In the digital age, protecting critical data has become a top priority for financial institutions worldwide. Recognizing the significance of robust data risk management, the Swiss Financial Market Supervisory Authority (FINMA) issued the FINMA 2023/1 circular which details the management of operational risk regarding technologies, critical data, and cyber risks. The financial regulation will be enforced on January 1, 2024, to address data risks and the overall protection of critical data.

Section D of the circular contains specifications on how financial institutions in Switzerland should manage data risk. The circular clearly defines processes, procedures, tasks, and specific responsibilities for handling data identified as critical.

What is critical data risk management?

Critical data risk management is the process of identifying, assessing, and mitigating risks associated with sensitive and crucial data within financial institutions. It involves safeguarding data integrity, confidentiality, and availability, as well as addressing risks related to data breaches, cyber threats, and unauthorized access.

Reduce Data Risk Today

FINMA requirements for mitigating critical data risk

FINMA’s recent circular on operational risks and resilience serves as a significant milestone in strengthening the operational resilience of financial institutions in Switzerland. By outlining key provisions and requirements, FINMA aims to enhance the stability and continuity of financial services while mitigating operational risks. Financial institutions should proactively embrace the circular’s recommendations on:

  • Data Discovery:
    “The institution shall identify its critical data in a systematic and comprehensive way, categorize it on the basis of its criticality and define clear responsibilities.”
  • Data Lifecycle Management:
    “The critical data defined by the institution must be managed throughout its entire lifecycle.”
  • Data Protection:
    “In the management of critical data, in particular, the confidentiality, integrity, and availability of the critical data must be ensured through appropriate processes, procedures, and controls.”
  • Data Access:
    “Critical data must be adequately protected from being accessed and used by unauthorized persons during operations and during the development, change, and migration of ICT. This also applies to critical data in test environments.”
  • Cross-Border Data Transfers:
    “If critical data is stored outside of Switzerland or if it can be accessed from abroad, increased risks associated with this must be adequately mitigated and monitored via suitable means and the data afforded particular protection.”
Meet FINMA Requirements with BigID

How BigID helps with FINMA data risk management requirements

BigID enables organizations to meet and manage FINMA data risk requirements with an automated, scalable approach to discover, classify, and protect critical information to achieve compliance. With BigID, organizations get:

See how BigID helps organizations find critical data, limit or restrict access to data, and remediate risk to stay compliant with FINMA. Get a 1:1 demo with our data privacy experts.