icon-clock 6 minutes

FINMA Regulations for Crypto Companies in Switzerland

The Swiss Financial Market Supervisory Authority (FINMA) is a private, independent regulatory body with authority over various Financial Institutions, including VASPs. Crypto companies doing business in the country need to comply with FINMA regulations. In this article, we explain what those regulations are – and how to meet them efficiently with compliance software.

Perhaps more than any other nation, Switzerland is known for its banking sector. And that’s no surprise: the very rich and relatively small Alpine nation of less than 9 million has a long history as a destination for international deposits and private wealth management – and its reputation for it has not always been positive. 

That’s because one of the main reasons Switzerland’s banking sector has become so formidable – by some estimates Swiss banks hold a little under $9 trillion, or about three times the GDP of India – is that Swiss banks have in the past gone to great lengths to maintain significant levels of secrecy regarding their operations and clients. 

Coupled with a robust legal framework, an independent and neutral political system, and highly educated and professional financial class, it’s clear why Switzerland has presented an attractive location to deposit large amounts of money (and gold) for individuals and companies from around the world. 

While Switzerland has been a global financial hub for centuries, the country is also now home to more than 900 blockchain businesses due in part to Swiss crypto laws that take a positive approach towards digital ledger technologies (DLT). 

Many of the crypto companies taking advantage of the country’s advanced financial services sector and coherent, organized regulatory environment have been established in the canton of Zug, which has attracted projects with attractive tax regimes and crypto-friendly financial infrastructure – the canton even allows its residents to pay their taxes in crypto. 

However, while Switzerland certainly has a reputation as a bastion of banking secrecy that was firmly established in the 1950s and 60s, the reality these days is quite different. 

Acting on significant pressure from global financial regulators and powerful governments seeking to rein in money laundering in their own jurisdictions, the Swiss financial sector has been undergoing a major shift over the past two-and-a-half decades. 

One of the main objectives of this shift has been to develop and implement regulations that reduce the risk of the Swiss financial sector being used for money laundering and other financial crimes, and to increase the transparency of its banks’ operations. 

In 1997, the Swiss government established The Anti-Money Laundering Act (AMLA), which has formed the basis of the country’s Anti-Money Laundering (AML) regime. This has included establishing regulatory agencies and specific provisions to reduce the risk of money laundering. 

AMLA applies to financial intermediaries and governs the combating of money laundering and terrorist financing. It ensures the exercise of due diligence in the conduct of financial transactions.

Any Questions?

Our team is always ready to help you and your business.

FINMA

In 2002, the Swiss government established the Swiss Financial Market Supervisory Authority (FINMA) as a private, independent regulatory body. FINMA has regulatory authority over banks, insurance firms, stock exchanges, securities dealers, and collective investment schemes. It is responsible for combating money laundering and, where necessary, conducts financial restructuring and bankruptcy proceedings.

Virtual Asset Service Providers (VASPs) looking to be based in Switzerland are required to apply for a license from FINMA. In order to meet FINMA’s requirements, VASPs need to carry out Enhanced Due Diligence (EDD) with respect to AML (Anti-Money Laundering) and CFT (Combatting the Financing of Terrorism). Stringent KYC (Know-Your-Customer) checks must be complied with in regards to the AMLA.

FINMA’s role is essentially to ensure that the Swiss financial sector adheres to the regulations set out by the Financial Action Task Force (FATF), a global regulatory body that Switzerland is a signatory to. 

As such, FINMA’s regulations are designed to follow the FATF’s strict guidance on both traditional financial institutions (FIs) such as banks, as well as Virtual Asset Service Providers (VASPs), which the FATF has recently included as regulated entities in its Recommendations.

As such, crypto companies, which are overwhelmingly classified as VASPs by both the FATF and FINMA, need to comply with similar Know Your Customer (KYC), AML and reporting protocols as FIs. 

In order to comply with FINMA regulations, crypto companies doing business in the country – whether they are based in Switzerland, transacting with banks in the country or providing services to customers there – need to follow compliance protocols that include:

Customer due diligence (CDD): Crypto companies need to collect KYC data on customers they onboard in order to verify their identities and to ascertain the nature of their business. 

For example, some of the basic KYC information crypto companies based in Switzerland need to collect from counterparties in a transaction include information such as:

  • Sender’s Name
  • Sender’s account number or transaction reference number
  • Sender’s Address
  • Sender’s Date and place of birth 
  • Sender’s ID or customer number
  • Beneficiary’s name 
  • Beneficiary’s address 
  • For corporate clients, corporate registration documents and Ultimate Beneficial Owner (UBO) data
  • Liveness detection – FINMA requires regulated companies to verify a presented applicant is indeed a real person

Sanctions, Watchlist and PEP screening: Once the identities of individual or corporate customers have been verified, crypto companies and other VASPs need to run checks of the names against global watchlists that include individuals and companies that have been placed on sanctions lists by international and national regulatory agencies, including the Swiss government’s own autonomous sanctions list. 

Checks also need to be carried out on watchlists of individuals and companies that are known or suspected of having been involved in criminal activity, as well as lists of politically-exposed persons (PEPs). 

Adverse media searches: Depending on the risk profile, VASPs also need to carry out searches of certain media archives for references to their customers, in order to ascertain whether there have been reports in the media of their potential involvement in financial crime.

Ongoing monitoring: VASPs need to consistently monitor their customers’ transactions over time in order to identify potentially suspicious activity, including large volume transfers or interactions with high risk jurisdictions or actors. 

In parallel, VASPs also need to keep track of changes to the regulatory status of individual or corporate customers, for example if they are placed on a watchlist after they have become a customer, or if the UBO data for a corporate client changes. 

All of this information should be gathered – and contribute to – a risk-based approach to compliance that places increased scrutiny on high-risk customers. 

This approach is sanctioned and promoted by the FATF as it allows VASPs and FIs with limited resources to concentrate their compliance budgets on customers and relations that require more attention, while allowing lower risk business to proceed more easily. 

However, the basis of a risk-based approach is to truly understand the risk profile of a customer before a decision is made on the degree of CDD that should be applied to them.

For corporate customers the process of establishing a risk profile involves:

  1. Verifying the business – this initial step in a Corporate KYC process involves checking a business’ name against global corporate registry databases, ensuring that the company is real, licensed, has a verified address/place of business and is active. 
  2. Watchlist screening – The second step involves vetting the entity for known involvement in illicit financial activity, as well as assessing the risk that it might be. This involves checking the company and its registered principals and Ultimate Beneficial Owners (UBOs) against global sanctions and watchlists, including global lists of Politically Exposed Persons (PEPs) and adverse media.
  3. Establishing Risk Profile – Once these elements of a business’ identity have been established, the potential customer can be assigned a risk profile based on risk assessment procedures.

For individual customers:

  1. Performing ID Document Verification (IDV) through technologies such as OCR extraction and Passive Liveness checks
  2. Checking the individual’s name against AML and other global watchlists
  3. Establishing a risk profile for the individual
  4. If the AML risk is determined to be high, transferring the application to a human compliance team for Enhanced Due Diligence (EDD).

In Switzerland, KYC verification was previously carried out either in person or through video calls – In 2016, FINMA started allowing Swiss-based financial institutions to use online identity verification to fulfill Swiss Anti-Money Laundering Act due diligence requirements. This effectively means that customers can now be verified remotely and no longer need to visit a local branch in order to open an account.

Unfortunately, only a handful of top Swiss banks offer any sort of digital onboarding for new customers, and in most cases this is done through a cumbersome video chat process. The opportunity exists to turn digital onboarding into something that is both compliant and efficient.

While carrying out these processes and adhering to FINMA regulations may appear daunting for many VASPs with limited resources, the reality is quite different. A more secure and streamlined alternative is available thanks to online identity verification.

How KYC-Chain can help

KYC-Chain’s identity verification solutions use AI, machine learning, face-based biometrics and liveness detection to ensure the person behind a transaction is present and who they say they are. Identity verification goes well beyond traditional authentication methods to deliver a significantly higher level of assurance and establish a trusted digital identity.

Updated FINMA regulations, which took effect in January 2020, include more stringent requirements aimed at making online identity verification even more secure. KYC-Chain’s state-of-the-art identity verification technologies support FINMA regulations while also helping Swiss FIs and VASPs dramatically increase conversions and lower abandonment rates.

Using market-leading technology such as KYC-Chain can allow projects and companies to quickly and easily attain compliance with FINMA and FATF regulations using a seamless and automated process. Interested in using KYC-Chain to reach FINMA compliance? Get in touch and we’ll be happy to start a conversation.