FINMA 2024 Enforcement Review — Crypto Sector Investigations & Sanctions

FINMA 2024 Enforcement Review

FINMA’s 2024 enforcement activity demonstrated sustained regulatory intensity across the Swiss blockchain sector. The authority reported 235 investigations relating to unauthorized acceptance of public deposits — a broad category capturing crypto companies that accepted client funds without appropriate licensing. A parallel 232 investigations addressed unauthorized financial intermediation — entities conducting regulated activities (exchange, custody, transfer) without SRO membership or FINMA licensing.

Key Enforcement Actions

The Dohrnii Foundation enforcement represents a landmark case for Swiss-domiciled blockchain foundations. FINMA determined that the foundation’s token offering constituted both unauthorized public deposit-taking and unlicensed securities dealing. The action established that foundation status under Swiss civil law does not provide immunity from financial market regulation — if a foundation’s token activities trigger FINMA classification as securities or deposits, full regulatory compliance is required.

FINMA also pursued multiple enforcement actions against entities operating crypto exchange services from Switzerland without required SRO membership or FINMA licensing. These cases typically involved platforms facilitating crypto-to-fiat exchanges without customer identification procedures meeting the CHF 1,000 threshold established in the 2021 AMLO-FINMA amendment.

Enforcement Trends

Three trends characterize FINMA’s 2024 enforcement approach. First, proactive surveillance: FINMA is increasingly identifying potential violations through market monitoring rather than waiting for complaints. The authority monitors token offerings, exchange platforms, and custody services advertised to Swiss residents, initiating investigations where licensing appears absent.

Second, international cooperation: FINMA coordinates with foreign regulators for cross-border enforcement. Swiss companies serving EU customers without MiCA compliance may face coordinated enforcement from both FINMA and EU national competent authorities. See our Switzerland vs EU MiCA comparison for regulatory overlap analysis.

Third, focus on consumer protection: enforcement actions increasingly target services marketed to retail investors without appropriate risk disclosures, suitability assessments, or AML/KYC compliance. The proposed payment institution and crypto institution licenses will expand the range of activities subject to formal licensing, potentially increasing enforcement scope.

Compliance Implications

For Crypto Valley companies, the enforcement environment demands proactive compliance assessment. Companies should review their activities against FINMA’s token classification framework, ensure SRO membership if conducting financial intermediation, and maintain documented compliance procedures. The cost of voluntary compliance is substantially lower than the cost of enforcement action — which can include license revocation, disgorgement of profits, and criminal referrals.

For DAO governance structures, foundation boards must ensure that token-related activities comply with financial market law. The Dohrnii case demonstrates that foundation governance obligations extend beyond Swiss civil law to encompass financial regulation.

Unauthorized Financial Intermediation Enforcement

The 232 investigations into unauthorized financial intermediation targeted entities conducting regulated activities — crypto exchange, custody, and transfer services — without the required SRO membership or FINMA licensing. Under Swiss law, any entity that professionally holds, exchanges, or transfers crypto assets for third parties qualifies as a financial intermediary subject to AML/KYC obligations. Operating without SRO membership or a FINMA license constitutes a regulatory violation that can result in enforcement proceedings, fines, and criminal referrals.

The typical enforcement profile involves platforms facilitating crypto-to-fiat exchanges without customer identification procedures meeting the CHF 1,000 threshold established in the 2021 AMLO-FINMA amendment. Some platforms operated from Switzerland without any regulatory registration, relying on perceived regulatory ambiguity or the assumption that their operations fell below enforcement thresholds. FINMA’s proactive surveillance increasingly identifies these platforms through market monitoring, advertising surveillance, and international regulatory cooperation.

The enforcement consequences for unauthorized financial intermediation are severe. FINMA can issue cease-and-desist orders, appoint investigating agents to examine the company’s operations, publish enforcement decisions (naming the company and its principals), refer cases to criminal prosecution authorities, and order disgorgement of profits earned through unauthorized activities. The reputational damage from published enforcement decisions is particularly significant in Crypto Valley, where regulatory credibility is a competitive advantage.

DLT Trading Facility Enforcement Context

FINMA’s authorization of Switzerland’s first DLT trading facility represented a landmark in the DLT Act framework. SDX received the first FINMA license as a stock exchange and central securities depository for digital securities. BX Digital received approval in 2025 to operate a blockchain exchange. These authorizations demonstrate that FINMA enforces a clear boundary: entities operating DLT trading facilities without proper authorization face enforcement, while entities that obtain proper licensing operate under regulatory protection and clarity.

The enforcement environment around DLT trading facilities extends beyond the licensed venues themselves. Entities that facilitate trading in tokenized securities without using a licensed DLT trading facility — for example, operating peer-to-peer platforms for trading Registerwertrecht without the required DLT trading facility license — face enforcement risk. The DLT Act created a clear licensing pathway; FINMA expects market participants to use it.

Stablecoin-Related Enforcement

Following FINMA Guidance 06/2024, which clarified that fiat-referenced stablecoins constitute deposits under the Banking Act, FINMA initiated investigations into entities issuing stablecoins or stablecoin-like instruments without banking licenses or bank guarantees. The stablecoin regulation guidance framework created clear compliance requirements; entities that do not meet these requirements face enforcement action.

The enforcement focus on stablecoins reflects FINMA’s assessment that stablecoins present elevated AML risks — money laundering, terrorist financing, and sanctions circumvention — compared to volatile cryptocurrencies. Stablecoin issuers that operate without full AMLA compliance, including the “know-your-holder” obligation requiring identification of all token holders, face dual enforcement risk: both for unauthorized deposit-taking under the Banking Act and for unauthorized financial intermediation under AMLA.

International Cooperation in Enforcement

FINMA’s 2024 enforcement activity demonstrated increasing international cooperation. For Swiss companies serving EU customers, the entry into force of MiCA created a parallel regulatory framework. FINMA coordinates with EU national competent authorities to identify Swiss-domiciled entities that serve EU customers without MiCA compliance. Our Switzerland vs EU MiCA comparison analyzes the regulatory overlap and dual-compliance requirements that create enforcement exposure.

International cooperation extends beyond the EU. FINMA participates in the International Organization of Securities Commissions (IOSCO) and bilateral cooperation agreements with financial regulators in Singapore, Hong Kong, Abu Dhabi, and other jurisdictions where Swiss crypto companies operate. AMINA Bank’s operations in Abu Dhabi (FSRA-regulated) and Hong Kong demonstrate the multi-jurisdictional regulatory landscape that Swiss crypto companies navigate.

The practical implication for Crypto Valley companies: enforcement risk is not limited to Swiss regulatory boundaries. A company licensed by FINMA but operating in foreign markets without appropriate local authorization faces enforcement from both FINMA (for reputational risk to the Swiss financial center) and the foreign regulator (for unauthorized cross-border activity).

Prevention and Compliance Best Practices

FINMA’s enforcement philosophy emphasizes prevention over punishment. The authority provides pre-consultation mechanisms (Vorabklarung) that allow companies to obtain regulatory guidance before committing resources to activities that may require licensing. The pre-consultation process is informal, confidential, and non-binding — but it provides practical guidance that can prevent enforcement actions.

For DAO foundations and associations, the Dohrnii Foundation case established that foundation board members bear personal responsibility for ensuring financial market compliance. Foundation boards must ensure that token-related activities comply with FINMA token classification requirements, that token offerings satisfy prospectus obligations under FinSA, and that financial intermediation activities are covered by appropriate SRO membership or licensing.

Companies should maintain documented compliance procedures covering token classification analysis, AML/KYC policies, transaction monitoring systems, suspicious activity reporting protocols, and regulatory reporting frameworks. These procedures should be reviewed annually (or more frequently for high-risk activities) and updated to reflect regulatory changes — including the proposed payment institution and crypto institution licenses expected to take effect around 2027.

Crypto Foundation Compliance Obligations

The Dohrnii enforcement established that crypto foundations face specific compliance obligations beyond standard Swiss civil law foundation duties. Foundation boards must conduct a FINMA token classification analysis of any tokens issued, held, or distributed by the foundation. If tokens are classified as securities (asset tokens), the foundation must ensure prospectus compliance under FinSA, obtain appropriate FINMA licensing if the issuance constitutes securities dealing, and implement AML/KYC procedures for token distribution.

Foundation boards that authorize token-related activities without conducting this regulatory analysis face dual exposure: civil liability under Swiss foundation law (breach of fiduciary duty) and administrative or criminal liability under financial market law (unauthorized securities dealing, unauthorized deposit-taking). The supervisory authority (ESA) can remove board members who fail to ensure regulatory compliance, and FINMA can pursue independent enforcement against the foundation and its officers. The DLT Act’s framework provides clear compliance pathways for foundations that choose to issue tokenized securities — but the framework requires active engagement, not passive assumption that foundation status provides regulatory shelter.

Enforcement Data and Transparency

FINMA publishes enforcement data in its annual report and through individual enforcement decisions. Published enforcement decisions are available on FINMA’s website and include the entity name, the regulatory violations identified, and the sanctions imposed. This transparency serves a dual purpose: it informs the market about regulatory expectations and consequences, and it provides data for compliance planning.

FINMA’s enforcement transparency extends to “warnings” — public notices identifying entities operating in or from Switzerland without appropriate authorization. These warnings are published on FINMA’s website and serve as a rapid-response mechanism for consumer protection, alerting the public to unauthorized providers before formal enforcement proceedings conclude.

Total fines exceeding CHF 100 million in the 2024-2025 period demonstrate that FINMA’s enforcement capacity has scaled alongside the growth of the Swiss crypto sector.

Forthcoming Enforcement Landscape

The Federal Council’s October 2025 proposal for payment institution and crypto institution licenses will expand the range of regulated activities and therefore the enforcement perimeter. Activities currently supervised through SROs will transition to direct FINMA supervision, increasing enforcement intensity. The proposed reclassification of certain payment tokens as financial instruments will bring additional intermediaries within FINMA’s enforcement scope. Companies operating in Crypto Valley should proactively assess whether their activities will fall within the new license categories and initiate compliance preparations before the new framework takes effect. The OECD’s Crypto-Asset Reporting Framework (CARF), effective January 2026, will provide FINMA and Swiss tax authorities with enhanced transaction data that may inform future enforcement targeting — creating a comprehensive compliance ecosystem where regulatory reporting, AML monitoring, and tax transparency converge.

FINMA’s enforcement approach extends to advertising and marketing. Crypto companies advertising services to Swiss residents without appropriate licensing face enforcement risk even if the company is domiciled outside Switzerland. FINMA monitors digital marketing channels, social media platforms, and search advertising for unauthorized crypto service promotion targeting Swiss consumers — an enforcement dimension that extends FINMA’s territorial reach beyond Swiss borders. This extraterritorial enforcement capability means that offshore crypto service providers advertising to Swiss consumers face regulatory risk from FINMA regardless of their domicile — a principle that reinforces the value of proper Swiss licensing for companies seeking to serve Swiss institutional and retail markets. The intersection of advertising enforcement, AML/KYC compliance monitoring, and the proposed CARF tax reporting framework creates a comprehensive enforcement ecosystem where regulatory monitoring extends across multiple compliance dimensions simultaneously — ensuring that Crypto Valley operates within the regulatory framework that gives the ecosystem its institutional credibility and competitive advantage. As Crypto Valley reached $593 billion in valuation with 1,749 companies and 17 unicorns, FINMA’s enforcement apparatus has expanded to match the sector’s systemic significance.

Cross-Border Enforcement Cooperation

FINMA’s enforcement capabilities extend through bilateral and multilateral cooperation agreements with foreign regulators. Information sharing with the SEC, FCA, BaFin, MAS, and other supervisory authorities enables coordinated enforcement against entities operating across jurisdictions. For Crypto Valley companies with international operations, this cooperative enforcement framework means that regulatory violations detected in one jurisdiction can trigger investigations in Switzerland and vice versa. The Swiss Financial Market Supervisory Authority Act (FINMASA) provides the legal basis for international cooperation, including the sharing of confidential supervisory information with foreign regulators under reciprocity conditions. This cross-border enforcement capacity reinforces the importance of comprehensive compliance programs for companies operating in the $593 billion Crypto Valley ecosystem, where international institutional relationships require regulatory credibility across multiple jurisdictions.

For detailed enforcement data, see our FINMA enforcement dashboard. For the regulatory framework, see Swiss regulation. For entity profiles, visit Crypto Valley. For DAO governance compliance obligations highlighted by enforcement actions, explore our governance section. For DLT Act licensing requirements, see our framework analysis. For external reference, consult FINMA’s enforcement page. Premium subscribers receive early access to enforcement analysis.