Liability of undertakings

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

Article 716a Swiss Code of Obligations (CO) lists the non-transferable and inalienable duties of the members of the board of directors, highlighting their responsibility for the overall management, organisation and (global) compliance of the company. On this statutory basis, the external auditors must provide the board of directors with a comprehensive report on the financial statements and the internal control system of the company (article 728b CO).

Under articles 717 and 754 CO, the members of the board of directors and the members of the executive board are required to manage the company with all diligence (the highest diligence standard under Swiss law). This standard specifically requires the members of the board of directors and the members of the executive board to implement effective risk management and compliance management systems, and the board of directors must oversee the work of the executive board. Recently, the enforcement environment further developed, and these supervisory responsibilities are increasingly audited and assessed, and top managers are more and more held accountable by the companies and regulators. The board of directors of Swiss Post and Raiffeisen Bank are considering claiming damages from their former board and executive committee members for lack for diligence in exercising oversight and in managing the companies.

Do undertakings face civil liability for risk and compliance management deficiencies?

Yes. On an extracontractual basis, third parties are entitled to claim civil damages from companies if the damage has been caused by employees or other auxiliaries who were not diligently selected, instructed and supervised, or if the company does not prove that the employer took all the necessary precautions to prevent the harmful conduct (article 55 CO). In such tort claims, the claimant must prove a breach of an absolute right or of a protective statutory provision. A similar provision exists regarding causal contractual liability (article 101 CO). Within the context of contractual liability, the claimant must prove that a breach of contract, respectively a violation of contractual obligations occurred that resulted in damage. Contractual obligations arise from legal provisions or result from the specific contractual agreements.

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

Yes. One example of administrative consequences for risk and compliance management deficiencies is the sanctions set out in article 49a Federal Act on Cartels (CartA). In the case of infringements against the CartA, companies can raise the compliance defence; in other words, they can produce evidence that the infringement occurred despite the company’s best practice risk and compliance management. The Competition Commission (COMCO) refers to a number of international standards and best practice guidelines as a benchmark for state-of-the-art compliance management (eg, ISO 19600 and the Organisation for Economic Cooperation and Development and International Chamber of Commerce guidelines). When enforcing the CartA, COMCO may apply administrative sanctions. Administrative fines against companies may amount up to 10 per cent of the turnover the undertaking achieved in Switzerland in the preceding three financial years. If a company successfully raises the compliance defence, the sanction may be reduced. However, to date no undertaking was able to successfully raise the compliance defence in proceedings under the cartel act.

Institutions that are subject to Financial Market Supervisory Authority (FINMA)’s financial market supervision may face specific regulatory consequences in the case of risk and compliance management deficiencies. FINMA has a broad range of tools to enforce its regulations such as:

  • precautionary measures;
  • orders to restore compliance with the law;
  • declaratory rulings;
  • directors’ disqualification;
  • cease-and-desist orders and bans on trading;
  • publication of decisions;
  • confiscation of profits; and
  • revoking of licences and compulsory liquidation.


In the application of these regulatory enforcement measures, FINMA is guided by the aims of Swiss financial market laws, namely the purposes of protecting creditors and investors, ensuring fair market conduct and maintaining the good standing, reputation and stability of the (Swiss) financial system.

Do undertakings face criminal liability for risk and compliance management deficiencies?

Pursuant to article 102 Swiss Criminal Code (SCC), businesses face corporate criminal liability for organisational weaknesses (the failure to prevent criminal conduct by employees). Under paragraph 1, if a felony or a misdemeanour is committed by employees in the exercise of the company’s business in accordance with its purpose, the felony or misdemeanour is attributed to the company if it is not possible to attribute the offence to a specific employee as a result of inadequate organisation of the company.

In addition, the company can be convicted under paragraph 2 if the offence committed falls under a list of serious criminal offences, such as bribery, money laundering, criminal organisation and financing of terrorism. According to the clear text of the statute, there is no need for a conviction of an employee regarding a predicate offence. However, a violation of criminal law by an individual must be evident under the circumstances. If in such a situation the company failed to employ all necessary and adequate measures to prevent criminal conduct, it is itself criminally liable for its organisational failure. Fines can amount to a maximum of 5 million Swiss francs and the company is obliged to disgorge all illicit profits.

Liability of governing bodies and senior management

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

Under article 754 CO, the members of the board of directors, senior management and all persons engaged in the management or liquidation of a limited company face civil liability towards the company, the shareholders and creditors for any loss or damage arising from any intentional or negligent breach of their duties. One of their key statutory duties is to ensure compliance with the law by all employees (for recent case law, see the cases of Swiss Post and Raiffeisen). It is not only the members of the company’s formal governing bodies (ie, the members of the board of directors and the members of the executive board) that can be held liable, but also factual members of governing bodies who have not been formally appointed, yet exercise significant influence over the company’s management. That standard of diligence required by senior managers is ‘all diligence’, which is the highest standard under Swiss law.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

Senior members of management only face administrative or regulatory consequences for these breaches in regulated industries, such as the financial industry. Senior members of management at financial institutions regulated by FINMA can face administrative and regulatory consequences should they fail in their duty of diligence. And the Federal Department of Finance is competent to conduct administrative criminal proceedings against individuals who failed to file a suspicious activity report.

FINMA can take administrative or regulatory measures against managers, such as disqualifying a director, adding a manager to a watchlist, publish a decision mentioning their names (naming and shaming) and issuing a business conduct letter. FINMA can enter an individual’s information in a database known as the watchlist if the individual’s business conduct is questionable or does not meet the legal requirements.

The watchlist is used for assessing relevant information for compliance prerequisites, namely personal details; excerpts from commercial, debt enforcement and bankruptcy registers; criminal, civil and administrative court decisions; and reports by auditors and third parties appointed by FINMA.

Furthermore, under specific circumstances, FINMA can send a business conduct letter to those registered in the watchlist. A business conduct letter does not qualify as a decision; it merely states that FINMA reserves the right to review compliance with the diligence requirements should the manager change position.

In the event of a disqualification, FINMA may disqualify individual directors responsible for serious violations of supervisory law from acting in a senior function at a supervised institution for up to five years. FINMA has issued around 60 such disqualifications since 2014.

In January 2021, FINMA decided to initiate proceedings against Julius Baer with the purpose of reviewing the conduct of four high-ranking managers in connection with corruption allegations.

In two cases, however, the Swiss Federal Administrative Court lifted these disqualifications imposed by FINMA. In connection with the 1MDB case, FINMA disqualified a former compliance executive of Falcon Private Bank from practicing his profession for a period of two years. However, the Swiss Federal Administrative Court decided that the former compliance executive had violated reporting obligations but had no decision-making authority and, thus, was only culpable of simple negligence that would render such a two-year ban disproportionate.

In a similar case, FINMA expressed temporary disqualifications against seven UBS employees based on a fine that was rendered against UBS for market manipulation. FINMA concluded from its final decision against the bank that the employees violated regulatory duties. However, the Swiss Federal Administrative Court decided that the individual responsibility cannot be simply derived from a decision regarding the bank but must be established against the employees individually and specifically.

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

Individuals are criminally liable if they fail to implement effective risk and compliance management and turn a blind eye on mismanagement (article 158 SCC), embezzlement (article 138 SCC), money laundering (article 305-bis SCC) or bribery (article 322-ter et seq SCC). Failure to prevent serious criminal offences, such as bribery, is a corporate criminal offense. In a recent case, the Swiss Supreme Court found a chairman of a bank guilty of criminal mismanagement because he was aware of certain irregularities committed by an employee and failed to take corrective action.

Additionally, articles 37 and 38 AMLA provide strict provisions and stipulate high fines in cases of a violation of the anti-money laundering reporting obligations and duties to verify set out in articles 9 and 15 AMLA, respectively.

Law stated date

Correct on

Give the date on which the information above is accurate.

21 February 2021.