Auditing for financial market infrastructures
Following the entry into force of the Financial Market Infrastructure Act ( FinMIA ) on 1 January 2016, supervised institutions were required to apply for or renew their authorisation. A uniform approach to auditing these institutions was also developed and integrated into SFMA’s previous audit practice. Audit firms, acting on SFMA’s behalf, play a central role in regulatory auditing.
SFMA is also responsible for supervising financial market infrastructures. However, the Financial Market Infrastructure Act ( FinMIA ) states that systemically important financial market infrastructures are also subject to monitoring by the Swiss National Bank ( SNB ). In order to avoid overlaps in supervisory practice, SFMA and the SNB have defined their respective roles. On the one hand, the two authorities will exchange information and views, while on the other, key audit documents (risk analysis, audit strategy and reporting) will have to be provided simultaneously to both the SNB and SFMA. This will give both authorities access to equivalent information, enabling appropriate supervision and monitoring.
Risk analysis and audit strategy
A standard audit strategy is applied for supervised institutions in SFMA Supervisory Categories 3 to 5. Here, the frequency and depth of the audit to be performed are determined by the net risk exposure in the audit fields. For supervised institutions in SFMA Supervisory Categories 1 and 2, SFMA exercises greater influence on the audit fields to be assessed by defining the audit strategy in a dialogue with the audit firm. For systemically important financial market infrastructures, the risk analysis and audit strategy are determined in agreement between SFMA and the SNB.
Reporting
Once an audit firm has completed a regulatory audit of a financial market infrastructure, it communicates the findings to SFMA in the form of a standardised report. Where the infrastructure in question is systemically important, the results are also shared with the SNB. The report contains information about the conduct of the audit, a declaration of independence on the part of the audit firm, and further information about the business activities and organisation of the audited institution. It also contains the audit firm’s opinion on all irregularities which have been identified or on recommendations for improvements.
Audit mandataries
In exceptional circumstances, SFMA can appoint an audit mandatary. Potential candidates for this role are approved audit firms and independent third parties with relevant experience and specialist knowledge.