We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
01 December 2006
A new Swiss Federal Banking Commission circular, entitled "Supervision and Internal Control", will enter into force on January 1 2007. It replaces Circular 95/1, "Internal Audits" and the Swiss Bankers Association Guidelines on Internal Control.
The circular reflects the growing trend towards enhanced corporate governance in all major industries. It provides a comprehensive but flexible set of rules that will apply to various finance and banking entities in Switzerland. In particular, the circular contains provisions relating to:
The addressees of the circular will benefit from a transitional period to comply with all such provisions.
Although at first glance the circular may appear quite strict, it leaves its addressees some flexibility. It takes into account the fact that the size and risk profile of the various entities subject to the circular vary and leaves room for them to tailor the manner in which they implement the various corporate governance requirements. The circular also provides that an entity may decide not to apply certain requirements as long as that entity is able to explain its reasons ('comply or explain' clause).
This update provides an overview of some of the circular's general requirements.
The circular applies to Swiss banks, securities dealers, financial groups and financial conglomerates dominated by banks or securities dealers (this update refers to all such entities as 'banks').
The circular has limited application to:
In addition, the circular does not apply to enterprises that are inactive in the financial sector but are owned by financial groups or financial conglomerates.
The board of directors is responsible for regulating, setting up, maintaining and supervising appropriate internal control. In particular, the board has to ensure that all employees are aware of and understand their tasks within the internal control system. The board may set up committees in order to help it supervise internal control.
Directors have to organize their personal and professional environment to avoid any conflict of interest. Furthermore, one-third of the members of the board must be independent directors. According to the circular, a director is deemed to be independent provided that he or she:
The board must set up an audit committee as soon as one of the following criteria is fulfilled:
The requirements regarding the independence of the members of the audit committee are the same as those for the members of the board of directors.
The tasks of the audit committee are:
Each bank has to set up an internal audit that is directly accountable to the board of directors or to one of the board's committees.
The internal audit has to be granted unlimited access to all books, documents, minutes and other data systems. Its activity must be based on the Standards for Professional Practice issued by the Institute of Internal Auditors.
The internal audit plays a key role in the decision-making process, allowing the relevant bodies to assess whether the bank benefits from an internal supervision system that is in line with its risk profile. At least once a year, the internal audit has to make a global assessment of all the risks encountered by the bank and, based on such assessment, set out the audit's goals for the next audit period. Furthermore, the internal audit has to ensure that any bank activities that may imply risks are duly audited, either by the internal audit or by external auditors.
The internal audit has to inform the board or the competent committee and the management in writing of its risk assessment and audit goals. This assessment has to be approved by the board or the competent committee.
At least once a year the internal audit has to provide a written report setting out the results of its audits and its main activities for the benefit of the board (or the competent committee), the management and the external auditors. At least once every six months the internal audit has to inform the board or the competent committee about the solutions adopted in relation to any deficiency, together with the implementation status of any recommendations from the internal audit and from the external auditors.
The management has to implement the board's instructions regarding the setting-up, maintenance and monitoring of internal supervision. The management should set up procedures to identify, assess, analyze and control the risks and has to put in place a structure that clearly defines the responsibilities, competences, accountability and information streams of the relevant persons and bodies.
The management is accountable to the board with regard to the efficiency of internal control and has to inform the board and the internal audit immediately of any serious issue.
One of the main duties of the management is the setting-up of internal systems and procedures to ensure that the bank complies with legal and internal regulations, together with any applicable code of ethics in the relevant market. Each bank has to set up a compliance function headed by a member of the management. Provided there are no conflicts of interest, the compliance function may be organized as a part of a department together with other internal functions such as legal and risk control. One of the tasks of the compliance department is to provide reports to the relevant bodies. In particular, the compliance department provides the board, the internal audit and the external auditors with an annual report on the compliance risk assessment and the compliance department's activity.
Each bank also has to put in place a risk control function headed by a member of the management. The risk control function must be granted unlimited access to any relevant information. One of its main tasks is to set out risk supervision systems and to adapt such systems to new developments and products of the bank. The risk control function also supervises the risk profile chosen by the relevant bank. The risk control function must provide the management with a report at least once every six months. In addition, at least once a year it must provide the board, the internal audit and the external auditors with a written report on the risks encountered by the bank and on its activity.
The circular will come into effect on January 1 2007. However, from that date banks will benefit from a transitional period ending on January 1 2008 to implement the circular's requirements, with the exception of the requirements relating to the independence of members of the board and the audit committee, for which banks will benefit from an extended transitional period ending on January 1 2009.
For further information on this topic please contact Emmanuel Genequand or Olivier Blanc at Pestalozzi Lachenal Patry by telephone (+41 22 737 1000) or by fax (+41 22 737 1001) or by email (firstname.lastname@example.org or email@example.com).
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.