Banking Regulation 2025 Comparisons

Supervision

The Swiss Financial Market Supervisory Authority (FINMA) is responsible for supervision of the Swiss banking sector. The responsibility for the monetary policy and overall stability of the financial system lies with the Swiss Central Bank (SNB). The latter also determines, in consultation with FINMA, which banks are systematically important.

Laws and Regulations

The Swiss Federal Act on Banks and Savings Banks (the BankA) and the related ordinances issued by the federal council and FINMA are the primary pieces of legislation, which, inter alia, set out the licensing and ongoing operational requirements for banks.

Ordinances enacted by the federal council include the following:

• the Swiss Federal Ordinance on Banks and Savings Banks (the BankO) which further details the provision of the BankA;
• the Swiss Capital Adequacy Ordinance (CAO), on the minimum capital requirements of Swiss banks, based on their business activities and risks; and
• the Swiss Liquidity Ordinance (LiqO), containing the qualitative and quantitative liquidity requirements for banks.

Further, FINMA has issued the following ordinances covering banks:

• the FINMA Foreign Banks Ordinance (FBO-FINMA), which applies to foreign banks that seek to establish a branch in Switzerland;
• the FINMA Banking Insolvency Ordinance (BIO-FINMA), specifying the bankruptcy and restructuring proceedings of the BankA;
• the FINMA Accounting Ordinance (AO-FINMA), covering, inter alia, the preparation of financial statements and the publication of annual reports and interim financial statements;
• the FINMA Ordinance on Disclosure Obligations (DisO-FINMA), which governs disclosure obligations, in particular with respect to capital, liquidity, interest rate risks, remuneration and corporate governance principles;
• the FINMA Ordinance on Credit Risks (CreO-FINMA), which further details the requirements of the CAO with respect to minimum capital requirements for credit risks;
• the FINMA Ordinance on Market Risks (MarO-FINMA), which covers the requirements of the CAO with respect to minimum capital requirements for market risks;
• the FINMA Ordinance on the Trading and Banking Book and Eligible Capital (TBEO FINMA), which specifies the requirements of the CAO with respect to the trading and banking book (including the classification of assets and calculation of RWA) as well as eligible capital; and
• the FINMA Ordinance on the Leverage Ratio and Operational Risks (LROO-FINMA), which includes the requirements of the CAO with respect to calculation of the leverage ratio and the minimum capital requirements for operational risks.

Other relevant laws and regulations include:

• the Swiss Financial Services Act (FinSA) and the ordinance thereto (FinSO), which (i) set out the rules that apply to the provision of financial services, such as conduct rules, organisational rules, duties to register as client adviser, or affiliate with an ombudsman, and (ii) contain the primary market rules for offering securities;
• the Swiss Financial Market Infrastructure Act (FinMIA) and the ordinance thereto (FinMIO), which regulate financial infrastructures and provide for rules that ensure the functionality of the Swiss financial market (financial infrastructures include trading venues for securities, central counterparties, central securities depositories, and payment systems); further, FinMIA and FinMIO regulate conduct requirements for trading in OTC derivatives and exchange-traded derivatives, the rules on the disclosure of significant shareholders in listed companies and the rules on market abuse and insider dealing; and
• the Swiss Federal Act on Combating Money Laundering and Terrorist Financing (AMLA) including the ordinances issued thereunder, and, in particular the FINMA Ordinance on Combating Money Laundering and Terrorist Financing (AMLO-FINMA), which sets out the anti-money laundering (AML) and combating the financing of terrorism (CFT) framework for FINMA-regulated financial institutions.

With respect to the Swiss supervisory practice, (i) the Swiss Financial Market Supervision Act (FINMASA), sets out the competences and instruments for enforcement by FINMA, and (ii) the Swiss National Bank Act (NBA) and the ordinance thereto (NBO), regulate the regulatory framework for the SNB and its powers, which in particular relate to systemic oversight (ie, also systemically important banks).

Finally, there are also self-regulatory organisations in Switzerland that issue rules that apply to the banking business. Two examples are the Swiss Banking Association (SBA) and the Asset Management Association Switzerland (AMAS). SBA has, inter alia, issued the Agreement on the Swiss Banks’ Code of Conduct for the Exercise of Due Diligence (CDB 20), which focuses on preventing money laundering and terrorist financing in the Swiss banking sector. It is expected that an amendment to the CDB 20 will come into effect in 2025. AMAS regularly issues self-regulatory guidelines to its members, including their fund management code of conduct (which is recognised by FINMA as a minimum standard) as well as the AMAS ESG framework applicable to managers of sustainability-related collective assets, or operators or producers thereof.

Overview

Similar to other jurisdictions, banking activities are regulated in Switzerland. Licences are granted to legal entities that pursue banking activities which are carried out in or from Switzerland. The relevant activities and licensing requirements are set out in the BankA and the related ordinances and circulars.

Scope and Limitations of Banking Activities

From a Swiss perspective, a bank is an entity that operates primarily in the financial sector and:

• accepts deposits from the public exceeding CHF100 million on a commercial basis (or publicly solicits such deposits);
• accepts public deposits up to CHF100 million or certain crypto-based assets designated by the Federal Council on a commercial basis (or publicly solicits such deposits) and invests these public deposits or assets or pays interest on them; or
• refinances itself to a significant extent from several banks that do not have a major stake in it, to finance various individuals or companies that are not part of their own business group.

The terms public deposits and commercial capacity require further explanation. Pursuant to Swiss law, public deposits are understood to be liabilities to customers with the central characteristic of a repayment obligation. In principle, an entity that continuously accepts more than 20 public deposits or publicly recommends itself as a recipient of public deposits (ie, advertises it, even if fewer than 20 deposits result from it) is deemed to be acting in a commercial capacity.

Swiss entities that meet the abovementioned requirements should in principle apply for a banking licence. In some cases, such entities may alternatively apply for a “fintech licence” – also called a “banking licence light” – or may benefit from the sandbox regime. Both concepts are explained below.

The fintech licence allows for the acceptance of public deposits for which no full banking licence is required but this comes with certain limitations. Fintech-licenced entities may accept public deposits on a commercial basis as long as (i) the aggregate amount of deposits does not exceed CHF100 million; (ii) the deposits do not bear interest; and (iii) the deposits are not reinvested by the company (eg, deposits are not used for on-lending purposes).

Generally, the requirements of such fintech licence are less stringent than those of the “full” banking licence. In particular, in relation to the accounting and auditing standards, the non-application of the provisions on deposit protection, and the lower capital requirements.

The Swiss sandbox regulation intends to facilitate fintech startups that may struggle to obtain a fintech- or “full”-banking licence. Entities that can benefit from the sandbox are those that are not deemed to act on a commercial basis as a result of:

• permanently accepting more than 20 public deposits totalling no more than CHF1 million;
• not engaging in interest margin business; and
• informing the depositors, before making the deposit, in writing (or other form demonstrable by text) that they are not supervised by FINMA and that the deposit is not covered by the deposit protection.

If an entity in scope of the sandbox exception exceeds the CHF1 million threshold, it must report this to FINMA within ten days and apply for a “full” banking or a fintech licence within 30 days. Whether this 30-day period is realistic in practice, is questionable.

Supervisory Categories

FINMA assigns banks to supervisory categories based on their total assets, assets under management, deposits subject to the deposit protection scheme and capital. Banks in different categories are supervised with different levels of intensity.

Categories 1 and 2 include the largest market participants, which require greater attention in view of their importance and risk profile (high to very high risk). FINMA subjects these players to ongoing, close supervision. Categories 1 and 2 include the systemically important banks (SIBs), which are, as of October 2024, UBS, Raiffeisen Group, Zürcher Kantonalbank and PostFinance.

Category 3 banks include large and complex market participants that carry significant risk and are supervised on a preventive basis, but do not require close and continual supervision.

On the other end of the spectrum, category 4 and 5 banks are supervised mostly on the basis of quantitative indicators and only looked at on an event-driven basis (ie, when rules are breached).

Category 4 and 5 banks can opt into a “small-bank” regime (SBR) if they fulfil certain conditions. To benefit from the relief measures of the SBR, a bank in category 4 or 5 must meet the following criteria (as set out in the CAO) at all times (i) at the level of the individual institution, and (ii) at the level of the financial group:

• refinancing rate of at least 100%;
• average liquidity coverage ratio (LCR) (assessed over a period of 12 months) of at least 110%, and
• simplified leverage ratio of at least 8%.

The FINMA can reject an application for the SBR in certain cases, for example, if supervisory measures or proceedings have been initiated against the bank. Banks may also lose the benefits of the SBR regime if they fail to remedy deficiencies within a reasonable period of time or if FINMA conducts enforcement proceedings against them for breaches of supervisory law.

SBR banks benefit from simplified requirements for calculating their capital and liquidity. In particular, they benefit from less stringent requirements for quality and quantity of the necessary capital, which includes the elimination of the calculation of risk-weighted assets (RWA), elimination of the capital buffer, as well as the elimination of the sectoral countercyclical buffers (CCB). Further, calculation of and compliance with the net stable funding ratio (NSFR) are not required. In addition, there are some qualitative relaxations in the FINMA circulars.

By the end of 2023, 54 banks participated in the SBR. This is a fourth of all category 4 and 5 banks. Costs for market entry of entities applying for a banking licence have decreased as a result of the SBR regime. For existing banks, costs have – according to an evaluation by FINMA – not been reduced to the expected level. The reason is that most banks have already put in place an expensive infrastructure to comply with the “full requirements”. It is, however, likely that the simplified requirements for banks will, over the longer term, lower costs for existing banks participating in the SBR regime.

Overview: Application Process

Before submitting a licence application, the applicant must first present the project to FINMA for preliminary review. For this purpose, a presentation must be submitted containing, inter alia, the following:

• business model and description of the regulated activity;
• financial resources and origin of the funds (based on current figures);
• intended setup (ie, organisation);
• overview of the group structure, if applicable;
• timetable; and
• power of attorney (if represented).

Preliminary assessments of licensing projects are subject to a fee.

The licence application needs to be submitted via the web-based Survey and Application Platform (EHP). To use the EHP platform, a one-time self-registration on the FINMA portal must be made and an application completed. Once FINMA has reviewed the application, templates and forms will be made available to the applicant on the EHP. Subsequently, the application for the banking licence can be submitted directly via the platform.

After the licence application has been submitted, a FINMA staff member will be assigned to it who is responsible for the procedure.

The FINMA Fees and Charges Ordinance sets out a framework for the tariffs in relation to the licence application. They vary from CHF10,000 to CHF100,000. The exact costs for each licence application are determined on the basis of the actual time FINMA spends on processing it. Processing time of the application depends on the licensing type, quality and complexity of the application as well as FINMA’s workload.

Overview: Requirements for a Banking Licence

Banks are required to adhere to stringent organisational, financial, and risk management standards. For a banking licence to be granted, the applicant must meet all licensing requirements. The following are considered key requirements by FINMA:

• a minimum capital of CHF10 million (fully paid-up);
• a detailed and accurate description of the business, including its geographical scope, to be included in the articles of association, partnership agreement, and business rules;
• a business plan demonstrating continuous compliance with capital adequacy, risk diversification, and liquidity requirements;
• assurance of irreproachable business conduct by qualified participants (ie, shareholders holding at least 10% of the capital or voting rights) and members of management (fit and proper requirements);
• management of the bank to be effectively conducted from Switzerland;
• distinction between ultimate strategic management and executive management (no member of the bank’s board of directors may simultaneously be part of the executive management);
• effective segregation of internal functions, especially lending, trading, asset management, and settlement;
• effective risk management, specifically through the proper identification, limitation, and monitoring of market, credit, default, settlement, liquidity, reputational, operational, and legal risks;
• effective internal control system, with an internal audit function that operates independently of executive management;
• appointment of a recognised audit firm for the licensing process; and
• appointment of a recognised regulatory audit firm for continuous supervision.

There are additional requirements that must be met in specific situations. Certain requirements are imposed on foreign banks. For applicants under foreign control (ie, a foreign shareholder holds at least 50% of the capital or voting rights or otherwise controls the applicant), FINMA may require the relevant jurisdiction to grant reciprocity.

FINMA may also require adequate consolidated supervision by a recognised supervisory authority if the applicant is considered to be part of a financial group. If the individual group companies are obviously independent of each other, FINMA can exclude them from the group assessment. This can be justified in particular if the group companies pursue different business models or objectives and this leads to a differentiated risk assessment.

Ancillary Banking Activities and Regulatory Approvals

Swiss financial regulatory law sets out a hierarchy of licences granted by FINMA. In hierarchical terms, the banking licence is the “highest”. The “broad” banking licence allows entities to carry out other regulated activities such as (i) securities trading (client dealers and own-account dealers) and market making (securities firm licence); (ii) fund management (manager of collective investment schemes licence); (iii) portfolio management (asset manager licence); and (iv) trustees activities (trustee licence). Banks are also open to carry out investment advisory activities (such activities are not subject to a licence in Switzerland).

Reporting Obligations for Qualified Participations in Banks

Both the prospective purchaser and seller of qualified participations in a bank must notify FINMA of their intention to purchase or sell. A qualified participation exists when an individual or entity directly or indirectly holds at least 10% of the capital or voting rights of a bank or has the ability to significantly influence its business operations via other means.

Banks must also report parties purchasing or selling qualified participations to FINMA as soon as they become aware thereof. Banks are further required to update their list of qualified participants at least once every year (within 60 days after the financial year ends). This can be done via the EHP.

Shareholders of banks (individuals and legal entities) must also notify FINMA before their shareholding hits, surpasses, or drops below the thresholds of 10, 20, 33, or 50 percent of the capital or voting rights.

Fit and Proper Requirements

The BankA does not set restrictions with respect to the type of entities or individuals holding a controlling interest in a bank. However, as a general principle, any party with a qualified participation in a bank must ensure proper business conduct to maintain public confidence in the financial sector and in the supervised institutions. Individuals and entities who hold a qualified participation in a bank must ensure that their influence does not compromise the bank’s prudent and sound business operations. Reference is also made to the ongoing fit and proper requirements related to senior management in 4.2 Registration and Oversight of Senior Management.

Foreign Control

Swiss-controlled banks that change to foreign control must obtain an additional licence from FINMA. Entities that are under foreign control and apply for a banking licence are also subject to such additional requirements. Foreign control means that foreign holders of qualified participations directly or indirectly hold more than 50% of the votes of, or otherwise exert a controlling influence on, the bank.

FINMA will grant an additional licence if certain requirements are met (cumulatively).

• The jurisdictions in which the qualified participants reside or are domiciled must ensure reciprocal rights (Swiss individuals or entities must have the possibility to operate a bank in the relevant jurisdiction and such banks would not be subject to more restrictive provisions compared to foreign banks in Switzerland). Verification of reciprocity is not required if international agreements that provide for reciprocity, such as those with WTO member states, exist.
• The bank’s company name must not imply or suggest that the bank has a Swiss character (meaning the public must not be misled directly or indirectly with respect to the bank being under foreign control).
• If the transfer to foreign control leads to the bank becoming part of a financial group, FINMA may require the consent of the foreign supervisory authority. FINMA may make the licence conditional on ensuring adequate consolidated supervision.

Foreign-controlled banks also require authorisation with respect to changes concerning qualified participations in such banks.

Passporting

As Switzerland is not a member state of the EU, passporting is not available to Swiss banks.

Overview

FINMA published Circular 2017&/1 – Corporate Governance – Banks dealing with governance requirements for banks. The circular outlines the requirements for corporate governance, risk management, internal control systems, and internal audit that banks are expected to meet.

Executive Board

The management is responsible for executing the bank’s day-to-day business operations in line with the business strategy and the directives set forth by the board of directors. Key responsibilities include:

• overseeing daily operations, managing operational income, and assessing risks, including balance sheet structure and liquidity management; it also acts as the representative of the institution in all operational matters involving third parties;
• presenting proposals for business decisions to the board; and
• designing and maintaining effective internal processes.

The executive board also develops the risk policy as well as the basic features of the bank-wide risk management.

Members of the executive board, individually and also with respect to the body as a whole, must have adequate management expertise, specialist knowledge and experience of banking and financial services. This is required to ensure compliance with licensing requirements in connection with the institution’s operational activities. See 4.2 Registration and Oversight of Senior Management with respect to the applicable fit and proper standards.

As banks need to be effectively managed from Switzerland, managing directors must reside in a location where they can effectively and responsibly fulfil their duties. Decisions and directives within the framework of group supervision must be made from Switzerland.

Board of Directors

The board of directors holds the ultimate responsibility for the management, oversight, and strategic direction of the bank. It defines the bank’s business strategy and establishes its risk policy, ensuring the effective regulation, implementation, maintenance, monitoring, and periodic review of internal controls.

To fulfil these duties, the board must possess adequate managerial and technical expertise, relevant experience, and the necessary time commitment. Members are required to personally fulfil their responsibilities and maintain a constant state of readiness to respond to crises and emergencies, beyond the routine schedule of meetings. The board’s composition must be sufficiently diverse, representing key areas of responsibility, including finance, accounting, and risk management. For the sake of clear functional separation, no member of the board of directors may simultaneously serve on the bank’s management team. Additionally, at least two-thirds of the members must meet independence criteria, which include the following prohibitions:

• they have not been employed by the institution in any other capacity within the past two years;
• they have not served as the lead auditor for the institution within the last two years;
• they do not have any business relationships with the institution that could result in a conflict of interest; and
• they are not qualified participants in the institution or represent such participants.

The board may establish committees to assist in carrying out its responsibilities. For banks in supervisory categories 1 to 3, a sufficiently independent audit committee and a risk committee are mandatory. Further, SIBs must establish, at least at group level, a compensation and nomination committee.

Internal Control System

The internal control system (ICS) needs to be comprised of at least two main controlling bodies: revenue-generating units and independent control bodies. Revenue-generating units manage risks as part of their daily operations, actively monitoring and reporting on these risks to maintain effective control.

Independent control bodies oversee risks and ensure compliance with legal, regulatory, and internal guidelines. Institutions can establish a variety of control bodies carrying out different functions, but must at least cover (i) risk control, and (ii) compliance (see in further detail below). The control bodies need to be integrated into the ICS independently from the revenue-generating units, having full rights to access information and conduct inspections. Their compensation structures must be designed to avoid conflicts of interest.

One or more executive board members must oversee the independent control bodies, ensuring they have direct access to the board. For banks in supervisory categories 1 to 3, an autonomous risk control and compliance function is established, led by a Chief Risk Officer (CRO). SIBs must appoint a CRO who is a member of the executive board.

Risk control’s primary responsibilities include monitoring and reporting on individual and aggregated risk positions, conducting stress tests, and performing scenario analyses under adverse conditions. It also implements risk data aggregation and reporting provisions for larger institutions, monitors risk profiles against defined tolerances, and ensures compliance with supervisory regulations. Risk control must be consulted during the development of new products or major transactions and plays a critical role in defining risk limits.

The compliance function conducts an annual assessment of compliance risks, creating a risk-oriented activity plan that requires executive board approval. It promptly reports significant changes in compliance risks to the executive board and annually updates the board of directors on compliance assessments and activities. In cases of serious compliance breaches, the compliance function informs both the executive board and the board of directors, assisting in determining appropriate actions.

Internal Audit

Every bank needs to establish an independent internal audit function. In limited circumstances, a delegation of the internal audit is possible. The internal audit reports to the board of directors (or its audit committee) and delivers independent assessments and audits of the company’s organisation and business processes (in particular with respect to the ICS and risk management). Further, it needs to, inter alia, carry out an annual comprehensive risk assessment of the institution’s significant risk categories. Internal audit publishes a report that sets out its key findings and important activities per audit period. This report is to be submitted to the board of directors (or its audit committee), the executive board as well as the regulatory audit firm. The compensation system for members of the internal audit function needs to be designed in a way that does not lead to conflicts of interest.

Senior management of banks must adhere to strict business conduct requirements, commonly known as “fit and proper” standards, to maintain public trust and protect the reputation of the financial sector. These standards apply to both the board of directors and executive management.

Fitness pertains to the competence and experience individually and of the management body as a whole. The assessment does not solely consider whether an individual, such as the Chairman of the Board or the CEO, possesses all the necessary experience; instead, it evaluates whether the management team collectively has the required expertise. FINMA assesses strategic and operational management capabilities at the institutional level. Propriety, on the other hand, relates to an individual’s integrity and reputation. Each member of senior management must independently fulfil the propriety requirement, as integrity cannot be delegated. FINMA continuously monitors both individuals and the management body as a whole to ensure compliance with these standards.

Any changes to the board of directors or executive management must be reported to and approved by FINMA prior to implementation. FINMA collects and reviews detailed personal, professional, financial, and legal information, including identification details, qualifications, financial standing, and auditor reports, to evaluate the suitability of individuals for key roles. To that extent, FINMA also manages a database to assess compliance with proper business conduct requirements in accordance with financial market law. FINMA further assesses fitness and propriety based on specific roles, taking into account the institution’s size and complexity.

If an individual is deemed unfit, FINMA has the authority to mandate his/her removal (as part of enforcement proceedings), thereby ensuring that leadership upholds the standards for effective governance. Procedures against individuals may lead to entry into the above-mentioned database (also referred to as a watch list).

Remuneration Requirements Based on the Banking Act

The BankA provides for remuneration requirements applicable to SIBs. If a SIB or its parent company receives state aid (despite the implementation of the special measures required for SIBs), the Federal Council is mandated to implement measures concerning remuneration. In particular, the Federal Council has the authority to either wholly or partially prohibit the payment of bonuses or to mandate changes to the remuneration system of the bank. Furthermore, SIBs are required to include provisions in their remuneration systems that limit the entitlement to bonuses in the event of state support. The overarching objective of this regulation is to ensure that banks benefiting from state aid appropriately adjust their remuneration frameworks.

Remuneration Requirements Based on FINMA-Circular 2010/1

FINMA issued the Circular 2010/1 “Remuneration schemes”, which sets out principles on remuneration systems of, inter alia, banks. It defines minimum standards for the design, implementation and disclosure of remuneration schemes in financial institutions. In particular, it establishes ten principles for minimum standards that must be observed in this context (subject to the principle of proportionality). Only banks of a certain size (those that, in their capacity as a single entity or financial group, are required to maintain equity capital in the amount of at least CHF10 billion under the CAO) are obliged to implement the circular, although FINMA recommends that all banks do so as best practice. Deviations from the principles set out in the circular are possible, although only in justified exceptional circumstances, and such deviations must be disclosed (“comply or explain”).

Remuneration Requirements with Respect to Financial Services

FinSA and FinSO require that remuneration systems do not incentivise non-compliance with legal obligations related to the provision of a financial service.

Remuneration Requirements for Listed Companies

Under Swiss corporate law, a bank may be in scope of the compensation requirements that apply to listed stock corporations incorporated under Swiss law with a registered office in Switzerland. Such requirements are set out in the Swiss Code of Obligations and include, for example, a compensation report and voting on compensation.

Internal Remuneration Requirements

As mentioned in 4.1 Corporate Governance Requirements, the remuneration system for the independent control bodies and internal audit function should be designed in a way as to not create any conflicts of interest.

Outlook

In April of this year – driven by the Credit Suisse crisis – the Federal Council adopted the report on banking stability. In this report, the Federal Council proposes a series of measures on variable remuneration. Pursuant to the report, a clear legal framework should ensure that remuneration systems are closely aligned with an institution’s long-term economic success and may not incentivise excessive risk-taking.

Swiss banks qualify as financial intermediaries and therefore are in scope of the Swiss AML framework, including AMLA and its implementing ordinances. The AMLO-FINMA provides the more detailed requirements for financial institutions (including banks) to prevent money laundering (ML) and terrorist financing (TF), including customer due diligence, organisation rules, transaction monitoring, and reporting obligations.

In summary, banks need to:

• identify the contracting party;
• establish the identity of the beneficial owner;
• repeat the identification per the first two bullet points above in the event of doubt;
• apply special duties of due diligence in certain circumstances;
• comply with ongoing documentation and retention obligations;
• comply with ongoing organisational measures; and
• comply with reporting (or further measures) in the event of a reasonable suspicion of ML or TF.

Identification of Contracting Party

For purposes of identification of the contracting party, the controlling party, and the beneficial owner, AMLO-FINMA refers to the CDB 20. Banks must establish the identity of the contracting party when establishing business relationships.

Natural persons

If the business relationship is established in a face-to-face meeting, the bank must identify the contracting party via an official identification document with a photograph (eg, passport or identity card) and put a copy of such document on record. If the business relationship is established by video and meets the requirements of the FINMA Circular 2016/7 “Video and online identification”, it is deemed equivalent to identification face-to-face.

If the business relationship is established by correspondence, the bank must verify the identity of the contracting partner via an authenticated copy of an identification document. Online identification is deemed equivalent to identification by correspondence, if the process meets the requirements of the FINMA Circular 2016/7.

Legal entities and partnerships

Legal entities and partnerships are generally identified via a Swiss or foreign-equivalent commercial registry extract or written extract of such database. The identity of the individuals that establish the business relationship must be checked and power of attorney relationships taken note of and documented.

Establishment of Beneficial Owner

Swiss banks must also establish the identity of the beneficial owner of legal entities and partnerships.

For operating legal entities, the bank needs to determine the individual who ultimately controls the legal entity (controlling party). Such determination is made according to the following cascade:

• When a business relationship is established, the first step is to check whether a natural person holds a voting or equity interest of 25% or more in the contracting party.
• If this is not the case, the second step is to check whether a natural person exercises effective control over the contractual partner in any other way.
• Finally, in a third step, if no controlling party could be identified in steps one and two, the managing director of the contracting party is recorded as the controlling party. The above steps can be completed in a written declaration or via Form K appended to the CDB 20 (or equivalent purpose-made declaration).

For non-operating entities (domiciliary companies), the above cascade does not apply. The decisive factor here is the possibility of the beneficial owner (alone or together with other beneficial owners) to make the final decision on the use of the assets held by the domiciliary company.

Swiss banks further need to obtain a declaration from the contracting party as to who is the beneficial owner of the assets deposited with the bank. This can be done via Form A appended to the CDB 20 (or equivalent purpose-made declaration).

Special Duties of Due Diligence

Swiss banks must establish the type and purpose of the business relationship intended by the contracting party (the extent of the inquiries depends on the risk associated with the contracting party). In certain cases – eg, in the event of an increased-risk business relationship or transaction, the bank must establish the background and purpose of a business relationship or transaction. For that purpose, banks must develop risk criteria to identify business relationships or transactions with increased risks.

Organisational Measures, Documentation and Retention Obligations

Swiss banks need to establish an internal AML department that monitors compliance on an ongoing basis. Such department needs to, inter alia, (i) issue instructions; (ii) be the first point of contact in AML/CFT matters; and (iii) plan and make sure that the staff are adequately trained on AML/CFT matters. Further, in-house controls with respect to AML/CFT compliance need to be made.

Swiss banks further need to ensure adequate documentation and retention of documents. All documents required in connection with the fulfilment of due diligence obligations must be retained for ten years after the transaction in question has been carried out or the relevant business relationship has been terminated.

Reporting Duties and Additional Measures

Banks must, in the event of reasonable suspicion of ML or TF, immediately report to the Money Laundering Reporting Office (MROS). This includes, inter alia, circumstances where such bank knows or has reasonable grounds to suspect that the assets involved in the business relationship are connected with ML or criminal organisations, derive from a crime or a qualified tax offence or serve for TF.

Swiss banks must further observe the asset freezing and confidentiality rules set out in AMLA. In particular, Swiss banks must enact an asset freeze with respect to assets entrusted to them as soon as MROS informs them that it will forward a report to a prosecution authority (subject to certain exceptions where assets need to be frozen immediately). Swiss banks are generally prohibited from informing the persons concerned or any third parties about a report made to MROS. This is subject to certain exceptions – eg, if the Swiss bank cannot enact the asset freeze itself, it may inform the financial intermediary that can enact such asset freeze.

The Swiss depositor protection scheme is based on a three-tier system and applies to Swiss-regulated banks, foreign banks operating branches in Switzerland (provided the deposits are booked with the branch) and securities dealers.

• Tier 1: Under the privileged deposit system, deposits up to a maximum of CHF100,000 per depositor and institution are privileged deposits. These privileged deposits are first paid out from the available liquid assets of the failed bank (outside of the schedule of claims under bankruptcy law). Such deposits are (i) paid out immediately if they are booked in Switzerland, and (ii) paid out as soon as the bank can pay out such deposits legally and operationally if they are booked outside of Switzerland. For that purpose, all banks must hold collateral consisting of assets in Switzerland equivalent to 125% of the protected and preferential client deposits.

• Tier 2: As a second-tier measure, the deposit protection scheme applies. Esisuisse is tasked with maintaining such system. All banks in Switzerland that accept client deposits are obliged to participate in the depositor protection scheme. If the bank has insufficient liquidity available to cover the protected deposits (see tier 1), esisuisse funds the disbursement of protected deposits up to a maximum of CHF100,000 per depositor. The amount that all banks contribute to esisuisse is based on 1.6% of the total of all deposits secured at banks in Switzerland (currently CHF7.9 billion), but may not be less than CHF6 billion. The Federal Council is authorised to increase this amount if necessary. Up to such cap, the guaranteed amounts must be paid out within a period of seven days to the liquidator by esisuisse.

• Tier 3: If the deposits have not been paid out under tier 1 or tier 2, they are treated preferentially and placed among the second class of bankruptcy claims (up to a maximum of CHF100,000). In such a case, they may be paid out only partially, and at the same time as other second-class claims (after first-class claims, such as employee salary and pension fund claims, have been paid out).

The deposit protection scheme also applies to cantonal banks; however, some cantonal banks additionally benefit from a state guarantee. Cantonal banks are banks controlled by a Swiss canton (at least one-third of the capital and voting rights must be held by a Swiss canton for a bank to be characterised as cantonal). The applicable cantonal legislation provides to what extent the liabilities incurred by a cantonal bank are insured by the concerned canton.

Assets held at providers that use the “sandbox” exception or use the fintech licence are not protected under the depositor protection scheme.

Statutory Capital Requirements

To obtain a banking licence, banks need to have a fully paid-in minimum capital of at least CHF10 million. FINMA can demand higher statutory capital, depending on the bank’s intended activities.

Overview: Regulatory Capital and Liquidity

In general, the Basel III standards have been gradually incorporated into Swiss financial regulatory law. Capital adequacy and liquidity requirements are regulated in the CAO and LiqO. In November 2023, the Federal Council decided to put the Basel III standards (also referred to as Basel 3.1) into force by means of an amendment to the CAO. Such amendments will take effect in January 2025 and will be accompanied by a number of FINMA ordinances (see 1.1 Key Laws and Regulations).

Regulatory Capital Requirements

Regulatory capital

Non-systemic banks are required to maintain a minimum regulatory capital of at least 8% of their RWA: (i) 4.5% must be held in the form of common equity Tier 1 (CET1), and (ii) 6% must be held in the form of Tier 1 capital. If the minimum capital required and capital buffer (see below) do not sufficiently cover the risks of a bank, FINMA may require additional capital to be held by such bank. FINMA assesses this on a case-by-case basis.

Capital buffer

Further, banks must have a capital buffer ranging from 2.5% to 4.8% of their RWA. Further, the Swiss sectoral countercyclical capital buffer (CCyB) targeted at mortgage loans financing residential property located in Switzerland remains at 2.5% as decided by the Federal Council in January 2022 (this is to mitigate and counteract risks from excessive credit growth).

Extended countercyclical buffer

Banks with total assets of at least CHF250 billion, of which (i) the total foreign commitment amounts to at least CHF10 billion, or (ii) with a total foreign commitment of at least CHF25 billion, are further required to maintain an extended countercyclical buffer of up to 2.5% of RWA (in the form of CET1).

Liquidity Requirements

As a main rule, a bank must always have sufficient liquid assets to meet their payment obligations, even in stress situations. To achieve this, banks must maintain adequately measured, sustainable liquidity reserves and ensure appropriate financing. The LiqO implements Basel III’s liquidity standards and sets out both qualitative and quantitative liquidity requirements.

With respect to qualitative requirements, banks must, inter alia, manage their liquidity risks appropriately according to their size and business complexity, establish processes for identifying, managing, and monitoring liquidity risks to ensure they always have sufficient liquidity and that their payment and settlement systems are not impaired, and implement measures to mitigate liquidity risks.

With respect to quantitative requirements, banks must comply with a LCR and net stable funding ratio (NSFR). The LCR requires banks to ensure that they have sufficient high-quality liquid assets (HQLA) to cover their short-term liabilities within 30 days. The NSFR promotes long-term stability by requiring banks to maintain a stable funding base to finance their long-term assets. The calculation of both LCR and NSFR is comprehensively regulated in the LiqO. FINMA monitors compliance with these requirements and can take appropriate measures in case of non-compliance.

Risk Management

Banks must manage concentration risks and adhere to specific regulations. As a general standard, the maximum risk concentration is set at 25% of the bank’s adjusted Tier 1 capital (Tier 2 supplementary capital is generally not taken into account).

SIBs

SIBs are required to maintain higher levels of regulatory capital compared to other banks (ie, there are additional requirements for SIBs). This ensures they can better withstand unexpected losses from their regular business operations (going concern) and aims to minimise the risk of restructuring, winding up by FINMA or even state intervention (gone concern).

To guarantee progression of the bank (ie, from the going concern perspective), SIBs are required to comply with:

• baseline requirements: 12.86% RWA ratio and 4.5% leverage ratio;
• a surcharge (or add-on): the size of the surcharge depends on the degree of systemic importance (in particular, the bank’s total exposure and market share in domestic lending and deposit business); and
• CCyB (applicable to all banks).

The going concern requirements need to be largely met with CET1 capital.

Additionally, in the event of a crisis (ie, from a gone concern perspective), SIBs must have extra funds available to absorb losses. Domestic systemically important banks (D-SIBs) must maintain gone concern capital requirements of at least 40% of their going concern capital. For global systemically important banks (G-SIBs) at the consolidated group level, the requirement is 100%, with FINMA having the authority to grant rebates.

The gone concern requirements are typically fulfilled with bail-in bonds (which need to meet certain eligibility criteria, such as being issued by the group holding company under Swiss law and with jurisdiction of the Swiss courts).

Like “regular” banks, SIBs must limit concentration risks, with a standard cap of 25% of Tier 1 capital. However, for SIBs, exposure to other SIBs, whether Swiss or global, is capped at 15% of Tier 1 capital.

Insolvency Regulations

In Switzerland, the measures to be taken by banks (and fintech-licenced entities) in the event of insolvency risks are regulated in the BankA and aim to ensure business continuity, streamlining of restructuring and time-efficient repayment of preferential deposits.

If there are justified concerns that a bank is over-indebted or facing serious liquidity issues, or if it fails to meet the capital adequacy requirements by the deadline set by FINMA, the supervisory authority can impose (i) protective measures; (ii) restructuring measures; and (iii) the liquidation of the bank, all as set out in the BankA.

Initial protective measures may include issuing directives to the bank’s management, revoking their authority to represent the bank, dismissing them, or prohibiting the bank from making or receiving payments and conducting securities transactions. The aim of ordering these protective measures is the continuation of the bank at risk. Protective measures can be issued on a standalone basis or in combination with restructuring or liquidation measures.

If justified (realistic chance of restructuring), FINMA may initiate restructuring measures to ensure continuation of the bank or single banking services. FINMA will then issue the necessary directives to carry out the restructuring proceedings and may appoint an officer to develop a restructuring plan that outlines the basic elements of the procedure and specifies the measures to be implemented (eg, the reduction of existing capital and the creation of new equity, or the conversion of debt into equity, as well as the reduction of claims). The restructuring plan ensures that the bank complies with legal regulations after the restructuring is completed and that the protection of the bank’s creditors is guaranteed.

If there is no realistic chance of a successful restructuring (or if such restructuring failed), FINMA will (i) revoke the bank’s licence; (ii) order its liquidation; and (iii) publish such liquidation proceedings. Additionally, FINMA will appoint one or more liquidators (subject to supervision and reporting duties to FINMA).

Additional rules apply to SIBs. Such banks must have an emergency plan, which will be assessed by FINMA for efficacy. The goal of such plan is to ensure that the systemic functions can be continued without disruption in the event of imminent insolvency.

Further, SIBs require a recovery and resolution plan. The recovery plan is to be drafted by the management of the bank and needs to contain the stabilising measures to be taken in a time of crisis, allowing the bank to continue its business without government intervention. The recovery plan is subject to approval by FINMA.

The resolution plan is drafted by FINMA. The aim of such plan is to illustrate how a FINMA-ordered restructuring or liquidation of the systemic bank can be carried out. The bank has to provide FINMA with the information required to draft such plan.

The Swiss deposit protection regime is explained in 6.1 Deposit Guarantee Scheme (DGS).

Overview: Swiss ESG Framework

Other than a few legal requirements, primarily in the area of corporate transparency and sustainability reporting, the Swiss regulatory sustainability framework is rather minimal (especially when compared to the EU) and has been largely left to self-regulatory efforts.

Non-financial Reporting based on Corporate Law

As of January 2024, the associated ordinance on climate reporting (the Climate Reporting Ordinance) applies in Switzerland. Under the Climate Reporting Ordinance, Swiss companies that cumulatively (i) are of public interest (eg, listed companies or supervised companies, such as banks); (ii) which together with their controlled domestic or foreign entities, have an annual average of at least 500 full-time equivalent positions in two consecutive financial years; and (iii) which together with their controlled domestic or foreign entities exceed a balance sheet total of at least CHF20 million or a turnover of CHF40 million, are subject to non-financial reporting duties.

With respect to content, the report needs to contain non-financial information concerning environmental matters (in particular CO₂ goals), social responsibility, employee matters, human rights and combatting corruption. Companies (including banks) subject to the reporting duties are deemed to have complied with climate reporting duties (as a part of the environmental matters) if reporting is made in accordance with the recommendations of the task force on climate-related financial disclosures. In general, the report can be based (content-wise) on nationally or internationally recognised guidelines (such as the relevant OECD guidelines).

For completion, Swiss corporate law also imposes certain transparency and due diligence duties with respect to conflict minerals and child labour.

Disclosure of Climate-related Risks

In FINMA Circular 2016/01 “Disclosure – Banks”, FINMA mandates significant financial institutions (those in supervisory categories 1 and 2) to meet disclosure requirements related to climate-related financial risks. As such, the largest banks must provide details on their material climate-related financial risks and explain how these risks impact their business strategy, business model, and financial planning. Additionally, they are required to disclose their processes for identifying, measuring, and managing these risks, including providing quantitative data and outlining the methodologies used. Finally, institutions must describe the key aspects of their governance structures as they relate to climate-related financial risks.

Self-Regulation

As mentioned above, Switzerland has largely relied on self-regulation with respect to ESG.

As of January 2024, members of the SBA are subject to guidelines on the inclusion of ESG preferences and ESG risks in investment advice and asset management. This introduces binding self-regulation regarding sustainable finance, also covering the risk of greenwashing at the point of sale for SBA members.

AMAS has developed a principle-based self-regulation for sustainable asset management (currently version 2.0). This set of rules applies to AMAS member institutions (including banks) that produce and manage sustainability-related collective assets. It aims to ensure transparency and quality in the management and positioning of collective assets presented as sustainable or having sustainable characteristics.

Broad Interpretation of General Principles

It needs to be noted that in certain cases, general principles are applied broadly for purposes of ESG compliance – eg, with respect to greenwashing. With respect to funds, the name of a fund may not give rise to confusion or be deceptive. As part of authorisation proceedings by FINMA, this has been interpreted broadly to combat greenwashing with respect to fund products. Further – and equally relevant in the context of greenwashing – Swiss competition law prohibits deception or conduct that violates the principle of good faith.

The Digital Operational Resilience Act (DORA) is a European Union regulation aimed at strengthening IT security and operational resilience within the financial sector. It will become fully applicable by January 2025 and aims to ensure that banks, insurance companies, investment firms, and third-party information and communication technology (ICT) service providers can withstand severe operational disruptions. It also standardises operational resilience rules across 20 categories of financial entities in the EU.

Although Switzerland is not an EU member state and Swiss banks are not directly subject to DORA, those banks operating within the EU will need to comply with its requirements. In practice, Swiss financial institutions (including banks) that interact with EU-based entities or customers may still need to meet DORA standards. This is particularly important for Swiss firms providing IT services to EU subsidiaries, sister companies, or EU-based clients. As a result, many Swiss financial institutions are preparing for increased alignment with DORA’s operational resilience requirements.

Swiss financial institutions, including banks, already adhere to stringent IT security and risk management standards set by FINMA. Key guidelines, such as Circular 2018/3 on outsourcing and Circular 2008/21 on operational risks, help ensure robust cybersecurity and operational resilience.

Finally, Switzerland often aligns its financial regulations with international standards, which may lead to future adoption of similar rules concerning operational resilience and cybersecurity.

The recent Credit Suisse crisis, which led to an intervention by Swiss authorities and a rescue by way of a merger with the UBS group, has had an impact on the financial marketplace and is likely to trigger changes to the regulatory framework for banks.

Following the collapse of Credit Suisse, first legislative steps have already been taken with respect to the regulatory framework applicable to SIBs. It is likely that in the coming years the capital and liquidity requirements for SIBs will further evolve. Further, in December 2023, FINMA published a report with the lessons learned from the Credit Suisse crisis. In this report, FINMA calls for an extension of its powers, including the power to impose fines and the authority to publish information on enforcement proceedings on a regular basis. FINMA also sets out that a senior manager regime, similar to that of the UK, may be advantageous in Switzerland. Generally, this call for an extension of powers has been met with criticism.

In December 2023, Switzerland and the UK entered into an agreement with respect to recognition of financial services (the Bern Financial Services Agreement). In essence, this agreement provides for the mutual recognition of equivalence in terms of national legislation. Further, it aims to strengthen the cross-border market for financial services between the two nations (also with respect to banking and asset management). The agreement also provides for closer co-operation between Switzerland and the UK in the area of sustainable finance. It potentially provides a template for similar agreements between Switzerland and other non-EU financial centres. The agreement is expected to enter into force in Switzerland in the course of 2025.

As mentioned in 7.1 Capital, Liquidity and Related Risk Control Requirements, the Swiss Federal Council adopted an amendment to the CAO in November 2023. Further, FINMA published five new ordinances to introduce the final Basel III (or Basel 3.1) standards. Both the amendment to the CAO as well as the new FINMA ordinances are expected to enter into force in January 2025.

On 19 June 2024, the Swiss Federal Council published a proposed revision of the FinMIA. The draft bill includes extensive amendments to derivatives trading rules, the Swiss market conduct framework, and market infrastructure, such as payment systems, central securities depositories, and trading venues. It also proposes significant changes to the Swiss transaction reporting regime. The draft bill is open for public comments until 11 October 2024. The Federal Council will then prepare a revised version to submit to the Swiss Parliament, with this step likely occurring in 2025.

With respect to AML, it is expected that at the earliest in January 2026, the federal act on the transparency of legal entities (TLEA) will come into force. The TLEA will – in line with the recommendations of the Financial Action Task Force (FATF) – introduce a federal register for the identification of beneficial owners of the legal entities in scope. Currently, the CDB 20 is also under revision to consider adjustments made to the AMLA and its related ordinances as well as FATF recommendations.

In a recent important development for banks, the FINMA circular “Operational Risks – Banks” has been completely revised and replaced by the new circular “Operational Risks and Resilience – Banks”, which came into effect in January 2024. This circular considers technological developments and specifies the supervisory practice regarding the management of operational risks, particularly in connection with ICT, the handling of critical data, and cyber risks. The circular also adopts the revised principles for managing operational risks and the principles on operational resilience published by the Basel Committee on Banking Supervision in 2021. For certain aspects of operational resilience, transitional periods apply until December 2025.

On 1 January 2025, DisO-FINMA will enter into force, replacing FINMA Circular 16/1 “Disclosure – Banks”. The ordinance will expand disclosure requirements in various areas (eg, in the credit valuation adjustment), and amendments will be made to certain existing disclosure templates and tables.

With respect to FINMA initiatives, in September 2024, FINMA launched a consultation on a new circular concerning consolidated supervision. Such circular aims to clarify the scope and content of consolidated supervision, increasing transparency in FINMA’s supervisory practice. The consultation period runs until 1 November 2024. The new circular is expected to enter into force in mid-2025. In October 2024, FINMA further launched a consultation on a new ordinance on insolvency proceedings at financial institutions. This ordinance will replace the BIO-FINMA, the FINMA Insurance Bankruptcy Ordinance (IBO-FINMA), and the FINMA Collective Investment Schemes Bankruptcy Ordinance (CISBO-FINMA). The new ordinance is looking to standardise procedures for financial market institutions subject to FINMA’s restructuring and bankruptcy jurisdiction. The consultation runs until 9 December 2024.