Snapshot: AML requirements for covered institutions and individuals in Switzerland

AML requirements for covered institutions and individuals

Which government entities enforce the AML regime and regulate covered institutions and persons in your jurisdiction? Do the AML rules provide for ongoing and periodic assessments of covered institutions and persons?

The Swiss Financial Market Supervisory Authority (FINMA) is responsible for enforcing the majority of the Swiss AML regime in relation to banks, asset managers, trustees, fund managers, investment companies, limited partnerships for collective investment and investment companies, etc (article 12(a), AMLA). The competent authority for casinos is the Federal Gambling Board (article 12(b), AMLA), and organisers of large-scale gambling events are supervised by the inter-cantonal supervisory and law enforcement agency (article 12(b-bis), AMLA). All other financial intermediaries are supervised by a recognised self-regulatory organisation (SRO) (article 12(c), AMLA). The SROs themselves are also subject to supervision by FINMA (article 18(1)(b), AMLA). An up-to-date list of supervised SROs can be found on FINMA’s website.

All covered institutions are subject to regular examination of their compliance with the AML regime. The bodies carrying out these examinations depend on the mode of supervision of the institution (eg, FINMA-supervised or a member of a SRO).

Which institutions and persons must have AML measures in place?

The AMLA, which details Swiss AML measures, applies to financial intermediaries and to certain merchants. Pursuant to article 2(2) of the AMLA, financial intermediaries are:

• banks;
• asset managers and trustees;
• fund managers, provided that they manage share accounts or distribute shares in collective investment schemes;
• investment companies with variable capital;
• limited partnerships for collective investment;
• investment companies with fixed capital and asset managers, provided that they distribute shares in collective investment schemes;
• insurance institutions, provided that they deal in direct life insurance or offer or distribute shares in collective investment schemes;
• securities houses;
• central counterparties and central depositories;
• payment systems that require authorisation from FINMA;
• distributed ledger technology (ie, blockchain) trading facilities;
• casinos; and
• organisers of large-scale gambling events.

In addition, financial intermediaries are also persons who on a professional basis accept or hold assets belonging to others, or who assist in the investment or transfer of such assets (article 2(3), AMLA).

Merchants are subject to the AMLA if they deal in goods commercially and, in doing so, accept cash (article 2(1)(b), AMLA).

Do the AML laws applicable in your jurisdiction require covered institutions and persons to implement AML compliance programmes? What are the required elements of such programmes?

Financial intermediaries must generally define a specialist AML unit (article 24, FINMA Anti-Money Laundering Ordinance (AMLO-FINMA)) to support decision-makers and management with regard to applicable AML duties, and to supervise compliance with those duties (article 25, AMLO-FINMA). Financial intermediaries must also issue internal directives regarding AML (articles 24 and 26, AMLO-FINMA).

The internal directives must address, among others, the following issues:

• the criteria applied to define business relationships with increased risk and to detect transactions with increased risk;
• transaction monitoring requirements;
• cases in which the internal AML specialists or body must be involved and the senior executive body notified;
• basic principles on the training of employees;
• the company policy on politically exposed persons (PEPs);
• the responsibility to file reports to the Money Laundering Reporting Office Switzerland (MROS);
• the method in which the financial intermediary records, limits and monitors increased risks;
• the criteria pursuant to which third parties can be involved to identify the contracting party or the beneficial owner, or to fulfil the duties concerning further clarification with regard to a business relationship or transaction;
• the internal division of responsibilities among the specialist AML unit and the other units concerned with AML compliance; and
• the updating of customer records pursuant to article 7(1-bis) of the AMLA.

Financial intermediaries supervised by SROs are subject to the rules issued by their respective SRO under article 25 of the AMLA.

The general Anti-Money Laundering Ordinance does not spell out any corresponding duty for merchants.

What constitutes breach of AML duties imposed by the law?

Financial intermediaries must comply with all duties set out in the AMLA and applicable ordinances (namely due diligence requirements, transaction reporting, identification procedures, record-keeping requirements when dealing with customers, reports to the MROS in cases of suspicions of money laundering and, in some cases, asset freezing). Once a report has been filed with the MROS, the financial intermediary must not tip off customers that the MROS has been informed (article 10(a), AMLA).

Failure to file a suspicious activity report (SAR) carries a penalty of 500,000 Swiss francs for intentional failure to file and 150,000 Swiss francs for negligent failure to file (article 37, AMLA).

In addition, a violation of the obligation to identify the beneficial owner of assets can lead to criminal liability under article 305-ter of the Swiss Criminal Code (SCC), which provides that any person who as part of his or her profession accepts, holds or deposits, or assists in investing or transferring outside any assets, and who fails to ascertain the identity of the beneficial owner of the assets with the necessary care is liable to a custodial sentence not exceeding one year or a monetary fine.

For merchants, in addition to any fines for failure to file a SAR, intentional failure to instruct the required auditors carries a fine of 100,000 Swiss francs, which is reduced to 10,000 Swiss francs for negligent failure (article 38, AMLA).

Describe due diligence requirements in your jurisdiction’s AML regime.

Upon entering into a new business relationship with a customer, the financial intermediary must identify the customer (article 3(1), AMLA). In practice, this means that natural persons must provide their government issued identification document with a photograph (eg, an ID card, passport or driver's licence). A natural person acting for a legal person must show a valid power of attorney as well as his or her ID or passport.

In addition, the financial intermediary must verify the beneficial owner and ascertain the person controlling legal entities. Neither the AMLO-FINMA nor the Swiss National Bank’s code of conduct with regard to the exercise of due diligence provide any specification as to the form and depth of the verification of the beneficial owner. The law merely specifies that a risk-based approach should be applied. Thus, the financial intermediary must critically verify the identity of the beneficial owner and take measures to ascertain its plausibility with the due diligence required by the circumstances. It is consequently assumed that the financial intermediary does not have to prove the identity of the beneficial owner, but that his or her verification should stand up to a plausibility check. A purely formal verification of identity by means of a copy of the beneficial owner's identification document would not be sufficient to fulfil the obligation pursuant to the materials. In some circumstances (eg, if the contracting partner is not also the beneficial owner of the assets that form the basis of the business relationship; if doubts exist as to whether the contracting party is also the beneficial owner of the assets; or if the contracting partner is a domiciliary or operating company), the financial intermediary is obliged to demand a written declaration from the contracting party as to the identity of the beneficial owner. The financial intermediary will document the beneficial owner on a specific form (eg, Form A or Form T (for use with trusts)). Other forms may have to be used depending on the precise circumstances. These forms have been developed by the Swiss Bankers Association and are available on its website. If doubts arise during the business relationship concerning the identity of the contracting partner or the beneficial owner, the identification and declaration procedure must be repeated (article 5, AMLA). The AMLA and the AMLO-FINMA set out some limited exemptions from the due diligence requirements.

Financial intermediaries must assign both their customers and any transactions to risk categories. The AMLA requires a minimum of two categories (normal and increased risk), but financial intermediaries are free to define additional categories. The precise criteria for assigning customers and transactions to risk categories will depend on the specific business activity of any financial intermediary. At the outset of each business relationship, the financial intermediary must identify the customer’s purpose and intention for entering into the relationship (article 6, AMLA) as well as the reasons for using domiciliary companies, if any (article 9(a), AMLO-FINMA). The risk category of any individual customer determines the type of information required to be obtained to identify its purpose and intention. The risk profile also enables the financial intermediary to decide whether a relationship or transaction is unusual, in which case additional due diligence obligations arise. Those additional due diligence requirements include clarification of the following (article 15(2), AMLO-FINMA):

• whether the contracting party is the beneficial owner of the assets;
• the origin of the assets;
• the intended use of any withdrawn assets;
• the background and plausibility of any deposited assets;
• the origin of the contracting party’s and beneficial owner’s wealth;
• the contracting party’s and beneficial owner’s professional or occupational activity; and
• whether the contracting party, the beneficial owner, or the person or persons controlling any legal entities are PEPs.

Financial intermediaries must keep records of all their transactions in a way that allows qualified personnel to examine the transactions and business relationships to ensure compliance with AML requirements (article 7(1), AMLA).

A merchant is only obliged to observe the due diligence requirements set out in the AMLA if he or she accepts more than 100,000 Swiss francs in cash, including where this amount is exceeded upon aggregating several partial payments. If payments above 100,000 Swiss francs are instead channelled through a financial intermediary, no AML due diligence requirements need be observed by the merchant (article 8(a), AMLA).

The due diligence requirements applicable to merchants extend to identifying the contracting party and ascertaining the beneficial owner as well as to keeping records. In addition, merchants must enquire into the background and purpose of the transaction if it appears unusual (unless its legitimacy is clearly recognisable), or if there are suspicions that the assets are the proceeds of a felony or an aggravated tax misdemeanour, are subject to the power of disposal of a criminal or terrorist organisation, or are used for the financing of terrorism. If reasonable suspicions continue to exist after due diligence has been conducted, the merchant must file a SAR.

Do the AML rules applicable in your jurisdiction require that covered institutions and persons conduct risk-based analyses? Which high-risk categories are specified? What level of due diligence is expected in relation to customers assessed to be high risk?

The Swiss AML regime follows a risk-based approach; for example, in the case of an unusual transaction or business relationship, the detail of the information required to assess the purpose and nature of the transaction or business relationship is based on the risk categorisation of the client and the transaction (article 6(1), AMLA).

A classification of increased risk can be attributed to individual transactions or to business relationships as a whole. The precise criteria for the classification will generally depend on the specific business activity of any financial intermediary. However, transactions involving assets exceeding 100,000 Swiss francs that are physically deposited at once or in a series of deposits at the onset of the business relationship always constitute increased risk transactions under the AMLO-FINMA (article 14(3)(a)). The same is true for payments from countries that have been declared to be high risk or non-cooperative by the Financial Action Task Force (FATF) and where the FATF has called for increased diligence (article 14(3)(b), AMLO-FINMA).

A business relationship is always classified as increased risk if the client, any controlling person, any beneficial owner or any person with authority over the assets is a foreign PEP or closely connected to a foreign PEP, a foreign bank for which a Swiss financial intermediary carries out correspondent bank transactions or a person domiciled in a country that has been declared high risk or non-cooperative by the FATF and where the FATF has called for increased diligence (article 13(3), AMLO-FINMA). Foreign PEPs are defined as current or former foreign heads of state or government; senior politicians at the national level; senior government, judicial, military or party officials at the national level; and senior executives of state-owned enterprises of national importance. Business relationships with domestic PEPs, PEPs at international organisations and persons who are closely connected to them are only classified as increased risk in combination with at least one other risk factor.

Accepting any business relationship of increased risk generally requires the approval of a senior person or body, or management (article 18, AMLO-FINMA). Some can only be entered into if they are approved by the most senior executive body or one of its members (article 19, AMLO-FINMA).

Describe the record-keeping and reporting requirements for covered institutions and persons.

All due diligence measures must be documented and kept to allow for an assessment of whether a financial intermediary’s or merchant’s AMLA duties have been fulfilled (article 7, AMLA). Records must be kept for a period of 10 years after the business relationship has been terminated or after the execution of a transaction.

A report to the MROS (being the national Financial Intelligence Unit (FIU)) must be filed if the financial intermediary knows or has reasonable grounds to suspect that assets involved in a business relationship:

• are the proceeds of a felony or of an aggravated tax misdemeanour;
• are connected to money laundering (article 305-bis, SCC) or to a criminal or terrorist organisation (article 260-ter, SCC);
• serve the financing of terrorism (article 260-quinquies(1), SCC);
• are subject to the power of disposal of a criminal or terrorist organisation; or
• are related to persons named on terrorist lists.

This obligation does not extend to lawyers and notaries insofar as they are bound by their duty of professional secrecy (article 9(2), AMLA).

Merchants must file a SAR to the MROS if they know or have reasonable grounds to suspect that assets involved in a cash transaction:

• are the proceeds of a felony or of an aggravated tax misdemeanour;
• are connected to money laundering (article 305-bis, SCC) or to a criminal or terrorist organisation (article 260-ter, SCC);
• serve the financing of terrorism (article 260-quinquies(1), SCC); or
• are subject to the power of disposal of a criminal or terrorist organisation.

In addition to the duty to file a report under article 9 of the AMLA, financial intermediaries have a right to report to the MROS ‘any observations that indicate that assets originate from a felony or an aggravated tax misdemeanour’ (article 305-ter(2), SCC). The right to report was introduced to enable a bank to provide information to the authorities without committing a breach of Swiss bank–customer secrecy rules pursuant to article 47 of the Banking Act 1934.

Unlike the duty to report, which must be fulfilled immediately, there is no such deadline for reports filed under 305-ter(2) of the SCC.

A financial intermediary that has filed a SAR must not inform the concerned person or any third parties of the report. SROs, FINMA and the Federal Gambling Board  do not constitute third parties for the purpose of the information ban (article 10(a), AMLA).

Financial intermediaries must maintain separate data collections containing all documentation relating to reports made to the MROS pursuant to article 9 of the AMLA, article 305-ter(2) of the SCC and enquiries made by the MROS in accordance with article 11(a) of the AMLA. Data from these data collections may only be passed to FINMA and other specified agencies and authorities (article 34(2), AMLA). The data collected in these designated dossiers must be destroyed five years after the report is filed (article 34(4), AMLA).

Describe any privacy laws that affect record-keeping requirements, due diligence efforts and information sharing.

In Switzerland, banking secrecy and professional secrecy laws as well as the Federal Act on Data Protection 1992principally protect the personal information and data of clients of financial intermediaries. However, in connection with the reporting duties to the MROS, the AMLA and the Ordinance concerning the MROS explicitly provide that certain information regarding the client must be submitted along with the report, and, if need be, additional information must be provided if requested during the analysis by the MROS (article 11(a), AMLA).

In addition, article 30 of the AMLA explicitly allows the MROS to cooperate with foreign FIUs in providing information to them, subject to the following conditions:

• the recipient FIU guarantees that the information is used solely for the purpose of analyses in the context of combating money laundering and its predicate offences, organised crime or terrorist financing;
• the recipient FIU guarantees reciprocity and the preservation of official and professional secrecy; and
• the recipient FIU guarantees that it will not pass on the information received to third parties without receiving explicit consent from the MROS.

The recipient FIU must also comply with any conditions and restrictions imposed by the MROS.

If these conditions are fulfilled, the MROS is generally allowed to provide the name of the financial intermediary or merchant that has filed the report, the account holder, the account number and the account balance, as well as the beneficial owner and information concerning transactions.

As of 1 January 2023, the AMLA stipulates – in respect of processing of personal data in connection with reports filed to MROS – that financial intermediaries must maintain separate data collections containing all documentation relating to reports made to MROS pursuant to article 9 of the AMLA, article 305-ter(2) of the SCC and enquiries made by MROS in accordance with article 11(a) of the AMLA (article 34(1), AMLA). Data from these data collections may only be passed on to FINMA and other specified agencies and authorities (article 34(2), AMLA). The data collected in these dossiers must be destroyed five years after the report is filed (article 34(4), AMLA).

What is the range of outcomes in AML controversies? What are the possible sanctions for breach of AML laws?

A violation of the duty to ascertain and verify the beneficial owner of assets can lead to criminal liability under article 305-ter of the SCC.

In addition, under the AMLA, a financial intermediary or merchant that does not comply with the reporting duty to the MROS pursuant to article 9 of the AMLA can be sanctioned with a fine of up to 500,000 Swiss francs (article 37). Under the Swiss National Bank’s code of conduct with regard to the exercise of due diligence, Swiss banks can be fined up to 10 million Swiss francs (article 64(1)).

Merchants can, in addition, be fined up to 100,000 Swiss francs for failure to instruct the required auditors (article 38, AMLA).

Finally, article 9 of the AMLO-FINMA provides that any infringement of the provisions of the AMLO-FINMA or the regulations of any SRO recognised by FINMA may call into question the required guarantee for proper business conduct of financial intermediaries. Serious infringements may also lead to a practising ban for a period of up to five years (article 33, Financial Market Supervision Act (FINMASA)) and the confiscation of profits procured in the process (article 35, FINMASA).

What are the limitation periods governing AML matters?

Pursuant to article 52 of the FINMASA, the limitation period to pursue breaches of AMLA obligations is seven years.

Do your jurisdiction’s AML laws have extraterritorial reach?

As far as financial intermediaries are concerned, Swiss AML regulations apply based on regulated business activity in Switzerland. Concerning branches of Swiss companies or group companies that are active in financial and insurance sectors abroad, the Swiss financial intermediary subject to the AMLA must ensure that certain duties, such as the identification of the contracting partner and the beneficial owner, and the use of the risk-based approach are also met abroad (article 5, AMLO-FINMA). The reporting and freezing duties are, however, subject to the laws of the country in which the branch or group company is active (article 5(4), AMLO-FINMA).

As for merchants, article 2(1)(b) of the general Anti-Money Laundering Ordinance stipulates that it is applicable to merchants that are active in or from Switzerland.