Ordinance
on Financial Institutions
(Financial Institutions Ordinance, FinIO)

(Art. 9 and 21 Fin­IA)

¹Port­fo­lio man­agers and trust­ees shall set out guidelines for the ba­sic prin­ciples of risk man­age­ment and define their risk tol­er­ance.

²Risk man­age­ment and in­tern­al con­trol are not re­quired to be in­de­pend­ent of rev­en­ue-based activ­it­ies if the port­fo­lio man­ager or trust­ee:

a.

is a com­pany which has five or few­er full-time po­s­i­tions or an­nu­al gross earn­ings of less than CHF 2 mil­lion; and

b.

ad­heres to a non-high-risk busi­ness mod­el.

³The thresholds in ac­cord­ance with para­graph 2 let­ter a must be achieved in two of three past busi­ness years or be provided for in the busi­ness plan­ning.

⁴If the port­fo­lio man­ager or trust­ee has a body re­spons­ible for gov­ernance, su­per­vi­sion and con­trol in ac­cord­ance with Art­icle 23 para­graph 3 and gen­er­ates an­nu­al gross earn­ings of more than CHF 10 mil­lion, FINMA may also re­quire that in­tern­al aud­it­ors who are in­de­pend­ent of man­age­ment be ap­poin­ted where the nature and scope of activ­ity so dic­tate.