Skip to content

Regulatory Watch

What's coming, how mature it is,
and what it means for you

Regulatory change rarely arrives all at once. It is proposed, adopted, phased in, and only then fully felt — and its relevance shifts as each date approaches. This is a living view of the instruments that matter most for cross-border financial-crime and digital-asset work, arranged so you can see at a glance how far along each one is, who it touches, and where to go for the detail.

One rule, three readings

Many of these instruments are European in their make-up. But for a firm with clients across the EU, Switzerland and the UK, the same measure can mean three slightly different things — and sometimes the same thing. Each entry notes where that distinction bites, and points to the primary source — the EU institutions, FINMA, or the relevant authority — for the detail.

Maturity:ProposedAdoptedTransitionalIn forceFully applicable
CH
Major

Swiss AMLA revision + Transparency Register

Revised Anti-Money Laundering Act & Transparency Act (LETA)

Adopted

Enters into force: 1 Oct 2026

Switzerland's revised AMLA and the new Federal Act on the Transparency of Legal Entities create a central, non-public register of beneficial owners administered by the Federal Office of Justice, and extend due-diligence duties to certain advisory activities.

For the in-house compliance officer

Redesign onboarding and beneficial-ownership verification, build register-reporting workflows, and assess whether advisory work now falls within scope. Transition periods begin on the in-force date; newly incorporated entities must register within one month.

A Swiss measure, but groups with EU/UK arms must reconcile it with EU beneficial-ownership registers and the UK PSC regime — similar intent, different mechanics and access rules.

Source: Federal Council / SIF
EU
Major

EU AMLA — the new supervisor

EU Authority for Anti-Money Laundering (AMLA)

In force

Direct supervision begins: 1 Jan 2028

The EU's new central AML supervisor, operational in Frankfurt since 1 July 2025. It will directly supervise around 40 selected high-risk obliged entities and coordinate national supervisors across the Union.

For the in-house compliance officer

Even before direct supervision in 2028, expect convergence: harmonised expectations, the selection process from mid-2027, and binding technical standards. Firms with EU exposure should map whether they could fall within the directly-supervised cohort.

Directly relevant to EU-established entities; for CH and UK firms it sets the supervisory tone counterparties and EU subsidiaries will be held to.

Source: AMLA (europa.eu)
EU
Major

EU AMLR — the single rulebook

EU Anti-Money Laundering Regulation (single rulebook)

Adopted

Most provisions apply: 10 Jul 2027

A directly-applicable single rulebook harmonising customer due diligence, beneficial ownership and reporting across member states, replacing much of the patchwork left by successive directives.

For the in-house compliance officer

Plan for a single, directly-applicable standard from July 2027 — uniform CDD methods, verification and ongoing monitoring set out in binding technical standards, reducing (but not removing) national variation.

EU-wide by design; CH/UK firms serving EU clients will need to meet it for that book of business even where home rules differ.

Source: EUR-Lex
EU
Major

MiCA — crypto-asset framework

Markets in Crypto-Assets Regulation (MiCA)

In force

Transition window closed: 1 Jul 2026

The EU's comprehensive regime for crypto-asset service providers and token issuers. The last national transitional regimes closed on 1 July 2026: a provider without MiCA authorisation may no longer serve EU clients, and reverse solicitation is the only — narrow, closely-scrutinised — residual route.

For the in-house compliance officer

The cliff has passed. Verify your own and your counterparties' authorisation against the ESMA register; wind down any EU book still running on a lapsed national regime; document why any remaining EU-client contact is genuine reverse solicitation. Expect early enforcement to target exactly these two gaps.

An EU passport regime: CH-based providers reach EU clients only via an EU-authorised entity; UK firms face a separate domestic perimeter.

Source: ESMA
EU
Moderate

DORA — operational resilience

Digital Operational Resilience Act (DORA)

Fully applicable

Applies: 17 Jan 2025

EU framework for ICT risk management, incident reporting and oversight of critical third-party providers across the financial sector — applicable since January 2025.

For the in-house compliance officer

Treat as live: ICT risk registers, incident-reporting pathways and third-party (including cloud) oversight must be operational. Relevant to any platform handling regulated data, including evidence and case material.

EU-anchored, but its third-party oversight reaches CH/UK vendors serving EU financial entities.

Source: EU / ESAs
EU
Moderate

EU AI Act — high-risk regime

EU AI Act — high-risk obligations

Transitional

High-risk rules apply (provisional): 2 Aug 2026

Obligations for high-risk AI systems — capturing AI used in credit scoring, KYC and agentic tools in finance. The 2 August 2026 date is subject to the EU 'Digital Omnibus', which may defer stand-alone Annex III obligations to December 2027.

For the in-house compliance officer

Inventory AI used in compliance and onboarding, plan conformity-assessment and transparency steps to the 2 August 2026 baseline, and reconcile with GDPR/FADP — but verify the Digital Omnibus status before relying on the date.

EU product-safety logic: CH/UK developers placing AI on the EU market are caught; purely domestic use may not be.

Source: EU AI Act timeline
CH
Moderate

FINMA Guidance 01/2026 — crypto custody

FINMA Guidance 01/2026 — custody of crypto-based assets

In force

Published: 12 Jan 2026

FINMA's guidance resetting supervisory expectations on the custody of crypto-based assets — segregation, bankruptcy remoteness and client-asset protection.

For the in-house compliance officer

Custodians should translate the guidance into concrete segregation policies, custody agreements and bankruptcy-remoteness analysis, and be ready to defend them to the regulator and banking counterparties.

Swiss-specific, but informs how CH custodians service EU/UK institutional clients with their own custody expectations.

Source: FINMA

Deep Analysis

Reports & long-form analysis

Where the watch above tracks what is changing, these pieces work through what it means — longer analysis on the questions that do not fit on a card.

2025Available on request

Switzerland's Financial Supervisor Under Scrutiny: FINMA's Powers and the Credit Suisse Reckoning

An examination of FINMA's enforcement toolkit and the supervisory questions exposed by the Credit Suisse failure.

SwitzerlandFINMASupervision
2025Available on request

FATF and FINMA on Crypto SRO Supervision: A Fundamental Regulatory Tension

How the self-regulatory model for crypto sits against FATF expectations, and where the tension is likely to be resolved.

SwitzerlandCryptoAMLFATF
2025Available on request

EBA Supervisory Findings on Crypto-Asset Service Providers and AML/CTF Implementation

A reading of the EBA's findings on CASP supervision and what they signal for AML/CTF implementation under the incoming EU framework.

EUCryptoAML/CTFEBA
2023Available on request

Data Privacy in Finance: Risks and Opportunities for Virtual Asset Service Providers

Where data-protection obligations and AML duties collide for virtual-asset service providers — and how to hold both.

EUData privacyVASPsGDPR

Working on a cross-border matter where one of these applies?

Start a conversation