FINMA RS 23/1 Copilot
Navigate operational risk and resilience requirements under FINMA Circular 2023/1
Lo que el FINMA RS 23/1 Copilot puede hacer
Understand the distinction between critical functions, processes, data, and services (margin nos. 7–17)
Identify which margin numbers apply given your FINMA category and proportionality exemptions (margin nos. 19–21)
Map internal and external dependencies supporting critical functions under Chapter V
Navigate the three parallel incident-notification regimes for ICT, cyber, and critical-data events (margin nos. 60, 68, 81)
Track transitional deadlines for operational resilience obligations under margin no. 113
Draft a structured overview of BCM requirements — BIA, BCP, DRP, and crisis management — under Chapter IV.E
About FINMA RS 23/1 Copilot
FINMA Circular 2023/1 sets out FINMA's supervisory practice on managing operational risks and ensuring operational resilience for Swiss banks, securities dealers, and financial groups. The Copilot helps you work through its requirements — from ICT and cyber risk management to critical-function identification and disruption tolerance — against the structure of the circular's 114 margin numbers.
Para quién está pensado
Preguntas frecuentes
What is FINMA Circular 2023/1?
FINMA Circular 2023/1 "Operational risks and resilience – banks" (FINMA-RS 23/1, dated 7 December 2022, in force 1 January 2024) sets out FINMA's supervisory practice on managing operational risks and ensuring operational resilience for Swiss banks, FinTech-licensed entities under BA Art. 1b, securities dealers under FinIA Art. 2 para. 1 let. e and Art. 41, and financial groups and conglomerates under BA Art. 3c and FinIA Art. 49. It replaces FINMA Circular 08/21 and incorporates the BCBS Principles for Operational Resilience and the Principles for the Sound Management of Operational Risk (both 31 March 2021) by reference.
How does the FINMA RS 23/1 Copilot help?
The Copilot helps you interpret the circular's requirements by margin number, understand how proportionality exemptions apply to your institution's FINMA category or small-bank regime status (CAO Arts. 47a–47e), and work through topics such as ICT risk governance, cyber risk management, critical-data controls, business continuity management, and operational resilience — grounded in the circular's structure rather than generic compliance guidance.
How does operational resilience differ from business continuity management under the circular?
The circular defines operational resilience (margin no. 18) as an institution's ability to restore critical functions within the tolerance for disruption in the event of a disruption, while business continuity management (Chapter IV.E, margin nos. 83–96) is one component that feeds into resilience alongside ICT, cyber, critical-data, and cross-border risk management. Operational resilience requirements — including identification of critical functions and mapping of dependencies — are governed separately under Chapter V (margin nos. 101–111).
¿Listo para optimizar su trabajo de cumplimiento?
Diseñado para velocidad, precisión y resultados listos para auditoría.