In the Media release on December 6, 2016, FINMA published its draft for a totally revised RS 17/xx “Outsourcing – Banks and Insurers”. The consultation period lasts until January 31, 2017, and entry into force is scheduled for July 1, 2017.
The data protection provisions in marginals 31 – 33, marginals 36 and marginals 37 – 39 of the RS 2008/7 “Outsourcing Banks were deleted. The Explanatory report on the revised RS points out that the handling of personal data is already comprehensively regulated by data protection legislation.
In order to avoid duplications and possible divergences with the developments in data protection law and at the same time to ensure a clear demarcation between supervisory requirements of financial market supervision and the obligations under private law pursuant to the Data Protection Act, the previous statements in FINMA-Circ. 08/07 with reference to data protection (…) will be deleted.
According to para. 37 of the revised RS, FINMA must also be informed in advance of any outsourcing of bulk client identifying data abroad.
The explanatory report further emphasizes that the guarantee of the inspection rights of bank and insurance customers must also be maintained with regard to outsourced data.