Insights

The number of successful cyber attacks has been increasing for years. Cyber attacks are therefore one of the main risks for FINMA-supervised institutions. The new FINMA Guidance 03/2024 now describes specific requirements for dealing with cyber risks and answers common questions about reporting obligations. Although it is aimed at larger and more highly regulated institutions such as banks, the principles are also applicable as a guidance to smaller and medium-sized portfolio managers (Art. 17 of the Financial Institutions Act [FinIA]). In particular, the boards of directors of the institutions must also be prepared.