FINMA as Regulator of the Banking Sector

Swiss Banks and Swiss branch offices or representative offices of foreign banks are subject to prudential supervision by the Swiss Financial Market Supervisory Authority (FINMA).

Principal Laws and Regulations for Banks

The Swiss Federal Banking Act of 8 November 1934 (Banking Act) and the ordinances issued under the Banking Act are the relevant pieces of legislation governing banks under Swiss law.

The key ordinances under the Banking Act include:

• the Swiss Federal Banking Ordinance of 30 April 2014 (Banking Ordinance);
• the Capital Adequacy Ordinance of 1 June 2012 (Capital Adequacy Ordinance), covering the rules on capital requirements for all banks and securities firms, including banks of systemic importance;
• the FINMA Ordinance on the insolvency of banks and securities firms of 30 August 2012 (BIO-FINMA);
• the Ordinance on the liquidity of banks and securities firms of 30 November 2012 (Liquidity Ordinance);
• the Ordinance on foreign banks in Switzerland of 21 October 1996 (Foreign Banks Ordinance); and
• the FINMA Ordinance on accounting rules of 31 October 2019 (the FINMA Accounting Ordinance).

FINMA issues circulars on various topics, specifying its supervisory practice (see https://finma.ch/en/documentation/circulars/). In addition, various self-regulatory organisations (in particular the Swiss Banking Association – SBA) issue regulations that affect the banking business (eg, the Agreement on the Swiss banks' code of conduct with regard to the exercise of due diligence – CDB 20: https://www.swissbanking.org/en/services/library/guidelines?set_language=en).

Further Relevant Laws and Regulations for the Banking Sector

Other laws and regulations that are most relevant for the banking sector include:

• the Swiss Financial Market Supervisory Act of 22 June 2007 (FINMAA), including the competences of FINMA to proceed with enforcement actions and issue sanctions in respect of firms subject to FINMA supervision;
• the Swiss National Bank Act of 3 October 2003 (NBA) and the ordinance thereto of 18 March 2004 (NBO) setting out the regulatory framework for the Swiss National Bank (SNB) and its powers;
• the Swiss Financial Institutions Act of 15 June 2018 (FinIA) and the ordinance thereto of 6 November 2019 (FinIO) including the rules on the prudential supervision of securities firms, asset managers, asset managers of collective investment schemes, fund management companies and trustees, as well as the licensing requirements for foreign financial institutions (other than banks) with a Swiss branch of representative office;
• the Swiss Financial Services Act of 15 June 2018 (FinSA) and the ordinance thereto of 6 November 2019 (FinSO) including the rules of conduct for financial services providers, the organisational requirements for financial services providers, registration requirements for financial services providers not subject to prudential supervision in Switzerland, the obligation to adhere to an ombudsman service for financial services providers not only interacting with professional or institutional clients and the primary market rules for securities offerings;
• the Swiss Financial Market Infrastructure Act of 19 June 2015 (FMIA) and the ordinance thereto of 25 November 2015 (FMIO) including the rules governing financial market infrastructure (including trading venues for securities, central counterparties, central securities depositories and payment systems), the rules of conduct for dealing in OTC derivatives and exchange-traded derivatives, rules on the disclosure of significant shareholders in listed companies and the rules on market abuse and insider dealing;
• the Swiss Federal Act on Combating Money Laundering and Terrorist Financing of 10 October 1997 (AMLA) and the ordinance thereto of 11 November 2015 (AMLO); and
• the FINMA Ordinance on Combating Money Laundering and Terrorist Financing of 3 June 2015 (AMLO-FINMA) including the rules on implementing the AML framework by FINMA-regulated financial institutions.

Types of Licences

A bank incorporated in Switzerland can apply for the following types of licence:

• a full banking licence in the sense of article 1a of the Swiss Banking Act (Bank Licence); and
• a bank licence in the sense of article 1b of the Swiss Banking Act (FinTech Licence).

Foreign banks can apply for the following types of licence, depending on the type of activity conducted in Switzerland:

• a licence as a Swiss branch of a foreign bank duly licensed and supervised in its place of incorporation, if it operates an office in Switzerland that enters into transactions, maintains client accounts or commits the bank legally (Swiss Branch Licence); or
• a licence as a representative office of a foreign bank duly licensed and supervised in its place of incorporation, if it operates in another way in or from Switzerland – eg, by passing on client orders to the foreign bank or representing it for advertising or other purposes (Swiss Representative Office Licence).

However, where a foreign bank does not have a presence in Switzerland and does not engage in the activity of an introducing broker in Switzerland as regards transactions in securities, please note that an inbound cross-border activity alone is currently not subject to a licensing requirement, provided the foreign bank registers front-office staff dealing with retail clients in Switzerland with a registration body for client advisers in the sense of article 28 et seq FinSA. Such registration requirement is not a licensing requirement.

Categories of Banks

Depending on the balance sheet total, the assets under management, the deposits subject to a depositor protection scheme and the own funds, FINMA classifies banks into the categories 1 to 5, with category 1 being the largest banks requiring most attention by the regulator. The category allocated to each bank is published on https://finma.ch/de/finma-public/bewilligte-institute-personen-und-produkte/.

In addition to such categorisation, FINMA and the SNB are mandated to identify Swiss banks of systemic importance for the Swiss market, in terms of size, interconnectedness with the financial system and the economy, and the short-term substitutability of the services provided by the bank. In making this assessment, particular attention must be paid to the importance of the deposit and lending business, the importance of the payment transaction business, the amount of secured deposits, the ratio between the balance sheet total and the annual Swiss gross domestic product and the risk profile of the bank (article 8 para. 2 Banking Act). Initially, only UBS and Credit Suisse were classified as systemically important banks (SIBs), but the Zurich Cantonal Bank, Raiffeisen and Postfinance have since been added.

On the other end of the scale, Swiss banks categorised by FINMA in categories 4 or 5 may opt-in to a "small banks regime" if they have own funds resulting in a simplified leverage ratio of at least 8% (calculated as the CET1 capital divided by the total balance sheet without the goodwill, participations and off-balance sheet positions), an average liquidity ratio of at least 110% and a refinancing ratio of at least 100% (calculated as the ratio of (i) the liabilities resulting from deposits, money market obligations, debt obligations and covered bonds with a remaining term of more than one year and own funds divided by (ii) the claims against clients and counterparties, including claims resulting from mortgage lending). These thresholds must be met on an entity and group-wide level. If FINMA agrees to grant such "small bank" status, the own funds requirements are not calculated according to the minimum requirements that would otherwise apply pursuant to articles 41-46 of the Capital Adequacy Ordinance.

Activities and Services Covered by a Bank Licence

The following activities trigger a Bank Licence requirement:

• accepting, or offering to accept, deposits from 20 or more persons or companies on an ongoing basis, provided that this calculation would not take into account any deposits received from:
1. banks or other companies subject to prudential supervision;
2. shareholders holding at least 10% of the voting rights or the capital and affiliates thereof or persons related to such shareholders;
3. institutional investors with professional treasury operations;
4. employees or former employees; and
5. persons benefiting from a guarantee by a bank licensed by FINMA; and
• providing financing to an unlimited number of unaffiliated persons or companies, provided that this activity shall be refinanced by unaffiliated banks).

For these purposes, deposits would include any liabilities except the following:

• deposits held by securities or precious metal traders, asset managers or similar businesses (but not by a "currency trader") in settlement accounts for their clients, provided that such settlement accounts are exclusively used for the execution of client transactions that will occur in the foreseeable future, the settlement accounts are not interest-bearing and the funds are on-transferred within a maximum period of 60 days (such maximum time period does not apply to deposits held with securities traders);
• funds paid as consideration for goods or services;
• bonds and other fungible debt obligations issued on the basis of offering documentation, including certain minimum information specified in the Banking Ordinance;
• funds up to CHF3,000 pre-paid to a payment solution in view of a future use for the payment as consideration for goods or services, provided that no interest is paid on such funds;
• funds guaranteed by a Swiss bank; and
• funds paid on a life insurance or social security plan.

A "sandbox" exemption allows a deposit-taking activity without triggering a banking licence if the deposits are below CHF1 million and are not re-invested with the aim of generating a profit, and if the depositors are informed that the entity is not licensed as a bank and that they do not benefit from a depositor protection scheme.

According to article 6 FinIA, and because the Bank Licence is the "highest status" in the hierarchy of FINMA licences, an entity licensed as a Swiss bank may conduct the regulated activities of the following:

• a securities firm;
• an asset manager of collective investment schemes;
• an asset manager of assets not held in a collective investment scheme; and
• a trustee.

Activities and Services Covered by a FinTech Licence

The FinTech Licence is applicable to companies that accept deposits from the public up to a maximum of CHF100 million, provided that such deposits are not reinvested and not interest bearing. FINMA may increase the CHF100 million threshold in particular cases if customers are adequately protected. Furthermore, the FinTech Bank Licence requires that investors are informed in advance about the business model, the services provided and the risks associated with the technologies used, that the deposits are not covered by a deposit protection system and that there is no immediate reimbursement in case of bankruptcy.

The accepted deposits must be held separately from the company's own funds. The deposits have to be held in the currency they were made as sight deposits or as highly liquid assets. Deposits in the form of crypto-assets have to be held in the same type of crypto-assets (same cryptocurrency or same tokens) as they were accepted from the clients.

Conditions for Licensing of Swiss Banks with a Bank Licence

FINMA requires Swiss banks to meet the following licensing conditions.

• Legal form: with the exception of the cantonal banks that are established as public entities or joint stock corporations under the relevant legislation of the Canton pursuant to article 3a Banking Act, the Banking Act does not provide for any special rules regarding the legal form of banks.
• Minimum capital: the bank must have a fully paid-up minimum capital of CHF10 million (article 3 para. 2 lit. b Banking Act and article 15 Banking Ordinance).
• Business activity description: in accordance with article 3 para. 2 lit. a Banking Act and article 9 of the Banking Ordinance, the bank is obliged to precisely define its business area in the articles of association and organisational regulations in terms of subject matter and area of operation. The scope of tasks and geographical area of operation must be aligned with the financial possibilities and the administrative organisation.
• Organisation: article 3 para. 2 lit. a Banking Act requires that separate bodies must be set up for management and for the supervision and control of at least three members. According to article 11 of the Banking Ordinance, no member of the body responsible for the overall supervision and control may be a member of the management. In accordance with article 12 of the Banking Ordinance, the bank must also ensure an internal separation of functions between trading, asset management and settlement.
• Internal controls: the bank must set up an internal control system and appoint an "internal audit" function that is independent from the management in addition to appointing external auditors (see 4.1 Corporate Governance Requirements).
• Fit and proper requirements: members of the management and the material shareholders (ie, shareholders holding at least 10% of the capital or voting rights) must meet the relevant fit and proper requirements (see 4.2 Registration and Oversight of Senior Management).
• Operation in Switzerland: the bank must be managed in Switzerland with the management being present in Switzerland.
• Foreign controlled banks: if a foreign shareholder holds at least 50% of the capital or voting rights or otherwise exercises control, FINMA may require that the relevant jurisdiction grants reciprocity (see 3.1 Requirements for Acquiring or Increasing Control over a Bank).
• Consolidated supervision: if the bank is part of a foreign-controlled financial group, FINMA may require that it is subject to appropriate consolidated supervision by foreign supervisory authorities (article 3b Banking Act), and the licence may be subject to the approval of the relevant foreign supervisory authority. Not all jurisdictions meet the requirement of "adequate consolidated supervision" within the meaning of the Banking Act. 

Conditions for Licensing of Swiss Banks with a FinTech Licence

FINMA requires Swiss banks with a FinTech Licence to meet the following licensing requirements.

• Legal form: it must be established as a joint stock corporation (Aktiengesellschaft), a partnership limited by shares (Kommanditaktiengesellschaft) or a limited liability company (Gesellschaft mit beschränkter Haftung).
• Minimum capital: the bank must have a fully paid-up minimum capital of at least 3% of the deposits it has taken; such capital must be at least CHF300,000 (article 17a Banking Ordinance).
• Business activity description: the bank is obliged to precisely define its business area in the articles of association and organisational regulations in terms of subject matter and area of operation. The scope of tasks and geographical area of operation must be aligned with the financial possibilities and the administrative organisation (article 14b Banking Ordinance).
• Organisation: separate bodies must be set up for management and for the supervision and control of at least three members. According to article 14d para. 2 of the Banking Ordinance, at least a third of the members of the body responsible for the overall supervision and control must be independent from the management.
• Internal controls: the bank must set up an internal control system and appoint an "internal audit" function that is independent from the management, in addition to appointing external auditors.
• Fit and proper requirements: members of the management and the material shareholders (ie, shareholders holding at least 10% of the capital or voting rights) must meet the relevant fit and proper requirements.
• Operation in Switzerland: the bank must be managed in Switzerland with the management being present in Switzerland (article 14c Banking Act).

Conditions for Licensing Foreign Banks

As regards a Branch Office Licence and a Representative Office Licence, the relevant requirements set out in the Foreign Bank Ordinance must be met.

Duty to Notify FINMA

Any natural or legal person that intends to hold, or to cease to hold a qualified participation in a bank, directly or indirectly, is required to notify FINMA in advance. A qualified participation exists if a natural person or legal entity holds directly or indirectly at least 10% of the capital or the voting rights of a bank, or can otherwise exercise significant influence over the management of the bank. The duty to notify also applies to the holder of a participation who intends to increase or decrease that participation above or below the thresholds of 10%, 20%, 33% and 50%. The bank must report to FINMA any person who is acquiring or selling a qualified participation or whose participation increases or decreases below the thresholds of 10%, 20%, 33% and 50%. The bank must update its list of qualified participants at least once a year.

Proper Business Conduct Requirement

Any person who intends to hold a qualified participation in a bank must guarantee that the influence to be acquired will not be used in a way that is detrimental to the prudent and proper management of the bank. To assess compliance with the proper business conduct requirement, FINMA must be provided with certain indications and documents, as set forth in article 8 of the Banking Ordinance. In addition, any person acquiring a qualified participation must indicate whether the participation is acquired for own account or on a fiduciary basis, and whether any options or similar rights will be granted on the participation.

Banks under Foreign Control

If a Swiss-controlled bank passes under foreign control as a result of the acquisition of the participation, it must require an additional licence from FINMA. A new additional licence is also required in case of any change in a qualified participation held by a foreigner in a foreign-controlled bank. A bank is under foreign control if foreigners holding qualified participations directly or indirectly hold more than half of the voting rights, or if the bank is controlled in any other way by foreigners. A "foreigner" is either a physical person who has neither Swiss nationality nor a type C Swiss residence permit, or a legal entity whose registered office is located abroad or that is controlled directly or indirectly by foreigners.

The granting of the additional licence is subject to the following conditions:

• reciprocity must be guaranteed by the countries in which the foreigners holding their qualified participation have their domicile or registered office (however, reciprocity does not need to be verified in the case of contradictory provisions in international agreements, such as vis-à-vis the member states of the World Trade Organization);
• the bank's corporate name must not indicate or suggest a Swiss character of the bank; and
• if the bank becomes part of a financial group or financial conglomerate, FINMA may make the granting of the additional licence dependent on the approval of the transaction by the competent foreign supervisory authority and appropriate consolidated supervision.

Overview

Banks must comply with specific corporate governance requirements defined in the banking legislation, particularly the Banking Act and the Banking Ordinance, as well as in various FINMA circulars, particularly FINMA Circular 2017/1 "Corporate governance – banks" and, to the extent applicable, with the general corporate governance requirements set forth in Swiss corporate law.

Board of Directors

The board of directors of the bank must be comprised of at least three members. A third of the board members must be independent and none of them is allowed to be part of the bank's executive management, unless FINMA agrees to grant an exception. Banks in supervisory categories 1 to 3 must establish an audit committee and a risk committee (these committees may be combined into a single committee in banks assigned to the supervisory category 3). The audit and risk committees must be comprised of a majority of independent board members. The chairman of the board of directors cannot be a member of these committees. In addition, systemically important institutions must establish a compensation and nomination committee, at least at group level.

The board of directors is the governing body for the guidance, supervision and control of the institution. It has specific duties regarding the bank's business strategy and risk policy, organisation, financial situation, and personnel and resources, as well as the monitoring and control of the executive management, and is responsible for taking decisions on major structural changes and investments.

Executive Management

The executive management is responsible for conducting the operational business activities of the bank in accordance with the strategy, targets and internal regulations set forth by the board of directors. It has specific duties and responsibilities in terms of financial and risk management, representation of the institution towards third parties, the transmission of information to the board of directors, and the establishment of effective internal processes, including an appropriate management information system, an internal control system and the necessary technological infrastructure.

Risk Management Framework and Internal Control System

Banks must adopt and maintain an institution-wide risk management framework that defines their risk policy and risk tolerance as well as the corresponding risk limits in all key risk categories, in addition to an internal control system comprised of two controlling bodies: the revenue-generating units and the independent control bodies (risk control and compliance functions).

Internal Audit

Banks must have an internal audit function, in addition to their regulatory audit firm. The internal audit function can be internalised or delegated, inter alia, to the internal audit of a group company if certain requirements are met or to an external audit firm that is independent from the bank's regulatory audit firm. The internal audit function reports directly to the board of directors and has an unlimited right of inspection, information and audit within the institution in the context of its duties.

Other Organisational Requirements

Banks face numerous other organisational requirements, depending on the type of activities conducted.

Board of Directors

The board of directors must have adequate management expertise and specialist knowledge and experience of the banking and financial services sector. It must be sufficiently diversified so that all key aspects of the business are adequately represented, including finance, accounting and risk management. Board members are appointed by the shareholders' meeting (if the bank is organised in the form of a joint stock company).

The board of directors must define the requirements for its members, the chairman, and the members of its sub-committees. The board of directors must critically assess its performance at least once a year and must record the results in writing.

Executive Management

Members of the executive management, both individually and as an overall body, must have adequate management expertise and the specialist knowledge and experience of banking and financial services required to ensure compliance with licensing requirements in the context of the bank's operational activities. They are appointed by the board of directors, which must also appoint the chief risk officer and the head of internal audit. The requirements for the chief executive officer are defined by the board of directors, which also approves and periodically reviews the requirements for the other members of the executive management, the chief risk officer and the head of internal audit.

Good Reputation and Proper Business Conduct

Each member of the board of directors and executive management must maintain a good reputation and fulfil the requirement of proper business conduct ("fit and proper" requirements). Any change in the board of directors or the executive management must be notified to and approved by FINMA in advance of such change occurring. The information and documents to be provided to FINMA are set out in article 8 of the Banking Ordinance and the relevant FINMA guidelines. Members of the executive management must have their domicile in a place that allows them to perform their tasks in an effective and responsible manner.

Compensation System for Independent Control Bodies

As a general rule, the compensation system for the members of the independent control bodies and the internal audit function must not create incentives that could lead to conflicts of interest with the duties of these bodies or function.

FINMA Circular 2010/1

FINMA has adopted Circular 2010/1 "Remuneration schemes", defining the minimum standards for the design, implementation and disclosure of remuneration schemes in financial institutions. It defines the various principles that must be reflected in the bank's remuneration policy, including that the structure and level of total remuneration must be designed so as to enhance risk awareness, and that variable remuneration must be funded through the long-term economic performance of the bank and shall depend on sustainable and justifiable criteria reflecting the bank's business and risk policies.

However, this circular only applies to banks that are required to maintain equity capital of at least CHF10 billion, either in their capacity as a single entity or at the financial group or conglomerate level. All other banks are recommended to follow its principles as best practice guidelines.

Specific Provisions for Systematically Important Banks and Listed Companies

The Banking Act provides for the right of the Swiss Federal Council to impose measures relating to remuneration packages of employees of systematically important banks or their group company if they receive state aid from federal funds.

Finally, if the bank is a listed company, it must follow the remuneration requirements applicable to listed companies, particularly those set forth in the Ordinance against Excessive Remuneration in Listed Companies Limited by Shares.

The AMLO-FINMA specifies the general provisions in the AMLA and sets out how Swiss banks must implement the obligations to combat money laundering and terrorist financing. As regards the requirements for the identification of the contracting parties and the determination of the beneficial owner of assets, AMLO-FINMA refers to the provisions of the Agreement on the Swiss banks’ code of conduct with regard to the exercise of due diligence of 3 June 2018 (CDB 20).

Swiss banks must identify natural persons by an official identification document with a photograph. In the case of legal entities and partnerships, the identification of the contracting party generally takes place by means of an official register extract. Banks must further record the means by which the identity has been verified, and put a copy of the correspondent identification documents on record. A business relationship can be established in person, by correspondence or via the internet (in accordance with the applicable FINMA Circular 2016/7 Video and online identification of 3 March 2016).

The contracting party of a Swiss bank is required to declare the beneficial owner (natural person) of the assets. The beneficial owner of an operating legal entity is defined as the natural person who ultimately controls the legal entity (controlling person). The contracting party must record the information of the beneficial owner or controlling person by means of a written declaration or specific form as provided by CDB 20.

According to the AMLO-FINMA, among others, details of payment transactions must be indicated, the reasons for using domiciliary companies must be clarified, and criteria for identifying business relationships or transactions with increased risks must be developed. In the case of business relationships or transactions with increased risks, Swiss banks are required to make additional clarifications.

Swiss banks shall prepare documentary evidence of the transactions carried out and the clarifications required, and shall ensure adequate training of staff and controls.

Swiss banks must immediately report the following to the Money Laundering Reporting Office (MROS):

(a) if they know or have reasonable grounds to suspect that the assets involved in the business relationship are connected with money laundering or criminal organisations, derive from a crime or a qualified tax offence, or serve to finance terrorism;

(b) if they terminate negotiations for the establishment of a business relationship on reasonable suspicion in accordance with the above; or

(c) if they know or have reason to suspect, on the basis of the investigations carried out, that the data of a person or organisation forwarded by a supervisory authority or organisation corresponds to the data of a person of their own business relationships or transactions.

Swiss banks must block the assets entrusted to them as soon as MROS informs them that it will forward their report under (a) to a prosecution authority, but must immediately block any assets that are connected with a report under (c). Swiss banks may not inform either the person concerned or third parties that they have made a report to MROS.

In Switzerland, clients’ deposits are protected by both the depositor protection scheme and the preferential treatment granted in the event of a bank's bankruptcy. Deposits totalling CHF100,000 per client are regarded as privileged deposits.

In essence, depositor protection is based on a three-tiered system.

• First, privileged deposits are immediately paid out from the remaining liquidity of the failed bank. FINMA determines the maximum amount of deposits payable immediately. As a result, the largest possible number of retail clients will be paid out before bankruptcy proceedings are instituted.
• Secondly, if the bank's available liquidity fails to cover all privileged bank deposits, the depositor protection scheme is used to pay out privileged deposits, provided that they were booked in Switzerland (so-called secured deposits). All banks in Switzerland that accept client deposits are obliged to participate in the depositor protection scheme. When FINMA has declared bankruptcy, it notifies the depositor protection scheme and informs it about the liquidity required to pay out the secured deposits. The funds required are provided to FINMA or its agent by the other members of the association, up to a maximum amount of CHF6 billion within a period of 20 days. The association members are legally required to keep half of the amount that they are obliged to contribute as additional liquidity. As an additional measure towards achieving full payment of all privileged deposits at the latest during bankruptcy proceedings, such deposits are underpinned with domestically held assets, which FINMA can easily access.

• Thirdly, privileged deposits are treated preferentially and are paid out at the same time as other second creditor class claims in the event of bankruptcy – ie, once first-class claims such as employee salary and pension fund claims have been paid out.

Unlike cash deposits in bank accounts, assets such as shares, units in collective investment schemes and other securities held in custodial accounts are client property, and are ring-fenced in their entirety and released to clients in the event of bankruptcy.

Deposits with pension and vested benefits foundations, particularly vested benefits accounts and pillar 3a pension funds, are privileged separately up to a maximum of CHF100,000 per client. However, these deposits are not part of the depositor protection scheme and are only paid out during the bankruptcy proceedings through the pension fund. In the event of bankruptcy, client deposits and pension savings of over CHF100,000 per client are regarded as third creditor class claims and are treated equally with the claims of other creditors.

The Banking Act is the primary law governing bank secrecy in Switzerland, article 47 of which states that anyone who, intentionally or in negligence, discloses confidential data that has been entrusted to him or her in his or her capacity as a member of an executive or supervisory body, employee, representative, or liquidator of a bank, or that he or she has learned when exercising his or her profession, is liable to prosecution. Swiss banks also have a civil law obligation to respect the confidentiality of customer data, arising out of the customer's right to personal privacy and the contractual relationship between the customer and the bank.

The definition of confidential information is broad, and includes information on the customer as a private individual, on deposits and withdrawals, on loans, investments, the customer's financial circumstances, etc. However, the Banking Act only protects information related to an identified or identifiable customer, so customer data may be disclosed by, for example, anonymising the customer name, account number or other identifying information, or by aggregating customer data.

Several exceptions allow a bank to disclose customer data protected by the banking secrecy obligation, including:

• disclosure of customer data when requested under a Swiss statute requiring disclosure of such information to a government authority;
• disclosure to a parent company that is supervised by a banking or financial market supervisory authority if the disclosure is necessary for consolidated supervision purposes, subject to certain conditions;
• disclosure of customer data in cases of an overriding private or public interest; and
• disclosure of customer data to comply with agreements Switzerland has entered into with other countries (such as the OECD Model Tax Convention, the Agreement on the Automatic Exchange of Information (AEOI), or the Agreement between the USA and Switzerland for Cooperation to Facilitate the Implementation of FATCA).

In addition, in the account opening documents (including the general terms and conditions), banks typically obtain customer consent for disclosures not permitted under the Banking Act. For this purpose, banks need to clearly define the scope of consent, as a general waiver of bank secrecy is not sufficient.

On 26 March 2019, the SBA published its guidelines for the secure use of cloud services in banking (SBA Guidelines), according to which the deployment of customer identifying data (CID) to a cloud provider outside Switzerland does not constitute a breach of banking secrecy, subject to a number of specifically defined technical (eg, anonymisation, pseudonymisation or encryption, etc), organisational (eg, monitoring and auditing) and contractual (eg, specification of the proceeding in the event of requests by foreign authorities, securing the auditability at all times, definition of an access concept, etc) security measures as generally set out in the SBA Guidelines. As far as is known, the SBA Guidelines have not been endorsed by FINMA, so the risk of migrating to the cloud remains with the individual banking institutions.

In addition to the Banking Act, the Federal Act on Data Protection of 19 June 1992 (FADP) and its implementing ordinance apply to the processing of personal data pertaining to individuals and legal persons. The FADP is currently under revision, and the Swiss Parliament adopted the revised bill in the final vote on 25 September 2020. The revised FADP is expected to enter into force in the course of 2021 and will only apply to data pertaining to individuals (data pertaining to legal persons will no longer be protected). In EU/EEA cross-border relationships, the EU General Data Protection Regulation (GDPR) may also need to be considered, given its extraterritorial reach.

Non-compliance with any of the general data processing principles of lawfulness, good faith, proportionality, purpose limitation and transparency would require a legal justification (ie, the data subject's consent, overriding private or public interest or a Swiss statutory provision). In particular:

• personal data may only be processed for the purpose indicated at the time of collection, that is evident from the circumstances or that is provided for by Swiss law;
• the principle of transparency requires that the collection of personal data and the purpose of its processing must be evident to the data subject; and
• the principle of proportionality provides that personal data is disclosed only to the extent required for the specific purpose – ie, any personal data should be appropriately anonymised, pseudonymised or encrypted or, if the customer data needs to be processed in cleartext, then access should only be granted to the extent required (eg, by the implementation of an appropriate authorisation and access concept with regard to personal data.

Finally, FINMA Circular 2018/3, Outsourcing – banks and insurers of 21 September 2017 is applicable to the outsourcing of a function that is significant to the company’s business activities and that will be mandated to a third party in order to independently and on an ongoing basis perform all or part of such function. Significant functions are those that have a material effect on compliance with the aims and regulations of financial market legislation. Outsourcing is not considered an unlawful disclosure under the Banking Act if the outsourcing provider and its employees are obliged to comply with bank secrecy rules.

Basel III Standards

Switzerland has, to a large extent, implemented the Basel III standards by means of amendments to its Capital Adequacy Ordinance, Liquidity Ordinance and various FINMA circulars.

Capital Requirements

Subject to any exception granted by FINMA, the fully paid-in minimum share capital of a bank shall amount to at least CHF10 million, although FINMA may require a higher amount of share capital depending on the bank's intended business activities.

Non-systemic banks must hold a minimum regulatory capital of at least 8% of their risk-weighted positions, and must have a capital buffer of between 2.5% and 4.8%. Upon the request of the SNB, an additional countercyclical buffer to address excessive credit growth risks can be introduced. For example, a countercyclical buffer was introduced to address risks of overheating in the real estate sector, and was set prior to March 2020 at 2% of the risk-weighted positions whereby a residential property in Switzerland acts as real security. In March 2020, the Federal Council approved the deactivation of this countercyclical capital buffer in order to give banks more flexibility in granting credits as a way to limit the economic impact of the COVID-19 pandemic.

Banks with a balance sheet amount of at least CHF250 billion, of which the total foreign commitment amounts to at least CHF10 billion, or with a total foreign commitment of at least CHF25 billion, are further required to hold an extended countercyclical buffer of up to 2.5%. Furthermore, FINMA may require a bank to hold additional capital if the minimum regulatory capital and capital buffer do not ensure an appropriate level of security in view of the specific risks faced by the bank. Finally, a non-systemic bank must maintain a minimum leverage ratio of 3% based on Tier 1 capital and its unweighted exposures (total exposure).

There are additional requirements for SIBs, which must hold enough regulatory capital to continue their operations even if they incur large losses (going concern capital) and must provide additional loss-absorbing funds (gone concern capital). The going and gone concern requirements comprise together the bank's total loss-absorbing capacity (TLAC). The going concern capital requirements for SIBs consist of the following elements:

• a base requirement of a risk-weighted capital ratio of 12.86% and a leverage ratio of 4.5%;
• a surcharge that depends on the degree of systemic importance; and
• countercyclical buffers.

The gone concern capital requirements for domestic systemically important banks (D-SIBs) amount to a minimum of 40% of their going concern capital, subject to rebates. The gone concern capital requirements for the two global SIBs (G-SIBs) at the consolidated group level are 100% of their going concern capital minus certain rebates granted by FINMA.

Following a pilot phase, as of 1 January 2020 FINMA implemented a small bank regime exempting small, particularly liquid and well-capitalised banks from certain regulatory requirements. Such banks benefit from less complex requirements under the Capital Adequacy Ordinance that allows them, for instance, to forego the calculation of risk-weighted positions. Please see 2.1 Licences and Application Processes for a description of the requirements that a bank must meet in order to be allowed to participate in the small bank regime.

Risk Diversification

Banks are obliged to limit concentration risks and must comply with various requirements in this respect. The standard upper limit for any large exposure is, in principle, 25% of the bank's adjusted eligible core capital (Tier 1), save for any exceptions or other specific requirements provided in the Capital Adequacy Ordinance and in FINMA Circular 2019/1 "Risk diversification – banks".

Liquidity Requirements

The Liquidity Ordinance implemented Basel III's liquidity standards into Swiss law, and regulates the qualitative and quantitative liquidity requirements applicable to banks. Further specifications are contained in FINMA Circular 2015/2 "Liquidity Risks – Banks".

Under the Liquidity Ordinance, banks are required to appropriately manage and monitor their liquidity risks.

A liquidity coverage ratio (LCR) has been introduced into the Liquidity Ordinance in accordance with international liquidity standards, and shall ensure that banks have an adequate portfolio of high-quality liquid assets (HQLA) to cover the expected net cash outflow for a 30 calendar day liquidity stress scenario on an ongoing basis. Banks have to report their LCR to the SNB on a monthly basis.

The net stable funding ratio (NSFR) has not yet been implemented in Switzerland due to delays in its international implementation, but in September 2020 the Federal Council adopted an amendment to the Liquidity Ordinance in order to introduce the NSFR. This amendment is due to enter into force on 1 July 2021.

SIBs are subject to more stringent liquidity requirements than non-systemic banks.

Applicable Insolvency Rules

The Banking Act sets out the debt enforcement and insolvency proceedings in articles 25 et seq, as further specified in the BIO-FINMA. These provisions apply to banks licensed in Switzerland under the Banking Act (with either a Bank Licence or a FinTech Licence). They also apply to securities firms and fund management companies regulated under the FinIA and licensed by FINMA.

According to articles 25 et seq Banking Act, where FINMA has reasons to believe that a bank it regulates or supervises is either over-indebted or has incurred serious liquidity problems, or does not fulfil the capital requirements upon a respective rectification period granted by FINMA, it may, as appropriate:

• take protective measures under article 26 Banking Act;
• initiate bank reorganisation proceedings under articles 28-32 Banking Act; or
• order the liquidation of the bank (bankruptcy proceedings) under articles 33 et seq Banking Act.

Protective Measures

Protective measures may be ordered by FINMA either on a stand-alone basis or in connection with bank reorganisation proceedings or the liquidation of a bank. Article 26 para. 1 Banking Act mentions the following protective measures:

• instructions to the corporate bodies of the bank;
• the appointment of an investigating officer;
• the withdrawal of the power of the corporate bodies to represent the bank or the removal of the corporate bodies from office;
• the removal of the bank auditors or corporate auditors from office;
• the restriction of the business activities of the bank;
• a prohibition on making or receiving payments or entering into securities transactions;
• the closure of the bank; and
• ordering a stay (Stundung) or postponement of maturity (Fälligkeitsaufschub), except for debts owed to central mortgage bond institutions (Pfandbriefzentralen), which are secured by a pledge.

The above list of measures is not exhaustive and FINMA may also take other measures, as it deems appropriate. From a Swiss perspective, any such protective measures ordered by FINMA may also be ordered in respect of the assets of the bank located outside Switzerland in a foreign branch.

Reorganisation Proceedings

Reorganisation proceedings may be ordered by FINMA if there is a reasonable expectation that the failing bank may be successfully restructured or if at least some parts of it may be saved from insolvency. In such event, FINMA may appoint an administrator (Sanierungsbeauftragter) and regulate the business activities of the bank during such proceedings (article 28 Banking Act). Where reorganisation proceedings are commenced, a reorganisation plan will be prepared by the administrator, which must be approved by FINMA (such approval may occur when FINMA resolves to commence the reorganisation proceedings). There is no requirement for an approval by a general shareholders' meeting of the bank (article 31 Banking Act). Moreover, the creditors of a SIB may not reject the reorganisation plan (article 31a para. 3 Banking Act).

A reorganisation plan may provide for the transfer of the entire business of the financial institution or certain parts of the assets and liabilities as well as contracts to another legal entity (eg, a bridge bank), or for a bail-in of debt, or for a haircut on claims.

If the reorganisation plan provides for a bail-in of debt or a haircuts on claims, such measures must ensure that, after a reorganisation, the bank meets the capital requirements necessary for the purposes of continuing the business activities. In any such case, article 48 BIO-FINMA provides for a creditors' hierarchy (waterfall). Under such rules, before a bail-in of debt or haircuts on claims would apply, the share capital must be reduced exhaustively, any contingent convertibles or other capital instruments qualifying as Additional Tier 1 Capital or Tier 2 Capital must be converted into equity or written off, and any other claims ranking junior must be converted into equity or written off. In such waterfall, deposits (in respect of the amount not protected by any deposit insurance scheme) would rank last.

Any such bail-in of debt or haircut could not be applied in respect of privileged claims (eg, deposits up to CHF100,000 – see 6.1 Depositor Protection Regime), secured claims up to the value of the collateral assets and, under certain conditions, claims subject to a right of set-off (article 49 BIO-FINMA).

Insolvency Proceedings

FINMA may order bankruptcy proceedings under articles 33 et seq Banking Act, irrespective of whether it first ordered protective measures under article 26 Banking Act or bank reorganisation proceedings under articles 28-32 Banking Act.

Article 34 para. 1 Banking Act provides that bankruptcy proceedings ordered by FINMA have the same effect as the start of bankruptcy proceedings pursuant to articles 197-220 of the Swiss Debt Enforcement and Bankruptcy Act (DEBA) and, according to article 34 para. 2 Banking Act, the bankruptcy proceedings are administered according to the rules of articles 221-270 DEBA. However, this is subject to any rules departing from the DEBA in the Banking Act, and FINMA may deviate from the rules of the DEBA as it deems appropriate.

Swiss and foreign creditors are equally entitled to file their claims in the Swiss insolvency proceedings, including creditors of foreign branches (article 3 para. 2 BIO-FINMA).

From a Swiss perspective, the principle of universality applies in respect of insolvency proceedings commenced in respect of a bank under articles 33 et seq Banking Act. As a result, all assets owned by a bank at the time of the opening of insolvency proceedings against it form part of the bankruptcy estate, irrespective of their physical location, provided that such assets are not exempted from bankruptcy proceedings (as would be the case for assets subject to sovereign immunity).

Based on the general rules of the DEBA, in bankruptcy proceedings a bank may no longer dispose of the assets of the bankruptcy estate – such dispositions would be void towards the creditors (article 204 DEBA). For these purposes, the time specified by FINMA as the start of the bankruptcy proceedings is relevant. Moreover, claims forming part of the bankruptcy estate can no longer be validly discharged by payment to the debtor, but must be paid into the bankruptcy estate.

As regards liabilities, the opening of bankruptcy proceedings has the effect that all obligations of such bank become due against the bankruptcy estate, with the exception of those secured by mortgages on the bank's real estate (article 208 DEBA). Non-monetary claims will be converted into monetary claims of corresponding value (article 211 DEBA).

Implementation of International Commitments

With the Swiss rules on reorganisation proceedings, Switzerland implemented the Financial Stability Board (FSB) recommendations on effective resolution regimes. It also introduced a competence for FINMA to exercise resolution stay powers.

Under article 30a Banking Act, and in connection with protective measures under article 26 Banking Act or reorganisation proceedings under article 28-32 Banking Act, FINMA has the power to order a temporary stay of:

• any contractual termination right of a counterparty or the exercise of any rights of set-off;
• the enforcement of collateral; or
• the "porting" of derivatives transactions, in any case for up to two business days, if such contractual termination or other right would otherwise be triggered by such protective measures or reorganisation proceedings (article 30a para. 1 to 3 Banking Act).

According to article 12 para. 2bis Banking Ordinance, when entering into new agreements or amending existing agreements, a bank licensed by FINMA must agree with the counterparty the application of the resolution stay powers of FINMA according to article 30a Banking Act, provided that the agreement is subject to a law other than Swiss law or provides for the jurisdiction of courts other than Swiss courts, and provided that the agreement is included on a list of contracts in the scope of such obligation (article 56 para. 1 lit. a to h BIO-FINMA), including derivatives transactions, repo transactions, intrabank credit agreements and master agreements in relation thereto.

Implementation of FinSA and FinIA

While the FinSA and the FinIA have been in place since 1 January 2020, the implementation of the new rules is still subject to transition periods.

By 24 December 2020, financial services providers will have to adhere to a Swiss ombudsman service, unless they only offer services to professional or institutional clients in the sense of the FinSA. This obligation will apply to Swiss and foreign banks that are interacting with retail clients in Switzerland.

Foreign financial services providers not subject to FINMA supervision will have to make sure the client-facing front office staff members are registered with a Swiss registration body for client advisers by 19 January 2021. Foreign financial services providers subject to prudential supervision in their home jurisdiction (eg, investment firms in the sense of MiFID) that are transacting only with professional or institutional investors in Switzerland are exempted from this requirement under the FinSO.

As regards the new point of sale obligations introduced by the FinSA for financial services providers such as banks active in the brokerage, advisory or asset management business, the client-facing obligations will have to be fully implemented by the end of 2021. By such deadline, financial services providers will have to complete the segmentation of clients into the categories of retail, professional and institutional, and will have to comply with the following relevant obligations, as applicable to the client category:

• an obligation to provide the relevant information to the clients (including standardised information, product and services-related disclosures, pre-trade disclosure of key information documents, information on the market offers taken into account and on conflicts of interest);
• completing the suitability and appropriateness tests in compliance with the requirements of the FinSA;
• informing clients where no suitability or appropriateness test is undertaken;
• fulfilling documentation requirements and accountability to the client during the timelines set by the regulation; and
• best execution in compliance with the requirements of the FinSA.

LIBOR Transition

FINMA closely monitors international developments as regards the end of LIBOR, which is expected to occur around the end of 2021. FINMA has recommended that participants in the derivatives market enter into new transactions including the market-standard fallback clauses, and adhere to the terms of the LIBOR Fallbacks Protocol published by ISDA or, as applicable, enter into bilateral agreements with the same effect (eg, on the basis of the documentation published by the Swiss Banking Association), for those transactions forming part of a trading book of legacy transactions with a term beyond the end of LIBOR.

For the floating rate notes and the loan markets, the relevant documentation solutions in the respective markets will have to be taken into account.

To the extent that it will not be possible to include such fallback clauses in transactions, the question will arise of how to deal with such "tough legacy transactions". FINMA will require a risk assessment of such portfolios and the provision of a strategy regarding how to mitigate such risks.

Introduction of DLT Rights

Swiss securities laws in their current form are a limiting factor as regards the issuance and trading of capital markets instruments in the form of digital assets issued on a distributed ledger (crypto-assets or tokens). Aiming to expand the potential use-cases of such distributed ledger technology (DLT) going forward and at the same time put the transactions on a robust legal basis, on 25 September 2020 the Swiss Parliament adopted an act to improve the current legal framework for DLT (the DLT Act), which will presumably enter into force on 1 August 2021 together with the implementing secondary legislation by way of amendment of the relevant ordinances, currently under consultation until 2 February 2021.

• Without regulating or endorsing any particular technology, the DLT Act amends various existing laws in order to remove legal obstacles that hampered the development of a functioning market for Tokens that are a digital representation of financial instruments. The most important innovations of the DLT Act are the introduction of¬"DLT rights" as a new type of right designed for digital assets;
• a right to set-aside crypto-assets held by a custodian for clients; and
• a new licence category for trading venues for DLT Rights and foreign securities that are transferred on a distributed ledger.

DLT Rights may become the digital equivalent of certificated securities or uncertificated securities by linking a right to a registration on a distributed ledger instead of a certificated security instrument or a registration in an uncertificated securities register. DLT Rights may not be exercised or transferred outside of the relevant distributed ledger. Any rights that could be issued as certificated or uncertificated securities may be issued as DLT Rights.

Under the draft ordinances relating to the DLT Act, holding payment tokens via omnibus client accounts would bring the service provider of such custody solution into the scope of a requirement to obtain a FinTech Licence as a bank.

Revision of Bank Insolvency Rules

On 19 June 2020, the Swiss Federal Council proposed a bill for the reform of the reorganisation and insolvency rules (the Bank Reorganisation Reform Bill 2020), which is scheduled to be discussed in the Swiss Parliament in 2021. Among other proposals, it will:

• incorporate the rules regarding the waterfall of how rights, equity and debt instruments are bailed-in into the Banking Act (such rules are currently part of the BIO-FINMA);
• introduce the power to carve-out certain financial instruments issued by cantonal banks with a guarantee by the sovereign from the bail-in waterfall;
• introduce a reform of the rules on the pay-out of proceeds in the depositor protection scheme; and
• introduce an obligation of securities custodians to segregate own positions from client positions.