[codicts-css-switcher id=”346″]

Global Law Experts Logo
finma aml crypto switzerland

Switzerland 2026: FINMA AML Reforms & Crypto Reporting, Practical Compliance Checklist for Exchanges, Token Issuers and Fintechs

By Global Law Experts
– posted 1 hour ago

The FINMA AML crypto Switzerland landscape shifted materially in 2026, creating urgent compliance work for every crypto exchange, token issuer and fintech operating under Swiss financial-market supervision. FINMA published substantial revisions to its Anti-Money Laundering Ordinance (AMLO-FINMA) during April–May 2026, tightening enhanced due diligence triggers, expanding supervisory expectations for virtual asset service providers (VASPs) and responding directly to criticisms raised in Switzerland’s latest FATF mutual evaluation. Separately, the expansion of MRK-style reporting to crypto assets, effective 1 January 2026, introduced new transaction-reporting obligations channelled through the Money Laundering Reporting Office Switzerland (MROS). This article provides a practitioner-ready, step-by-step compliance checklist that maps every obligation by entity type so compliance officers, general counsels and exchange founders can act immediately.

Six immediate actions every affected Swiss crypto business should take:

  1. Review the revised AMLO-FINMA text against your current AML programme and gap-analyse by entity type.
  2. Confirm whether your business falls within MRK crypto reporting scope (effective 1 January 2026).
  3. Update onboarding and KYC procedures to reflect lowered thresholds and expanded beneficial-ownership capture requirements.
  4. Implement or upgrade Travel Rule messaging infrastructure for VASP-to-VASP transfers.
  5. Re-assess custody and segregation arrangements against FINMA’s updated guidance.
  6. File any overdue suspicious activity reports (SARs) with MROS and document your remediation timeline.

FINMA AML Ordinance, Key 2026 Changes

Summary of legal amendments

Switzerland does not regulate crypto assets through a standalone statute. Instead, it applies its existing financial-market laws, principally the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA, SR 955.0) and its implementing ordinances, to crypto activities that constitute financial intermediation. The AMLO-FINMA ordinance sits beneath the AMLA and translates statutory obligations into operational rules that FINMA-supervised institutions must follow.

The April–May 2026 AMLO-FINMA revisions address several areas that the FATF had flagged as deficient during Switzerland’s most recent evaluation cycle. The key amendments cover the following areas:

  • Expanded scope of covered activities. The revised ordinance clarifies that entities providing crypto custody, staking-as-a-service and decentralised-finance gateway services fall within the definition of financial intermediaries where they exercise control over client assets. This closes an ambiguity that had allowed certain custodial-adjacent operators to argue they were outside FINMA’s AML perimeter.
  • Lowered thresholds for simplified due diligence. The previous CHF 1,000 threshold for occasional crypto transactions requiring identity verification has been reduced, aligning Switzerland more closely with the FATF’s zero-threshold recommendation for virtual-asset transfers. Financial intermediaries must now apply full customer due diligence (CDD) to a broader range of transactions.
  • Enhanced due diligence (EDD) triggers. New EDD triggers include transactions involving privacy-enhancing technologies (mixers, tumblers, privacy coins), cross-border transfers to jurisdictions with strategic AML deficiencies, and business relationships with token issuers that have not completed FINMA classification.
  • Beneficial ownership requirements. The revised ordinance strengthens obligations around identifying and verifying beneficial owners of legal structures involved in token issuance, including foundations and associations commonly used in Swiss crypto projects.
  • Record-keeping and audit trails. Minimum record-retention periods are confirmed at ten years from the end of the business relationship, and supervised entities must maintain complete audit trails for all crypto-asset transfers, including wallet addresses, transaction hashes and counterparty VASP identifiers.

Practical implications for VASPs

For VASPs already operating under FINMA supervision or affiliated with a self-regulatory organisation (SRO), the 2026 revisions require an immediate gap analysis. Industry observers expect the lowered thresholds alone to increase compliance costs by requiring identity verification for transactions that were previously processed under simplified procedures. Exchanges processing high volumes of small-denomination transfers will likely need to invest in automated identity-verification technology or face operational bottlenecks.

The expanded EDD triggers are particularly significant for platforms that list privacy coins or offer mixer-adjacent services. The likely practical effect is that many exchanges will delist or restrict privacy-enhancing tokens rather than absorb the cost of continuous enhanced monitoring, a trend already visible in other FATF-compliant jurisdictions.

Timeline and compliance deadlines

The revised AMLO-FINMA text was published for consultation in April 2026 and finalised in May 2026. FINMA has indicated that supervised entities should implement the changes within a reasonable transition period from the date of publication. Early indications suggest FINMA expects operational compliance by late 2026, though formal transitional guidance may follow. Entities that have not yet commenced their gap analysis face material enforcement risk.

MRK Crypto Reporting, Scope, Thresholds and Workflows

MRK in plain language

MRK crypto reporting refers to the systematic transaction-reporting framework that expanded to cover crypto-asset transactions with effect from 1 January 2026. Under this framework, financial intermediaries that process qualifying crypto transactions must submit structured reports to MROS, Switzerland’s financial intelligence unit. The expansion aligns Switzerland with the FATF’s requirement that countries apply the same AML reporting standards to virtual assets as they apply to traditional financial transactions.

Any financial intermediary supervised by FINMA, or subject to the AMLA through SRO membership, that executes, facilitates or intermediates crypto-asset transfers meeting the applicable thresholds must report. This includes centralised exchanges, broker-dealers in crypto assets, custodians that execute transfers on behalf of clients, and payment service providers handling crypto-to-fiat conversions.

Required data fields and Travel Rule overlap

MRK reports must include originator and beneficiary identification data, name, account or wallet identifier, and, where available, address and date of birth. These data elements overlap substantially with the information required under Switzerland’s implementation of the FATF Travel Rule, meaning that entities with functioning Travel Rule infrastructure can repurpose much of the same data pipeline for MRK reporting.

The required data fields for MRK reporting typically include:

  • Originator name, account number or unique wallet address
  • Beneficiary name, account number or unique wallet address
  • Transaction amount and asset type (including token identifier)
  • Date and time of execution
  • Counterparty VASP identifier (where applicable)
  • Purpose of payment or transfer (where known)

Technology and data considerations

Entities should evaluate whether their existing compliance technology stack can generate MRK-compliant reports in the format required by MROS. Automated extraction from blockchain analytics platforms, combined with customer-data enrichment from KYC databases, is the most efficient approach. Manual reporting is feasible for low-volume operators but introduces error risk and scalability constraints.

Who Is in Scope, Entity Map and Quick Decision Flow

Entity definitions under Swiss AML law

Swiss AML law applies to “financial intermediaries”, a broad category defined in Article 2 of the AMLA. For crypto businesses, the critical question is whether a given activity constitutes financial intermediation. FINMA’s crypto-services dossier provides a detailed mapping of specific crypto activities to regulatory categories.

Entity type Primary reporting obligations (MRK / FINMA 2026) Notes & effective date
Crypto exchanges (centralised) MRK reporting for covered transactions; full FINMA AML programme; transaction monitoring; Travel Rule implementation MRK expansion effective 1 Jan 2026; FINMA ordinance revisions published Apr–May 2026
Token issuers (stablecoins / asset tokens) Possible reporting if issuer controls transfers or maintains registry; enhanced KYC for stablecoins per FINMA guidance Stablecoin guidance requires issuer onboarding and transfer controls; apply FINMA classification tests
Custodians / wallet providers FINMA supervision if holding client assets; MRK reporting if transactions meet thresholds Custody guidance from FINMA applies, technology and segregation expectations
Payment service providers (crypto-to-fiat) Full AML programme; MRK reporting; Travel Rule compliance Classified as financial intermediaries under AMLA Article 2
DeFi gateway operators In scope where operator exercises control over user assets or transaction execution Revised AMLO-FINMA clarifies custodial-adjacent activities

Quick checklist to self-assess scope

Use this five-step decision flow to determine whether your business falls within FINMA AML crypto Switzerland obligations:

  1. Do you hold, transfer or manage crypto assets on behalf of clients? If yes, you are likely a financial intermediary.
  2. Are you licensed by FINMA or affiliated with a Swiss SRO? If yes, the revised AMLO-FINMA applies directly.
  3. Do you execute or facilitate transfers that meet MRK reporting thresholds? If yes, MRK reporting obligations apply from 1 January 2026.
  4. Do you issue tokens that function as payment instruments or represent claims on assets? If yes, FINMA classification and potential AML obligations apply.
  5. Do you provide technical infrastructure (wallets, nodes, staking) without controlling client assets? If no control exists, you may fall outside scope, but document your analysis carefully, as the revised ordinance narrows this exclusion.

Practical Compliance Checklist, Crypto Exchanges

This Swiss crypto compliance checklist covers the operational steps that centralised crypto exchanges must implement to satisfy both the revised AMLO-FINMA and MRK reporting requirements. Crypto exchange compliance in Switzerland now requires a layered approach spanning governance, technology, and ongoing monitoring.

Onboarding and KYC

  • Tier 1, Identity verification. Collect government-issued photo ID, verify against reliable databases or use video-identification. Apply to all customers at account opening, no minimum-transaction threshold exemption under the revised ordinance.
  • Tier 2, Beneficial ownership. Obtain a signed declaration of beneficial ownership for all accounts. For corporate accounts, verify the entire ownership chain to the ultimate beneficial owner (UBO) holding 25% or more, or the controlling person.
  • Tier 3, Risk classification. Assign each customer a risk rating (low, medium, high) based on jurisdiction, transaction profile, source of funds and PEP status. High-risk customers trigger EDD, including enhanced source-of-funds documentation.
  • Tier 4, Ongoing monitoring. Re-verify customer data at intervals determined by risk classification. Update KYC records whenever material changes occur (change of beneficial owner, jurisdiction change, unusual transaction patterns).

Transaction monitoring and reporting

  • Automated screening. Deploy transaction-monitoring software capable of flagging unusual patterns, including rapid asset conversions, structuring below thresholds, and transfers involving sanctioned addresses or privacy-coin mixers.
  • Travel Rule implementation. Ensure that every qualifying VASP-to-VASP transfer includes originator and beneficiary identification data transmitted to the counterparty VASP before or simultaneously with the transfer.
  • SAR filing. File suspicious activity reports with MROS without delay when monitoring triggers indicate potential money laundering, terrorist financing or sanctions evasion. Document the decision-making process for both filed and non-filed alerts.
  • MRK reporting. Generate and submit MRK-compliant transaction reports for all covered crypto transactions, using the data fields and format specified by MROS.

Custody and segregation

  • Client-asset segregation. Maintain clear separation between exchange-owned assets and client assets, both on-chain and in internal ledgers. FINMA expects demonstrable proof-of-control and proof-of-reserves.
  • Key management. Implement multi-signature or MPC (multi-party computation) controls for private keys. Document key-management policies, including succession and disaster-recovery procedures.
  • Insurance and capital adequacy. Evaluate whether your custody model requires additional capital buffers or insurance coverage under FINMA’s prudential framework.

Third-party risk

  • Counterparty VASP due diligence. Before transmitting client assets to another VASP, verify that the counterparty is licensed, registered or otherwise compliant with AML requirements in its home jurisdiction.
  • Outsourced services. If custody, KYC or transaction monitoring is outsourced, ensure contractual provisions require the service provider to meet FINMA standards. Retain oversight responsibility, delegation does not eliminate accountability.

Practical Compliance Checklist, Token Issuers and ICO/STO Projects

Token classification checklist

Token issuer reporting in Switzerland begins with classification. FINMA distinguishes between payment tokens, utility tokens and asset tokens. Any token that functions as a means of payment triggers full AML obligations. Asset tokens that qualify as securities under Swiss law also attract prospectus and ongoing-disclosure requirements. Utility tokens may trigger AML obligations at the point of issuance if the issuer accepts funds from investors in a manner that constitutes financial intermediation.

  • Step 1. Classify your token using FINMA’s published framework: payment, utility or asset token.
  • Step 2. If the token has a payment function or is a stablecoin, apply full AML/KYC at issuance and on secondary transfers where the issuer maintains control.
  • Step 3. If the token qualifies as a security (asset token), confirm prospectus obligations and ongoing reporting duties in addition to AML compliance.
  • Step 4. Document your classification analysis and retain it for inspection, FINMA expects a reasoned written assessment.

Issuer reporting and transfer controls

Token issuers who maintain a registry or whitelist of holders, or who control the smart-contract functions governing transfers, fall within MRK reporting scope for transactions they facilitate. This is particularly relevant for stablecoin issuers, who typically operate permissioned transfer systems. These issuers must implement transaction-monitoring and SAR-filing processes equivalent to those required of exchanges.

Stablecoin-specific rules

FINMA’s guidance on stablecoins emphasises that all stablecoin holders must be thoroughly identified before tokens can be transferred to them. Anonymous transfers of stablecoins are prohibited where the issuer controls the transfer mechanism. This means that stablecoin issuers must maintain a complete, verified register of holders and apply ongoing KYC monitoring. The practical effect is that stablecoins cannot circulate freely among unverified wallets if the issuer retains any transfer-gating capability.

KYC, Onboarding and Notarial / Corporate Steps

KYC tech stack and red flags

Meeting KYC requirements in Switzerland now demands a technology-enabled approach. Automated identity-document verification (IDV), sanctions screening (against SECO and international lists), PEP databases and blockchain analytics should be integrated into the onboarding workflow. Red flags requiring escalation include mismatches between declared source of funds and on-chain transaction history, newly created wallets receiving large deposits, and connections to known mixer or tumbler services.

Notarial steps and certification

Swiss crypto projects structured as stock corporations (AG) or limited liability companies (GmbH) require notarial authentication for certain corporate actions, including share-capital increases associated with token issuances and changes to articles of association. Where a token sale involves the creation of new shares or participation rights, a Swiss notary must authenticate the relevant corporate resolutions. Additionally, subscription agreements for token sales should include AML representations and warranties from investors, and beneficial-ownership declarations should be embedded in the subscription documentation.

Beneficial-ownership capture, sample data points

The following data should be captured for every investor or customer at onboarding:

  • Full legal name, date of birth and nationality
  • Residential address and correspondence address (if different)
  • Government-issued photo ID (passport or national ID)
  • Beneficial-owner declaration (if acting on behalf of another person or entity)
  • Source-of-funds declaration (narrative plus supporting documentation for high-risk relationships)
  • PEP self-declaration
  • Wallet address(es) to be used in the business relationship

Reporting Workflows and Technology Considerations

Options for Travel Rule implementation

Swiss-based VASPs have several technical options for satisfying Travel Rule obligations:

  • VASP-to-VASP messaging protocols. Industry-standard protocols (such as those developed by the OpenVASP initiative or TRISA) enable encrypted peer-to-peer data exchange between compliant VASPs.
  • Intermediated solutions. Third-party compliance platforms act as intermediaries, matching counterparty VASPs and routing originator/beneficiary data securely.
  • Sunrise considerations. Where a counterparty VASP is in a jurisdiction that has not yet implemented the Travel Rule, the Swiss VASP must still collect and retain originator data and apply enhanced scrutiny to the transaction.

MRK reporting integration

MRK reports should be generated programmatically from existing transaction databases and submitted to MROS using the prescribed format and channel. Compliance teams should establish automated triggers that flag reportable transactions, populate report templates and route them for review before submission. Integrate MRK reporting into your existing compliance case-management system to avoid duplication and ensure complete audit trails.

Data protection and recordkeeping

Swiss data-protection law (the Federal Act on Data Protection, FADP) applies alongside AML obligations. Entities must ensure that personal data collected for AML purposes is processed lawfully, stored securely and retained for the minimum period required by the AMLA (ten years from the end of the business relationship). Cross-border data transfers, for example, sending originator data to a counterparty VASP in another jurisdiction, must comply with FADP requirements, including appropriate safeguards where the recipient country does not provide adequate data-protection standards.

Enforcement, Penalties and Practical Compliance Risk Management

Typical FINMA findings

FINMA’s supervisory practice in the crypto AML space has highlighted several recurring deficiencies: incomplete beneficial-ownership documentation, failure to apply EDD to high-risk business relationships, inadequate transaction-monitoring systems that generate excessive false positives without effective triage, and delays in SAR filing. FINMA’s 2024 risk-monitoring report specifically flagged rising money-laundering risks in the crypto sector, signalling an increasingly assertive supervisory posture.

How to prepare for inspection

  • Maintain a compliance file that includes your AML risk assessment, policies, procedures, training records and audit reports.
  • Ensure your AML officer can demonstrate real-time access to transaction-monitoring dashboards and SAR decision logs.
  • Prepare a remediation register showing how previously identified deficiencies have been addressed, with evidence of implementation.

Remediation playbook

If your gap analysis reveals non-compliance, prioritise remediation in order of enforcement risk: SAR-filing backlogs first, then KYC deficiencies, followed by technology upgrades. Document every remediation step with dates, responsible persons and evidence of completion. Industry observers expect FINMA to apply stricter sanctions where entities have failed to act promptly after the publication of the revised ordinance.

Conclusion, Six Immediate Next Actions for FINMA AML Crypto Switzerland Compliance

The 2026 reforms to FINMA AML crypto Switzerland rules represent the most significant compliance event for the Swiss digital-asset sector in recent years. Every exchange, token issuer, custodian and fintech operating in or from Switzerland must act now to avoid enforcement exposure. To find qualified Swiss commercial counsel who can assist with AML programme design, FINMA submissions and ongoing compliance, visit the Global Law Experts lawyer directory.

  1. By end of Q3 2026: Complete your AMLO-FINMA gap analysis and document all identified deficiencies.
  2. Immediately: Confirm MRK reporting obligations and file any overdue reports with MROS.
  3. By end of Q3 2026: Update KYC onboarding procedures to reflect lowered thresholds and expanded BO requirements.
  4. By end of Q4 2026: Deploy or upgrade Travel Rule messaging infrastructure.
  5. By end of Q4 2026: Re-assess custody arrangements and document segregation controls.
  6. Ongoing: Train all relevant staff on revised procedures and schedule your next independent AML audit.

Need Legal Advice?

This article was produced by Global Law Experts. For specialist advice on this topic, contact Martin Eisenring at EISENRING Attorneys & Notaries, a member of the Global Law Experts network.

Sources

  1. FINMA, Money laundering supervision (crypto dossier)
  2. FINMA, At a glance: list of crypto services
  3. Fedlex, Swiss Federal Act on Combating Money Laundering (AMLA, SR 955.0)
  4. Fedlex, Anti-Money Laundering Ordinances (AMLO-FINMA)
  5. MROS, Money Laundering Reporting Office Switzerland
  6. FATF, Guidance on Virtual Assets and VASPs

FAQs

What are the main changes in FINMA's AML rules in 2026?
The April–May 2026 AMLO-FINMA revisions expand the scope of covered crypto activities, lower thresholds for identity verification on crypto transactions, introduce new enhanced due diligence triggers for privacy coins and mixer services, and strengthen beneficial-ownership documentation requirements. These changes respond to FATF criticisms from Switzerland’s most recent mutual evaluation.
Token issuers fall within MRK reporting scope if they control the transfer mechanism, for example, by maintaining a holder registry or operating permissioned smart contracts. Stablecoin issuers are most commonly affected. Issuers of pure utility tokens without transfer-gating capabilities are generally outside MRK scope, though they must still comply with AML obligations at the point of issuance.
Exchanges must verify customer identity at account opening using government-issued ID, collect beneficial-ownership declarations, assign risk classifications, apply enhanced due diligence for high-risk customers, and conduct ongoing monitoring. Automated screening against sanctions lists and PEP databases is essential. The revised AMLO-FINMA effectively removes simplified-procedure exemptions for small crypto transactions.
Yes. FINMA’s stablecoin guidance requires that all stablecoin holders be identified and verified before tokens can be transferred to them. Anonymous transfers are prohibited where the issuer controls the transfer mechanism. This imposes stricter onboarding requirements on stablecoin issuers compared to issuers of other token types.
Swiss VASPs can comply using VASP-to-VASP messaging protocols (such as OpenVASP or TRISA), intermediated compliance platforms that match and route data between counterparties, or direct bilateral data-exchange agreements. Where a counterparty VASP is in a non-compliant jurisdiction, the Swiss VASP must still collect originator data and apply enhanced scrutiny.
Under the AMLA, financial intermediaries must retain all AML-relevant records, including KYC documents, transaction data, wallet addresses, SAR decision logs and audit reports, for a minimum of ten years from the end of the business relationship. Records must be stored securely and be retrievable for inspection by FINMA or MROS.
Suspicious activity reports go to MROS, Switzerland’s financial intelligence unit. FINMA is notified of systemic compliance failures, material breaches of supervisory law, or changes in your licensed activities. If you discover a suspected money-laundering transaction, report to MROS immediately. If you identify a structural compliance gap, consult legal counsel and consider proactive disclosure to FINMA.
vanuatu citizenship requirements
By Jonathon Richards

posted 44 minutes ago

By Global Law Experts

posted 3 hours ago

Find the right Legal Expert for your business

The premier guide to leading legal professionals throughout the world

Specialism
Country
Practice Area
LAWYERS RECOGNIZED
0
EVALUATIONS OF LAWYERS BY THEIR PEERS
0 m+
PRACTICE AREAS
0
COUNTRIES AROUND THE WORLD
0
Join
who are already getting the benefits
0

Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Global Law Experts App

Now Available on the App & Google Play Stores.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Contact Us

Stay Informed

Join Mailing List
About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Global Law Experts App

Now Available on the App & Google Play Stores.

Contact Us

Stay Informed

GLE

Lawyer Profile Page - Lead Capture
GLE-Logo-White
Lawyer Profile Page - Lead Capture

Switzerland 2026: FINMA AML Reforms & Crypto Reporting, Practical Compliance Checklist for Exchanges, Token Issuers and Fintechs

Send welcome message

Custom Message