Market conditions for fintech offerings in Switzerland are generally considered favourable. This is due to:

• broad access to credit and venture capital;
• an educated workforce (a high number of graduates in science and technology); and
• widespread access to and use of information and communication technology.

Switzerland’s fintech market has experienced significant growth and expansion, with both the value chain and the product and service range seeing acceleration from an already high level. According to the Swiss Venture Capital Report 2024, total investment in the fintech industry decreased substantially to CHF424 million, in essence a reduction by half, which is also a sharper decline than in the overall market. While the investment decline is significant, it has to be considered that investments in the fintech sector in the ten years prior grew rapidly, and current numbers are still way above pre-pandemic numbers. Of note is that the number of funding rounds increased to 60, a new all-time high.

Swiss legislation has recently focused on adapting the legal and regulatory framework to the needs of the fintech sector (see 2.4 Variations Between the Regulation of Fintech and Legacy Players), contributing to a more dynamic Swiss fintech sector. For example, specific legislation in the area of blockchain came into force in the course of 2021, which ensures that Switzerland remains an attractive place for fintech startups (see 10.2 Local Regulators’ Approach to Blockchain).

The Swiss fintech landscape has evolved significantly in recent years, and Switzerland remains an attractive location for financial sector innovators. There are currently over 500 active players in Switzerland’s fintech ecosystem, including both emerging and established companies. The total number of fintech-related businesses is much higher. These companies primarily focus on the financial market sector, notably:

• payment services;
• investment management;
• banking infrastructure;
• deposits and lending;
• distributed ledger technology (DLT); and
• analytics.

Many of these businesses offer their products and services to established financial institutions and/or collaborate on digitisation projects. Switzerland’s fintech market is primarily composed of start-ups that receive most of their funding through venture capital. In Switzerland, it is common for established financial service providers to work with emerging fintech companies. The value chain of established financial service providers is being scrutinised and challenged both internally and externally. Emerging fintech companies are developing new technology-driven products and services that have the potential to disrupt the value chain of established players. Established financial service providers generally have the necessary financial and organisational resources to gradually adapt their business processes, both to avoid this displacement and achieve high market visibility. Conversely, a relatively small number of emerging companies can rely on a trusted brand or a financial market licence (eg, a bank). In 2019, the Swiss Financial Market Supervisory Authority (FINMA) granted banking licences to fintech players for the first time, namely AMINA Bank AG (formerly Seba AG) and Sygnum, which specialise in assets based on DLT. Other notable fintech players have since received FINMA licences for nearly all types of traditional licences – eg, Revolut Bank UAB (Swiss authorised representative of a foreign bank), Taurus SA (securities firm), VIAC Invest AG (fund manager), Alphemy Capital SA (manager of collective assets) and SDX Trading AG (stock exchange).

Swiss law takes a technology-neutral and principle-based approach, which has significant implications for fintech companies operating in Switzerland. Unlike other jurisdictions, Swiss-based fintech companies benefit from a more flexible regulatory environment that allows for greater regulatory latitude. FINMA has made regulatory changes to support fintech development and lower market entry barriers. These changes are risk-based and technology-neutral. Recent legislative projects, including two new regulatory licence types – the so-called fintech licence, also referred to as a “banking licence light” – have created a technology-neutral regulatory framework for accepting deposits of up to CHF100 million from the public without engaging in typical commercial banking activities (see 2.5 Regulatory Sandbox), and the DLT trading facility has created a regulatory framework for a trading venue specific to DLT-based securities.

Alongside these specific measures, fintech companies are also subject to the general legal and regulatory framework summarised in the following (see 2.10 Significant Enforcement Actions).

Banking Legislation

In Switzerland, soliciting and accepting deposits from the public on a professional basis is a restricted activity that requires a full-fledged banking licence from FINMA. The term “deposit” is broadly defined under the Banking Act as any undertaking for own account to repay a certain amount. Deposits are considered “public” when:

• funds are solicited from the public (as opposed to being solicited from banks or professional financial intermediaries, institutional investors, shareholders, employees or other related persons); and
• funds from more than 20 depositors are accepted.

As a result, many business models used, for instance, by payment systems, payment services providers and crowdfunding or crowdlending platforms are considered to involve the solicitation and acceptance of deposits and may fall within the scope of the Banking Act, therefore triggering licensing requirements.

However, fintech companies do not need a banking licence to hold deposits under CHF1 million (see 2.5 Regulatory Sandbox). Similarly, no banking licence is needed if deposits (regardless of amount) are held for less than 60 days on a settlement account. All other deposit-taking activities require either a fintech licence for deposit-taking not exceeding CHF100 million or a full-fledged banking licence. It is also worth noting that funds linked to means of payment, or to a payment system, do not qualify as deposits, provided that:

• the funds serve the purpose of purchasing goods or services;
• no interest is paid on them; and
• the funds remain below a threshold of CHF3,000 per customer.

This exemption may benefit some card payment services and online or mobile payment services. However, they need to ensure that funds stored on user accounts are only for buying goods and services (not for peer-to-peer (P2P) transfers, withdrawals, transfers to a user’s bank account, etc) and never exceed CHF3,000 per customer.

Anti-Money Laundering Legislation

The Federal Anti-Money Laundering Act (AMLA) defines an intermediary as any natural or legal person who accepts or holds deposit assets belonging to others, or assists in the investment or transfer of such assets. This covers everyone who carries out credit transactions (such as consumer loans or mortgages, factoring, commercial financing or financial leasing) or who provides payment transaction services. This affects many emerging business models, such as mobile payment, blockchain and related applications, cryptocurrencies, automated investment advice, crowdfunding and P2P lending. Under this broad scope, many – if not most – fintech companies qualify as financial intermediaries and are generally subject to anti-money laundering (AML) obligations, including compliance with know your customer (KYC) rules (see 2.14 Impact of AML and Sanctions Rules).

Swiss Financial Services Act, Swiss Financial Institutions Act

The Swiss Financial Services Act (FinSA) and Swiss Financial Institutions Act (FinIA) came into force on 1 January 2020. While the purpose of FinIA is to provide a new legal framework governing most financial institutions (ie, asset managers, trustees, managers of collective assets, fund managers and securities firms), FinSA is designed to regulate financial services in Switzerland, whether provided by a Swiss-based business or on a cross-border basis from Switzerland or to clients in Switzerland. The rules are largely based on EU directives – the Markets in Financial Instruments Directive (MiFID II), the Prospectus Directive and Packaged Retail Investment and Insurance-Based Products (PRIIPs) – with adjustments tailored to the Swiss market.

In a nutshell, with regard to fintech, the new legal framework brought additional regulatory requirements to the extent that fintech companies provide financial services in Switzerland or to Swiss clients (application of FinSA) or provide asset management services or other regulated services (application of FinIA and new licensing requirements).

There are no specific rules on the amount of fees that fintech companies may charge their customers. However, Swiss law provides for a number of disclosure obligations in relation to financial service fees, including the following:

• retrocessions, kickbacks, rebates and similar payments or financial benefits need to be disclosed (including payments received from other group companies) prior to entering into a contract/transaction; the disclosure has to be specific and, where the exact fees cannot be calculated at the outset of the transaction, the fee disclosure has to include the relevant percentages and calculation methodologies;
• unless a client has specifically and expressly waived its rights, retrocessions, kickbacks and similar payments need to be handed over in full to the customer; and
• where a key information document (KID) needs to be prepared and handed over to Swiss private clients (ie, with respect to collective investment schemes and structured products), a detailed fee disclosure will have to be included in the KID.

For the sake of completeness, it should be noted that FinSA also provides for certain rules against abusive conduct by financial service providers (such as third-party distributors of the products) that are relevant in relation to fees. For example, a financial service provider may not invoice a price that differs from the effective execution price when processing client orders.

Recently, the legislator’s focus has been on adapting the applicable legal and regulatory framework to the needs of the fintech sector. The Swiss legislator has subsequently introduced three measures within Swiss banking legislation aimed at promoting innovation in the financial sector:

• any amount of monies can now be held on settlement accounts (eg, for crowdfunding projects) for up to 60 days (as opposed to seven days, as was the case);
• a sandbox has been created where companies can accept public deposits of up to CHF1 million without having to apply for a banking or fintech licence, subject to certain conditions, such as disclosures and prohibitions against investing these deposits; and
• there is a new fintech licence suitable for businesses whose activity involves some form of deposit-taking, but without any lending activities involving maturity transformation (see 2.5 Regulatory Sandbox).

In addition to the regulatory sandbox (see 2.4 Variations Between the Regulation of Fintech and Legacy Players), under the fintech licence, a company is allowed to accept public deposits provided that:

• the total amount of deposits does not exceed CHF100 million;
• the deposits do not bear interest (or are not otherwise remunerated); and
• the deposits are not re-invested by the company (ie, they are not used for on-lending purposes).

Fintech licences involve less stringent regulatory requirements than a banking licence. Strict banking equity ratio requirements, as well as liquidity requirements, do not apply. In addition, there are lower minimum capital requirements: fintech licence holders must maintain capital amounting to 3% of public deposits, but in any case not less than CHF300,000. In 2023, FINMA published its revised guidelines for the fintech licence, setting out the information and documentation needed to apply for one. These include a list of all participants holding a direct or indirect interest of 5% in the applicant, information on the governing bodies and the activities of the company, plus a three-year financial forecast.

To be clear, the fintech licence is not a banking licence, and companies operating under such a licence do not qualify as banking institutions and may not be designated as such. By extension, client deposits are not covered by the Swiss deposit protection scheme, and clients must be duly informed of this, as well as of the attendant risks. In March 2020, FINMA granted the first fintech licence to an app-based bank called Yapeal. The other three companies holding a fintech licence are Bivial, Relio and SR Saphirstein. At least two more former fintech licence holders have already been put into liquidation.

FINMA is generally responsible for authorisation, supervision and enforcement under Swiss financial market laws. FINMA adopts a risk-oriented approach to supervision, meaning examinations depend on the risk posed by the respective financial market participant. The applicable financial market laws are enforced by FINMA, which may include administrative measures where necessary. FINMA’s powers include precautionary measures and measures to restore compliance with the law, withdrawing authorisation, liquidating unauthorised companies, issuing industry bans and ordering the disgorgement of profits generated illegally. It can also publish final decisions naming those involved. Since naming companies or individuals is restricted by law, FINMA generally only publishes information on ongoing or completed enforcement proceedings if there is a particular public interest – eg, to protect investors, creditors or policyholders.

Besides FINMA, criminal prosecution authorities and self-regulatory organisations (SROs) are involved in enforcing financial market laws. Where irregularities fall under criminal law, FINMA may file a complaint with the competent authorities (Federal Department of Finance (FDF), Office of the Attorney General and cantonal prosecutors). There are other authorities, such as the Competition Commission and the Federal Data Protection and Information Commissioner, which may also enforce relevant laws.

FINMA has a practice of issuing no-action letters upon request for specific factual circumstances presented to FINMA in detail in writing. FINMA only issues no-action letters as regards regulatory aspects under laws that FINMA enforces (eg, AMLA, FinIA, the Banking Act) but not for any other laws (eg, data protection laws). No-action letters are subject to a fee. Their validity is limited to the requesting party and only to the extent the actually implemented business fully corresponds to the factual circumstances presented to FINMA. Due to the high demand for no-action letters in the fintech sector (approximately 100 per year according to FINMA), FINMA has created a dedicated team for fintech matters that, among others, deals with these requests from the fintech sector. Note that with other Swiss authorities (eg, in the area of data protection), no-action letters are less common.

The outsourcing of significant business areas of regulated entities is subject to certain requirements. In essence, Swiss financial market law sets forth three different outsourcing regimes.

• The outsourcing of a significant business area by a bank (including holders of the fintech licence; see 2.5 Regulatory Sandbox) does not require FINMA approval provided the requirements of FINMA Circular 2018/3 Outsourcing (the “Outsourcing Circular”, which applies to banks, insurers, managers of collective assets, fund managers and securities firms) and applicable data protection legislation are complied with. Courtesy notifications to FINMA should be considered for material outsourcing transactions.
• Under FinIA, financial institutions (eg, asset managers, trustees, securities firms and fund managers) must reflect the functions being outsourced as well as the possibility of sub-outsourcing in their organisational regulations, which are subject to FINMA approval.
• The outsourcing of essential functions by insurance or reinsurance companies domiciled in Switzerland (or Swiss branches of foreign insurance companies) constitutes a business plan change which must be notified to FINMA. Notification must be made within 14 days after the signing date of the outsourcing agreement and is considered approved by FINMA unless an investigation is opened within four weeks after notification has been made.

Each entity subject to one of the foregoing outsourcing regimes continues to bear responsibility for the outsourced business areas, so it must ensure the proper selection, instruction and control of the supplier. Furthermore, it is a common requirement in all outsourcing regimes to conclude a written contract with the supplier that sets out, among other things, clearly assigned responsibilities as well as audit and inspection rights. If a significant function is outsourced, the service provider is subject to information and reporting duties to, and audits by, FINMA.

Regulated entities subject to the Outsourcing Circular must comply with the detailed measures set out therein, including:

• the obligation to keep an inventory of all outsourced services (which must include proper descriptions of the outsourced function, the name of the service provider and any subcontractors, the service recipient and the person or department responsible within the company);
• conclusion of a written contract with the supplier setting out, among others, security and business continuity requirements; and
• if outsourcing to a foreign supplier, ensuring that restructuring or resolving the company in Switzerland remains possible, and that the information required for this purpose is accessible in Switzerland at all times.

Regulated entities subject to FinIA may only delegate tasks to third parties who have the necessary skills, knowledge, experience and authorisations to perform that task.

FINMA-regulated entities, as well as those responsible for their management, must provide guarantees of irreproachable business conduct. Furthermore, regulated entities, as well as their statutory auditors, are required to notify FINMA of any events that are of material relevance to FINMA’s supervision. Therefore, to a certain extent, fintech providers that are FINMA-regulated also act as gatekeepers.

From a civil law perspective and as a general principle, a fintech provider would be liable for damages resulting from negligence or wilful misconduct in breach of applicable law or contractual obligation. However, under Swiss civil law, liability can be limited or even excluded to a large extent by contractual agreement. Civil liability would thus have to be assessed on a case-by-case basis.       

FINMA has executed several enforcement proceedings in the fintech industry, in particular in the case of initial coin offerings (ICOs) that were suspected of acting as a bank without being authorised to do so (ie, accepting deposits from the public without a banking licence; see 2.2 Regulatory Regime). In its annual report 2022, FINMA stressed its supervisory focus on capital and liquidity requirements. In relation to this, FINMA stated in its annual report for 2022 that certain companies holding a fintech licence faced financial obligations that threatened their solvency and/or liquidity. As a result, FINMA had to withdraw a fintech licence for the first time.

Only in very few cases did FINMA make individual enforcement cases public:

• in September 2017, FINMA ruled that the e-coin issued by QUID PRO QUO Association with the involvement of DIGITAL TRADING AG and Marcelco Group AG constituted fake cryptocurrency – in addition, FINMA ruled that the e-coin involved the acceptance of deposits from the public for which the issuer was not authorised (all three entities involved with the e-coin were liquidated);
• in March 2019, FINMA ruled that the EVN-Token issued by envion AG, which offered a repayment claim after 30 years, constituted the acceptance of deposits from the public for which the issuer was not authorised – envion AG had accepted deposits in an amount exceeding CHF90 million from at least 37,000 investors and was already in liquidation prior to FINMA’s order due to violation of corporate law requirements; and
• in May 2023, FINMA ruled that the Dohrnii Foundation and its founder and former managing director had carried out several business activities requiring a licence in the crypto sector without obtaining the relevant licence from FINMA, and that the foundation is currently being liquidated by the competent bankruptcy authority.

FINMA also maintains a warning list on its website of individuals and entities who are presumed to carry out unauthorised activities under financial market regulations.

The processing of personal data by private persons and federal bodies is regulated in particular by the Data Protection Act (DPA) and the Data Protection Ordinance (DPO), which in their recently revised versions entered into force on 1 September 2023. The revised DPA is largely modelled after the EU General Data Protection Regulation (GDPR) and provides for considerable organisational and administrative requirements, as well as significant sanctions. The DPA and the DPO apply, with some exceptions, to the processing of data relating to natural persons. Personal data must be protected against unauthorised processing by appropriate technical and organisational measures.

In addition, the protection of data is, in the banking sector, also governed by the requirements on critical data in the revised FINMA Circular 2023/1 Operational Risks and Resilience – Banks. Critical data is data that, in view of the institution’s size, complexity, structure, risk profile and business model, is of such crucial significance that it requires increased security measures. The criticality of such data is determined by assessing its confidentiality, integrity and availability.

In addition, the Federal Act on Information Security (ISecA) and its implementing ordinances entered into force on 1 January 2024. While the ISecA primarily focuses on government cybersecurity, a revision adopted on 29 September 2023 requires critical infrastructure operators, including private parties, to report cyber-attacks to the National Cyber Security Centre within 24 hours. This obligation will apply, inter alia, to companies that are subject to the Banking Act (see 2.2 Regulatory Regime), Insurance Supervisory Act (ISA; see 8.2 Treatment of Different Types of Insurance) or Financial Markets Infrastructure Act (FMIA; see 6. Marketplaces, Exchanges and Trading Platforms). The new reporting obligation is expected to take effect in the first half of 2025.

With regard to cybersecurity, non-binding guidelines with respect to minimum security requirements for telecommunication services have been issued by the competent regulator – the Federal Office of Communications (OFCOM). However, there is no cross-sector cybersecurity legislation in Switzerland that would generally be applicable to fintech companies.       

The following are the most notable authorities and organisations involved in Swiss financial market regulation.

• Financial intermediaries operating on a commercial basis are subject to AMLA (see 2.2 Regulatory Regime) and must, unless otherwise supervised by FINMA (eg, as a bank), become a member of a self-regulatory organisation (SRO) recognised by FINMA. While having limited enforcement powers, SROs are responsible for supervising compliance with the due diligence obligations of the financial intermediaries. FINMA, in turn, actively supervises the SROs.
• Banks, insurers, managers of collective assets, fund managers and securities firms are required by financial market regulation to mandate an independent audit firm supervised by the Federal Audit Oversight Authority (FAOA) as statutory auditor.
• Under FinIA, asset managers and trustees are required to associate themselves with an independent, privately organised supervisory organisation (SO), while FINMA retains the competence to authorise asset managers and trustees as well as to conduct any respective enforcement proceedings. The ongoing supervision of asset managers and trustees is delegated to the SO, which in turn must obtain authorisation from FINMA and is itself supervised by FINMA.

Furthermore, there are many private for-profit and not-for-profit organisations active in the fintech industry that are helping to define industry standards. Most notably, the Swiss Bankers Association has defined several standards applied by banks – eg, on opening corporate accounts for DLT companies.

Although no specific rules on the conjunction of unregulated and regulated products and services apply, financial service providers are required to take appropriate measures to avoid conflicts of interest. As a general principle, most regulated entities (eg, asset managers, managers of collective assets, insurers) are also required by law to pursue activities only related to their respective regulatory status. FINMA may, however, grant exemptions subject to applicable laws.

Many fintech companies are likely to qualify as financial intermediaries and may, therefore, be subject to AMLA.

Fintech companies subject to AMLA are not only required to join an SRO (unless otherwise supervised by FINMA – eg, as a bank), but AML obligations also include due diligence obligations (including KYC rules and record-keeping obligations), reporting obligations in the event of a suspicion of money laundering or obligations to freeze assets under certain conditions. AMLA is relatively easy to comply with and should not represent a significant entry barrier. However, dealing with the associated costs requires careful planning, and business models may need to be adapted. This applies particularly to fintech companies providing alternative finance (eg, crowd investment) platforms, payment services or the professional purchasing and selling of virtual currencies.

As regards sanction rules, the Federal Council adopted the sanctions packages imposed by the EU in view of the war between the Russian Federation and Ukraine for Switzerland on 28 February 2022. The Federal Council has since consistently updated the Swiss sanctions regime to take account of additional EU sanctions packages that have been enacted in the meantime (subject to very limited exemptions). The Swiss Federal Ordinance is instituting measures in connection with the situation in Ukraine including, among others, financial sanctions against certain listed individuals and businesses and bans on providing certain financial services to Russian nationals as well as individuals and businesses residing in the Russian Federation. Compliance with sanctions may be operationally challenging and requires utmost care, as breaches of sanctions regulations may result in legal and reputational risks for fintech companies. The Swiss State Secretariat for Economic Affairs (SECO) maintains a public website with information and guidance on export control and sanctions.

Switzerland has been a member of the Financial Action Task Force (FATF) since 1990 and, according to the Swiss federal government’s published financial market policy, is actively involved in the work of the FATF for effective and appropriate solutions and the uniform implementation of standards worldwide.

In the FATF’s most recent full assessment of Switzerland’s AML/combatting the financing of terrorism (CFT) regime, the FATF found that it “is technically robust and has achieved good results”, but that it “would still benefit from some improvements”. In its most recent follow-up report, the FATF attested Switzerland has made “progress in addressing the technical compliance deficiencies identified”.

In 2024, the Federal Council published draft legislation that would, among other things, introduce into AMLA a mandatory transparency register on beneficial owners of legal entities and expand AMLA’s applicability to certain advisors, including lawyers. This proposed legislation, which is subject to parliamentary proceedings and will therefore not enter into force before 2026 at the earliest, would address the outstanding deficiencies identified by the FATF.

FinSA generally applies to the provision of financial services in Switzerland or to Swiss residents (see 2.2 Regulatory Regime). However, it contains a reverse solicitation exemption, whereby financial services provided to clients in Switzerland by foreign financial service providers are not covered/governed by the FinSA if:

• the entire client relationship or individual/specific financial services have been requested by clients on their express initiative;
• the relevant specific financial service has not been advertised or solicited by any other means to the relevant client prior to such client’s enquiry; and
• the service in question does not go beyond the scope of the original request.

Therefore, the reverse solicitation results in a narrow exemption and customarily is not sufficient to serve as a business model, as it does not allow for systematic market services in the Swiss market.

Note that reverse solicitation is not relevant for most other Swiss financial market acts (eg, AMLA) as these only apply in case of the service being provided in or from Switzerland (ie, these acts do not apply to cross-border service provision; see also 5.2 Regulation of Cross-Border Payments and Remittances).

In Switzerland, financial advisers that provide financial advice or investment management online, so-called robo-advisers, are growing in popularity. In particular, those between the ages of 24 and 35 are expected to make up the customer base of online investment solutions, since they often adopt new technologies quickly and prefer self-service approaches. There are several companies that pursue a robo-adviser business model based on mathematical rules or algorithms and allocate, manage and optimise clients’ assets.

With regard to automated investment advice, there are no specific applicable rules or regulations. Swiss law is generally technology-neutral and principle-based. FINMA actively contributes to a fintech-friendly legal environment. FINMA regards innovation as key to Switzerland’s competitiveness as a financial centre, but adopts an essentially neutral approach to certain business models and technologies. FINMA has therefore been enhancing the regulatory framework to facilitate client onboarding via digital channels and has reviewed whether specific provisions in its ordinances and circulars disadvantaged some technologies, concluding that very few such obstacles existed. Therefore, FINMA has adopted its guidelines for asset management and has removed the requirement that asset management agreements have to be concluded in writing. Also, FINMA has eased the rules of the onboarding process for new businesses via digital channels.

Concerning legacy players’ implementation of solutions introduced by robo-advisers, see 3.1 Requirement for Different Business Models.

Under FinSA, financial service providers need to ensure that client orders are always executed in the best possible way with regard to the financial terms, timing of execution and other terms and conditions. Providers define, in a best execution policy to be reviewed annually, the criteria necessary for the execution of client orders. This includes the price, costs, timeliness and probability of execution and settlement. Upon the request of the client, the financial service provider evidences that the respective customer trades have been executed in compliance with these criteria. Regulatory best execution requirements do not apply in relation to institutional clients.

Crowdlending refers to loans for funding companies or individuals, which are consequently categorised as borrowed capital. Crowdlending is also known as P2P or social lending because funding is provided by individuals or companies that are not financial institutions or financial intermediaries. Referring to the distinguishing criterion mentioned in the foregoing to differentiate subtypes of crowdfunding, participants (funding providers) receive a payment in return for making their funding available to the project developer (borrower), typically in the form of interest, although participating loans or bond/note issuances are also possible. The amount of interest or return payment varies depending on the risk of the project and borrower, but it is usually lower than what traditional banks charge. There are a number of crowdlending businesses in Switzerland that offer loans to both private persons and companies.

Generally, crowdlending is subject to general financial services regulation, including AMLA (see 2.2 Regulatory Regime). Also, under the Swiss Consumer Credit Act (CCA), only authorised lenders can provide consumer loans. Lenders need to register with the Swiss canton where they are established or, if activities are conducted on a cross-border basis by foreign lenders, with the Swiss canton where they intend to perform their services.

Certain amendments to the consumer credit legislation came into force on 1 April 2019. Consumer loans that are obtained through a crowdlending platform are required to comply with the same consumer protection provided by the law as if they were extended by a professional lender. Certain implementing provisions in the Consumer Credit Ordinance have also been adopted, such as access to consumer credit information systems and professional indemnity insurance requirements for crowdlending platforms.

Concerning underwriting processes, see 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities.

Concerning the syndication of fiat currency loans, see 4.1 Differences in the Business or Regulation of Loans Provided to Different Entities.

With regard to loans and loan syndication, it is predominantly banks that are active in the relevant market in Switzerland. There are a number of reasons for this, one being the Swiss tax law rules commonly referred to as the “Swiss non-bank rules”. The basis for these rules is that, under Swiss domestic tax law, payments by a Swiss borrower under bilateral or syndicated financing are generally not subject to Swiss withholding tax. This, however, requires compliance with Swiss non-bank rules. In a nutshell, these rules require that:

• a syndicate does not consist of more than ten lenders that are not licensed as banks, if there is a Swiss obligor (the ten non-bank rule);
• a Swiss obligor does not, in aggregate (ie, not on a transaction-specific level), have more than 20 lenders that are not licensed as banks (the 20 non-bank rule); and
• a Swiss obligor does not, in aggregate (ie, not on a transaction-specific level), have more than 100 creditors not licensed as banks under financings that qualify as deposits within the meaning of the relevant rules (the 100 non-bank rule).

To ensure compliance with the Swiss non-bank rules, a number of provisions are included in facility agreements with Swiss borrowers, guarantors or security providers. Depending on the structure, these include assignment and transfer restrictions that limit the ability of lenders to sell down the facilities to more than a specified number of non-bank lenders.

The payment market in Switzerland has undergone significant changes in recent years. Since the introduction of the first mobile payment app, the Swiss market has experienced a surge of new entrants, leading to a rapid consolidation process. There are many electronic payment systems that rely, at least partially, on classic credit or debit card payment schemes; they use technology to facilitate payments at the point of sale in the context of e-commerce or, in some cases, between individuals (P2P). A recent study found that in 2024, for the first time, mobile payment became the most used form of payment in Switzerland. Also, the Swiss interbank clearing in 2024 introduced instant payments for the first time for around 60 participating institutions, covering approximately 95% of the Swiss retail payment market.

Besides credit and debit card-based payments, some payment apps can be linked to traditional bank accounts with partnering banks. The user experience is similar, but the payment is executed as a bank transfer – ie, the payer authorises the payment service provider to deduct the relevant amount from their bank account and to transfer it to the recipient’s bank account (often routed via a bank account of the payment service provider, subject to a fee). These systems are often operated or sponsored by banks and may therefore be subject to fewer regulatory constraints.

The Swiss AML regime (see 2.2 Regulatory Regime and 2.14 Impact of AML and Sanctions Rules) only covers financial intermediaries that have a physical presence in Switzerland and generally does not extend to foreign institutions active on a cross-border basis. For example, foreign payment service providers operating exclusively through electronic channels or the internet are usually not subject to AMLA. However, regardless of AMLA’s application, the general prohibition against money laundering under criminal law still applies. Institutions offering cross-border payments in or from Switzerland would of course have to be fully compliant with AMLA, including on KYC.

FinSA applies to financial services, defined as certain services in relation to financial instruments and not including typical payment services.

Marketplaces and trading platforms are regulated by the Financial Markets Infrastructure Act (FMIA). Under the FMIA, organised trading facilities for the multilateral trading of securities and other financial instruments require authorisation from FINMA. Trading facilities can seek authorisation as either a stock exchange or a multilateral trading facility. Furthermore, authorised banks, marketplaces (ie, stock exchanges or multilateral trading facilities) and securities firms may also operate an organised trading facility without additional authorisation.

The FMIA also regulates payment systems. However, they do not need authorisation from FINMA, unless the payment system’s authorisation is essential for the financial market’s proper functioning or the protection of its participants. Currently, there is no authorised payment system in Switzerland. The Federal Council has recently proposed draft legislation that would clarify and potentially slightly expand the scope, but such legislation will enter into force in 2027 at the earliest.

Regarding the trading of digital assets, the DLT/blockchain legislation introduced, in 2021, the so-called DLT trading facility as an additional licence (see 10.2 Local Regulators’ Approach to Blockchain). The main differences from the current regulation are that the new DLT trading facility licence allows individuals to participate in such a trading facility without an intermediary, and settlement and trading services are to be provided by a single entity. There is currently no licensed DLT trading facility.

The FMIA essentially differentiates between two asset classes:

• derivatives or derivative transactions – financial contracts whose value depends on one or several underlying assets and which are not cash transactions; and
• securities – standardised certificated and uncertificated securities, derivatives and intermediated securities, which are suitable for mass trading.

With respect to derivatives, the FMIA foresees additional obligations, such as:

• clearing through a central counterparty;
• the use of authorised trading facilities; and
• position limits in the case of commodity derivatives.

The FMIA is generally technology-neutral and applies identically to tokens that meet the criteria to constitute a security or a derivative. The one relevant exemption is that there is a separate DLT trading facility, which is a trading venue for DLT-based securities only (see 10.2 Local Regulators’ Approach to Blockchain).

By definition, decentralised systems are particularly vulnerable to anonymity risks. Indeed, in contrast to traditional financial services, virtual currency users’ identities are generally unknown, although in most cases, they are only pseudonymous, and there may be no regulated intermediary that serves as a gatekeeper to mitigate money laundering and financing of terrorism risks. Most virtual currencies, such as Bitcoin and Ether, use a pseudonymous blockchain, meaning that a user’s identity is not linked to a particular wallet or transaction. However, while a user’s identity is not visible on the distributed ledger, anyone can access and view the transaction information – such as dates, value and the counterparties’ addresses – that is publicly recorded on it. Therefore, enforcement authorities can, in the course of their investigations, track transactions where a user’s identity is linked to an account or address (such as wallet providers or exchange platforms).

Swiss AML legislation does not provide for a definition of virtual currencies. However, since the revision of the FINMA AML Ordinance in 2015, exchange activities in relation to virtual currencies – eg, money transmission with a conversion of virtual currencies between two parties – are subject to AML rules. In general, the exact scope of regulation applicable to cryptocurrency exchanges depends on the level of decentralisation and activities involved (see 6.1 Permissible Trading Platforms) as well as the economic function and transferability of the blockchain-based units – ie, tokens (see 10.2 Local Regulator’s Approach to Blockchain and 10.3 Classification of Blockchain Assets).

Most recently, FINMA issued specific guidance for the staking of crypto-assets and for stablecoins in 2023 and 2024, respectively.

The FMIA requires authorised stock exchanges and multilateral trading facilities to implement appropriate self-regulation, which is binding on the respective participants. SIX Swiss Exchange, as the dominant stock exchange, issues listing rules that have been amended to reflect the new financial market regulation (see 2.2 Regulatory Regime).

The FMIA requires authorised stock exchanges and multilateral trading facilities to implement rules on orderly and transparent trading, and to monitor trading in order to detect violations of statutory and regulatory provisions. The detailed rules are thus issued by the relevant trading facility – eg, SIX Swiss Exchange. Furthermore, best execution rules apply (see 3.3 Issues Relating to Best Execution of Customer Trades). Note that these rules would not apply to tokens that do not constitute a security.

Under the FMIA, organised trading facilities for trading securities and other financial instruments require the relevant FINMA authorisation (see 6.1 Permissible Trading Platforms), which includes strict limitations – eg, on authorised participants in such a trading facility. The new DLT trading facility allows, to a certain extent, for P2P trading of digital assets (see 6.1 Permissible Trading Platforms).

The rules on best execution (see 3.3 Issues Relating to Best Execution of Customer Trades) as well as the general principles on fees apply (see 2.3 Compensation Models).       

The FMIA is designed to ensure the transparency and proper functioning of the securities markets, and stipulates two types of market abuse, which are described in the following.

Insider Trading

The use of insider information is unlawful if the person knows or should know that it is insider information and such person:

• exploits it to buy or sell securities admitted to trading on a trading venue in Switzerland or to use financial instruments derived from such securities;
• discloses it to another person; or
• exploits it to recommend to another person the acquisition or sale of securities admitted to trading on a trading venue in Switzerland or to use financial instruments derived from such securities.

Market Manipulation

It is unlawful to publicly disseminate information, or to carry out transactions or give buy or sell orders, if the person knows or should know that such behaviour gives false or misleading signals regarding the supply, demand or price of securities admitted to trading on a trading venue in Switzerland.

In addition, most FINMA-supervised institutions must also meet certain organisational requirements regarding market integrity, which FINMA has detailed in its Circular 2013/8 Market Conduct Rules. The requirements include investigating trades that may involve unlawful market behaviour (if there are clear indications of this), handling insider information in a way that prevents unlawful market behaviour and enables its detection, ensuring that people who decide on securities and/or derivative transactions do not have access to insider information and monitoring employee transactions. Note that Circular 2013/8 in principle also applies to markets where the FMIA rules on insider trading and market manipulation do not apply (eg, trading outside of stock exchanges, including in tokens).

Algorithmic trading is based on computer algorithms that automatically determine the triggering and individual parameters of an order (such as time, price or quantity). High-frequency trading is an extension of algorithmic trading, having very low delays in order transmission and, usually, a short-term trading strategy. Its distinctive feature is a high number of order entries, changes or deletions within microseconds.

The FMIA and the related Financial Market Infrastructure Ordinance (FMIO) have introduced measures to address certain negative effects of algorithmic trading and high-frequency trading. The regulation follows international standards and is based on EU law.

Specifically, stock exchanges, multilateral trading systems and organised trading systems must ensure orderly trading. In particular, they must ensure that their trading systems are in a position to temporarily suspend or restrict trading if there is a significant price movement in the short term as a result of an effect on this market or a neighbouring market (so-called circuit breakers). It must also be possible to identify orders generated by algorithmic trading.

In addition, traders who engage in algorithmic trading and high-frequency trading are subject to various obligations. In particular, they must ensure their systems cause no disruption to the trading venue and are subject to appropriate testing of algorithms and control mechanisms. Furthermore, certain transparency requirements apply (see 7.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity). It should be emphasised that higher fees may be charged for typical high-frequency trading techniques.

Pursuant to the FMIO, authorised trading facilities are required to impose upon all participants an obligation to notify the trading facility of the use of algorithmic trading and to flag all orders made by algorithmic trading.

In addition, a market participant requires authorisation as a securities firm by FINMA pursuant to FinIA if:

• it trades in securities in its own name for the account of clients;
• it trades in securities for its own account on a short-term basis and publicly quotes prices for individual securities upon request or on an ongoing basis; or
• it trades in securities for its own account on a short-term basis, operates primarily on the financial market and is a member of a trading facility.

The transparency requirements in relation to algorithmic trading apply to all market participants alike (see 7.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity). In addition, fund managers are subject to the regulatory regime under FinIA, and funds are governed by the Collective Investment Schemes Act, while dealers may qualify as securities firms (see 7.2 Requirement to Register as Market Makers When Functioning in a Principal Capacity).

Under Swiss law, there is no specific regulation of programmers and programming. However, the FMIA requires marketplaces to identify and monitor algorithmic and high-frequency trading (see 7.1 Creation and Usage Regulations), which may indirectly affect programmers and programming.

In Switzerland, insurtech has been growing fast, in part due to organisations pursuing business models that are based on general challenges faced by traditional insurers, such as new regulatory frameworks, alternative capital sources and ongoing low interest rates. In general, traditional insurers face lower barriers when entering the insurtech market as they already have the required licences and can focus on developing the technology.

To date, there is no specific legislation governing insurtech business models. Therefore, any regulatory implications for insurtech models must be assessed based on the general principles governing insurance services provision, especially those related to FINMA’s insurance supervision objectives. The revised insurance regulations have introduced, among other things, more stringent requirements for insurance intermediation and new criteria for supervision by FINMA as of 1 January 2024.

Swiss insurance supervisory law contains specific provisions for different types of insurance. ISA distinguishes between three kinds of insurance: life insurance, indemnity/non-life insurance and reinsurance. A key point is that life insurers can only offer casualty and sickness insurance besides life insurance. Different rules also apply with regard to capital requirements. Moreover, mandatory sickness insurers follow a completely different regulatory regime under Swiss law. While FINMA is the competent supervisory authority under ISA, the Federal Office of Public Health supervises insurers providing mandatory sickness insurance. Recently revised legislation, which entered into force on 1 January 2024, brought considerable simplifications for reinsurers as well as insurers that only serve professional clients. Also, the rules applicable to insurance intermediaries were revised and generally brought additional requirements and obligations for untied insurance intermediaries (such as insurance brokers).

Regtech is a type of fintech focusing on technologies and software that helps companies meet regulatory requirements and stay compliant in a cost-effective and comprehensive way. Regtech software can automate compliance tasks and monitor and detect risks on an ongoing basis.

There is currently no specific legislation governing regtech. FINMA has generally welcomed tech applications that help supervised entities comply with regulatory requirements. FINMA may define technical standards and formats if and when there is a market need for them.

The general requirements on outsourcing apply when regulated financial service firms use regtech providers (see 2.8 Outsourcing of Regulated Functions). Depending on the specific services involved, a regtech provider must also comply with a service-level agreement and provide for service credit payments and other remedies in order for the customer to measure and enforce performance and accuracy.

DLT, such as various types of blockchain, has been the focus of many public and private initiatives. First, traditional fundraising techniques and processes have been challenged in the last couple of years by the emergence of a new form of capital raising by start-ups in the form of ICOs or token-generating events based on DLT. With the advance of this technology, the focus is now shifting on tokenising traditional assets such as shares and other securities, as well as DLT-based payment solutions.

Some Swiss companies have already issued shares on the blockchain, and FINMA has granted banking licences to two dedicated blockchain service providers, AMINA Bank (formerly Seba) and Sygnum. Driven by the fast-moving industry, traditional players such as banks are also increasingly offering services in relation to digital assets and blockchain-related businesses. For example, many of the incumbent banks now offer custody and trading for digital assets. However, few banks have built their own custody and trading infrastructure (eg, Swissquote); most banks rely on a handful of specialised players. Some banks have recently been conducting pilots – eg, in the tokenising of traditional assets or in blockchain-based payments, which seem to be further areas of interest for traditional players. Also of note is the Swiss National Bank’s ongoing Project Helvetia, piloting wholesale central bank digital currency with participating institutions.

Several industry bodies, such as the Swiss Bankers Association, Crypto Valley Association and the Capital Market and Technology Association, are promoting the growing blockchain-based business model for traditional and new players alike.

In Switzerland, the general rules largely apply with regard to risks, liability, intellectual property, AML and data privacy.

Regarding the application of the existing regulations on tokens and ICOs, FINMA published corresponding guidelines in 2018. Generally, FINMA focuses on the economic function and purpose of the tokens, as well as whether they are tradeable or transferable, in order to classify them as either payment tokens (including cryptocurrencies), utility tokens or asset tokens. The classification of the tokens has an impact on the applicable legal and regulatory framework (see 10.3 Classification of Blockchain Assets). Since then, FINMA has issued further guidelines on money laundering on blockchain, stablecoins and, most recently, staking services.

In 2021, new legislation designed to increase legal certainty by removing hurdles for DLT-based applications and limiting risks of misuse entered into force. In a nutshell, the legislative amendments include:

• a civil law change aimed at increasing legal certainty in the transfer of DLT-based assets;
• the possibility of segregation of crypto-based assets in the event of bankruptcy; and
• a new authorisation category, called DLT trading facilities, where such facilities may provide services in the areas of trading, clearing, settlement and custody with DLT-based assets (see 6.1 Permissible Trading Platforms).

Overall, these legislative amendments increase market access for fintech companies in the DLT/blockchain field by improving legal certainty and removing certain regulatory barriers.

FINMA guidelines define three types of token.

• Payment tokens are synonymous with cryptocurrencies and offer no further functions or links to projects. They may, in some cases, only gain the necessary functionality and become accepted as a means of payment over a period of time – FINMA requires compliance with AML regulations but does not treat such tokens as securities.
• Utility tokens are tokens that are intended to provide access to a digital functionality or a service; they do not qualify as securities, unless they function, at least partially, as an investment in economic terms.
• Asset tokens represent assets such as participation in real physical assets, companies, earning streams or an entitlement to dividends or interest payments. Their economic function is, dependent on the terms, analogous to equities, bonds or derivatives – FINMA generally considers asset tokens as securities.

FINMA has recently issued separate guidelines on how they treat stablecoins under Swiss law, it being understood that stablecoins are a subgroup of payment tokens.

Other authorities (eg, tax authorities) use alternative classifications that are suited to the particular circumstances they are facing.

Concerning the regulation of “issuers” of blockchain assets, see 10.3 Classification of Blockchain Assets.

Concerning the regulation of blockchain asset trading platforms, see 10.3 Classification of Blockchain Assets.

FINMA issued new guidelines in 2023 setting out how they treat staking in their practice. On the one hand, FINMA set out the requirements for licensed institutions offering staking while keeping the clients’ tokens off the institution’s balance sheet. On the other hand, FINMA set out that staking may also be offered by non-licensed institutions, provided that the assets are not in collective custody (which would, however, customarily be the case in case of so-called staking pools) and that AML rules are complied with.

FINMA also pointed out that certain legal uncertainties remain, in particular as regards bankruptcy laws.

There are no specific laws on crypto-related lending. Therefore, the “normal” financial services regulation applies, including the CCA (see 4.1 Differences in the Business or Regulation of Fiat Currency Loans Provided to Different Entities). However, note that lending itself is not an activity that would require a licence by FINMA, unless the institution takes on deposits for its lending activities, in which case a licence under the Banking Act (ie, a fintech licence or a full-fledged banking licence) would be required.

As the Swiss financial market law is generally technology-neutral, cryptocurrency derivatives are regulated as derivatives under the applicable legislation, in particular the FMIA and FinSA.

No specific rules on decentralised finance (DeFi) are in place. FINMA, according to its annual report, applies the existing financial market legislation, including any licensing requirements, in a technology-neutral way, including to DeFi projects.

As a rule of thumb, truly decentralised projects would typically not trigger licensing requirements in Switzerland, whereas for projects where an individual or legal entity in Switzerland either provides financial services in relation to such DeFi project or actually controls the underlying assets or even the DeFi project itself (eg, by way of governance tokens), licensing requirements under Swiss financial market laws may be triggered.

On this basis, Switzerland has recently become quite a popular hub for DeFi projects.

Funds may invest in crypto-assets in accordance with the applicable legislation, in particular the Collective Investment Scheme Act (CISA). Most types of funds under the CISA have to be approved by FINMA, and FINMA has so far only approved a limited number of funds that invest in crypto-assets. One reason for this may be that funds must also have most of their assets in custody with a licensed bank, and only a handful of Swiss banks are licensed under the CISA to provide custody services to funds (which may not be the banks who have a crypto custody offering).

Since 1 March 2024, it has been possible to set-up so-called limited qualified investor funds (L-QIFs). Unlike all other Swiss fund types, L-QIFs may be set up and managed by duly licensed institutions without approval by FINMA of the specific fund. It is expected that the L-QIF may be a suitable vehicle for investments in crypto-assets. Note that the L-QIF can only be distributed to qualified investors as defined in the CISA.

Transactions in cryptocurrencies may be carried out on an anonymous basis, and related money laundering risks are accentuated by the speed and mobility of the transactions made possible by the underlying technology. KYC is the cornerstone of AML and CFT due diligence requirements, and is generally imposed on financial institutions whose AML/CFT legislation is aligned with international standards (see 2. Fintech Business Models and Regulation in General). KYC requires that financial institutions duly identify and verify their contracting parties (ie, customers) and the beneficial owners (namely when their contracting parties are not natural persons) of such assets, as well as their origin.

KYC, along with transaction monitoring, enables the tracing of assets and their source. This helps identify indications of money laundering and terrorist financing through the creation of a paper trail. With respect to DLT/blockchain applications, one of the challenges is that KYC and other AML/CFT requirements are designed for a centralised intermediated financial system in which regulatory requirements and sanctions can be imposed by each jurisdiction at the level of financial intermediaries operating on its territory (ie, acting as gatekeepers).

In contrast, virtual currency payment products and services rely on a set of decentralised cross-border virtual protocols and infrastructure elements, neither of which has a sufficient degree of control over, or access to, the underlying value (asset) and/or information, meaning that identifying a touch-point for implementing and enforcing compliance with AML/CFT requirements is challenging.

The Swiss approach to the regulation of crypto-assets is technology-neutral and prioritises substance over form. This means that if crypto-assets, such as non-fungible tokens (NFTs), perform a function similar to that of a traditional financial or payment instrument, the regulations governing such instruments would generally apply to the crypto-asset as well. Therefore, whether an NFT and/or an NFT platform triggers regulatory obligations for the parties involved depends on the underlying rights represented by such NFT (if any). To classify an NFT as a payment, utility or asset token, and to determine the regulatory consequences (see 2.2 Regulatory Regime and 10.3 Classification of Blockchain Assets), it is therefore necessary to identify the rights it represents. As a rule of thumb, NFT projects where each NFT is actually unique and not fungible would not trigger licensing requirements in Switzerland.       

Swiss banks have adopted the open banking concept and are implementing innovative business models, particularly in relation to banking infrastructure. This infrastructure may include open banking interfaces (application programming interfaces; APIs), identity and security management systems, information and transaction platforms, finance management systems and financial compliance systems. In May 2023, a group of approximately 40 banks signed a memorandum of understanding on multibanking to foster the adoption of open banking with the goal of enabling initial multibanking offerings for individuals by mid-2025 (memorandum of understanding; MoU). In particular, the MoU aims to improve interoperability and data exchanges between banks, fintechs and other financial institutions, thereby providing customers with a comprehensive overview of their finances.

Currently, there is no specific legislation governing open banking in Switzerland (unlike, for example, in the EU). However, the Federal Council set targets for the adoption of open banking in December 2022 and continuously monitors the progress and the eventual need for specific legislation. In its most recent assessment in June 2024, it concluded that the targets have not been fully met and that the next assessment will be performed by the end of 2025.

Given the importance of digital transformation for banks and the large size of Switzerland’s established financial sector, fintech organisations specialising in banking infrastructure have access to a large pool of potential customers. The need to meet customer expectations and deliver financial benefits (in terms of increased revenue and reduced operational costs) has accelerated the adoption of open banking solutions, including those based on bank as a platform (BaaP).

Open banking raises several concerns in areas such as data protection, IT security and Swiss banking secrecy. The success of open banking in Switzerland will depend heavily on providing transparent information to clients, obtaining the necessary consents and waivers and adhering to the highest standards of IT security. The slow adoption of open banking in Switzerland may be due to Swiss banking secrecy and the lack of a common standard for open banking, despite an increasing number of open banking initiatives from private actors.

Under Swiss law, the concept of fraud is primarily understood in a criminal context as an offence punishable under the Swiss Criminal Code (SCC), with criminal liability also being applicable to corporations under certain conditions. To qualify as an offence of fraud under the SCC, the perpetrator must:

• deceive the victim – eg, by making false representations, concealing true facts or reinforcing an erroneous belief;
• act maliciously, which is the case when the perpetrator uses a structure of lies, fraudulent manoeuvres or staging to deceive the victim – in case of a mere statement of false information by the perpetrator, this may also be considered malicious if the perpetrator either discourages the victim from verifying the information or foresees that the victim will not verify it due to a special relationship of trust;
• act wilfully and with the intent of unlawfully securing financial gain for itself or a third party; and
• trigger an error on the part of the victim and cause the victim to act to the detriment of its own financial interest or those of a third party, thereby suffering damage.

In addition to this general notion of fraud, other criminal offences under the SCC applicable in a commercial context may include, to a certain extent, fraudulent and/or injurious conduct, such as forgery of documents, criminal mismanagement and misappropriation, maliciously causing financial loss to another, bribery and corruption offences and money laundering. Beyond the SCC, Swiss financial market laws, as applicable, further provide for certain criminal provisions relating to fraudulent and/or injurious conduct.

Finally, Swiss financial market laws, as applicable, require certain organisational measures, which may include adopting fraud prevention and detection measures. Such obligations may arise, for example, from regulations on risk management and internal controls (eg, specified for the banking sector in the FINMA Circular 2023/1 Operational Risks and Resilience – Banks), AML obligations and sanctions rules (see 2.14 Impact of AML and Sanctions Rules) as well as market integrity (see 6.8 Market Integrity Principles).

In Switzerland, criminal offences, including fraud (see 12.1 Elements of Fraud), are generally prosecuted by either the competent cantonal public prosecutor’s office or the federal prosecution office of the Swiss Confederation – that is, the Office of the Attorney General of Switzerland (OAG), depending on the specific circumstances of the case. The cantons and Swiss Confederation may further delegate the prosecution and adjudication of contraventions to administrative authorities. Under such delegation, the FDF is the authority responsible for prosecuting violations of the criminal provisions of the Swiss financial market laws.

In addition, fraud or non-compliance with organisational measures under applicable Swiss financial market laws in relation to an entity subject to prudential supervision by FINMA may lead to regulatory investigation and administrative enforcement (see 2.6 Jurisdiction of Regulators). Furthermore, if FINMA obtains knowledge of criminal offences, it must notify the competent criminal prosecution authorities and may collaborate in exchanging information. In 2022, FINMA filed five criminal complaints with the cantonal prosecutor’s office, eight with the OAG and 145 with the FDF. FINMA is, however, not empowered to prosecute criminal charges on its own initiative.

Both the Swiss crime statistics and FINMA’s enforcement statistics on offences reported to criminal authorities do not indicate the exact motives for or underlying types of registered criminal fraud offences, nor the corresponding regulatory focus. As a general note, 29,314 criminal fraud offences were recorded in Switzerland in 2022. FINMA’s general enforcement actions in the fintech industry are described in 2.10 Significant Enforcement Actions.

The liability of a financial services provider has to be assessed based on the specific contractual arrangements it has in place with a given client. Generally speaking, under Swiss law a contractual counterparty becomes liable if it has breached its contract with the customer and has thereby caused the customer damage in a so-called adequately causal manner and provided that it cannot prove that no fault is attributable to it.