Our updated Regulatory Risk Management Risk Radar analyzes the most pressing regulatory risks that FIs need to consider in 2024. In this year’s edition, we examined how these risks impact business decision-making. We also examine recent and upcoming developments, and how they continue to shape the roles and responsibilities of FIs related to regulatory risk management.

On 1 January 2022, Switzerland introduced due diligence and reporting requirements to address risks in the supply chains of Switzerland-based businesses related to child labor and so-called conflict minerals. On 24 May 2024, the European Council adopted the EU Corporate Sustainability Due Diligence Directive (CS3D), which imposes EU-level due diligence requirements in the value chain (i.e., upstream and downstream), on top of existing regulations in this area at the EU member state level.
In this update, we provide an overview of the evolving regulatory landscape of supply chain due diligence requirements in Switzerland and the EU, as well as their practical implications, and we suggest action items for Swiss businesses with respect to supply chain governance and compliance programs. In doing so, we refer to further materials prepared by our environmental, social and governance (ESG) team across our EU offices.

Having not secured a deferred prosecution agreement in respect of U.K. Bribery Act offences since 2021 and having been rocked by a series of shortcomings regarding its investigation and prosecution of cases, the SFO has arguably been at its lowest ebb.

When reports come in through whistleblowing channels or concerns about employee conduct otherwise arise, a recurring issue has been whether internal investigations must consider the principles of criminal procedural law. In a recent decision, the Federal Supreme Court held that this was not the case and confirmed a reasonable balance between the obligations of employers and the rights of employees provided for by Swiss law.

The Federal Information Security Act (ISA), which only entered into force on 1 January 2024, is already being amended with an obligation to report cyberattacks for operators of critical infrastructures. On 18 January 2024, the deadline expired for challenging the amendment by way of a public referendum. This means that the amended version will become law, with the new obligation to report cyberattacks expected to come into force in 2025, although an exact date has not yet been set.

As another year of uncertainty and disruption draws to a close, our Baker McKenzie Financial Institutions lawyers look ahead at the potential disruptors impacting the industry in 2024, all against a background of economic and geopolitical risk.
Our report, 2024: What’s on the Radar for Financial Institutions?, gives an overview of the challenges facing the sector, drawing on our three risk radars, one for each of the forces that are transforming the financial sector.

The European Whistleblowing Directive (WBD) was supposed to be implemented by the European Union’s 27 member states by no later than 17th December 2021, impacting employers with operations in those jurisdictions.
This article looks at what those key challenges are and the unique support we can offer in helping global employers harmonize their global approach to managing whistleblowing reports within the prescriptive requirements of the WBD.

The current global sanctions environment — the new normal for Swiss companies: This was the topic of a Russia-focused seminar with members of Baker McKenzie’s global sanctions and investigations team, on 7 February 2023.

In this update, we set out the extent to which new Swiss ESG reporting, disclosure and due diligence requirements apply to Swiss companies and foreign companies operating in Switzerland. We also provide further details about the due diligence requirements in relation to conflict minerals and child labor, and give an overview of developments outside of Switzerland that are relevant for Swiss companies doing business abroad, including the recently proposed EU Directive on Corporate Sustainability Due Diligence and the German Supply Chain Act. Finally, we share some of the key points senior leadership should consider as extended ESG reporting and due diligence obligations take shape in Switzerland and abroad.

Baker McKenzie partnered with Risk.net in its annual ranking of the top operational risks for 2022. The report is based on interviews and in-depth discussions with 100 chief risk officers, heads of operational risk and senior practitioners at financial institutions, including banks, insurers, asset managers and infrastructure providers.