Regulatory Watch
What's coming, how mature it is,
and what it means for you
Regulatory change rarely arrives all at once. It is proposed, adopted, phased in, and only then fully felt — and its relevance shifts as each date approaches. This is a living view of the instruments that matter most for cross-border financial-crime and digital-asset work, arranged so you can see at a glance how far along each one is, who it touches, and where to go for the detail.
One rule, three readings
Many of these instruments are European in their make-up. But for a firm with clients across the EU, Switzerland and the UK, the same measure can mean three slightly different things — and sometimes the same thing. Each entry notes where that distinction bites, and points to the primary source — the EU institutions, FINMA, or the relevant authority — for the detail.
Swiss AMLA revision + Transparency Register
Revised Anti-Money Laundering Act & Transparency Act (LETA)
Enters into force: 1 Oct 2026
Switzerland's revised AMLA and the new Federal Act on the Transparency of Legal Entities create a central, non-public register of beneficial owners administered by the Federal Office of Justice, and extend due-diligence duties to certain advisory activities.
For the in-house compliance officer
Redesign onboarding and beneficial-ownership verification, build register-reporting workflows, and assess whether advisory work now falls within scope. Transition periods begin on the in-force date; newly incorporated entities must register within one month.
A Swiss measure, but groups with EU/UK arms must reconcile it with EU beneficial-ownership registers and the UK PSC regime — similar intent, different mechanics and access rules.
Source: Federal Council / SIF →EU AMLA — the new supervisor
EU Authority for Anti-Money Laundering (AMLA)
Direct supervision begins: 1 Jan 2028
The EU's new central AML supervisor, operational in Frankfurt since 1 July 2025. It will directly supervise around 40 selected high-risk obliged entities and coordinate national supervisors across the Union.
For the in-house compliance officer
Even before direct supervision in 2028, expect convergence: harmonised expectations, the selection process from mid-2027, and binding technical standards. Firms with EU exposure should map whether they could fall within the directly-supervised cohort.
Directly relevant to EU-established entities; for CH and UK firms it sets the supervisory tone counterparties and EU subsidiaries will be held to.
Source: AMLA (europa.eu) →EU AMLR — the single rulebook
EU Anti-Money Laundering Regulation (single rulebook)
Most provisions apply: 10 Jul 2027
A directly-applicable single rulebook harmonising customer due diligence, beneficial ownership and reporting across member states, replacing much of the patchwork left by successive directives.
For the in-house compliance officer
Plan for a single, directly-applicable standard from July 2027 — uniform CDD methods, verification and ongoing monitoring set out in binding technical standards, reducing (but not removing) national variation.
EU-wide by design; CH/UK firms serving EU clients will need to meet it for that book of business even where home rules differ.
Source: EUR-Lex →MiCA — crypto-asset framework
Markets in Crypto-Assets Regulation (MiCA)
Transition window closed: 1 Jul 2026
The EU's comprehensive regime for crypto-asset service providers and token issuers. The last national transitional regimes closed on 1 July 2026: a provider without MiCA authorisation may no longer serve EU clients, and reverse solicitation is the only — narrow, closely-scrutinised — residual route.
For the in-house compliance officer
The cliff has passed. Verify your own and your counterparties' authorisation against the ESMA register; wind down any EU book still running on a lapsed national regime; document why any remaining EU-client contact is genuine reverse solicitation. Expect early enforcement to target exactly these two gaps.
An EU passport regime: CH-based providers reach EU clients only via an EU-authorised entity; UK firms face a separate domestic perimeter.
Source: ESMA →DORA — operational resilience
Digital Operational Resilience Act (DORA)
Applies: 17 Jan 2025
EU framework for ICT risk management, incident reporting and oversight of critical third-party providers across the financial sector — applicable since January 2025.
For the in-house compliance officer
Treat as live: ICT risk registers, incident-reporting pathways and third-party (including cloud) oversight must be operational. Relevant to any platform handling regulated data, including evidence and case material.
EU-anchored, but its third-party oversight reaches CH/UK vendors serving EU financial entities.
Source: EU / ESAs →EU AI Act — high-risk regime
EU AI Act — high-risk obligations
High-risk rules apply (provisional): 2 Aug 2026
Obligations for high-risk AI systems — capturing AI used in credit scoring, KYC and agentic tools in finance. The 2 August 2026 date is subject to the EU 'Digital Omnibus', which may defer stand-alone Annex III obligations to December 2027.
For the in-house compliance officer
Inventory AI used in compliance and onboarding, plan conformity-assessment and transparency steps to the 2 August 2026 baseline, and reconcile with GDPR/FADP — but verify the Digital Omnibus status before relying on the date.
EU product-safety logic: CH/UK developers placing AI on the EU market are caught; purely domestic use may not be.
Source: EU AI Act timeline →FINMA Guidance 01/2026 — crypto custody
FINMA Guidance 01/2026 — custody of crypto-based assets
Published: 12 Jan 2026
FINMA's guidance resetting supervisory expectations on the custody of crypto-based assets — segregation, bankruptcy remoteness and client-asset protection.
For the in-house compliance officer
Custodians should translate the guidance into concrete segregation policies, custody agreements and bankruptcy-remoteness analysis, and be ready to defend them to the regulator and banking counterparties.
Swiss-specific, but informs how CH custodians service EU/UK institutional clients with their own custody expectations.
Source: FINMA →Deep Analysis
Reports & long-form analysis
Where the watch above tracks what is changing, these pieces work through what it means — longer analysis on the questions that do not fit on a card.
Switzerland's Financial Supervisor Under Scrutiny: FINMA's Powers and the Credit Suisse Reckoning
An examination of FINMA's enforcement toolkit and the supervisory questions exposed by the Credit Suisse failure.
FATF and FINMA on Crypto SRO Supervision: A Fundamental Regulatory Tension
How the self-regulatory model for crypto sits against FATF expectations, and where the tension is likely to be resolved.
EBA Supervisory Findings on Crypto-Asset Service Providers and AML/CTF Implementation
A reading of the EBA's findings on CASP supervision and what they signal for AML/CTF implementation under the incoming EU framework.
Data Privacy in Finance: Risks and Opportunities for Virtual Asset Service Providers
Where data-protection obligations and AML duties collide for virtual-asset service providers — and how to hold both.
Working on a cross-border matter where one of these applies?
Start a conversation