ISFB Certificate in Internal Control and Risk Management
Category
Law, Risk and Compliance
Support and Transversal Functions
Support and Transversal Functions
Level
Master's degree
Format
Presential
Duration
7 non-consecutive days
Language
French
Location
ISFB Geneva premises
Director
Gilles Chantrier
Manager
Oscar Marano
Type
ISFB Certificates
Description
Prices & Admission
Content
Testimonials
Stakeholders
Context
This continuing education course aims to provide an in-depth understanding of internal control and risk management in the financial sector, particularly in Switzerland. Based on industry best practices and Swiss regulations, it addresses the main risks encountered in modern finance. Participants will develop skills to assess and mitigate risks, align management practices with regulatory requirements, and develop business continuity strategies. The program incorporates real-life case studies to promote practical application of concepts and strengthen organizational resilience in the face of today's challenges.
Key objectives
At the end of the course, participants will be able to:
1. Formulate recommendations for risk management strategies in a given institution
2. Design a risk management plan integrating the different types of risk and internal control mechanisms
3. Compare risk management strategies used by different financial institutions
4. Use internal control principles to evaluate existing processes within an organization
5. Explain the implications of strategic, market, credit, liquidity, operational, human and fraud risks on banking activities
6. Identify the main types of financial risk and the applicable regulatory standards.
1. Formulate recommendations for risk management strategies in a given institution
2. Design a risk management plan integrating the different types of risk and internal control mechanisms
3. Compare risk management strategies used by different financial institutions
4. Use internal control principles to evaluate existing processes within an organization
5. Explain the implications of strategic, market, credit, liquidity, operational, human and fraud risks on banking activities
6. Identify the main types of financial risk and the applicable regulatory standards.
Target audience
- Risk management and internal control specialists
- Auditors
- Banking and finance executives with an interest in risk management and internal control
- Auditors
- Banking and finance executives with an interest in risk management and internal control
Stakeholders
ISFB lecturers have been working in the banking and financial world, or in their respective fields, for many years and are recognized as some of the best experts in our ecosystem in French-speaking Switzerland.
Reviews
The validation of the certificate is done through a written exam of the QCS type (simple choice questionnaire, one and only one correct answer) of 120 minutes. The emphasis is on understanding, application and the ability to analyze and solve concrete cases using the tools and methods seen in training. Candidates are allowed to consult course materials, appendices and personal notes (open-ended exam concept)
Practical information
Participants who pass the final exam will be awarded the ISFB Internal Control and Risk Management Certificate.
ISFB Certificates are recognized and particularly appreciated by our institutional members.
ISFB Certificates are recognized and particularly appreciated by our institutional members.
Partnership
Program offered in partnership with Swiss Risk Association. Price
- Public: CHF 5,670
- Member: CHF 4,250
- HG / OCAS / OCE : CHF 2'835.-
- FFPC : CHF 0.-
Admission requirements
* This certificate may be financially supported through a partnership between ISFB and FFPC for employees currently working at member institutions in the canton of Geneva. Please check with your Human Resources department.
FFPC rates for the 2027 sessions are subject to change, pending approval by the relevant authority.
FFPC rates for the 2027 sessions are subject to change, pending approval by the relevant authority.
CIGR1
Regulatory framework for risk management
Content: This module enables participants to understand FINMA's fundamental requirements in terms of corporate governance, risk management and internal control, as defined in particular in Circular 2017/1. It highlights the principles of accountability, transparency and oversight that must guide the governing bodies of financial institutions, while integrating control mechanisms tailored to their risk profile.
Participants will learn to identify and articulate the main FINMA circulars applicable to risk management, in particular those relating to operational risks and resilience, such as circular 2023/1. The latter introduces reinforced requirements in terms of business continuity, critical data management and cyber risks, in line with the international standards of the Basel Committee
Finally, the module places risk management in a broader perspective of banking resilience, in line with current prudential requirements. It provides an integrated reading of the regulatory framework, enabling professionals to better anticipate vulnerabilities and reinforce the robustness of their organization.
Participants will learn to identify and articulate the main FINMA circulars applicable to risk management, in particular those relating to operational risks and resilience, such as circular 2023/1. The latter introduces reinforced requirements in terms of business continuity, critical data management and cyber risks, in line with the international standards of the Basel Committee
Finally, the module places risk management in a broader perspective of banking resilience, in line with current prudential requirements. It provides an integrated reading of the regulatory framework, enabling professionals to better anticipate vulnerabilities and reinforce the robustness of their organization.
Duration: 4h00
Format: In-person
Possible speakers: CHANTRIER Gilles
CIGR2
Strategic risk management
Content: This module enables participants to analyze the risks associated with a financial institution's strategic choices - such as business model, market orientation or M&A operations - within the framework of the governance requirements defined by FINMA. It highlights the importance of proactive and structured governance, capable of anticipating the impact of strategic decisions on the organization's stability and compliance.
Participants will learn how to identify and integrate strategic steering tools into an overall risk management system, in line with FINMA circulars 2017/1 and 2023/1. These texts provide a framework for corporate governance, internal control and operational resilience, emphasizing the coherence between strategy, risk tolerance and business continuity.
Finally, the module explores the links between strategy, long-term resilience and adaptability in an uncertain environment, drawing on the prudential principles and international standards of the Basel Committee. It thus offers an integrated reading of strategic governance issues in a demanding regulatory framework.
Participants will learn how to identify and integrate strategic steering tools into an overall risk management system, in line with FINMA circulars 2017/1 and 2023/1. These texts provide a framework for corporate governance, internal control and operational resilience, emphasizing the coherence between strategy, risk tolerance and business continuity.
Finally, the module explores the links between strategy, long-term resilience and adaptability in an uncertain environment, drawing on the prudential principles and international standards of the Basel Committee. It thus offers an integrated reading of strategic governance issues in a demanding regulatory framework.
Duration: 4h00
Format: In-person
Possible speakers: GOETSCHIN Blaise
CIGR3
Market risk management
Content: This module enables participants to identify the main market risks - in particular interest rate, currency and equity risks - and to understand FINMA's requirements for measuring, monitoring and limiting these risks. It is based in particular on FINMA circular 2008/20, which defines capital standards and calculation methods for trading portfolios.
Participants will learn how to integrate these risks into the ICAAP (Internal Capital Adequacy Assessment Process), in line with the principles defined by the ECB and the standards of the Basel Committee. ICAAP plays a central role in risk management strategy, ensuring a forward-looking and consistent assessment of vulnerabilities and capital requirements.
Finally, the module explores best practices in market risk control and regulatory reporting expectations, to ensure effective governance and enhanced transparency in a constantly evolving financial environment.
Participants will learn how to integrate these risks into the ICAAP (Internal Capital Adequacy Assessment Process), in line with the principles defined by the ECB and the standards of the Basel Committee. ICAAP plays a central role in risk management strategy, ensuring a forward-looking and consistent assessment of vulnerabilities and capital requirements.
Finally, the module explores best practices in market risk control and regulatory reporting expectations, to ensure effective governance and enhanced transparency in a constantly evolving financial environment.
Duration: 4h00
Format: In-person
Possible contributors: DESPONDS Jérôme
CIGR4
Credit risk management
Content: This module enables participants to understand the fundamental principles of credit risk management in line with FINMA requirements. It covers the key stages of the process: granting, monitoring, provisioning, as well as assessing counterparty quality, defining credit limits and handling bad debts.
The module also explores the integration of credit risk into an overall resilience framework, in line with the Basel Committee's recommendations on expected loss accounting and prudential practices.
Participants will learn how to articulate regulatory requirements with risk management tools, in order to reinforce their organization's financial strength and ability to adapt in an uncertain environment.
The module also explores the integration of credit risk into an overall resilience framework, in line with the Basel Committee's recommendations on expected loss accounting and prudential practices.
Participants will learn how to articulate regulatory requirements with risk management tools, in order to reinforce their organization's financial strength and ability to adapt in an uncertain environment.
Duration: 4h00
Format: In-person
Possible speakers: KIRCHHOFF François
CIGR5
Operational risk management
Content: This module enables participants to identify the main types of fraud, whether internal (abuse of office, misappropriation of assets) or external (cyberfraud, identity theft), and to understand the prevention mechanisms expected by governance standards, particularly those defined by FINMA. It highlights internal control systems as essential levers for detecting red flags, limiting risks and guaranteeing compliant operations.
Participants will learn how to analyze fraud scenarios, implement reporting policies and integrate these elements into an overall compliance and risk management approach. The module emphasizes the importance of a coherent framework combining training, awareness, operational control and ethical governance, in order to strengthen organizational resilience in the face of fraudulent threats.
Participants will learn how to analyze fraud scenarios, implement reporting policies and integrate these elements into an overall compliance and risk management approach. The module emphasizes the importance of a coherent framework combining training, awareness, operational control and ethical governance, in order to strengthen organizational resilience in the face of fraudulent threats.
Duration: 8h00
Format: In-person
Possible speakers: CHANTRIER Gilles
CIGR6
Operational risk management - Cyber risk
Content: This module enables participants to understand FINMA's requirements in terms of IT security and cyber resilience, as defined in Circular 2023/1. This introduces a strengthened framework for managing risks related to information and communication technologies (ICT), with an emphasis on prevention, detection and response to cyber-attacks.
Participants will learn how to implement concrete measures to protect critical functions, ensure business continuity and respond to serious incidents in a structured way. The module also covers FINMA reporting obligations and expectations in terms of documentation and governance.
Finally, particular attention is paid to assessing the maturity of the cyber system, in relation to prudential requirements and international standards. Participants will be able to situate their organization within a logic of operational resilience, capable of coping with severe but plausible disruptions.
Participants will learn how to implement concrete measures to protect critical functions, ensure business continuity and respond to serious incidents in a structured way. The module also covers FINMA reporting obligations and expectations in terms of documentation and governance.
Finally, particular attention is paid to assessing the maturity of the cyber system, in relation to prudential requirements and international standards. Participants will be able to situate their organization within a logic of operational resilience, capable of coping with severe but plausible disruptions.
Duration: 8h00
Format: In-person
Possible speakers: FONTIGNIE Jacques
CIGR9
Ethics
Content: This module explores the close links between corporate culture, ethical behavior and risk management in the financial sector. It highlights FINMA's governance expectations, as set out in Circular 2017/1, which emphasizes the importance of a corporate culture based on integrity, accountability and transparency.
Participants will learn to identify the typical ethical dilemmas encountered in banking - conflicts of interest, commercial trade-offs, internal pressures - and assess their potential impact on the organization's reputation, compliance and resilience. The module emphasizes the need to integrate ethics into decision-making processes, internal policies and control systems, in order to reinforce consistency between stated values and actual practices.
By fostering a living, shared ethical culture, this module contributes to building sustainable governance, capable of coping with uncertainties and preserving stakeholder confidence in a demanding regulatory environment.
Participants will learn to identify the typical ethical dilemmas encountered in banking - conflicts of interest, commercial trade-offs, internal pressures - and assess their potential impact on the organization's reputation, compliance and resilience. The module emphasizes the need to integrate ethics into decision-making processes, internal policies and control systems, in order to reinforce consistency between stated values and actual practices.
By fostering a living, shared ethical culture, this module contributes to building sustainable governance, capable of coping with uncertainties and preserving stakeholder confidence in a demanding regulatory environment.
Duration: 4h00
Format: In-person
Possible contributors: PENNONE Grégoire
CIGR7
Internal control system
Content: This module enables participants to understand the essential components of an ICS that complies with FINMA requirements, as defined in Circular 2017/1. It addresses the principles of separation of functions, rigorous documentation and structured reporting, which guarantee transparency and risk control within financial institutions.
The module is based on the three lines of defense model, widely recognized in the banking sector. It enables the effectiveness of key controls to be assessed: the first line is ensured by operational staff, the second by control functions (risk, compliance), and the third by internal audit, the guarantor of the independence and quality of the system.
Finally, particular attention is paid to the role of the Board of Directors, which assumes ultimate responsibility for overseeing the ICS. It ensures that the system is adequate, appoints the internal auditors and makes sure that control mechanisms are adapted to the company's risk profile and strategy.
The module is based on the three lines of defense model, widely recognized in the banking sector. It enables the effectiveness of key controls to be assessed: the first line is ensured by operational staff, the second by control functions (risk, compliance), and the third by internal audit, the guarantor of the independence and quality of the system.
Finally, particular attention is paid to the role of the Board of Directors, which assumes ultimate responsibility for overseeing the ICS. It ensures that the system is adequate, appoints the internal auditors and makes sure that control mechanisms are adapted to the company's risk profile and strategy.
Duration: 4h00
Format: In-person
Possible speakers: ZANOTA Xavier-Yves
CIGR8
Business continuity management
Content: This module enables participants to understand FINMA's expectations in terms of business continuity, as defined in circular 2023/1 on risks and operational resilience. It covers the fundamental principles of Business Continuity Management (BCM), including the identification of critical functions, impact analysis, the definition of severe but plausible scenarios, and the implementation of appropriate recovery procedures.
Participants will learn how to design an operational crisis management plan, integrating process dependencies, key resources and disruption tolerances. The module emphasizes the importance of regularly testing the BCP, keeping it up to date and documenting it, with a view to systemic resilience, in line with the Basel Committee's international standards.
This module is aimed at professionals involved in governance, risk management, information systems security and business continuity, in a constantly evolving regulatory context.
Participants will learn how to design an operational crisis management plan, integrating process dependencies, key resources and disruption tolerances. The module emphasizes the importance of regularly testing the BCP, keeping it up to date and documenting it, with a view to systemic resilience, in line with the Basel Committee's international standards.
This module is aimed at professionals involved in governance, risk management, information systems security and business continuity, in a constantly evolving regulatory context.
Duration: 8h00
Format: In-person
Possible speakers: SANCHEZ José
CIGR10
Liquidity risk management
Content: This module enables participants to master Swiss regulatory requirements for liquidity management, in particular the Liquidity Coverage Ratio (LCR), as defined in FINMA circular 2015/2 . It covers the principles of measuring, monitoring and limiting liquidity risks, in relation to liquid asset holding obligations and steering mechanisms tailored to each institution.
Participants will learn how to integrate liquidity stress tests into their management framework, based on FINMA practices and Basel Committee standards. These exercises help to assess the organization's ability to cope with severe crisis scenarios, and to document responses in robust, operational contingency plans.
Finally, the module highlights the links between liquidity management, long-term funding plans and the structural resilience of financial institutions. It offers a strategic reading of prudential requirements, integrating the dimensions of governance, planning and adaptation to an uncertain environment.
Participants will learn how to integrate liquidity stress tests into their management framework, based on FINMA practices and Basel Committee standards. These exercises help to assess the organization's ability to cope with severe crisis scenarios, and to document responses in robust, operational contingency plans.
Finally, the module highlights the links between liquidity management, long-term funding plans and the structural resilience of financial institutions. It offers a strategic reading of prudential requirements, integrating the dimensions of governance, planning and adaptation to an uncertain environment.
Duration: 4h00
Format: In-person
Possible speakers: SOLANET Georgiana
CIGR11
Operational risk management - Compliance
Content: This module enables participants to understand FINMA's expectations in terms of regulatory compliance and their integration into the overall internal control system. The compliance function is an essential component of the second line of defense, alongside the internal control system (ICS), aimed at guaranteeing rule-compliant operations and anticipating risky situations.
Participants will learn to identify the risks of non-compliance - whether legal, financial or reputational - and to mobilize the appropriate prevention tools, such as internal policies, operational controls and reporting mechanisms. The module also highlights the strategic role of the compliance function in detecting and dealing with operational incidents, in line with prudential requirements and international standards.
By promoting a proactive and integrated approach, this module helps to strengthen the compliance culture within financial organizations, while ensuring their resilience in the face of a constantly changing regulatory environment.
Participants will learn to identify the risks of non-compliance - whether legal, financial or reputational - and to mobilize the appropriate prevention tools, such as internal policies, operational controls and reporting mechanisms. The module also highlights the strategic role of the compliance function in detecting and dealing with operational incidents, in line with prudential requirements and international standards.
By promoting a proactive and integrated approach, this module helps to strengthen the compliance culture within financial organizations, while ensuring their resilience in the face of a constantly changing regulatory environment.
Duration: 4h00
Format: In-person
Possible contributors: BAYAT Nezam Alexandre
CIGR
Review
Content: The aim of the final exam is to validate the skills acquired during the course, by consolidating the practical and theoretical knowledge developed throughout the program. It enables participants to demonstrate their mastery of the concepts covered, their ability to articulate the various contributions of the course within a professional logic, and to identify the evolution of their personal skills.
The test takes the form of a 40-question MCQ, in open book format: participants can consult their course materials, appendices and personal notes. The exam lasts 120 minutes, i.e. 3 minutes per question. Each question has only one correct answer, and no negative marks are awarded for incorrect answers.
The questions are general, with no traps, and are based exclusively on content clearly covered in the course or in the training materials.
The test takes the form of a 40-question MCQ, in open book format: participants can consult their course materials, appendices and personal notes. The exam lasts 120 minutes, i.e. 3 minutes per question. Each question has only one correct answer, and no negative marks are awarded for incorrect answers.
The questions are general, with no traps, and are based exclusively on content clearly covered in the course or in the training materials.
Duration: 2h00
Format: In-person
Training for a cross-disciplinary view of risk: interview with Jérôme Desponds, lecturer on the new ISFB Internal Control and Risk Management certificate.
Jérôme Desponds - Managing Partner (ad fidem sàrl)
"With a 360° view of the world of risk, the certificate gives participants the opportunity to think across the board and break down silos in order to assess practices, regardless of the type of risk involved."
Read the interview
Interview with Xavier-Yves Zanota - Internal control and risk management: from theory to practice
Xavier-Yves Zanota - Global Head of Operational Risk (EFG Bank)
"To succeed in this field, you need to combine technical rigor, adaptability, and the ability to communicate with all stakeholders, from the board of directors to the operational teams."
Read the interview
Internal control and risk management: ISFB and Swiss Risk Association combine their expertise
Mathias Baitan - General Manager (ISFB) & Jean-Pierre Colombara - Manager of the Suisse romande Chapter (SRA)
"The idea is always the same: to partner with the best players in each field in French-speaking Switzerland in order to offer our members skills development programs that combine excellence, practical relevance, and sector influence."
Read the interview
Banking Risk Management: Vision, Issues and Transmission with Gilles Chantrier
Gilles Chantrier - Chief Risk Officer (Swissquote)
"This training aims to equip participants with the knowledge and skills necessary to navigate effectively in an ever-changing risk environment, while ensuring the compliance and resilience of their organization."
Read the interview
Gilles CHANTRIER
Gilles Chantrier is a finance professional specializing in risk management and financial control. He holds a degree in economics from HEG Lausanne and has completed training in banking risk management at INSEAD.
He has worked at Swissquote since the early 2000s, where he has held several management positions in accounting, internal control, reporting, and risk management. Since 2017, he has been Chief Risk Officer of the Swissquote Group.
At the same time, he is a member of several boards of directors within the Swissquote Group entities in Europe, the United Kingdom, the Middle East, and Asia.
Blaise GOETSCHIN
Blaise Goetschin has had a career as a business leader in banking, industry, and public administration, and he is currently a director of companies in finance and technology.
Jérôme DESPONDS
Jérôme Desponds is a consultant in governance, risk management, and project management. He has over 28 years of experience in banking. With a master's degree in law and a certified public accountant qualification, he began his career in auditing, serving clients in French-speaking Switzerland and Ticino at Arthur Andersen and EY. After 15 years, during which he also gained experience at the Swiss Federal Banking Commission and as a compliance officer at BCV, he joined Mirabaud as head of risk and compliance for the group. Also responsible for credit, central filing, taxation, and IT security, he led several organizational and operational transformation projects over a period of nine years. After two and a half years at KPMG in charge of risk management consulting services for banks, Jérôme Desponds is continuing his consulting activities on his own account.
François KIRCHHOFF
François Kirchhoff holds a law degree from the University of Geneva and is a graduate of the Swiss Banking School. He began his banking career in 1989 at Société de Banque Suisse, before joining Banque Cantonale de Genève in 1994.
After developing relationships with commercial clients in Geneva, he headed several departments specializing in financing for businesses, SMEs, self-employed professionals, and private clients, as well as managing sales networks.
Since October 2020, he has been head of the Credit Expertise and Risk department, with the following main responsibilities:
internal control of credit activities
At the same time, he is a trainer for commercial and mortgage financing certifications. Appointed Director in July 2001, he places the training and professional development of his employees at the heart of his managerial priorities.
Jacques FONTIGNIE
Jacques Fontignie is a cybersecurity professional with extensive experience in defining and implementing information security strategies in complex and highly regulated IT environments. His expertise covers risk management, security architecture, and compliance with key frameworks and regulations such as NIST, GDPR, DORA, and FINMA.
Gregory PENNONE
Grégoire Pennone holds a Master's degree in law and an MBA from the University of Geneva. He has worked for nearly 14 years in the banking sector, as well as in fiduciary services, consulting, and healthcare. He has held various management positions and has taken a particular interest in corporate governance, regulatory issues, and ethics. He was CEO of ONE swiss bank SA, which was listed on the Swiss stock exchange for a time and merged with the private bank Gonet & Cie SA in June 2025. Since then, he has served as an independent director and advisor to companies in the financial sector.
Xavier-Yves Zanota
Xavier Yves Zanota is a senior executive specializing in risk management. Based in Zurich, he has been Managing Director and Global Head of Operational Risk at EFG Bank AG since 2019, where he has led the global transformation of the function. Previously, he advised UBS's senior management on prudential and regulatory issues.
He spent more than ten years at the Bank for International Settlements, notably within the Basel Committee on Banking Supervision, contributing to major post-crisis reforms and international governance and supervision standards. He began his career at Ernst & Young after working for the French Federation of Insurance Companies.
Committed to the profession, he has co-chaired the Non-Financial Risks chapter of the Swiss Risk Association since 2025 and has taught at the University of Strasbourg. A recognized author and speaker, his work focuses on banking supervision, risk governance, and operational risk.
José SANCHEZ
Physical and logical security professional, department manager with over 20 years of experience in security governance in an international institutional environment. He defines and deploys security strategy through structured action plans, oversees risk analysis, and implements appropriate solutions to ensure control. His expertise in cybersecurity, data protection, and physical security enables him to support the company in regulatory compliance and business continuity and resilience issues (2023/1, DORA).
Georgiana SOLANET
Georgiana Solanet is Chief Financial Officer of Crédit Agricole next bank, a Crédit Agricole Group entity.
She has 20 years of experience in finance and financial risk management at banks in Switzerland (Banque Cantonale de Genève, Lloyds Bank TSB, Banque Lombard Odier & Cie) and at Ernst & Young.
She holds a PhD in Applied Mathematics (Paris VI), a Master's degree in Banking and Finance (HEC Lausanne), and FRM (Financial Risk Manager, GARP) and CFA (CFA Institute) certifications.
She has 20 years of experience in finance and financial risk management at banks in Switzerland (Banque Cantonale de Genève, Lloyds Bank TSB, Banque Lombard Odier & Cie) and at Ernst & Young.
She holds a PhD in Applied Mathematics (Paris VI), a Master's degree in Banking and Finance (HEC Lausanne), and FRM (Financial Risk Manager, GARP) and CFA (CFA Institute) certifications.
Nezam Alexandre BAYAT
After studying law at the Universities of Fribourg and Durham (UK), Nezam Alexandre Bayat qualified as a lawyer. He has been working at FINMA since 2012. Since 2025, he has been Co-Head of the group responsible for enforcement proceedings, particularly those concerning French-speaking Switzerland and Ticino. Given his responsibilities and experience, he has been a privileged witness to the evolution of financial markets, the risks faced by banks and other institutions subject to FINMA, and changes in the legal and prudential framework. Nezam Alexandre Bayat has also developed expertise in corporate governance, risk management, and compliance. He is a graduate of the Swiss Board School and the University of Cambridge in sustainable finance and holds a trader's license from SIX.
Information
A question about this service? Our manager is at your disposal
Category
Law, Risk and Compliance
Support and Transversal Functions
Support and Transversal Functions
Level
Master's degree
Format
Presential
Duration
7 non-consecutive days
Language
French
Location
ISFB Geneva premises
Director
Gilles Chantrier
Manager
Oscar Marano
Type
ISFB Certificates
Information
A question about this service? Our manager is at your disposal
Registration
