For our Swiss clients, we ensure full compliance with all applicable Swiss regulatory and legal requirements. In particular, we adhere to FINMA Circular 2018/3, which sets out the supervisory expectations for outsourcing arrangements in the financial sector.

The circular defines the principles and documentation standards financial institutions must follow when outsourcing significant functions, including governance, risk management, data protection, access, audit rights, and subcontracting.

This document outlines how Unique AI manages outsourcing relationships and ensures transparency, control, and compliance with FINMA’s regulatory requirements for its Swiss operations.

Purpose

• FINMA = Financial Market Supervisory Authority / Finanzmarktaufsicht

• What? Unique is not regulated or controlled by FINMA but our clients are.

• Why? We want to show that we adhere to the highest Compliance and IT security standards that are also required by FINMA.

Background

The top-performing banks and insurances leverage outsourcing to their advantage while effectively mitigating associated risks. However, not all banks have mastered risk management in outsourced operations. Consequently, FINMA's updated circular 2018/3 imposes minimum risk management standards for outsourced activities, extending to Swiss-based insurance companies and foreign insurance branches for the first time.

Adherence to FINMA Outsourcing Circular 2018/3

Unique AI supports Swiss regulated clients by aligning our outsourcing governance to FINMA Circular 2018/03. Our controls are described and audited in the FINMA Outsourcing Assurance Report (Reporting Year 2025) and are designed to meet the circular’s eight requirement areas.

• Inventory of outsourced functions (A)

  • We maintain a current inventory for significant outsourced functions, including description, provider and any sub‑processors, service recipient, and responsible unit.

• Selection, instruction, and monitoring of the service provider (B)

  • Pre‑contract risk analysis and documented service requirements; periodic reassessment on change.

  • Responsibilities and rights of instruction/control are contractually defined; outsourced functions integrated into ICS; risks identified/monitored; designated unit (CISO/legal) oversees providers.

• Outsourcing within a group or conglomerate (C)

  • Not applicable to Unique (banks/insurers must assess at group level).

• Responsibility (D)

  • Not applicable to Unique as FINMA supervises the outsourcing institutions; responsibility remains with the client.

• Security (E)

  • Security requirements are contractually agreed and monitored.

  • Security framework ensures continuation of outsourced functions.

• Audit and supervision (F)

  • Audit/inspection rights for clients, their auditors, and FINMA; contractual obligations for non‑FINMA providers to furnish information; delegation mechanics supported if used.

• Outsourcing abroad (G)

  • By default, no outsourcing abroad and no remote access (CID) for single‑tenant Swiss deployments; cross‑border only by contractual approval with enforceable audit rights and Swiss information access.

• Agreement (H)

  • Written agreements include: rights of instruction/control; security requirements and monitoring; full audit rights; FINMA information rights; enforceability abroad; restructuring/resolution access; sub‑processing only by prior approval with obligation flow‑down; internal approval procedures defined.

Report

The report can be provided upon request once a valid NDA is in place.