Switzerland’s FINMA Focus: Critical Data Risk Management

In the digital age, protecting critical data has become a top priority for financial institutions worldwide. Recognizing the significance of robust data risk management, the Swiss Financial Market Supervisory Authority (FINMA) issued the FINMA 2023/1 circular which details the management of operational risk regarding technologies, critical data, and cyber risks. The financial regulation will be enforced on January 1, 2024, to address data risks and the overall protection of critical data.

Section D of the circular contains specifications on how financial institutions in Switzerland should manage data risk. The circular clearly defines processes, procedures, tasks, and specific responsibilities for handling data identified as critical.

What is critical data risk management?

Critical data risk management is the process of identifying, assessing, and mitigating risks associated with sensitive and crucial data within les institutions financières. It involves safeguarding data integrity, confidentiality, and availability, as well as addressing risks related to data breaches, cyber threats, and accès non autorisé.

FINMA requirements for mitigating critical data risk

FINMA’s recent circular on operational risks and resilience serves as a significant milestone in strengthening the operational resilience of financial institutions in Switzerland. By outlining key provisions and requirements, FINMA aims to enhance the stability and continuity of financial services while mitigating operational risks. Financial institutions should proactively embrace the circular’s recommendations on:

• Découverte de données :
  “The institution shall identify its critical data in a systematic and comprehensive way, categorize it on the basis of its criticality and define clear responsibilities.”
• Gestion du cycle de vie des données :
  “The critical data defined by the institution must be managed throughout its entire lifecycle.”
• Protection des données :
  “In the management of critical data, in particular, the confidentiality, integrity, and availability of the critical data must be ensured through appropriate processes, procedures, and controls.”
• Data Access:
  “Critical data must be adequately protected from being accessed and used by unauthorized persons during operations and during the development, change, and migration of ICT. This also applies to critical data in test environments.”
• Transferts de données transfrontaliers :
  “If critical data is stored outside of Switzerland or if it can be accessed from abroad, increased risks associated with this must be adequately mitigated and monitored via suitable means and the data afforded particular protection.”

How BigID helps with FINMA data risk management requirements

BigID enables organizations to meet and manage FINMA data risk requirements with an automated, scalable approach to discover, classify, and protect critical information to achieve compliance. With BigID, organizations get:

• Découverte de données en profondeur : BigID helps organizations discover and inventory their critical data, including financial information covered by FINMA. This enables organizations to understand what data they have and where it is located, which is an important first step in achieving compliance.
• Classification précise : Avec une correspondance de valeur exacte, BigID graph based technology can identify and classify critical data dans n'importe quel environnement tel que la messagerie électronique, les lecteurs partagés, les bases de données, les lacs de données et bien d'autres.
• Cartographie efficace des données : Cartographier automatiquement PII et PI aux identités, entités et résidences pour relier les points dans vos environnements de données.
• Gestion simplifiée du cycle de vie des données : Accurately find, classify, catalog, and tag your data and easily enforce governance & control – from retention to deletion.
• Gestion de l'accès aux données basée sur le ML : For full compliance with FINMA, BigID helps mitigate risk with significant open-access requirements to remediate file access violations on critical data across all data environments.
• Transferts de données validés : Create policies and assign Swiss residency to data and enforce data residency requirements, monitor and alert on transferts de données transfrontaliers.
• Remédiation efficace : BigID permet de définir l'action corrective liée aux données critiques pour fournir des enregistrements d'audit avec intégration aux systèmes de billetterie comme Jira pour des flux de travail transparents.

See how BigID helps organizations find critical data, limit or restrict access to data, and remediate risk to stay compliant with FINMA. Get a 1:1 demo with our data privacy experts.

Auteur

Verrion Wright

Stratégie et développement du contenu

Verrion Wright est un spécialiste du marketing très expérimenté et ambitieux, avec plus de 20 ans d'expérience dans le marketing produit, le développement de contenu et la stratégie numérique. Il a occupé des postes de direction dans divers secteurs, notamment les services informatiques, la confidentialité des données, le marketing et la publicité (planification des médias), en mettant l'accent sur les connaissances fondées sur les données et le marketing intégré. Chez BigID, Verrion est le directeur de la stratégie et du développement de contenu, qui aide à élever le contenu à travers tous les piliers, les régions et les acheteurs, en créant systématiquement un contenu convaincant sur plusieurs supports - y compris la vidéo, les articles, les listes de contrôle, les livres blancs et les guides.