SWITZERLAND Law and Practice Contributed by: Lukas Morscher and Lukas Staub, Lenz & Staehelin
• The outsourcing of a significant business area by a bank (including holders of the fintech licence; see 2.5 Regulatory Sandbox ) does not require FINMA approval provided the requirements of FINMA Circular 2018/3 Outsourcing (the “Outsourcing Cir - cular”, which applies to banks, insurers, managers of collective assets, fund managers and securities firms) and applicable data protection legislation are complied with. Courtesy notifications to FINMA should be considered for material outsourcing transactions. • Under FinIA, financial institutions (eg, asset manag - ers, trustees, securities firms and fund managers) must reflect the functions being outsourced as well as the possibility of sub-outsourcing in their organi - sational regulations, which are subject to FINMA approval. • The outsourcing of essential functions by insurance or reinsurance companies domiciled in Switzerland (or Swiss branches of foreign insurance compa - nies) constitutes a business plan change that must be notified to FINMA. Notification must be made within 14 days after the signing date of the out - sourcing agreement and is considered approved by FINMA unless an investigation is opened within four weeks after notification has been made. Each entity subject to one of the foregoing outsourc - ing regimes continues to bear responsibility for the outsourced business areas, so it must ensure the proper selection, instruction and control of the suppli - er. Furthermore, it is a common requirement in all out - sourcing regimes to conclude a written contract with the supplier that sets out, among other things, clearly assigned responsibilities as well as audit and inspec - tion rights. If a significant function is outsourced, the service provider is subject to information and report - ing duties to, and audits by, FINMA. Regulated entities subject to the Outsourcing Circu - lar must comply with the detailed measures set out therein, including: • the obligation to keep an inventory of all out - sourced services (which must include proper descriptions of the outsourced function, the name of the service provider and any subcontractors,
the service recipient and the person or department responsible within the company); • conclusion of a written contract with the supplier setting out, among others, security and business continuity requirements; and • if outsourcing to a foreign supplier, ensuring that restructuring or resolving the company in Switzer - land remains possible, and that the information required for this purpose is accessible in Switzer - land at all times. Regulated entities subject to FinIA may only delegate tasks to third parties who have the necessary skills, knowledge, experience and authorisations to perform that task. 2.9 Gatekeeper Liability FINMA-regulated entities, as well as those responsi - ble for their management, must provide guarantees of irreproachable business conduct. Furthermore, regulated entities, as well as their statutory auditors, are required to notify FINMA of any events that are of material relevance to FINMA’s supervision. Therefore, to a certain extent, fintech providers that are FINMA- regulated also act as gatekeepers. From a civil law perspective, and as a general principle, a fintech provider would be liable for damages result - ing from negligence or wilful misconduct in breach of applicable law or contractual obligation. However, under Swiss civil law, liability can be limited or even excluded to a large extent by contractual agreement. Civil liability would thus have to be assessed on a case-by-case basis. 2.10 Significant Enforcement Actions FINMA has executed several enforcement proceed - ings in the fintech industry, in particular in the case of initial coin offerings (ICOs) that were suspected of acting as a bank without being authorised to do so (ie, accepting deposits from the public without a banking licence; see 2.2 Regulatory Regime). In its annual report for 2022, FINMA stressed its supervisory focus on capital and liquidity requirements. In relation to this, FINMA stated in said report that certain com - panies holding a fintech licence faced financial obliga - tions that threatened their solvency and/or liquidity.
805 CHAMBERS.COM
Powered by FlippingBook