Switzerland Financial Crime & AML Compliance: Regulators, Laws, and What Foreign Banks Need to Know

Who regulates financial crime in Switzerland?

FINMA (Swiss Financial Market Supervisory Authority) is Switzerland's integrated financial regulator. Its mandate covers banks, securities dealers, insurance companies, collective investment schemes, financial market infrastructure, and the broader population of financial intermediaries. On the AML side, FINMA's authority derives from the Anti-Money Laundering Act (AMLA) and is detailed in the FINMA Anti-Money Laundering Ordinance (AMLO-FINMA, SR 955.033.0). When FINMA identifies serious deficiencies, it can issue enforceable orders, appoint independent auditors, restrict business activities, order disgorgement of profits, or revoke a banking licence. It's not a regulator that issues warnings and moves on.

MROS (Money Reporting Office Switzerland) is Switzerland's Financial Intelligence Unit, housed within the Federal Office of Police (fedpol). MROS receives, analyses, and disseminates all suspicious transaction reports filed by financial intermediaries. According to the MROS 2022 Annual Report, the office received 9,504 STRs that year, a 30% increase from 2021, with reported suspicious assets totalling CHF 2.96 billion. Cases meeting the threshold for criminal prosecution are forwarded to cantonal or federal prosecution authorities.

The Federal Department of Finance oversees the legislative framework for AML/CFT, proposes revisions to AMLA, and chairs the Interdepartmental Coordinating Group on Combating Money Laundering and the Financing of Terrorism (CGMF), which coordinates policy across federal agencies.

One structural feature that trips up foreign institutions: Switzerland operates a Self-Regulatory Organisation (SRO) system. Non-bank financial intermediaries, including independent asset managers not yet licensed under the Financial Institutions Act (FINIG), money service businesses, and fiduciaries, can affiliate with a FINMA-accredited SRO instead of seeking direct supervision. SROs conduct their own AML audits under FINMA oversight. This creates a two-tier supervisory structure, and foreign banks considering Swiss operations need to map it before onboarding Swiss counterparties.

Official sources: FINMA, MROS/fedpol, Federal Department of Finance.

What are the key AML and fraud laws in Switzerland?

The Anti-Money Laundering Act (AMLA, Geldwäschereigesetz GwG, SR 955.0) is the primary statute. First enacted in 1997 and substantially revised in 2021, with key provisions entering force in January 2023, AMLA requires financial intermediaries to verify customer identity, identify the ultimate beneficial owner (UBO) of legal entities, establish the purpose and nature of each business relationship, and file a suspicious transaction report with MROS when facts suggest assets are proceeds of a predicate offence. The 2021 revision extended AMLA obligations to lawyers, notaries, and fiduciaries performing financial transactions, partially closing a gap FATF flagged in its 2016 mutual evaluation.

Money laundering is a criminal offence under Article 305bis of the Swiss Criminal Code (StGB). The base sentence is up to three years' imprisonment or a fine; aggravated cases involving professional offending or organised crime carry up to five years. Article 305ter creates separate liability for failure to exercise due diligence in financial transactions, exposing compliance officers and front-office staff who knowingly accept assets without adequate verification.

FINMA's implementing rules sit in the Anti-Money Laundering Ordinance (AMLO-FINMA, SR 955.033.0) and Circular 2011/01 on AML. The Convention on Due Diligence of the Banks (CDB 20), a self-regulatory code issued by the Swiss Bankers Association with FINMA backing, sets the operational standard for customer identification. It's not optional; FINMA treats CDB 20 compliance as a supervisory requirement.

The Embargo Act (EmbG, SR 946.231) governs sanctions. Switzerland implements UN Security Council measures and has adopted autonomous sanctions packages: most significantly, the measures against Russia and Belarus introduced from February 2022, administered by SECO.

The new Federal Act on Data Protection (nFADP, nDSG, SR 235.1), in force from 1 September 2023, governs all personal data processing, including KYC and AML records. Breach notification to the Federal Data Protection and Information Commissioner (FDPIC) is required within 72 hours. Unlike GDPR, nFADP applies only to natural persons, but its extraterritorial reach for organisations processing data of Swiss residents is comparable.

Switzerland's DLT Act (2021) brought distributed-ledger trading facilities and virtual asset service providers under full AMLA supervision. FINMA applies the same AML requirements to VASPs that it applies to banks, consistent with FATF Recommendation 15 on new technologies. The risk-based approach of FATF Recommendation 1 runs through all of these statutes.

What controls do Switzerland regulators expect?

Customer due diligence under AMLA Article 3 requires identity verification at the start of any business relationship and for occasional transactions exceeding CHF 25,000 (CHF 1,000 for wire transfers under the Funds Transfer Regulation). For legal entities, verification extends to the beneficial owner under Article 4. Enhanced due diligence applies to politically exposed persons, complex corporate structures involving trusts or offshore vehicles, customers from FATF high-risk countries, and relationships where the source of funds is unclear.

Transaction monitoring must be continuous and risk-calibrated. FINMA Circular 2011/01 expects institutions to detect unusual patterns, document the rationale for monitoring rules, and update their typologies regularly. A monitoring system calibrated in 2019 and never reviewed isn't going to satisfy an examiner in 2025.

Sanctions screening against the SECO consolidated list and the UN Security Council consolidated list is a baseline expectation. Since February 2022, Switzerland's autonomous Russia and Belarus sanctions packages have added significant screening complexity. Asset freeze and reporting obligations apply to any institution with potential exposure to designated persons or entities.

PEP screening under AMLA Article 13, consistent with FATF Recommendation 12, requires enhanced due diligence for domestic and foreign PEPs, their family members, and known close associates. Swiss private banks have historically been high-risk for PEP-related flows; FINMA applies heightened scrutiny here.

Filing an STR (suspicious transaction report) with MROS is mandatory under AMLA Article 9 on formation of reasonable suspicion. There's no discretion. Tipping off the customer is prohibited from the moment suspicion forms. On filing, the institution must freeze related assets for five banking days; MROS or prosecution authorities can extend the freeze.

Record-keeping under AMLA Article 7 runs for ten years from the end of the business relationship. That covers all CDD documents, transaction records, and STR filing history.

What is unique about compliance in Switzerland?

Three features distinguish Switzerland from other major financial centres, and all three have caught foreign banks off guard.

Banking secrecy still exists, but its scope is narrow. Article 47 of the Banking Act creates criminal liability for disclosing client information to unauthorised parties. But international exchange under the OECD Common Reporting Standard (CRS) and FATCA (Switzerland has a Model 2 IGA) has effectively ended secrecy for tax purposes. Swiss banking secrecy doesn't shield accounts from cross-border regulatory cooperation, but it does complicate internal data-sharing between a Swiss branch and its foreign parent. Get legal clearance before building group-level data aggregation.

Beneficial ownership transparency lags the EU. The 2021 AMLA revision requires legal entities to maintain internal UBO records accessible to FINMA, and bearer shares were abolished in 2019. But Switzerland still lacks a publicly searchable central beneficial ownership register. Compliance teams at foreign institutions dealing with Swiss counterparties can't rely on a registry lookup; they need independent verification. FATF's 2016 mutual evaluation of Switzerland flagged this gap. It hasn't fully closed.

Crypto compliance is serious, not permissive. Switzerland's reputation as "Crypto Valley" attracts DLT companies, but FINMA applies AMLA in full to VASPs. The DLT Act (2021) created a licensed DLT trading facility category, and FINMA's travel-rule implementation requires VASPs to exchange originator and beneficiary information on transfers, consistent with FATF Rec 15. Foreign crypto firms setting up in Zug or Zurich face the same CDD and STR obligations as traditional banks.

The commodities sector is a known exposure. Geneva and Zug host major commodity trading firms. FATF's 2016 evaluation specifically identified Switzerland's vulnerability to money laundering through trade finance and commodity flows. Financial institutions providing payment or financing services to commodity traders should treat this as an elevated-risk sector and apply enhanced due diligence accordingly.

The SRO system creates a compliance asymmetry worth understanding: two firms doing similar activities may be supervised directly by FINMA or through an SRO, with different audit cycles and enforcement timelines. Foreign banks onboarding Swiss financial intermediary counterparties need to establish which regime applies.

Recent enforcement actions in Switzerland

Switzerland's enforcement record over the past decade clusters around two high-profile themes: the 1MDB scandal and the Credit Suisse criminal conviction.

BSI Bank (FINMA, June 2016). FINMA found that BSI Bank, a subsidiary of Generali Group, had seriously violated AMLA obligations through its handling of funds connected to 1Malaysia Development Berhad. FINMA ordered BSI to disgorge CHF 95 million in illicit profits and initiated licence revocation proceedings. BSI transferred its operations to EFG International and left the Swiss market. The case showed how PEP relationships and state investment vehicles can generate institution-wide AML exposure when relationship managers operate without effective oversight.

Falcon Private Bank (FINMA, October 2017). Also implicated in 1MDB flows, Falcon Private Bank had its Swiss banking licence revoked. FINMA ordered disgorgement of CHF 2.5 million in profits and made criminal referrals to federal prosecution authorities. The regulator noted that compliance officers had been bypassed by senior management in approving the relevant transactions.

Credit Suisse (Federal Criminal Court, June 2022). The Swiss Federal Criminal Court at Bellinzona convicted Credit Suisse of failing to prevent money laundering by a Bulgarian cocaine trafficking organisation. The bank was fined CHF 2 million and ordered to disgorge CHF 19.6 million in illicit proceeds. This is the first criminal conviction of a Swiss bank as a corporate entity for money laundering. Credit Suisse subsequently merged with UBS in March 2023, with UBS inheriting the criminal proceedings.

For broader context on what systemic correspondent banking failures look like, the Danske Bank 2018 enforcement action involving EUR 200 billion in suspicious flows through a single Baltic branch remains the clearest benchmark. Swiss institutions with correspondent relationships to emerging-market banks face analogous concentration risks.

FINMA publishes enforcement decisions at finma.ch/en/enforcement.

What foreign banks operating in Switzerland need to know

Licensing. A representative office requires FINMA notification but can't accept deposits or conduct regulated activity. A branch or subsidiary needs a full FINMA banking licence under the Banking Act (BankG, SR 952.0). Licence applications must include detailed governance documentation covering AML controls, and FINMA expects a functioning compliance infrastructure already in place at the point of authorisation, not just a plan.

Local compliance officer. FINMA Circular 2017/01 on corporate governance requires the compliance function of a Swiss-supervised entity to be effectively managed from Switzerland. The AML officer, Switzerland's equivalent of a MLRO, needs sufficient seniority, independence from business lines, and direct board access. Outsourcing compliance entirely to a parent entity in London or New York doesn't satisfy this requirement.

Outsourcing. FINMA Circular 2018/03 permits material outsourcing with FINMA notification and ongoing oversight requirements. Data processed outside Switzerland involving Swiss residents' personal data must comply with nFADP. Contracts with outsourced service providers must preserve audit rights.

STR timelines. MROS expects STRs without undue delay from the moment suspicion crystallises. The five-day asset freeze begins on filing, not after an internal escalation process. FINMA has cited delayed STR filing as a supervisory deficiency in multiple examination reports. Document the point at which suspicion arose.

Language. FINMA operates in German, French, and Italian. Formal AML policies, board documentation, and FINMA correspondence should be available in at least one Swiss national language. English is used routinely by large international institutions but isn't a substitute for official filings.

CDB 20. Any FINMA-supervised bank, including foreign branches, must comply with the Swiss Bankers Association's Convention on Due Diligence (CDB 20). It sets specific documentation standards for customer identification that go beyond AMLA's text and are audited separately by FINMA examiners.

For regulatory comparison, the United Kingdom AML compliance framework is the closest structural analogue for common-law institutions entering Switzerland.

How FluxForce supports Switzerland compliance

Real-time transaction monitoring and automated sanctions screening against SECO and UN consolidated lists help covered entities meet AMLA's continuous monitoring obligations. FluxForce automates STR drafting with complete audit trails that satisfy FINMA's ten-year record-keeping requirement under AMLA Article 7. PEP screening and adverse media checks support enhanced due diligence for the high-risk relationships FINMA scrutinises most closely. Every decision comes with full documentation, ready for a FINMA examination. Book a demo to see how FluxForce maps to Switzerland's specific compliance obligations.