AWS Security Blog

2024 FINMA ISAE 3000 Type II attestation report available with 179 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 179 services in scope.

The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial services customers in Switzerland.

An independent third-party audit firm issued the report to assure customers that the AWS control environment is appropriately designed and operating effectively to support adherence with FINMA requirements.

The latest report covers the 12-month period from October 1, 2023 to September 30, 2024, for the following circulars:

  • 2018/03 “Outsourcing – banks, insurance companies and selected financial institutions under FinIA”
  • 2023/01 “Operational risks and resilience – banks”
  • Business Continuity Management (BCM) minimum standards proposed by the Swiss Insurance Association

AWS has added the following 10 services to the current FINMA scope:

Customers can find the FINMA ISAE 3000 report on AWS Artifact. To learn more about the complete list of services in scope, see AWS Compliance Programs and AWS Services in Scope for FINMA.

AWS strives to continuously bring new services into the scope of its compliance programs to help you meet your architectural and regulatory needs. Contact your AWS account team for questions about the FINMA report.

To learn more about our compliance and security programs, see AWS Compliance Programs. As always, we value your feedback and questions; reach out to the AWS Compliance team through the Contact Us page.

If you have feedback about this post, submit comments in the Comments section below.

Tariro Dongo Tariro Dongo
Tari is a Security Assurance Program Manager at AWS, based in London. Tari is responsible for third-party and customer audits, attestations, certifications, and assessments across EMEA. Previously, Tari worked for over 12 years in security assurance and technology risk in the big four and financial services industry.