FINMA sets digital-fraud risk expectations for banks
Swiss banks must bring digital-fraud risks into operational-risk and AML controls
- — Senior management at banks and persons under Article 1b of the Banking Act must document a digital-fraud risk-management framework covering all business activities — failure leaves the firm outside FINMA’s stated supervisory expectations.
- — Operational-risk teams must include online client onboarding and unauthorised account-access scenarios in digital-fraud risk assessments — failure leaves key digital-channel attack vectors outside the firm’s control framework.
- — AML and compliance teams must update monitoring controls to detect bank accounts used to launder proceeds of digital fraud — failure leaves fraud-proceeds laundering risk insufficiently covered under FINMA’s guidance.
- — Digital-banking product and technology teams must align onboarding, authentication and account-access controls with the firm’s digital-fraud risk framework — failure creates control gaps between digital growth and supervisory risk expectations.
- — Senior management at banks and persons under Article 1b of the Banking Act
- — Operational-risk teams at banks
- — AML and compliance teams at banks
- — Digital-banking product and technology teams
- — FINMA follow-up supervision on whether banks have implemented digital-fraud risk frameworks across online onboarding, account access and AML monitoring.
- — Further FINMA guidance or enforcement involving digital fraud, operational risk or laundering of fraud proceeds through bank accounts.