SWITZERLAND Law and Practice Contributed by: Lukas Morscher, Lukas Staub and Jil Eichenberger, Lenz & Staehelin
ing to IT providers in certain industries, such as finance, telecommunications and the public sec - tor. In regards to financial services, the sector- specific regulation set out below applies to the outsourcing of business areas (infrastructure or business processes). Professional Secrecy and Banking Secrecy The various professional secrecies applicable to certain Swiss industries such as lawyers, auditors, banks and other financial institutions prohibit the disclosure of client-identifying data (CID) to third parties whether within or outside Switzerland subject to criminal sanctions up to imprisonment. CID may therefore only be shared with third parties (eg, suppliers) as provided by law or if the relevant customers have provided consent. In the absence of an established court practice, the highest certainty would need to be provided by specific and separate prior writ - ten consent. More and more institutions such as banks are relying on consent provided for in their general terms of business. Market practice based on some recent views (which were also published through the Swiss Bankers Associa - tion (the “SBA”)) increasingly take the position that an individual waiver is not required for dis - closing CID to a service provider even abroad in case of sufficient contractual guarantees and appropriate technical and organisational meas - ures. Professional secrecies do not restrict transfer - ring encrypted or fully anonymised data (where the recipient cannot identify individual custom - ers). The FINMA Outsourcing Circular The FINMA’s Outsourcing Circular in essence covers all institutions supervised by the FINMA including banks, insurers, managers of collective assets, fund managers and self-managed socié-
tés d’investissement à capital variable (SICAVs) and branches of equivalent foreign financial institutions. Before outsourcing significant business areas, these institutions must comply with the detailed measures set out in the Outsourcing Circular, including the following. • The obligation to keep an inventory of all out - sourced services, which must include: (a) proper descriptions of the outsourced function; (b) the name of the service provider and any subcontractors; and (c) the service recipient and the person or department responsible within the com - pany. • Careful selection, instruction and control of the supplier. • Conclusion of a written contract or a contract in some other format that can be evidenced in text form with the supplier setting out, among other things, the services to be provided, security and business continuity requirements as well as audit and inspection rights. The customer remains responsible for oversee - ing outsourced business areas. Swiss banks, securities firms and insurers must also account for the increased operational risks associated with outsourcing to independent service provid - ers, which can result in additional capital require - ments. Essential Service Outsourcing A financial market infrastructure subject to the Financial Market Infrastructure Act (the “FMIA”) and the implementing ordinance (the “FMIO”) (which includes a stock exchange, multilateral trading facility, central counterparty, central securities depository, trade repository or pay -
468 CHAMBERS.COM
Powered by FlippingBook