瑞士:金融部门评估计划网络风险监管技术说明
AI智能总结
SWITZERLAND FINANCIAL SECTOR ASSESSMENT PROGRAM November2025 TECHNICAL NOTE ONCYBER RISK SUPERVISION This paperonSwitzerlandwas prepared by a staff team of the International MonetaryFund as background documentation for the periodic consultation with the member Copies of this report are available to the public from International Monetary Fund•Publication ServicesPO Box 92780•Washington, D.C. 20090Telephone: (202) 623-7430•Fax: (202) 623-7201E-mail:publications@imf.org Web:http://www.imf.org International Monetary Fund SWITZERLAND FINANCIAL SECTOR ASSESSMENT PROGRAM October 24, 2025 TECHNICAL NOTE CYBER RISK SUPERVISION This Technical Note was prepared by IMF staff in thecontext of the Financial Sector Assessment Programin Switzerland. It contains technical analysis anddetailed information underpinning the FSAP’sfindings and recommendations. Further information PreparedByMonetary and Capital MarketsDepartment SWITZERLAND CONTENTS Glossary __________________________________________________________________________________________4 EXECUTIVE SUMMARY __________________________________________________________________________5 LEGAL AND REGULATORY FRAMEWORK ______________________________________________________9 A. Legal Framework_______________________________________________________________________________9B. National Cyber Strategy_______________________________________________________________________12C. Critical Information Infrastructure Protection _________________________________________________13D. Scope and Applicability of Regulation ________________________________________________________14 INSTITUTIONAL ELEMENTS____________________________________________________________________19 A. Institutional Arrangements____________________________________________________________________20B. Computer Emergency Response Teams _______________________________________________________21C. Coordination Across Authorities ______________________________________________________________22 SUPERVISORY ARRANGEMENTS ______________________________________________________________24 A. Supervisory Priorities _________________________________________________________________________24B. Supervisory Processes_________________________________________________________________________25C. Incident Reporting Arrangements_____________________________________________________________29D. Supervisory Resources ________________________________________________________________________31 FINANCIAL SECTOR RESILIENCE_______________________________________________________________32 A. Information Sharing Arrangements ___________________________________________________________32B. Cyber Exercises and Testing___________________________________________________________________33C. Systemic Analysis and Concentration Risk ____________________________________________________34 SELECTED CYBER SECURITY CONSIDERATIONS AT SNB AND FINMA _______________________34A. Swiss National Bank___________________________________________________________________________34B. FINMA ________________________________________________________________________________________35 FIGURES 1. FINMA’s Scope of Supervision _________________________________________________________________92. National Cyber Strategy_______________________________________________________________________123. Cyber Incidents Reported to NCSC (2019–2023) ______________________________________________224. SNB’s Organization Structure Supporting Cyber Risk _________________________________________35 TABLES1. Key Recommendations_________________________________________________________________________6 2. Comparison of Cyber Security Index—Select Countries _______________________________________193. Trend of Cyber Risk in the Financial Sector____________________________________________________244. FINMA Onsite Examination Activity and External Auditors’ Regulatory Audits on ICT and CyberRisks _____________________________________________________________________________________________27 Glossary BCBSBCMBISCCPCERTCIOCISOCPMICROECSDCTPDDPSDORAFADPFDFFDPAFDPICFIFINMAFINMASAFMIFSBFS-ISACGovCERTICTIMFBasel Committee on Banking SupervisionBusiness Continuity ManagementBank for International SettlementsCentral CounterpartyComputer Emergency Response TeamChief Information OfficerChief Information Security OfficerCommittee on Payments and Market InfrastructureCyber Risk Oversight ExpectationsCentral Securities DepositoryCritical Third PartyFederal Department of Defense, Civil Protection and SportDigital Operational Resilience ActFederal Act on Data ProtectionFederal Department of FinanceFederal Data Protection AgencyFederal Data Protection and Information CommissionerFinancial InstitutionSwiss Financial Market Supervisory AuthorityFinancial Market Supervision ActFinancial Market InfrastructureFinancial Stability BoardFinancial Services Information Sharing and Analysis CenterGovernment Com
