On 1 July 2017 the new FINMA circular 2017/1 “Corporate governance – banks” entered into force at the same time as the revised circulars 2010/01 “Remuneration schemes” and 2008/21 “Operational risks – banks”.
1. FINMA Circular 2017/1
FINMA has revised its corporate governance requirements for banks and consolidated the provisions of circular 2008/24 on the supervision and internal control – banks, the associated FAQ and the requirements contained in other circulars to create a new circular called corporate governance.
1.1. Scope of application
The circular applies to banks, securities dealers, financial groups (Art. 3c para. 1 Banking Act, “BA”) and financial conglomerates dominated by banking or securities trading (Art. 3c para. 2 BA). According to the principle of proportionality outlined in FINMA’s circular, the requirements are to be implemented on a case-by-case basis, giving due consideration to the size, complexity, structure and risk profile of each institution. FINMA can relax the rules in individual cases (or even tighten them). Institutions should check some requirements according to the principle of proportionality and, in necessary, demand relaxation of the rules to FINMA.
1.2 Duties and responsibilities of the board of directors
Crucial are the minimum requirements for the composition of boards and the qualifications of their members. The FINMA circular sets out the rules for the establishment, supervision as well as duties and responsibilities of risk control and compliance functions.
According to the circular § 17 at least one third of the board of directors consists of independent members.
1.3 Internal control system
FINMA imposes at least two controlling bodies within the Internal Control System, ICS: the revenue-generating units, and the control bodies which are independent of them.
1.4 Group structures
FINMA underlines that the circular applies by extension to financial groups and conglomerates.
1.5 Transitional provisions
FINMA sets a deadline of one year starting from the entry in force of the circular (therefore until the 1 July 2018) for the implementation of most of the new requirements.
2. FINMA Circular 2010/1 “Remuneration Schemes”
The changes regarding the provisions of the FINMA circular 2010/1 “Remuneration schemes” circular must now only be applied in full by the biggest institutions (banks: equity capital of at least CHF 10 billion; insurance companies: equity capital of at least CHF 15 billion). However, FINMA the principles set out in the circular remain a key guideline for all banks and insurance companies.
Principle 1: The board of directors is responsible for the design and implementation of a remuneration policy and issues the rules relating thereto.
The board of directors shall approve the remuneration of senior management, heads of the control functions and the total pool of the firm on a yearly basis.
Principle 2: The remuneration scheme is simple, transparent, enforceable, and oriented towards the long term.
The remuneration scheme shall ensure a sufficient degree of continuity. It is to be designed in such a manner that it is acceptable irrespective of the firm’s actual business performance.
Principle 3: The firm’s independent control functions and experts are involved in designing and applying the remuneration scheme.
Principle 4: The structure and level of total remuneration is aligned with the firm’s risk policies and designed so as to enhance risk awareness.
Principle 5: Variable remuneration is funded through the long-term economic performance of the company.
If results are poor, the total pool is to be reduced or omitted completely.
Principle 6: Variable remuneration is granted according to sustainable criteria.
A serious violation of internal rules or external provisions shall result in a reduction or forfeiture of variable remuneration (malus).
Principle 7: Deferrals link remuneration with the future development of performance and risk.
Principle 8: Control functions are remunerated in a way so as to avoid conflicts of interest.
Principle 9: The board of directors shall report annually on the implementation of the remuneration policy.
Principle 10: Any deviation from these principles is permissible only in justified exceptional circumstances and must be disclosed.
3. FINMA Circular 2008/21 “Operational Risks – Banks”
The revision of the “Operational risks” circular concerns mainly provisions in relation to managing cyber risks and the substantiation of guidelines dealing with risks in cross-border financial services. In order to protect sensitive and critical data and IT systems from cyber-attacks, banks should regularly ensure vulnerability assessments and penetration testing.