Finland's Financial Supervisory Authority sets conditions for accessing supervised entities’ board portals in ongoing supervision

The Financial Supervisory Authority (FIN-FSA) has outlined how it may access supervised entities’ board portals as part of ongoing supervision, subject to agreement with the entity. The approach is intended to support regular supervisory reviews, including assessment of board of directors materials, and is based on supervisory need and a shared understanding of portal use. Under the framework, the supervised entity independently decides whether to grant access and remains responsible for the portal’s content, information security and data protection, acting as the data controller for personal data on the portal. FIN-FSA access must be limited to view-only rights, assigned to specific individuals for specific needs and reviewed regularly, and the supervisor may request alternative delivery methods for materials. Portal access does not replace regulatory reporting or other disclosure obligations, and entities should not assume FIN-FSA has reviewed material merely because it is available on the portal. As a rule, portal materials are not stored in FIN-FSA systems, with any need to store board materials handled case by case, while documents used in supervisory activities are requested separately and stored in FIN-FSA systems to safeguard legal protection and treated as public authority documents under the Act on the Openness of Government Activities.