Switzerland 2026: Corporate Criminal Liability, Anti‑Corruption and Cross‑Border Enforcement, A Practical Guide for Banks & Asset Managers

Last updated: 28 April 2026

Switzerland corporate criminal liability 2026 has moved from a niche compliance topic to an urgent boardroom priority for every financial institution with a Swiss nexus. Early‑2026 rulings from the Federal Criminal Court have sharpened the legal test for attributing criminal conduct to corporate entities, while the Federal Council and the OECD have tightened anti‑corruption expectations across the banking and asset‑management sectors. This guide distils those developments into actionable steps, covering the statutory framework, recent case law, cross‑border enforcement mechanics and a ready‑to‑deploy response playbook, so that in‑house counsel, compliance officers and external advisors can update their operational posture without delay.

At a Glance, Executive Summary

Compliance teams at Swiss banks and asset managers should note five headline points from the 2026 landscape:

• Stricter attribution standard. The Federal Criminal Court has clarified that organisational deficiencies, not just individual management fault, can anchor corporate criminal liability under Article 102 of the Swiss Criminal Code (SCC). The court’s early‑2026 decisions reinforce that a failure to implement adequate compliance measures is itself an attributable act.
• Broader risk perimeter. Banks, asset managers and their group entities face heightened exposure where anti‑money‑laundering (AML), bribery or tax‑fraud offences cannot be attributed to a specific individual, the so‑called “subsidiary” liability pathway under Article 102(1) SCC.
• Legislative proposals in motion. The draft Neue Unternehmensstrafrechtsrahmengesetz (NUFG) proposes to recalibrate negligence‑based corporate liability. Industry observers expect the consultation outcome to reshape compliance‑programme design requirements significantly.
• Cross‑border enforcement intensifying. Switzerland’s role as a hub for mutual legal assistance (MLA) requests means that foreign prosecutors, particularly in the US, UK and France, are securing Swiss evidence faster and more routinely than in previous years.
• Immediate action required. Any institution that has not stress‑tested its compliance programme against the updated attribution standard should do so within the next 30 days. If you are facing a live investigation, proceed directly to the First 48 Hours Response Playbook below.

Legal Framework: Corporate Criminal Liability in Switzerland

The cornerstone of corporate criminal liability in Switzerland is Article 102 SCC, which establishes two distinct pathways through which a legal entity can incur criminal responsibility. Understanding the precise mechanics of each pathway is essential for any bank or asset manager operating within or through Switzerland.

The primary pathway (Article 102(2) SCC) applies to a closed list of predicate offences, including bribery of Swiss and foreign public officials, money laundering, financing of terrorism and criminal‑organisation participation. Where a company lacks the organisational measures necessary to prevent such an offence, it can be held directly liable regardless of whether a specific individual perpetrator has been identified and prosecuted. The practical significance for financial institutions is obvious: inadequate AML controls, deficient know‑your‑customer (KYC) processes or absent anti‑bribery policies can each serve as the organisational deficiency that triggers liability.

The subsidiary pathway (Article 102(1) SCC) covers all other criminal offences. Here, the company is liable only if it proves impossible to attribute the offence to any specific individual within the organisation “due to its inadequate organisation.” This is a fall‑back mechanism, but in complex banking structures, where operational acts cross multiple desks, departments and even jurisdictions, the inability to pinpoint a single responsible employee is far from theoretical.

Sanctions under Article 102 SCC currently cap corporate fines at CHF 5 million. However, practitioners note that the reputational and regulatory consequences, including FINMA enforcement proceedings running in parallel, routinely dwarf the monetary penalty itself.

Attribution Across Corporate Groups and M&A

A question frequently raised by in‑house teams is whether corporate criminal liability can transfer to a company following a merger or acquisition. Under current Swiss practice, liability generally attaches to the legal entity in which the offence occurred. In a standard asset deal, the acquirer does not automatically inherit the target’s criminal exposure. In a share deal or universal succession (merger), however, the legal position is less clear‑cut, and the Centre de droit bancaire et financier has highlighted that courts increasingly scrutinise whether the successor entity perpetuates the same organisational deficiency that gave rise to the original offence.

The practical lesson for M&A teams: pre‑closing compliance audits, carefully drafted indemnities and warranty packages addressing pending or potential criminal exposure are no longer optional, they are a prerequisite for prudent deal execution.

Proposed NUFG and Legislative Developments

The draft NUFG, analysed in detail by Bär & Karrer in their April 2026 briefing, proposes to overhaul the negligence element of corporate criminal liability. The likely practical effect will be a shift from a pure “organisational deficiency” test towards a broader duty‑of‑care standard, meaning that companies could face liability not only for failing to prevent specific enumerated offences but also for general supervisory negligence. If enacted, the proposal would require banks and asset managers to demonstrate that their compliance programmes meet a defined minimum standard, making programme design, documentation and testing a de facto safe harbour. Early indications suggest that the Federal Council may publish a revised consultation text before the end of 2026.

Key 2026 Judicial and Regulatory Developments: White Collar Crime Switzerland 2026

The early months of 2026 have produced a cluster of developments that collectively raise the compliance bar for Swiss financial institutions. Practitioners surveyed by Global Investigations Review and Chambers Practice Guides identify two themes: (a) courts are applying the organisational‑deficiency test with greater rigour, and (b) the Federal Council is aligning Swiss anti‑corruption frameworks with evolving OECD standards.

Case Summaries

• Federal Criminal Court, corporate attribution ruling (early 2026). The Federal Criminal Court examined whether a financial intermediary’s failure to escalate suspicious transaction reports constituted an organisational deficiency sufficient to trigger Article 102(2) SCC liability. Holding: the court confirmed liability, reasoning that the absence of an effective escalation protocol, despite a formal AML policy being in place, demonstrated a substantive (not merely formal) compliance gap. Practical lesson: paper policies without operational testing and documented escalation procedures will not shield an institution from prosecution.
• Federal Criminal Court, group‑structure attribution (early 2026). In a related proceeding, the court addressed whether a Swiss holding company could be held liable for bribery committed by an overseas subsidiary. Holding: the court declined to extend liability to the holding entity, but emphasised that the outcome could differ where the parent exercises de facto control over the subsidiary’s compliance function or where the organisational deficiency originates at the group level. Practical lesson: group oversight structures must be designed to demonstrate arm’s‑length compliance governance while retaining effective supervisory power.

On the policy front, the Federal Department of Foreign Affairs (EDA) published updated anti‑corruption guidance in early 2026, reaffirming Switzerland’s commitment to the OECD Anti‑Bribery Convention and announcing enhanced peer‑review follow‑up for the financial sector. Industry observers expect this to translate into more proactive FINMA engagement and a higher volume of self‑reporting referrals flowing from banks to the Office of the Attorney General.

Practical Impact for Financial Institutions, Bank Investigations Switzerland

For banks operating in or through Switzerland, the 2026 developments create specific operational exposures that compliance teams must address immediately. The principal risk vectors include failures in AML transaction monitoring, deficient correspondent‑banking due diligence, facilitation of upstream tax offences (a predicate offence for money laundering under Swiss law) and bribery of foreign public officials facilitated through Swiss accounts.

FINMA enforcement proceedings frequently run in parallel with criminal investigations, creating a dual‑track exposure that complicates defence strategy. A bank may face simultaneous demands from the Office of the Attorney General (OAG), cantonal prosecutors, FINMA and, in cross‑border matters, foreign regulators and law‑enforcement agencies. Coordinating these parallel streams without inadvertently waiving privilege or providing inconsistent positions is one of the most technically demanding aspects of Swiss bank investigations.

Typical Enforcement Triggers and Evidence Patterns

Based on published enforcement actions and practitioner analysis from Kellerhals Carrard and ICLG, common triggers include:

• Suspicious Activity Report (SAR) backlogs. Delayed or absent filings to MROS (the Swiss Financial Intelligence Unit) are treated as evidence of systemic failure.
• Transaction‑monitoring gaps. Automated systems that lack calibration for jurisdiction‑specific risk (e.g., exposure to high‑risk correspondent corridors) generate regulatory concern.
• KYC documentation deficiencies. Incomplete beneficial‑ownership records or outdated risk classifications are routinely cited in OAG charging documents.
• Whistleblower reports. Internal and external whistleblower disclosures are an increasingly common entry point for Swiss prosecutors.

Immediate preservation checklist for banks under investigation:

1. Impose an immediate litigation hold on all relevant electronic and physical records.
2. Identify data custodians and preserve access logs, email archives and transaction records.
3. Segregate privileged communications from operational documents.
4. Notify internal legal counsel and the Chief Risk Officer within 24 hours.
5. Engage external Swiss criminal‑defence counsel before any communication with prosecutors or FINMA.

Practical Impact for Financial Institutions, Asset Manager Criminal Investigations

Asset managers and private‑client advisory teams face a distinct but overlapping set of exposures. The 2026 enforcement environment targets weaknesses in client onboarding, portfolio company oversight, the use of nominee structures and the failure to detect proceeds of corruption or tax evasion flowing through managed accounts.

The interplay with foreign enforcement adds a further layer of complexity. US Department of Justice (DOJ) and UK Serious Fraud Office (SFO) investigations increasingly rely on Swiss‑sourced evidence, meaning that a Swiss asset manager may find itself drawn into a foreign proceeding long before Swiss authorities take independent action. Understanding how to manage simultaneous Swiss and foreign demands, while preserving Swiss banking secrecy obligations and avoiding breaches of Article 271 SCC (prohibited acts for a foreign state), is critical. For broader context on white‑collar crime investigation techniques, asset managers should ensure their internal teams are familiar with forensic evidence standards.

When to Self‑Report Versus Defend

The decision to self‑report to Swiss authorities, whether to FINMA, the OAG or MROS, is one of the most consequential choices an asset manager will face. Industry observers expect Swiss regulators to look favourably on early, voluntary disclosure where the institution can demonstrate genuine remediation efforts, but there is no formal safe harbour equivalent to the US DOJ’s Corporate Enforcement Policy. The decision matrix should weigh:

• Whether the issue is already known or likely to be discovered by regulators independently.
• The severity and systemic nature of the compliance failure.
• Whether self‑reporting would trigger parallel foreign investigations or client notifications.
• The strength of remediation steps already taken or underway.

Procedural checklist for asset managers:

1. Conduct an immediate AML‑file audit for the affected client relationships.
2. Preserve all onboarding documentation, investment mandates and transaction histories.
3. Engage privileged external counsel before taking any position with FINMA or foreign regulators.
4. Prepare client‑notification templates in consultation with counsel (timing is critical).

Cross‑Border Enforcement and Mutual Legal Assistance Switzerland

Switzerland remains one of the most frequently targeted jurisdictions for mutual legal assistance requests in financial‑crime matters. The Federal Act on International Mutual Assistance in Criminal Matters (IMAC) governs the process, with the Federal Office of Justice (FOJ) acting as the central authority for incoming requests. Understanding cross‑border enforcement Switzerland mechanics is essential for any institution that holds client assets, transaction records or correspondence relevant to a foreign criminal investigation.

The process typically begins when a foreign authority, such as the US DOJ, the French Parquet National Financier or the UK SFO, submits a formal MLA request to the FOJ. The FOJ assesses the request for dual criminality and procedural compliance before delegating execution to the competent cantonal or federal authority. The executing authority then issues orders to the relevant bank or asset manager, compelling the production of documents, account records or witness testimony. Appeals against MLA orders are possible but are subject to strict time limits and rarely succeed in blocking disclosure entirely.

Voluntary production, where a bank or asset manager elects to provide information to a foreign authority outside the formal MLA channel, is a separate and riskier path. While it can accelerate resolution and demonstrate cooperation, it carries significant litigation risk, may breach Swiss banking secrecy (Article 47 of the Banking Act) and could expose the institution to liability under Article 271 SCC if conducted without proper authorisation. External counsel must always scope and manage any voluntary production.

Practical Timelines and Likely Disclosure Demands

For practitioners navigating parallel domestic and foreign proceedings, the international litigation guide provides additional context on coordinating multi‑jurisdictional defence strategies.

Response Playbook, First 48 Hours and First 30 Days

When a Swiss or foreign criminal probe targets a bank or asset manager, the first 48 hours are decisive. Missteps during this period, accidental privilege waivers, premature regulator communications, data spoliation, can permanently damage the institution’s defence position. The following playbook addresses Switzerland corporate criminal liability 2026 response best practices in a step‑by‑step format.

First 48 Hours Checklist

1. Secure all data. Impose an immediate litigation hold across all relevant systems, including email servers, messaging platforms, transaction databases and physical files.
2. Preserve access and audit logs. Ensure IT teams freeze automatic deletion schedules and retain metadata.
3. Identify key custodians. Map every individual whose data or communications may be relevant; restrict their ability to delete or modify records.
4. Notify internal legal counsel and the Chief Risk Officer. Use pre‑approved internal escalation language (see template below).
5. Engage external Swiss criminal‑defence counsel. Do not communicate with prosecutors, FINMA or foreign regulators before external counsel is instructed.
6. Create a privilege log. Begin logging all communications between legal advisors and the institution from the moment of notification.
7. Freeze speculative internal communications. Instruct employees not to discuss the matter via email, chat or informal channels.
8. Preserve KYC and transaction records. Segregate all client onboarding files, transaction histories and SAR records for affected relationships.
9. Determine board notification requirements. Assess whether the matter triggers board‑level or audit‑committee disclosure obligations.
10. Prepare an external communication template. Draft a holding statement for media, clients and counterparties, to be used only with counsel approval.

Sample internal escalation language: “The institution has been notified of [a domestic investigation / an MLA request / a foreign regulatory inquiry] concerning [brief description]. All relevant records are subject to an immediate litigation hold. No employee should discuss this matter externally or destroy, modify or relocate any documents. External counsel has been engaged. Further instructions will follow within [timeframe].”

First 30 Days, Operational Steps

• Internal investigation plan. Define scope, appoint an investigation team (led by external counsel to preserve privilege) and establish reporting lines to the board or audit committee.
• Forensic vendor engagement. Shortlist and onboard a digital‑forensics provider for data collection, analysis and potential expert testimony.
• AML remediation assessment. Audit current AML controls against the attribution standard confirmed in the 2026 Federal Criminal Court rulings.
• Regulator engagement strategy. Determine the timing and scope of any voluntary disclosure to FINMA or the OAG, informed by the self‑report decision matrix above.
• Coordination protocol for parallel proceedings. If foreign authorities are involved, establish a cross‑border coordination protocol to manage information flows and avoid inconsistent positions.

Corporate Compliance Switzerland 2026, Remediation Roadmap

The 2026 developments make compliance‑programme remediation an immediate priority, not a medium‑term project. Institutions that can demonstrate an updated, tested and documented programme will be in a materially stronger position if enforcement action follows. The remediation roadmap should address five pillars: risk assessment, controls, monitoring, training and third‑party due diligence.

A refreshed enterprise‑wide risk assessment should incorporate the updated attribution standard, specifically testing whether the institution’s compliance architecture would withstand scrutiny under the Federal Criminal Court’s “substantive compliance gap” reasoning. Controls must go beyond paper policies to include documented escalation protocols, calibrated transaction‑monitoring parameters and active beneficial‑ownership verification processes. For institutions with FINMA‑regulated operations or security interests in Switzerland, the remediation programme should integrate regulatory‑specific requirements alongside criminal‑law standards.

Specific Recommended Updates

For banks:

• Re‑calibrate transaction‑monitoring systems to reflect current typologies (especially correspondent‑banking corridors and tax‑offence indicators).
• Implement and document quarterly escalation‑protocol testing (tabletop exercises).
• Update KYC refresh cycles for high‑risk relationships to no less than annually.
• Ensure MROS reporting workflows include automated tracking and time‑stamped audit trails.

For asset managers:

• Review and enhance client‑onboarding procedures, particularly source‑of‑wealth verification for politically exposed persons (PEPs).
• Audit nominee‑structure documentation for compliance with beneficial‑ownership transparency requirements.
• Implement portfolio‑company oversight protocols where the manager exercises de facto control.
• Establish a formal self‑reporting decision framework, documented and approved by the board.

Penalties, Settlements and Practical Mitigation

Enforcement outcomes in Switzerland differ structurally from those in the US and UK. Swiss law does not provide for deferred prosecution agreements (DPAs) or non‑prosecution agreements (NPAs) in the manner available to the DOJ or SFO. Corporate fines under Article 102 SCC are capped at CHF 5 million, but FINMA can impose additional sanctions, including disgorgement of profits, activity bans and licence revocations, that substantially increase the total cost of non‑compliance.

The absence of a Swiss DPA framework means that cooperation credit operates informally. Industry observers expect that institutions demonstrating genuine remediation, prompt self‑reporting and full cooperation will receive more favourable outcomes at sentencing, but there is no statutory guarantee.

Conclusion, Recommended Next Steps on Switzerland Corporate Criminal Liability 2026

The 2026 enforcement landscape demands that every bank and asset manager with a Swiss nexus take three concrete steps without delay. First, stress‑test existing compliance programmes against the Federal Criminal Court’s updated attribution standard, verifying that operational escalation protocols, not just written policies, meet the substantive compliance threshold. Second, review and update M&A due‑diligence protocols to address successor criminal liability, using the comparison table above as a starting reference. Third, establish or refresh a cross‑border response playbook that coordinates Swiss and foreign defence strategies before a crisis materialises. For institutions seeking specialist guidance, the Switzerland lawyer directory provides access to qualified criminal‑defence practitioners.

Sources

1. Swiss Criminal Code (SCC), admin.ch
2. Federal Criminal Court (Bundesstrafgericht), decisions
3. Federal Department of Foreign Affairs (EDA), Corruption page
4. Bär & Karrer briefing, NUFG analysis (April 2026)
5. Global Investigations Review, Switzerland (2026)
6. Chambers Practice Guides, Anti‑Corruption 2026 (Switzerland)
7. ICLG, Business Crime Switzerland (2026)
8. Kellerhals Carrard, Anti‑Corruption brief
9. Centre de droit bancaire et financier (CDBF), succession in criminal matters