Accessing the board portals of supervised entities as part of supervisory work
If so agreed, the Financial Supervisory Authority (FIN-FSA) accesses portals used by supervised entities as part of its ongoing supervision, in particular when reviewing, for example, board of directors material. This has been found to streamline the implementation of regular supervision. Access to portals is always based on supervisory needs and mutual understanding on their use.
The supervised entity decides and is responsible independently for granting access rights and for the information content of the portal. The supervisor may also, if it so wishes, request an alternative way for the supervised entity to submit the material to the FIN-FSA. The FIN-FSA’s access rights must be restricted to viewing rights. Access rights enabling use of the portal are always specific to individuals and needs and are regularly assessed.
The responsibility for the information security and content of the portal lies with the supervised entity. The FIN-FSA is responsible for the information security of its own systems. The supervised entity is also responsible for the data protection of the portal and is the data controller for the personal data processed on the portal.
The material viewable by the supervisor on the portal does not supersede the supervised entity’s regulatory reporting or other disclosure obligations. Nor can the supervised entity assume that the supervisor has familiarised itself with the material on the portal. The supervisor may also request an alternative way to access the material, if it so wishes.
The material on the portal will not, as a rule, be stored in the FIN-FSA’s systems. If there is a supervisory need to store board material, the supervised entity will be contacted about this on a case-by-case basis.
Documents used in supervisory activities are always requested separately from the supervised entity and stored in the FIN-FSA’s systems to safeguard the supervised entity's legal protection. Documents stored in the FIN-FSA’s systems are considered public authority documents and fall within the scope of application of the Act on the Openness of Government Activities.
If necessary, you can contact the FIN-FSA for further details in an agreed manner.