Swiss AML/KYC Framework for Digital Assets — AMLA, FINMA & Travel Rule

Swiss AML/KYC Framework for Digital Assets

Switzerland’s anti-money laundering and know-your-customer framework for digital assets is among the most comprehensive globally. Built on the Anti-Money Laundering Act (Geldwaschereigesetz, AMLA/GwG), FINMA supervision, and alignment with Financial Action Task Force (FATF) standards, the framework applies identical AML standards to cryptocurrency and fiat financial intermediation. Unlike many countries, Switzerland does not use the concept of Virtual Asset Service Providers (VASPs) — crypto companies are regulated as financial intermediaries under AMLA if they meet specific activity triggers.

Core Legal Framework

The Anti-Money Laundering Act (AMLA) establishes fundamental AML obligations for all financial intermediaries, including crypto firms. The Financial Market Supervision Act (FINMASA) grants enforcement authority to FINMA. The Swiss Criminal Code criminalizes money laundering with penalties up to five years imprisonment. The FINMA Anti-Money Laundering Ordinance (AMLO-FINMA) provides detailed requirements for customer due diligence, transaction monitoring, and suspicious activity reporting.

The key principle: when Swiss financial intermediaries hold or transfer crypto assets, they are subject to identical AML obligations as with fiat currency. No separate regulatory track exists for digital assets. This “same activity, same regulation” approach means that a crypto exchange operating in Zug faces the same AML obligations as UBS or Credit Suisse — adapted for crypto-specific operational characteristics but equivalent in regulatory intensity.

Financial Intermediary Triggers

Not every entity that touches cryptocurrency qualifies as a financial intermediary under AMLA. Specific activities trigger AMLA obligations. Holding cryptocurrencies for others (custodial services) triggers the obligation. Assisting in the transfer of crypto assets (payment processing, transaction facilitation) triggers it. Exchanging crypto for fiat or vice versa triggers it. Operating a crypto trading platform triggers it. Providing custody services triggers it.

Activities that do not trigger AMLA obligations include holding crypto assets on one’s own account (self-custody), mining or validating transactions, developing blockchain software, and providing non-custodial infrastructure services. For DAO foundations and associations that hold treasury assets on their own account (not for clients), AMLA generally does not apply to the treasury management function — though it may apply to specific activities such as grant disbursements structured as financial intermediation.

KYC Obligations

Financial intermediaries must verify customer identity using valid documents at the start of the business relationship. For crypto exchange transactions, the identification threshold is CHF 1,000 — reduced from CHF 5,000 in the 2021 AMLO-FINMA amendment. Transactions within a 30-day period are aggregated for threshold purposes, preventing structuring (breaking a large transaction into smaller ones to avoid identification requirements).

Enhanced due diligence applies to politically exposed persons (PEPs), high-risk countries identified by FATF, complex corporate structures, and unusual transaction patterns. For crypto-specific scenarios, enhanced due diligence is triggered by transactions involving privacy coins (Monero, Zcash), interactions with mixing services or tumblers, and transfers from unhosted wallets where the beneficial owner cannot be identified.

Travel Rule Implementation

Switzerland implements the FATF Travel Rule for crypto asset transfers. Financial intermediaries must collect and transmit originator and beneficiary information for crypto transfers exceeding CHF 1,000. The information must include the originator’s name, account number (wallet address), and address or national identity number, plus the beneficiary’s name and account number.

For transfers between Swiss-regulated intermediaries, the Travel Rule functions similarly to traditional SWIFT messaging — originator information accompanies the transaction. For transfers involving unhosted wallets (self-custodied wallets not held at a regulated intermediary), Swiss intermediaries must conduct reasonable measures to identify the wallet owner. If the wallet owner cannot be identified, the intermediary must conduct a risk assessment and may decline the transaction if AML risk is elevated.

The practical challenge lies in cross-border transfers where the counterpart jurisdiction may not implement the Travel Rule equivalently. Switzerland’s approach is pragmatic: FINMA expects reasonable compliance efforts calibrated to the specific risk profile of each transaction, rather than absolute prohibition of transfers where perfect Travel Rule compliance is impossible.

Self-Regulatory Organizations (SROs)

Swiss crypto companies that qualify as financial intermediaries but do not hold a FINMA banking or securities firm license must join a recognized Self-Regulatory Organization (SRO). SROs are private bodies recognized by FINMA to supervise their members’ AML compliance. The principal SROs relevant to crypto companies include VQF (Financial Services Standards Association), PolyReg, and SRO-SVV.

SRO membership requires adherence to the SRO’s AML rules, which must meet FINMA’s minimum standards. SRO members are subject to periodic audits by SRO-appointed auditors who verify AML compliance including customer identification procedures, transaction monitoring systems, suspicious activity reporting, and record-keeping practices. Currently 15 SROs are active in Switzerland, providing structured AML oversight for non-bank financial intermediaries.

2025 Regulatory Overhaul

The 2025 regulatory overhaul introduced a central beneficial ownership (UBO) register in Switzerland — a significant departure from the country’s tradition of privacy in financial matters. The UBO register requires legal entities to identify and register their ultimate beneficial owners, with the information accessible to regulatory authorities and financial intermediaries conducting due diligence.

For Crypto Valley companies, the UBO register introduces new compliance obligations. Companies must identify beneficial owners at the 25% threshold (directly or indirectly controlling 25% or more of voting rights or capital), register this information with the central registry, and update it within 30 days of any change. Failure to comply carries fines and potential criminal sanctions.

Enforcement intensity has increased correspondingly. FINMA reported 235 investigations relating to unauthorized acceptance of public deposits and 232 investigations into unauthorized financial intermediation in its most recent enforcement report. Total fines exceeded CHF 100 million. Notable enforcement actions include proceedings against the Dohrnii Foundation for unlicensed securities and banking activities — demonstrating that crypto foundations are not exempt from enforcement.

Beneficial Ownership Verification

Since 2023, Swiss financial intermediaries must not only establish but actively verify the identity of ultimate beneficial owners (UBOs). This enhanced requirement goes beyond the traditional declaratory approach where clients simply declared their beneficial ownership status. Verification requires intermediaries to obtain corroborating documentation — corporate registers, shareholder lists, trust deeds, or other evidence confirming the declared beneficial ownership structure.

For crypto-specific structures, UBO verification presents unique challenges. DAO foundations may have complex governance structures where beneficial ownership is distributed across token holders. Swiss associations used as DAO wrappers may have membership structures that change dynamically as tokens are traded. Financial intermediaries serving these entities must develop verification methodologies adapted to decentralized governance — an area where regulatory guidance remains limited and practical approaches are still being standardized.

Client data must be kept current through regular, risk-based reviews. High-risk clients (PEPs, complex corporate structures, clients from high-risk jurisdictions) require more frequent reviews — typically annually. Standard-risk clients are reviewed every three to five years or when a triggering event occurs (change in corporate structure, unusual transaction activity, adverse media screening results).

Stablecoin-Specific AML Obligations

FINMA Guidance 06/2024 introduced enhanced AML requirements specifically for stablecoin issuers. Because stablecoins are intended as payment instruments, FINMA considers them to present elevated money laundering, terrorist financing, and sanctions circumvention risks compared to other token categories. Stablecoin issuers are classified as financial intermediaries for AML purposes regardless of their other regulatory status.

Stablecoin issuers must identify all token holders — not merely the initial purchasers but subsequent acquirers through secondary market trading. This “know-your-holder” obligation requires technical and contractual transmission restrictions that prevent anonymous holding. In practice, this means that fully permissionless stablecoins — where any wallet can hold the token without identification — face regulatory challenges under the Swiss framework. Sygnum Bank’s DCHF stablecoin, which restricts access to identified institutional clients, satisfies this requirement by design.

The AML obligations for stablecoin issuers extend to the stablecoin regulation guidance framework, which requires bank guarantees, reserve management standards, and customer protection provisions that interact with AML compliance. A stablecoin issuer’s AML program must be designed to address the specific risks identified in Guidance 06/2024, including the risk that stablecoins facilitate cross-border value transfer outside traditional banking channels.

CARF Implementation — Crypto Asset Reporting Framework

Switzerland will implement the OECD Crypto-Asset Reporting Framework (CARF) effective January 1, 2026. CARF establishes automatic exchange of tax-relevant information on crypto-asset transactions between participating jurisdictions — analogous to the Common Reporting Standard (CRS) for traditional financial accounts but adapted for digital assets.

Under CARF, Swiss crypto platforms (exchanges, custodians, brokers) must collect and report customer transaction data to Swiss tax authorities. This data is then shared with tax authorities in the customer’s jurisdiction of residence through automatic information exchange agreements. The reportable information includes the type and amount of crypto assets transacted, the consideration received, the number and type of transactions, and the customer’s identifying information.

For Crypto Valley companies, CARF implementation requires significant infrastructure investment. Platforms must develop systems to capture, validate, and report transaction data in the format specified by the OECD. They must also implement procedures to identify the tax residence of their customers, which may require additional KYC data collection beyond current AML requirements. The interaction between CARF reporting obligations and existing AML data collection creates opportunities for operational efficiency — but also data protection considerations under the Swiss Federal Act on Data Protection (nFADP) and the DLT Act’s data privacy provisions.

Transaction Monitoring and Suspicious Activity Reporting

Swiss financial intermediaries must monitor all transactions for suspicious activity. The monitoring obligation is risk-based: higher-risk clients, transaction types, and jurisdictions require more intensive monitoring. For crypto operations, this includes monitoring for patterns indicative of money laundering such as rapid cycling of crypto through multiple wallets, transactions involving mixing services or tumblers, and transfers to or from jurisdictions identified as high-risk by FATF.

Enhanced monitoring applies to all transactions above CHF 10,000. Financial intermediaries must clarify the background of unusual transactions and document their findings. The documentation must be retained for at least ten years after the end of the business relationship, ensuring a complete audit trail for regulatory examination.

Suspicious activity must be reported to MROS (Money Laundering Reporting Office Switzerland) immediately upon suspicion. The reporting obligation is absolute — there is no de minimis threshold, and the intermediary cannot conduct its own investigation to confirm suspicion before reporting. False positives are expected and tolerated; failure to report genuine suspicious activity carries criminal penalties.

MROS serves as Switzerland’s Financial Intelligence Unit (FIU), receiving and analyzing suspicious activity reports from all financial intermediaries including crypto companies. In recent years, MROS has received increasing volumes of crypto-related reports, reflecting both the growth of the Swiss crypto sector and the maturation of monitoring systems at crypto companies. MROS analysis may result in referrals to cantonal criminal prosecution authorities or to FINMA for regulatory action.

FATF Alignment and Mutual Evaluations

Switzerland has implemented FATF recommendations for virtual assets, including the Travel Rule, customer due diligence requirements, and risk-based supervision. FATF’s mutual evaluation of Switzerland highlighted areas of focus including strengthening due diligence controls for complex financial products, combating professional enablers of money laundering, and ensuring that sanctions are effective and proportionate.

Switzerland follows FATF’s risk-based approach to virtual asset regulation, meaning that the intensity of AML measures is calibrated to the risk profile of specific activities, customers, and transaction patterns. This approach allows lower-risk activities (such as non-custodial wallet provision) to face lighter AML obligations while concentrating regulatory resources on higher-risk activities (such as custodial exchange services serving anonymous or pseudonymous users).

The risk-based approach is codified in FINMA’s AMLO-FINMA ordinance, which requires financial intermediaries to conduct risk assessments at the institutional level (overall business risk), the client level (individual client risk profiles), and the transaction level (specific transaction risk indicators). The risk assessment methodology must be documented, regularly updated, and available for FINMA examination.

Impact on Crypto Valley Institutional Development

Switzerland’s comprehensive AML/KYC framework, while imposing compliance costs on crypto companies, has been instrumental in attracting institutional capital to Crypto Valley. Pension funds, insurance companies, and sovereign wealth funds require regulated counterparties with robust AML controls before committing assets to digital asset strategies. The $593 billion Crypto Valley ecosystem and its 17 unicorns exist in large part because Switzerland’s AML framework provides the institutional credibility that enables these capital flows. Sygnum Bank and AMINA Bank implement bank-grade AML controls that satisfy the compliance requirements of institutional investors, while the CMTA Token Standard incorporates KYC gates and transfer restriction modules that enable compliant tokenization at the smart contract level.

For the token classification framework that determines which tokens trigger AML obligations, see our FINMA token classification analysis. For the DLT Act provisions governing custody and segregation relevant to AML compliance, see our DLT Act analysis. For entity profiles of SROs and compliance service providers, visit Crypto Valley. For DAO governance implications of AML compliance, explore our governance section. For enforcement statistics, see our FINMA enforcement dashboard. For the latest Swiss AML regulatory developments, consult FINMA’s official documentation.