The purpose of Swisscom’s Enterprise Risk Management is to protect its enterprise value. It takes account of both external and internal events and is based on the established standard ISO 31000.
Klaus Rapp,
Head of Group Internal Audit
The Board of Directors is responsible for the establishment and monitoring of the group-wide assurance functions of Risk Management, Internal Control System, Compliance Management and Group Internal Audit. It is briefed comprehensively at least once a year so it can fulfil its tasks and responsibilities.
The Board of Directors seeks to protect the company’s enterprise value by implementing Group-wide risk management under a corporate culture that promotes the conscious handling of risks. The Swisscom Group has implemented a centralised risk management system based on ISO standard 31000 that takes account of both external and internal events through comprehensive reporting and documentation, reviewed periodically by an external auditor. Its objective is to identify, assess and address significant risks and opportunities in good time. The central Risk Management unit reports to the Head of Group Security & Corporate Affairs and works closely with the Controlling and Strategy departments, other assurance functions and line functions. Swisscom uses a risk strategy to assess its risk profile in terms of probability and the quantitative and qualitative severity of occurrence with reference to key performance indicators, and reviews this risk profile on a quarterly basis. In April and December, the Head of Risk Management provides the Board of Directors and the Audit Committee with information on significant risks, potential impact and the status of the corresponding measures. Significant new risks are reported to the Chair of the Board of Directors and the Chair of the Audit Committee without delay. Once a year, the Head of Risk Management consults with the Committee (without management involvement).
The internal control system (ICS) ensures the reliability of financial and non-financial reporting. Its objective is to prevent, identify and correct substantial errors in the sustainability statements, the remuneration report and the consolidated financial statements of the Swisscom Group as well as the financial statements of the Group companies. The ICS encompasses the components of control environment, accounting risk assessment, control activities, monitoring controls, information and communication. The Group Accounting unit, which reports to the Group CFO, manages and monitors the ICS, with periodic reviews of the function and effectiveness of the ICS by Group Internal Audit. Group Internal Audit notifies the Audit Committee of any significant shortcomings and corrective actions twice a year and the Board of Directors on an annual basis. Significant changes in the ICS risk assessment are reported to the Chair of the Audit Committee without delay, with Group Accounting responsible for monitoring corrective measures. The Audit Committee assesses the performance and effectiveness of the ICS based on the periodic reporting.
The Group-wide central compliance management system (CMS) is designed to prevent compliance violations and protect the Swisscom Group, its executive bodies and employees from legal and regulatory sanctions, financial losses and reputational damage.
The CMS covers the following legal areas: Anti-corruption, Money laundering and financing of terrorism, Data protection and Secrecy Protection, Antitrust law, Telecommunications law, Stock exchange law.
In 2025, Swisscom enhanced its CMS in line with the ISO 37301 standard. The Group’s dedicated compliance functions as well as the compliance officers and compliance managers of the business divisions and fully consolidated subsidiaries support the line in the ongoing implementation of the CMS in specific legal areas.
External auditors conduct an overall review adequacy and effectiveness of CMS every four years. External auditors also conduct specific audits related to money laundering law on an annual or biannual basis.
Once a year, the Head of Group Compliance reports to the Audit Committee and the Board of Directors on its activities, compliance risk assessment and target achievement, and on an ad-hoc basis to the Chair of the Audit Committee and to the Chair of the Board of Directors in the event of significant changes in compliance risks or (potentially) major compliance violations.
Internal auditing is the responsibility of Group Internal Audit, which supports the Board of Directors and Audit Committee in fulfilling their statutory and regulatory supervisory and controlling obligations. Group Internal Audit also supports management and the assurance functions by highlighting opportunities for improving business processes and controls. It documents audit findings and monitors the implementation of measures.
Group Internal Audit is responsible for planning and conducting audits throughout the Group with maximum independence and in compliance with professional auditing standards. It is under the direct control of the Chair of the Board of Directors and reports to the Audit Committee. At an administrative level, Group Internal Audit reports to the Head of Group Security & Corporate Affairs. Once a year, the Head of Group Internal Audit consults with the Audit Committee (without management involvement).
Group Internal Audit liaises closely with the external auditors, who have unrestricted access to Group Internal Audit’s reports and documentation. Based on a risk analysis and in close coordination with the external auditors, Group Internal Audit prepares an annual audit plan and presents it to the Audit Committee for approval. The Audit Committee can also commission ad-hoc audits, which may be prompted by anonymous information it receives through its whistleblowing platform concerning areas such as external reporting and financial reporting. At least once a quarter, Group Internal Audit briefs the Audit Committee on audit findings, whistleblowing notifications and implementation of the audit plan. The Head of Group Internal Audit took part in all five meetings of the Audit Committee in 2025.
Swisscom implements certified management systems based on internationally accepted standards. These ensure that all of Swisscom's services are quality controlled and developed, simplified and improved systematically. Together, they form Swisscom’s integrated ISO / IEC management system and are periodically audited by external auditing company SGS.
The Audit Committee verifies the qualifications, independence and state supervision of the statutory auditors on behalf of the Board of Directors. It also assesses the performance and remuneration of the auditors against criteria such as the competence and availability of the audit team, the audit process, and reporting and communication. The Audit Committee is responsible for enforcing the statutory term limit for the auditor-in-charge and for reviewing and issuing new invitations to tender for the audit mandate. It approves the integrated strategic audit plan, which includes the annual audit plan of both the internal and external auditors, as well as the fee for the auditing services provided to the Group and Group companies each year. The statutory auditor is appointed annually by the Annual General Meeting upon proposal by the Board of Directors under policies defined by the Audit Committee, with re-election permitted. PricewaterhouseCoopers (PwC), Zurich, has held the mandate since the 2019 financial year.
Michael Rechsteiner,
Chairman of the Board of Directors
Swisscom faces challenges in its core business due to intense competition that has led to a decline in revenue. To address risks posed by disruptive megatrends such as rapid technological change and evolving customer expectations, Swisscom conducts comprehensive analyses of market environments and competitor activities. These insights inform strategic decisions and drive a fundamental transformation of the business model. Swisscom is focused on enhancing operational efficiency through process optimisation and investing in new technologies like artificial intelligence (AI) to fortify the core business against external pressures and ensure sustainable growth. The geopolitical landscape still poses hurdles, particularly in the area of supply chain management. Swisscom is actively monitoring global events and adapting its strategies to ensure continuity and resilience. Swisscom’s wide range of business activities, coupled with the complexity of the applicable regulations, calls for effective risk and compliance management systems.
Infrastructure providers, promotional campaigns by market players, and service providers without their own network reinforce competitive dynamics. Megatrends such as connectivity, individualisation and demographic change have a long-term impact on Swisscom’s activities. Regulations entail uncertainties that may adversely affect its financial performance and financial position. Excessively high political demands could fundamentally call the current system of competition into question.
Swisscom tackles this challenge by means of transformation of the company and constant innovation. Swisscom conducts a comprehensive external environment analysis each year in order to identify disruptions at an early stage. This serves to identify coming trends and developments to determine potential disruptive scenarios. Regular analyses of the economic and regulatory environment and customer analyses help Swisscom to respond to relevant changes at an early stage. Swisscom responds effectively to market-driven change by consistently focusing on customer needs, such as addressing the needs of different customer segments through secondary and third-party brands and adjusting processes and organisation.
Competitive dynamics in the Italian telecommunications market are intensifying due to aggressive promotional campaigns by operators and service providers without their own networks, potentially impacting revenue. Additionally, regulatory changes in Italy and Europe pose challenges for companies like Fastweb + Vodafone, which could affect their revenue growth forecasts.
Fastweb + Vodafone responds to these dynamics with continuous adjustments to services, organisation, processes and partnerships. The acquisition of Vodafone Italia at the end of 2024 created a leading convergent provider in the Italian market in the form of Fastweb + Vodafone, which is much more resilient to external risks as a result of the expected synergy effects. In addition, changes in the legal and regulatory environment may have a negative impact on business activities and enterprise value.
Geopolitical developments entail risks such as exchange rate fluctuations, inflation, tariffs, shortages of goods, ban of suppliers, delays in deliveries, higher transport costs and general recession.
Swisscom pursues an effective hedging strategy to minimise risk of loss due to fluctuating foreign exchange rates. Swisscom constantly analyses the geopolitical situation and continuously reviews measures in order to respond appropriately to geopolitical changes and implements them in a targeted manner.
Swisscom’s services are heavily dependent on technical infrastructure such as communications networks and IT platforms. Any major business interruption harbours both financial risks and significant reputational risks. Causes include natural disasters, human error, hardware or software failures due to complex IT architecture, cyberattacks, power outages, power shortages and the increasing interdependence of modern technologies. The threat situation remains tense and is increasing in some areas due to technological and geopolitical developments. Swisscom constantly monitors the threat situation and implements effective measures for permanent risk mitigation. This includes continuously investing in prevention and responsiveness, e.g. reducing the complex IT architecture. Swisscom relies on built-in redundancy, contingency plans, deputising arrangements, alternative locations, careful selection of suppliers and other targeted measures to continuously deliver the expected services.
Customer demand for broadband access is growing in parallel with the rising popularity of devices and IP-based services such as smartphones, TV and OTT. To meet current and future customer needs and maintain its market share, Swisscom is in intense competition with cable companies and other network operators.
The network expansion needed requires major capital expenditure. When expanding the network, Swisscom is guided by population density and customer requirements to reduce financial risks and optimise coverage. Swisscom enters into strategic partnerships to support its network expansion. Material risks arise if the network has to be built at a higher price than planned or revenue expected in the long term does not materialise. Swisscom adapts the broadband expansion of the access network to changing conditions and technical opportunities on an ongoing basis to minimise these risks.
The lack of acceptance of mobile communications and 5G by some impedes network construction, particularly in the case of modernisation work or when searching for new sites for mobile network installations. Swisscom, as a major telecommunications provider in Switzerland, has been at the centre of discussions and actions regarding these concerns. In the year under review, claims were again made that electromagnetic radiation (e.g. from mobile antennas or mobile handsets) is potentially harmful to health.
Switzerland has adopted a comprehensive approach to managing non-ionising radiation through its Ordinance on Protection against Non-Ionising Radiation (ONIR). At locations where people stay for long periods of time (e.g. homes, schools, permanent workplaces and playgrounds) limits that are ten times stricter than those recommended by the World Health Organization (WHO) apply. According to the ONIR monitoring by the government, the median exposure is below 1% of the WHO's limit value. Ongoing measures to raise awareness regarding mobile communications, including information platforms such as Chance5G, remain important.
Swisscom attaches importance to fair and efficient partnerships with suppliers, who share its social and ecological goals and values. Swisscom works with these suppliers to protect the environment and improve working conditions.
More about supplier risk management(opens in new tab)
Fair supply chain
Swisscom condemns corruption of any kind. Facilitation payments are also prohibited. Swisscom's business activities are conducted in a fair, honest and transparent manner. Swisscom has taken many organisational precautions to avoid corruption. An anti-corruption directive and various guidelines define correct and incorrect conduct. Employees exposed to the risk of corruption receive special training. The Group Compliance division supervises implementation of the requirements. Finally, all employees can take advantage of a confidential anonymous whistleblowing system.
Swisscom pursues a coherent, responsible fiscal policy and attaches importance to paying its fair share of taxes in every country in which it conducts business.
Income tax expense details(opens in new tab)
Swisscom Fiscal Principles (31 KB)