Use the Lexology Navigator tool to compare the answers in this article with those from 20+ other jurisdictions.

Regulatory issues

Regulatory approach

How would you describe the regulatory policy for fintech products and services in your jurisdiction?

Switzerland takes a liberal and business-orientated approach to regulatory policy for fintech products and services. It has initiated various consultation processes and legislative changes to allow the fintech industry to grow and implement its products and services in the existing business environment. Swiss regulators have successfully recognised that the law was orientated towards big financial institutions whose start-up requirements could not have been met due to a narrower financial standing (eg, net asset requirements).

Have any fintech-specific laws or regulations been enacted in your jurisdiction? Are any envisaged?

Switzerland has no fintech-specific regulations. A technology-neutral approach is applied, meaning that the same rules apply to businesses whether they are using traditional or innovative means. As a result, a sandbox exemption was introduced and is available to all companies. Under the sandbox exemption, the acceptance of public funds up to Sfr1 million will no longer trigger a licence requirement under the Banking Act subject to certain conditions being fulfilled. Further, the exemption from the licence requirement under the Banking Act for pure payment service providers that only accept deposits in order to forward them has been expanded. These exemptions help to create new business opportunities. In addition, a new licence category for companies was recently introduced, which enables the commercial acceptance of public deposits of up to Sfr100 million. The granting of the licence is subject to various conditions. The company is not permitted to pay interest on the deposits. The classic interest margin business continues to require a standard banking licence. Facilitated conditions for permits and operational authorisations will apply to such companies. These conditions apply to all companies. The most important points in this regard are:

  • substantially reduced minimum capital requirements;
  • exclusion of the requirements of the ordinance regarding the equity capital and the risk diversification of banks and securities dealers and of the ordinance regarding the liquidity of banks;
  • no deposit guarantee; and
  • lowered accounting and auditing requirements.

The Financial Market Supervisory Authority (FINMA), which is responsible for the implementation of the fintech regulatory framework, supports an innovative and competitive Swiss financial centre. Its regulations adopt an essentially neutral approach to certain business models and technologies.

Regulatory authorities

Which government authorities regulate the provision of fintech products and services?

Parliament and the Federal Council are tasked with regulating financial markets laws on a statutory level. FINMA has the authority to further specify the legal requirements in its ordinances and to explain their application in circulars.

Financial regulatory framework

Which laws and regulations governing the provision of financial services apply to fintech businesses?

Frequently, fintech companies offer services or develop technologies, without themselves being subject to financial market laws. However, this requires examination on a case-by-case basis. The relevant Federal Acts include:

  • the Banking Act;
  • the Collective Investment Schemes Act;
  • the Stock Exchange Act;
  • the Anti-money Laundering Act;
  • the Financial Market Infrastructure and Market Conduct in Securities and Derivatives Trading Act;
  • the Financial Market Supervision Act; and
  • the Consumer Credit Act.

These acts have been implemented by ordinances enacted by the Federal Council and the regulator. The regulator has issued further guidance. In addition, self-regulation may apply.

Even if financial market laws do not apply directly to fintech companies, they may apply by contractual agreement with a financial institution (eg, outsourcing regulations).

Under what conditions are fintech businesses subject to licensing requirements? Are there any exemptions?

Fintech companies frequently offer services or develop technologies without themselves being subject to financial market laws. However, this requires examination on a case-by-case basis. The general rules are as follows:

  • Whoever transfers money from one account to another or brokers insurance must keep in mind the necessary registrations as a financial intermediary in accordance with the Anti-money Laundering Act or as an insurance broker.
  • Companies which accept monies from more than 20 persons should verify before operation whether they require a banking licence under the Banking Act or can rely on an exception.
  • Whoever intends to insure the risks of other persons should check in advance if a licence is required under the Insurance Oversight Act.
  • Whoever pools assets in order to provide investors with a return or manages pooled assets should verify if they require a licence as a collective investment scheme or as an asset manager of a collective investment scheme.

Are any fintech products or services prohibited in your jurisdiction?

No.

Data protection and cybersecurity

What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?

The Data Protection Act and corresponding Data Protection Ordinance set the rules and minimal requirements for data security and the processing and transferring of personal data. The Data Protection Act is being revised and major changes are expected.

Further, although Switzerland is not an EU member, the EU General Data Protection Regulation may have implications for Swiss fintech businesses which offer cross-border services.

If a fintech business requires a licence or enters into agreements with regulated financial institutions, additional requirements apply (eg, the FINMA circulars on operational risks and outsourcing).

What cybersecurity regulations or standards apply to fintech businesses?

Switzerland’s numerous cybersecurity laws include the following: 

  • the Data Protection Act, which primarily settles the minimal requirements for the protection of personal data; and
  • the Telecommunications Act and its corresponding ordinances and directive, which serve as a ground to provide a qualitative and competitive cyber infrastructure. The Telecommunications Act aims to limit cyber-risks. The Federal Office for Communication is responsible for the provision and enforcement of a reliable communication environment. The Telecommunications Act also contains a chapter regarding important national interests, including various security-relevant provisions. Communication services must ensure that the communication system functions flawlessly.

If a fintech business requires a licence or enters into agreements with regulated financial institutions, additional requirements apply (eg, the FINMA circulars on operational risks and outsourcing).

There are no particular fintech specific laws, but as fintech solutions regularly affect sensitive data, fintech businesses must adhere to data protection laws and provide the required security measures.

Financial crime

What anti-fraud, anti-money laundering or other financial crime regulations govern the provision of fintech products and services?

Payment service providers and any other persons disposing of financial assets for third parties must, as financial intermediaries, ensure that the necessary registrations in accordance with the Anti-money Laundering Act are in place. Among other duties, financial intermediaries must identify their contractual counterparties and the beneficial owner of the assets. Even if a company does not qualify as a financial intermediary, it must ensure adequate governance to avoid that its services or products are used for money laundering.

There are a number of other financial crime regulations that may come into play in the provision of fintech products and services, including:

  • anti-fraud, anti-corruption, misconduct in public procurement procedures; and
  • the prohibition of insider trading and market manipulation.

What precautions should fintech businesses take to ensure compliance with these provisions?

Before starting operations, a fintech business should verify whether it qualifies as a financial intermediary under the Anti-money Laundering Act and whether a registration is required. If registration is required, the company may be incorporated, but should not start business before the registration.

Companies should identify the risks involved with their particular business model and should arrange for a suitable internal governance and compliance structure. Under Swiss law, companies may also be fined if they have not prevented financial crimes because of a lack of adequate structures.

Consumer protection

What consumer protection laws and regulations apply to the provision of fintech products and services?

Besides the protection of the market, all financial market laws (ie, the Banking Act, the Stock Exchange Act, the Financial Market Infrastructure and Market Conduct in Securities and Derivatives Trading Act and the Collective Scheme Investment Act) aim to protect customers. Therefore, they require that financial institutions and/or products are authorised; they set out specific information duties and the duty to act in good faith.

Further, the Unfair Competition Act protects consumers from fraudulent services and products and allows consumers to take action against such service providers.

Specific rules apply to consumer credits which are set out in the Consumer Credit Act and related ordinance. The legislation is designed to offer borrowers improved protection against over-indebtedness resulting from consumer credit. Therefore, a mandatory check of the borrower's credit capacity must be carried out by the lender. Aggressive advertising for consumer credits is prohibited. The interest rate must not exceed the maximum interest rate set by the Federal Council. As of 1 April 2019, the Consumer Credit Act will apply to consumer loans to be placed with the intermediation of crowdlending platforms.

Competition

Does the provision of fintech products or services in your jurisdiction raise any particular competition regulatory concerns?

No.

Cross-border regulation

Are there any particular regulatory issues concerning the cross-border provision of fintech products and services (eg, operating jurisdiction rules and currency controls)?

As a general rule, Switzerland takes a liberal stance to the provision of cross-border services. For example, a banking licence may only be required if a fintech company has a physical presence in Switzerland. However, stricter rules apply for certain products (eg, the cross-border distribution of any fund shares to non-qualified investors domiciled in Switzerland requires a licence).

Click here to view the full article.