Skip to content
← Dossiers

Dossier · the Swiss AML system

Seven instruments carry the whole system

October 2025·CH · EU
SwitzerlandAMLFINMARegulatory stack

Swiss AML is not one law but a stack: criminal provisions at the bottom, a supervisory statute in the middle, and self-regulation on top — with the FIU as the spine between them. Below: each instrument, its key provisions, and what a practitioner needs to hold in mind.

Seven instruments carry the whole system. Know what each one actually says.

The stack, top to bottom

LayerInstrumentDetail
Layer 1 · Criminal lawThe Criminal CodeArt. 305bis and 305ter SCC make laundering and inadequate diligence criminal; Art. 102 attaches liability to the company itself. Enforced by prosecutors — cantonal and the OAG.
Layer 2 · SupervisionAMLA + FINMASAThe Anti-Money Laundering Act (AMLA) imposes the duties. The Financial Market Supervision Act (FINMASA) is the separate statute that creates FINMA and gives it its enforcement toolkit. FINMA supervises banks directly; most other intermediaries are supervised through SROs.
Layer 3 · Self-regulationSROs + CDBEleven SROs — self-regulatory organisations, private bodies FINMA licenses to supervise their member intermediaries — concretise the duties for their sectors. The banks' CDB (Code of Conduct on Due Diligence) does the same for client identification, enforced privately with fines up to CHF 10m.

The spine. MROS — the Swiss FIU inside fedpol — connects all three layers: suspicious-activity reports flow up from intermediaries under Art. 9 AMLA, intelligence flows onward to prosecutors, and Egmont-channel exchange connects it to every FIU on the Atlas. fedpol itself is the Federal Office of Police in Bern — the federal criminal-police authority handling organised crime, MLA requests and asset tracing. Its recent record cuts both ways: MROS disclosures anchored the Swiss limbs of 1MDB and other landmark confiscations, while steeply rising report volumes (over 11,000 SARs in 2023, roughly double the level of five years earlier) have drawn recurring criticism — including in FATF follow-up — about analysis capacity.

The instruments

AMLA — the Anti-Money Laundering Act (GwG/LBA)

SR 955.0 · in force since 1998, repeatedly revisedLayer: Supervision

What it says. The core statute. It defines who counts as a financial intermediary — banks, securities firms, asset managers, payment providers, and since 2016–2021 explicitly virtual-asset businesses — and attaches the full set of AML duties to that status. Dealers accepting large cash payments are caught too.

Key provisions:

ArticleText
Art. 2Scope: financial intermediaries and dealers; the perimeter question every crypto business asks first.
Art. 3–5Identify the customer; establish the beneficial owner (Form A logic); repeat when doubt arises.
Art. 6Special clarification duties — the Swiss EDD trigger: unusual transactions, higher risk, PEP involvement.
Art. 7Documentation duty — records must let a competent third party reach a reliable judgment. The evidential anchor.
Art. 8Organisational measures: training, controls, an AML function commensurate with risk.
Art. 9–11Duty to report suspicion to MROS; asset freeze mechanics; protection from liability and no tipping-off.

For the practitioner. Two provisions decide most disputes: Art. 6 (when did clarification duties trigger?) and Art. 7 (can the file prove what was known and decided, when?). In every retrospective — BSI, Credit Suisse, the SRO cases — the question was not whether duties existed but whether the file evidences their performance. Build files an outsider can reconstruct; that is the statutory standard.

Sources:

AMLO-FINMA — the operating manual

SR 955.033.0 · FINMA ordinance, current version 2023Layer: Supervision

What it says. FINMA's ordinance turns AMLA's principles into operating detail for the intermediaries it supervises: risk classification, monitoring systems, global standards for group-wide compliance — and the specific rules for virtual assets.

Key provisions:

ArticleText
Art. 13Risk categories: institutions must define higher-risk relationships and transactions with concrete criteria.
Art. 20Transaction monitoring — systems must actually match the institution's risks (the NatWest lesson, in Swiss form).
Art. 10Travel-rule information must accompany payment orders — applied to crypto transfers, with no de-minimis for unhosted-wallet identification.
CHF 1,000Threshold for linked crypto exchange transactions over 30 days — far tighter than the cash equivalent.

For the practitioner. When FINMA reviews a crypto business, it reads AMLO-FINMA, not just AMLA. The travel-rule stance makes Switzerland stricter than FATF's baseline for VASP transfers — a fact that surprises foreign counterparties and shapes which corridor structures are viable. Who polices it: FINMA directly, for the banks and institutions it licenses; SRO-supervised intermediaries answer instead to their SRO's mirror regulations. Breach carries no direct fine — it surfaces as FINMASA enforcement (rulings, disgorgement, bans, in serious cases licence measures) or SRO contractual penalties, with Art. 305ter SCC as the criminal backstop. FINMA's track record here is audit-driven: findings typically emerge from the annual regulatory audit or a Guidance-style thematic review before they become enforcement.

Sources:

CDB — the banks' identification code

Private self-regulation · current version CDB 20 (2020)Layer: Self-regulation

What it says. An agreement between banks and the Swiss Bankers Association, policed by an independent supervisory board with contractual fines up to CHF 10m. It is where the famous forms live: who is the contracting partner, who is the beneficial owner, who controls the entity.

Key provisions:

ArticleText
Form ADeclaration of beneficial owner — the document at the centre of half of Swiss banking litigation.
Form KControlling persons of operating legal entities.
Form S / TFoundations and trusts — settlor, trustee, beneficiaries.
Art. 64 CDB 20The CDB's own sanctions clause (not AMLA): breaches punished by the CDB supervisory board with fines up to CHF 10m, independent of any FINMA action.

For the practitioner. The CDB matters evidentially: a false Form A is the classic predicate for Art. 251 SCC forgery charges alongside the AML case, and CDB findings are routinely the first documented trace of a relationship gone wrong. In any Swiss bank investigation, pull the CDB file first — it is the cleanest paper trail in the building. Worked examples: the Federal Supreme Court has long treated a false Form A as forgery of a document (Art. 251 SCC); FINMA's BSI and Falcon 1MDB decisions turned on onboarding files contradicted by facts the banks already held; and in the 2022 Credit Suisse judgment (Federal Criminal Court, the Bulgarian network case) documentation and monitoring failures grounded the bank's Art. 102 conviction.

Sources:

The laundering offences

SCC Art. 305bis / 305ter · criminal core since 1990Layer: Criminal law

What it says. Art. 305bis criminalises acts frustrating the identification, tracing or confiscation of criminal assets — including, since 2016, assets from aggravated tax misdemeanours. Art. 305ter criminalises taking assets professionally without adequately identifying the beneficial owner, and grants the reporting right that predates the AMLA duty. A note on the numbering for common-law readers: "bis" and "ter" are Latin ordinals used when articles are inserted between existing numbers — read 305bis and 305ter simply as 305a and 305b.

Key provisions:

ArticleText
305bis ¶1Basic offence — up to 3 years; predicate must be a felony (or qualified tax offence).
305bis ¶2Aggravated cases — criminal organisation, professional laundering, gang — up to 5 years and monetary penalty.
305bis ¶3Applies even where the predicate offence was committed abroad, if punishable there — the cross-border hook.
305terInsufficient diligence in financial transactions; plus the right to report suspicions.

For the practitioner. Paragraph 3 is why Switzerland appears in nearly every global case on the fraud register: a foreign predicate plus a Swiss account equals Swiss jurisdiction. For advisers, the sharp edge is that laundering can be committed by omission by a compliance officer in a guarantor position — the person responsible for the file can be the defendant. Sentencing range in practice: up to 3 years' imprisonment or a monetary penalty for the basic offence; up to 5 years plus a mandatory monetary penalty when aggravated. Prosecution runs through cantonal prosecutors by default — Zurich, Geneva and Zug carry most fintech-related files — with the federal OAG taking cases that are predominantly international or organised-crime linked (Art. 24 CrimPC). Day to day, this is how criminal law reaches a fintech: an MROS referral or complaint lands with a prosecutor, accounts are frozen (Art. 263 CrimPC), records are seized, and staff move between witness and accused as the file develops.

Sources:

The company in the dock

SCC Art. 102 · corporate criminal liability since 2003Layer: Criminal law

What it says. A company is criminally liable — independently of any individual — if a listed offence (including money laundering and bribery) was committed within the business and the company failed to take all reasonable organisational measures to prevent it. Fine up to CHF 5m, plus confiscation of profits, which is where the real money is.

Key provisions:

ArticleText
¶1Subsidiary liability where no individual can be identified due to organisational deficiency.
¶2Primary, parallel liability for bribery and ML — the company is liable even when individuals are convicted too.
ConfiscationArt. 70/71 SCC disgorgement rides alongside — Glencore's ~$150m Swiss resolution was mostly compensation/disgorgement, not fine.

For the practitioner. Dormant for two decades, now demonstrably live: the OAG resolved against Glencore in 2024. The statutory defence is organisational adequacy — which makes contemporaneous evidence of a working compliance organisation the whole game. An independent review that documents organisational measures is, quite literally, the Art. 102 defence file.

Sources:

FINMASA — the supervisor's toolbox

SR 956.1 · FINMASA, in force 2009Layer: Supervision

What it says. The act that creates FINMA and defines its instruments. Notably, FINMA cannot fine. Its levers are declaratory rulings, industry and activity bans, disgorgement of profits, appointment of investigating agents, licence withdrawal — and publication.

Key provisions:

ArticleText
Art. 32–33Declaratory ruling on serious breaches; prohibition from acting in a management capacity (industry ban).
Art. 34Publication of final rulings — naming, the closest thing to a fine FINMA has.
Art. 35Disgorgement of profits gained through serious breaches.
Art. 36Investigating agent — the external examiner FINMA parachutes in, at the institution's cost.
Art. 37Licence withdrawal — the BSI outcome; the ultimate sanction.

For the practitioner. What FINMA can do today, and how far each power reaches: compel information and inspect (Art. 29); order restoration of compliance (Art. 31); issue a declaratory ruling of serious breach (Art. 32); ban individuals from management roles for up to 5 years (Art. 33) and traders from the profession (Art. 33a); publish the ruling (Art. 34); disgorge profits with no upper limit — confiscatory, not punitive (Art. 35); appoint an investigating agent at the institution's cost (Art. 36); withdraw the licence (Art. 37). What it cannot do is fine. Due to change: the Federal Council's post-Credit Suisse reform package proposes fining powers and a senior-managers regime — the trigger to watch is the dispatch (Botschaft) reaching Parliament. Our FINMA analysis on the Analysis page covers the reform debate in full.

Sources:

The market-architecture layer — and where it is heading

FinSA/FinIA (2020) + DLT Act (2021) + proposed FINIG amendmentsLayer: Supervision

What it says. FinSA governs conduct at the point of sale; FinIA licenses portfolio managers and trustees (bringing them under prudential supervision for the first time); the DLT Act created ledger-based securities and the DLT trading-facility licence. The Federal Council's October 2025 proposal would add crypto-institute licensing into FinIA — the subject of our full analysis.

Key provisions:

ArticleText
FinIA 17+Portfolio managers/trustees: licence plus supervision by a supervisory organisation (SO) — ending the pure-SRO era for them.
DLT ActLedger-based securities (Art. 973d CO ff.); segregation of crypto assets in bankruptcy (Art. 242a DEBA).
FINIG draftProposed crypto-institute licence categories — closing the gap MiCA exposed between Swiss and EU market access.

For the practitioner. Art. 242a DEBA provides that crypto-based assets held for clients are segregated from the estate in bankruptcy: eligible holdings are returned to clients rather than ranking as unsecured claims. No equivalent general rule exists in EU law — MiCA imposes safeguarding duties, but insolvency treatment remains a matter of national law; the FTX estate illustrates the outcome where segregation fails. The timeline asymmetry is factual: EU MiCA authorisation is in force now, the Swiss crypto-institute licence is a proposal awaiting the parliamentary dispatch. Firms structuring today must bridge that gap — the full analysis is in the library.

Sources:

Why this matters now

The stack is moving — and the gaps between the layers are where matters go wrong.

The proposed FINIG amendments would add a crypto-institute licence on top of this stack; the EU's AMLA regime now presses on it from outside; and Glencore showed Art. 102 corporate liability is no longer theoretical. Each seam between layers — SRO to FINMA, CDB to AMLA, reporting right to reporting duty — is a place where files, decisions and accountability get lost.

Our analysis of where the stack is heading: the Analysis library →


Orientation, not legal advice · check the SR texts in force.

Working on a matter this touches?

Start a conversation