Reading time: ~ 3 min.
The ICT GRC requirements in financial services industry in Switzerland and Italy
If we take a closer look to the Italian and Swiss financial services industry, we can easily note that Bank of Italy (with its 285 Circular letter) and FINMA (with its 21/2008 Guidance, at the moment under reform) set the GRC requirements of the ICT systems of the banking and financial services companies.
How can we setup a hassle-free compliance according to the GRC requirements set by the two supervisory authorities? What kind of approach can help us to make sure to be compliant with all the rules?
The answer is an integrated management of Bankitalia and FINMA requirements applicable to ICT services in the financial and banking industries according to the GRC approach and ISO standards. Check it out our advice on the paragraph below.
The integrated management of ICT GRC requirements in Italy and Switzerland
The proposal of adopting a common GRC approach (Governance, Risk Management and Compliance) is the key to support in the best way the integrated management of the (complex) requirements set on the two different countries by their own authorities.
If you take a look at our infographic, you can figure out how the two jurisdictions have a set of rules on ICT systems of the companies on the banking and financial services industry:
- corporate governance;
- quality requirements;
- IT infrastructure;
- business continuity;
- data protection.
The GRC of ICT requirements on financial services industries according to the relevant ISO guidelines
- ISO 38500 for the ICT Governance;
- ISO 31000 for the Risk Management;
- ISO 37301 for the Compliance Management.
You can probably be wondering about which are the benefits on adopting this GRC approach strategy for your organization.
You should keep in mind, for example, that the both of the jurisdictions set compliance requirements on information security: you could easily manage them according to the ISO 27001 standard, without the need to set up two different models.
Another interesting solution to to be compliant with the IT services management requirements - another common point between Italy and Switzerland financial industry guidance set by the authorities - is to implement the ISO 20000-1 standard.
The last example that can help us to figure out how to make sure to be compliant with business continuity requirements set by Bank of Italy and FINMA is to adopt the ISO 22301 standard.