Dr. Robert Furter Guy-Philippe Rubeli March 22 2000 Banking Commission Acts to Protect Client Data MLL Meyerlustenberger Lachenal Froriep Ltd | Banking & Financial Services - Switzerland Dr. Robert Furter, Guy-Philippe Rubeli Banking & Financial Services The Swiss Federal Banking Commission's (SFBC) Circular 99/2 about outsourcing came into effect on November 1 1999. Banks and securities dealers are given a two-year transitional period to comply with its provisions, which deal with the outsourcing of banking activity and the requirements of Swiss banking secrecy and data protection rules. The new regulation focuses on the outsourcing of information technology (including the treatment of electronic data abroad), administration and accounting. It aims to protect client privacy while allowing the SFBC to supervise the activities of banks and securities dealers.Banks and securities dealers no longer need to obtain SFBC approval prior to outsourcing any business activity, provided all conditions of Circular 99/2 are met. Outsourcing data abroad is only permissible if reciprocity is granted and if the service provider is effectively supervised. Proof of reciprocity, such as a legal opinion or confirmation from a foreign supervision authority, must be submitted to the bank's external auditors. Also, while clients must be informed of the outsourcing of their data, their written consent is not required. The circular provides concessionary measures for outsourcing data under certain circumstances. Concessions take effect when: the Swiss branch of a foreign bank delegates (i) to the head office (or vice versa) or (ii) to another branch of the same bank located in Switzerland or abroad; the outsourcing of data is arranged with service providers within a group or a central organization or enterprise; or the outsourcing of data is arranged with service providers organized in accordance with Swiss law. These service providers must be held jointly by a group of enterprises with the purpose of providing services for the group of enterprises.Intra-group outsourcing requires two conditions to be met. First, service providers must submit the delegated activities to an SFBC-authorized audit company. Second, service providers not subject to SFBC supervision must agree in writing to provide all information and documents as required by the SFBC, the Swiss entity and its internal and external auditors. For further information on this topic please contact Thomas Keller or Guy-Philippe Rubeli at Pestalozzi Gmuer Patry's Geneva office by telephone(+41 22 80 94 500) or by fax (+41 22 80 94 501) or by e-mail ([email protected] or [email protected]). Alternatively, contact Robert Furter at Pestalozzi Gmuer Patry's Zurich office by telephone (+41 1 217 91 11) or by fax (+41 1 217 92 17) or by e-mail ([email protected]).The materials contained on this web site are for general information purposes only and are subject to the disclaimer.