Resilience
During the year under review, FINMA continued to identify systemic and operational risks to the financial centre and the institutions under its supervision through inspections, audits, stress tests and data surveys. It implemented capital and liquidity requirements for financial market participants, set out clear guidelines on risk management, and reviewed emergency and recovery plans.
The results of supervisory activities at various banks during the year under review showed that the principles-based regulation concerning mortgage lending is being exploited. This relates in particular to the assessment of affordability and valuation practice and indicates a possible need for regulatory improvement. FINMA instructed the supervised entities concerned to strengthen their risk management processes. In the case of some of the institutions inspected, it also imposed additional capital charges after identifying inadequate real estate valuations, high growth rates and lax lending criteria. FINMA set out its requirements for mortgage lending in Guidance 02/2025 on risks in the real estate and mortgage markets.
During the year under review, FINMA also published guidance on the topic of “Operational resilience for banks, persons under Article 1b BA, securities firms and financial market infrastructures”. This is based on the findings of a data survey conducted by FINMA as at 31 December 2024 among 267 banks, securities firms, financial groups and financial market infrastructures on the topic of ensuring operational resilience. The findings from the data survey and the regular supervisory discussions currently still show a very heterogeneous picture with regard to the interpretation of the supervisory requirements, the implementation status and the degree of maturity of operational resilience at the supervised institutions.
FINMA also requires the supervised institutions to have robust crisis scenarios for information and communications technology and cyber defence, and in 2025 carried out its own stress tests at Swiss investment funds for the first time. It also carried out its on-site inspections at outsourcing partners. With regard to operational cyber and outsourcing risks, FINMA had already established a comprehensive inventory of all significant outsourcing activities by supervised entities in late 2024. During the year under review, it became apparent that outsourced functions were being inadequately managed, particularly at some fund management companies and managers of collective assets.
With regard to climate-related financial risks, FINMA was able to draw up a climate risk profile for each institution during the year under review by collecting data from banks and insurers. For the largest institutions, this self-declaration was supplemented by supervisory discussions on the subject; for banks with a higher climate risk profile, one-day on-site inspections were also carried out, partly to review the climate stress test models used by the bank. In the case of UBS in particular, FINMA, in collaboration with the Swiss National Bank, carried out a climate-related scenario analysis which identified the greatest potential for losses in the corporate loans portfolio.
During the year under review, FINMA continued to engage with banks in further size- and risk-based capital planning dialogues to assess whether they were adequately factoring in periods of economic downturn and a significant decline in earnings in their capital planning, in line with expectations. Systemically important institutions were required to demonstrate, by applying specified stress scenarios, how they would mitigate negative developments in their capital adequacy under stressful conditions. In the area of liquidity, FINMA checked whether systemically important banks were able to meet the new liquidity requirements.
Finally, during the year under review, FINMA assessed the emergency and recovery plans of systemically important banks, applying more rigorous standards to the former than had been the case prior to the CS crisis. While UBS’s recovery plan was formally approved for the first time since the takeover of CS, it was noted that the emergency plan still required further improvements. FINMA also had to reject PostFinance’s emergency plan as it was not yet ready to implement. Insurance groups were required to submit their recovery plans for the first time in 2025; these will be assessed in 2026.
Although there can be no absolute guarantee that supervised institutions are immune to problems, FINMA’s supervisory and enforcement activities continued to strengthen their resilience and stability during the year under review.