1 What kinds of outsourcing take place in your jurisdiction?
Switzerland has a mature market for services, with outsourcing taking place in various industries and forms, including the outsourcing of IT, business processes, property management, facilities management and general business services. As home to two of the most important global financial centres, Zurich and Geneva, outsourcing in the financial industry is particularly important.
2 Describe the recent history of outsourcing in your jurisdiction. How well established is outsourcing? What is the size of the outsourcing market in your jurisdiction?
There is no official data available on the outsourcing market in Switzerland, neither from the customer nor the provider side. However, according to statistics compiled by Active Sourcing, a Swiss outsourcing advisory firm, from all publicly reported outsourcing transactions in Switzerland, 2012 saw 24 outsourcing transactions over 10 million Swiss francs with a total contract volume of 1.8 billion Swiss francs. This level of activity is expected to have been maintained in 2013.
3 Has the government of your jurisdiction adopted policies to encourage the development of the jurisdiction as an outsourcing centre, either for the domestic market or to provide outsourcing services to foreign customers?
There are no particular policies in place to encourage the development of Switzerland as an outsourcing centre.
4 Are there in your jurisdiction any fiscal or customs incentives, development grants or other government incentives to promote outsourcing operations within your jurisdiction?
There are no fiscal incentives exclusively applicable to outsourcing captives. However, a number of the tax incentives Switzerland offers are highly attractive for outsourcing captives (for more information see question 22).
LEGISLATION AND REGULATION
5 Is outsourcing as a commercial or operational concept specifically recognised and provided for in your legal system? How?
Outsourcing is not a concept expressly provided for by Swiss laws. However, in the financial industry, there are regulations of the supervisory authority (FINMA) specifically dealing with outsourcing (see question 8). Other legislation with particular relevance for outsourcing includes the following statutes:
Federal Act on Data Protection (Data Protection Act, SR 235.1; see questions 8, 14 and 15); Federal Act on Merger, Demerger, Transformation and Transfer of Assets (Merger Act; SR 221.301; see questions 16, 17, 18 and 20); Swiss Code of Obligations (Code of Obligations, SR 220; see questions 16, 17 and 18); Federal Act on Employment Exchange and Personnel Leasing (Personnel Leasing Act, SR 823.11; see question 16); Swiss Criminal Code (Criminal Code; SR 311.0; see question 8); and Federal Act on Public Procurement (Public Procurement Act, SR 172.056.1; see question 8). 6 Is there any legislation or regulation that directly prohibits, restricts or otherwise governs outsourcing, whether in (onshore) or outside (offshore) your jurisdiction?
No, except for certain sector-specific regulation (see question 8).
7 What are the consequences for breach of the laws directly restricting outsourcing?
See question 8.
8 Describe any sector-specific legislation or regulation that applies to outsourcing operations.
Sector-specific legislation applies in several sectors:
Article 47 of the Swiss Federal Act on Banks and Savings Banks (Banking Act, SR 952.0) protects certain information, in particular the financial privacy of banking customers, and is applicable to banks and their employees and agents in Switzerland (including providers of outsourcing services). Such information must not be disclosed, except with the customer's consent in each case, which may be given in (sufficiently detailed and properly agreed) general terms and conditions.
In addition, the Swiss Financial Market Supervisory Authority (FINMA) issued the circular 'Outsourcing Banks' in 2008 (circular 08/7, last revised on 6 December 2012). This circular, based on an earlier circular of 1999 of FINMA's predecessor, the Federal Banking Commission, applies to banks and securities dealers organised under the laws of Switzerland, as well as Swiss branches of foreign banks and securities dealers. This circular sets out certain principles for the outsourcing bank or securities dealer to comply with the requirements of an appropriate organisation, financial privacy and data protection, including these principles:
the outsourcing party must carefully select, instruct and supervise the provider; in a written agreement, the parties must agree on appropriate security measures, in particular to protect customer information, and the provider must commit to safeguarding confidentiality, banking secrecy and the requirements of Swiss data protection law and to allow audits by the outsourcing party, its internal and external auditors and FINMA; affected customers must be informed in advance (eg, in general terms and conditions, provided the planned outsourcing transactions are set out in sufficient detail); and where customer data is transferred abroad, affected customers must be informed in a separate and detailed document and then be allowed to terminate the banking relationship without prejudice and the outsourcing party must submit a legal opinion or a confirmation from the relevant supervisory authority to FINMA confirming that the required audit rights can be enforced. In its recent amendment of the circular 08/21 'Operational risks at banks', last revised on 29 August 2013, FINMA has further clarified the data protection obligations on banks and securities dealers with regard to electronic customer data, and how these apply to outsourcing service providers. In particular,
an independent assessment of privacy protection of potential service providers is required when selecting a provider; the outsourcing party must regularly audit the outsourcing provider's compliance with data protection and security requirements; and the outsourcing party must appoint a person responsible for ensuring the outsourcing provider's compliance with the data protection and security requirements. Insurance and reinsurance undertakings may need to notify FINMA within 14 days of the conclusion of the agreement if essential business processes are outsourced (article 4 et seq of the Swiss Federal Act on the Supervision of Insurance Undertakings). FINMA approval is required. The transaction is deemed approved by FINMA if FINMA does not commence an assessment of the outsourcing transaction within four weeks following the notification.
Under article 321 of the Criminal Code, auditors are bound by a duty of professional secrecy. If an auditor intends to use an outsourcing provider located outside Switzerland, its clients must first provide express and informed consent to the disclosure of client-related data and waiver of the duty of professional secrecy (article 321, paragraph 2 of the Criminal Code), and the outsourcing party must ensure that only those employees of the outsourcing provider who have a need to know client-related data have access to that data.
Under articles 321 and 321bis of the Criminal Code, doctors and certain other members of the medical profession are bound by a duty of professional secrecy. Outsourcing is not prohibited, but if the outsourcing provider is located abroad, the patient must first provide express and informed consent to the disclosure of patient-related data and waiver of the duty of professional secrecy (article 321, paragraph 2 of the Criminal Code) and again the outsourcing party must ensure that the outsourcing provider maintains a need-to-know-principle for access to patient-related data.
According to article 84 of the Swiss Federal Health Insurance Act and a circular issued on 1 July 2013 by the Federal Office of Public Health, outsourcing is permitted for health insurers, provided that outsourcing service providers are carefully selected and controlled and enter into written agreements specifying the provider's...