The integrated ICT GRC in Swiss and Italian financial services industry

19 Oct 2022 09:24 AM By Davide Micheli

Reading time: ~ 3 min.

The ICT GRC requirements in financial services industry in Switzerland and Italy

If we take a closer look to the Italian and Swiss financial services industry, we can easily note that Bank of Italy (with its 285 Circular letter) and FINMA (with its 21/2008 Guidance, at the moment under reform) set the GRC requirements of the ICT systems of the banking and financial services companies.

How can we setup a hassle-free compliance according to the GRC requirements set by the two supervisory authorities? What kind of approach can help us to make sure to be compliant with all the rules?

The answer is an integrated management of Bankitalia and FINMA requirements applicable to ICT services in the financial and banking industries according to the GRC approach and ISO standards. Check it out our advice on the paragraph below.

The integrated management of ICT GRC requirements in Italy and Switzerland

The proposal of adopting a common GRC approach (Governance, Risk Management and Compliance) is the key to support in the best way the integrated management of the (complex) requirements set on the two different countries by their own authorities.

If you take a look at our infographic, you can figure out how the two jurisdictions have a set of rules on ICT systems of the companies on the banking and financial services industry:

  • corporate governance;
  • quality requirements;
  • IT infrastructure;
  • business continuity;
  • data protection.
by Andrea Leonardi (VP of Minerva Group Service, MP of Alpemi Consulting & itSMF Swizerland board member).

The GRC of ICT requirements on financial services industries according to the relevant ISO guidelines

The common GRC approach for managing the requirements applicable on ICT systems of financial and banking services can usefully refer to the guidelines of the relevant ISO standards for this industry.

We can take advantage in particular of these ISO standards:
  • ISO 38500 for the ICT Governance;
  • ISO 31000 for the Risk Management;
  • ISO 37301 for the Compliance Management.

You can probably be wondering about which are the benefits on adopting this GRC approach strategy for your organization.

You should keep in mind, for example, that the both of the jurisdictions set compliance requirements on information security: you could easily manage them according to the ISO 27001 standard, without the need to set up two different models.

Another interesting solution to to be compliant with the IT services management requirements - another common point between Italy and Switzerland financial industry guidance set by the authorities - is to implement the ISO 20000-1 standard.

The last example that can help us to figure out how to make sure to be compliant with business continuity requirements set by Bank of Italy and FINMA is to adopt the ISO 22301 standard.

The integrated GRC management approach: the benefits for data protection and digital innovation

If you have taken a closer look at our infographic, you should notice that there is a focus on data protection requirements set by the two different jurisdictions.

Please remember that GDPR entered into force in 2016 (application since 2018). In Switzerland, the new FADP - this act has some differences and similarities with the European General Data Protection Regulation - will enter into force in September 2023.

Also in this case, the adoption of a common GRC approach allows us to support an integrated management solution to provide the required data protection standards set by the GDPR (in the EU context Italy belongs to) and the FADP - known also as LPD and DSG - in Switzerland.

Finally our GRC approach strategy can be the best way to support the systematic management of digital innovation implementing the ISO 56002 standard, the best choice to fix a common a relevant issue in the fintech industry.

We will come back for sure to this topic in the next posts. If you don't want to miss our latest updates, subscribe to our newsletter or follow us on our social media channels.

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

Davide Micheli