trillion, or over 450 percent of the country’s GDP. The banking sector consists of 297 banks (end-2012), although the two large banks account for about one-half of the Swiss banking system’s global assets and are important intermediaries in global financial markets. They are classified as Category 1 banks by the authorities in terms of size and complexity. The two largest are universal banks in their home Swiss market but focus more selectively abroad, where they are global players in asset and wealth management and in certain investment and corporate banking businesses. They are systemically important domestically as well with a share of over 30 percent in local markets. Major Swiss banks have been leaders globally in the extent of their restructuring and exiting of certain business in response to changed profitability dynamics and enhanced capital and liquidity requirements.

12. Other banks are much smaller, although some of them are relatively large compared to the size of economy and are systemically important domestically or regionally within the country. There are some relatively large banks serving more domestic or European markets on the asset side but many also gathering funds internationally into their asset or wealth management arms. Three Category 2 banks average CHF150B of assets and the 27 Category 3 banks have average assets of some CHF20B. There are 24 cantonal banks included in from Categories 2 to 4, which are historically established by cantonal laws and play an important role in each region, with a share of around 15 percent of the total banking assets. They tend to be classic retail banks with deposit gathering and lending to individuals and enterprises, together with wealth management. There are also a number of small regional banks focusing on traditional retail, mostly mortgage finance, within specific geographical regions. Foreign banks and private banks are heavily involved in cross-border and wealth management activities. Potential risks to smaller banks tend to be in credit risk and interest rate risk in the banking book. Wealth management functions are more exposed to operational and reputational risk. The 250 smallest and least complex banks as classified by FINMA have median assets of CHF250m.

13. FINMA, an independent public law institution, is a unified supervisor which regulates and supervises banks. It was created in 2008 by unifying the Federal Banking Commission (EBK), which was in charge of supervision and regulation of the banking sector, the Federal Office of Private Insurance, the insurance regulator and supervisor, and the Anti-Money Laundering Control Authority, to improve the financial sector supervision and the supervisor’s international role. It started its operation from the beginning of 2009, but it had been long planned as the original bill was drafted in 2006 and the law was approved in 2007. In addition to regulation and supervision of banks and insurance firms, FINMA also regulates capital markets and their intermediaries. In terms of banking regulation, laws and ordinances are submitted by the Federal Department of Finance (FDF) and enacted by the Federal Parliament and Federal Council, respectively. The Swiss National Bank (SNB) has responsibility over the stability of financial system and is in charge of monetary policy operations. It also is responsible for the supply of liquidity and acts as a lender of last resort.

Preconditions for Effective Banking Supervision

14. Switzerland has a competitive economy with prudent public finances and one of the highest GDP per capita globally. Sound and sustainable fiscal policies are anchored in a debt brake rule contained in the federal constitution and in constitutions governing 25 of 26 cantonal governments. SNB conducts the country’s monetary policy as an independent central bank. It is obliged by the Federal Constitution and its statute to act in accordance with the interests of the country as a whole. It has to ensure price stability, while taking due account of economic developments. Within this framework, the National Bank Act also confers on the SNB the mandate of contributing to the stability of the financial system

15. The macroeconomic situation in Switzerland has been stable but facing difficulties in the past few years:

• GDP growth in Switzerland has decelerated and inflation remains negative. Driven by lower net exports, growth slowed in 2012 to only 1 percent and is expected to reach around 1¼ percent in 2013, and to regain momentum only gradually. Core and headline consumer price inflation are negative as the pass-through from the past exchange rate appreciation continues to run its course, while expectations are anchored in positive territory. Unemployment is low, and immigration is fueling labor force growth.

• The exchange rate floor was introduced by SNB and it has helped safeguard macroeconomic stability. The floor was introduced in September 2011 as a measure to contain the effects of “safe haven” flows into Swiss assets. These inflows resumed in mid-2012, prompting further heavy intervention and an expansion of the balance sheet of the SNB, but pressures on the Swiss franc have waned since late 2012. Following the introduction of the floor, the real exchange rate has depreciated. While there have been difficulties in some segments, Swiss exports have performed well in recent years. The current account surplus remains sizable, reflecting favorable net interest income.

• The fiscal position is strong. Discretionary fiscal policy is limited by the structurally balanced budget rule (“debt brake”) at the federal level and other fiscal rules at the cantonal level. With conservative budget planning and execution, the federal government has consistently outperformed the fiscal rule. The debt-to-GDP ratio is expected to fall further to about 45 percent of GDP in 2016, although there are spending pressures over the medium term and long-term challenges from population aging.

• Developments in real estate and mortgage lending are important macroprudential concerns. With interest rates at historically low levels, mortgage lending has accelerated, bringing mortgage debt to about 140 percent of GDP. In parallel, housing prices have been rising, particularly in certain segments of the market. The authorities have taken measures to address these risks as described below.

16. In terms of financial sector policies, Switzerland’s approach has been to be an early adopter of the new Basel capital and liquidity measures and to tailor them with additional add-ons for certain banks for systemic reasons. Higher minimum capital ratios apply to the two G-SIFIs and to a lesser degree also to other banks except the smallest ones. Stability in the financial sector has been significantly strengthened by the ‘too big to fail’ (TBTF) legislative revision for the regulation of systemically important banks. The revision was approved by Parliament on September 30, 2011 and put into force by the Federal Council on March 1, 2012. The corresponding amendments to the Capital Adequacy Ordinance (CAO) and the Banking Ordinance (BO) were passed by the Federal Council, approved by Parliament and entered into force on January 1, 2013.

17. The Federal Council decided on February 13, 2013 to activate the countercyclical capital buffer, targeted at mortgage loans financing residential property in Switzerland. This was on the recommendation of the SNB. Banks were required to hold an additional 1 percent of their risk-weighted assets in the mortgage sector by end September 2013 as a consequence of imbalances in the real estate sector built up during the last couple of years. The level of the buffer was further increased to 2 percent in January 2014.⁴ FINMA has also introduced measures to raise risk weights for mortgage lending and new requirements for mortgage financing through Swiss Bankers Association, including a minimum down payment and minimum repayment requirements

18. The role of SNB relates to macro-prudential supervision. The SNB is responsible for the designation of the systemically important banks according to Art. 8 of the Swiss Banking Act, and propose an activation of the countercyclical capital buffer to the Swiss Federal Council. Between FINMA and the SNB a Memorandum of Understanding (MOU) is in place. It provides for regular meetings at head of organization level and ongoing exchange of views in the areas of (i) assessment of the soundness of systemically important banks and/or the banking system; (ii) regulations that have a major impact on the soundness of banks, including liquidity, capital adequacy and risk distribution provisions, where they are of relevance for financial stability; (iii) contingency planning and crisis management.

19. Switzerland has a consensus-driven culture with strong support for principles-based, proportional regulation and supervision, once adopted. Rating agencies have described the domestic credit culture as conservative. The system of business laws is well developed, as is the practice of professions important to banking such as accountancy and auditing, the legal profession, and banking and risk management. However, given the size and reach of domestic banks, FINMA (and its predecessor) concluded that there were not sufficient high quality resources available in Switzerland to effectively conduct bank supervision using own resources only. That lead to the development of the supervision model of having the outside auditors of banks, and their global network, conduct regulatory audits on behalf of FINMA (as an ‘extended arm’), but paid for by the banks.

20. All stock corporations and other commercial entities in Switzerland must prepare financial statements including a balance sheet, an income statement and notes. The financial statements of stock corporations are subject to an annual audit. Publicly traded companies, banks, other financial institutions, mutual funds and pension funds are subject to additional reporting requirements. Auditors of public companies are subject to regulation and inspection by an independent authority.

21. FINMA is the supervisory authority and also the insolvency and resolution authority for banks and securities dealers in Switzerland. It is also responsible for intensified supervision of banks in a recovery status. At the point of non-viability, FINMA is responsible for establishing intervention measures, and the resolution or the liquidation of the bank. Systemically important banks, as required by FINMA, need to establish recovery plans which are subject to FINMA’s approval. In addition, FINMA defines institution-specific resolution plans. FINMA is responsible for the international coordination and cooperation process regarding the global resolution strategy for both Swiss G-SIBs.

22. In 2011, FDF, SNB and FINMA signed a tripartite memorandum of understanding on crisis management. The MOU governs exchange of information on financial stability and financial market regulation issues, as well as collaboration in the event of a crisis. In accordance with the MOU, strategic coordination of the crisis management organization and of any intervention is performed by a Steering Committee (SC), comprising the head of the Federal Department of Finance (FDF), the Chairman of the Governing Board of the SNB and the Chairman of FINMA. Meetings of the SC shall be held whenever necessary. FINMA leads international crisis management colleges for the two major Swiss banks, especially with participation of the United States and the United Kingdom.

23. Regarding recovery and resolution, the coming into force of the new Banking Insolvency Ordinance (BIO) established by FINMA was an important step for Switzerland. This Ordinance sets out the process to be followed so that not only shareholders but also bondholders contribute towards restructuring. As part of its restructuring plan, FINMA can order a compulsory conversion of bonds or a waiver of claims (bail-in): it ensures that banks can still continue to operate and safeguard financial stability. In the case of systemically important large banks, additional capital measures have been taken in the form of convertible capital (CoCos). This involves a two-stage approach which, as a first step, converts CoCos into equity capital. If this measure to sustainably stabilize the bank proves insufficient, the next step is resolution at the highest group level by means of a bail-in. This procedure triggers FINMA’s resolution strategy in cooperation with its key host regulators.

24. In 2008 the limit on depositor protection was increased from CHF 30,000 to CHF 100,000, and extended to employee pension accounts. In addition, the upper limit for overall secured assets was increased from CHF 4 billion to CHF 6 billion. In September 2011, the temporary provisions were made permanent in the revised Banking Act. The Depositor Protection scheme is set up as an ex-post financed association with which all banks in Switzerland must be affiliated. In the event of a bank going bankrupt, all members transfer to this scheme the amounts required of up to a total amount of CHF 6 billion within five days. To guarantee this, banks are required to deposit 125 percent of the guaranteed amounts in Switzerland.

25. Effective market discipline is promoted by the design of key policy measures, such as those related to resolution of banks, and by a transparency in disclosure of financial accounts. However, various observers have noted that disclosure under Swiss accounting rules is less in general than under international standards. The philosophy of complete bank secrecy related to individual account holders is being altered in some circumstances under international pressure and as a result of specific situations of questionable behavior. Market participants believe these trends will have implications for the business model of certain institutions.

Detailed Assessment

A. Supervisory Powers, Responsibilities and Functions

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.5 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.6
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision7 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	The Swiss Financial Market Supervisory Authority (FINMA) is responsible for supervision of banks in Switzerland. FINMA is “the authority that supervises the financial market” and a “public institution”. (Financial Market Supervisory Act (FINMASA) Art. 4). It is a unified supervisor; the law provides FINMA the supervisory authority over those licensed by it which includes banks, insurance firms, collective capital investments, and audit companies. (FINMASA Art. 2). FINMA’s authority covers licensing, supervision, application of corrective actions and sanctions, and issuing regulation in the form of ordinances and circulars. According to the National Bank Act (NBA), the Swiss National Bank (SNB) has the mandate to ensure price stability while taking due account of the development of the economy. Within this framework, the SNB has “to contribute to the stability of the financial system” (NBA Art. 5). It also is responsible for the supply of liquidity and act as a lender of last resort in the event of a crisis (NBA Art. 9). There are two particular areas where the SNB participate in decisions affecting microprudential supervision: Under the Banking Act (BA) Art. 8 para 3, the National Bank designates—after consulting FINMA—the systemically important banking institutions and their systemically important functions; and Under the Capital Adequacy Ordinance (CAO) Art. 44 the Swiss National Bank can issue a proposal to the Swiss Federal Council to activate, adjust, or deactivate a countercyclical buffer. Prior to issuing such a proposal, the Swiss National Bank must consult with FINMA. Cooperation between FINMA and SNB is described in a MOU between two institutions established in February 2010. The MOU focuses on the following areas: assessment of soundness of systemically important banks and/or the banking system; regulations that have a major impact on the soundness of banks; and contingency planning and crisis management. A high-level steering committee which meets at least twice a year as well as a standing committee which meets at least four times a year has been established for coordination, including on joint projects. It also provides a framework for information sharing including confidential ones. Currently the two largest banks have been designated as systemically important. The relevant legal fundamentals are made public on FINMA’s website and on that of the Swiss Federal Administration.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	FINMA’s objectives are provided as “[I]n accordance with the financial market acts, financial market supervision has the objectives of protecting creditors, investors, and insured persons as well as ensuring the proper functioning of the financial market” (FINMASA Art. 5). FINMA does so mainly by prudential supervision which – with regard to banks – “promotes the safety and soundness of banks and the banking system”. FINMASA Art. 5 also stipulates that “it (financial market supervision) thus contributes to sustaining the reputation and competitiveness of Switzerland’s financial center”. The authorities explain that this wording—“it thus contributes”—clearly subordinates the contribution to “sustaining the reputation and competitiveness of Switzerland’s financial center” to promoting the safety and soundness of banks and the banking system. They also explain that it is the way in which FINMA understands its responsibilities and conducts banking supervision and that this contribution is performed through creating robust regulatory and supervisory frameworks. The assessors were also informed that there is a Parliamentary initiative to expand the objectives of FINMA by amending FINMASA to include promoting the competitiveness of the financial center as one of the primary objectives. The act also requires FINMA, in exercising its regulatory powers, to take into account the effect that regulation has on competition, innovative ability and the international competitiveness of Switzerland’s financial centre, in addition to the compliance cost and international standards. (FINMASA Art. 7) Again, FINMA explains that this Article. does not cover supervisory actions and that it understands that this requirement is fulfilled by constructing a robust regulatory framework that contributes to the safety and soundness of banking system, and by ensuring meaningful consultation on new initiatives.
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile8 and systemic importance.9
Description and findings re EC3	FINMA is responsible for the supervision of banks and banking groups in Switzerland. The Swiss regulatory framework for banking supervision is formulated at three levels: Federal acts such as the Federal Law on Banks and Savings Banks (Banking Act, BA) and the Financial Market Supervision Act (FINMASA) are issued by Parliament. In the hierarchical structure of Swiss legislation, federal acts are subordinate to the Constitution. Under the Federal Constitution, all important legislative provisions must be passed as a federal act. This includes, for instance, severe restrictions on constitutional rights (e.g., economic freedom), basic provisions on the rights and obligations of persons and on procedures followed by the federal authorities. Federal acts are drafted by FDF and submitted to the parliament. The way this work is conducted depends case-by-case, but a project team consists of relevant parties including FDF and FINMA could be organized. The draft could be changed through the parliamentary process. Ordinances are based on parliamentary laws and are issued by the Swiss Federal Council or very occasionally by FINMA. The Federal Council can pass general legal provisions in the form of an ordinance insofar as it is empowered to do so by an act or directly by the Constitution. Federal ordinances are also drafted by FDF and submitted to the Federal Council. For administrative units such as FINMA to issue ordinances, explicit delegation in laws or Federal Council ordinances is required. Circulars can be issued by FINMA to set forth its practice with regard to the above regulations. The purpose of FINMA circulars is to enable the supervisory authority to implement legislative rules in a uniform and proper manner by specifying open, undefined legal norms and outlining generally abstract requirements for exercising discretionary powers. Circulars do not need any explicit legal basis in an act; their content, however, must be materially related to acts and ordinances. Circulars are binding for FINMA. Circulars must be approved by the board of FINMA. Compliance with all FINMA Circulars (as well as Acts and Ordinances) applicable to banks are subject to the annual audit process and issues of non-compliance will be reported in the annual audit report, based an assessment of risk and materiality. However, Circulars do not have the characteristics of Acts of Ordinance. Accordingly, a supervised institution may appeal against a Circular in a concrete case if the institution considers the Circular is not applicable for its particular circumstances. In addition to these, FINMA publishes guidance through various forms, including Frequent Asked Questions and FINMA position papers. Although these do not formally have same degree of enforceability, they are understood by banks and external auditors to compliment Ordinances and Circulars and banks need to adhere to them.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	The authorities observe developments on the financial markets, both nationally and internationally to identify and understand the relevant risks and follow the evolution of international regulations as well as its effects on Switzerland, and these developments, as well as parliamentary trigger the regulatory or legislative process. Regulations, including laws and ordinances are revised frequently; for example, BA was most recently amended in September 2011, BO June 2012, the new CAO was issued June 2012, and a number of circulars have been issued each year. However, as explained in relevant CPs, some circulars, particularly those related to specific risk management requirements, are not revised frequently enough to keep them updated and relevant. In the process of formulating regulations, FINMA communicates information on regulatory initiatives and their current status to various stakeholders. Draft regulations and explanatory reports are in general submitted for open consultation to give all interested parties the opportunity to express themselves. In general, comments received are published together with a report on the considerations and the adopted legislation. FINMA’s reactions to relevant issues raised during the consultation are included in the consultation report. Also, public hearings are held about draft regulations to involve wider stakeholders including depositors and other customers. If justified by the importance of a regulatory project and permitted by timing and circumstances, workshops and joint working groups with the supervised entities may also take place. Industry participants that assessors met were generally satisfied with their communication with FINMA, but some noted that more frequent and candid dialogue on regulatory issues between FINMA and the industry would be valuable.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	(a) FINMA has full access to banks’ and banking group’s Board, management staff and records as provided by FINMASA, Art. 29, which stipulates that “the supervised entities (including the institutions’ management and staff), their audit companies and auditors as well as persons or companies that are qualified investors or that have a substantial participation in the supervised entities must provide FINMA with all information and documents that it requires to carry out its tasks”. (b) Under certain circumstances, not only a bank as a solo entity but also a “financial group” or a “financial conglomerate” including related entities both domestic and cross-border becomes subject of group supervision by FINMA (BA Art. 3b f). (See Cp12.) As a consequence, FINMA reviews the overall activities of a banking group, both domestic and cross-border, if it is the lead home-country regulator of such a group. However, entities conducting non-financial activities are excluded from group supervision. (c) Branches and subsidiaries of foreign banks must obtain a license from FINMA. These institutions are subject to similar regulatory and supervisory requirements applicable to all other Swiss banks, including requirements to furnish information to FINMA.
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	If a bank poses problems as described above FINMA has the power to take the required corrective measures (see CP11). Depending on the gravity of a situation the following measures will be taken and escalated accordingly: Regular supervision: FINMA will address problems with the bank under its regular supervision. In this context, it may request the bank to take immediate corrective measures and impose time limits for the implementation. Enforcement: If (a) the bank does not implement the requested corrective measures under its regular supervision, (b) it is apparent that the bank is unable or unwilling to implement the required corrective measures, or (c) the situation poses immediate risks to the bank, the banking system or to the interests of depositors, FINMA will open administrative enforcement proceeding (Art. 30 FINMASA). Interim measures: In enforcement proceedings, FINMA can order interim measures to safeguard the situation. FINMA can appoint an investigating agent to implement the required corrective measures (Art. 36 FINMASA). Final measures: In enforcement proceedings, FINMA can order the restoration of compliance with the supervisory law (Art. 31 FINMASA). The possible measures are not pre-defined. In addition, FINMA can: bar a person from acting in a management capacity in the banking sector for a period of up to five years (Art. 33 FINMASA); confiscate any profit made through a serious violation of the supervisory provisions (Art. 35 FINMASA); and, revoke the banking license (Art. 37 FINMASA). FINMA is the competent authority for the resolution and/or liquidation of banks in Switzerland. In this regard, FINMA assumes the role of the ordinary bankruptcy authorities, i.e., FINMA decides on the liquidation of a bank (Art. 33 para 1 Banking Act, BA). FINMA may appoint one or several liquidators who are subject to its supervision (Art. 33 para 2 BA). FINMA may also itself assume the role of the liquidator (through a specialized unit within FINMA). In addition, FINMA is the competent authority to recognize the effects of bankruptcy/liquidation proceedings over a foreign bank in Switzerland.
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	FINMA establishes its consolidated supervision at the level of the parent company if the group of companies including a bank meets the definition of financial group as noted above. Thus parent companies are included in FINMA’s group supervision and required to provide information and documents. As noted above, group supervision supplements supervision of a bank as a solo entity. In addition, “qualified investors or that have a substantial participation” in a bank are also required to provide information and documents requested by FINMA. In case of companies affiliated with parent companies, if they are companies operating in the financial sector, they will also be subject to group supervision, which gives FINMA the ability to request information. If these companies are not operating in the financial sector, they will be exempted from group supervision and FINMA will have no direct power over these entities.
Assessment of Principle 1	Compliant
Comments	Changes to the objectives of FINMA to elevate promoting competitiveness to a main objective (as described in EC1) would risk confusing FINMAs mandate and would be contrary to this CP. Despite the compliant grade, there are weaknesses in the power of FINMA which are taken into account in assessment of other CPs. In particular, the existence of gaps in the regulatory framework, infrequency of updating circulars, and use of FAQs and other secondary documents to augment regulations, cause a challenge in consistent application of the regulatory framework and in supervisory activities.
Principle 2	Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	FINMA is created as a public law institution with its own legal personality and official seat in Bern (FIMASA Art. 4). Governance and independence of FINMA are specified in Section 1 of Chapter 2 of FINMASA and further underpinned by the secondary regulations on the organization of FINMA. FINMSA Arts. 9 and 10 and the related secondary regulation on the organization of FINMA specify the terms and conditions of the composition and tasks of the Board of Directors (BoD) and the management board. It requires BoD, which is appointed by the Federal Council and comprises seven to nine members, to be independent of the supervised persons and entities (FINMASA Art. 9 para 1). The Chair of BoD is not permitted to carry out any other economic activity nor hold any federal or cantonal office unless it is in the interest of fulfillment of the tasks of FINMA (FINMASA Art. 9 para 4). Further, FINMASA Art. 21 para 1 requires FINMA to carry out its supervisory activity autonomously and independently. FINMA is funded independently from the general federal budget by levying fees for individual cases and services as well as annual supervision charges on supervised entities (FINMASA Art. 15). FINMA’s budget is only subject to approval by FINMA’s BoD. The relevant Ordinance issued by the Federal Council sets a broad framework of fees and charges but it does not constrain FINMA’s ability to charge banks. FINMA’s annual report and three year strategic plan is subject to approval by the Federal Council. At least once a year, FINMA discusses the strategy for its supervisory activities and current issues of financial center policy with the Federal Council (FINMASA Art. 21 para 2). FINMA has its own Personnel Ordinance (subject to approval by the Federal Council) which provides FINMA with increased flexibility regarding the remuneration of its employees compared to the federal administration. FINMA explains that it enjoys a large degree of autonomy in the performance of its supervisory duties. Its decisions can only be appealed in court. For regulation above FINMA level (acts and federal ordinances) as well as for international policy development FINMA coordinates with other relevant authorities such as FDF and SNB. There are no observers from government, politics or industry present in meetings of FINMA’s BoD or Executive Board. The government cannot issue operational instructions to the supervisory authority. FINMA is accountable to the Federal Parliament, which exercises general oversight (“Oberaufsicht”) over FINMA according to the ordinary working modalities of the Swiss Parliament (FINMASA Art. 21 para 4). There are no provisions that allow Parliament or the Federal Council to intervene in operational issues under the FINMA’s responsibility, such as supervisory actions and decisions on individual banks. FINMA explains that there is interference on a day-to-day basis with FINMA’s supervisory work neither by Parliament nor by the Federal Council. Currently, however there is substantial parliamentary interest in FINMAs power to issue what amount to rules or guidance, and the effect on various aspects of the sector’s competitiveness. Proposals to change FINMA’s mandate are on hold pending a review of its regulation versus international norms. Recently, in response to FINMAs decision in 2012 to impose Pillar 2 requirements on midsize banks, Parliament passed a motion requiring the Federal Council to take this power away from FINMA and vest it in the federal council instead. That motion indicated in a non- binding way that the resulting Pillar 2 capital charges should be capped at values less than FINMA now has in place.
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The Federal Council appoints the FINMA’s BoD. In doing so, it must ensure the appropriate representation of both genders. It appoints the Chair and the Vice-Chair. It determines the level of remuneration. (FINMASA Art. 9 para 2). The BoD has to be comprised of seven to nine expert members, who are independent of the supervised persons and entities. The members of BoD, including the Chair and Vice Chair, are appointed for a term of office of four years; each member may be reappointed twice (FINMASA Art. 9 paras. 2 and 3). The Federal Council removes members of BoD “if the requirements for holding office are no longer fulfilled” without providing further details, although this has not happened to date. (FINMASA Art. 9 para 5). There is no requirement to disclose the reason(s) for removal. The Chief Executive Officer (CEO) and the members of the Executive Board are appointed by the BoD. The appointment of the CEO is subject to approval by the Federal Council (FINMASA Art. 9 para 1). Consequently, the Federal Council has to approve the decision of BoD to terminate the employment of CEO “if the requirements for holding office are no longer fulfilled” (FINMASA Art. 9 para 5). Moreover, the FINMA Personnel Ordinance Art. 9 para 4 provides that the termination of an employment contract, including the one for CEO, must be for objective reasons and they have to be communicated in writing to the person concerned. For the CEO and other members of the Executive Board, there is no requirement to disclose the reason(s) for removal.
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.10
Description and findings re EC3	FINMASA Art. 9 provides that BoD determines the strategic objectives of FINMA and submits them to the Federal Council for approval. The strategic objectives are determined for a period of 3 to 4 years and published on FINMA’s website (Strategic Goals 2013 to 2016). FINMASA also stipulates that BoD “draws up the annual report and submits the annual report to the Federal Council for approval prior to publication.” (Art. 9, Art. 22). This provides information on annual activities and priorities. There is also an annual hearing with the relevant Parliamentary Committees.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	FINMASA Art. 9 stipulates that the BoD decides on matters of substantial importance. Details on what constitutes matters of substantial importance are provided in FINMA’s Organizational Rules Art. 2 as: matters of considerable consequence for financial markets or of systemic importance as evidenced at one or more of the supervised institutions; matters of particular interest for the general public; matters that result in establishing rules of practice or a change thereto; matters involving a high liability risk for FINMA or having a long-term effect on FINMA’s reputation; and matters that are designated as such by at least three members of the Board of Directors. Thus, the BoD can be involved in making specific supervisory decisions, although FINMA explains the involvement of BoD on specific supervisory actions has been substantially reduced from its predecessor, EBK. The Executive Board, which is consist of CEO and Head of Divisions of FINMA, decides all matters that do not fall to BoD. In a few cases of lesser importance, the Executive Board may transfer this competence to the divisions. (Organizational Rules Art. 14) FINMA’s BoD as well as the Executive Board can, in urgent cases, pass resolutions via circular (including fax and email), making it possible to respond in a timely manner in the case of emergency. The Chair of the BoD can also take necessary decisions (Chairman’s resolutions) in lieu of the BoD (FINMA’s Organizational Rules Art. 9). FINMA’s internal governance rules at a lower level are mostly established in the Operational Regulations. Regarding conflicts of interest BoD members are required to be independent of the supervised persons and entities (FINMASA Art. 9). In addition, the Chair of the BoD is not allowed to carry out any other economic activities, nor hold any federal or cantonal office, unless they are in the interest of fulfilling FINMA’s tasks (FINMASA Art. 9). This restriction did not apply to other BoD members under the old rule, although they were not allowed to be members of executive boards or chairmen/vice chairmen of Boards of any supervised institutions. The authorities explain that recent appointments were only made under the condition that the candidate gives up any mandate in a supervised entity. Also, as described below, recusal rules apply to prevent potential conflict of interests. The authorities also introduced new rules in December 2013 prohibiting BoD members to engage in any activities in supervised institutions, although it will become effective from 2016. BoD also issued a Code of Conduct that is applicable to BoD and all staff members including members of the Executive Board. It sets out clear prescriptions regarding real and perceived conflicts of interest. For example, FINMA staff members who wish to assume an outside employment position needs to get an approval. Also, FINMA Personnel Ordinance regards outside work by a FINMA employee which results in a conflict of interest with the person’s activities within FINMA as incompatible with the employment with the FINMA, thus no approval will be granted. There are restrictions on transactions of securities of supervised entities, although it is somewhat relaxed for members of BOD who are not chair/vice-chair. The Code of Conduct also requires members of FINMA’s BoD, Executive Board and senior management to recuse themselves from consideration of matters concerning a supervised entity at which they were employed within the previous year.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	See EC4. FINMA’s Code of Conduct also includes the duty to protect the confidentiality of official matters (Art. 14). FINMA also has rules on the appropriate use of information (Regulations on the protection of information). In case of violation of these rules, sanctions such as dismissals can be imposed by FINMA (FINMA Personnel Ordinance Art. 10). A breach of official secrecy is liable to prosecution (Swiss Criminal Code Art. 320). The assessors found the quality of FINMA staff to be very high. This view is also generally shared by industry members who the assessment team met.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; salary scales that allow it to attract and retain qualified staff; the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; a budget and program for the regular training of staff; a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	FINMA is fully financially independent and has a stable and continuous source of funding. FINMA is funded by directly levying fees for individual cases and services as well as annual supervision charges on supervised entities (FINMASA Art. 15). FINMA’s costs not covered by specific fees are borne by the supervised banks. FINMA determines its budget for staff expenses itself, and the related fees and charges, on the base of its resource planning. FINMA views that it has adequate resources to conduct effective supervision and oversight as well as regulatory work on banks. In this context, it believes that its approach of making external audit firms an integral component (“extended arm”) of the supervisory process reduces the need for FINMA to have the specialized resources internally. Audit firms charge the costs of the regulatory audit directly to banks. FINMA’s budget for the banking supervision department has expanded from CHF 39.5 million in 2009 to CHF 65 million in 2013. The number of staff has increased from 371 FTE in 2010 to 442 FTE in 2012. Bank-related staff increased from around 87 FTE in 2010 to 98 FTE in 2012. Of these, some 38 are for off-site supervision and 22 are in risk management, both of whom also perform FINMA lead reviews. Authorization accounts for some 13 FTE and resolution/legal some 10-20 FTE. In addition, the authorities note that external auditors spend around 700 FTE per year for audit work in recent years. However that covers regulatory and financial audit and only some 200FTE of that is for regulatory audit across all categories of firms for normal supervision and some 135FTE is for special audits and model approval. FINMA did not have statistics for regulatory audit by category of banks. However based on the information for regulatory audit and financial audit combined, it appears that over two thirds would be for the Category 1 banks and foreign banks. FINMA has five off-site staff for each major bank, one each for the three Category 2 banks, seven for the approximately 30 Category 3 banks and 20 staff for the approximately 300 category 4 and 5 banks. Only some five of the risk management FTE time goes to banks in Categories 2–5. In certain specific areas such as operational risk, specialist staff is very limited. FINMA has put in place a head-count freeze. Senior management and the BoD is of the view that current staffing is adequate for banking regulation and supervision and do not see the need to increase it substantially. It informed assessors that the institution’s current focuses are on consolidating the institution after a rapid growth since FINMA’s establishment and on efficient use of existing resources. FINMA’s Personnel Ordinance sets out six different salary scales. FINMA explains that the framework of the salary range is sufficiently flexible to retain qualified staff at different levels, except those at the most senior levels. Also, FINMA states that it does not have understaffed key areas at the moment, and that it does not have much difficulty in attracting new staff, as it has a good reputation and can offer interesting jobs and good salaries. It acknowledges this is helped by the current market situation. Furthermore, FINMA relies on external auditors for some technical expertise. The recent turnover rates in the banking division are relatively low (6.8 percent in 2012, compared to 10.1 percent for FINMA overall). In the budgeting process, FINMA queries the scope of costs for external experts that have the necessary professional skills and independence with every department. Afterwards the amount of expected costs will be controlled by the CEO/Executive Board and the Board of Directors. If they agree, the expected costs are approved as a budget. Also during the budget formulation, a training budget has been explicitly set aside. In the years 2009 to 2011, the amount was CHF 2,000 per FTE per year, since 2012 the amount has been raised to CHF 3,000 per FTE. Every department has the responsibility to control the necessity of training for each person and to plan the training of staff. Regarding the budget for information system, required budget has been allocated. During the budget process, the necessity of additional IT tools is clarified, estimated and prioritized. Afterwards, the amount of expected costs will be approved by the Executive Board and the Board of Directors. Cost for travel is also considered during the budgeting process. The travel costs include trips for domestic and international meetings, on-site work, cross-border corporation and other important meetings. FINMA expresses that it does not experience any problem with these budgets.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	FINMA’s personnel planning focuses on determining that its future qualitative and quantitative staff needs are in line with the organization’s strategic needs e.g., FINMA’s Strategic Goals. FINMA states that it needs employees who have both competence and integrity, and operational demands (e.g., experience gained during supervisory reviews, changing supervision categories of several institutions, Basel III (Capital & Liquidity)) to perform its functions. The planned natural attrition of personnel in future years is matched with a succession planning. The resulting difference between supply and demand indicates the future quantitative and qualitative need for personnel. Further, this information feeds into the recruitment and development planning of personnel (e.g., planning personnel developing potential).
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	Supervisory programs and resource allocations follow a risk-based approach based on a pre-defined process (see CP8/9). For a bank requiring more attention, FINMA will assign more resources to ensure an appropriate level of supervision. The two biggest are overseen by a team of five to six people and supported by specialists in the risk unit as well as in the capital unit, making total FTE allocated to the two biggest banks around 30. For smaller banks, however, even for the three in Category 2, which could be domestically systemically relevant, only one person is assigned to a bank. For the roughly 30 banks in category 3 (which includes the cantonal banks), there are staff assigned, and for the smaller banks, a relationship manager oversees a portfolio of banks, which could consist of at least four to five banks. These supervisors are also supported by specialists, albeit to a much lesser degree. In discussions with assessors, those responsible for supervision of a range of smaller and mid-size banks indicate that between one-third and one-half of supervisory time overall is spent on AML/CTF and cross-border issues.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	FINMASA Art. 19 provides that FINMA is liable only if: a) its management bodies or its staff have committed a breach of fundamental duties; and b) loss or damage is not due to a breach of duty by a supervised person or entity. A breach of fundamental duties may have occurred if measures were taken in bad faith. FINMA and its staff are therefore appropriately protected from being held liable for supervisory measures conducted in good faith. Staff is not personally and directly liable in civil law for discharging their duties, although they can be prosecuted if permitted by the Department of Justice. If a staff member acts in good faith, FINMA’s policy is to cover the expenses of a criminal procedure (e.g., court and lawyer fees). The authorities report that litigations against FINMA have been relatively limited and there has not been any court ruling that is against FINMA since its establishment. No prosecutions or litigation has been made against staff members.
Assessment of Principle 2	Materially Non Compliant
Comments	Assessors are of the view that the current resources of FINMA are not sufficient to supervise and regulate the entire banking system effectively, including effective oversight of supervisory work done by external auditors, and that this is contributing to shortcomings in supervision and timely regulation, and weak practical implementation, as described in various CPs. FINMAs adherence to a head-count freeze, that it has decided upon, needs to be relaxed to achieve compliance and to achieve the recommendations in this report. This issue seems acute for middle sized banks which are not globally systemically important but still systemically important domestically. But even for the largest banks, the limited staff resources is constraining further in-depth supervisory work at the level of intensity and regularity being conducted elsewhere. For mid-size and smaller banks, there is a need to conduct more strategic work to address thematic issues that could have material implications, such as operational, legal and reputational risks. For regulatory work, the assessors found a few but important circulars are not updated as frequently as desirable. The assessors believe this is partly due to lack of personnel. The assessors understand that the use of external auditors as an extend arm of FINMA augment resources in FINMA. But, FINMA still needs to exercise enhanced oversight on regulatory audit activities and control quality by providing guidance, assessing works by auditors, and having frequent communications with them, which it understands and making efforts to improve the supervisory approach. There are also thematic supervisory reviews across ranges of banks that are not amenable to being assigned to regulatory auditors. While oversight of supervisors is necessary even in a system where supervision is mainly conducted ‘in-house’, more oversight work is needed where work is outsourced. Assessors appreciate that FINMA is rightly following a ‘quality instead of quantity’ resourcing strategy, but still see the need to increase its resources. Assessors saw no evidence of interference in FINMA’s day-to-day operational independence. However, the assessors view that there are some potential shortcomings in the current legal framework, including the legally stipulated need for FINMA to consider the competitiveness of Swiss financial center. The risk is that this could lead the supervisor to compromise their pursuit of safety and soundness of the banking system. The assessors are also concerned with the current Parliamentary initiative to upgrade this element of the FINMA’s objectives, and to limit FINMAs existing Pillar 2 authority. Related to the governance issue, the assessors found rules to address conflict of interest in FINMA were incomplete for members of FINMA BoD who were not the Chair and the Vice Chair. Given the current set up of the FINMA BoD which expects or permits the members to be involved in any decision regarding individual entities if supported by three of them, as well as regulatory issues that affect the industry, even with the recusal rules, there was a possibility that these gaps could damage the perceived credibility of the supervisor As noted in EC4, the authorities recently strengthened rules to address conflict of interest of members of FINMA BoD. Assessors welcome the decision but believe sound governance and ability to attract Board members could still be enhanced by more clearly delineating and limiting the FINMA Board’s ability to be involved in individual decisions. Thus, the assessors recommend the authorities take following actions: Increase resources for banking regulation and supervision in FINMA. Do not elevate the competitiveness objective in FINMA mandate. Instead, consider removing the reference to competitiveness if needed to avoid confusion and confirm that the primary objective for the supervisor is to promote the safety and soundness of banks and banking groups. Clarify and limit what decisions on individual institutions FINMA’s board should take. Maintain the current FINMA power to set Pillar 2 add-ons on a group of banks.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.11
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	BA Art. 23 authorizes FINMA to share confidential information and documents with other financial market supervisory authorities such as the Federal Audit Oversight Authority, the Swiss stock exchanges as well as SNB. A formal arrangement exists between FINMA, the Federal Department of Finance and the Swiss National Bank based on a tripartite MOU for exchange of information and cooperation in the event of crisis. On the information exchange, the MOU establish a senior-level meeting that meets at least twice a year to exchange information on the macroeconomic environment, the situation in the financial markets and the banking sector, domestic regulatory initiatives as well as international regulatory initiatives and standards concerning the financial markets and the banking sector, and challenges and risks facing the Swiss financial center. On the cooperation in the context of a financial crisis, it sets up a high-level Steering Committee and a working-level Committee on Financial Crisis. The latter meets at least once or twice in a year, regardless of whether there is a crisis. Between FINMA and the SNB a Memorandum of Understanding (MOU) provides for exchange of views in the areas of: (1) assessment of the soundness of systemically important banks and/or the banking system; (2) regulations that have a major impact on the soundness of banks, including liquidity, capital adequacy and risk distribution provisions, where they are of relevance for financial stability; and (3) contingency planning and crisis management. (See CP 2) An informal and frequent communication is also taking place with SNB to share information, exchange views, and coordinate their activities, particularly on the biggest banks. Furthermore, FINMA shares relevant confidential information and cooperates with federal and cantonal prosecution authorities, according to FINMASA Art. 38. Also, information can be shared with other domestic regulators including the Takeover-Board and the Competition Committee under the Anti-Money Laundering Act (AMLA) Art. 29.
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	FINMA has arrangements on cooperation and information exchange with foreign supervisory authorities. FINMA currently has MOUs with 17 jurisdictions, including most major financial centers. These MOUs specify, amongst other things, cooperation on information exchange and on-site inspection within the statutory framework provided by legislation. FINMA is an active organizer of and participant in Supervisory Colleges for cross-border institutions. For the two big Swiss banks, FINMA organizes an annual meeting with all interested foreign supervisory authorities which are of importance for the respective banking group (“general colleges”). In addition, more focused “core colleges” with the key US and UK regulators take place semi-annually. Typically, a US-based meeting focuses on investment banking activities, while a Swiss-based meeting focuses on wealth management activities. These extensive colleges complement bilateral international cooperation. For the two big banks, FINMA also conducts a few joint supervisory reviews annually with UK and US supervisors. This usually takes a form of sending several of its staff members to on-site works by the foreign supervisors, but FINMA also leads supervisory reviews where UK and US supervisors participate in the on-site work. FINMA highly values these exercises, as they promote deeper sharing of views and information among the supervisors, and can send strong and coordinated messages to the banks. FINMASA Art. 42 authorizes FINMA to cooperate with a foreign supervisory authority even in the absence of a specific agreement. If the cooperation involves the exchange of confidential data, FINMA generally requires an ad-hoc declaration from the requesting supervisory authority stipulating that: the information may only be used for the direct supervision of the regulated institutions; the supervisory authority is bound by official or professional confidentiality provisions; and the information may not be published or passed on to other authorities and bodies, including other supervisory or criminal prosecution authorities, without the prior consent of FINMA. FINMA explains that it receives a substantial number of requests each year, and that it is able to provide requested information in most of the cases. FINMA explains strong cooperation with other foreign supervisory authorities was necessitated and took part in international cases where Swiss banks are involved, such as the case regarding LIBOR or a substantial trading loss of a big Swiss bank that took place outside of Switzerland.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	Regarding cooperation with domestic authorities, the legal provisions stipulate that FINMA is authorized to transmit confidential information and documents to another domestic authority if they require the information to fulfill their duties. (FINMASA, Art. 38, BA Art. 23bis, AMLA Art. 29) Swiss legislation (BA Art. 43, Criminal Code Art. 320) provides for professional secrecy obligations, breach of which is subject to criminal law prosecution. Concerning foreign authorities, as described in EC 2, FINMASA Art. 42 expressly requires that in order to share non-public information with another competent foreign authority, the latter must be subject to official or professional secrecy and that the information is to be used exclusively for the direct supervision of foreign institutions. FINMA insists on a declaration by the foreign supervisor that the information will be used as confidential as an integral part of the request for administrative assistance with regard to compliance with the rules of confidentiality. FINMA also demands that the requesting authority grant an explicit warranty that the transmitted information and documents are used exclusively for the direct supervision of foreign institutions and that the transmitted information and documents are passed on to competent authorities or to bodies that are entrusted with supervisory duties that lie in the public interest only on the basis of a general authorization in an international treaty or with FINMA’s prior consent. FINMA notes that experience shows that foreign counterparts respect the confidentiality of information provided by FINMA.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	FINMA treats information from other supervisors as confidential and uses the information only for the direct supervision of the regulated institutions. Members of FINMA BoD and FINMA employees are bound by official secrecy under FINMASA Art. 14, FINMA Employees Act and the FINMA Code of Conduct. This duty applies not only with regard to third parties outside the government but also towards other offices of the federal or cantonal administration. In addition, FINMA must comply with the Data Protection Act that imposes restrictions on the processing of personal data. A violation of official secrecy may lead to administrative disciplinary measures and a prison sentence or a fine under Art. 320 of the Criminal Act. As a result, FINMA may in principle neither disclose confidential information nor transfer such information to third parties. However, FINMA has the competence to decide whether to waive official secrecy, according to a decision of the Swiss Supreme Court. In addition, FINMA is an ordinary member (member A) of the IOSCO MMoU. Under Articles 10 and 11 of the IOSCO MMoU, the principle of confidentiality and the principle of specialty are regarded to be great importance and have to be strictly implemented by each member. In the event that FINMA is legally compelled to disclose confidential information it has received from another supervisor, FINMA will promptly notify the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, FINMA will use all reasonable means to resist such a demand. FINMA may refuse to disclose information that is not publicly accessible or to hand over files to prosecution authorities and other domestic authorities where: (a) the information and the files solely serve the purpose of forming internal opinions; (b) their disclosure or handover would prejudice ongoing proceedings or the fulfillment of its supervisory activity; or (c) it is not compatible with the aims of financial market supervision, or with its purpose. (FINMASA Art. 40) FINMA notes that it has not been requested or ordered to disclose confidential information received from another supervisor.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	FINMA acts as both supervisor and resolution authority. Domestic cooperation among FINMA, SNB and FDF is provided in the framework established by the tripartite MOU. As described in EC 1, this MOU sets up a framework to deal with a crisis that threatens the stability of the Swiss financial system, that includes Steering Committee (SC) and the Committee on Financial Crisis (CFC). SC is in charge of performing strategic coordination of crisis management and any interventions to address the crisis, and will be made up of the Head of FDF who will chair the committee, the Chair of Governing Board of SNB and the Chair of FINMA. CFC consists of CEO of FINMA (chair) Vice Chair of the SNB Governing Board, and the Director of Federal Finance Administration, a unit in FDF. CFC is responsible for coordinating precautionary efforts and for crisis management. Even in non-crisis times, a meeting is held once or twice a year as a rule. In practice, the CFC meeting has been held regularly and frequently in recent years to share information on Swiss financial sector in response to the difficult environment surrounding global financial sectors. BA Art. 37f allows FINMA to coordinate with foreign authorities in case of foreclosure proceedings against a bank involves processes abroad. This Article aims in particular at avoiding creditors to avail themselves of deficient coordination to get overcompensation for their losses.
Assessment of Principle 3	Compliant
Comments
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	BO Art. 2a defines banks as enterprises which are active mainly in the field of finance and in particular those: who accept deposits from the public on a professional basis or solicit these publicly in order to finance in any way, for their own account, an undefined number of unrelated persons or enterprises, with which they do not form an economic unit, or who refinance themselves in substantial amounts from a number of banks which are not significant shareholders and with which they do not form an economic entity in order to provide any form of financing for their own account to an undefined number of unrelated persons or institutions.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	The Swiss banking system is based on the universal banking model and laws or regulation does not clearly define the permissible activities of banks. The banking license, in principle, authorizes exercise of a whole range of possible financial services (such as deposit, credit, asset management, trading, etc.). Non-banking activities are also permitted, provided that the main character of the bank as an institution continues to be mainly active in the field of finance. Unless the institution is not mainly active in the field of finance, it can be licensed as a bank. In supervisory practice, however, the scope of the bank’s operations needs to correspond to its financial capacities, personal resources and organizational structure. The bank must describe precisely its field of business operations with regard to its objectives and geographic terms in articles of incorporation, by-laws and business rules (BO Art. 7 paras. 1 and 3). Articles of incorporation, by-laws and internal regulation of the banks, including there revisions, are subject to FINMA’s formal approval (BA Art. 3 para 3). These documents provide a detailed scope of bank’s operation. Thus, FINMA can restrict and control the scope of bank’s activities. Banks which directly engage in insurance underwriting and selling are prohibited by the Insurance Supervision Act. Moreover, banks’ shareholding of non-financial firms are restricted to not more than 15 percent of their eligible capital and the total amount of such participation to not more than 60 percent. (BA Art. 9 para 4)
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	The term “bank” or “banker”, alone or in combination with other words, may only be used in the company name, designation of the business purpose or advertising, in the case of institutions which have obtained a license from FINMA (BA Art. 1 para 4). A violation to this provision could result in a fine of up to CHF 500,000 (BA Art. 49 para 1). On the contrary, there is no requirement for licensed banks to have the word “bank” in their names.
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.12
Description and findings re EC4	As a rule, only licensed banks are permitted to solicit deposits from the public on professional basis (BA Art. 1 para 2.). Accepting more than 20 deposits on a continuous basis is deemed as soliciting deposits on professional basis (BO Art. 3a para 2). This prohibition extends to all entities including natural persons, except in cases where the Federal Council provides exception where the protection of the depositors is insured. In practice, this is limited to corporate bodies that are established under public law where the state takes full responsibility for their liabilities (BO Art. 3a para 1). Such establishments are regulated and supervised based on individual regulations of public law. They are considered to be as equally stable as common banks licensed by FINMA. However, after the transformation of the postal saving to a licensed bank, there is no significant deposit taking entity outside of licensed banks.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	Lists of licensed banks operating in Switzerland, including branches of foreign banks as well as representative offices, are maintained and published on FINMA’s website in four different languages (German, French, Italian, and English).
Assessment of Principle 4	Compliant
Comments
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)13 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	FINMA is the legally established authority that issues banking licenses (BA Art. 3 para 1). Licenses (new licenses and changes in licensing requirements) are processed by a separate organizational unit (Authorization Department) that, alongside the banking supervisory sections, belongs to the Banks division. FINMA explains that the licensing and supervisory sections work closely together. When issuing licenses and changing licensing requirements, opinions are exchanged that take ongoing supervision into consideration. If there are differences of opinions, the division head will be involved to solve the issue. FINMA recognizes the importance of licensing processes given the country’s financial center function. The interest to establish operations in the country is still high in recent years with 55 preliminary as well as formal applications has been submitted in the last five years. New licenses contain conditions and requirements that must be considered when setting up a company. Initially, the business activities that the bank is allowed to conduct are limited, based on bylaws and other major internal rules authorized by FINMA. Those activities are then allowed to be expanded in a controlled manner, taking financial, personnel and organizational resources of the bank into consideration. As noted in CP 4, even after the initial stage, FINMA controls the scope of banks’ activities through authorization of their bylaws and other major internal rules which are required to state their business lines in a detailed manner. Unless authorized by FINMA, these rules will not be entered in to the commercial register and not become effective. During the first few years, a number of interim audits are conducted. Depending on the case in question, it is also possible to determine certain areas to be audited that require special attention when the bank is being set up.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	BA Art. 3 provides a number of criteria for licensing banks: Clear scopes of business and adequate organizational frameworks corresponding to their business activities; Establishment of separate bodies for management for one and for providing direction, supervision and control; Fully paid up capital that exceed the minimum determined by the Federal Council (CHF 10 million (BO Art. 4 para 2)); Persons for management who are of good reputation and be able to guarantee the proper conduct of business operations; Natural persons or legal entities that has qualified participation to guarantee that their influence will not have a negative impact on the sound and prudent management of banks; and Persons in charge of management to be domiciled in a place where they can exercise effective management and assume responsibilities. These broad provisions provide FINMA considerable room to set the licensing benchmark appropriately on a case-by-case basis, incorporating specific aspects that need to be addressed in order to be issued with a license for a particular case. FINMA further specifies its requirements for licensed banks in ordinances, circulars and FAQs, which apply to not only ongoing banks but also newly licensed banks. FINMA also publishes a guideline that lists documents an applicant need to submit, that includes detailed information regarding persons responsible for management, organizational framework, business plans, and budgets for first three years. Detailed official interpretation of the above criteria is not published or internally defined, but a booklet written by FINMA staff members explaining licensing process are widely used as reference by FINMA staff and the industry. Licensing process is conducted by the authorization department of FINMA. The staff of the department assess adequacy of application and their compliance to the licensing framework. In addition, an external auditor who will not become a regulatory auditor of the bank needs to assess the compliance of the applicant vis-à-vis licensing requirements. If the licensing requirements cannot be met, incomplete information is submitted or FINMA is not convinced about compliance with the licensing requirements for some other reason, the license is refused and the application is rejected. FINMA is authorized to issue formal decrees stating that a license has not been granted. Under the administrative procedural law in Switzerland, appeals can be made against those decrees to the Federal Administrative Court. Generally, however, applicants will usually withdraw their applications when a negative indication is informally communicated. Licenses issued that are based on incorrect information can be revoked under rules set out in the general administrative procedural law, although it has not happened to date. If there are few shortcomings and they can be remedied, less stringent measures can be taken.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	As mentioned in EC 2, the regulatory framework that applies to ongoing banks are also applies to newly established banks. Thus, during the licensing process, FINMA assesses whether the applicant will be able to meet requirements applied in ongoing supervision, in addition to the requirements only applied for licensing. Moreover, after banks are licensed, FINMA continuously monitors if banks are complying the conditions for licensing. This is one of the main issues that regulatory auditors assess.
EC4	The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.14 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	As noted above, BA Art. 3 para 2 stipulates that banks need to establish an adequate organization corresponding to the proposed business activities. Therefore, only structures that can be suitably supervised are permitted in which supervisory requirements can be implemented effectively. Structures that impede supervision, for example, very complex participation structures that are not transparent, are not permitted. The same paragraph requires senior management of a bank domiciled in Switzerland must be resident in the place where they manage and bear responsibility for the bank. This is to ensure that the main management functions of a Swiss bank are in Switzerland, including for globally active banks. In the case of latter, at least the majority of senior management, including those who assume the most important leadership responsibilities, needs to reside in the vicinity in which the bank is domiciled. The same applies at group level: if FINMA is responsible for supervising the group, effective group control should be anchored credibly in Switzerland. Business structures (off-shore/shell entities) without substance are not allowed. If a foreign bank operates from Switzerland or does business only or primarily in or from Switzerland, its organization must comply with Swiss law and is subject to the provisions for Swiss banks. (FBO-FINMA, Art. 1 Para 2)
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	The fit and proper test are applied for qualified shareholders and other persons substantially influencing a bank during the licensing process and banks must comply to the requirement on an ongoing basis (BA Art. 3 para 2 let. c.bis). Qualified participation is defined in the same paragraph of BA as holding directly or indirectly at least 10 percent of the capital or voting rights of a bank or persons who are in any other way able to influence the bank’s business activities in a significant manner. BA requires qualified participants of banks to guarantee that their influence will not have a negative impact on the sound and prudent management of the bank. The authorities explain that, in comparison with directors and managers, the fit and proper requirement for qualified shareholders focuses more on reputational aspects and not on banking experience and technical know-how. These are usually assessed through references and other means, including interviews if necessary. To enforce the fit and proper standard, FINMA is authorized to impose sanctions that include the suspension of voting rights or revocation of the banking license (BA Art. 23 ter), although this rarely happens. This fit and proper requirement also aims at granting a clear and transparent participation structure up to the ultimate beneficial owner. BO Art. 6 para 2 requires legal entities who have qualified participation in an applicant to provide information regarding their group structures; para 4 requires persons holding qualifying participation to declare the participation is for their own account or on a fiduciary basis. In addition, significant shareholders are required to disclose the origin of their wealth and provide evidence of the capacity to inject further capital if needed. Qualified shareholders and banking institutions are under a legal duty to report relevant shareholdings and any changes to FINMA.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	BO Art. 4 para 1 stipulates that fully paid in capital must amount to at least CHF 10 million. In the event that a founding shareholder decides to contribute assets other than cash in exchange for the shares issued by the new company, the value of the assets contributed and the extent of liabilities of the shareholder must be verified by a recognized auditing firm and be confirmed to FINMA before authorization. If an existing corporation is converted to a bank, not only paid in capital but also the entire amount of Core Equity Tier 1 can be counted to constitute the initial capital with permission by FINMA. There is also an exception for banks affiliated with a central organization and guaranteed by it. (Bo Art. 4 paras. 2,3)
EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.15 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	BA Art. 3 para 2 requires that “the persons charged with the administration and management of the bank must be of good reputation and must guarantee the proper conduct of business operations”. Further, FINMA FAQs on Board of directors of banks and securities dealers, which is applicable to both newly established banks as well as ongoing banks, provide further details by stipulating that “the members of the supreme governing body should enjoy a good reputation and have sufficient leadership skills, both individually and as a group, as well as the necessary specialist knowledge and experience in banking and finance” and “the body as a whole should have a sufficiently broad background mainly to ensure that—in addition to the main business operations—all other important areas such as finance and accounting, risk management, controlling and compliance are adequately represented”. Similar provisions also exist for financial groups and financial conglomerates (BA Art. 3f). Further, BO provides that all members of the board and management must enjoy an excellent reputation and give proof of no previous convictions and that they are expected to disclose all the details of any completed or pending legal and administrative proceedings (Art. 6 para 1). As mentioned above, the FAQ explains that the bank’s board members need to understand the corporate structures and risks of the institution’s individual business areas and those of the company or group as a whole. In practice, assessors were informed that if the potential candidates are often already known to FINMA or their CVs show conclusive evidence of relevant professional experiences and absence of indications of irregularities, the assessment is done on the basis of the standard documents mentioned in BO Art. 6, i.e., information on their nationality, residency, qualified participations in other companies, and any pending legal or administrative proceedings, as well as signed CVs, references and extracts from the Central Penal Register. In less obvious cases, FINMA applies many other methods to evaluate evidence and conduct further background checks. Additional information can be obtained for example via investigations of the professional or private environment of the person, inquires with other authorities or foreign embassies, investigations using on-line tools (e.g., World Check, Factiva, Google, IOSCO-Portal), assessment of transparency over the due diligence process regarding and behavior in the authorization procedure, and disclosures on remuneration and source of the person’s private wealth. Moreover, candidates for major positions of the Board and management (regularly the Chair, the CEO and other key positions) are personally interviewed by FINMA. Credible references are an important part of the process. In case doubts remained and a negative decision is made regarding a particular candidate, it will be communicated to the applicant. Unless the disputed candidate is not replaced, the license application will be rejected. FINMA explains that this happens from time to time.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.16
Description and findings re EC8	FINMA states that the proposed business strategy and business plan are the key elements that are examined when approving license applications; for example, they are decisive factors in determining adequacy of banks’ internal organizational regulations as the bank’s operational structures must be balanced proportionally with the planned business activities. The guidelines for licensing application requires applicants to submit a comprehensive set of documents regarding strategic and operation plans including: Detailed description of the business activities and the corresponding processes; Articles of Incorporation, partnership agreements and regulations, which are tailored to the business activities; Organization of the applicant; Additional information on the organization, such as staffing, infrastructure and information system, outsourcing, internal control and risk management, separation of functions, compliance and due diligence, internal audit; Business plan for the first three financial years (business development, the clientele, the staff and the organization, etc.); and Financial statements for the first three financial years (balance sheets, income statements). According to the authorities, during the licensing process, the following aspects are analyzed separately in detail according to granular requirements prescribed in FINMA circulars and FAQs for both on-going banks as well as applicants: A balanced management structure with two management levels – the Board and management. The independence of Board as well as an adequate composition of the Board that reflects operation of the banks is required. (BA Art. 3 para 2, BO Art. 8, FINMA FAQs on Board of directors and securities dealers). An adequate internal organization, particularly regarding separation of functions, an effective, internal control system, incl. risk management and compliance (BA Art. 3 para 2, BO Art. 9, FINMA Circular 08/24). Effective measures to comply with due diligence obligations and combating money laundering and terrorist financing (AMLA, AMLO-FINMA). Compliance with provisions on proper outsourcing (FINMA Circular 08/7).
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	As noted above, an applicant submits business plan and financial statements for the first three business years (including balance sheets, income statements and capital planning). This includes results assuming different scenarios. The above mentioned guidelines also require assessment reports on business plans and budgets by an external auditor; the auditor is expected to examine the prospective financial information closely and to judge its plausibility. FINMA accepts banks to be unprofitable during their initial stages as long their business plans are sound in the medium-term. If FINMA judges the business plan is too vague or there is any doubt about how it can be realized, the license application will be rejected. The principal shareholders and other important parties must be able to prove to FINMA that they are capable financially of supplying the bank with more fresh capital if necessary and that they can answer for the sustainable development of the company.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	The home regulator is asked for a statement of no objection in the case of foreign banks establishing a branch or subsidiary (for branches, FBO-FINMA Art. 4; for subsidiaries FBO-FINMA Art. 3bis para 1bis). In the case of branches or subsidiaries of a foreign financial group, the lead home regulator is asked for a statement about adequate supervision at a consolidated basis (for branches, FBO-FINMA Art. 4 para 2; for subsidiaries, BA Art. 3b). FINMA also assesses by itself the adequacy of consolidated supervision by the home supervisor through variety of information, including FSAP reports.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	As explained above, initially and during the set-up phase of a bank, FINMA takes various measures; as a rule, the license is at first linked to different requirements and conditions to ensure that the bank can conduct its business in an orderly manner and that its organization functions well. Moreover, the scope of the bank’s business activities during the initial set-up phase will be limited. Once financial and organizational resources permit, the areas in which the bank conducts business can be gradually extended in order to ensure a controlled growth. This is controlled through authorization of banks’ bylaws and business rules. The newly authorized institution is subject to immediate, ongoing supervision. During the set-up phase, various interim audits by external auditors are requested with designated special areas to be audited.
Assessment of Principle 5	Compliant
Comments	The discussion with the staff in charge of licensing as well as review of typical licensing files shows a robust process is in place in assessing various licensing requirements, including the fit and proper test for members of the Board and senior management and other aspects referred to in this principle.
Principle 6	Transfer of significant ownership. The supervisor17 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”.
Description and findings re EC1	BA Art. 3 para 2 defines “qualified participation” as direct or indirect holding of at least 10 percent of a bank’s capital or voting rights or having ability to influence the bank’s business activities in a significant manner in any other way. While there is no regulation or guidance that provides more detailed interpretation of the latter, the authorities explain this is applied flexibly to intercept other de facto and de jure influential elements. Examples include the case of parties that have beneficial ownership or have close ties that can exercise their influence based on a shareholders’ agreement or mutual informal arrangements. FINMA explains that consideration is also taken of particularly significant financial or personal dependency relationships such as having additional top management positions or large-scale business dependencies. Even a relatively small amount of shares combined with option elements (e.g., call option to increase to above 10 percent) may be considered as qualified participation ‘by other means’.
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	BA Art. 3 paras. 5 and 6 prescribes that FINMA is to be informed in advance about any changes in qualified participation, regardless at which level. This reporting requirement concerns buyers and sellers, as well as the bank. Ultimate beneficial owner (UBO) is regarded as indirect qualified participation and is also subject to this reporting requirement. The transaction can only be carried out once FINMA has approved the notification. This notification requirement is also necessary when a qualified participation is increased or reduced thereby exceeding or falling below the thresholds of 20 percent, 33 percent, or 50 percent of the capital or the voting rights. As mentioned above, the definition of qualified participation includes direct and indirect holding of shares or voting rights, thus including ultimate beneficial owners (UBOs), as well as having ability to influence the bank’s business activities in a significant manner. In order to determine UBO, persons having qualified participation in banks must inform FINMA if participation has been acquired for their own account or on behalf of third parties, and if the participation is linked to options or similar rights. (BO Art. 6 para 3). However, as mentioned in EC2, what should constitute “having ability to influence the bank’s business activities in a significant manner” is not publicly defined in any detail. Other jurisdictions often have at least some further criteria specified as to what has to be considered in determining influence. If a foreign-owned bank experiences a change in foreigners with qualified participation or if a bank undergoes foreign ownership, it is necessary to apply for an additional license (BA Art. 3 paras. 5 and 6 and Art. 3ter).
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	FINMA understands that it has power to prohibit intended changes in participation about which it has been notified that do not meet the requirements set down in laws and regulations. Changes made with incorrect information provided to FINMA can be revoked. Depending on the case, if there are only few shortcomings and they can be remedied, less stringent measures can be taken. In order to restore lawful conditions, FINMA can adopt appropriate measures in cases where changes in participation have already been made (FINMASA Art. 31). Licenses and other authorization made can be revoked in particularly serious cases (Art. 37 FINMASA); furthermore, it is possible to suspend shareholders’ voting rights (see Art. 23ter BA). Revoking licenses and the other measures described are implemented by way of enforcement proceedings. See CP 11 for details of these enforcement proceedings. In practice, no transfer of significant ownership have been denied in the past five years, but a few application have been withdrawn as FINMA communicated that there is no prospect of them to be approved.
EC4	The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	Banks must report all direct and indirect qualified participations as soon as they have knowledge thereof, at least however once a year and within 60 days following the end of the financial year (BA Art. 3 para 6). The list should include details as to the identity and the share of equity of holders of qualified participation, and necessary documents for those parties in case where the documents have not been submitted before (BO Art. 6a). This includes identities of beneficial owners if parties having direct participation declare if the participation is not for their own account.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	FINMA has the power to address holding of qualified participation that has taken place without the necessary notification to it, including modifying or reversing it. Please refer to EC3 above.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	FINMASA Art. 29 para 2 requires supervised banks to report immediately and without being asked any incidents that are of substantial importance to supervision. FINMA explains that this includes important information about qualified shareholders who may influence the bank’s reputation or its sound business activities negatively and this understanding is shared with banks.
Assessment of principle 6	Largely Compliant
Comments	The above grade reflects lack of detailed guidance on who are included in the qualified participation as having ability to influence the bank’s business activities in a significant manner. The current regulatory framework relies on banks to report changes in the qualified participation; it is important to establish a shared understanding on the definition of it. Licensing staff indicated that they and banks apply the generally-worded criteria in practice in ways that have not caused problems to date. The assessors understand the need for flexibility in defining the qualified participation, and thus believe the detailed guidance or interpretation should not be an exhaustive list; instead, it should include general qualitative criteria or further (non exhaustive) items that are included on which to assess the ability to influence the bank’s business activities in a significant manner and several concrete examples.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	Switzerland has three different restriction/requirements on specific types of acquisitions and investment. First, BO Art. 3 para 7 stipulates that banks organized pursuant to Swiss law shall notify FINMA before they establish a subsidiary, branch, agency, or representative office abroad. This provision is understood to include acquisition of participating interests in foreign companies active in the financial sector (Guidelines on preliminary reporting requirements for establishing physical presence abroad). Also, as explained in CP 6, this notification is understood to require FINMA’s approval and FINMA can reject it. According to the Guidelines, financial groups subject to FINMA group supervision are also required to report the acquisition of participating interests by entities shown within the scope of consolidation. BA Art. 6b provides information to be submitted for this notification to be as follows: A business plan which, in particular, describes the type of planned transactions and the organizational structure; The address of the business offices abroad; The names of the persons responsible for administration and management; The audit company; and The supervisory authorities of the host country. FINMA explains that this information serves to ensure that reporting banks are organized properly, have sufficient financial means, and establish solid risk management. FINMA also examines if the country where the bank plans to establish presence has laws or regulations prohibiting information flows necessary for adequate consolidated supervision and takes into consideration the effectiveness of supervision in the host country, and FINMA’s own ability to exercise supervision on a consolidated basis. In addition, the information is used for FINMA to respond to any applications or inquiries made by the host supervisor. Based on information provided in these reports as well as existing information on the bank, FINMA decides either to accept or reject the bank’s planned international activities or changes. Second, the business strategy and organization of a bank is defined in its strategy (business plan), its articles of incorporation and in its main organization and business rules as called for by BO Art. 3 para 2. Also, BA Art. 7 stipulates that the nature and geographic scope of the bank’s business activities must be accurately described in its articles of incorporation, its shareholder agreements, or its bylaws. Thus, it is understood that significant acquisitions and investments that require these rules to be changed (in particular the articles of incorporation and organization and business rules including specific delegations of competences) are subject to FINMA’s approval. Such changes may not be entered in the Commercial Register unless they have been approved by FINMA (BA Art. 3 para 3). The discussion with relevant staff members of FINMA showed this process is conducted rigorously. However, acquisitions and investments that do not need these rules to be changed, such as expansion of current business lines, may not require change in those rules thus out of the scope of FINMA’s approval. Laws and regulations do not provide detailed guidance. Third, investments in any company by a bank or by a company belonging to the same group may not exceed 15 percent of the net own funds of the bank or of the consolidated group to which the bank belongs. Additionally, the total of financial fixed assets of a nonaffiliated company acquired for the purpose of investment may not exceed 60 percent of the net own funds of the bank or the consolidated group. (BA Art. 4 para 4) The Capital Adequacy Ordinance (CAO) provides exceptions to the limits mentioned above where such investments are acquired for restructuring purposes or for the purpose of temporary emission, or the difference between the carrying value of these investments and the limits applicable is fully covered by eligible capital (CAO Art. 13). In addition, the BA Art. 4 bis prescribes that a bank’s participation in any single company must be proportionate the bank’s eligible capital (Art. 4bis BA; Art. 13 of the CAO).
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	In case of foreign operations, the Guidelines on preliminary reporting requirements for establishing physical presence abroad sets out that the reporting requirements are to ensure that banks intending to expand their business activities by establishing a physical presence abroad are organized properly and have sufficient financial means to do so. No further details are provided in the regulatory framework. In case of acquisitions and investments that require changes in banks’ articles of incorporation and in its main organization and business rules, it is understood that banks need to comply requirements set out in laws and regulations that are applicable to general operation of banks, including those on organizations, internal control and risk management. Moreover, BO Art. 7 Para 3 stipulates that the scope of the bank’s operations must be commensurate with its financial resources and its administrative organization.
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.18 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	See EC 2. For acquisitions and investments that establish foreign financial operations, adequacy of its operation, including solid risk management, is required. Thus, it is expected that if establishing foreign operations may expose banks to undue risks or hinder effective supervision as well as implementation of corrective actions, FINMA will not approve, including a cases where laws and regulations of a jurisdiction inhibits effective consolidated supervision. Adequacy of effectiveness of supervision in the host country is also assessed. To ensure this, a comprehensive and detailed set of information is required to be provided to FINMA as set out in the Guidelines, including: Details of the legal structure (subsidiaries, branch offices, representative offices) and its share-holding structure. The shareholding structure and information on other participating shareholders are to be indicated in case participating interest is acquired in existing companies. Details of the type of business planned: outline of the business activities foreseen (business-model and plan), client target group, internal organization, especially in relation to risk management and local compliance. For parent companies, details of the existing reporting line, supervision of activities, risk management and compliance are to be included. Details of the structure of the executive management (board of directors) and of management (senior management). Information on any other functions exercised by the persons named at other group entities is to be indicated. Details of the assigned audit firm. Details of the local financial supervisory authority and of the approval granted for the foreseen business activities. Any information on possible restrictions imposed by the local financial supervisory authority and on the possibility of using the licenses granted outside Switzerland, e.g., European banking passport, is to be mentioned. Also, the Guidelines require banks to submit external auditor’s reports that indicate if the risk analysis of expanding business activities abroad is adequate and if these risks were considered in the institution’s global risk management. In case of acquisitions and investments that require changes in bank’s articles of incorporation and in its main organization and business rules, while general requirements for banking operations apply, no detailed requirements for information submission comparable to those for establishing foreign operations are provided.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.
Description and findings re EC4	See EC 2. BO Art. 7 Para 3 stipulates that the scope of the bank’s operations must be commensurate with its financial resources and its administrative organization. Thus, for foreign operations and acquisitions and investments that require changes in bank’s articles of incorporation and in its main organization and business rules, existence of adequate financial, managerial and organizational resources are assessed by FINMA.
EC5	The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.
Description and findings re EC5	Generally, Swiss banking law imposes no specific structural conditions or restrictions on bank investments in non-financial activities. However, as described in EC 1 and 2, if the acquisitions and investments are significant enough to require changes in bank’s articles of incorporation and in its main organization and business rules, FINMA will assess adequacy of management and control (BA Art. 3 para 2). However, there is no specific provision that focuses on risks arising from non-banking activities.
Assessment of Principle 7	Compliant
Comments
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: which banks or banking groups are exposed to, including risks posed by entities in the wider group; and which banks or banking groups present to the safety and soundness of the banking system The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	FIINMA classifies all banks according to their relative size and complexity (categories 1–5). The two biggest banks which are globally systemically important are in Category 1, the three next largest are in Category 2. Category 3 contains some 30 banks (most of the cantonal banks) with some 70 banks in Category 4 and the rest, some 160 banks and 50 securities firms in Category 5. Assessors judge that a number of banks in Category 2 and 3 are systemically important in terms of the national market. Categorization is an important driver of FINMAs supervisory methodology and effort. Recently, for example, FINMA has decided to significantly reduce effort on Category 5 banks as they judge failures in this category would not be systemically important (median assets CHF250m). This strategy is understandable, though assessors did not review in detail the supervisory effort with respect to these banks. FINMA supervisory methodology is based on a combination of: annual formalized regulatory review/audit by external auditors hired and paid by banks, specific FINMA-mandated reviews by third parties and supervisory reviews conducted by FINMA itself (offsite and a limited number of on-site). FINMA has accredited 7 audit firms and some 150 lead auditors (who work with their auditing staff) to perform the regulatory audit of banks. Only the lead auditor has to be accredited. FINMA itself assigns a key account manager (KAM) or lead supervisor for each of the banks in categories 1 and 2 and has approximately 24 KAMs each with a portfolio of institutions in categories 3-5. As part of the regulatory audit performed by the external audit firm on every bank, a risk assessment has to be performed and agreed with FINMA, based on which the review/audit strategy is defined. This drives the specific areas and depth of regulatory audit work, subject to minimum standards for frequency and depth of work (review depth versus audit depth), which is set by FINMA. These standards apply to FINMA-specified areas for regulatory review. The minimum standards have more frequent audit-depth assessment if the bank is a G-SIB in Category 1, or in relation to the risk profile of other institutions. There is guidance given by FINMA with respect to the content and process for such a risk assessment. The risk assessment is based on an assessment of inherent risk (high/medium/low) in various aspects of the bank, an assessment of the quality of controls (H/M/L) and a net risk rating. There are no criteria for determining inherent risk ratings provided by FINMA. Inherent risks are assessed for various audit areas. For controls, ‘high’ risk is when no audit work has been done recently, it is not clear about whether controls exist or the auditor considers the controls ineffective. ‘Moderate’ control risk is when work has been done but the audit firm cannot determine if controls are effective, and ‘low’ control risk is when recent audit work has allowed the firm to conclude that controls are ‘appropriate and effective’. There is no formal process within FINMA to vet consistency of these risk assessments across institutions or groups of institutions in advance of regulatory audit work starting. FINMA and auditors are aware that the mindset needed for a regulatory or supervisory review is different than for a financial statement audit, which is more backward looking. The audit rating by FINMA and audit firms that drives the regulatory audit is designed to be forward looking and forward looking thinking explicitly asked of auditors in the audit circular. Starting this year auditors for the two large banks are required to rate the top ten risks, a process which FINMA and auditors both report as useful. Auditors are required in the circular to make their risk assessment comprehensive, and to add granularity to the formal rating assessment tables as necessary to accurately rate the bank. Required separation of the lead partner for the regulatory audit from the partner for the financial audit (for category 1 and 2 banks) is also designed to promote development of auditors with the desired regulatory mindset. The FINMA methodology controls the interaction of the audit firm with the bank with respect to its risk analysis. Risk assessments are not to be formally shared with firms until they are final and agreed with FINMA. Auditors are of course aware of the banks own risk assessment as well as the risk assessment of Internal audit. Some indicated that they do discuss certain aspects of risks and controls with the bank. Depending on the risk assessment, alterations are made in the standard audit work procedure in terms of focus and depth. Risk assessments can also lead to specific additional reviews by the audit form or by FINMA. Assessors reviewed the rating methodology and discussed these at length with FINMA and with regulatory audit firms. They also saw examples of the new methodology in practice in review of a selection of supervisory files. For a major bank, the methodology leads to one risk assessment for various risk types institution wide—i.e., one risk assessment for each of the major banks credit risk and one for each bank’s overall market risk. Different audit firms have different approaches to risk analysis, some driven by what they see as deficiencies in the FINMA-mandated approach. Some are using a wider and more granular definition of risks coming from their own audit acceptance and continuance risk methodologies, and then fitting the results into FINMAs templates. Others recognize that their high level inherent risk rating for particular risks is not particularly useful. In some cases (e.g., credit risk or market risk) the inherent risk assessment seems to be designed to assess risks in models or capital calculations, rather than risk in the underlying books. Control risk can be rated inconsistently to the resulting audit plan. For example certain examples assessors saw had overall credit or market risk controls rated high risk, apparently referring to control risk around models and related inputs—a potentially serious rating given the definitions. Some have an explicit forward-looking component in their own rating system (e.g., asking themselves if a risk is increasing or decreasing). Others do not. It is clear that risk analysis is not done consistently. In some cases the breakdown of the bank activities for the inherent risk ratings can be driven by the basic scope of the regulatory audit which is based on assessment of adherence to licensing conditions and other rules, and may not cover important risks. For example, for credit risk, banks activities are not broken down by type/geography of exposures as would normally be expected in these inherent risk ratings. Rather, the credit risk rating for certain IRB banks focuses on the risks of the IRB qualifying conditions and methodology not being met. Risks in underlying credit activities in different businesses and geographies can be described separately but not rated or with unclear link to the overall rating or supervisory effort. FINMA is planning to require banks to divide their inherent risk rating for credit risk into more granular categories, and the consultation was about to start at the time of the mission. Quality control systems in audit firms may not pick up important differences in interpretation of what constitutes high or medium or low inherent risk, which is left to individual partner judgment. In addition, FINMA has a camels-based supervisory rating with 9 rating grades. The rating is based on filters and thresholds applied to regulatory data, key flags if any triggered from the audit firm’s work (e.g., are there important formal audit opinion qualifications or not?), overlaid with supervisory judgment. For liquidity for all but the largest two banks, the metrics are based on outdated tests, even though trial LCR data is available (see CP24). Operational risk is not explicitly part of the rating framework (see CP25). Major internal control deficiencies would affect the regulatory audit result and feed into the supervisory rating and supervisory work. There is no explicit link between the annual risk assessment at the start of the supervisory work and the Camels-based rating. The 9-fold categorization is collapsed down to three grades—green, yellow and red which are reported to the institution. Green receives regular supervision in the next cycle, yellow receives increased supervision, and red is intensive. There are no explicit criteria for what constitutes a green as opposed to a yellow or a red. The camels rating is updated quarterly for banks in Category 1–3, quarterly for Category 4 banks with yellow or red grades and at the end of the annual cycle for banks in Category 4 with green grades and for all banks in Category 5. The FINMA-wide quality control process around these ratings is anchored in major annual ratings review meetings attended by the KAM, specialists, and senior management for the banks division. While there is no formal link between the rating system and sector wide risk, systemic trends and analysis by FINMA or SNB can factor into a judgmental overlay and thus into supervisory work. (Currently there is heightened interest about mortgage financing for example.) The camels-based ratings are driven in a major way by the data-driven analysis which is less likely to be forward looking. Assessors examined data on overrides to the system-generated ratings. The number of overrides is extensive and the number of grades that a rating changes is often 2 or more. Overall some 60 percent of banks are in green ratings, down from some 80 percent in 2008, with approximately 20 percent of banks in amber rating. The assignment of banks to category based on size and complexity understandably does not change often. Camels- based rating changes from year to year are infrequent for category 1 and 2 banks. Changes are more frequent for category 3 with some 25–35 percent of ratings changing annually, and higher percentage of changes in category 4 and 5. The degree of change is higher than one might expect in a camels based rating system. It could be due to the new system transitioning in, or to imprecision in the rating process, or to a combination of factors. Resolvability does not formally factor into the rating system but complexity is clearly a factor in splitting banks into categories, which affects supervisory planning. To date resolution and recovery planning has been started for the two large banks.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	Regulatory risk assessments done by auditors and agreed with FINMA are described in EC1. Standard operating procedures determine the minimum frequency and depth of supervisory work based on the various ratings and supervisory judgment as described in EC1. Assessors reviewed supervisory planning with auditors and FINMA, and reviewed planning of FINMA-lead reviews. They also discussed these matters with banks. As noted in EC1 there are a number of elements that likely make the risk profiles less forward looking than FINMA desires. In addition to the regular risk assessment described in EC1, banks are obliged to perform an annual capital planning based on a forward-looking risk profile. Capital plans are reviewed either by FINMA (banks category 1 and selected banks in categories 2 and 3) or assessed as part of the annual regulatory audit process performed by the external audit firm. Issues from these exercises can also trigger additional supervisory work. As well extensive supervisory work can be triggered by assessments of whether remedial action plans mandated by FINMA have been effectively put in place, or by assessments mandated by FINMA as to whether control issues that have materialized at one institution are being adequately handled by other banks.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	The monitoring of compliance with prudential regulations and guidance and other legal requirements is performed by the external auditor as part of the annual regulatory audit. Assessors reviewed methodology, saw examples of results, and discussed this with FINMA staff and external auditors. As noted in various other CPs, FINMA guidance in certain risk management and control areas is at a very high level. As well, audit methodologies often require auditors to express a very high level judgment on these matters (are they “adequate”) with little or no formal guidance on what is to be considered in making the assessment. (There is FINMA work in progress on this matter.) Auditors are asked to express two kinds of opinions with respect to these matters. In areas where they have done a “review” level work they are examining the design effectiveness of controls and express opinions as to whether anything that came to their attention suggested that the controls were not adequate (negative assurance). In areas where they do “audit” level work they are testing operational effectiveness of controls and express a positive opinion—“controls are adequate…” The standards for what level of seriousness amounts to a qualification to an opinion are not clear, except when there is a breach of regulation which must lead to a qualification. Some auditors that assessors met indicated they had adopted additional methodologies to bring additional rigor to this process, such as specifying how to categorize the seriousness of findings. Others had not, and relied on professional judgment and second partner review, which they indicated could vary considerably across partners. Noteworthy observation must be reported to FINMA who has to evaluate the seriousness of the problem. FINMA staff and auditors confirmed that there are from time to time active discussion between auditors, banks and FINMA on these conclusions and opinions. Some whom assessors talked to described these as amounting occasionally to “negotiations”. Regulatory audit opinions are not published but are provided to banks as well as FINMA. There are no explicit rules prohibiting disclosure of supervisory opinions by audit firms in their regulatory reports (as would normally occur for supervisory findings in other jurisdictions). Discussion with auditors revealed that this had rarely if ever been an issue and that qualifications or reservations would have to be very serious for them to trigger the bank having to consider disclosure under general securities law principles.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	FINMA has established a structured process and semi-annual internal report that informs about the major macroeconomic, capital markets and structural risks (“Risikobarometer”). As part of this report, potential implications for supervised entities broadly (banks, insurances, markets) are considered. This can affect supervisory work. For example, starting in 2010 FINMA and SNB identified heightened level of concern about mortgage exposures in Switzerland and that triggered further extensive supervisory reporting, analysis of exposures and risks by region and also triggered additional cross-system supervisory work on some 20 banks. A regular monitoring report on this system-wide issue is also in place.
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	FINMA holds regular meetings with the Swiss National Bank, where one standing item is the discussion about the current situation of financial markets. As a consequence, decisions may be taken to assess specific topics more in-depth. For example, in 2012 it was decided to perform an assessment of the vulnerability of the Swiss banking sector towards a potential Eurozone crisis. This can lead to supervisory action. Further, once significant trends or emerging risks are identified, supervisors communicate on a regular basis with their supervised banks and, if needed, specific measures are defined to monitor the situation (e.g., weekly ad-hoc reports, etc.).
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	Resolution and recovery planning is in place for the two large banks. FINMA can grant relief to the progressive capital component requirements provided there is a high probability that the systemically important bank will improve its resolvability in and as well as outside Switzerland. No such relief has been decided in practice as yet. FINMA and banks are in active discussion of various aspects of their operations that would improve resolvability. While FINMA has no explicit legislative authority to impose changes in structure it can use other tools as necessary to induce changes, such as withholding approvals or changing the scope of consolidation.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The supervisor or Key Account Manager (KAM) follows the risk-based approach based on the established Standard Operating Procedures (SOP). As mentioned above, the supervisory category and the assigned rating determine the levels of required supervision. Under these procedures should the camels rating be downgraded to a pre-determined level (8 in the 1–9 rating category), the bank will be supervised by a separate team specialized in intensive supervision – TIS. The task of the TIS is to investigate the causes of problems and oversee crisis management. The primary objective in all cases is to put a swift end to the crisis in order to prevent loss or damage and minimize the use of resources. Assessors reviewed the actual experience of this group, which is extensive. Crises can be ended in a number of ways: at some institutions, the introduction and monitoring of corrective measures will suffice; in other cases, the correct response may well be for the institution to exit the supervised sector. Elsewhere, the investigation may reveal that compulsory measures under supervisory law are the only way to resolve the situation. In this case, the TIS will present the results of its investigations in such a way that enforcement proceedings can be conducted. The TIS will deploy the means of direct supervision: it will carry out on-site investigations, and identify and interact with all relevant parties including owners and shareholders.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	When an institution is performing activities outside the regulatory perimeter, FINMA will intervene and generally close the relevant entity. The same applies to non-licensed entities that present themselves as banks without actually carrying out bank like activities. Where a licensed institution carries out business outside the scope of its license FINMA imposes requirements to bring activities in line with that authorized. This has occurred and assessors reviewed examples of the framework working in practice.
Assessment of Principle 8	Largely Compliant
Comments	FINMAs supervisory approach using regulatory auditors can work, but the improvements already made need more time to be embedded and additional improvements to augment FINMA on-site reviews, improve guidance to auditors to improve risk assessments and ensure consistency in ratings and supervisory work, and have more in depth theme reviews of control functions, are required to achieve the necessary effectiveness for both larger and smaller and mid-size banks. The five-fold categorization of banks according to their size and complexity is a reasonable method to link broad supervisory effort to high-level risks. It is unclear however if the broad switch of institutions from balance sheet intensive activities to more wealth management activities (and the consequent increase in operational and reputation risk) has been reflected in supervisory strategies or resources in a proactive way. The risk-based approach for bank supervision has been revised and enhanced after the 2007 banking crisis in an appropriate direction. Methodologies were enhanced, monitoring was increased, additional challenge of external auditors’ contribution to the supervisory approach was instituted, direct FINMA lead or commissioned supervisory reviews were instituted and more forward-looking and system-wide risk assessment elements were added. The intensity of supervision and contact with certain institutions has increased. Progress in implementing these improvements in a short time period is impressive and assessors believe that the basic direction is the correct one. There is no reason why the fundamental supervisory approach cannot deliver the necessary results if it is operated effectively. Use of auditors gives a system-wide annual review that is not present in other approaches. It also allows auditors to benchmark across institutions in other jurisdictions that they audit and to bring their global risk capability to bear. Supervisors generally showed a good understanding of risks in their institutions. There is extensive senior level experienced judgment and oversight of the risk assessment and supervisory process within the Banks division of FINMA. However, several elements mean it is not as it needs to be given the importance of major Swiss institutions globally and in the Swiss marketplace. Lack of granularity in risk assessments for major institutions means that important risks could not be sufficiently highlighted. Forward looking elements need to be formalized. The lack of criteria for various ratings, the inadequate granularity of assessing inherent risks, and the uncertainty surrounding what auditors’ assessment of various controls means in practice, reduce the robustness of the approach and mean it is heavily reliant on expert judgment which is not sufficiently consistent or well documented. Using separate audit firms means that comparisons across institutions in Switzerland that are similar but audited by different auditors is not possible with reliability, unless FINMA puts in place a process. Processes within FINMA to assess and adjust auditor’s risk assessments across groups of institutions should be strengthened. These issues could lead to material misallocation of supervisory effort and missing the opportunity to challenge supervisors on risk assessments and to identify material control or risk management deficiencies, before they have large consequences. Some improvements to address these issues have been identified by FINMA but are not yet implemented, including update of Circular 08/24 re qualitative risk management standards and related auditor instructions. Certain additional improvements are necessary including: providing more guidance for rating criteria; ensuring inherent risk assessments reflect actual business risk; requiring more granularity in risk assessments for larger institutions; enhancing methodology to emphasize forward looking elements such as requiring explicit consideration of whether risks are increasing, stable or decreasing; and instituting more cross-institution analysis by FINMA staff of the risk assessments and what they imply for supervisory effort and focus.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of on-site19 and off-site20 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.
Description and findings re EC1	FINMA employs a mix of the on-site and off-site supervisory tools. These were enhanced starting in 2010 including promulgating a new audit circular at the end of 2012 on FINMAs enhanced expectations. This new circular was in effect for risk assessments done in early in 2013 and 2013 audits. On-site examinations are mainly performed by the recognized audit firms. As part of FINMA’s supervisory approach, audit firms are in charge of performing a comprehensive prudential audit, following general instructions given by FINMA. FINMA refers to these auditors as “FINMA’s extended arm”. FINMA has employed this approach because of the fundamental nature of its banking system, which is large relative to the country and has several institutions with complex global reach. FINMA believes that only by levering its resources through regulatory audits conducted by audit firms can it adequately have access to resources necessary to perform its supervisory mandate. It also notes that its approach provides an annual supervisory review across every supervised institution. FINMA also conducts certain on-site supervisory reviews itself, or by hiring and paying its own third party reviewers. Off-site supervision mainly relies on the examination of reports provided by the banks, the external auditors (delivery of ‘long form’ regulatory audit reports) and also results from other activities such as meetings with the banks’ management, attending supervisory colleges and/or discussions with other supervisory authorities. Assessors discussed these activities with FINMA staff and saw examples of the reports generated by this process. There is also clear evidence that these off-site activities influence supervision and actions vis-à-vis individual banks. On-site supervision is through regulatory audits performed by audit firms chosen by the banks (from the FINMA approved list of seven audit firms and some 150 accredited regulatory auditors who work with audit staff), and paid directly by the bank, not by FINMA. The regulatory audit is in practice done by the same firm as the financial audit (separate lead partner for the two largest banks and for the three banks in category 2). The regulatory audit is lead from Switzerland and can involve audit firm resources in other global financial centers and locations, as necessary, depending on the individual audit firm approach. FINMA is aware of the independence, mindset and expertise issues (and issues of who is the client) that this arrangement gives rise to. Regulatory assessments are fundamentally different than financial audits. FINMA has instituted various compensating measures. There are standard procedures that specify minimum periodicity and depth of work. To remain certified auditors have to perform a minimum number of hours of relevant work. FINMA off site supervisory staff challenge risk assessments and audit strategies and findings based on their knowledge of the bank. The findings of FINMA reviews can demonstrate inadequate work in the same areas by audit firms and puts pressure on them to perform. FINMA can de-certify individual partners or senior staff of audit firms from being eligible to do regulatory audits. This has occurred. FINMA also performs ex-post quality assurance on audit firms doing regulatory audits, much in the same way as the Swiss audit oversight body assesses audit firms financial audits. Annually, there is an inspection of each of the major audit firms with examination of one of their files including their working papers, and other audit firms are on a 2-3 year inspection cycle. This involves selecting and reviewing approximately 5 regulatory files a year (one each from the larger audit firms and a selection of smaller audit firms). Staff doing inspections report that issues of adequate professional skepticism do arise. This can lead to de-certifying certain persons of audit firms as noted above. The essence of the mandate of the audit firm is to confirm (or not) compliance of the bank with regulatory requirements (laws, ordinances, circulars). This culminates in an overall opinion whether the bank is meeting its licensing conditions. In audit reports it is rare to have an overall qualification but there can be 2-5 qualifications in specific areas for a large number of banks. Audit firms are to provide formal opinions on these matters (either positive or negative assurance) depending on the scope, depth and nature of the work performed. This means that the regulatory audit scope and opinions is dependent on the nature and completeness and specificity of the guidance it is auditing against. That also can have a material impact on the meaning of various conclusions. As FINMA guidance lacks specificity in qualitative criteria (see CP 15, 17, 19 and 24 for example), the nature of audit work and opinions in these areas can be difficult to assess. There is a standard annual audit report formulation and instructions from FINMA on what it is to cover. Often FINMA is asking auditors to express an opinion (pass/fail) on whether a particular process is ‘appropriate’ or whether resources in a control function are ‘adequate’. This comes from the generally-worded requirements in banking legislation or ordinances, compliance with which is the fundamental purpose of the regulatory audit. Audit firms have developed methodologies. FINMA does not approve these audit programs, but may approve the detailed scope for FINMA-mandated additional audits. FINMA has started sending a letter to audit firms at the beginning of the cycle on areas it wants emphasized. There is no guidance on what constitutes findings of various degrees of significance. Certain audit firms have determined that themselves. The assessment culminates in a long form report that is relayed to FINMA and the bank four months after the year-end. Audit reports and reporting cycles are not modular with continuous reporting on work done throughout the year. Timing of reporting on specific additional work mandated by FINMA could be dependent on the engagement. Assessors discussed the methodologies with FINMA, with representatives of larger and medium-size audit firms and with FINMAs audit inspection department. They also reviewed a sample of audit reports, though the changes for 2013 audits are not observable at the time of the mission. Discussions revealed material differences in what standards auditors are auditing to, and what constituted findings of various degrees of seriousness. Some firms indicated that certain of these aspects could vary partner to partner. In a number of cases because of lack of criteria, the audit opinion as to what is adequate depends to a very large degree on individual auditors’ professional judgment. The nature and seriousness of issues can be difficult to determine from the reports, which contain a large amount of factual information on the bank. Understanding is therefore driven by the quality and depth of discussion between the auditor and the FINMA key account manager (KAM). Auditors and banks report that there can be intense three-way discussion between auditors, banks and FINMA on the seriousness of particular issues. It also appears that what leads to a reservation on a risk management or control rating can be hard to assess. Examples seem to occur regularly of a process being judged ‘adequate’ while noting serious deficiencies but also noting that these are in the process of being rectified and have been reported to FINMA, making it hard to determine the basis for auditors judgments. As deficiencies or reservations are a key flag in FINMAs internal rating system, this approach depends on KAMs judgment and escalating important issues for discussion and decision on whether to intervene. Audit firms report that in certain areas where FINMA guidance is not detailed they will choose to supplement with relevant international guidance or firm-developed methodology. But the approach to that varies across audit firms and these firm-specific methodologies are not included in the standards that ex-post inspections inspect against. FINMA also can set guidance in frequently asked questions (FAQs) on its website. FINMA and banks indicated that these are taken very seriously and can be used by FINMA to respond rapidly rather than issuing a board-approved circular. FAQs will be consistent with requirements in legislation ordinances or guidance in circulars, but can be more specific and essentially contain important additional guidance on FINMA expectations. There was a difference of opinion between audit firms that assessors met, and between various staff within FINMA, as to whether FAQs formed part of the basis of rules and guidance against which regulatory audits are assessing. FINMA also reported that the regulatory audit report is used as information to supervisors but is not necessarily the full reality of the situation. FINMA applies its own judgment in determining ratings and supervisory interventions. (see CP8) Assessors discussed the regulatory audit work effort. On medium size banks, auditors report that up to 10 people can be involved, and the regulatory audit is around 1,000-1,500 hours (135-200 person days). Some 2-3 deeper dive reviews are conducted at major banks annually with a deep dive review normally being 1,000-3,500 hours (135-650 person days). Occasionally the depth and scope will be markedly more. FINMA conducts some 15 of its own reviews a year on average over the past two years on the two category 1 banks together, and approximately 20 in total on category 2 and 3 banks. These totals include reviews with respect to AML/CTF, market conduct issues and compensation so the more prudentially-focused or risk management-focused reviews are about half the total. In some cases these were reviews conducted after material issues were revealed in the marketplace. FINMA reviews generally involve 3-4 persons for a total of 15-40 person days. Assessors discussed this arrangement extensively with FINMA staff at various levels, reviewed documents including examples of supervisory files and discussed the process with representatives of audit firms covering large and smaller and mid-size banks. The review by assessors did not reveal the depth of reviews by audit firms that one would normally find, post-crisis, of risk management and control systems by other supervisors. Assessors’ reviews also noted that in some cases the scope was skewed to specific regulatory requirements and did not consider more general issues of risk management or control effectiveness. FINMA has plans to add more specificity to audit instructions in key risk and compliance areas but significant parts of this will not be in place until 2014 or 2015. Discussions with FINMA staff also revealed difficulty in determining the basis for auditors conclusions in areas where there are only very general requirements (such as what constitutes adequate resources in compliance or risk management), or for understanding the extent to which these conclusions were derived from consistent processes across audit engagements and firms. Prudential audit reports reviewed by assessors often contained considerable factual description of controls or processes and relatively much less on the issues found, their implications or seriousness or the nature of the work done by auditors to support the audit conclusions. FINMA staff participate in on-site work conducted by foreign supervisors, particularly in the UK and the US for the two big Swiss banks. The experience seems to be some 2-4 of these a year (which are included in the number of FINMA reviews noted above). FINMA has participated occasionally in prudential audit firms foreign reviews of large bank operations, but this is not regular practice. FINMA examines the work performed by recognized audit firms, the result of which is communicated at least once a year to the management of the audit firm. Key account managers provide feedback. For the purpose of performing this quality control, FINMA also maintains a special quality control unit. However the number of regulatory reports reviewed is not large (approximately five per year for banks).
EC2	The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.
Description and findings re EC2	See also EC1. FINMA has a well-developed process for planning and executing regulatory audits and for integrating on-site and off-site activities. Assessors looked into how that process is operating in practice. Planning and executing on-site and off-site activities is an integral part of FINMA’s supervisory approach. Before prudential audits are performed by recognized audit firms, FINMA receives from the external auditor their annual risk analysis and, based on this analysis, the planned audit strategy in a preliminary stage. FINMA has to agree to the risk analysis and audit strategy and considers it therefore its own. Audit depth and frequency then depend on the level of risk identified for every audit field. Only following FINMA’s approval does the audit firm start with its detailed audit work. In case of disagreement, FINMA will ask the audit firm to adapt the audit strategy. For its off-site supervision, FINMA has defined work procedures, which are known as “standard operating procedures” or SOP. Frequencies and the time limit for performing the various tasks listed in the SOP are clearly defined and also depend on the combination of category and rating of the bank. One of the listed tasks covers the examination of the long form audit reports that is delivered by the external auditor. Generally the key account manager (KAM) for larger or mid-size banks would examine the whole audit report and communicate with the audit firm, often extensively. For smaller banks that are risk rated green or low, only the summary report needs to be read, unless there are relevant findings and the communication with the audit firm will often be considerably less. Assessors discussed with major audit firms their internal process for quality control. Major firms have second partner review on all regulatory audit engagements. That also included discussing how they ensuring that their audit affiliates in foreign locations understand how regulatory audit work differs from their normal financial statement audit work. Assessors’ review of these reports revealed some difficulty in determining that adequate consistency exists and that it is fully possible to understand the meaning of the output from the regulatory audit (see EC1). Some of the enhanced procedures required by FINMA were introduced relatively recently, as noted in EC1. FINMA and auditors of major and mid-size banks report there is extensive interaction. Also there are clear examples of extensive feedback from FINMA individual KAMs to auditors on FINMA findings and analysis from other sources that may affect the regulatory audit. However considering whether issues from one audit or analysis might affect regulatory audits of other similar institutions is less structured and frequent. Department heads showed a good understanding of the risks facing institutions.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable21 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	Depending on the bank category, different types of reports have to be delivered on a regular basis. For example, banks belonging to category 3 provide quarterly business/risk management reports. The Key Account Manager (KAM) is in charge of analyzing these reports and making sure that the information is reliable. In order to clarify open issues, the KAM stays in direct contact with the bank representative and/or the audit firm. Furthermore, prudential and financial reports are reviewed annually and the concerns are discussed with the audit firm. Moreover, if necessary, other reports are requested such as reports on capital requirements, liquidity coverage, exposure to the group, etc.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts and a broad range of ratios from the rating system; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	FINMA, together with the audit firms, applies a mix of the above-mentioned tools depending on the category and rating assigned to the bank. Annual assessment letters are sent to all banks in category 1-2 and some banks in category 3 (all at least every two years) containing the FINMA rating and the actions needed. Banks get a copy of the regulatory audit report with its reservations and comments, and may get a management letter from the regulatory auditor. FINMA communicates the findings resulting from its activities, i.e., supervisory reviews, special analyses, peer reviews, etc. to the banks. FINMA ensures a timely implementation of the notices of reservation and the recommendations. The audit firm checks the implementation of the relevant issues and confirms their resolution status in the next prudential audit. Stress tests and other information and analysis related to capital (and increasingly liquidity) are highly developed and provided to the KAM, reflecting the capital orientation of the Swiss approach.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	FINMA’s early warning and Camels-based rating system provides substantial quantitative data and qualitative information (capital adequacy, asset quality, management factors, earnings, liquidity, and sensitivity to markets risks) on individual banks and banking groups. Outlier analysis is performed within various peer groups, and the system assesses a range of bank financial information and a large number of ratios against various pre-defined thresholds. A system-generated rating is produced that the KAM then accepts or modifies based on other information or expert judgment. FINMA has developed an internal semi-annual publication, the “Risikobarometer”, to track macroeconomic and regulatory risks and developments. This is similar to financial stability reports published in other countries. FINMA also has an internal semi-annual publication with more in-depth analysis of the real estate market (see answer to principle 8, EC 4). This has lead to additional supervisory reviews, more intensive monitoring capital add-ons under pillar 2 for selective banks. In addition, the SNB has triggered the countercyclical buffer for real estate exposures. Further, FINMA establishes a semi-annual macro-financial stress scenario that is used for the supervisory stress-testing of the two Swiss large banks, known as Loss Potential Analysis. Since 2010, additional analysis of capital plans, based on some of the concepts in the LPA, have been extended to a few institutions in categories 2 and 3. This is designed to provide a better appreciation of their vulnerability. FINMA communicates to the banks the issues identified and the measures which have to be implemented. If necessary, measures to adjust risk measurement or reduce risks are agreed.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	FINMA Circular 08/24 requires that every bank must have an appropriate and qualified internal audit, directly reporting to the board and independent of operational management. A large number of smaller and mid-size banks outsource internal audit to a recognized external audit firm. Regulatory auditors must explicitly confirm in their annual long form reports that: the technical and personal resources are appropriate for internal audit; the necessary professional competences are effectively available; cooperation between the external audit firms and internal audits is adequate; and, the external audit firms have access to the reports of the internal audit, without any limitation. Assessors discussed with regulatory auditors how they form this judgment. Regulatory auditors have extensive communication with internal audit as part of their reviews, which helps inform their judgment. FINMA has also set informal benchmarks as to what internal audit resources it expects relative to the size of the institution.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	The frequency of contacts with the board of directors as well as with senior and middle managers largely depends on the categorization and rating of banks and banking groups. The interaction at the board level for the two category one banks is extensive. Regulatory auditors have the opportunity to observe boards. They do not however do a formal board effectiveness assessment as part of their methodologies. The results of supervisory examinations are also discussed as appropriate with the external auditor. The supervisor also can meet separately with the bank’s independent board members. Based on discussions, assessors have the impression that for other categories of banks the extent of contact is markedly less, especially at the board level.
EC8	The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	Key findings from the ordinary prudential audit performed by the external auditor are captured in writing in the long form report which is submitted to the board and management for discussion and acknowledgment. The results of the on-site reviews conducted by FINMA are also systematically communicated to the bank in written reports and discussed with the appropriate management level. For the two big banks (category 1) and institutions in categories 2 (annually) and 3 (at least every two years), FINMA formally notifies by assessment letters any shortcomings identified and the action required to address them. All assessment letters are provided to both boards and senior management.
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	Tracking of follow-up actions by banks is normally through the prudential audit process, but can also be directly to FINMA. FINMA’s MIS system tracks deficiencies and allows identification of issues that need to be raised with senior management or boards.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	Banks licensing process includes approval of internal documents that set out its product and geographic scope. So any substantive change in a banks’ activities requires making changes to the articles of incorporation and the main Organization and Business Rules. These changes require FINMA’s approval (Art. 3 para 3 BA) Furthermore banks have to notify FINMA before they establish, modify or close a subsidiary, branch, agency or representative office abroad (Art. 3 para 7 BA and Art. 6b BO). Licensing staff reported that they can receive 1,000–1,500 notifications a year from each of the two largest Swiss banks, of which normal year 20–30 are licensing requests (rising to up to 100 in special years). Any adverse matter has to be reported to FINMA by the bank’s audit firm or in the annual audit report.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	Audit firms (and also the persons performing the audit) must be officially recognized by FINMA (see criteria in Circular 13/04 “Audit firms and lead auditors”). They are subject to ex-post quality controls made by a special FINMA unit. FINMA also uses third party experts/firms for performing targeted interventions (investigations of complicated problems/matters; delivery of a second opinion if it is not convinced by the assessments and confirmations given by the ordinary external audit firms). Assessors had extensive discussions and review with various parties as to how these rules are working in practice. (see CP8 and EC1 of CP9 above) When FINMA mandates specific independent reviews, such as for model approval, assessors saw examples of detailed clear instructions.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	For a number of years, FINMA has applied a rating system for banks and banking groups. The rating system provides substantial quantitative data and qualitative information on supervised banks and banking groups. The rating system is one of the main tools available to the supervisor. A large range of standardized reports and specific thematic analyses are centrally prepared to address topical issues and to detect outliers and critical trends.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	FINMA has an internal audit function currently consisting of three people. The internal audit reviews FINMA teams adherence to processes set out in the standard operating procedures, not the content of supervisory reports or risk or rating analysis. FINMA may rely on quality controls carried out by an independent person not attached to the head of supervisory activities (12 intensive controls and 16specific controls were made in 2012). These apply not only to adequacy of procedures but also on risk analyses, audit strategies, and rating analysis, among others.
Assessment of Principle 9	Materially Non Compliant
Comments	The enhancements to on-site and off-site processes put in place recently are appropriate and essential. They start to move FINMA away from the capital-predominant approach of previous agencies, and towards the more intensive supervision prevalent in other jurisdictions after the crisis. However, there is potential for material control or risk management weaknesses to go undetected, and the issues identified in the assessment are not just minor shortcomings. The recent enhancements are in the right direction, although some need to be given time to show results and others need to be materially intensified to achieve the desired goal. Standards for intensive supervision post-crisis have increased considerably. Remedying this is not simple, and it is unclear that compliance can be achieved in the immediate short term given FINMAs commitment to a head-count freeze and the difficulty of enhancing audit procedures, related guidance and instructions quickly. With adequate resources and further changes to processes, remedying the situation can be done within the existing model of use of regulatory auditors. For a jurisdiction with systemically important institutions, the depth of on-site review by auditors and by FINMA is not sufficient. Extensive review appears to occur around capital and risk model processes and outputs for major institutions and on capital and liquidity related quantitative matters including stress tests. The amount of proactive review of the integrity of qualitative risk management and internal control appears less than needed, especially given the major operational and reputational risks to the system. Having annual broad- based supervisory reviews through the regulatory audit process is not a substitute for a sufficient number of proactive targeted in-depth reviews in potentially higher risk and control areas. The basis of conclusions by regulatory auditors is not sufficiently transparent and their scope is not appropriate in certain areas. The focus of regulatory audits on compliance with legal and licensing requirements means that deficiencies in control and governance processes that are not explicitly specified in laws and regulations and circulars, but are part of FINMA expectations, are not being consistently assessed appropriately. A number of detailed reviews appear more reactive than proactive. As well, the on-site process risks too much negotiation of findings, the potential that important findings may be missed or not adequately highlighted, or root cause analysis performed. That requires more effort by FINMA with respect to bringing regulatory audit findings together and assessing them. Cross-system theme reviews may not be performed by auditors to consistent FINMA expectations. There are few cross-system/theme reviews by FINMA. The number of FINMA in-depth reviews of prudential matters appears low. There is insufficient reporting by auditors of the basis for conclusions and of the nature or seriousness of findings. The fact that auditors must reach a formal opinion and the potential seriousness of a formal reservation to the opinion may be reducing the elevation of issues. It is unclear whether on-site findings are sufficiently factored into FINMA assessments and formal feedback to banks. It can be hard for FINMA to tell whether their reliance on auditors is verified. Verification of the trust placed in auditors has increased but appears light. Remedying the situation will require enhanced strategic risk analysis, more focus and depth to the on-site effort on a selective basis to complement the breadth now provided, clearer reporting by auditors to FINMA, more FINMA off-site work across teams to direct and compare work done and findings by auditors (theme reviews) and more and more frequent, in-depth individual or theme reviews by FINMA itself (or through fully independent agents). This should be more proactive in areas likely to be subject to higher risk or control breakdowns. FINMA could also consider whether in certain banks the scope of the base regulatory audit could be reduced from time to time so more audit resources can be redirected to in-depth review of higher risk areas. FINMA participation in on-site work performed by auditors or by foreign supervisors should be substantially increased. That would provide enhanced assurance that prudential audits in those jurisdictions were delivering what FINMA needs.
Principle 10	Supervisory reporting. The supervisor collects, reviews, and analyses prudential reports and statistical returns22 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power23 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	Under general authority of the FINMA act (Art. 29) Banks are required in FINMA “Circular 08/14 – Supervisory reporting for banks” to report their financial results (on-/off-balance sheet assets and liabilities, profit and loss, asset quality, loan loss provisioning) to FINMA. Other reporting duties cover risk topics such as capital adequacy and liquidity in the context of Basel III, large exposures, risk concentrations, details of credit and market risk capital adequacy inputs, and interest rate risk, as well as share ownership. Data is collected at single entity, and in the case of consolidated supervision, also at group level. FINMA legal power to collect information is general and applies to anyone with a qualified participation in a bank, for example controlling entities. So it can be used for specific information requests as well. Supervisors of major banks also have regular access to individual bank information used by the banks for management purposes (including information going to the board and senior management).
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	Articles 23 to 27 of the Banking Ordinance prescribe the chart of accounts and the structure of the accounting disclosure for banks. Supervisory reporting uses the accounting framework that banks use for their own accounts. Some nine banking groups use IFRS and there is one using U.S. GAAP. Other banks use Swiss GAAP in financial statements (which is generally seen as more conservative than international standard—see CP 27). The fact that one of the large banks is on IFRS and the other on U.S. GAAP can make comparability harder in areas such as the trading book.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and are consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	The accounting standards for positions in the trading book are set out in FINMA-Circular 08/02 Accounting – Banks margin Nos. 22–22d which apply on an individual bank level. They include the possibility of using valuation models for less liquid positions and high level expectations for valuation. The supervisory standards are those of the BCBS (which are implemented in FINMA-Circulars 08/20 Market Risk margin Nos. 32–48 and 08/19 Credit Risk – Banks margin No. 391; requirements regarding valuation adjustments for less liquid positions are set out in FINMA-Circular 08/20 Market Risk margin No 47). Consistency of these Swiss standards has recently been confirmed via the Regulatory Consistency Assessment Program (RCAP) for Switzerland. The prudential audit firm comments in the annual regulatory audit report on the adequacy of the valuation framework and the control procedures of the bank.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	Scope and periodicity of standard reports are the same for all banks. Following the risk-based regulatory approach, banks in categories 1 to 3 (banks with an increased systemic importance) have additional, individual reporting duties, where scope and periodicity vary depending on the actual situation.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	FINMA collects from all supervised banks and banking groups quantitative data and qualitative information in a standardized manner. For reports on capital adequacy and liquidity in the context of Basel III and interest rate risk, frequency varies between single entity level (quarterly reports) and group level (semi-annual reports).
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	FINMA has the legal authority in Art. 29 FINMA Act to request and receive from supervised persons and entities all information and documents that it requires to carry out its tasks. This includes also any ad-hoc reports on specific risks and topics and internal management information.
EC7	The supervisor has the power to access24 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	Art. 29 FINMASA determines that FINMA has the power to access all records to carry out its tasks if needed. The supervisor also has similar access to the bank’s board, management and staff, when required. For instance, in the framework of supervisory reviews, additional records are accessed, and management and staff are interviewed.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines-the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	Due to the Swiss supervisory approach, the prudential audit firm confirms annually if the bank or the banking group is compliant with applicable reporting requirements, and if deadlines were met. FINMA does not have explicit authority to sanction banks for misreporting.
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.25
Description and findings re EC9	In the framework of the annual regulatory audit, the external auditor confirms the accuracy of the quantitative data and the qualitative information reported to FINMA. Quantitative data is collected by the Swiss National Bank (SNB) for FINMA, and SNB performs verification checks. Art. 22 of the Federal Act on the Swiss National Bank determines that the prudential audit firm has to examine annually that banks are compliant with the duty to provide information.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,26 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	Assessors saw examples of specific instructions for such reviews (e.g., to support model approval applications). These were extensive and clear. Assessors did extensive reviews of other supervisory files and internal instructions and methodology documents, as well as held discussion with FINMA staff, line supervisors, and representatives of audit firms and banks. These revealed a number of issues with how this approach works in practice, including that lack of specificity in supervisory guidance reduces the clarity of how regulatory auditors are interpreting these standards. These are covered and rated under CP9 (supervisory techniques and tools).
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	Auditors are required to bring to FINMA’s attention material shortcomings. Assessors saw considerable evidence of this in practice, as it is embedded in the model of use of auditors.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	Periodically, FINMA reviews its data collection and determines if this information still meets its needs. If not, modifications in scope and content are made. Assessors saw evidence of this in practice. Due to the time required for implementing changes FINMA also uses ad hoc focused reporting from major banks or groups of banks on specific topics from time to time.
Assessment re Principle 10	Compliant
Comments	While the use of different accounting standards reduces the potential comparability of supervisory reporting, the similarities in accounting in practice are not serious enough to undercut this compliant rating. FINMA should be given explicit authority to sanction banks for misreporting.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	Regulatory and supervisory shortcomings are addressed, and corrective action requested, both orally in supervisory meetings and in writing in supervisory assessment letters—These also contain the rating of the bank (a compressed version of the camels 1–9 rating scale). For institutions in category 1 and 2 (and category 3 banks that are medium or higher risk) assessment letters are annual. For lower risk category 3 banks the assessment letter is every second year, and there is no requirement for regular assessment letters for category 4 and 5 banks. Assessment letters would be sent if material issues warrant it. Banks get a copy of every annual or specific regulatory audit report including actions necessary. In addition to assessment letters, formal written communication occurs after any specific supervisory review conducted by FINMA. Corrective measures are monitored on the basis of written progress reports delivered to FINMA, typically on a monthly basis, but more frequent reporting is requested where appropriate, until the matter is resolved. Often regulatory follow up is done as part of the audit.
EC2	The supervisor has available27 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	FINMA has specific tools and also uses its general authority (including authority to license institutions) to impose other conditions, short of formal enforcement actions, as a means of reducing risk and/or providing incentives for institutions to rectify problems. These include limits on business activity, Pillar 2 surcharges and other measures. The FINMA act also gives FINMA formal enforcement authority. This applies where a bank “violates provisions of the legislation or if there are other irregularities”. This follows an administrative procedure run by FINMA. The burden of proof is lower than in other proceedings. In situations where speedy action is necessary interim enforcement decrees are possible. Decrees are appealable on legal or procedural grounds, but not generally on the discretion of FINMA in interpreting regulatory standards or requirements. Assessors saw ample evidence that these provisions are used in practice. Decrees are not limited in what they can cover and can, for example be used if necessary to restrict or prohibit certain business activities, request management changes, set capital ratios, suspend shareholders’ voting rights or withdraw an institution’s license. FINMA confirmed to assessors that restrictions are normally possible without resorting to decrees or other formal enforcement mechanisms. FINMA does not have ability to impose monetary penalties. Assessors discussed this with FINMA staff and leadership. They believe that having this tool is not essential to achieving their mandate in bank supervision. In addition, to impose fines, higher standards of proof would likely be required than now needed for enforcement orders. Lastly, FINMA can (and does) refer serious matters for criminal enforcement, where fines are possible. Assessors are not aware of circumstances where achievement of prudential goals was undercut through lack of ability to impose fines. In addition, FINMA can confiscate profits made by supervised entities through serious violation of supervisory provisions. (Art. 35 FINMASA)
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	If an institution is, based on FINMA’s judgment, at risk of breaching general capital thresholds set by statutory law or individual capital thresholds set by FINMA, FINMA may intervene by requesting or requiring capital injections or other appropriate measures to improve capitalization. FINMA is authorized to take corrective measures if an institution does not meet capital requirements, up to and including revocation of license or institution of insolvency proceedings (see also principles 8 and 9). FINMA has experience of using these tools. The process is also applied in case of breach of liquidity thresholds.
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	Depending on the gravity of a situation, the following actions are taken: 1. Regular intervention: FINMA will address the issue with the bank under its regular supervision, or if necessary with the special team focusing on intensive supervision. It may request the bank to take immediate corrective measures to restore compliance with the law and set time limits for the implementation. Such corrective measures might include the restriction of the current business activities of the bank (e.g., prohibition of business activities in certain markets), imposing more stringent prudential limits and requirements (e.g., capital or organizational requirements), withholding approval of new business activities or acquisitions (e.g., acquisitions of other business units/teams), restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, and replacing or restricting the powers of managers, board members or controlling owners. If the bank does not implement the requested corrective measures, the issue will be further escalated under regular supervision and may lead to enforcement proceedings. 2. Enforcement: If (a) the bank does not implement the requested corrective measures under its regular supervision (b) it is apparent that the bank is unable or unwilling to implement the required corrective measures or (c) the situation poses immediate risks to the bank or the banking system or to the interests of depositors, FINMA will open administrative enforcement proceedings (Art. 30 Financial Market Supervision Act, FINMASA; see Enforcement policy). Interim measures: In enforcement proceedings, FINMA can order interim measures to safeguard the situation. In particular, FINMA can appoint an investigating agent to implement the required corrective measures (Art. 36 FINMASA). Depending on its mandate, the investigating agent has the authority to act for the bank instead of the former management (i.e., interim management). Final measures: In enforcement proceedings, FINMA can order the restoration of compliance with supervisory law (Art. 31 FINMASA). In this regard, FINMA has a technical discretion in deciding which corrective measures are required to restore compliance. In the past, FINMA has ordered banks to implement a wide range of corrective measures under this title. For example, FINMA has decided to restrict the cross-border activities of a bank or ordered the closing of branch offices in order to limit business risks. Furthermore, FINMA is able to impose prudential limits and requirements on a bank’s business, withhold approval of new activities or acquisitions, restrict or suspend payments to shareholders or share purchases and restrict asset transfers. FINMA may bar a person from acting in a management capacity in the banking sector for a period of up to five years if he/she is responsible for serious violation of supervisory law (Art. 33 FINMASA). Moreover, it can prevent a bank from engaging a person for a senior executive position, who does not provide assurance of proper business conduct (Art. 3 para let. c BA). FINMA may also replace or restrict the powers of managers or board members. In this regard, FINMA is authorized to appoint an investigating agent, as noted above. FINMA also may suspend the voting rights of controlling owners if their conduct is detrimental to the institution (Art. 23ter BA). Often a bank will implement the required corrective measures while the enforcement proceedings are still open. If this is the case, FINMA may still issue a declaratory ruling (Art. 32 FINMASA) and make its final ruling public (“name and shaming”, Art. 34 FINMASA). In addition, FINMA is authorized to disgorge profits made through a serious violation of the supervisory provisions (Art. 35 FINMASA). 3. Resolution: If a bank no longer fulfills the requirements for its activities or seriously violates the supervisory provisions, FINMA can revoke the bank’s license (Art. 37 Para 1 FINMASA). It will be dissolved. In this regard, FINMA may appoint one or several liquidators responsible for the interim management of the bank (Art. 33 Para 2 BA). As part of the restructuring of a bank (Art. 25 f. BA), FINMA may also facilitate a takeover by or merger with a healthier institution. Assessors reviewed the use of enforcement powers applying to banks with FINMA staff. It is clear that they are used in practice. Over the recent past there have been up to 20–25 bank exits a year, of which 3–4 have been involuntary through liquidation or enforcement action, and the rest through voluntary exit and M&A.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	If necessary FINMA opens enforcement proceedings against individuals for violations of supervisory law. If it finds that a person is responsible for a serious violation of supervisory provisions, FINMA may prohibit this person from acting in a management capacity in the banking sector for a period of up to five years (Art. 33 FINMASA). This situation is far less frequent than actions against banks. In addition, if a person is involved in improper business conduct, FINMA may find that the person no longer provide assurance of proper business conduct (Art. 3 para 2 let. c BA) and is, therefore, unfit to serve as a senior executive officer in the banking sector. If FINMA has doubts regarding an individual’s ability to provide assurance of proper business conduct, it will issue a letter with this requirement to the individual where it deems such action to be warranted. The person will also be registered in a “Watch List”. Should the individual thereupon apply for an influential management position, FINMA will assess whether he/she is fit to serve in this specific position based on available evidence of past conduct.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	FINMA is authorized to take corrective actions that are required to shield an institution from any financial or other risks connected to its parent company, affiliates, shareholders or other related entities (e.g., in parallel-owned banking structures). Such measures may include financial ring-fencing, additional capital requirements, restrictions on dividend payments or organizational measures (e.g., a management structure that is entirely or substantially independent of related entities). FINMA may also suspend the voting rights of a shareholder if their conduct is detrimental to the institution (Art. 23ter Banking Act). Certain of these measures have been used in recent years.
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	FINMA has required the two major banks to prepare recovery and resolution plans, and has had extensive discussions with these banks of those plans. FINMA is assessing what changes in banks structure and operations are needed to enhance resolvability. FINMA has also lead supervisory crisis management colleges to consider these matters involving the U.S. and the U.K. FINMA is the liquidation authority for banks and has considerable experience in managing exits from the sector effectively over the recent past. Insolvency authority for FINMA is shortly to be extended to holding companies in financial groups. FINMA is also strengthening its effort over smaller banks.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	There is no explicit early intervention framework with defined timelines contained in laws or regulations. However under FINMA policies and procedures, banks rated below certain levels must be considered for special supervision and intervention. FINMA standard operating procedures define timelines within which, depending on the rating, supervisory actions shall be taken. FINMA is liable if it has committed a breach of fundamental duties (Art. 19 FINMASA), which provides an incentive to act.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	FINMA is an integrated supervisory agency, including investment funds and insurance business. Therefore, awareness and coordination are implicit features by design, also with respect to the non-bank related entities of a bank (group or conglomerate). In addition, FINMA shares relevant information and cooperates with federal and cantonal prosecution authorities as well as other domestic regulators, such as the Federal Audit Oversight Authority, the Swiss National Bank, the Takeover Board, the self-regulatory organizations (SROs) under the Anti-Money Laundering Act (AMLA), the relevant bodies of the Swiss stock exchanges and the Competition Commission based on Swiss law.
Assessment re principle 11	Compliant
Comments
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.28
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	FINMA law and regulations define a banking group as two or more companies at least one of which is active as a bank or securities dealer or they are active in the financial area or they form an economic unit. Financial conglomerates are banking or securities groups that also include an insurance company. In addition to the two large banks, FINMA supervises more than 100 Swiss banking groups or sub-groups. One of the two major banks operates in a holding company structure; the other is headed by a licensed bank. FINMA advised that for mid-size banks a typical structure would have one or more banks, and asset management companies under a holding company. Individual banks and financial institutions are licensed by FINMA. Under the legislation holding companies are not formally authorized but integrated into the consolidated supervision performed by FINMA. FINMA has several methods to ensure understanding of the group and its activities. The major source of information flows from the licensing process for authorized institutions, which approves internal corporate documents that set out the bank structure, business lines and geographic scope. As part of this process FINMA also requires this information related to the group structure. Changes in the structure of the bank and its entities, and changes in the group structure below the holdco require approval or notification. In addition, under Art. 3 para 7 BA and Art. 6b para 1 BO, banks must notify FINMA if they intend opening a subsidiary, a branch, an agency or a representation office in a foreign country. The information provided must refer to the business plan, the persons in charge of the management of the local entity, the local audit firm and the name of the host supervisor. This requirement for notification is extended by FINMA to holding companies as part of the licensing process of the banking entities in the group. As well, the regulatory audit reports at the conglomerate level must contain information on the up-to-date group structure. These reports must also contain information and opinions on such matters as: (a) adequacy of group corporate governance, (b) adequacy of measures in place in order to make sure that the requirements relating to capital, risk diversification and liquidity are observed at consolidated level, (c) adequacy of consolidated risk management and efficiency of central functions dedicated to control, mitigation and risk reporting, (d) adequacy of group internal audit, (e) adequacy of measures for ensuring compliance with Swiss and local prudential and behavior rules, notably anti-money laundering rules, (f) confirmation that intra-group exposures and commitments have been approved and are well-supervised, (g) confirmation that entities abroad are not used to get around Swiss provisions. Assessors review of these reports and discussion with FINMA staff and banks indicates that they have a good comprehension of group structures. FINMA legislation provides FINMA with a legal right to information on any entities that hold a direct or indirect majority participation in the bank. This is the legal basis for FINMA collection of information on the group from the holding and from its controlling entities if necessary. Risk profiles of groups are part of the regulatory audit process (see CP8/9). Assessors did not see examples where upstream non-financial risks or risks from non-financial affiliates of the bank were formally considered in risk assessments. These entities may or may not be part of the consolidated group but nevertheless need to be part of risk assessment. Risk assessment instructions to audit firms do not clearly require such an assessment. FINMA has experience in ring fencing part of a group. It also has limited its scope of consolidated supervision in certain cases, so that the group must limit its exposures to entities outside the scope of the consolidation.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure.
Description and findings re EC2	The legal requirements with respect to groups are contained in the banking act and ordinances, with further expansion in certain FINMA circulars. The law subjects financial groups to FINMA supervision. FINMA does not have the power to license or authorize groups or group holding companies. However, under the banking act, FINMA can make its authorization of individual banks dependent on adequate consolidated supervision. FINMA uses this general power extensively. Art. 3f BA requires that financial groups must be organized such that the material risks are identified, controlled, and limited. The banking ordinance (Art. 14a) sets out that FINMA supervision at the group level is designed to determine (among other things): whether the group is appropriately organized, has an adequate internal control system, identifies limits and monitors risks appropriately, complies with provisions on capital adequacy and risk concentrations and has adequate liquidity. The group must have the same audit firm for all entities. In addition, the law requires that management and board at group level must be fit and proper and manage properly. The law provides for FINMA to apply rules on capital adequacy, liquidity, risk distribution and intra-group positions at group level, either in general or in individual cases. The law does not contain explicit qualitative requirements for risk management or internal control at group level. FINMA enforcement power (e.g., to issue formal orders or decrees) does not apply at the group level only to authorized institutions within the group. The power to appoint an agent to replace management does apply at group level. (see CP11) FINMA does not have direct authority to approve or stop foreign acquisitions made by a financial group by a Swiss-based financial group at the holdco level. FINMA does not have insolvency authority at the holding company level but this is planned to be added to the legislation in 2014. While not specified precisely in the legislation, as a general principle, the same supervision expectations of FINMA apply to a bank or securities dealer group on a consolidated basis as they do to a bank or securities dealer on an individual basis. Assessors discussed with FINMA extensively their ability to achieve desired prudential results at group level given the fact that their formal authority to operate directly at group level is less than in some jurisdictions. While FINMA does not have direct powers over the group, FINMA staff indicated that they have the ability and willingness to act at the level of the individual bank to achieve results. FINMA reports that lack of direct legal authority has not been a problem to date.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	The audits and reports performed by audit firms include group-wide risk assessments and comment on the adequacy of the management’s oversight of a bank’s foreign operations. Subsidiaries abroad are required to report quantitative elements to the parent bank to be able to measure and report these elements at the group-wide level. If there are elements of hindrance in the host countries for the parent bank, this would be captured by the audit firms and addressed in their audit reports. In its position paper (2010) addressing legal and reputational risks in cross-border financial business, FINMA set out its expectations on these matters. In their audit reports, the audit firms report on the bank’s risk management with regard to cross-border activities. FINMA intends to focus more on assessing whether supervised institutions are aware of the risks inherent in their cross-border operations and take appropriate measures to mitigate them. FINMA regularly meets with host authorities, shares information with them and takes into account the effectiveness of supervision conducted in countries in which Swiss banks have material operations. (see CP13)
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	Periodic on-site examinations of foreign offices are mainly made by the audit firms as part of their regulatory report. At large Swiss banks, FINMA also occasionally visits foreign offices or performs on-site supervisory reviews. The frequency of on-site examinations of a bank’s foreign operations depends on the one hand on how substantial the foreign operations are for the banking group and on the other hand on the risk assessment relating to those foreign operations. Assessors discussed FINMA practice in this regard. FINMA recognizes that foreign affiliates of recognized audit firms may have less familiarity with FINMAs regulatory expectations of them in assessing Swiss banks foreign operations. Assessors also gained the impression from these discussions that resource constraints are a reason for the limited number of FINMA on-site reviews of foreign operations.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	FINMAs focus on this is informal on a case-by-case basis.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	FINMA takes account of these aspects in the ongoing licensing process which considers changes in business structure, scope and geographic location. FINMA has well developed ability to assess quality of supervision in other jurisdictions. FINMA does not have the legal power to directly require the closing of foreign offices but it has the ability to reach this goal by other means. FINMA’s most important tool in this regard is its discretionary ability to require more capital (i.e., in the case of a subsidiary with excessive risks) or to make a statement that the bank/group is not complying with general requirements (i.e., if there is no appropriate control of the group on one of its subsidiaries).
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.29
Description and findings re EC7	As a general principle, the same supervision/regulations apply to a bank or securities dealer group on a consolidated basis as do to a bank or securities dealer at single entity level. Hence, quantitative and qualitative elements as described in description and findings re EC2 are also supervised on a stand-alone basis. Since capital adequacy and large exposure requirements must be complied with on a stand-alone basis, at the consolidated bank level (sub-consolidation) and bank group level, the requirement that all entities in a banking group are supplied with adequate capital according to the allocation of risks must also be fulfilled (see also principle 16, AC2).
Additional criteria
AC1	For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies.
Description and findings re AC1	In Switzerland, corporate ownership of banks is possible. Art. 3 para 2 let. C bis BA states that persons or entities who have directly or indirectly 10 percent or more of capital or voting rights or can exercise a significant influence on the bank (i.e., qualified shareholders) must give the guarantee that their influence will not endanger the prudent and sound management of the bank. When FINMA grants a license to a new bank, it examines very closely the nature, identity and possible influence of every qualified shareholder. Recognized banks must send an updated list of the direct and indirect qualified shareholders to FINMA every year. The external auditors, in the context of the prudential audit, must comment every year in their long form reports on the relations of the banks with the qualified shareholders, confirm that the latter do not exercise any negative influence and also confirm that economic transactions are “at arm’s length.”
Assessment of Principle 12	Compliant
Comments	FINMA consolidated supervision is of high quality, as regulation, monitoring and reporting cover groups comprehensively. Risk assessments, however, need to be extended to formally consider risks arising to the group from non-financial entities upstream from the group or from non-financial affiliates. While the legal framework is not as clear as it could be, FINMA is able to achieve its goals indirectly in those cases. Experience in other jurisdictions suggests that, in extremis, the power to act at the level of the individual institution may not be enough to achieve group-wide results. As a preventative measure, the law should be strengthened to allow interim and permanent enforcement decrees to be applied at the holding company level.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	FINMA organizes a considerable number of supervisory colleges as home supervisor for UBS and Credit Suisse Group. Key foreign supervisors are the US and UK and in addition to colleges there are extensive regular communication. FINMA staff confirmed to assessors that they are satisfied with the information flow to them as home supervisor from host authorities and to them as host.
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group30 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2	FINMA MOUs are focused on supervisory authorities in countries with whom there is an extensive exchange of information due to the large number of cross-border branch offices of supervised institutions. These memoranda of understanding specify cooperation and procedures within the statutory framework (Arts. 42 and 43 FINMASA, Art. 23septies BA, Arts. 38 and 38a SESTA, Art. 143 CISA). FINMA is also legally authorized to cooperate with a foreign supervisory authority even in the absence of a specific agreement between the two. If the cooperation involves the exchange of confidential data, FINMA generally requires an ad-hoc declaration from the requesting supervisory authority stipulating that the information may only be used for the direct supervision of the regulated institutions, that the supervisory authority is bound by official or professional confidentiality provisions, and that the information may not be published or passed on to other authorities and bodies, including other supervisory or criminal prosecution authorities, without the prior consent of FINMA. FINMA processes appear effective and well used, both in its role as home and host supervisor.
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	National and international cooperation is one of FINMA’s five strategic goals. Collaborative work is conducted from time to time. In 2011 and 2012, U.K. FSA conducted in depth on-site reviews focused on identifying and supervising politically exposed persons (PEPs) at U.K. banking groups. In collaboration with U.K. FSA, FINMA performed comparable work at Swiss subsidiaries and branches of U.K. banking groups to be able to share the results with the U.K. FSA and to address if necessary the need of improvement in the whole group. FINMA also performs joint reviews together with the Federal Reserve Bank of New York (FRBNY) and the U.K. regulator (U.K. PRA).
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	As a follow-up to the supervisory colleges, FINMA provides feedback to the bank on the issues discussed by the regulators. In the case of joint audits, the letter presenting the findings is initially discussed between the regulators involved before being communicated to the bank. Furthermore, in the context of projects involving several authorities, common update meetings are held where all authorities participate.
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	FINMA has established Crisis Management Colleges for Credit Suisse and UBS. It is developing a global resolution strategy with the key host regulators for both banks based on a single point of entry approach. The resolution plans are expected to become the basis of any future cooperation and coordination arrangement which FINMA will therefore conclude as soon as the resolution plans are in a stable condition. In the interim, FINMA continues to be able and willing to exchange information on resolution planning and resolution actions in accordance with its laws and regulations and will use for that purpose the existing supervisory arrangements on cooperation and information exchange. In addition, FINMA works towards establishing institution-specific cooperation agreements which will go further and, in particular, strive to set modalities for mutual recognition of resolution measures and supportive actions.
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	FINMA has shared the recovery plans provided by both Swiss G-SIB and information on resolution received from the banks with the Crisis Management College members. The resolution plans will also be shared among these authorities once they have been finalized. The resolution plans specify how both home and host authorities will interact with each other and coordinate the resolution process if the resolution triggers are hit either in home or host jurisdictions.
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	FINMA authority, reporting and requirements for adherence to laws and circulars that apply to domestic banks also apply to foreign banks established in Switzerland. FINMA in licensing foreign banks participation in the Swiss market also pays particular attention to the prudential standards and supervisory approach in the home country. Assessors discussed this with licensing authorities. It was clear from the discussions that FINMA takes these assessments very seriously, has enhanced them post crisis, and uses its authority as necessary to deny licenses or take other actions.
EC8	The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	Under Art. 43 para 2 FINMASA, FINMA may permit foreign authorities responsible for financial market supervision to carry out direct audits at Swiss establishments of foreign institutions, provided these authorities: are responsible for the consolidated supervision of the audited institutions as part of home country supervision; are bound by official or professional secrecy; and will only use the information for the direct supervision of foreign institutions and not pass it on to other authorities without general authorization in an international treaty or FINMA’s prior consent. The group’s safety and soundness and compliance with customer due diligence requirements can be assessed through on-site visits. However, Art. 23septies BA does not grant the foreign supervisor direct access to information which directly or indirectly relates to asset management or deposit activities for specific customers (private banking carve-out). The review therefore has to be conducted on a no-name basis or by a Swiss audit firm that takes the above-mentioned Article into consideration. Individual client files can be accessed after any client-identifying data has been redacted. If necessary, FINMA will collect the client-identifying data and transmit it via administrative assistance. In practice, foreign home supervisors from time to time conduct on-site inspection on Swiss local offices and subsidiaries of their banking groups.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	Not applicable to Switzerland (no existing shell banks).
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	As described in the preceding ECs, FINMA works in close contact with other supervisors through various channels. Before taking supervisory action based on information received from another supervisor, FINMA always consults with that supervisor.
Assessment of Principle 13	Compliant.
Comments	FINMA has well developed relations with key foreign supervisors of the largest banks. Use of audit firms’ global networks increases FINMA reach. The issues with depth and breadth of supervisory coverage on the largest banks are taken into account in grades for CP8/9. It also covers recommendations for additional offshore supervision.

View Table

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.5 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.6
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision7 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	The Swiss Financial Market Supervisory Authority (FINMA) is responsible for supervision of banks in Switzerland. FINMA is “the authority that supervises the financial market” and a “public institution”. (Financial Market Supervisory Act (FINMASA) Art. 4). It is a unified supervisor; the law provides FINMA the supervisory authority over those licensed by it which includes banks, insurance firms, collective capital investments, and audit companies. (FINMASA Art. 2). FINMA’s authority covers licensing, supervision, application of corrective actions and sanctions, and issuing regulation in the form of ordinances and circulars. According to the National Bank Act (NBA), the Swiss National Bank (SNB) has the mandate to ensure price stability while taking due account of the development of the economy. Within this framework, the SNB has “to contribute to the stability of the financial system” (NBA Art. 5). It also is responsible for the supply of liquidity and act as a lender of last resort in the event of a crisis (NBA Art. 9). There are two particular areas where the SNB participate in decisions affecting microprudential supervision: Under the Banking Act (BA) Art. 8 para 3, the National Bank designates—after consulting FINMA—the systemically important banking institutions and their systemically important functions; and Under the Capital Adequacy Ordinance (CAO) Art. 44 the Swiss National Bank can issue a proposal to the Swiss Federal Council to activate, adjust, or deactivate a countercyclical buffer. Prior to issuing such a proposal, the Swiss National Bank must consult with FINMA. Cooperation between FINMA and SNB is described in a MOU between two institutions established in February 2010. The MOU focuses on the following areas: assessment of soundness of systemically important banks and/or the banking system; regulations that have a major impact on the soundness of banks; and contingency planning and crisis management. A high-level steering committee which meets at least twice a year as well as a standing committee which meets at least four times a year has been established for coordination, including on joint projects. It also provides a framework for information sharing including confidential ones. Currently the two largest banks have been designated as systemically important. The relevant legal fundamentals are made public on FINMA’s website and on that of the Swiss Federal Administration.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	FINMA’s objectives are provided as “[I]n accordance with the financial market acts, financial market supervision has the objectives of protecting creditors, investors, and insured persons as well as ensuring the proper functioning of the financial market” (FINMASA Art. 5). FINMA does so mainly by prudential supervision which – with regard to banks – “promotes the safety and soundness of banks and the banking system”. FINMASA Art. 5 also stipulates that “it (financial market supervision) thus contributes to sustaining the reputation and competitiveness of Switzerland’s financial center”. The authorities explain that this wording—“it thus contributes”—clearly subordinates the contribution to “sustaining the reputation and competitiveness of Switzerland’s financial center” to promoting the safety and soundness of banks and the banking system. They also explain that it is the way in which FINMA understands its responsibilities and conducts banking supervision and that this contribution is performed through creating robust regulatory and supervisory frameworks. The assessors were also informed that there is a Parliamentary initiative to expand the objectives of FINMA by amending FINMASA to include promoting the competitiveness of the financial center as one of the primary objectives. The act also requires FINMA, in exercising its regulatory powers, to take into account the effect that regulation has on competition, innovative ability and the international competitiveness of Switzerland’s financial centre, in addition to the compliance cost and international standards. (FINMASA Art. 7) Again, FINMA explains that this Article. does not cover supervisory actions and that it understands that this requirement is fulfilled by constructing a robust regulatory framework that contributes to the safety and soundness of banking system, and by ensuring meaningful consultation on new initiatives.
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile8 and systemic importance.9
Description and findings re EC3	FINMA is responsible for the supervision of banks and banking groups in Switzerland. The Swiss regulatory framework for banking supervision is formulated at three levels: Federal acts such as the Federal Law on Banks and Savings Banks (Banking Act, BA) and the Financial Market Supervision Act (FINMASA) are issued by Parliament. In the hierarchical structure of Swiss legislation, federal acts are subordinate to the Constitution. Under the Federal Constitution, all important legislative provisions must be passed as a federal act. This includes, for instance, severe restrictions on constitutional rights (e.g., economic freedom), basic provisions on the rights and obligations of persons and on procedures followed by the federal authorities. Federal acts are drafted by FDF and submitted to the parliament. The way this work is conducted depends case-by-case, but a project team consists of relevant parties including FDF and FINMA could be organized. The draft could be changed through the parliamentary process. Ordinances are based on parliamentary laws and are issued by the Swiss Federal Council or very occasionally by FINMA. The Federal Council can pass general legal provisions in the form of an ordinance insofar as it is empowered to do so by an act or directly by the Constitution. Federal ordinances are also drafted by FDF and submitted to the Federal Council. For administrative units such as FINMA to issue ordinances, explicit delegation in laws or Federal Council ordinances is required. Circulars can be issued by FINMA to set forth its practice with regard to the above regulations. The purpose of FINMA circulars is to enable the supervisory authority to implement legislative rules in a uniform and proper manner by specifying open, undefined legal norms and outlining generally abstract requirements for exercising discretionary powers. Circulars do not need any explicit legal basis in an act; their content, however, must be materially related to acts and ordinances. Circulars are binding for FINMA. Circulars must be approved by the board of FINMA. Compliance with all FINMA Circulars (as well as Acts and Ordinances) applicable to banks are subject to the annual audit process and issues of non-compliance will be reported in the annual audit report, based an assessment of risk and materiality. However, Circulars do not have the characteristics of Acts of Ordinance. Accordingly, a supervised institution may appeal against a Circular in a concrete case if the institution considers the Circular is not applicable for its particular circumstances. In addition to these, FINMA publishes guidance through various forms, including Frequent Asked Questions and FINMA position papers. Although these do not formally have same degree of enforceability, they are understood by banks and external auditors to compliment Ordinances and Circulars and banks need to adhere to them.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	The authorities observe developments on the financial markets, both nationally and internationally to identify and understand the relevant risks and follow the evolution of international regulations as well as its effects on Switzerland, and these developments, as well as parliamentary trigger the regulatory or legislative process. Regulations, including laws and ordinances are revised frequently; for example, BA was most recently amended in September 2011, BO June 2012, the new CAO was issued June 2012, and a number of circulars have been issued each year. However, as explained in relevant CPs, some circulars, particularly those related to specific risk management requirements, are not revised frequently enough to keep them updated and relevant. In the process of formulating regulations, FINMA communicates information on regulatory initiatives and their current status to various stakeholders. Draft regulations and explanatory reports are in general submitted for open consultation to give all interested parties the opportunity to express themselves. In general, comments received are published together with a report on the considerations and the adopted legislation. FINMA’s reactions to relevant issues raised during the consultation are included in the consultation report. Also, public hearings are held about draft regulations to involve wider stakeholders including depositors and other customers. If justified by the importance of a regulatory project and permitted by timing and circumstances, workshops and joint working groups with the supervised entities may also take place. Industry participants that assessors met were generally satisfied with their communication with FINMA, but some noted that more frequent and candid dialogue on regulatory issues between FINMA and the industry would be valuable.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	(a) FINMA has full access to banks’ and banking group’s Board, management staff and records as provided by FINMASA, Art. 29, which stipulates that “the supervised entities (including the institutions’ management and staff), their audit companies and auditors as well as persons or companies that are qualified investors or that have a substantial participation in the supervised entities must provide FINMA with all information and documents that it requires to carry out its tasks”. (b) Under certain circumstances, not only a bank as a solo entity but also a “financial group” or a “financial conglomerate” including related entities both domestic and cross-border becomes subject of group supervision by FINMA (BA Art. 3b f). (See Cp12.) As a consequence, FINMA reviews the overall activities of a banking group, both domestic and cross-border, if it is the lead home-country regulator of such a group. However, entities conducting non-financial activities are excluded from group supervision. (c) Branches and subsidiaries of foreign banks must obtain a license from FINMA. These institutions are subject to similar regulatory and supervisory requirements applicable to all other Swiss banks, including requirements to furnish information to FINMA.
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	If a bank poses problems as described above FINMA has the power to take the required corrective measures (see CP11). Depending on the gravity of a situation the following measures will be taken and escalated accordingly: Regular supervision: FINMA will address problems with the bank under its regular supervision. In this context, it may request the bank to take immediate corrective measures and impose time limits for the implementation. Enforcement: If (a) the bank does not implement the requested corrective measures under its regular supervision, (b) it is apparent that the bank is unable or unwilling to implement the required corrective measures, or (c) the situation poses immediate risks to the bank, the banking system or to the interests of depositors, FINMA will open administrative enforcement proceeding (Art. 30 FINMASA). Interim measures: In enforcement proceedings, FINMA can order interim measures to safeguard the situation. FINMA can appoint an investigating agent to implement the required corrective measures (Art. 36 FINMASA). Final measures: In enforcement proceedings, FINMA can order the restoration of compliance with the supervisory law (Art. 31 FINMASA). The possible measures are not pre-defined. In addition, FINMA can: bar a person from acting in a management capacity in the banking sector for a period of up to five years (Art. 33 FINMASA); confiscate any profit made through a serious violation of the supervisory provisions (Art. 35 FINMASA); and, revoke the banking license (Art. 37 FINMASA). FINMA is the competent authority for the resolution and/or liquidation of banks in Switzerland. In this regard, FINMA assumes the role of the ordinary bankruptcy authorities, i.e., FINMA decides on the liquidation of a bank (Art. 33 para 1 Banking Act, BA). FINMA may appoint one or several liquidators who are subject to its supervision (Art. 33 para 2 BA). FINMA may also itself assume the role of the liquidator (through a specialized unit within FINMA). In addition, FINMA is the competent authority to recognize the effects of bankruptcy/liquidation proceedings over a foreign bank in Switzerland.
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	FINMA establishes its consolidated supervision at the level of the parent company if the group of companies including a bank meets the definition of financial group as noted above. Thus parent companies are included in FINMA’s group supervision and required to provide information and documents. As noted above, group supervision supplements supervision of a bank as a solo entity. In addition, “qualified investors or that have a substantial participation” in a bank are also required to provide information and documents requested by FINMA. In case of companies affiliated with parent companies, if they are companies operating in the financial sector, they will also be subject to group supervision, which gives FINMA the ability to request information. If these companies are not operating in the financial sector, they will be exempted from group supervision and FINMA will have no direct power over these entities.
Assessment of Principle 1	Compliant
Comments	Changes to the objectives of FINMA to elevate promoting competitiveness to a main objective (as described in EC1) would risk confusing FINMAs mandate and would be contrary to this CP. Despite the compliant grade, there are weaknesses in the power of FINMA which are taken into account in assessment of other CPs. In particular, the existence of gaps in the regulatory framework, infrequency of updating circulars, and use of FAQs and other secondary documents to augment regulations, cause a challenge in consistent application of the regulatory framework and in supervisory activities.
Principle 2	Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	FINMA is created as a public law institution with its own legal personality and official seat in Bern (FIMASA Art. 4). Governance and independence of FINMA are specified in Section 1 of Chapter 2 of FINMASA and further underpinned by the secondary regulations on the organization of FINMA. FINMSA Arts. 9 and 10 and the related secondary regulation on the organization of FINMA specify the terms and conditions of the composition and tasks of the Board of Directors (BoD) and the management board. It requires BoD, which is appointed by the Federal Council and comprises seven to nine members, to be independent of the supervised persons and entities (FINMASA Art. 9 para 1). The Chair of BoD is not permitted to carry out any other economic activity nor hold any federal or cantonal office unless it is in the interest of fulfillment of the tasks of FINMA (FINMASA Art. 9 para 4). Further, FINMASA Art. 21 para 1 requires FINMA to carry out its supervisory activity autonomously and independently. FINMA is funded independently from the general federal budget by levying fees for individual cases and services as well as annual supervision charges on supervised entities (FINMASA Art. 15). FINMA’s budget is only subject to approval by FINMA’s BoD. The relevant Ordinance issued by the Federal Council sets a broad framework of fees and charges but it does not constrain FINMA’s ability to charge banks. FINMA’s annual report and three year strategic plan is subject to approval by the Federal Council. At least once a year, FINMA discusses the strategy for its supervisory activities and current issues of financial center policy with the Federal Council (FINMASA Art. 21 para 2). FINMA has its own Personnel Ordinance (subject to approval by the Federal Council) which provides FINMA with increased flexibility regarding the remuneration of its employees compared to the federal administration. FINMA explains that it enjoys a large degree of autonomy in the performance of its supervisory duties. Its decisions can only be appealed in court. For regulation above FINMA level (acts and federal ordinances) as well as for international policy development FINMA coordinates with other relevant authorities such as FDF and SNB. There are no observers from government, politics or industry present in meetings of FINMA’s BoD or Executive Board. The government cannot issue operational instructions to the supervisory authority. FINMA is accountable to the Federal Parliament, which exercises general oversight (“Oberaufsicht”) over FINMA according to the ordinary working modalities of the Swiss Parliament (FINMASA Art. 21 para 4). There are no provisions that allow Parliament or the Federal Council to intervene in operational issues under the FINMA’s responsibility, such as supervisory actions and decisions on individual banks. FINMA explains that there is interference on a day-to-day basis with FINMA’s supervisory work neither by Parliament nor by the Federal Council. Currently, however there is substantial parliamentary interest in FINMAs power to issue what amount to rules or guidance, and the effect on various aspects of the sector’s competitiveness. Proposals to change FINMA’s mandate are on hold pending a review of its regulation versus international norms. Recently, in response to FINMAs decision in 2012 to impose Pillar 2 requirements on midsize banks, Parliament passed a motion requiring the Federal Council to take this power away from FINMA and vest it in the federal council instead. That motion indicated in a non- binding way that the resulting Pillar 2 capital charges should be capped at values less than FINMA now has in place.
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The Federal Council appoints the FINMA’s BoD. In doing so, it must ensure the appropriate representation of both genders. It appoints the Chair and the Vice-Chair. It determines the level of remuneration. (FINMASA Art. 9 para 2). The BoD has to be comprised of seven to nine expert members, who are independent of the supervised persons and entities. The members of BoD, including the Chair and Vice Chair, are appointed for a term of office of four years; each member may be reappointed twice (FINMASA Art. 9 paras. 2 and 3). The Federal Council removes members of BoD “if the requirements for holding office are no longer fulfilled” without providing further details, although this has not happened to date. (FINMASA Art. 9 para 5). There is no requirement to disclose the reason(s) for removal. The Chief Executive Officer (CEO) and the members of the Executive Board are appointed by the BoD. The appointment of the CEO is subject to approval by the Federal Council (FINMASA Art. 9 para 1). Consequently, the Federal Council has to approve the decision of BoD to terminate the employment of CEO “if the requirements for holding office are no longer fulfilled” (FINMASA Art. 9 para 5). Moreover, the FINMA Personnel Ordinance Art. 9 para 4 provides that the termination of an employment contract, including the one for CEO, must be for objective reasons and they have to be communicated in writing to the person concerned. For the CEO and other members of the Executive Board, there is no requirement to disclose the reason(s) for removal.
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.10
Description and findings re EC3	FINMASA Art. 9 provides that BoD determines the strategic objectives of FINMA and submits them to the Federal Council for approval. The strategic objectives are determined for a period of 3 to 4 years and published on FINMA’s website (Strategic Goals 2013 to 2016). FINMASA also stipulates that BoD “draws up the annual report and submits the annual report to the Federal Council for approval prior to publication.” (Art. 9, Art. 22). This provides information on annual activities and priorities. There is also an annual hearing with the relevant Parliamentary Committees.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	FINMASA Art. 9 stipulates that the BoD decides on matters of substantial importance. Details on what constitutes matters of substantial importance are provided in FINMA’s Organizational Rules Art. 2 as: matters of considerable consequence for financial markets or of systemic importance as evidenced at one or more of the supervised institutions; matters of particular interest for the general public; matters that result in establishing rules of practice or a change thereto; matters involving a high liability risk for FINMA or having a long-term effect on FINMA’s reputation; and matters that are designated as such by at least three members of the Board of Directors. Thus, the BoD can be involved in making specific supervisory decisions, although FINMA explains the involvement of BoD on specific supervisory actions has been substantially reduced from its predecessor, EBK. The Executive Board, which is consist of CEO and Head of Divisions of FINMA, decides all matters that do not fall to BoD. In a few cases of lesser importance, the Executive Board may transfer this competence to the divisions. (Organizational Rules Art. 14) FINMA’s BoD as well as the Executive Board can, in urgent cases, pass resolutions via circular (including fax and email), making it possible to respond in a timely manner in the case of emergency. The Chair of the BoD can also take necessary decisions (Chairman’s resolutions) in lieu of the BoD (FINMA’s Organizational Rules Art. 9). FINMA’s internal governance rules at a lower level are mostly established in the Operational Regulations. Regarding conflicts of interest BoD members are required to be independent of the supervised persons and entities (FINMASA Art. 9). In addition, the Chair of the BoD is not allowed to carry out any other economic activities, nor hold any federal or cantonal office, unless they are in the interest of fulfilling FINMA’s tasks (FINMASA Art. 9). This restriction did not apply to other BoD members under the old rule, although they were not allowed to be members of executive boards or chairmen/vice chairmen of Boards of any supervised institutions. The authorities explain that recent appointments were only made under the condition that the candidate gives up any mandate in a supervised entity. Also, as described below, recusal rules apply to prevent potential conflict of interests. The authorities also introduced new rules in December 2013 prohibiting BoD members to engage in any activities in supervised institutions, although it will become effective from 2016. BoD also issued a Code of Conduct that is applicable to BoD and all staff members including members of the Executive Board. It sets out clear prescriptions regarding real and perceived conflicts of interest. For example, FINMA staff members who wish to assume an outside employment position needs to get an approval. Also, FINMA Personnel Ordinance regards outside work by a FINMA employee which results in a conflict of interest with the person’s activities within FINMA as incompatible with the employment with the FINMA, thus no approval will be granted. There are restrictions on transactions of securities of supervised entities, although it is somewhat relaxed for members of BOD who are not chair/vice-chair. The Code of Conduct also requires members of FINMA’s BoD, Executive Board and senior management to recuse themselves from consideration of matters concerning a supervised entity at which they were employed within the previous year.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	See EC4. FINMA’s Code of Conduct also includes the duty to protect the confidentiality of official matters (Art. 14). FINMA also has rules on the appropriate use of information (Regulations on the protection of information). In case of violation of these rules, sanctions such as dismissals can be imposed by FINMA (FINMA Personnel Ordinance Art. 10). A breach of official secrecy is liable to prosecution (Swiss Criminal Code Art. 320). The assessors found the quality of FINMA staff to be very high. This view is also generally shared by industry members who the assessment team met.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; salary scales that allow it to attract and retain qualified staff; the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; a budget and program for the regular training of staff; a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	FINMA is fully financially independent and has a stable and continuous source of funding. FINMA is funded by directly levying fees for individual cases and services as well as annual supervision charges on supervised entities (FINMASA Art. 15). FINMA’s costs not covered by specific fees are borne by the supervised banks. FINMA determines its budget for staff expenses itself, and the related fees and charges, on the base of its resource planning. FINMA views that it has adequate resources to conduct effective supervision and oversight as well as regulatory work on banks. In this context, it believes that its approach of making external audit firms an integral component (“extended arm”) of the supervisory process reduces the need for FINMA to have the specialized resources internally. Audit firms charge the costs of the regulatory audit directly to banks. FINMA’s budget for the banking supervision department has expanded from CHF 39.5 million in 2009 to CHF 65 million in 2013. The number of staff has increased from 371 FTE in 2010 to 442 FTE in 2012. Bank-related staff increased from around 87 FTE in 2010 to 98 FTE in 2012. Of these, some 38 are for off-site supervision and 22 are in risk management, both of whom also perform FINMA lead reviews. Authorization accounts for some 13 FTE and resolution/legal some 10-20 FTE. In addition, the authorities note that external auditors spend around 700 FTE per year for audit work in recent years. However that covers regulatory and financial audit and only some 200FTE of that is for regulatory audit across all categories of firms for normal supervision and some 135FTE is for special audits and model approval. FINMA did not have statistics for regulatory audit by category of banks. However based on the information for regulatory audit and financial audit combined, it appears that over two thirds would be for the Category 1 banks and foreign banks. FINMA has five off-site staff for each major bank, one each for the three Category 2 banks, seven for the approximately 30 Category 3 banks and 20 staff for the approximately 300 category 4 and 5 banks. Only some five of the risk management FTE time goes to banks in Categories 2–5. In certain specific areas such as operational risk, specialist staff is very limited. FINMA has put in place a head-count freeze. Senior management and the BoD is of the view that current staffing is adequate for banking regulation and supervision and do not see the need to increase it substantially. It informed assessors that the institution’s current focuses are on consolidating the institution after a rapid growth since FINMA’s establishment and on efficient use of existing resources. FINMA’s Personnel Ordinance sets out six different salary scales. FINMA explains that the framework of the salary range is sufficiently flexible to retain qualified staff at different levels, except those at the most senior levels. Also, FINMA states that it does not have understaffed key areas at the moment, and that it does not have much difficulty in attracting new staff, as it has a good reputation and can offer interesting jobs and good salaries. It acknowledges this is helped by the current market situation. Furthermore, FINMA relies on external auditors for some technical expertise. The recent turnover rates in the banking division are relatively low (6.8 percent in 2012, compared to 10.1 percent for FINMA overall). In the budgeting process, FINMA queries the scope of costs for external experts that have the necessary professional skills and independence with every department. Afterwards the amount of expected costs will be controlled by the CEO/Executive Board and the Board of Directors. If they agree, the expected costs are approved as a budget. Also during the budget formulation, a training budget has been explicitly set aside. In the years 2009 to 2011, the amount was CHF 2,000 per FTE per year, since 2012 the amount has been raised to CHF 3,000 per FTE. Every department has the responsibility to control the necessity of training for each person and to plan the training of staff. Regarding the budget for information system, required budget has been allocated. During the budget process, the necessity of additional IT tools is clarified, estimated and prioritized. Afterwards, the amount of expected costs will be approved by the Executive Board and the Board of Directors. Cost for travel is also considered during the budgeting process. The travel costs include trips for domestic and international meetings, on-site work, cross-border corporation and other important meetings. FINMA expresses that it does not experience any problem with these budgets.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	FINMA’s personnel planning focuses on determining that its future qualitative and quantitative staff needs are in line with the organization’s strategic needs e.g., FINMA’s Strategic Goals. FINMA states that it needs employees who have both competence and integrity, and operational demands (e.g., experience gained during supervisory reviews, changing supervision categories of several institutions, Basel III (Capital & Liquidity)) to perform its functions. The planned natural attrition of personnel in future years is matched with a succession planning. The resulting difference between supply and demand indicates the future quantitative and qualitative need for personnel. Further, this information feeds into the recruitment and development planning of personnel (e.g., planning personnel developing potential).
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	Supervisory programs and resource allocations follow a risk-based approach based on a pre-defined process (see CP8/9). For a bank requiring more attention, FINMA will assign more resources to ensure an appropriate level of supervision. The two biggest are overseen by a team of five to six people and supported by specialists in the risk unit as well as in the capital unit, making total FTE allocated to the two biggest banks around 30. For smaller banks, however, even for the three in Category 2, which could be domestically systemically relevant, only one person is assigned to a bank. For the roughly 30 banks in category 3 (which includes the cantonal banks), there are staff assigned, and for the smaller banks, a relationship manager oversees a portfolio of banks, which could consist of at least four to five banks. These supervisors are also supported by specialists, albeit to a much lesser degree. In discussions with assessors, those responsible for supervision of a range of smaller and mid-size banks indicate that between one-third and one-half of supervisory time overall is spent on AML/CTF and cross-border issues.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	FINMASA Art. 19 provides that FINMA is liable only if: a) its management bodies or its staff have committed a breach of fundamental duties; and b) loss or damage is not due to a breach of duty by a supervised person or entity. A breach of fundamental duties may have occurred if measures were taken in bad faith. FINMA and its staff are therefore appropriately protected from being held liable for supervisory measures conducted in good faith. Staff is not personally and directly liable in civil law for discharging their duties, although they can be prosecuted if permitted by the Department of Justice. If a staff member acts in good faith, FINMA’s policy is to cover the expenses of a criminal procedure (e.g., court and lawyer fees). The authorities report that litigations against FINMA have been relatively limited and there has not been any court ruling that is against FINMA since its establishment. No prosecutions or litigation has been made against staff members.
Assessment of Principle 2	Materially Non Compliant
Comments	Assessors are of the view that the current resources of FINMA are not sufficient to supervise and regulate the entire banking system effectively, including effective oversight of supervisory work done by external auditors, and that this is contributing to shortcomings in supervision and timely regulation, and weak practical implementation, as described in various CPs. FINMAs adherence to a head-count freeze, that it has decided upon, needs to be relaxed to achieve compliance and to achieve the recommendations in this report. This issue seems acute for middle sized banks which are not globally systemically important but still systemically important domestically. But even for the largest banks, the limited staff resources is constraining further in-depth supervisory work at the level of intensity and regularity being conducted elsewhere. For mid-size and smaller banks, there is a need to conduct more strategic work to address thematic issues that could have material implications, such as operational, legal and reputational risks. For regulatory work, the assessors found a few but important circulars are not updated as frequently as desirable. The assessors believe this is partly due to lack of personnel. The assessors understand that the use of external auditors as an extend arm of FINMA augment resources in FINMA. But, FINMA still needs to exercise enhanced oversight on regulatory audit activities and control quality by providing guidance, assessing works by auditors, and having frequent communications with them, which it understands and making efforts to improve the supervisory approach. There are also thematic supervisory reviews across ranges of banks that are not amenable to being assigned to regulatory auditors. While oversight of supervisors is necessary even in a system where supervision is mainly conducted ‘in-house’, more oversight work is needed where work is outsourced. Assessors appreciate that FINMA is rightly following a ‘quality instead of quantity’ resourcing strategy, but still see the need to increase its resources. Assessors saw no evidence of interference in FINMA’s day-to-day operational independence. However, the assessors view that there are some potential shortcomings in the current legal framework, including the legally stipulated need for FINMA to consider the competitiveness of Swiss financial center. The risk is that this could lead the supervisor to compromise their pursuit of safety and soundness of the banking system. The assessors are also concerned with the current Parliamentary initiative to upgrade this element of the FINMA’s objectives, and to limit FINMAs existing Pillar 2 authority. Related to the governance issue, the assessors found rules to address conflict of interest in FINMA were incomplete for members of FINMA BoD who were not the Chair and the Vice Chair. Given the current set up of the FINMA BoD which expects or permits the members to be involved in any decision regarding individual entities if supported by three of them, as well as regulatory issues that affect the industry, even with the recusal rules, there was a possibility that these gaps could damage the perceived credibility of the supervisor As noted in EC4, the authorities recently strengthened rules to address conflict of interest of members of FINMA BoD. Assessors welcome the decision but believe sound governance and ability to attract Board members could still be enhanced by more clearly delineating and limiting the FINMA Board’s ability to be involved in individual decisions. Thus, the assessors recommend the authorities take following actions: Increase resources for banking regulation and supervision in FINMA. Do not elevate the competitiveness objective in FINMA mandate. Instead, consider removing the reference to competitiveness if needed to avoid confusion and confirm that the primary objective for the supervisor is to promote the safety and soundness of banks and banking groups. Clarify and limit what decisions on individual institutions FINMA’s board should take. Maintain the current FINMA power to set Pillar 2 add-ons on a group of banks.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.11
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	BA Art. 23 authorizes FINMA to share confidential information and documents with other financial market supervisory authorities such as the Federal Audit Oversight Authority, the Swiss stock exchanges as well as SNB. A formal arrangement exists between FINMA, the Federal Department of Finance and the Swiss National Bank based on a tripartite MOU for exchange of information and cooperation in the event of crisis. On the information exchange, the MOU establish a senior-level meeting that meets at least twice a year to exchange information on the macroeconomic environment, the situation in the financial markets and the banking sector, domestic regulatory initiatives as well as international regulatory initiatives and standards concerning the financial markets and the banking sector, and challenges and risks facing the Swiss financial center. On the cooperation in the context of a financial crisis, it sets up a high-level Steering Committee and a working-level Committee on Financial Crisis. The latter meets at least once or twice in a year, regardless of whether there is a crisis. Between FINMA and the SNB a Memorandum of Understanding (MOU) provides for exchange of views in the areas of: (1) assessment of the soundness of systemically important banks and/or the banking system; (2) regulations that have a major impact on the soundness of banks, including liquidity, capital adequacy and risk distribution provisions, where they are of relevance for financial stability; and (3) contingency planning and crisis management. (See CP 2) An informal and frequent communication is also taking place with SNB to share information, exchange views, and coordinate their activities, particularly on the biggest banks. Furthermore, FINMA shares relevant confidential information and cooperates with federal and cantonal prosecution authorities, according to FINMASA Art. 38. Also, information can be shared with other domestic regulators including the Takeover-Board and the Competition Committee under the Anti-Money Laundering Act (AMLA) Art. 29.
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	FINMA has arrangements on cooperation and information exchange with foreign supervisory authorities. FINMA currently has MOUs with 17 jurisdictions, including most major financial centers. These MOUs specify, amongst other things, cooperation on information exchange and on-site inspection within the statutory framework provided by legislation. FINMA is an active organizer of and participant in Supervisory Colleges for cross-border institutions. For the two big Swiss banks, FINMA organizes an annual meeting with all interested foreign supervisory authorities which are of importance for the respective banking group (“general colleges”). In addition, more focused “core colleges” with the key US and UK regulators take place semi-annually. Typically, a US-based meeting focuses on investment banking activities, while a Swiss-based meeting focuses on wealth management activities. These extensive colleges complement bilateral international cooperation. For the two big banks, FINMA also conducts a few joint supervisory reviews annually with UK and US supervisors. This usually takes a form of sending several of its staff members to on-site works by the foreign supervisors, but FINMA also leads supervisory reviews where UK and US supervisors participate in the on-site work. FINMA highly values these exercises, as they promote deeper sharing of views and information among the supervisors, and can send strong and coordinated messages to the banks. FINMASA Art. 42 authorizes FINMA to cooperate with a foreign supervisory authority even in the absence of a specific agreement. If the cooperation involves the exchange of confidential data, FINMA generally requires an ad-hoc declaration from the requesting supervisory authority stipulating that: the information may only be used for the direct supervision of the regulated institutions; the supervisory authority is bound by official or professional confidentiality provisions; and the information may not be published or passed on to other authorities and bodies, including other supervisory or criminal prosecution authorities, without the prior consent of FINMA. FINMA explains that it receives a substantial number of requests each year, and that it is able to provide requested information in most of the cases. FINMA explains strong cooperation with other foreign supervisory authorities was necessitated and took part in international cases where Swiss banks are involved, such as the case regarding LIBOR or a substantial trading loss of a big Swiss bank that took place outside of Switzerland.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	Regarding cooperation with domestic authorities, the legal provisions stipulate that FINMA is authorized to transmit confidential information and documents to another domestic authority if they require the information to fulfill their duties. (FINMASA, Art. 38, BA Art. 23bis, AMLA Art. 29) Swiss legislation (BA Art. 43, Criminal Code Art. 320) provides for professional secrecy obligations, breach of which is subject to criminal law prosecution. Concerning foreign authorities, as described in EC 2, FINMASA Art. 42 expressly requires that in order to share non-public information with another competent foreign authority, the latter must be subject to official or professional secrecy and that the information is to be used exclusively for the direct supervision of foreign institutions. FINMA insists on a declaration by the foreign supervisor that the information will be used as confidential as an integral part of the request for administrative assistance with regard to compliance with the rules of confidentiality. FINMA also demands that the requesting authority grant an explicit warranty that the transmitted information and documents are used exclusively for the direct supervision of foreign institutions and that the transmitted information and documents are passed on to competent authorities or to bodies that are entrusted with supervisory duties that lie in the public interest only on the basis of a general authorization in an international treaty or with FINMA’s prior consent. FINMA notes that experience shows that foreign counterparts respect the confidentiality of information provided by FINMA.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	FINMA treats information from other supervisors as confidential and uses the information only for the direct supervision of the regulated institutions. Members of FINMA BoD and FINMA employees are bound by official secrecy under FINMASA Art. 14, FINMA Employees Act and the FINMA Code of Conduct. This duty applies not only with regard to third parties outside the government but also towards other offices of the federal or cantonal administration. In addition, FINMA must comply with the Data Protection Act that imposes restrictions on the processing of personal data. A violation of official secrecy may lead to administrative disciplinary measures and a prison sentence or a fine under Art. 320 of the Criminal Act. As a result, FINMA may in principle neither disclose confidential information nor transfer such information to third parties. However, FINMA has the competence to decide whether to waive official secrecy, according to a decision of the Swiss Supreme Court. In addition, FINMA is an ordinary member (member A) of the IOSCO MMoU. Under Articles 10 and 11 of the IOSCO MMoU, the principle of confidentiality and the principle of specialty are regarded to be great importance and have to be strictly implemented by each member. In the event that FINMA is legally compelled to disclose confidential information it has received from another supervisor, FINMA will promptly notify the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, FINMA will use all reasonable means to resist such a demand. FINMA may refuse to disclose information that is not publicly accessible or to hand over files to prosecution authorities and other domestic authorities where: (a) the information and the files solely serve the purpose of forming internal opinions; (b) their disclosure or handover would prejudice ongoing proceedings or the fulfillment of its supervisory activity; or (c) it is not compatible with the aims of financial market supervision, or with its purpose. (FINMASA Art. 40) FINMA notes that it has not been requested or ordered to disclose confidential information received from another supervisor.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	FINMA acts as both supervisor and resolution authority. Domestic cooperation among FINMA, SNB and FDF is provided in the framework established by the tripartite MOU. As described in EC 1, this MOU sets up a framework to deal with a crisis that threatens the stability of the Swiss financial system, that includes Steering Committee (SC) and the Committee on Financial Crisis (CFC). SC is in charge of performing strategic coordination of crisis management and any interventions to address the crisis, and will be made up of the Head of FDF who will chair the committee, the Chair of Governing Board of SNB and the Chair of FINMA. CFC consists of CEO of FINMA (chair) Vice Chair of the SNB Governing Board, and the Director of Federal Finance Administration, a unit in FDF. CFC is responsible for coordinating precautionary efforts and for crisis management. Even in non-crisis times, a meeting is held once or twice a year as a rule. In practice, the CFC meeting has been held regularly and frequently in recent years to share information on Swiss financial sector in response to the difficult environment surrounding global financial sectors. BA Art. 37f allows FINMA to coordinate with foreign authorities in case of foreclosure proceedings against a bank involves processes abroad. This Article aims in particular at avoiding creditors to avail themselves of deficient coordination to get overcompensation for their losses.
Assessment of Principle 3	Compliant
Comments
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	BO Art. 2a defines banks as enterprises which are active mainly in the field of finance and in particular those: who accept deposits from the public on a professional basis or solicit these publicly in order to finance in any way, for their own account, an undefined number of unrelated persons or enterprises, with which they do not form an economic unit, or who refinance themselves in substantial amounts from a number of banks which are not significant shareholders and with which they do not form an economic entity in order to provide any form of financing for their own account to an undefined number of unrelated persons or institutions.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	The Swiss banking system is based on the universal banking model and laws or regulation does not clearly define the permissible activities of banks. The banking license, in principle, authorizes exercise of a whole range of possible financial services (such as deposit, credit, asset management, trading, etc.). Non-banking activities are also permitted, provided that the main character of the bank as an institution continues to be mainly active in the field of finance. Unless the institution is not mainly active in the field of finance, it can be licensed as a bank. In supervisory practice, however, the scope of the bank’s operations needs to correspond to its financial capacities, personal resources and organizational structure. The bank must describe precisely its field of business operations with regard to its objectives and geographic terms in articles of incorporation, by-laws and business rules (BO Art. 7 paras. 1 and 3). Articles of incorporation, by-laws and internal regulation of the banks, including there revisions, are subject to FINMA’s formal approval (BA Art. 3 para 3). These documents provide a detailed scope of bank’s operation. Thus, FINMA can restrict and control the scope of bank’s activities. Banks which directly engage in insurance underwriting and selling are prohibited by the Insurance Supervision Act. Moreover, banks’ shareholding of non-financial firms are restricted to not more than 15 percent of their eligible capital and the total amount of such participation to not more than 60 percent. (BA Art. 9 para 4)
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	The term “bank” or “banker”, alone or in combination with other words, may only be used in the company name, designation of the business purpose or advertising, in the case of institutions which have obtained a license from FINMA (BA Art. 1 para 4). A violation to this provision could result in a fine of up to CHF 500,000 (BA Art. 49 para 1). On the contrary, there is no requirement for licensed banks to have the word “bank” in their names.
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.12
Description and findings re EC4	As a rule, only licensed banks are permitted to solicit deposits from the public on professional basis (BA Art. 1 para 2.). Accepting more than 20 deposits on a continuous basis is deemed as soliciting deposits on professional basis (BO Art. 3a para 2). This prohibition extends to all entities including natural persons, except in cases where the Federal Council provides exception where the protection of the depositors is insured. In practice, this is limited to corporate bodies that are established under public law where the state takes full responsibility for their liabilities (BO Art. 3a para 1). Such establishments are regulated and supervised based on individual regulations of public law. They are considered to be as equally stable as common banks licensed by FINMA. However, after the transformation of the postal saving to a licensed bank, there is no significant deposit taking entity outside of licensed banks.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	Lists of licensed banks operating in Switzerland, including branches of foreign banks as well as representative offices, are maintained and published on FINMA’s website in four different languages (German, French, Italian, and English).
Assessment of Principle 4	Compliant
Comments
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)13 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	FINMA is the legally established authority that issues banking licenses (BA Art. 3 para 1). Licenses (new licenses and changes in licensing requirements) are processed by a separate organizational unit (Authorization Department) that, alongside the banking supervisory sections, belongs to the Banks division. FINMA explains that the licensing and supervisory sections work closely together. When issuing licenses and changing licensing requirements, opinions are exchanged that take ongoing supervision into consideration. If there are differences of opinions, the division head will be involved to solve the issue. FINMA recognizes the importance of licensing processes given the country’s financial center function. The interest to establish operations in the country is still high in recent years with 55 preliminary as well as formal applications has been submitted in the last five years. New licenses contain conditions and requirements that must be considered when setting up a company. Initially, the business activities that the bank is allowed to conduct are limited, based on bylaws and other major internal rules authorized by FINMA. Those activities are then allowed to be expanded in a controlled manner, taking financial, personnel and organizational resources of the bank into consideration. As noted in CP 4, even after the initial stage, FINMA controls the scope of banks’ activities through authorization of their bylaws and other major internal rules which are required to state their business lines in a detailed manner. Unless authorized by FINMA, these rules will not be entered in to the commercial register and not become effective. During the first few years, a number of interim audits are conducted. Depending on the case in question, it is also possible to determine certain areas to be audited that require special attention when the bank is being set up.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	BA Art. 3 provides a number of criteria for licensing banks: Clear scopes of business and adequate organizational frameworks corresponding to their business activities; Establishment of separate bodies for management for one and for providing direction, supervision and control; Fully paid up capital that exceed the minimum determined by the Federal Council (CHF 10 million (BO Art. 4 para 2)); Persons for management who are of good reputation and be able to guarantee the proper conduct of business operations; Natural persons or legal entities that has qualified participation to guarantee that their influence will not have a negative impact on the sound and prudent management of banks; and Persons in charge of management to be domiciled in a place where they can exercise effective management and assume responsibilities. These broad provisions provide FINMA considerable room to set the licensing benchmark appropriately on a case-by-case basis, incorporating specific aspects that need to be addressed in order to be issued with a license for a particular case. FINMA further specifies its requirements for licensed banks in ordinances, circulars and FAQs, which apply to not only ongoing banks but also newly licensed banks. FINMA also publishes a guideline that lists documents an applicant need to submit, that includes detailed information regarding persons responsible for management, organizational framework, business plans, and budgets for first three years. Detailed official interpretation of the above criteria is not published or internally defined, but a booklet written by FINMA staff members explaining licensing process are widely used as reference by FINMA staff and the industry. Licensing process is conducted by the authorization department of FINMA. The staff of the department assess adequacy of application and their compliance to the licensing framework. In addition, an external auditor who will not become a regulatory auditor of the bank needs to assess the compliance of the applicant vis-à-vis licensing requirements. If the licensing requirements cannot be met, incomplete information is submitted or FINMA is not convinced about compliance with the licensing requirements for some other reason, the license is refused and the application is rejected. FINMA is authorized to issue formal decrees stating that a license has not been granted. Under the administrative procedural law in Switzerland, appeals can be made against those decrees to the Federal Administrative Court. Generally, however, applicants will usually withdraw their applications when a negative indication is informally communicated. Licenses issued that are based on incorrect information can be revoked under rules set out in the general administrative procedural law, although it has not happened to date. If there are few shortcomings and they can be remedied, less stringent measures can be taken.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	As mentioned in EC 2, the regulatory framework that applies to ongoing banks are also applies to newly established banks. Thus, during the licensing process, FINMA assesses whether the applicant will be able to meet requirements applied in ongoing supervision, in addition to the requirements only applied for licensing. Moreover, after banks are licensed, FINMA continuously monitors if banks are complying the conditions for licensing. This is one of the main issues that regulatory auditors assess.
EC4	The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.14 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	As noted above, BA Art. 3 para 2 stipulates that banks need to establish an adequate organization corresponding to the proposed business activities. Therefore, only structures that can be suitably supervised are permitted in which supervisory requirements can be implemented effectively. Structures that impede supervision, for example, very complex participation structures that are not transparent, are not permitted. The same paragraph requires senior management of a bank domiciled in Switzerland must be resident in the place where they manage and bear responsibility for the bank. This is to ensure that the main management functions of a Swiss bank are in Switzerland, including for globally active banks. In the case of latter, at least the majority of senior management, including those who assume the most important leadership responsibilities, needs to reside in the vicinity in which the bank is domiciled. The same applies at group level: if FINMA is responsible for supervising the group, effective group control should be anchored credibly in Switzerland. Business structures (off-shore/shell entities) without substance are not allowed. If a foreign bank operates from Switzerland or does business only or primarily in or from Switzerland, its organization must comply with Swiss law and is subject to the provisions for Swiss banks. (FBO-FINMA, Art. 1 Para 2)
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	The fit and proper test are applied for qualified shareholders and other persons substantially influencing a bank during the licensing process and banks must comply to the requirement on an ongoing basis (BA Art. 3 para 2 let. c.bis). Qualified participation is defined in the same paragraph of BA as holding directly or indirectly at least 10 percent of the capital or voting rights of a bank or persons who are in any other way able to influence the bank’s business activities in a significant manner. BA requires qualified participants of banks to guarantee that their influence will not have a negative impact on the sound and prudent management of the bank. The authorities explain that, in comparison with directors and managers, the fit and proper requirement for qualified shareholders focuses more on reputational aspects and not on banking experience and technical know-how. These are usually assessed through references and other means, including interviews if necessary. To enforce the fit and proper standard, FINMA is authorized to impose sanctions that include the suspension of voting rights or revocation of the banking license (BA Art. 23 ter), although this rarely happens. This fit and proper requirement also aims at granting a clear and transparent participation structure up to the ultimate beneficial owner. BO Art. 6 para 2 requires legal entities who have qualified participation in an applicant to provide information regarding their group structures; para 4 requires persons holding qualifying participation to declare the participation is for their own account or on a fiduciary basis. In addition, significant shareholders are required to disclose the origin of their wealth and provide evidence of the capacity to inject further capital if needed. Qualified shareholders and banking institutions are under a legal duty to report relevant shareholdings and any changes to FINMA.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	BO Art. 4 para 1 stipulates that fully paid in capital must amount to at least CHF 10 million. In the event that a founding shareholder decides to contribute assets other than cash in exchange for the shares issued by the new company, the value of the assets contributed and the extent of liabilities of the shareholder must be verified by a recognized auditing firm and be confirmed to FINMA before authorization. If an existing corporation is converted to a bank, not only paid in capital but also the entire amount of Core Equity Tier 1 can be counted to constitute the initial capital with permission by FINMA. There is also an exception for banks affiliated with a central organization and guaranteed by it. (Bo Art. 4 paras. 2,3)
EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.15 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	BA Art. 3 para 2 requires that “the persons charged with the administration and management of the bank must be of good reputation and must guarantee the proper conduct of business operations”. Further, FINMA FAQs on Board of directors of banks and securities dealers, which is applicable to both newly established banks as well as ongoing banks, provide further details by stipulating that “the members of the supreme governing body should enjoy a good reputation and have sufficient leadership skills, both individually and as a group, as well as the necessary specialist knowledge and experience in banking and finance” and “the body as a whole should have a sufficiently broad background mainly to ensure that—in addition to the main business operations—all other important areas such as finance and accounting, risk management, controlling and compliance are adequately represented”. Similar provisions also exist for financial groups and financial conglomerates (BA Art. 3f). Further, BO provides that all members of the board and management must enjoy an excellent reputation and give proof of no previous convictions and that they are expected to disclose all the details of any completed or pending legal and administrative proceedings (Art. 6 para 1). As mentioned above, the FAQ explains that the bank’s board members need to understand the corporate structures and risks of the institution’s individual business areas and those of the company or group as a whole. In practice, assessors were informed that if the potential candidates are often already known to FINMA or their CVs show conclusive evidence of relevant professional experiences and absence of indications of irregularities, the assessment is done on the basis of the standard documents mentioned in BO Art. 6, i.e., information on their nationality, residency, qualified participations in other companies, and any pending legal or administrative proceedings, as well as signed CVs, references and extracts from the Central Penal Register. In less obvious cases, FINMA applies many other methods to evaluate evidence and conduct further background checks. Additional information can be obtained for example via investigations of the professional or private environment of the person, inquires with other authorities or foreign embassies, investigations using on-line tools (e.g., World Check, Factiva, Google, IOSCO-Portal), assessment of transparency over the due diligence process regarding and behavior in the authorization procedure, and disclosures on remuneration and source of the person’s private wealth. Moreover, candidates for major positions of the Board and management (regularly the Chair, the CEO and other key positions) are personally interviewed by FINMA. Credible references are an important part of the process. In case doubts remained and a negative decision is made regarding a particular candidate, it will be communicated to the applicant. Unless the disputed candidate is not replaced, the license application will be rejected. FINMA explains that this happens from time to time.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.16
Description and findings re EC8	FINMA states that the proposed business strategy and business plan are the key elements that are examined when approving license applications; for example, they are decisive factors in determining adequacy of banks’ internal organizational regulations as the bank’s operational structures must be balanced proportionally with the planned business activities. The guidelines for licensing application requires applicants to submit a comprehensive set of documents regarding strategic and operation plans including: Detailed description of the business activities and the corresponding processes; Articles of Incorporation, partnership agreements and regulations, which are tailored to the business activities; Organization of the applicant; Additional information on the organization, such as staffing, infrastructure and information system, outsourcing, internal control and risk management, separation of functions, compliance and due diligence, internal audit; Business plan for the first three financial years (business development, the clientele, the staff and the organization, etc.); and Financial statements for the first three financial years (balance sheets, income statements). According to the authorities, during the licensing process, the following aspects are analyzed separately in detail according to granular requirements prescribed in FINMA circulars and FAQs for both on-going banks as well as applicants: A balanced management structure with two management levels – the Board and management. The independence of Board as well as an adequate composition of the Board that reflects operation of the banks is required. (BA Art. 3 para 2, BO Art. 8, FINMA FAQs on Board of directors and securities dealers). An adequate internal organization, particularly regarding separation of functions, an effective, internal control system, incl. risk management and compliance (BA Art. 3 para 2, BO Art. 9, FINMA Circular 08/24). Effective measures to comply with due diligence obligations and combating money laundering and terrorist financing (AMLA, AMLO-FINMA). Compliance with provisions on proper outsourcing (FINMA Circular 08/7).
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	As noted above, an applicant submits business plan and financial statements for the first three business years (including balance sheets, income statements and capital planning). This includes results assuming different scenarios. The above mentioned guidelines also require assessment reports on business plans and budgets by an external auditor; the auditor is expected to examine the prospective financial information closely and to judge its plausibility. FINMA accepts banks to be unprofitable during their initial stages as long their business plans are sound in the medium-term. If FINMA judges the business plan is too vague or there is any doubt about how it can be realized, the license application will be rejected. The principal shareholders and other important parties must be able to prove to FINMA that they are capable financially of supplying the bank with more fresh capital if necessary and that they can answer for the sustainable development of the company.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	The home regulator is asked for a statement of no objection in the case of foreign banks establishing a branch or subsidiary (for branches, FBO-FINMA Art. 4; for subsidiaries FBO-FINMA Art. 3bis para 1bis). In the case of branches or subsidiaries of a foreign financial group, the lead home regulator is asked for a statement about adequate supervision at a consolidated basis (for branches, FBO-FINMA Art. 4 para 2; for subsidiaries, BA Art. 3b). FINMA also assesses by itself the adequacy of consolidated supervision by the home supervisor through variety of information, including FSAP reports.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	As explained above, initially and during the set-up phase of a bank, FINMA takes various measures; as a rule, the license is at first linked to different requirements and conditions to ensure that the bank can conduct its business in an orderly manner and that its organization functions well. Moreover, the scope of the bank’s business activities during the initial set-up phase will be limited. Once financial and organizational resources permit, the areas in which the bank conducts business can be gradually extended in order to ensure a controlled growth. This is controlled through authorization of banks’ bylaws and business rules. The newly authorized institution is subject to immediate, ongoing supervision. During the set-up phase, various interim audits by external auditors are requested with designated special areas to be audited.
Assessment of Principle 5	Compliant
Comments	The discussion with the staff in charge of licensing as well as review of typical licensing files shows a robust process is in place in assessing various licensing requirements, including the fit and proper test for members of the Board and senior management and other aspects referred to in this principle.
Principle 6	Transfer of significant ownership. The supervisor17 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”.
Description and findings re EC1	BA Art. 3 para 2 defines “qualified participation” as direct or indirect holding of at least 10 percent of a bank’s capital or voting rights or having ability to influence the bank’s business activities in a significant manner in any other way. While there is no regulation or guidance that provides more detailed interpretation of the latter, the authorities explain this is applied flexibly to intercept other de facto and de jure influential elements. Examples include the case of parties that have beneficial ownership or have close ties that can exercise their influence based on a shareholders’ agreement or mutual informal arrangements. FINMA explains that consideration is also taken of particularly significant financial or personal dependency relationships such as having additional top management positions or large-scale business dependencies. Even a relatively small amount of shares combined with option elements (e.g., call option to increase to above 10 percent) may be considered as qualified participation ‘by other means’.
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	BA Art. 3 paras. 5 and 6 prescribes that FINMA is to be informed in advance about any changes in qualified participation, regardless at which level. This reporting requirement concerns buyers and sellers, as well as the bank. Ultimate beneficial owner (UBO) is regarded as indirect qualified participation and is also subject to this reporting requirement. The transaction can only be carried out once FINMA has approved the notification. This notification requirement is also necessary when a qualified participation is increased or reduced thereby exceeding or falling below the thresholds of 20 percent, 33 percent, or 50 percent of the capital or the voting rights. As mentioned above, the definition of qualified participation includes direct and indirect holding of shares or voting rights, thus including ultimate beneficial owners (UBOs), as well as having ability to influence the bank’s business activities in a significant manner. In order to determine UBO, persons having qualified participation in banks must inform FINMA if participation has been acquired for their own account or on behalf of third parties, and if the participation is linked to options or similar rights. (BO Art. 6 para 3). However, as mentioned in EC2, what should constitute “having ability to influence the bank’s business activities in a significant manner” is not publicly defined in any detail. Other jurisdictions often have at least some further criteria specified as to what has to be considered in determining influence. If a foreign-owned bank experiences a change in foreigners with qualified participation or if a bank undergoes foreign ownership, it is necessary to apply for an additional license (BA Art. 3 paras. 5 and 6 and Art. 3ter).
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	FINMA understands that it has power to prohibit intended changes in participation about which it has been notified that do not meet the requirements set down in laws and regulations. Changes made with incorrect information provided to FINMA can be revoked. Depending on the case, if there are only few shortcomings and they can be remedied, less stringent measures can be taken. In order to restore lawful conditions, FINMA can adopt appropriate measures in cases where changes in participation have already been made (FINMASA Art. 31). Licenses and other authorization made can be revoked in particularly serious cases (Art. 37 FINMASA); furthermore, it is possible to suspend shareholders’ voting rights (see Art. 23ter BA). Revoking licenses and the other measures described are implemented by way of enforcement proceedings. See CP 11 for details of these enforcement proceedings. In practice, no transfer of significant ownership have been denied in the past five years, but a few application have been withdrawn as FINMA communicated that there is no prospect of them to be approved.
EC4	The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	Banks must report all direct and indirect qualified participations as soon as they have knowledge thereof, at least however once a year and within 60 days following the end of the financial year (BA Art. 3 para 6). The list should include details as to the identity and the share of equity of holders of qualified participation, and necessary documents for those parties in case where the documents have not been submitted before (BO Art. 6a). This includes identities of beneficial owners if parties having direct participation declare if the participation is not for their own account.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	FINMA has the power to address holding of qualified participation that has taken place without the necessary notification to it, including modifying or reversing it. Please refer to EC3 above.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	FINMASA Art. 29 para 2 requires supervised banks to report immediately and without being asked any incidents that are of substantial importance to supervision. FINMA explains that this includes important information about qualified shareholders who may influence the bank’s reputation or its sound business activities negatively and this understanding is shared with banks.
Assessment of principle 6	Largely Compliant
Comments	The above grade reflects lack of detailed guidance on who are included in the qualified participation as having ability to influence the bank’s business activities in a significant manner. The current regulatory framework relies on banks to report changes in the qualified participation; it is important to establish a shared understanding on the definition of it. Licensing staff indicated that they and banks apply the generally-worded criteria in practice in ways that have not caused problems to date. The assessors understand the need for flexibility in defining the qualified participation, and thus believe the detailed guidance or interpretation should not be an exhaustive list; instead, it should include general qualitative criteria or further (non exhaustive) items that are included on which to assess the ability to influence the bank’s business activities in a significant manner and several concrete examples.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	Switzerland has three different restriction/requirements on specific types of acquisitions and investment. First, BO Art. 3 para 7 stipulates that banks organized pursuant to Swiss law shall notify FINMA before they establish a subsidiary, branch, agency, or representative office abroad. This provision is understood to include acquisition of participating interests in foreign companies active in the financial sector (Guidelines on preliminary reporting requirements for establishing physical presence abroad). Also, as explained in CP 6, this notification is understood to require FINMA’s approval and FINMA can reject it. According to the Guidelines, financial groups subject to FINMA group supervision are also required to report the acquisition of participating interests by entities shown within the scope of consolidation. BA Art. 6b provides information to be submitted for this notification to be as follows: A business plan which, in particular, describes the type of planned transactions and the organizational structure; The address of the business offices abroad; The names of the persons responsible for administration and management; The audit company; and The supervisory authorities of the host country. FINMA explains that this information serves to ensure that reporting banks are organized properly, have sufficient financial means, and establish solid risk management. FINMA also examines if the country where the bank plans to establish presence has laws or regulations prohibiting information flows necessary for adequate consolidated supervision and takes into consideration the effectiveness of supervision in the host country, and FINMA’s own ability to exercise supervision on a consolidated basis. In addition, the information is used for FINMA to respond to any applications or inquiries made by the host supervisor. Based on information provided in these reports as well as existing information on the bank, FINMA decides either to accept or reject the bank’s planned international activities or changes. Second, the business strategy and organization of a bank is defined in its strategy (business plan), its articles of incorporation and in its main organization and business rules as called for by BO Art. 3 para 2. Also, BA Art. 7 stipulates that the nature and geographic scope of the bank’s business activities must be accurately described in its articles of incorporation, its shareholder agreements, or its bylaws. Thus, it is understood that significant acquisitions and investments that require these rules to be changed (in particular the articles of incorporation and organization and business rules including specific delegations of competences) are subject to FINMA’s approval. Such changes may not be entered in the Commercial Register unless they have been approved by FINMA (BA Art. 3 para 3). The discussion with relevant staff members of FINMA showed this process is conducted rigorously. However, acquisitions and investments that do not need these rules to be changed, such as expansion of current business lines, may not require change in those rules thus out of the scope of FINMA’s approval. Laws and regulations do not provide detailed guidance. Third, investments in any company by a bank or by a company belonging to the same group may not exceed 15 percent of the net own funds of the bank or of the consolidated group to which the bank belongs. Additionally, the total of financial fixed assets of a nonaffiliated company acquired for the purpose of investment may not exceed 60 percent of the net own funds of the bank or the consolidated group. (BA Art. 4 para 4) The Capital Adequacy Ordinance (CAO) provides exceptions to the limits mentioned above where such investments are acquired for restructuring purposes or for the purpose of temporary emission, or the difference between the carrying value of these investments and the limits applicable is fully covered by eligible capital (CAO Art. 13). In addition, the BA Art. 4 bis prescribes that a bank’s participation in any single company must be proportionate the bank’s eligible capital (Art. 4bis BA; Art. 13 of the CAO).
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	In case of foreign operations, the Guidelines on preliminary reporting requirements for establishing physical presence abroad sets out that the reporting requirements are to ensure that banks intending to expand their business activities by establishing a physical presence abroad are organized properly and have sufficient financial means to do so. No further details are provided in the regulatory framework. In case of acquisitions and investments that require changes in banks’ articles of incorporation and in its main organization and business rules, it is understood that banks need to comply requirements set out in laws and regulations that are applicable to general operation of banks, including those on organizations, internal control and risk management. Moreover, BO Art. 7 Para 3 stipulates that the scope of the bank’s operations must be commensurate with its financial resources and its administrative organization.
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.18 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	See EC 2. For acquisitions and investments that establish foreign financial operations, adequacy of its operation, including solid risk management, is required. Thus, it is expected that if establishing foreign operations may expose banks to undue risks or hinder effective supervision as well as implementation of corrective actions, FINMA will not approve, including a cases where laws and regulations of a jurisdiction inhibits effective consolidated supervision. Adequacy of effectiveness of supervision in the host country is also assessed. To ensure this, a comprehensive and detailed set of information is required to be provided to FINMA as set out in the Guidelines, including: Details of the legal structure (subsidiaries, branch offices, representative offices) and its share-holding structure. The shareholding structure and information on other participating shareholders are to be indicated in case participating interest is acquired in existing companies. Details of the type of business planned: outline of the business activities foreseen (business-model and plan), client target group, internal organization, especially in relation to risk management and local compliance. For parent companies, details of the existing reporting line, supervision of activities, risk management and compliance are to be included. Details of the structure of the executive management (board of directors) and of management (senior management). Information on any other functions exercised by the persons named at other group entities is to be indicated. Details of the assigned audit firm. Details of the local financial supervisory authority and of the approval granted for the foreseen business activities. Any information on possible restrictions imposed by the local financial supervisory authority and on the possibility of using the licenses granted outside Switzerland, e.g., European banking passport, is to be mentioned. Also, the Guidelines require banks to submit external auditor’s reports that indicate if the risk analysis of expanding business activities abroad is adequate and if these risks were considered in the institution’s global risk management. In case of acquisitions and investments that require changes in bank’s articles of incorporation and in its main organization and business rules, while general requirements for banking operations apply, no detailed requirements for information submission comparable to those for establishing foreign operations are provided.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.
Description and findings re EC4	See EC 2. BO Art. 7 Para 3 stipulates that the scope of the bank’s operations must be commensurate with its financial resources and its administrative organization. Thus, for foreign operations and acquisitions and investments that require changes in bank’s articles of incorporation and in its main organization and business rules, existence of adequate financial, managerial and organizational resources are assessed by FINMA.
EC5	The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.
Description and findings re EC5	Generally, Swiss banking law imposes no specific structural conditions or restrictions on bank investments in non-financial activities. However, as described in EC 1 and 2, if the acquisitions and investments are significant enough to require changes in bank’s articles of incorporation and in its main organization and business rules, FINMA will assess adequacy of management and control (BA Art. 3 para 2). However, there is no specific provision that focuses on risks arising from non-banking activities.
Assessment of Principle 7	Compliant
Comments
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: which banks or banking groups are exposed to, including risks posed by entities in the wider group; and which banks or banking groups present to the safety and soundness of the banking system The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	FIINMA classifies all banks according to their relative size and complexity (categories 1–5). The two biggest banks which are globally systemically important are in Category 1, the three next largest are in Category 2. Category 3 contains some 30 banks (most of the cantonal banks) with some 70 banks in Category 4 and the rest, some 160 banks and 50 securities firms in Category 5. Assessors judge that a number of banks in Category 2 and 3 are systemically important in terms of the national market. Categorization is an important driver of FINMAs supervisory methodology and effort. Recently, for example, FINMA has decided to significantly reduce effort on Category 5 banks as they judge failures in this category would not be systemically important (median assets CHF250m). This strategy is understandable, though assessors did not review in detail the supervisory effort with respect to these banks. FINMA supervisory methodology is based on a combination of: annual formalized regulatory review/audit by external auditors hired and paid by banks, specific FINMA-mandated reviews by third parties and supervisory reviews conducted by FINMA itself (offsite and a limited number of on-site). FINMA has accredited 7 audit firms and some 150 lead auditors (who work with their auditing staff) to perform the regulatory audit of banks. Only the lead auditor has to be accredited. FINMA itself assigns a key account manager (KAM) or lead supervisor for each of the banks in categories 1 and 2 and has approximately 24 KAMs each with a portfolio of institutions in categories 3-5. As part of the regulatory audit performed by the external audit firm on every bank, a risk assessment has to be performed and agreed with FINMA, based on which the review/audit strategy is defined. This drives the specific areas and depth of regulatory audit work, subject to minimum standards for frequency and depth of work (review depth versus audit depth), which is set by FINMA. These standards apply to FINMA-specified areas for regulatory review. The minimum standards have more frequent audit-depth assessment if the bank is a G-SIB in Category 1, or in relation to the risk profile of other institutions. There is guidance given by FINMA with respect to the content and process for such a risk assessment. The risk assessment is based on an assessment of inherent risk (high/medium/low) in various aspects of the bank, an assessment of the quality of controls (H/M/L) and a net risk rating. There are no criteria for determining inherent risk ratings provided by FINMA. Inherent risks are assessed for various audit areas. For controls, ‘high’ risk is when no audit work has been done recently, it is not clear about whether controls exist or the auditor considers the controls ineffective. ‘Moderate’ control risk is when work has been done but the audit firm cannot determine if controls are effective, and ‘low’ control risk is when recent audit work has allowed the firm to conclude that controls are ‘appropriate and effective’. There is no formal process within FINMA to vet consistency of these risk assessments across institutions or groups of institutions in advance of regulatory audit work starting. FINMA and auditors are aware that the mindset needed for a regulatory or supervisory review is different than for a financial statement audit, which is more backward looking. The audit rating by FINMA and audit firms that drives the regulatory audit is designed to be forward looking and forward looking thinking explicitly asked of auditors in the audit circular. Starting this year auditors for the two large banks are required to rate the top ten risks, a process which FINMA and auditors both report as useful. Auditors are required in the circular to make their risk assessment comprehensive, and to add granularity to the formal rating assessment tables as necessary to accurately rate the bank. Required separation of the lead partner for the regulatory audit from the partner for the financial audit (for category 1 and 2 banks) is also designed to promote development of auditors with the desired regulatory mindset. The FINMA methodology controls the interaction of the audit firm with the bank with respect to its risk analysis. Risk assessments are not to be formally shared with firms until they are final and agreed with FINMA. Auditors are of course aware of the banks own risk assessment as well as the risk assessment of Internal audit. Some indicated that they do discuss certain aspects of risks and controls with the bank. Depending on the risk assessment, alterations are made in the standard audit work procedure in terms of focus and depth. Risk assessments can also lead to specific additional reviews by the audit form or by FINMA. Assessors reviewed the rating methodology and discussed these at length with FINMA and with regulatory audit firms. They also saw examples of the new methodology in practice in review of a selection of supervisory files. For a major bank, the methodology leads to one risk assessment for various risk types institution wide—i.e., one risk assessment for each of the major banks credit risk and one for each bank’s overall market risk. Different audit firms have different approaches to risk analysis, some driven by what they see as deficiencies in the FINMA-mandated approach. Some are using a wider and more granular definition of risks coming from their own audit acceptance and continuance risk methodologies, and then fitting the results into FINMAs templates. Others recognize that their high level inherent risk rating for particular risks is not particularly useful. In some cases (e.g., credit risk or market risk) the inherent risk assessment seems to be designed to assess risks in models or capital calculations, rather than risk in the underlying books. Control risk can be rated inconsistently to the resulting audit plan. For example certain examples assessors saw had overall credit or market risk controls rated high risk, apparently referring to control risk around models and related inputs—a potentially serious rating given the definitions. Some have an explicit forward-looking component in their own rating system (e.g., asking themselves if a risk is increasing or decreasing). Others do not. It is clear that risk analysis is not done consistently. In some cases the breakdown of the bank activities for the inherent risk ratings can be driven by the basic scope of the regulatory audit which is based on assessment of adherence to licensing conditions and other rules, and may not cover important risks. For example, for credit risk, banks activities are not broken down by type/geography of exposures as would normally be expected in these inherent risk ratings. Rather, the credit risk rating for certain IRB banks focuses on the risks of the IRB qualifying conditions and methodology not being met. Risks in underlying credit activities in different businesses and geographies can be described separately but not rated or with unclear link to the overall rating or supervisory effort. FINMA is planning to require banks to divide their inherent risk rating for credit risk into more granular categories, and the consultation was about to start at the time of the mission. Quality control systems in audit firms may not pick up important differences in interpretation of what constitutes high or medium or low inherent risk, which is left to individual partner judgment. In addition, FINMA has a camels-based supervisory rating with 9 rating grades. The rating is based on filters and thresholds applied to regulatory data, key flags if any triggered from the audit firm’s work (e.g., are there important formal audit opinion qualifications or not?), overlaid with supervisory judgment. For liquidity for all but the largest two banks, the metrics are based on outdated tests, even though trial LCR data is available (see CP24). Operational risk is not explicitly part of the rating framework (see CP25). Major internal control deficiencies would affect the regulatory audit result and feed into the supervisory rating and supervisory work. There is no explicit link between the annual risk assessment at the start of the supervisory work and the Camels-based rating. The 9-fold categorization is collapsed down to three grades—green, yellow and red which are reported to the institution. Green receives regular supervision in the next cycle, yellow receives increased supervision, and red is intensive. There are no explicit criteria for what constitutes a green as opposed to a yellow or a red. The camels rating is updated quarterly for banks in Category 1–3, quarterly for Category 4 banks with yellow or red grades and at the end of the annual cycle for banks in Category 4 with green grades and for all banks in Category 5. The FINMA-wide quality control process around these ratings is anchored in major annual ratings review meetings attended by the KAM, specialists, and senior management for the banks division. While there is no formal link between the rating system and sector wide risk, systemic trends and analysis by FINMA or SNB can factor into a judgmental overlay and thus into supervisory work. (Currently there is heightened interest about mortgage financing for example.) The camels-based ratings are driven in a major way by the data-driven analysis which is less likely to be forward looking. Assessors examined data on overrides to the system-generated ratings. The number of overrides is extensive and the number of grades that a rating changes is often 2 or more. Overall some 60 percent of banks are in green ratings, down from some 80 percent in 2008, with approximately 20 percent of banks in amber rating. The assignment of banks to category based on size and complexity understandably does not change often. Camels- based rating changes from year to year are infrequent for category 1 and 2 banks. Changes are more frequent for category 3 with some 25–35 percent of ratings changing annually, and higher percentage of changes in category 4 and 5. The degree of change is higher than one might expect in a camels based rating system. It could be due to the new system transitioning in, or to imprecision in the rating process, or to a combination of factors. Resolvability does not formally factor into the rating system but complexity is clearly a factor in splitting banks into categories, which affects supervisory planning. To date resolution and recovery planning has been started for the two large banks.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	Regulatory risk assessments done by auditors and agreed with FINMA are described in EC1. Standard operating procedures determine the minimum frequency and depth of supervisory work based on the various ratings and supervisory judgment as described in EC1. Assessors reviewed supervisory planning with auditors and FINMA, and reviewed planning of FINMA-lead reviews. They also discussed these matters with banks. As noted in EC1 there are a number of elements that likely make the risk profiles less forward looking than FINMA desires. In addition to the regular risk assessment described in EC1, banks are obliged to perform an annual capital planning based on a forward-looking risk profile. Capital plans are reviewed either by FINMA (banks category 1 and selected banks in categories 2 and 3) or assessed as part of the annual regulatory audit process performed by the external audit firm. Issues from these exercises can also trigger additional supervisory work. As well extensive supervisory work can be triggered by assessments of whether remedial action plans mandated by FINMA have been effectively put in place, or by assessments mandated by FINMA as to whether control issues that have materialized at one institution are being adequately handled by other banks.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	The monitoring of compliance with prudential regulations and guidance and other legal requirements is performed by the external auditor as part of the annual regulatory audit. Assessors reviewed methodology, saw examples of results, and discussed this with FINMA staff and external auditors. As noted in various other CPs, FINMA guidance in certain risk management and control areas is at a very high level. As well, audit methodologies often require auditors to express a very high level judgment on these matters (are they “adequate”) with little or no formal guidance on what is to be considered in making the assessment. (There is FINMA work in progress on this matter.) Auditors are asked to express two kinds of opinions with respect to these matters. In areas where they have done a “review” level work they are examining the design effectiveness of controls and express opinions as to whether anything that came to their attention suggested that the controls were not adequate (negative assurance). In areas where they do “audit” level work they are testing operational effectiveness of controls and express a positive opinion—“controls are adequate…” The standards for what level of seriousness amounts to a qualification to an opinion are not clear, except when there is a breach of regulation which must lead to a qualification. Some auditors that assessors met indicated they had adopted additional methodologies to bring additional rigor to this process, such as specifying how to categorize the seriousness of findings. Others had not, and relied on professional judgment and second partner review, which they indicated could vary considerably across partners. Noteworthy observation must be reported to FINMA who has to evaluate the seriousness of the problem. FINMA staff and auditors confirmed that there are from time to time active discussion between auditors, banks and FINMA on these conclusions and opinions. Some whom assessors talked to described these as amounting occasionally to “negotiations”. Regulatory audit opinions are not published but are provided to banks as well as FINMA. There are no explicit rules prohibiting disclosure of supervisory opinions by audit firms in their regulatory reports (as would normally occur for supervisory findings in other jurisdictions). Discussion with auditors revealed that this had rarely if ever been an issue and that qualifications or reservations would have to be very serious for them to trigger the bank having to consider disclosure under general securities law principles.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	FINMA has established a structured process and semi-annual internal report that informs about the major macroeconomic, capital markets and structural risks (“Risikobarometer”). As part of this report, potential implications for supervised entities broadly (banks, insurances, markets) are considered. This can affect supervisory work. For example, starting in 2010 FINMA and SNB identified heightened level of concern about mortgage exposures in Switzerland and that triggered further extensive supervisory reporting, analysis of exposures and risks by region and also triggered additional cross-system supervisory work on some 20 banks. A regular monitoring report on this system-wide issue is also in place.
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	FINMA holds regular meetings with the Swiss National Bank, where one standing item is the discussion about the current situation of financial markets. As a consequence, decisions may be taken to assess specific topics more in-depth. For example, in 2012 it was decided to perform an assessment of the vulnerability of the Swiss banking sector towards a potential Eurozone crisis. This can lead to supervisory action. Further, once significant trends or emerging risks are identified, supervisors communicate on a regular basis with their supervised banks and, if needed, specific measures are defined to monitor the situation (e.g., weekly ad-hoc reports, etc.).
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	Resolution and recovery planning is in place for the two large banks. FINMA can grant relief to the progressive capital component requirements provided there is a high probability that the systemically important bank will improve its resolvability in and as well as outside Switzerland. No such relief has been decided in practice as yet. FINMA and banks are in active discussion of various aspects of their operations that would improve resolvability. While FINMA has no explicit legislative authority to impose changes in structure it can use other tools as necessary to induce changes, such as withholding approvals or changing the scope of consolidation.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The supervisor or Key Account Manager (KAM) follows the risk-based approach based on the established Standard Operating Procedures (SOP). As mentioned above, the supervisory category and the assigned rating determine the levels of required supervision. Under these procedures should the camels rating be downgraded to a pre-determined level (8 in the 1–9 rating category), the bank will be supervised by a separate team specialized in intensive supervision – TIS. The task of the TIS is to investigate the causes of problems and oversee crisis management. The primary objective in all cases is to put a swift end to the crisis in order to prevent loss or damage and minimize the use of resources. Assessors reviewed the actual experience of this group, which is extensive. Crises can be ended in a number of ways: at some institutions, the introduction and monitoring of corrective measures will suffice; in other cases, the correct response may well be for the institution to exit the supervised sector. Elsewhere, the investigation may reveal that compulsory measures under supervisory law are the only way to resolve the situation. In this case, the TIS will present the results of its investigations in such a way that enforcement proceedings can be conducted. The TIS will deploy the means of direct supervision: it will carry out on-site investigations, and identify and interact with all relevant parties including owners and shareholders.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	When an institution is performing activities outside the regulatory perimeter, FINMA will intervene and generally close the relevant entity. The same applies to non-licensed entities that present themselves as banks without actually carrying out bank like activities. Where a licensed institution carries out business outside the scope of its license FINMA imposes requirements to bring activities in line with that authorized. This has occurred and assessors reviewed examples of the framework working in practice.
Assessment of Principle 8	Largely Compliant
Comments	FINMAs supervisory approach using regulatory auditors can work, but the improvements already made need more time to be embedded and additional improvements to augment FINMA on-site reviews, improve guidance to auditors to improve risk assessments and ensure consistency in ratings and supervisory work, and have more in depth theme reviews of control functions, are required to achieve the necessary effectiveness for both larger and smaller and mid-size banks. The five-fold categorization of banks according to their size and complexity is a reasonable method to link broad supervisory effort to high-level risks. It is unclear however if the broad switch of institutions from balance sheet intensive activities to more wealth management activities (and the consequent increase in operational and reputation risk) has been reflected in supervisory strategies or resources in a proactive way. The risk-based approach for bank supervision has been revised and enhanced after the 2007 banking crisis in an appropriate direction. Methodologies were enhanced, monitoring was increased, additional challenge of external auditors’ contribution to the supervisory approach was instituted, direct FINMA lead or commissioned supervisory reviews were instituted and more forward-looking and system-wide risk assessment elements were added. The intensity of supervision and contact with certain institutions has increased. Progress in implementing these improvements in a short time period is impressive and assessors believe that the basic direction is the correct one. There is no reason why the fundamental supervisory approach cannot deliver the necessary results if it is operated effectively. Use of auditors gives a system-wide annual review that is not present in other approaches. It also allows auditors to benchmark across institutions in other jurisdictions that they audit and to bring their global risk capability to bear. Supervisors generally showed a good understanding of risks in their institutions. There is extensive senior level experienced judgment and oversight of the risk assessment and supervisory process within the Banks division of FINMA. However, several elements mean it is not as it needs to be given the importance of major Swiss institutions globally and in the Swiss marketplace. Lack of granularity in risk assessments for major institutions means that important risks could not be sufficiently highlighted. Forward looking elements need to be formalized. The lack of criteria for various ratings, the inadequate granularity of assessing inherent risks, and the uncertainty surrounding what auditors’ assessment of various controls means in practice, reduce the robustness of the approach and mean it is heavily reliant on expert judgment which is not sufficiently consistent or well documented. Using separate audit firms means that comparisons across institutions in Switzerland that are similar but audited by different auditors is not possible with reliability, unless FINMA puts in place a process. Processes within FINMA to assess and adjust auditor’s risk assessments across groups of institutions should be strengthened. These issues could lead to material misallocation of supervisory effort and missing the opportunity to challenge supervisors on risk assessments and to identify material control or risk management deficiencies, before they have large consequences. Some improvements to address these issues have been identified by FINMA but are not yet implemented, including update of Circular 08/24 re qualitative risk management standards and related auditor instructions. Certain additional improvements are necessary including: providing more guidance for rating criteria; ensuring inherent risk assessments reflect actual business risk; requiring more granularity in risk assessments for larger institutions; enhancing methodology to emphasize forward looking elements such as requiring explicit consideration of whether risks are increasing, stable or decreasing; and instituting more cross-institution analysis by FINMA staff of the risk assessments and what they imply for supervisory effort and focus.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of on-site19 and off-site20 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.
Description and findings re EC1	FINMA employs a mix of the on-site and off-site supervisory tools. These were enhanced starting in 2010 including promulgating a new audit circular at the end of 2012 on FINMAs enhanced expectations. This new circular was in effect for risk assessments done in early in 2013 and 2013 audits. On-site examinations are mainly performed by the recognized audit firms. As part of FINMA’s supervisory approach, audit firms are in charge of performing a comprehensive prudential audit, following general instructions given by FINMA. FINMA refers to these auditors as “FINMA’s extended arm”. FINMA has employed this approach because of the fundamental nature of its banking system, which is large relative to the country and has several institutions with complex global reach. FINMA believes that only by levering its resources through regulatory audits conducted by audit firms can it adequately have access to resources necessary to perform its supervisory mandate. It also notes that its approach provides an annual supervisory review across every supervised institution. FINMA also conducts certain on-site supervisory reviews itself, or by hiring and paying its own third party reviewers. Off-site supervision mainly relies on the examination of reports provided by the banks, the external auditors (delivery of ‘long form’ regulatory audit reports) and also results from other activities such as meetings with the banks’ management, attending supervisory colleges and/or discussions with other supervisory authorities. Assessors discussed these activities with FINMA staff and saw examples of the reports generated by this process. There is also clear evidence that these off-site activities influence supervision and actions vis-à-vis individual banks. On-site supervision is through regulatory audits performed by audit firms chosen by the banks (from the FINMA approved list of seven audit firms and some 150 accredited regulatory auditors who work with audit staff), and paid directly by the bank, not by FINMA. The regulatory audit is in practice done by the same firm as the financial audit (separate lead partner for the two largest banks and for the three banks in category 2). The regulatory audit is lead from Switzerland and can involve audit firm resources in other global financial centers and locations, as necessary, depending on the individual audit firm approach. FINMA is aware of the independence, mindset and expertise issues (and issues of who is the client) that this arrangement gives rise to. Regulatory assessments are fundamentally different than financial audits. FINMA has instituted various compensating measures. There are standard procedures that specify minimum periodicity and depth of work. To remain certified auditors have to perform a minimum number of hours of relevant work. FINMA off site supervisory staff challenge risk assessments and audit strategies and findings based on their knowledge of the bank. The findings of FINMA reviews can demonstrate inadequate work in the same areas by audit firms and puts pressure on them to perform. FINMA can de-certify individual partners or senior staff of audit firms from being eligible to do regulatory audits. This has occurred. FINMA also performs ex-post quality assurance on audit firms doing regulatory audits, much in the same way as the Swiss audit oversight body assesses audit firms financial audits. Annually, there is an inspection of each of the major audit firms with examination of one of their files including their working papers, and other audit firms are on a 2-3 year inspection cycle. This involves selecting and reviewing approximately 5 regulatory files a year (one each from the larger audit firms and a selection of smaller audit firms). Staff doing inspections report that issues of adequate professional skepticism do arise. This can lead to de-certifying certain persons of audit firms as noted above. The essence of the mandate of the audit firm is to confirm (or not) compliance of the bank with regulatory requirements (laws, ordinances, circulars). This culminates in an overall opinion whether the bank is meeting its licensing conditions. In audit reports it is rare to have an overall qualification but there can be 2-5 qualifications in specific areas for a large number of banks. Audit firms are to provide formal opinions on these matters (either positive or negative assurance) depending on the scope, depth and nature of the work performed. This means that the regulatory audit scope and opinions is dependent on the nature and completeness and specificity of the guidance it is auditing against. That also can have a material impact on the meaning of various conclusions. As FINMA guidance lacks specificity in qualitative criteria (see CP 15, 17, 19 and 24 for example), the nature of audit work and opinions in these areas can be difficult to assess. There is a standard annual audit report formulation and instructions from FINMA on what it is to cover. Often FINMA is asking auditors to express an opinion (pass/fail) on whether a particular process is ‘appropriate’ or whether resources in a control function are ‘adequate’. This comes from the generally-worded requirements in banking legislation or ordinances, compliance with which is the fundamental purpose of the regulatory audit. Audit firms have developed methodologies. FINMA does not approve these audit programs, but may approve the detailed scope for FINMA-mandated additional audits. FINMA has started sending a letter to audit firms at the beginning of the cycle on areas it wants emphasized. There is no guidance on what constitutes findings of various degrees of significance. Certain audit firms have determined that themselves. The assessment culminates in a long form report that is relayed to FINMA and the bank four months after the year-end. Audit reports and reporting cycles are not modular with continuous reporting on work done throughout the year. Timing of reporting on specific additional work mandated by FINMA could be dependent on the engagement. Assessors discussed the methodologies with FINMA, with representatives of larger and medium-size audit firms and with FINMAs audit inspection department. They also reviewed a sample of audit reports, though the changes for 2013 audits are not observable at the time of the mission. Discussions revealed material differences in what standards auditors are auditing to, and what constituted findings of various degrees of seriousness. Some firms indicated that certain of these aspects could vary partner to partner. In a number of cases because of lack of criteria, the audit opinion as to what is adequate depends to a very large degree on individual auditors’ professional judgment. The nature and seriousness of issues can be difficult to determine from the reports, which contain a large amount of factual information on the bank. Understanding is therefore driven by the quality and depth of discussion between the auditor and the FINMA key account manager (KAM). Auditors and banks report that there can be intense three-way discussion between auditors, banks and FINMA on the seriousness of particular issues. It also appears that what leads to a reservation on a risk management or control rating can be hard to assess. Examples seem to occur regularly of a process being judged ‘adequate’ while noting serious deficiencies but also noting that these are in the process of being rectified and have been reported to FINMA, making it hard to determine the basis for auditors judgments. As deficiencies or reservations are a key flag in FINMAs internal rating system, this approach depends on KAMs judgment and escalating important issues for discussion and decision on whether to intervene. Audit firms report that in certain areas where FINMA guidance is not detailed they will choose to supplement with relevant international guidance or firm-developed methodology. But the approach to that varies across audit firms and these firm-specific methodologies are not included in the standards that ex-post inspections inspect against. FINMA also can set guidance in frequently asked questions (FAQs) on its website. FINMA and banks indicated that these are taken very seriously and can be used by FINMA to respond rapidly rather than issuing a board-approved circular. FAQs will be consistent with requirements in legislation ordinances or guidance in circulars, but can be more specific and essentially contain important additional guidance on FINMA expectations. There was a difference of opinion between audit firms that assessors met, and between various staff within FINMA, as to whether FAQs formed part of the basis of rules and guidance against which regulatory audits are assessing. FINMA also reported that the regulatory audit report is used as information to supervisors but is not necessarily the full reality of the situation. FINMA applies its own judgment in determining ratings and supervisory interventions. (see CP8) Assessors discussed the regulatory audit work effort. On medium size banks, auditors report that up to 10 people can be involved, and the regulatory audit is around 1,000-1,500 hours (135-200 person days). Some 2-3 deeper dive reviews are conducted at major banks annually with a deep dive review normally being 1,000-3,500 hours (135-650 person days). Occasionally the depth and scope will be markedly more. FINMA conducts some 15 of its own reviews a year on average over the past two years on the two category 1 banks together, and approximately 20 in total on category 2 and 3 banks. These totals include reviews with respect to AML/CTF, market conduct issues and compensation so the more prudentially-focused or risk management-focused reviews are about half the total. In some cases these were reviews conducted after material issues were revealed in the marketplace. FINMA reviews generally involve 3-4 persons for a total of 15-40 person days. Assessors discussed this arrangement extensively with FINMA staff at various levels, reviewed documents including examples of supervisory files and discussed the process with representatives of audit firms covering large and smaller and mid-size banks. The review by assessors did not reveal the depth of reviews by audit firms that one would normally find, post-crisis, of risk management and control systems by other supervisors. Assessors’ reviews also noted that in some cases the scope was skewed to specific regulatory requirements and did not consider more general issues of risk management or control effectiveness. FINMA has plans to add more specificity to audit instructions in key risk and compliance areas but significant parts of this will not be in place until 2014 or 2015. Discussions with FINMA staff also revealed difficulty in determining the basis for auditors conclusions in areas where there are only very general requirements (such as what constitutes adequate resources in compliance or risk management), or for understanding the extent to which these conclusions were derived from consistent processes across audit engagements and firms. Prudential audit reports reviewed by assessors often contained considerable factual description of controls or processes and relatively much less on the issues found, their implications or seriousness or the nature of the work done by auditors to support the audit conclusions. FINMA staff participate in on-site work conducted by foreign supervisors, particularly in the UK and the US for the two big Swiss banks. The experience seems to be some 2-4 of these a year (which are included in the number of FINMA reviews noted above). FINMA has participated occasionally in prudential audit firms foreign reviews of large bank operations, but this is not regular practice. FINMA examines the work performed by recognized audit firms, the result of which is communicated at least once a year to the management of the audit firm. Key account managers provide feedback. For the purpose of performing this quality control, FINMA also maintains a special quality control unit. However the number of regulatory reports reviewed is not large (approximately five per year for banks).
EC2	The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.
Description and findings re EC2	See also EC1. FINMA has a well-developed process for planning and executing regulatory audits and for integrating on-site and off-site activities. Assessors looked into how that process is operating in practice. Planning and executing on-site and off-site activities is an integral part of FINMA’s supervisory approach. Before prudential audits are performed by recognized audit firms, FINMA receives from the external auditor their annual risk analysis and, based on this analysis, the planned audit strategy in a preliminary stage. FINMA has to agree to the risk analysis and audit strategy and considers it therefore its own. Audit depth and frequency then depend on the level of risk identified for every audit field. Only following FINMA’s approval does the audit firm start with its detailed audit work. In case of disagreement, FINMA will ask the audit firm to adapt the audit strategy. For its off-site supervision, FINMA has defined work procedures, which are known as “standard operating procedures” or SOP. Frequencies and the time limit for performing the various tasks listed in the SOP are clearly defined and also depend on the combination of category and rating of the bank. One of the listed tasks covers the examination of the long form audit reports that is delivered by the external auditor. Generally the key account manager (KAM) for larger or mid-size banks would examine the whole audit report and communicate with the audit firm, often extensively. For smaller banks that are risk rated green or low, only the summary report needs to be read, unless there are relevant findings and the communication with the audit firm will often be considerably less. Assessors discussed with major audit firms their internal process for quality control. Major firms have second partner review on all regulatory audit engagements. That also included discussing how they ensuring that their audit affiliates in foreign locations understand how regulatory audit work differs from their normal financial statement audit work. Assessors’ review of these reports revealed some difficulty in determining that adequate consistency exists and that it is fully possible to understand the meaning of the output from the regulatory audit (see EC1). Some of the enhanced procedures required by FINMA were introduced relatively recently, as noted in EC1. FINMA and auditors of major and mid-size banks report there is extensive interaction. Also there are clear examples of extensive feedback from FINMA individual KAMs to auditors on FINMA findings and analysis from other sources that may affect the regulatory audit. However considering whether issues from one audit or analysis might affect regulatory audits of other similar institutions is less structured and frequent. Department heads showed a good understanding of the risks facing institutions.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable21 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	Depending on the bank category, different types of reports have to be delivered on a regular basis. For example, banks belonging to category 3 provide quarterly business/risk management reports. The Key Account Manager (KAM) is in charge of analyzing these reports and making sure that the information is reliable. In order to clarify open issues, the KAM stays in direct contact with the bank representative and/or the audit firm. Furthermore, prudential and financial reports are reviewed annually and the concerns are discussed with the audit firm. Moreover, if necessary, other reports are requested such as reports on capital requirements, liquidity coverage, exposure to the group, etc.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts and a broad range of ratios from the rating system; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	FINMA, together with the audit firms, applies a mix of the above-mentioned tools depending on the category and rating assigned to the bank. Annual assessment letters are sent to all banks in category 1-2 and some banks in category 3 (all at least every two years) containing the FINMA rating and the actions needed. Banks get a copy of the regulatory audit report with its reservations and comments, and may get a management letter from the regulatory auditor. FINMA communicates the findings resulting from its activities, i.e., supervisory reviews, special analyses, peer reviews, etc. to the banks. FINMA ensures a timely implementation of the notices of reservation and the recommendations. The audit firm checks the implementation of the relevant issues and confirms their resolution status in the next prudential audit. Stress tests and other information and analysis related to capital (and increasingly liquidity) are highly developed and provided to the KAM, reflecting the capital orientation of the Swiss approach.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	FINMA’s early warning and Camels-based rating system provides substantial quantitative data and qualitative information (capital adequacy, asset quality, management factors, earnings, liquidity, and sensitivity to markets risks) on individual banks and banking groups. Outlier analysis is performed within various peer groups, and the system assesses a range of bank financial information and a large number of ratios against various pre-defined thresholds. A system-generated rating is produced that the KAM then accepts or modifies based on other information or expert judgment. FINMA has developed an internal semi-annual publication, the “Risikobarometer”, to track macroeconomic and regulatory risks and developments. This is similar to financial stability reports published in other countries. FINMA also has an internal semi-annual publication with more in-depth analysis of the real estate market (see answer to principle 8, EC 4). This has lead to additional supervisory reviews, more intensive monitoring capital add-ons under pillar 2 for selective banks. In addition, the SNB has triggered the countercyclical buffer for real estate exposures. Further, FINMA establishes a semi-annual macro-financial stress scenario that is used for the supervisory stress-testing of the two Swiss large banks, known as Loss Potential Analysis. Since 2010, additional analysis of capital plans, based on some of the concepts in the LPA, have been extended to a few institutions in categories 2 and 3. This is designed to provide a better appreciation of their vulnerability. FINMA communicates to the banks the issues identified and the measures which have to be implemented. If necessary, measures to adjust risk measurement or reduce risks are agreed.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	FINMA Circular 08/24 requires that every bank must have an appropriate and qualified internal audit, directly reporting to the board and independent of operational management. A large number of smaller and mid-size banks outsource internal audit to a recognized external audit firm. Regulatory auditors must explicitly confirm in their annual long form reports that: the technical and personal resources are appropriate for internal audit; the necessary professional competences are effectively available; cooperation between the external audit firms and internal audits is adequate; and, the external audit firms have access to the reports of the internal audit, without any limitation. Assessors discussed with regulatory auditors how they form this judgment. Regulatory auditors have extensive communication with internal audit as part of their reviews, which helps inform their judgment. FINMA has also set informal benchmarks as to what internal audit resources it expects relative to the size of the institution.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	The frequency of contacts with the board of directors as well as with senior and middle managers largely depends on the categorization and rating of banks and banking groups. The interaction at the board level for the two category one banks is extensive. Regulatory auditors have the opportunity to observe boards. They do not however do a formal board effectiveness assessment as part of their methodologies. The results of supervisory examinations are also discussed as appropriate with the external auditor. The supervisor also can meet separately with the bank’s independent board members. Based on discussions, assessors have the impression that for other categories of banks the extent of contact is markedly less, especially at the board level.
EC8	The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	Key findings from the ordinary prudential audit performed by the external auditor are captured in writing in the long form report which is submitted to the board and management for discussion and acknowledgment. The results of the on-site reviews conducted by FINMA are also systematically communicated to the bank in written reports and discussed with the appropriate management level. For the two big banks (category 1) and institutions in categories 2 (annually) and 3 (at least every two years), FINMA formally notifies by assessment letters any shortcomings identified and the action required to address them. All assessment letters are provided to both boards and senior management.
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	Tracking of follow-up actions by banks is normally through the prudential audit process, but can also be directly to FINMA. FINMA’s MIS system tracks deficiencies and allows identification of issues that need to be raised with senior management or boards.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	Banks licensing process includes approval of internal documents that set out its product and geographic scope. So any substantive change in a banks’ activities requires making changes to the articles of incorporation and the main Organization and Business Rules. These changes require FINMA’s approval (Art. 3 para 3 BA) Furthermore banks have to notify FINMA before they establish, modify or close a subsidiary, branch, agency or representative office abroad (Art. 3 para 7 BA and Art. 6b BO). Licensing staff reported that they can receive 1,000–1,500 notifications a year from each of the two largest Swiss banks, of which normal year 20–30 are licensing requests (rising to up to 100 in special years). Any adverse matter has to be reported to FINMA by the bank’s audit firm or in the annual audit report.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	Audit firms (and also the persons performing the audit) must be officially recognized by FINMA (see criteria in Circular 13/04 “Audit firms and lead auditors”). They are subject to ex-post quality controls made by a special FINMA unit. FINMA also uses third party experts/firms for performing targeted interventions (investigations of complicated problems/matters; delivery of a second opinion if it is not convinced by the assessments and confirmations given by the ordinary external audit firms). Assessors had extensive discussions and review with various parties as to how these rules are working in practice. (see CP8 and EC1 of CP9 above) When FINMA mandates specific independent reviews, such as for model approval, assessors saw examples of detailed clear instructions.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	For a number of years, FINMA has applied a rating system for banks and banking groups. The rating system provides substantial quantitative data and qualitative information on supervised banks and banking groups. The rating system is one of the main tools available to the supervisor. A large range of standardized reports and specific thematic analyses are centrally prepared to address topical issues and to detect outliers and critical trends.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	FINMA has an internal audit function currently consisting of three people. The internal audit reviews FINMA teams adherence to processes set out in the standard operating procedures, not the content of supervisory reports or risk or rating analysis. FINMA may rely on quality controls carried out by an independent person not attached to the head of supervisory activities (12 intensive controls and 16specific controls were made in 2012). These apply not only to adequacy of procedures but also on risk analyses, audit strategies, and rating analysis, among others.
Assessment of Principle 9	Materially Non Compliant
Comments	The enhancements to on-site and off-site processes put in place recently are appropriate and essential. They start to move FINMA away from the capital-predominant approach of previous agencies, and towards the more intensive supervision prevalent in other jurisdictions after the crisis. However, there is potential for material control or risk management weaknesses to go undetected, and the issues identified in the assessment are not just minor shortcomings. The recent enhancements are in the right direction, although some need to be given time to show results and others need to be materially intensified to achieve the desired goal. Standards for intensive supervision post-crisis have increased considerably. Remedying this is not simple, and it is unclear that compliance can be achieved in the immediate short term given FINMAs commitment to a head-count freeze and the difficulty of enhancing audit procedures, related guidance and instructions quickly. With adequate resources and further changes to processes, remedying the situation can be done within the existing model of use of regulatory auditors. For a jurisdiction with systemically important institutions, the depth of on-site review by auditors and by FINMA is not sufficient. Extensive review appears to occur around capital and risk model processes and outputs for major institutions and on capital and liquidity related quantitative matters including stress tests. The amount of proactive review of the integrity of qualitative risk management and internal control appears less than needed, especially given the major operational and reputational risks to the system. Having annual broad- based supervisory reviews through the regulatory audit process is not a substitute for a sufficient number of proactive targeted in-depth reviews in potentially higher risk and control areas. The basis of conclusions by regulatory auditors is not sufficiently transparent and their scope is not appropriate in certain areas. The focus of regulatory audits on compliance with legal and licensing requirements means that deficiencies in control and governance processes that are not explicitly specified in laws and regulations and circulars, but are part of FINMA expectations, are not being consistently assessed appropriately. A number of detailed reviews appear more reactive than proactive. As well, the on-site process risks too much negotiation of findings, the potential that important findings may be missed or not adequately highlighted, or root cause analysis performed. That requires more effort by FINMA with respect to bringing regulatory audit findings together and assessing them. Cross-system theme reviews may not be performed by auditors to consistent FINMA expectations. There are few cross-system/theme reviews by FINMA. The number of FINMA in-depth reviews of prudential matters appears low. There is insufficient reporting by auditors of the basis for conclusions and of the nature or seriousness of findings. The fact that auditors must reach a formal opinion and the potential seriousness of a formal reservation to the opinion may be reducing the elevation of issues. It is unclear whether on-site findings are sufficiently factored into FINMA assessments and formal feedback to banks. It can be hard for FINMA to tell whether their reliance on auditors is verified. Verification of the trust placed in auditors has increased but appears light. Remedying the situation will require enhanced strategic risk analysis, more focus and depth to the on-site effort on a selective basis to complement the breadth now provided, clearer reporting by auditors to FINMA, more FINMA off-site work across teams to direct and compare work done and findings by auditors (theme reviews) and more and more frequent, in-depth individual or theme reviews by FINMA itself (or through fully independent agents). This should be more proactive in areas likely to be subject to higher risk or control breakdowns. FINMA could also consider whether in certain banks the scope of the base regulatory audit could be reduced from time to time so more audit resources can be redirected to in-depth review of higher risk areas. FINMA participation in on-site work performed by auditors or by foreign supervisors should be substantially increased. That would provide enhanced assurance that prudential audits in those jurisdictions were delivering what FINMA needs.
Principle 10	Supervisory reporting. The supervisor collects, reviews, and analyses prudential reports and statistical returns22 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power23 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	Under general authority of the FINMA act (Art. 29) Banks are required in FINMA “Circular 08/14 – Supervisory reporting for banks” to report their financial results (on-/off-balance sheet assets and liabilities, profit and loss, asset quality, loan loss provisioning) to FINMA. Other reporting duties cover risk topics such as capital adequacy and liquidity in the context of Basel III, large exposures, risk concentrations, details of credit and market risk capital adequacy inputs, and interest rate risk, as well as share ownership. Data is collected at single entity, and in the case of consolidated supervision, also at group level. FINMA legal power to collect information is general and applies to anyone with a qualified participation in a bank, for example controlling entities. So it can be used for specific information requests as well. Supervisors of major banks also have regular access to individual bank information used by the banks for management purposes (including information going to the board and senior management).
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	Articles 23 to 27 of the Banking Ordinance prescribe the chart of accounts and the structure of the accounting disclosure for banks. Supervisory reporting uses the accounting framework that banks use for their own accounts. Some nine banking groups use IFRS and there is one using U.S. GAAP. Other banks use Swiss GAAP in financial statements (which is generally seen as more conservative than international standard—see CP 27). The fact that one of the large banks is on IFRS and the other on U.S. GAAP can make comparability harder in areas such as the trading book.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and are consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	The accounting standards for positions in the trading book are set out in FINMA-Circular 08/02 Accounting – Banks margin Nos. 22–22d which apply on an individual bank level. They include the possibility of using valuation models for less liquid positions and high level expectations for valuation. The supervisory standards are those of the BCBS (which are implemented in FINMA-Circulars 08/20 Market Risk margin Nos. 32–48 and 08/19 Credit Risk – Banks margin No. 391; requirements regarding valuation adjustments for less liquid positions are set out in FINMA-Circular 08/20 Market Risk margin No 47). Consistency of these Swiss standards has recently been confirmed via the Regulatory Consistency Assessment Program (RCAP) for Switzerland. The prudential audit firm comments in the annual regulatory audit report on the adequacy of the valuation framework and the control procedures of the bank.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	Scope and periodicity of standard reports are the same for all banks. Following the risk-based regulatory approach, banks in categories 1 to 3 (banks with an increased systemic importance) have additional, individual reporting duties, where scope and periodicity vary depending on the actual situation.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	FINMA collects from all supervised banks and banking groups quantitative data and qualitative information in a standardized manner. For reports on capital adequacy and liquidity in the context of Basel III and interest rate risk, frequency varies between single entity level (quarterly reports) and group level (semi-annual reports).
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	FINMA has the legal authority in Art. 29 FINMA Act to request and receive from supervised persons and entities all information and documents that it requires to carry out its tasks. This includes also any ad-hoc reports on specific risks and topics and internal management information.
EC7	The supervisor has the power to access24 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	Art. 29 FINMASA determines that FINMA has the power to access all records to carry out its tasks if needed. The supervisor also has similar access to the bank’s board, management and staff, when required. For instance, in the framework of supervisory reviews, additional records are accessed, and management and staff are interviewed.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines-the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	Due to the Swiss supervisory approach, the prudential audit firm confirms annually if the bank or the banking group is compliant with applicable reporting requirements, and if deadlines were met. FINMA does not have explicit authority to sanction banks for misreporting.
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.25
Description and findings re EC9	In the framework of the annual regulatory audit, the external auditor confirms the accuracy of the quantitative data and the qualitative information reported to FINMA. Quantitative data is collected by the Swiss National Bank (SNB) for FINMA, and SNB performs verification checks. Art. 22 of the Federal Act on the Swiss National Bank determines that the prudential audit firm has to examine annually that banks are compliant with the duty to provide information.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,26 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	Assessors saw examples of specific instructions for such reviews (e.g., to support model approval applications). These were extensive and clear. Assessors did extensive reviews of other supervisory files and internal instructions and methodology documents, as well as held discussion with FINMA staff, line supervisors, and representatives of audit firms and banks. These revealed a number of issues with how this approach works in practice, including that lack of specificity in supervisory guidance reduces the clarity of how regulatory auditors are interpreting these standards. These are covered and rated under CP9 (supervisory techniques and tools).
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	Auditors are required to bring to FINMA’s attention material shortcomings. Assessors saw considerable evidence of this in practice, as it is embedded in the model of use of auditors.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	Periodically, FINMA reviews its data collection and determines if this information still meets its needs. If not, modifications in scope and content are made. Assessors saw evidence of this in practice. Due to the time required for implementing changes FINMA also uses ad hoc focused reporting from major banks or groups of banks on specific topics from time to time.
Assessment re Principle 10	Compliant
Comments	While the use of different accounting standards reduces the potential comparability of supervisory reporting, the similarities in accounting in practice are not serious enough to undercut this compliant rating. FINMA should be given explicit authority to sanction banks for misreporting.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	Regulatory and supervisory shortcomings are addressed, and corrective action requested, both orally in supervisory meetings and in writing in supervisory assessment letters—These also contain the rating of the bank (a compressed version of the camels 1–9 rating scale). For institutions in category 1 and 2 (and category 3 banks that are medium or higher risk) assessment letters are annual. For lower risk category 3 banks the assessment letter is every second year, and there is no requirement for regular assessment letters for category 4 and 5 banks. Assessment letters would be sent if material issues warrant it. Banks get a copy of every annual or specific regulatory audit report including actions necessary. In addition to assessment letters, formal written communication occurs after any specific supervisory review conducted by FINMA. Corrective measures are monitored on the basis of written progress reports delivered to FINMA, typically on a monthly basis, but more frequent reporting is requested where appropriate, until the matter is resolved. Often regulatory follow up is done as part of the audit.
EC2	The supervisor has available27 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	FINMA has specific tools and also uses its general authority (including authority to license institutions) to impose other conditions, short of formal enforcement actions, as a means of reducing risk and/or providing incentives for institutions to rectify problems. These include limits on business activity, Pillar 2 surcharges and other measures. The FINMA act also gives FINMA formal enforcement authority. This applies where a bank “violates provisions of the legislation or if there are other irregularities”. This follows an administrative procedure run by FINMA. The burden of proof is lower than in other proceedings. In situations where speedy action is necessary interim enforcement decrees are possible. Decrees are appealable on legal or procedural grounds, but not generally on the discretion of FINMA in interpreting regulatory standards or requirements. Assessors saw ample evidence that these provisions are used in practice. Decrees are not limited in what they can cover and can, for example be used if necessary to restrict or prohibit certain business activities, request management changes, set capital ratios, suspend shareholders’ voting rights or withdraw an institution’s license. FINMA confirmed to assessors that restrictions are normally possible without resorting to decrees or other formal enforcement mechanisms. FINMA does not have ability to impose monetary penalties. Assessors discussed this with FINMA staff and leadership. They believe that having this tool is not essential to achieving their mandate in bank supervision. In addition, to impose fines, higher standards of proof would likely be required than now needed for enforcement orders. Lastly, FINMA can (and does) refer serious matters for criminal enforcement, where fines are possible. Assessors are not aware of circumstances where achievement of prudential goals was undercut through lack of ability to impose fines. In addition, FINMA can confiscate profits made by supervised entities through serious violation of supervisory provisions. (Art. 35 FINMASA)
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	If an institution is, based on FINMA’s judgment, at risk of breaching general capital thresholds set by statutory law or individual capital thresholds set by FINMA, FINMA may intervene by requesting or requiring capital injections or other appropriate measures to improve capitalization. FINMA is authorized to take corrective measures if an institution does not meet capital requirements, up to and including revocation of license or institution of insolvency proceedings (see also principles 8 and 9). FINMA has experience of using these tools. The process is also applied in case of breach of liquidity thresholds.
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	Depending on the gravity of a situation, the following actions are taken: 1. Regular intervention: FINMA will address the issue with the bank under its regular supervision, or if necessary with the special team focusing on intensive supervision. It may request the bank to take immediate corrective measures to restore compliance with the law and set time limits for the implementation. Such corrective measures might include the restriction of the current business activities of the bank (e.g., prohibition of business activities in certain markets), imposing more stringent prudential limits and requirements (e.g., capital or organizational requirements), withholding approval of new business activities or acquisitions (e.g., acquisitions of other business units/teams), restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, and replacing or restricting the powers of managers, board members or controlling owners. If the bank does not implement the requested corrective measures, the issue will be further escalated under regular supervision and may lead to enforcement proceedings. 2. Enforcement: If (a) the bank does not implement the requested corrective measures under its regular supervision (b) it is apparent that the bank is unable or unwilling to implement the required corrective measures or (c) the situation poses immediate risks to the bank or the banking system or to the interests of depositors, FINMA will open administrative enforcement proceedings (Art. 30 Financial Market Supervision Act, FINMASA; see Enforcement policy). Interim measures: In enforcement proceedings, FINMA can order interim measures to safeguard the situation. In particular, FINMA can appoint an investigating agent to implement the required corrective measures (Art. 36 FINMASA). Depending on its mandate, the investigating agent has the authority to act for the bank instead of the former management (i.e., interim management). Final measures: In enforcement proceedings, FINMA can order the restoration of compliance with supervisory law (Art. 31 FINMASA). In this regard, FINMA has a technical discretion in deciding which corrective measures are required to restore compliance. In the past, FINMA has ordered banks to implement a wide range of corrective measures under this title. For example, FINMA has decided to restrict the cross-border activities of a bank or ordered the closing of branch offices in order to limit business risks. Furthermore, FINMA is able to impose prudential limits and requirements on a bank’s business, withhold approval of new activities or acquisitions, restrict or suspend payments to shareholders or share purchases and restrict asset transfers. FINMA may bar a person from acting in a management capacity in the banking sector for a period of up to five years if he/she is responsible for serious violation of supervisory law (Art. 33 FINMASA). Moreover, it can prevent a bank from engaging a person for a senior executive position, who does not provide assurance of proper business conduct (Art. 3 para let. c BA). FINMA may also replace or restrict the powers of managers or board members. In this regard, FINMA is authorized to appoint an investigating agent, as noted above. FINMA also may suspend the voting rights of controlling owners if their conduct is detrimental to the institution (Art. 23ter BA). Often a bank will implement the required corrective measures while the enforcement proceedings are still open. If this is the case, FINMA may still issue a declaratory ruling (Art. 32 FINMASA) and make its final ruling public (“name and shaming”, Art. 34 FINMASA). In addition, FINMA is authorized to disgorge profits made through a serious violation of the supervisory provisions (Art. 35 FINMASA). 3. Resolution: If a bank no longer fulfills the requirements for its activities or seriously violates the supervisory provisions, FINMA can revoke the bank’s license (Art. 37 Para 1 FINMASA). It will be dissolved. In this regard, FINMA may appoint one or several liquidators responsible for the interim management of the bank (Art. 33 Para 2 BA). As part of the restructuring of a bank (Art. 25 f. BA), FINMA may also facilitate a takeover by or merger with a healthier institution. Assessors reviewed the use of enforcement powers applying to banks with FINMA staff. It is clear that they are used in practice. Over the recent past there have been up to 20–25 bank exits a year, of which 3–4 have been involuntary through liquidation or enforcement action, and the rest through voluntary exit and M&A.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	If necessary FINMA opens enforcement proceedings against individuals for violations of supervisory law. If it finds that a person is responsible for a serious violation of supervisory provisions, FINMA may prohibit this person from acting in a management capacity in the banking sector for a period of up to five years (Art. 33 FINMASA). This situation is far less frequent than actions against banks. In addition, if a person is involved in improper business conduct, FINMA may find that the person no longer provide assurance of proper business conduct (Art. 3 para 2 let. c BA) and is, therefore, unfit to serve as a senior executive officer in the banking sector. If FINMA has doubts regarding an individual’s ability to provide assurance of proper business conduct, it will issue a letter with this requirement to the individual where it deems such action to be warranted. The person will also be registered in a “Watch List”. Should the individual thereupon apply for an influential management position, FINMA will assess whether he/she is fit to serve in this specific position based on available evidence of past conduct.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	FINMA is authorized to take corrective actions that are required to shield an institution from any financial or other risks connected to its parent company, affiliates, shareholders or other related entities (e.g., in parallel-owned banking structures). Such measures may include financial ring-fencing, additional capital requirements, restrictions on dividend payments or organizational measures (e.g., a management structure that is entirely or substantially independent of related entities). FINMA may also suspend the voting rights of a shareholder if their conduct is detrimental to the institution (Art. 23ter Banking Act). Certain of these measures have been used in recent years.
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	FINMA has required the two major banks to prepare recovery and resolution plans, and has had extensive discussions with these banks of those plans. FINMA is assessing what changes in banks structure and operations are needed to enhance resolvability. FINMA has also lead supervisory crisis management colleges to consider these matters involving the U.S. and the U.K. FINMA is the liquidation authority for banks and has considerable experience in managing exits from the sector effectively over the recent past. Insolvency authority for FINMA is shortly to be extended to holding companies in financial groups. FINMA is also strengthening its effort over smaller banks.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	There is no explicit early intervention framework with defined timelines contained in laws or regulations. However under FINMA policies and procedures, banks rated below certain levels must be considered for special supervision and intervention. FINMA standard operating procedures define timelines within which, depending on the rating, supervisory actions shall be taken. FINMA is liable if it has committed a breach of fundamental duties (Art. 19 FINMASA), which provides an incentive to act.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	FINMA is an integrated supervisory agency, including investment funds and insurance business. Therefore, awareness and coordination are implicit features by design, also with respect to the non-bank related entities of a bank (group or conglomerate). In addition, FINMA shares relevant information and cooperates with federal and cantonal prosecution authorities as well as other domestic regulators, such as the Federal Audit Oversight Authority, the Swiss National Bank, the Takeover Board, the self-regulatory organizations (SROs) under the Anti-Money Laundering Act (AMLA), the relevant bodies of the Swiss stock exchanges and the Competition Commission based on Swiss law.
Assessment re principle 11	Compliant
Comments
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.28
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	FINMA law and regulations define a banking group as two or more companies at least one of which is active as a bank or securities dealer or they are active in the financial area or they form an economic unit. Financial conglomerates are banking or securities groups that also include an insurance company. In addition to the two large banks, FINMA supervises more than 100 Swiss banking groups or sub-groups. One of the two major banks operates in a holding company structure; the other is headed by a licensed bank. FINMA advised that for mid-size banks a typical structure would have one or more banks, and asset management companies under a holding company. Individual banks and financial institutions are licensed by FINMA. Under the legislation holding companies are not formally authorized but integrated into the consolidated supervision performed by FINMA. FINMA has several methods to ensure understanding of the group and its activities. The major source of information flows from the licensing process for authorized institutions, which approves internal corporate documents that set out the bank structure, business lines and geographic scope. As part of this process FINMA also requires this information related to the group structure. Changes in the structure of the bank and its entities, and changes in the group structure below the holdco require approval or notification. In addition, under Art. 3 para 7 BA and Art. 6b para 1 BO, banks must notify FINMA if they intend opening a subsidiary, a branch, an agency or a representation office in a foreign country. The information provided must refer to the business plan, the persons in charge of the management of the local entity, the local audit firm and the name of the host supervisor. This requirement for notification is extended by FINMA to holding companies as part of the licensing process of the banking entities in the group. As well, the regulatory audit reports at the conglomerate level must contain information on the up-to-date group structure. These reports must also contain information and opinions on such matters as: (a) adequacy of group corporate governance, (b) adequacy of measures in place in order to make sure that the requirements relating to capital, risk diversification and liquidity are observed at consolidated level, (c) adequacy of consolidated risk management and efficiency of central functions dedicated to control, mitigation and risk reporting, (d) adequacy of group internal audit, (e) adequacy of measures for ensuring compliance with Swiss and local prudential and behavior rules, notably anti-money laundering rules, (f) confirmation that intra-group exposures and commitments have been approved and are well-supervised, (g) confirmation that entities abroad are not used to get around Swiss provisions. Assessors review of these reports and discussion with FINMA staff and banks indicates that they have a good comprehension of group structures. FINMA legislation provides FINMA with a legal right to information on any entities that hold a direct or indirect majority participation in the bank. This is the legal basis for FINMA collection of information on the group from the holding and from its controlling entities if necessary. Risk profiles of groups are part of the regulatory audit process (see CP8/9). Assessors did not see examples where upstream non-financial risks or risks from non-financial affiliates of the bank were formally considered in risk assessments. These entities may or may not be part of the consolidated group but nevertheless need to be part of risk assessment. Risk assessment instructions to audit firms do not clearly require such an assessment. FINMA has experience in ring fencing part of a group. It also has limited its scope of consolidated supervision in certain cases, so that the group must limit its exposures to entities outside the scope of the consolidation.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure.
Description and findings re EC2	The legal requirements with respect to groups are contained in the banking act and ordinances, with further expansion in certain FINMA circulars. The law subjects financial groups to FINMA supervision. FINMA does not have the power to license or authorize groups or group holding companies. However, under the banking act, FINMA can make its authorization of individual banks dependent on adequate consolidated supervision. FINMA uses this general power extensively. Art. 3f BA requires that financial groups must be organized such that the material risks are identified, controlled, and limited. The banking ordinance (Art. 14a) sets out that FINMA supervision at the group level is designed to determine (among other things): whether the group is appropriately organized, has an adequate internal control system, identifies limits and monitors risks appropriately, complies with provisions on capital adequacy and risk concentrations and has adequate liquidity. The group must have the same audit firm for all entities. In addition, the law requires that management and board at group level must be fit and proper and manage properly. The law provides for FINMA to apply rules on capital adequacy, liquidity, risk distribution and intra-group positions at group level, either in general or in individual cas