The regulator also called on the bank to see through the measures it has already initiated to comply with the legal requirements.
FINMA launched formal administrative proceedings against HSBC Private Bank (Suisse) in Geneva in March 2010.
The investigation was triggered by the theft of a large volume of client data from the bank, most likely in 2006 and 2007.
The investigation focused on the IT organization in place at the time and examined whether the organizational and technical measures implemented by HSBC since the incident comply with legal requirements.
FINMA has completed its investigation with a reprimand for the bank.
The regulator has concluded that there were deficiencies in the bank’s internal organization and IT controls that resulted in a serious breach of the bank’s licensing requirements.
FINMA has demanded that HSBC continue to rigorously implement measures to establish the necessary level of IT security.