SWITZERLAND Law and Practice Contributed by: Lukas Morscher and Lukas Staub, Lenz & Staehelin
authorities (eg, in the area of data protection), no-action letters are less common. 2.8 Outsourcing of Regulated Functions The outsourcing of significant business areas of regulated entities is subject to certain require - ments. In essence, Swiss financial market law sets forth three different outsourcing regimes. • The outsourcing of a significant business area by a bank (including holders of the fintech licence; see 2.5 Regulatory Sandbox ) does not require FINMA approval provided the requirements of FINMA Circular 2018/3 Out - sourcing (the “Outsourcing Circular” , which applies to banks, insurers, managers of col - lective assets, fund managers and securities firms) and applicable data protection legisla - tion are complied with. Courtesy notifications to FINMA should be considered for material outsourcing transactions. • Under FinIA, financial institutions (eg, asset managers, trustees, securities firms and fund managers) must reflect the functions being outsourced as well as the possibility of sub- outsourcing in their organisational regulations, which are subject to FINMA approval. • The outsourcing of essential functions by insurance or reinsurance companies domi - ciled in Switzerland (or Swiss branches of foreign insurance companies) constitutes a business plan change which must be noti - fied to FINMA. Notification must be made within 14 days after the signing date of the outsourcing agreement and is considered approved by FINMA unless an investigation is opened within four weeks after notification has been made. Each entity subject to one of the foregoing out - sourcing regimes continues to bear responsibil - ity for the outsourced business areas, so it must
ensure the proper selection, instruction and con - trol of the supplier. Furthermore, it is a common requirement in all outsourcing regimes to con - clude a written contract with the supplier that sets out, among other things, clearly assigned responsibilities as well as audit and inspection rights. If a significant function is outsourced, the service provider is subject to information and reporting duties to, and audits by, FINMA. Regulated entities subject to the Outsourcing Circular must comply with the detailed measures set out therein, including: • the obligation to keep an inventory of all outsourced services (which must include proper descriptions of the outsourced func - tion, the name of the service provider and any subcontractors, the service recipient and the person or department responsible within the company); • conclusion of a written contract with the sup - plier setting out, among others, security and business continuity requirements; and • if outsourcing to a foreign supplier, ensuring that restructuring or resolving the company in Switzerland remains possible, and that the information required for this purpose is accessible in Switzerland at all times. Regulated entities subject to FinIA may only del - egate tasks to third parties who have the neces - sary skills, knowledge, experience and authori - FINMA-regulated entities, as well as those responsible for their management, must provide guarantees of irreproachable business conduct. Furthermore, regulated entities, as well as their statutory auditors, are required to notify FINMA of any events that are of material relevance to sations to perform that task. 2.9 Gatekeeper Liability
811 CHAMBERS.COM
Powered by FlippingBook