It’s common knowledge that regulation density in the financial sector is steadily increasing. It therefore comes as no surprise that the regulation governing the outsourcing of particular functions or business areas poses no exception to this rule. With the introduction of the Financial Institutions Act (‘FinIA’) and the corresponding Ordinance (‘FinIO’) at the beginning of 2020, the legislator has transferred the Swiss Financial Market Supervisory Authority’s (‘FINMA’) practice regarding outsourcing into written law. In November of 2020, FINMA expanded the scope of application of its Outsourcing Circular to include selected financial institutions.
Background – FINMA Outsourcing Circular
Originally, the Swiss Federal Banking Commission (‘SFBC’) defined regulatory requirements for the outsourcing of business areas – under the English term ‘outsourcing’ – in its Circular EBK-RS 99/2, which entered into force on 1 November 1999. On 1 January 2009, the newly formed FINMA replaced the SFBC and adapted the SFBC’s original Outsourcing Circular in its Circular 2008/7. The scope of application originally only included banks and securities dealers (now ‘securities firms’ under FinIA). Over time, FINMA expanded the scope of application to also include insurance companies.
While the requirements of Circular 2008/7 did not mandatorily apply to other companies in the financial sector, they were used by many financial institutions and by FINMA to guide their assessment of outsourcing matters. Accordingly, FINMA’s explanatory report Anhörung zu den Ausführungsbestimmungen der FINMA zu FIDLEG und FINIG of 7 February 2020 states that “before FinIA entered into force, the practice for fund management companies and asset managers of collective investment schemes has already been aligned to this Circular”.
Before the introduction of FinIA, outsourcing regulation was codified for fund management companies, SICAV, asset managers of collective investment schemes and representatives of foreign collective investment schemes in the Collective Investment Schemes Act (‘CISA’), but particularly in Article 65 of the Collective Investment Schemes Ordinance (‘CISO’) under the heading ‘delegation of tasks’, and in Article 66 of FINMA’s Ordinance on Collective Investment Schemes (‘CISO-FINMA’). These codifications already observed several of the main ideas of FINMA’s Outsourcing Circular, leading to a pre-existing congruence of the different regulations.
With the entering into force of FinIA, the so-called ‘delegation of tasks’ was explicitly regulated for all financial institutions in Articles 14, 27 and 35 FinIA and in Articles 15-17 and 56 FinIO, with certain special provisions for managers of collective assets and for fund management companies.
After FinIA entered into force on 1 January 2020, FINMA’s Outsourcing Circular was adapted accordingly on 4 November 2020 and its scope of application was expanded to explicitly include fund management companies, SICAV and managers of collective assets under the new FINMA Circular 2018/3. Portfolio managers and trustees who under FinIA are newly required to obtain a FINMA authorisation are explicitly exempt from Circular 2018/3.
Timing – what are the transitional periods?
Contracts entered into by banks and securities firms after the entering into force of the adapted FINMA Circular must adopt all provisions of the Circular immediately. Pre-existing contracts must be adapted to the new provisions within five years.
Managers of collective assets, fund management companies and SICAV who obtain a first-time authorisation must observe the provisions of the Circular immediately. The other institutions have one year to adapt their outsourcing contracts in order to comply with the new provisions of the Circular until November 2021 at the latest. If authorisation for changes is requested from FINMA, the requirements of the Circular must be observed at the time FINMA is notified of the changes.
Imminent need for action
Financial institutions who are newly included in the circle of addressees of the Outsourcing Circular – namely, fund management companies, SICAV and managers of collective assets – should now check their outsourcing contracts and organisational documents to ensure compliance with the regulatory requirements of the Circular. In particular, it should be examined whether the contracts comply with the provisions regarding the inventory of outsourced functions, the ones regarding selection, instruction and monitoring of the service provider, and with the outsourcing requirements in security-relevant IT areas.
PwC will gladly assist you in those matters.