ISMS Copilot for Swiss fintech
Work through FINMA Circular 2023/01 operational resilience and the revised FADP from one place.
Why Swiss financial firms choose ISMS Copilot
- Work through FINMA Circular 2023/01 by its 114 margin numbers, not generic checklists
- Apply proportionality and small-bank-regime exemptions to scope the right margin numbers
- Distinguish critical functions, processes, data and services for resilience mapping
- Navigate the three parallel ICT / cyber / critical-data incident-notification regimes
- Align processing records and breach notification with the revised FADP (SR 235.1)
- Reference the Swiss ICT minimum standard as a structuring backbone for controls
Built around the Swiss financial stack
FINMA RS 23/1 margin-number navigation across operational risk and resilience
Critical-function and dependency mapping under the circular's Chapter V
BCM structuring: BIA, BCP, DRP and crisis management under Chapter IV.E
Revised FADP guidance: Art. 22 DPIA triggers, Arts. 16-17 cross-border transfers, Art. 24 FDPIC breach notification
ICT minimum standard cross-reference for control coverage
Transitional-deadline tracking for operational resilience obligations (margin no. 113)
FINMA 23/01 operational risk for Swiss finance
Swiss financial compliance is shaped by operational resilience, not just security hygiene. FINMA Circular 2023/01 (FINMA-RS 23/1, dated 7 December 2022, in force 1 January 2024) sets FINMA's supervisory practice on managing operational risks and ensuring operational resilience for banks, FinTech-licensed entities, securities dealers and financial groups, replacing Circular 08/21 and incorporating the BCBS operational-resilience principles by reference. It runs on 114 margin numbers: you identify critical functions, set a tolerance for disruption, map internal and external dependencies, and run three parallel incident-notification regimes. On top sits the revised FADP, which enforces through criminal fines of up to CHF 250,000 on natural persons rather than corporate administrative fines. ISMS Copilot works through the circular by margin number and keeps the FADP obligations aligned.
Explore the FINMA RS 23/1 Copilot →Serving EU clients? Free DORA scope check
Switzerland is outside the EU and DORA does not directly bind FINMA-supervised entities, but the regime can still reach a Swiss firm via two distinct paths: acting as an ICT third-party provider to in-scope EU financial entities pulls you into DORA's third-party regime; running an in-scope EU financial branch pulls that branch directly into DORA's financial-entity regime. The free DORA Applicability Checker walks the Regulation 2022/2554 scope test as a structured first pass; a starting point for evaluating either EU touchpoint alongside the FINMA Circular work above, not a final legal determination.
Open the free DORA Applicability Checker →Frequently Asked Questions
What is FINMA Circular 2023/01?
FINMA Circular 2023/01 (FINMA-RS 23/1, dated 7 December 2022, in force 1 January 2024) sets out FINMA's supervisory practice on managing operational risks and ensuring operational resilience for Swiss banks, FinTech-licensed entities, securities dealers and financial groups. It replaces Circular 08/21. ISMS Copilot helps you interpret it by its 114 margin numbers and apply proportionality exemptions to your FINMA category.
How does the revised FADP differ from the GDPR for our fintech?
Unlike the GDPR's administrative fines on undertakings, the revised FADP (SR 235.1, in force 1 September 2023) enforces through criminal fines of up to CHF 250,000 on natural persons for wilful violations, prosecuted by cantonal authorities. ISMS Copilot helps you align DPIA, processing-record and FDPIC breach-notification duties accordingly.
Does ISMS Copilot replace legal or regulatory advice for FINMA matters?
No. ISMS Copilot supports your analysis of FINMA Circular 2023/01, the revised FADP and the ICT minimum standard and helps your team work through compliance tasks with the relevant text at hand. It does not file with FINMA, does not issue certifications, and does not replace legal advice.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.