Guide to Financial Services Regulations & Guidelines in Switzerland

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR Gold Certification, PCI DSS, and NIST cyber security framework (CSF) for the card payments

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), SOC 2.

Learn more from Compliance Certificates in the Compliance Center.

The Swiss Financial Market Supervisory Authority (FINMA) is responsible for ensuring the effective functioning of the Swiss financial market.

The Swiss Bankers Association (SBA) is the world's largest banking industry association. Its members include Swiss banks, audit institutions, and securities firms, and have a significant influence in Switzerland and the international financial community.

To standardize the application of information technology in the financial industry, FINMA and SBA have released a series of regulatory requirements and guidelines on cyber security and information technology risk management for Swiss financial institutions. The main regulatory requirements and guidelines are as follows:

· Circular No. 2018/3: This circular specifies the requirements that banks, securities firms, and insurance companies must comply with when outsourcing important functions.

· Circular No. 2023/1: This circular revised Circular No. 2008/21, improved regulatory practices related to operational risk management, and added the operational flexibility requirement.

· Cloud Guidelines: This guide identifies key fields that must be considered when related organizations provide banking and financial services through cloud technologies. The key fields include governance, data and data security, permissions and procedures, and audit of cloud services and technologies used during the service. Recommendations are made in the guide on how to manage these fields. These recommendations are not legally enforceable. Banks can apply the guidelines in best practices, taking into account their sizes and the complexity of their business models.

· Guidance No. 05/2020: This guide poses requirements for all institutions regulated by FINMA to report to regulators in the event of cyberattacks with significant impacts, and specifies details for fulfilling reporting obligations.

Huawei Cloud User Guide to Financial Services Regulations & Guidelines in Switzerland describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in Switzerland.