ARTICLE
28 May 2026

FINMA Tightens AML and Sanctions Enforcement

SW
Schellenberg Wittmer Ltd

Contributor

Schellenberg Wittmer Ltd logo
We are a leading Swiss business law firm with offices in Zurich, Geneva and Singapore, and take care of all our clients’ needs – transactions, advisory, disputes around the world. At Schellenberg Wittmer, we strive to meet your needs by providing commercially focused, dedicated legal advice of the highest quality.
Explore Firm Details
This page presents a comprehensive list of countries and territories worldwide, organized alphabetically for easy reference. The content includes standard country names along with their associated regions and dependencies, providing a global geographic reference point.
Switzerland Government, Public Sector
Louis Burrus,Simone Nadelhofer,Grégoire Tribolet
+1 Authors
 Your Author LinkedIn Connections
Louis Burrus’s articles from Schellenberg Wittmer Ltd are most popular:
  • in United Kingdom
Schellenberg Wittmer Ltd are most popular:
  • within Government, Public Sector, Technology and Employment and HR topic(s)

Key Take-aways

  1. FINMA is tightening its approach to money laundering and sanctions— formal compliance is no longer sufficient; effective implementation at all levels is required.
  2. Geopolitical risks (Ukraine, Iran, sanctions) and new EU AMLA rules effective in 2027 significantly increase the pressure on Swiss institutions to act.
  3. Boards of Directors and executive management must proactively review governance, risk tolerance, and control architecture now— before FINMA does.

1 FINMA Takes a Tougher Stance with De Facto “Zero Tolerance”

In its proceedings and audits, FINMA shows very little tolerance for weaknesses regarding assets linked to Russia and/or assets subject to sanctions. The focus is on sanctions compliance and money laundering, and increasingly on terrorist financing as well. In the event of deficiencies, consequences loom not only for the bank but also for guarantors.

In 2026, FINMA will once again conduct numerous

on-site inspections, some with SECO participation, to thoroughly review the implementation of regulations. It is crucial that guidelines not only exist in form but are effectively implemented in day-to-day operations, from onboarding through transaction monitoring to reporting to MROS and, where applicable, SECO.

A purely formal compliance approach is no longer sufficient; effective implementation at all levels is expected.

Formal compliance is not enough – execution matters

Several structural causes underlie this stricter stance, which are similar across many institutions.

For instance, despite relevant guidance from FINMA (Supervisory Circular 05/2023), banks often define their risk tolerance too vaguely or too generically.

Concrete limits, processes, and reporting lines are frequently lacking, and high-risk areas and clients are not addressed with sufficient granularity. In practice, this is evident, for example, in the fact that ties to 

Russia are often defined solely by domicile, while clients residing outside Russia but holding Russian nationality or having assets originating in Russia are not captured—even though, in FINMA’s view, the Russia nexus extends significantly further.

Furthermore, the client portfolio is often not aligned with the defined risk tolerance. A lack of expertise, inadequate monitoring systems, and insufficient employee awareness hinder effective risk management. This relates to the obligation to conduct a risk analysis pursuant to Art. 25(2) of the FINMA Anti-Money Laundering Ordinance (GwV- FINMA).

Another problem is the failure to implement controls: while control mechanisms exist in theory, they are sometimes circumvented in day-to-day operations or inadequately documented. Additionally  governance weaknesses are evident, such as insufficient integration of relevant risks into strategic decisions, a lack of “tone from the top,” or conflicts of interest in sensitive business relationships.

Finally, pressure from abroad is also raising the bar. International partners, supervisory authorities, and the U.S. in particular are exerting considerable pressure on Switzerland.

For banks, this means that it is not enough to merely acknowledge the heightened regulatory scrutiny. Rather, governance structures, risk appetite, control architecture, and the client portfolio should be critically reviewed and adjusted.

2 Escalation due to the geopolitical situation and U.S. expectations

The current geopolitical situation, particularly the war in Ukraine, tensions with Russia, and the conflict with Iran—is significantly intensifying requirements related to countering terrorist financing and sanctions. New and expanded embargoes, sanctions lists, and sector-specific restrictions are clearly increasing the complexity of day-to-day operations.

At the same time, the U.S. has significantly tightened its expectations of foreign banks. Recent cases show that U.S. authorities are prepared to take far-reaching measures, including classifying institutions as money laundering risks and threatening to exclude them from the U.S. financial system. The extraterritorial effect of certain U.S. sanctions regimes, as well as close cooperation with international authorities, means that correspondent banking relationships with U.S. ties are particularly sensitive, and any shortcomings can quickly lead to drastic consequences.

Geopolitics and pressure from the US drive risk exposure

At the same time, institutions are expected to incorporate U.S. risk assessments into their risk analysis. The handling of payments and customers with potential ties to sanctioned organizations or terrorist financing networks is subject to particularly strict scrutiny.

In this environment, the focus is not only on formal legal compliance, but also on managing reputational risks and meeting international “best practice” standards.

3  Trade-based Money Laundering as a Specific Risk

Banks should pay particular attention to trade-based money laundering (TBML). Institutions engaged in trade finance, commodity finance, and complex international supply chains are particularly affected.

In practice, weaknesses often emerge: payment, document, and trade data are frequently not sufficiently integrated, resulting in a lack of end-to- end monitoring. At the same time, manual processes increase the likelihood of errors and make pattern recognition more difficult. Furthermore, TBML- specific expertise is often limited, meaning that typical warning signs are not recognized or are only identified sporadically.

TBML increasingly under regulatory scrutiny

As a result, such schemes may go undetected, posing significant regulatory and reputational risks. Thematic audits in this area are likely to increase further.

Institutions should treat TBML as a distinct risk area and align their compliance accordingly.

4 FINMA’s Limited Early Intervention Options

FINMA currently has only limited effective early intervention tools at its disposal. It is essentially reliant on Art. 31 FINMAG or enforcement proceedings, which are often cumbersome.

This results in either relatively drastic intervention or the need to wait until risks escalate. Individual proceedings against executives often follow as well.

Early action improves standing with FINMA

In practice, this means: Early identification and transparent rectification of deficiencies significantly improve the starting position vis-à-vis the regulator.

5 Role of the Board of Directors

Tighter supervisory practices and international expectations place a central responsibility on the 

Board of Directors. It bears particular responsibility for risk tolerance, governance, and the oversight of executive management. The Board of Directors should regularly receive structured reports on risks, KPIs s (Key Risk Indicators), and audits, and consistently follow up on deficiencies, including through strategic decisions where necessary.

6 New EU AMLA Rules and Their Relevance for Swiss Institutions with a Presence in the EU

In addition, Swiss banks with branches or subsidiaries in the EU are affected by the new EU anti-money laundering regime: With the Anti-Money Laundering Regulation (AMLR) and the new EU Anti-Money Laundering Authority (AMLA), the EU is introducing a uniform “Single Rulebook” and significantly stricter, in some cases direct, supervision, which will apply in the EU as of July 10, 2027, and will thus also become binding for the European units of Swiss institutions. This requires early adaptation of governance, processes, data management, and sanctions controls within the EU entities, as well as group-wide harmonization to avoid duplication and inconsistencies between the Swiss and EU regimes.

7 Specific recommendations for banks

To ensure a robust legal and regulatory position in this environment, the following steps are particularly recommended:

First, governance and risk tolerance should be comprehensively reviewed. This includes, in particular, reviewing the mandate, composition, and flow of information between the board of directors and executive management with regard to money laundering and sanctions risks. Likewise, the money laundering risk analysis pursuant to Art. 25(2) GwV- FINMA must be reviewed, and risk tolerance clearly defined, including specific measures for managing, steering, controlling, reporting, and monitoring these risks.

Furthermore, the control architecture must be strengthened. Existing guidelines should be systematically compared with actual practice (“policy vs. practice gap”). At the same time, independent controls must be expanded, particularly in the case of complex structures and non-standardized transactions.

In addition, specific measures must be implemented. These include, in particular, the  introduction or optimization of monitoring scenarios for TBML and terrorist financing, the improvement of data quality, and the integration of trade, document, and payment data. Equally important are targeted training programs for front-office, operations, compliance, and board members on recognizing red flags, as well as identifying and avoiding conflicts of interest.

Furthermore, institutions should regularly update their geopolitical risk and scenario analyses, with a particular focus on sanctions regimes, conflict hotspots, and sector-specific risks. In this context, it is also necessary to assess whether adjustments to the business strategy—such as de-risking certain markets or products—are warranted.

Finally, proactive self-correction and active dialogue with the regulator are crucial. When vulnerabilities are identified, internal escalations should occur at an early stage, and structured remediation plans should be implemented, ideally initiated and monitored by the board of directors. In sensitive situations, it is also advisable to proactively seek dialogue with FINMA to explain one’s own approach and avoid unexpected developments in enforcement.

8 Support

We support banks and financial intermediaries in areas such as reviews of governance, risk, and compliance structures, the implementation of anti- money laundering frameworks, gap analyses, as well as FINMA audits and training. We would be happy to discuss with you how you can adapt your organization to the stricter requirements in a pragmatic and effective manner.

 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Louis Burrus
Louis Burrus
Photo of Simone Nadelhofer
Simone Nadelhofer
Photo of Matthias Gstoehl
Matthias Gstoehl
Photo of Grégoire Tribolet
Grégoire Tribolet
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More