6 December 2016 – In a press release dated 6 December 2016, the Swiss Financial Market Supervisory Authority (FINMA) published a draft update to its Circular 2008/7 (the so-called Outsourcing Circular).

The announcement (available here, together with the draft and other relevant documents) highlights the fact that the Outsourcing Circular has been entirely revised in order to cope with the fast-growing practice of outsourcing. As one of the major modifications, the revised Outsourcing Circular will not only keep applying to the banking sector but will also apply to the insurance sector.

The draft contains various other modifications and novelties. As far as data protection is concerned, the rules currently found in the Circular (Sections 31–33; 36 and 37–39) have been removed. This has been done so as to avoid potential or actual contradictions between the provisions of the Circular and the Federal Data Protection Act (FDPA). This does not mean, however, that data protection will in any way be lessened. In fact, the FDPA and its requirements will continue to apply to outsourcings. Further, when handling electronic client data, Swiss banks must ensure compliance with the principles set forth in Appendix 3 to FINMA Circular 2008/21 (Operational Risks – Banks).

The 8-page draft Outsourcing Circular is now undergoing a consultation period, which will end on 31 January 2017. The adoption of the revised Circular, in its present draft form, is therefore not yet guaranteed.