The Vontobel B21 building, showcasing modern architecture and the corporate identity of Vontobel, situated in an urban setting in Zurich.
Transaction Banking

Business Risk Management

Published on 01.07.2026 CEST

Of course, we cannot predict the future. However, we are aware of the importance of proactive decision-making and risk management in order to achieve the desired results. With this mindset, we shape the guiding principles in the Transaction Banking unit.

A good risk framework provides the necessary conditions for making conscious decisions and simultaneously supports the Transaction Banking unit in dealing with opportunities and risks. The highest quality for the benefit of our clients is always at the forefront. In the dynamic environment of Transaction Banking, risk management is of essential importance. It has always been crucial to view risks with a degree of common sense. However, the more extensive the requirements become, the more important a solid framework and a uniformly high standard in risk consideration are. Risk management strategies are not dogmas carved in stone once and for all. Rather, they evolve along with the business. They support successful business development in line with regulatory requirements, and they take into account technical and business developments with the aim of enabling successful service delivery.

"A good risk framework supports the Transaction Banking unit in dealing with opportunities and risks."

Tino Hellmund Business Risk Manager Transaction Banking

The increasing complexity of financial markets, cyber threats, regulatory requirements, and the associated risks require constant adaptation and further development of risk management strategies. Need an example? In the past few years, the main focus was on the failure of a building due to flooding or fire. Over the years, however, system security and stability, emergency workplaces, personnel, power shortages, geopolitical uncertainties, third-party suppliers, and cyberattacks have come more into focus. All these aspects are now considered part of Business Continuity Management (BCM), which is required by FINMA.

At Vontobel, the guidelines are formulated centrally and then implemented in the individual areas. This is also the case in the Transaction Banking unit. This requires stable pillars to ensure all areas of responsibility are covered. All the above-mentioned topics flow into a comprehensive BCM system, with the aim of maintaining the availability of the Transaction Banking unit’s services and its operational resilience. We ensure these and many other requirements are met in the Transaction Banking unit with effective Business Risk Management (BRM).

In today’s digital era, banks face a multitude of challenges, particularly in the field of Transaction Banking. It is necessary to take into account the previously mentioned complexities and increasing dependencies on suppliers and technical providers. Two of the most significant developments in this context are the Digital Operational Resilience Act (DORA) and FINMA Circular 2023/1, both of which aim to strengthen the operational resilience of financial institutions.

DORA: a new standard for digital resilience

The Digital Operational Resilience Act, proposed by the European Commission in 2020, aims to enhance the operational stability of financial institutions in the EU. DORA recognizes that digital technologies play a central role in the financial sector and that the risks associated with these technologies are significant. The proposed legislation calls on banks to implement robust security measures to ensure that their digital services remain operational even in crisis situations.

This includes not only the existence of a robust framework, including policies that describe the testing of ICT systems, processes, risks, and controls, but also how third-party risks are managed. A central element of DORA is the obligation to carry out regular risk assessments and tests on digital systems. Banks must not only analyze the impacts of potential cyberattacks, for example, but also develop strategies to protect themselves against such threats. This includes the need to implement an effective incident management system to be able to respond quickly to security incidents and to report them appropriately to the relevant regulators. In addition, banks must ensure that their suppliers and service providers also have adequate security measures.

At Vontobel, we build on our already well-established methods and logics to further improve and continuously expand digital operational resilience. This includes a comprehensive ICS, which is thoroughly tested every year. In addition, centrally initiated control activities are carried out by our specialists and confirmed by our internal experts as well as by independent external auditors. A new aspect is the definition of critical/important functions. At Vontobel, a large number of these are located in our Transaction Banking unit, such as execution, custody, asset servicing, cash management, and reconciliation. Here, we are expanding our existing setup and implementing resilience scenario tests. What happens in the event of a cyberattack, a power outage, or prolonged restricted access to our buildings and workplaces?

The implementation of DORA will enable banks to gain a more comprehensive understanding of their operational risks and take proactive measures to mitigate risks. This will help to strengthen client trust, as well as meet regulatory requirements and minimize potential financial losses.

FINMA Circular 2023/1: strengthening risk control

FINMA Circular 2023/1, published by the Swiss Financial Market Supervisory Authority, complements efforts for effective BRM in Transaction Banking. This circular places particular emphasis on the requirements for risk control and risk management at banks in Switzerland. It includes guidelines that encourage banks to strengthen their internal control systems and ensure that risks are appropriately identified and managed.

One of the central requirements of the circular is the need to establish a clear governance structure that defines responsibilities within an organization. This is particularly important as the complexity of Transaction Banking often leads to risks not being adequately captured. The circular also calls for regular reviews of risk management processes to ensure they are effective and up-to-date. In addition, banks are encouraged to promote a culture of risk awareness in which all employees, regardless of their position, take responsibility for risk management. We achieve this through training programs and regular communication about risks and their impact on business operations. In the Transaction Banking unit, our employees are sensitized and responsible - everyone, regardless of their task and position, is a risk manager.

Conclusion

The challenges in the area of BRM in Transaction Banking are diverse and require a proactive approach. DORA and FINMA Circular 2023/1 represent two important steps forward in strengthening the operational resilience of banks and ensuring that they are able to adapt to constantly changing risks. By implementing robust risk management practices - and strengthening those that are already in place - banks can not only increase their operational stability but also further enhance the trust of their clients and stakeholders. In a world where digital innovations and cyber threats go hand in hand, it is essential that banks take the right measures to future-proof their business.

Contact us

We are looking forward to hearing from you

Call us

Monday through Friday, 8 a.m. to 6 p.m.
Visit us personally in Zürich

Find us on site

Our location near you.
It all starts with a personal conversation

Write us

We are committed to providing you with personal service.

Published on 01.07.2026 CEST

ABOUT THE AUTHORS

  • Tino Hellmund

    Tino Hellmund

    Business Risk Manager, Transaction Banking

    Tino Hellmund is responsible for Business Risk Management (BRM) in the Transaction Banking unit at Vontobel. This includes, among other things, process and risk documentation as well as their controls, the resilience of the settlement processes, and the implementation of regulatory requirements. In addition, BRM forms the interface with internal departments, such as Operational Risk and IT Compliance.

    Show more articles

Share

Share