Member States` data protection authorities can now authorise transfers under the administrative agreement. Assuming such authorisations exist, the EEA`s financial supervisory authorities must enter into an administrative agreement with their non-EEA partners in order to make use of this new mechanism. FINMA has concluded international bilateral agreements with various foreign authorities. These agreements are essential to facilitate cooperation, especially when FINMA is in regular contact with a foreign authority. The conclusion of an agreement may also be conditional on the admission to a foreign market of controlled establishments in Switzerland or vice versa. Companies that are monitored by regulatory authorities in several jurisdictions should closely monitor the implementation of the administrative agreement in the coming weeks and months. The administrative agreement eliminates much of the uncertainty surrounding the legality of data transfers between EU financial supervisory authorities and non-EEA financial supervisors under the RGPD. This should allow for a more free exchange of information on implementation and surveillance, and could increase the number of cross-border investigations and enforcement procedures in the future. The administrative agreement will be made available to all EEA market regulators; In its opinion, the EDPB stated that the new mechanism was necessary to ensure “effective international cooperation” between financial supervisory authorities and regulators. In its assessment of the appropriateness of the management agreement proposed by the AEMF and the OAV, the EDPB highlighted the safeguards outlined in it: the purpose and key features of the management agreement, in accordance with the EU`s General Data Protection Regulation 2016/679 (“RGPD”), cannot be transferred from the European Economic Area (EEA) to a third country for data protection reasons, unless the European Commission has decided that the third country is “appropriate” for data protection reasons. or there are “reasonable safeguards” to ensure that the processing of personal data in the hands of the recipient meets the high standards of the RGPD. Article 46 of the RGPD provides for several possibilities for protection, including the possibility of including provisions in administrative agreements between authorities or agencies that include enforceable and effective rights over the persons concerned.”  To date, no such “administrative agreement” has been approved by the EDPB.
FINMA organises supervisory or crisis management colleges for various financial groups based in Switzerland. In order to regulate cooperation in this context, it has concluded (multilateral) agreements with the relevant foreign supervisory authorities. FINMA also participates in higher education institutions of foreign supervisory authorities and has signed agreements to this effect. Because of their non-binding nature, FINMA agreements do not create final rights or obligations for FINMA, foreign partner authorities and other third parties. They should therefore be distinguished from the contracts. For this reason, the content of the agreements is generally not published. On 12 February 2019, the European Data Protection Committee  adopted its first opinion on an “administrative agreement” providing for a new mechanism for the transfer of personal data between the Financial Supervisory Authorities of the European Union (EU) and securities agencies and their non-European partners.