Insights

A little over two years after the revised data protection legislation came into force, and with a wealth of implementation experience under our belts, most people are now much more aware of the complexity of the subject matter. This article highlights areas where the Federal Data Protection and Information Commissioner (FDPIC) has identified a need for action in the course of its supervisory activities, the data protection risks that can be gleaned from the recently published FINMA Risk Monitor 2025, and the challenges this poses for financial institutions. It then briefly discusses data protection aspects of the use of artificial intelligence (AI).

The revised Swiss Data Protection Act (DPA) has been in force since September 1, 2023. Many financial service providers have implemented the new regulations in the meantime. In some cases, there are uncertainties regarding the disclosure of personal data abroad. Many companies are dependent on foreign (particularly American) software solutions.

Preventing greenwashing is becoming one of the key tasks for ensuring credibility and trust in the financial market.

What asset managers of collective assets need to know about the new regulations.

Since the end of the transition period on 1 January 2024, member institutions of the Swiss Bankers Association (SBA) have had to take into account the "Guidelines for financial service providers on the integration of ESG-preferences and ESG-risks into investment advice and portfolio management" in their new client business - for existing clients, the transition period runs until 1 January 2025. Below, we inform you about the main changes and outline the possible need for action for other financial service providers such as asset managers.

Die FINMA führte im Frühling 2023 eine Erhebung zur Geldwäscherei-Risikoanalyse bei über 30 Banken durch und stellte erhebliche Defizite fest. Sämtliche Geldwäschereirisiken, denen ein Finanzintermediär ausgesetzt ist, müssen identifiziert, erfasst, analysiert und bemessen werden. Dies beinhaltet auch das Festlegen einer Risikotoleranz mit Schwellenwerten. Damit wurde ein komplettes Geldwäscherei-Risikomanagement erwartet, was die FINMA in ihrer Aufsichtsmitteilung 05/2023 vom 24. August 2023 schliesslich publizierte.

The new Data Protection Act will come into force on 1 September 2023 – the deadline is approaching. What should financial service providers do in the next 3 months to drive the implementation forward? What are the biggest challenges?