Market conditions for fintech offerings in Switzerland are generally considered favourable. This is due to:

• broad access to credit and venture capital;
• an educated workforce (the high number of graduates in science and technology); and
• widespread access to and use of information and communication technology.

Switzerland’s Fintech market has experienced significant growth and expansion, with both the value chain and product and service range seeing acceleration from an already high level. According to the Swiss Venture Capital Report 2023, total investment in the fintech industry increased slightly by CHF52 million to CHF909.9 million compared to the previous year. This was achieved through 54 funding rounds. Although the most recent Swiss Venture Capital Report 2024 shows that total investments declined significantly by CHF485.6 million to CHF424.3 million, while funding rounds slightly increased to 60, this downturn must be seen in light of the turbulent developments of the past ten years. Capital invested in Swiss start-ups of almost CHF2.6 billion in 2023 is still the third-highest figure in the last ten years. Financing and fundraising remain crucial considerations for the fintech industry. Since 2015, the legislature has focused on adapting the legal and regulatory framework to the needs of the fintech sector (see 2.4 Variations between the Regulation of Fintech and Legacy Players), contributing to a more dynamic Swiss fintech sector. Additional legislation, particularly in the area of blockchain, came into force in August 2021 (see 12.2 Local Regulators’ Approach to Blockchain).

The Swiss fintech landscape has evolved significantly in recent years and Switzerland remains an attractive location for financial sector innovators. There are currently over 400 active players in Switzerland’s fintech ecosystem, including both emerging and established companies. The total number of fintech-related businesses is much higher. These companies primarily focus on the financial market sector, notably:

• payment services;
• investment management;
• banking infrastructure;
• deposits and lending;
• distributed ledger technology; and
• analytics.

Many of these businesses offer their products and services to established financial institutions and/or collaborate on digitalisation projects.

Switzerland’s fintech market is primarily composed of start-ups that receive most of their funding through venture capital. In Switzerland it is common for established financial service providers to work with emerging fintech companies. While there are no current trends towards displacement, the value chain of established financial service providers is being scrutinised and challenged both internally and externally. Emerging fintech companies are developing new technology-driven products and services that have the potential to disrupt the value chain of established players.

Established financial service providers generally have the necessary financial and organisational resources to gradually adapt their business processes, both to avoid this displacement and get high market visibility. Conversely, a relatively small number of emerging companies can rely on a trusted brand or a financial market licence (eg, a bank). In August 2019, the Swiss Financial Market Supervisory Authority (FINMA) granted banking licences to fintech players for the first time, namely AMINA Bank AG (formerly Seba AG) and Sygnum, which specialise in assets based on digital ledger technology (DLT).

Swiss law takes a technology-neutral and principle-based approach, which has significant implications for fintech companies operating in Switzerland. Unlike other jurisdictions, Swiss-based fintech companies benefit from a more flexible regulatory environment that allows for greater regulatory latitude. FINMA has made regulatory changes to support fintech development and lower market entry barriers. These changes are risk-based and technology-neutral. Recent legislative projects, including a new regulatory licence type, commonly referred to as a “fintech licence” or “banking licence light”, have created a technology-neutral regulatory framework for any business that needs to accept deposits of up to CHF100 million from the public without engaging in typical commercial banking activities (see 2.5 Regulatory Sandbox).

Alongside these specific fintech measures, fintech companies are also subject to the general legal and regulatory framework summarised below (see 2.9 Significant Enforcement Actions).

Banking Legislation

In Switzerland, soliciting and accepting deposits from the public on a professional basis is a restricted activity that requires a full-fledged banking licence from FINMA. The term “deposit” is broadly defined under the Banking Act as any undertaking for own account to repay a certain amount. Deposits are considered “public” when:

• funds are solicited from the public (as opposed to being solicited from banks or professional financial intermediaries, institutional investors, shareholders, employees or other related persons); or
• funds from more than 20 depositors are accepted.

As a result, most business models used, for instance, by payment systems, payment services providers, crowdfunding or crowdlending platforms are considered to involve the solicitation and acceptance of deposits and may fall within the scope of the Banking Act and therefore trigger licensing requirements.

However, fintech companies do not need a banking licence to hold deposits under CHF1 million (see 2.5 Regulatory Sandbox). Similarly, no banking licence is needed if deposits (regardless of amount) are held for less than 60 days on a settlement account. All other deposit-taking activities require either a fintech licence for deposit-taking not exceeding CHF100 million or a full-fledged banking licence. It is also worth noting that funds linked to means of payment, or to a payment system, do not qualify as deposits, provided that:

• the funds serve the purpose of purchasing goods or services;
• no interest is paid on them; and
• the funds remain below a threshold of CHF3,000 per customer and per issuer of a payment instrument or operator.

This exemption may benefit some card payment services and online or mobile payment services. However, they need a model that ensures any funds stored on user accounts are only for buying goods and services (not for peer-to-peer (P2P) transfers, withdrawals, transfers to a user's bank account, etc) and never exceed CHF3,000 per customer.

Anti-money Laundering Legislation

The Federal Anti-Money Laundering Act (AMLA) defines an intermediary as any natural or legal person who accepts or holds deposit assets belonging to others, or assists in the investment or transfer of such assets. This covers people who carry out credit transactions (such as consumer loans or mortgages, factoring, commercial financing or financial leasing) and who provide payment transaction services. This affects many emerging business models, such as mobile payment, blockchain and related applications, cryptocurrencies, automated investment advice, crowdfunding or peer-to-peer lending. Under this broad scope, many – if not most – fintech companies qualify as financial intermediaries and are generally subject to anti-money laundering obligations, including compliance with know your customer (KYC) rules (see 2.13 Impact of AML and Sanctions Rules).

Swiss Financial Services Act, Swiss Financial Institutions Act

The Swiss Financial Services Act (FinSA) and Swiss Financial Institutions Act (FinIA) came into force on 1 January 2020. While the purpose of FinIA is to provide a new legal framework governing most financial institutions (ie, asset managers, trustees, managers of collective assets, fund managers and securities firms), FinSA is designed to regulate financial services in Switzerland, whether provided by a Swiss-based business or on a cross-border basis in Switzerland or to clients in Switzerland. The rules are largely based on EU directives – the Markets in Financial Instruments Directive (MiFID II), the Prospectus Directive and Packaged Retail Investment and Insurance-Based Products (PRIIPs) – with adjustments tailored to the Swiss market.

In a nutshell, with regard to fintech, the new legal framework may involve additional regulatory requirements to the extent that fintech companies may have to provide financial services in Switzerland or to Swiss clients (application of FinSA) or provide asset management services or other regulated services (application of FinIA and new licensing requirements).

There are no specific rules on the amount of fees that fintech companies may charge their customers. However, Swiss law provides for a number of disclosure obligations in relation to financial service fees, including the following:

• retrocessions, kickbacks, rebates and similar payments or financial benefits need to be disclosed (including payments received from other group companies) prior to entering into a contract/transaction; the disclosure has to be specific and, where the exact fees cannot be calculated at the outset of the transaction, the fee disclosure has to include the relevant percentages and calculation methodologies;
• unless a client has specifically and expressly waived its rights, retrocessions, kickbacks and similar payments need to be handed over in full to the customer; and
• where a key information document (KID) needs to be prepared and handed over to Swiss private clients (ie, with respect to collective investment schemes and structured products), a detailed fee disclosure will have to be included in the KID.

For the sake of completeness, it should be noted that FinSA also provides for certain rules against abusive conduct by financial service providers (such as third-party distributors of the products) that are relevant in relation to fees. For example, a financial service provider may not invoice a price that differs from the effective execution price when processing client orders.

Since 2015, the legislator's focus has been on adapting the applicable legal and regulatory framework to the needs of the fintech sector. The Swiss legislator has subsequently introduced three measures within Swiss banking legislation aimed at promoting innovation in the financial sector:

• any amount of monies can now be held on settlement accounts (eg, for crowdfunding projects) for up to 60 days (as opposed to seven days, as was the case);
• a sandbox has been created where companies can accept public deposits of up to CHF1 million without having to apply for a banking or fintech licence, subject to certain conditions, such as disclosures and prohibitions against investing these deposits; and
• there is a new fintech licence suitable for businesses whose activity involves some form of deposit-taking, but without any lending activities involving maturity transformation (see 2.5 Regulatory Sandbox).

In addition to the regulatory sandbox (see 2.4 Variations Between the Regulation of Fintech and Legacy Players), under the fintech licence, financial service providers are allowed to accept public deposits provided that:

• the total amount of deposits does not exceed CHF100 million;
• the deposits do not bear interest (or are not otherwise remunerated); and
• the deposits are not re-invested by the company (ie, they are not used for on-lending purposes).

Fintech licences involve less stringent regulatory requirements than a banking licence. Strict banking equity ratio requirements, as well as liquidity requirements, do not apply. In addition, there are lower minimum capital requirements: fintech licence holders must maintain capital amounting to 3% of public deposits, but in any case not less than CHF300,000. In May 2023, FINMA published its revised guidelines for the fintech licence, setting out the information and documentation needed to apply for one. These include a list of all participants holding a direct or indirect interest of 5% in the applicant, information on the governing bodies and the activities of the company, plus a three-year financial forecast.

To be clear, the fintech licence is not a banking licence and companies operating under such a licence do not qualify as a banking institution and may not be designated as such. By extension, client deposits are not covered by the Swiss deposit protection scheme and clients must be duly informed of this, as well as of the attendant risks. In March 2020, FINMA granted the first fintech licence to an app-based bank called Yapeal. The other four companies holding a fintech licence are Klarpay, Relio, SR Saphirstein and SWISS4.0.

FINMA is generally responsible for the authorisation, supervision, enforcement and documentation of most activities that are subject to Swiss financial market laws. This includes the supervision of outsourcing arrangements (see 2.7 Outsourcing of Regulated Functions). FINMA adopts a risk-oriented approach to supervision, meaning examinations depend on the risk posed by the respective financial market participant. The applicable laws are enforced by FINMA, which applies administrative measures under supervisory law where necessary. FINMA’s powers include precautionary measures or measures to restore compliance with the law, withdrawing authorisation, liquidating unauthorised companies, issuing industry bans and ordering the disgorgement of profits generated illegally. It can also publish final decisions naming those involved. Since naming companies or individuals is restricted by law, FINMA generally only publishes information on ongoing or completed enforcement proceedings if there is a particular public interest – eg, to protect investors, creditors or policyholders.

Besides FINMA, criminal prosecution authorities and self-regulatory organisations are also involved in enforcing financial market laws. Where irregularities fall under criminal law, FINMA may file a complaint with the competent authorities (Federal Department of Finance, Office of the Attorney General and cantonal prosecutors). There are other authorities, such as the Competition Commission and the Federal Data Protection and Information Commissioner, which may also enforce the relevant laws.

The outsourcing of significant business areas of regulated entities is subject to certain requirements. In essence, Swiss financial market law sets forth three different outsourcing regimes:

• The outsourcing of a significant business area by a bank (including holders of the fintech licence; see 2.5 Regulatory Sandbox) does not require FINMA approval provided the requirements of the FINMA Outsourcing Circular (see below) and applicable data protection legislation are complied with. Courtesy notifications to FINMA should be considered for material outsourcing transactions.
• Under FinIA, financial institutions (eg, asset managers, trustees, securities firms and fund managers) must reflect the functions being outsourced as well as the possibility of sub-outsourcing in their organisational regulations, which are subject to FINMA approval.
• The outsourcing of essential functions by insurance or reinsurance companies domiciled in Switzerland (or Swiss branches of foreign insurance companies) constitutes a business plan change which must be notified to FINMA. Notification must be made within 14 days after the signing date of the outsourcing agreement and is considered approved by FINMA unless an investigation is opened within four weeks after notification has been made.

Each entity subject to one of the above outsourcing regimes continues to bear responsibility for the outsourced business areas, so it must ensure the proper selection, instruction and control of the supplier. Furthermore, it is a common requirement in all outsourcing regimes to conclude a written contract with the supplier which sets out, among other things, clearly assigned responsibilities as well as audit and inspection rights. If a significant function is outsourced, the service provider is subject to information and reporting duties to, and audits by, FINMA.

Regulated entities subject to FINMA Circular 2018/3 Outsourcing (Outsourcing Circular, which applies to banks, insurers, managers of collective assets, fund managers and securities firms) must comply with the detailed measures set out in the Outsourcing Circular, including:

• the obligation to keep an inventory of all outsourced services (which must include proper descriptions of the outsourced function, the name of the service provider and any subcontractors, the service recipient and the person or department responsible within the company);
• conclusion of a written contract with the supplier setting out, among others, security and business continuity requirements; and
• if outsourcing to a foreign supplier, the company must ensure that restructuring or resolving the company in Switzerland remains possible and that the information required for this purpose is accessible in Switzerland at all times.

Regulated entities subject to FinIA may only delegate tasks to third parties who have the necessary skills, knowledge, experience and authorisations to perform that task.

FINMA-regulated entities, as well as those responsible for their management, must provide guarantees of irreproachable business conduct. Furthermore, regulated entities, as well as their statutory auditors, are required to notify FINMA of any events that are of material relevance to FINMA’s supervision. Therefore, to a certain extent, fintech providers that are FINMA regulated also act as gatekeepers.

From a civil law perspective and as a general principle, a fintech provider would be liable for damages resulting from negligence or wilful misconduct in breach of applicable law or contractual obligation. However, under Swiss civil law, liability can be limited or even excluded to a large extent by contractual agreement. Civil liability would thus have to be assessed on a case-by-case basis.

FINMA has executed several enforcement proceedings in the fintech industry, in particular in the case of initial coin offerings (ICOs) that were suspected of acting as a bank without being authorised to do so (ie, accepting deposits from the public without a banking licence; see 2.2 Regulatory Regime). According to FINMA’s annual report 2020, FINMA conducted around 100 fintech-related investigations during 2020, with ICOs remaining a key catalyst for such investigations. In its most recent annual report 2022, FINMA stressed its supervisory focus on capital and liquidity requirements. In relation to this, FINMA stated in its annual report 2022 that certain companies holding a fintech licence faced financial obligations that threatened their solvency and/or liquidity. As a result, FINMA had to withdraw a fintech licence for the first time.

In addition, FINMA generally noted more Swiss companies offering secondary market-related financial services based on blockchain, which attracted significant interest from investors.

Only in very few cases did FINMA make individual enforcement cases public:

• in September 2017 FINMA ruled that the E-Coin issued by QUID PRO QUO Association with the involvement of DIGITAL TRADING AG and Marcelco Group AG constituted fake cryptocurrency; in addition, FINMA ruled that the E-Coin involved the acceptance of deposits from the public for which the issuer was not authorised (all three entities involved with the E-Coin were liquidated); and
• in March 2019 FINMA ruled that the EVN-Token issued by envion AG which offered a repayment claim after 30 years, constituted the acceptance of deposits from the public for which the issuer was not authorised; envion AG had accepted deposits in an amount exceeding CHF90 million from at least 37,000 investors and was already in liquidation prior to FINMA's order due to violation of corporate law requirements.

FINMA also maintains a warning list on its website of individuals and entities who are presumed to carry out unauthorised activities under financial market regulations.

The processing of personal data by private persons and federal bodies is regulated in particular by the Data Protection Act (DPA) and the Data Protection Ordinance (DPO). The Swiss Parliament has recently adopted a revision of the DPA and the DPO, which entered into force on 1 September 2023. While the technical requirements in essence remain unchanged, the revised act provides for considerable organisational and administrative requirements, as well as significant sanctions. The DPA and the DPO apply, with some exceptions, to the processing of data relating to natural persons. Personal data must be protected against unauthorised processing by appropriate technical and organisational measures. Such protection has been specified with respect to the storing, processing and transferring of client data in the banking sector (Annex 3 to the former FINMA Circular 2008/21 Operational Risks). As of 1 January 2024, such specifications are newly included in Chapter IV, Section D on critical data risk management of the revised FINMA Circular 2023/1 Operational Risks and Resilience – Banks, which extends the scope of protected data beyond electronic client data to so-called critical data. Critical data is data that, in view of the institution’s size, complexity, structure, risk profile and business model, is of such crucial significance that it requires increased security measures. The criticality of such data is determined by assessing the data’s confidentiality, integrity, and availability.

In addition, the Federal Act on Information Security (ISA) and its implementing ordinances entered into force on 1 January 2024. While the ISA primarily focuses on government cyber security, a revision adopted on 29 September 2023 requires critical infrastructure operators, including private parties, to report cyberattacks to the National Cyber Security Centre within 24 hours. This obligation applies, inter alia, to companies that are subject to the Banking Act (see 2.2 Regulatory Regime), Insurance Supervisory Act (see 10.2 Treatment of Different Types of Insurance) or Financial Markets Infrastructure Act (see 7. Marketplaces, Exchanges and Trading Platforms) and is expected to take effect on 1 January 2025. With regard to cybersecurity, non-binding guidelines with respect to minimum security requirements for telecommunication services have been issued by the competent regulator – the Federal Office of Communications (OFCOM). However, there is no cross-sector cybersecurity legislation in Switzerland that would generally be applicable to fintech companies.

The following are the most notable authorities and organisations involved in Swiss financial market regulation:

• Financial intermediaries operating on a commercial basis are subject to AMLA (see 2.2 Regulatory Regime) and must, unless otherwise supervised by FINMA (eg, as a bank), become a member of a self-regulatory organisation (SRO) recognised by FINMA. While having limited enforcement powers, SROs are responsible for supervising compliance with the due diligence obligations of the financial intermediaries. FINMA, in turn, actively supervises the SROs.
• Banks, insurers, managers of collective assets, fund managers and securities firms are required by financial market regulation to mandate an independent audit firm supervised by the Federal Audit Oversight Authority (FAOA) as statutory auditor.
• Under the FinIA, asset managers and trustees are required to associate themselves with an independent, privately organised supervisory organisation (SO), while FINMA retains the competence to authorise asset managers and trustees as well as to conduct any respective enforcement proceedings. The ongoing supervision of asset managers and trustees is delegated to the SO which, in turn, must obtain authorisation from FINMA and is itself supervised by FINMA. 

Furthermore, there are many private for-profit and not-for-profit organisations active in the fintech industry that are helping to define industry standards. Most notably, the Swiss Bankers Association has defined several standards applied by banks, eg, on opening corporate accounts for DLT companies.

Although no specific rules on the conjunction of unregulated and regulated products and services apply, financial service providers are required to take appropriate measures to avoid conflicts of interest. As a general principle, most regulated entities (eg, asset managers, managers of collective assets, insurers) are also required by law to pursue activities only related to their respective regulatory status. FINMA may, however, grant exemptions subject to applicable laws.

Many fintech companies are likely to qualify as financial intermediaries and may, therefore, be subject to AMLA. 

Fintech companies subject to AMLA are not only required to join a self-regulatory organisation (unless otherwise supervised by FINMA – eg, as a bank), but anti-money laundering obligations also include due diligence obligations (including KYC rules and record-keeping obligations), reporting obligations in the event of a suspicion of money laundering or obligations to freeze assets under certain conditions. Swiss anti-money laundering regulation is relatively easy to comply with and should not represent a significant entry barrier. However, dealing with the associated costs requires careful planning and business models may need to be adapted. This applies particularly to fintech companies providing alternative finance (eg, crowd investment) platforms, payment services or the professional purchasing and selling of virtual currencies.

With regards to sanction rules, the Federal Council adopted the sanctions packages imposed by the EU in view of the war between the Russian Federation and Ukraine for Switzerland on 28 February 2022. The Federal Council has since consistently updated the Swiss sanctions regime to take account of additional EU sanctions packages that have been enacted in the meantime. The Swiss Federal Ordinance instituting measures in connection with the situation in Ukraine includes, among others, financial sanctions against certain listed individuals and businesses and bans on providing certain financial services to Russian nationals as well as individuals and businesses residing in the Russian Federation. Compliance with sanctions may be operationally challenging and requires utmost care as breaches of sanctions regulations may result in legal and reputational risks for fintech companies. The Swiss State Secretariat for Economic Affairs (SECO) maintains a public website with information and guidance on export control and sanctions.

In Switzerland, financial advisers that provide financial advice or investment management online, so-called robo-advisers, are growing in popularity. In particular, those between the ages of 24 and 35 are expected to make up the customer base of online investment solutions, since they often adopt new technologies quickly and prefer self-service approaches. There are several companies that pursue a robo-adviser business model based on mathematical rules or algorithms that allocate, manage and optimise clients’ assets.

With regards to automated investment advice, there are no specific applicable rules or regulations. Swiss law is generally technology-neutral and principle-based. FINMA actively contributes to a fintech-friendly legal environment. FINMA regards innovation as key to Switzerland’s competitiveness as a financial centre, but adopts an essentially neutral approach to certain business models and technologies. FINMA has therefore been enhancing the regulatory framework to facilitate client onboarding via digital channels and has reviewed whether specific provisions in its ordinances and circulars disadvantaged some technologies and concluded that very few such obstacles existed. Therefore, FINMA has adopted its guidelines for asset management and has removed the requirement that asset management agreements have to be concluded in writing. Also, FINMA has eased the rules of the onboarding process for new businesses via digital channels.

See 3.1 Requirement for Different Business Models.

Under FinSA, financial service providers need to ensure that client orders are always executed in the best possible way with regard to financial terms, timing of execution and other terms and conditions. Providers define, in a best execution policy to be reviewed annually, the criteria necessary for the execution of client orders. This includes the price, costs, timeliness and probability of execution and settlement. Upon the request of the client, the financial service provider evidences that the respective customer trades have been executed in compliance with these criteria. Regulatory best execution requirements do not apply in relation to institutional clients.

Crowdlending refers to loans for funding companies or individuals, which are consequently categorised as borrowed capital. Crowdlending is also known as P2P or social lending because funding is provided by individuals or companies that are not financial institutions or financial intermediaries. Referring to the distinguishing criterion mentioned above to differentiate sub-types of crowdfunding, participants (funding providers) receive a payment in return for their funding made available to the project developer (borrower), typically in the form of interest, although participating loans or bond/note issuances are also possible. The amount of interest or return payment varies depending on the risk of the project and borrower, but it is usually lower than what traditional banks charge. There are a number of crowdlending businesses in Switzerland that offer loans to both private persons and companies.

Generally, crowdlending is subject to general financial services regulation, including the AML legislation (see 2.2 Regulatory Regime). Also, under the Swiss Consumer Credit Act (CCA), only authorised lenders can provide consumer loans. Lenders need to register with the Swiss Canton where they are established or, if activities are conducted on a cross-border basis by foreign lenders, with the Swiss Canton where they intend to perform their services. 

Certain amendments to the consumer credit legislation came into force on 1 April 2019. Consumer loans that are obtained through a crowdlending platform are now required to comply with the same consumer protection provided by the law as if they were extended by a professional lender. Certain implementing provisions in the Consumer Credit Ordinance have also been adopted, such as access to consumer credit information systems and professional indemnity insurance requirements for crowdlending platforms.

See 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities.

See 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities.

With regard to loans and loan syndication, it is predominantly banks that are active in the relevant market in Switzerland. There are a number of reasons for this, one being the Swiss tax law rules commonly referred to as the “Swiss non-bank rules”. The basis for these rules is that, under Swiss domestic tax law, payments by a Swiss borrower under bilateral or syndicated financing are generally not subject to Swiss withholding tax. This, however, requires compliance with Swiss non-bank rules. In a nutshell, these rules require that:

• a syndicate does not consist of more than ten lenders which are not licensed as banks, if there is a Swiss obligor (the ten non-bank rule);
• a Swiss obligor does not, in aggregate (ie, not on a transaction-specific level), have more than 20 lenders that are not licensed as banks (the 20 non-bank rule); and
• a Swiss obligor does not, in aggregate (ie, not on a transaction-specific level), have more than 100 creditors not licensed as banks, under financings that qualify as deposits within the meaning of the relevant rules (the 100 non-bank rule).

To ensure compliance with the Swiss non-bank rules, a number of provisions are included in facility agreements with Swiss borrowers, guarantors or security providers. Depending on the structure, these include assignment and transfer restrictions that limit the ability of lenders to sell down the facilities to more than a specified number of non-bank lenders.

The payment market in Switzerland has undergone significant changes in recent years. With the introduction of the first mobile payment app, the Swiss market has experienced a surge of new entrants, leading to a rapid consolidation process. There are many electronic payment systems that rely, at least, partially on classic credit or debit card payment schemes; they use technology to facilitate payments at the point of sale in the context of e-commerce or, in some cases, between individuals (P2P). 

Besides credit and debit card-based payments, some payment apps can be linked to traditional bank accounts with partnering banks. The user experience is similar, but the payment is executed as a bank transfer – ie, the payer authorises the payment service provider to deduct the relevant amount from their bank account and to transfer it to the recipient’s bank account (often routed via a bank account of the payment service provider, subject to a fee). These systems are often operated or sponsored by banks and may therefore be subject to fewer regulatory constraints.

The FinSA requires, among other things, that a non-Swiss financial service provider acting on a cross-border basis comply with Swiss rules of conduct and, in some cases, register its client advisers in Switzerland. Client advisers of foreign-based financial service providers must register in a Client Advisers Register in Switzerland before they can offer financial services or products there. The registration requirement applies to the individuals who act as “client advisers” for the financial service provider, not to the provider itself.

Regarding AML obligations, the Swiss regime (see 2.2 Regulatory Regime and 2.13 Impact of AML and Sanctions Rules) only covers financial intermediaries that have a physical presence in Switzerland and generally does not extend to foreign institutions active on a cross-border basis. For example, payment service providers operating exclusively through electronic channels or the internet are usually not subject to AMLA. However, regardless of AMLA's application, the general prohibition against money laundering under criminal law still applies.

The authorisation or licensing process for investment funds differs depending on whether Swiss or foreign investment funds are concerned. Regarding Swiss investment funds, it is relevant how the investment fund is structured.

The Swiss regulatory regime distinguishes between open-ended and closed-ended collective investment schemes. The main differences between open-ended and closed-ended collective investment schemes are the different rules regarding the redemption of shares/units of collective investment schemes and different legal structures. Open-ended collective investment schemes must be established in the form of either a contractual fund or an investment company with variable capital (SICAV). On the other hand, closed-ended collective investment schemes may only be set up as either a limited partnership for collective investments (LP) or an investment company with fixed capital (SICAF). The Collective Investment Schemes Act further distinguishes open-ended funds based on the type of investments. Accordingly, securities funds, real estate funds, other traditional investment funds and alternative investment funds each follow a different set of rules regarding investment policy and permitted investment techniques.

Both the limited partnership for collective investment schemes and the SICAF must have obtained the relevant licence from FINMA. In doing so, both the limited partnership agreement of the limited partnership for collective investment schemes and the articles of association and the investment regulations of the SICAF are subject to FINMA’s approval.

In addition, fund managers also require FINMA's authorisation under the FinIA (see 2.2 Regulatory Regime).

See 6.1 Regulation of Fund Administrators.

Marketplaces and trading platforms are regulated by the Financial Markets Infrastructure Act (FMIA). Under FMIA, organised trading facilities for the multilateral trading of securities and other financial instruments require authorisation from FINMA. Trading facilities can seek authorisation as either a stock exchange or a multilateral trading facility. Furthermore, authorised banks, marketplaces (ie, stock exchanges or multilateral trading facilities) and securities firms may also operate an organised trading facility without additional authorisation.

The FMIA also regulates payment systems. However, they do not need authorisation from FINMA, unless the payment system’s authorisation is essential for the financial market’s proper functioning or the protection of its participants.

Regarding the trading of digital assets, the recently adopted DLT/blockchain legislation introduced DLT trading facilities as an additional regulatory status (see 12.2 Local Regulators’ Approach to Blockchain). The main difference from the current regulation is that the new DLT-trading facility authorisation allows individuals to participate in such a trading facility without an intermediary.

FMIA essentially differentiates between two asset classes:

• derivatives or derivative transactions – financial contracts whose value depends on one or several underlying assets and which are not cash transactions; and
• securities – standardised certificated and uncertificated securities, derivatives and intermediated securities, which are suitable for mass trading.

With respect to derivatives, FMIA foresees additional obligations, eg:

• clearing through a central counterparty;
• the use of authorised trading facilities; and 
• position limits in the case of commodity derivatives.

By definition, decentralised systems are particularly vulnerable to anonymity risks. Indeed, in contrast to traditional financial services, virtual currency users’ identities are generally unknown, although in most cases they are only pseudonymous and there is no regulated intermediary which may serve as gatekeeper to mitigate money laundering and financing of terrorism risks. Most virtual currencies, such as Bitcoin or Ether, use a pseudonymous blockchain, meaning that a user's identity is not linked to a particular wallet or transaction. However, while a user’s identity is not visible on the distributed ledger that supports the virtual currency infrastructure, anyone can access and view the transaction information – such as dates, value and the counterparties’ addresses – that is publicly recorded on it. Therefore, enforcement authorities can, in the course of their investigations, track transactions where a user’s identity is linked to an account or address (such as wallet providers or exchange platforms).

Swiss AML legislation does not provide for a definition of virtual currencies. However, since the revision of the FINMA AML Ordinance in 2015, exchange activities in relation to virtual currencies – eg, money transmission with a conversion of virtual currencies between two parties – are subject to AML rules. In general, the exact scope of regulation applicable to cryptocurrency exchanges depends on the level of decentralisation and activities involved (see 7.1 Permissible Trading Platforms) as well as the economic function and transferability of the blockchain-based units – ie, tokens (see 12.2 Local Regulator's Approach to Blockchain and 12.3 Classification of Blockchain Assets).

FMIA requires authorised stock exchanges and multilateral trading facilities to implement appropriate self-regulation, which is binding on the respective participants. SIX Swiss Exchange, as the dominant stock exchange, issues respective Listing Rules which have been amended as of 1 January 2020 to reflect the new financial market regulation (see 2.2 Regulatory Regime). 

FMIA requires authorised stock exchanges and multilateral trading facilities to implement rules on orderly and transparent trading and to monitor trading in order to detect violations of statutory and regulatory provisions. The detailed rules are thus issued by the relevant trading facility, eg, SIX Swiss Exchange. Furthermore, best execution rules apply (see 3.3 Issues Relating to Best Execution of Customer Trades).

Under FMIA, organised trading facilities for trading securities and other financial instruments require the respective FINMA authorisation (see 7.1 Permissible Trading Platforms), which includes strict limitations – eg, on authorised participants in such a trading facility. The new DLT trading facility allows, to a certain extent, for P2P trading of digital assets (see 7.1 Permissible Trading Platforms).

See 3.3 Issues Relating to Best Execution of Customer Trades.

The rules on best execution (see 3.3 Issues Relating to Best Execution of Customer Trades) as well as the general principles on fees apply (see 2.3 Compensation Models).

The FMIA is designed to ensure the transparency and proper functioning of the securities markets, and stipulates two types of market abuse, which are described below.

Insider Trading

The use of insider information is unlawful if the person knows or should know that it is insider information and such person:

• exploits it to buy or sell securities admitted to trading on a trading venue in Switzerland or to use financial instruments derived from such securities; or
• discloses it to another person; or
• exploits it to recommend to another person the acquisition or sale of securities admitted to trading on a trading venue in Switzerland or to use financial instruments derived from such securities.

Market Manipulation

It is unlawful to publicly disseminate information, or carry out transactions or give buy or sell orders if the person knows or should know that such behaviour gives false or misleading signals regarding the supply, demand or price of securities admitted to trading on a trading venue in Switzerland.

In addition, most FINMA-supervised institutions must also meet certain organisational requirements regarding market integrity that FINMA has detailed in its Circular 2013/8 Market Conduct Rules. The requirements include investigating trades that may involve unlawful market behaviour (if there are clear indications of this), handling of insider information in a way that prevents unlawful market behaviour and enables its detection, ensuring that people who decide on securities and/or derivative transactions do not have access to insider information, and monitoring employee transactions.

Algorithmic trading is based on computer algorithms that automatically determine the triggering and the individual parameters of an order (such as time, price or quantity). High-frequency trading is an extension of algorithmic trading, has very low delays in order transmission and a usually short-term trading strategy. Its distinctive feature is a high number of order entries, changes or deletions within microseconds.

FMIA and the related Financial Market Infrastructure Ordinance (FMIO) have introduced the necessary measures in Switzerland to address the negative effects of algorithmic trading and high-frequency trading. The regulation follows international standards and is based on EU law.

Specifically, stock exchanges, multilateral trading systems and organised trading systems must ensure orderly trading. In particular, they must ensure that their trading systems are in a position to temporarily suspend or restrict trading if there is a significant price movement in the short term as a result of an effect on this market or a neighbouring market (so-called circuit breakers). It must also be possible to identify orders generated by algorithmic trading.

In addition, traders who engage in algorithmic trading and high-frequency trading are subject to various obligations. In particular, they must ensure their systems cause no disruption to the trading venue and are subject to appropriate testing of algorithms and control mechanisms. Furthermore, certain transparency requirements apply (see 8.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity). It should be emphasised that higher fees may be charged for typical high-frequency trading techniques.

Pursuant to FMIO, authorised trading facilities are required to impose upon all participants an obligation to notify the trading facility of the use of algorithmic trading and to flag all orders made by algorithmic trading.

In addition, a market participant requires authorisation as a securities firm by FINMA pursuant to FinIA if: 

• it trades in securities in its own name for the account of clients; 
• it trades in securities for its own account on a short-term basis and publicly quotes prices for individual securities upon request or on an ongoing basis; or 
• it trades in securities for its own account on a short-term basis, operates primarily on the financial market and is a member of a trading facility.

The transparency requirements in relation to algorithmic trading apply to all market participants alike (see 8.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity). In addition, funds and fund managers are subject to the respective regulatory regime (see 6. Fund Administrators), while dealers may qualify as securities firms (see 8.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity).

Under Swiss law, there is no specific regulation of programmers and programming. However, the FMIA requires marketplaces to identify and monitor algorithmic and high-frequency trading (see 8.1 Creation and Usage Regulations) which may indirectly affect programmers and programming.

Under Swiss law, which is in general technology-neutral, there is no specific definition of Decentralised Finance (DeFi). In its annual report 2021, FINMA recognises DeFi as development linked to open-access, programmable blockchain systems in the form of smart contracts, which have so far emerged in the form of, inter alia, DeFi applications that facilitate financial market services such as trading of tokens and the lending business. DeFi may be based on peer-to-peer models (see 7.6 Rise of Peer-to-Peer Trading Platforms) with no individually identifiable or controlling operator, where traditional intermediaries such as banks (see 2.2 Regulatory Regime) or securities firms (see 8.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity) do not play any role, or applications that describe themselves as DeFi but are actually organised and controlled centrally and are therefore similar to traditional financial market intermediaries per applicable Swiss financial market laws. According to its annual report 2021, when evaluating DeFi applications, FINMA follows the following principles:

• FINMA applies the existing financial market laws to DeFi applications and, in doing so, abstracts from the use of specific technologies or procedures (principle of technology neutrality).
• If a DeFi application offers the same service and poses the same risk as intermediaries in the traditional financial market, FINMA applies the same rules (same risks, same rules).
• If, from an economic perspective, a DeFi application offers an activity under financial market law that would require licensing, FINMA assumes a licensing requirement in the case of new types of technical or legal implementation (substance over form).

Furthermore, certain aspects of DeFi that are specifically regulated under Swiss law pertain to the area of DLT/blockchain, as described in 12.2 Local Regulators’ Approach to Blockchain.

Under Swiss law, which is generally technology-neutral and principle-based, there is no specific legislation governing financial research platforms. As a result, financial research platforms based in Switzerland benefit from a more flexible regulatory environment that allows for greater regulatory latitude compared with other jurisdictions. Regulatory implications, if any, for specific financial research platforms must be assessed based on general principles governing the provision of services (including financial services) in Switzerland.

See 9.1 Registration.

See 9.1 Registration.

In Switzerland, insurtech is growing fast, in part due to organisations pursuing business models that are based on general challenges faced by traditional insurers, such as new regulatory frameworks, alternative capital sources, and ongoing low interest rates. In general, traditional insurers face lower barriers when entering the insurtech market as they already have the required licences and can focus on developing the technology.

To date, there is no specific legislation governing insurtech business models. Therefore, any regulatory implications for insurtech models must be assessed based on the general principles governing insurance services provision, especially those related to FINMA’s insurance supervision objectives. The revised insurance regulations have introduced, among others, more stringent requirements for insurance intermediation and new criteria for supervision by FINMA as of 1 January 2024.

Swiss insurance supervisory law contains specific provisions for different types of insurance. The Insurance Supervisory Act (ISA) distinguishes between three kinds of insurance: life insurance, indemnity/non-life insurance and reinsurance. A key point is that life insurers can only offer casualty and sickness insurance besides life insurance. Different rules also apply with regard to capital requirements. Moreover, mandatory sickness insurers follow a completely different regulatory regime under Swiss law. While FINMA is the competent supervisory authority under ISA, the Federal Office of Public Health supervises insurers providing mandatory sickness insurance.

Regtech is a type of fintech focusing on technologies and software that help companies meet regulatory requirements and stay compliant in a cost-effective and comprehensive way. Regtech software can automate compliance tasks and monitor and detect risks on an ongoing basis.

There is currently no specific legislation governing regtech. FINMA has generally welcomed tech applications that help supervised entities comply with regulatory requirements. FINMA may define technical standards and formats if and when there is a market need for them.

The general requirements on outsourcing apply when regulated financial service firms use regtech providers (see 2.7 Outsourcing of Regulated Functions). Depending on the specific services involved, a regtech provider must also comply with a service-level agreement and provide for service credit payments and other remedies in order for the customer to measure and enforce performance and its accuracy.

DLT, such as various blockchain, have been the focus of many public and private initiatives. First, traditional fundraising techniques and processes have been challenged in the last couple of years by the emergence of a new form of capital raising by start-ups in the form of initial coin offerings (ICOs) or token-generating events based on DLT. With the advance of this technology, the focus is now shifting on tokenising more traditional assets such as shares and other securities. 

Some Swiss companies have already issued shares on the blockchain and FINMA has granted banking and securities licences to two blockchain service providers, AMINA Bank AG (formerly Seba AG) and Sygnum. Driven by the fast-moving industry, traditional players such as banks are also increasingly offering services in relation to digital assets and blockchain-related businesses. Several players such as the Swiss Bankers Association, Crypto Valley Association and the Capital Market and Technology Association are promoting the growing blockchain-based business model for traditional and new players alike.

In Switzerland, the general rules largely apply with regard to risks, liability, intellectual property, AML and data privacy.

Regarding the application of the existing regulations on ICOs, FINMA published corresponding guidelines on 16 February 2018. Generally, FINMA focuses on the economic function and purpose of the tokens, as well as whether they are tradeable or transferable, in order to classify them as either payment tokens (including cryptocurrencies), utility tokens or asset tokens. The classification of the tokens has an impact on the applicable legal and regulatory framework (see 12.3 Classification of Blockchain Assets). Since then, FINMA has issued further guidelines on money laundering on blockchain, stablecoins and, most recently, on staking services.

On 25 September 2020, the Swiss Parliament adopted new legislation in order to increase legal certainty by removing hurdles for DLT-based applications and limiting risks of misuse. In a nutshell, the legislative amendments include:

• a civil law change aimed at increasing the legal certainty in the transfer of DLT-based assets;
• the possibility of segregation of crypto-based assets in the event of bankruptcy; and
• a new authorisation category called DLT Trading Facilities, from which DLT Trading Facilities may provide services in the areas of trading, clearing, settlement and custody with DLT-based assets (see also 7.1 Permissible Trading Platforms). 

Overall, these legislative amendments are expected to increase market access for fintech companies in the DLT/blockchain field by improving legal certainty and removing certain regulatory barriers. The provisions enabling the introduction of uncertificated register securities that are represented on a blockchain came into force on 1 February 2021, and the remaining provisions came into force on 1 August 2021.

FINMA guidelines define three types of token:

• payment tokens are synonymous with cryptocurrencies and offer no further functions or links to projects; they may, in some cases, only gain the necessary functionality and become accepted as a means of payment over a period of time – FINMA requires compliance with anti-money laundering regulations but does not treat such tokens as securities;
• utility tokens are tokens which are intended to provide access to a digital functionality or a service; they do not qualify as securities, unless they function, at least partially, as an investment in economic terms; and
• asset tokens represent assets such as participation in real physical assets, companies, earning streams or an entitlement to dividends or interest payments; their economic function is, dependent on its terms, analogous to equities, bonds or derivatives – FINMA generally considers asset tokens as securities.

Other players have utilised alternative classifications that are suited to the particular circumstances they are facing.

See 12.2 Local Regulators’ Approach to Blockchain.

See 12.2 Local Regulators’ Approach to Blockchain.

Since there is no specific regulation, the general regulation of funds applies (see 6. Fund Administrators).

Transactions in cryptocurrencies may be carried out on an anonymous basis and related money laundering risks are accentuated by the speed and mobility of the transactions made possible by the underlying technology. KYC is the cornerstone of AML and CFT due diligence requirements, generally imposed on financial institutions whose AML/CFT legislation is aligned with international standards (see 2. Fintech Business Models and Regulation in General). KYC requires that financial institutions duly identify and verify their contracting parties (ie, customers) and the beneficial owners (namely when their contracting parties are not natural persons) of such assets as well as their origin. 

KYC, along with transaction monitoring, enables the tracing of assets and their source. This helps identify indications of money laundering and terrorist financing through the creation of a paper trail. With respect to DLT/blockchain applications, one of the challenges is that KYC and other AML/CFT requirements are designed for a centralised intermediated financial system in which regulatory requirements and sanctions can be imposed by each jurisdiction at the level of financial intermediaries operating on its territory (ie, acting as gatekeepers). 

In contrast, virtual currency payment products and services rely on a set of decentralised cross-border virtual protocols and infrastructure elements, neither of which has a sufficient degree of control over, or access to, the underlying value (asset) and/or information, meaning that identifying a touch-point for implementing and enforcing compliance with AML/CFT requirements is challenging.

Under Swiss law, there is no specific definition of DeFi. FINMA upholds the principle of technology neutrality and the primacy of economic substance in its assessment of DeFi applications under Swiss financial market law (see 8.5 Decentralised Finance (DeFi)). Certain aspects of DeFi that are specifically regulated under Swiss law pertain to the area of DLT/blockchain, as described in 12.2 Local Regulators’ Approach to Blockchain.

The Swiss approach to regulation of crypto-assets is technology-neutral and prioritises substance over form. This means that if crypto-assets, such as NFTs, perform a function similar to that of a traditional financial or payment instrument, the regulations governing such instruments would generally apply to the crypto-asset as well. Therefore, whether an NFT and/or NFT platform triggers regulatory obligations for the parties involved depends on the underlying rights represented by such NFT (if any). To classify an NFT as a payment, utility or asset token, and determine the regulatory consequences (see 2.2 Regulatory Regime and 12.3 Classification of Blockchain Assets), it is therefore necessary to identify the rights it represents.

Swiss banks have adopted the open banking concept and are implementing innovative business models, particularly in relation to banking infrastructure. This infrastructure may include open banking interfaces (APIs), identity and security management systems, information and transaction platforms, finance management systems and financial compliance systems. Currently, there is no specific legislation governing open banking. As a result, the regulatory implications of individual open banking applications must be evaluated based on the general principles that govern the provision of financial services. This is particularly important when it comes to upholding FINMA’s objectives for supervising financial institutions.

Given the importance of digital transformation for banks and the large size of Switzerland’s established financial sector, fintech organisations specialising in banking infrastructure have access to a large pool of potential customers. The need to meet customer expectations and deliver financial benefits (in terms of increased revenue and reduced operational costs) has accelerated the adoption of open banking solutions, including those based on Bank as a Platform (BaaP).

Open banking raises several concerns in the areas such as data protection, IT security and Swiss banking secrecy. The success of open banking in Switzerland will depend heavily on providing transparent information to clients, obtaining the necessary consents and waivers and adhering to the highest standards of IT security. The slow adoption of open banking in Switzerland may be due to Swiss banking secrecy and the lack of a common standard for open banking, despite an increasing number of open banking initiatives from private actors.

In July 2020, the Swiss Bankers Association published a working paper titled “Open Banking – An overview for the Swiss financial centre”. This paper provides an overview of Switzerland’s market-based approach to open banking without mandatory data-sharing requirements. It encourages its members to take an active role in open banking. The Federal Council requested the Federal Department of Finance to submit measures by June 2024 if the Swiss financial sector does not sufficiently commit to opening up its interfaces as part of a market-based approach. In response, a group of Swiss banks headed by the Swiss Bankers Association signed and published a memorandum of understanding in May 2023 with the goal of enabling initial multibanking offerings for individuals by mid-2025 (MoU). In particular, the MoU aims to improve interoperability and data exchanges between banks, fintechs and other financial institutions, thereby providing customers with a comprehensive overview of their finances.

Under Swiss law, the concept of fraud is primarily understood in a criminal context as an offence punishable under the Swiss Criminal Code (SCC), for which criminal liability is also applicable to corporations under certain conditions. In order to qualify as an offence of fraud under the SCC, the perpetrator must:

• deceive the victim; eg, by making false representations, concealing true facts or reinforcing an erroneous belief;
• act maliciously, which is present when the perpetrator uses a structure of lies, fraudulent maneuvers or staging to deceive the victim or, in case of a mere statement of false information by the perpetrator, this may also be considered malicious if the perpetrator either discourages the victim from verifying the information or forsees that the victim will not verify it due to a special relationship of trust;
• act willfully and with the intent of unlawfully securing financial gain for itself or a third party; and
• trigger an error on the part of the victim and cause the victim to act to the detriment of its own financial interest or those of a third party, thereby suffering damage.

In addition to this general notion of fraud, other criminal offences under the SCC applicable in a commercial context may include, to a certain extent, fraudulent and/or injurious conduct, such as forgery of documents, criminal mismanagement and misappropriation, maliciously causing financial loss to another, bribery and corruption offences and money laundering. Beyond the SCC, Swiss financial market laws, as applicable, further provide for certain criminal provisions relating to fraudulent and/or injurious conduct.

Finally, Swiss financial market laws, as applicable, require certain organisational measures, which may include adopting fraud prevention and detection measures. Such obligations may arise, for example, from regulations on risk management and internal controls (eg, specified for the banking sector in the FINMA Circular 2023/1 Operational Risks and Resilience – Banks), anti-money laundering obligations and sanctions rules (see 2.13 Impact of AML and Sanctions Rules) as well as market integrity (see 7.9 Market Integrity Principles).

In Switzerland, criminal offences, including fraud (see 14.1 Elements of Fraud), are generally prosecuted by either the competent cantonal public prosecutor’s office or the federal prosecution office for the Swiss Confederation, that is, the Office of the Attorney General of Switzerland (OAG), depending on the specific circumstances of the case. The cantons and Swiss Confederation may further delegate the prosecution and adjudication of contraventions to administrative authorities. Under such delegation, the Federal Department of Finance (FDF) is the authority responsible for prosecuting and judgement of violations of the criminal provisions of the Swiss financial market laws (as defined in the FINMASA).

In addition, fraud or non-compliance with organisational measures under applicable Swiss financial market laws in relation to an entity subject to prudential supervision by FINMA may lead to regulatory investigation and administrative enforcement (see 2.6 Jurisdiction of Regulators). Furthermore, if FINMA obtains knowledge of criminal offences, it must notify the competent criminal prosecution authorities and may collaborate in exchanging information. In 2022, FINMA filed five criminal complaints with the cantonal prosecutor’s office, eight with the OAG and 145 with the FDF. FINMA is, however, not empowered to prosecute criminal charges on its own initiative.

Both the Swiss crime statistics and FINMA’s enforcement statistics on offences reported to criminal authorities do not indicate exact motives or types underlying registered criminal fraud offences nor the corresponding regulatory focus. As a general note, 24,195 criminal fraud offences were recorded in Switzerland in 2022. FINMA’s general enforcement actions in the fintech industry are described in 2.9 Significant Enforcement Actions.