The Financial Technology Law Review: Switzerland

Overview

The approach taken in Switzerland to fintech continues to be a supportive and positive one, both by the government and by the ecosystem. The existing rules are applied in a way that enables a lively fintech scene to grow. Furthermore, rules were and are about to be changed to enable, for example, crowdfunding to operate more effectively, banks to do a fully digital onboarding of clients and financial institutions to experiment with new business models. The Swiss Financial Markets Supervisory Authority (FINMA) set up a special fintech desk and declared that it intends to structure regulation in a technology-neutral way. The Swiss government initiated a crypto initiative and set up a working group for blockchain and initial coin offering (ICOs) in January 2018, which led to a comprehensive report in December 2018. This in turn led to a proposal for a new act (the Distributed Ledger Technology (DLT) Act), the first part of which became effective on 1 February 2021 and the second part became effective on 1 August 2021. For example, in the canton of Zug, even taxes can be paid in Bitcoin.

A summary of the regulatory framework in force today can be found on FINMA's website.2 Regular updates on developments are available on the FinTech News website.3

The regulatory framework (equally applicable to all financial service providers in Switzerland) is particularly based on the Federal Act on Banks and Savings (the Banking Act), the new Financial Institutions Act (FIA, which became effective on 1 January 2020), the Anti-Money Laundering Act (AMLA), the Collective Investment Schemes Act (CISA) and the Financial Market Infrastructure Act (FMIA). In addition, provisions of the Federal Act on Data Protection (FADP), the Consumer Credit Act (CCA) or the Federal Act against Unfair Competition (UCA) may be applicable. FINMA and the Swiss federal government have on various occasions emphasised that they regard innovation as key for the Swiss financial centre and encourage digitalisation as well as technological advancements. FINMA holds regular fintech round tables and has designated a team as a fintech desk to be the contact point for fintech companies; however, it also set up a dedicated fintech team in its enforcement department and initiated a number of investigations, in particular against certain ICOs suspected of not complying with the law. In February 2022, the Swiss Finance Department issued a special report, 'Digital Finance: Areas of Action 2022+', in which it outlines how it intends to further improve the regulatory environment for fintech companies.

There is no separate tax law system applicable to fintech companies in Switzerland. Fintech projects and investments in digital currencies and tokens are therefore taxed like any other traditional investment vehicle. However, the tax administration declared that, for example, Bitcoin will be treated like a foreign currency for tax purposes, so that no value added tax is levied. On 27 August 2019, the Federal Tax Administration published a working paper outlining tax treatment of cryptocurrencies and ICOs, which provides a good overview of tax treatment of token, and, on 19 June 2020, it published a report on potential changes to the tax laws.4 On 14 December 2021, another working paper was published by the Federal Tax Administration outlining the basis on which cryptocurrencies and newly issued tokens will be taxed. Cantonal tax administrations have also published a number of guidelines on how cryptocurrencies are treated for tax purposes. As the Swiss tax authorities are willing to issue tax rulings, fintech projects can obtain a ruling and thereafter operate with certainty of the tax regime applicable to them.

Overall, Switzerland can be considered as a very fintech-friendly jurisdiction, despite the fact that only limited fintech-specific regulations or tax regimes exists. Many fintech start-ups and projects show that the legal environment is considered as advantageous. This is further supported by a growing infrastructure such as crypto brokers and exchange projects as well as two dedicated Swiss 'crypto banks' that acquired a banking licence in August 2019. Furthermore, a number of private initiatives support this ecosystem: (1) the Swiss Bankers Association issuing guidelines for the opening of bank accounts for crypto projects; (2) the Swiss Blockchain Federation issuing circulars to establish a 'best practice' (e.g., on tokenisation of equity); (3) Swiss Fintech Innovations publishing a common application programming interface (API) standard; and (4) the Swiss Capital Markets and Technology Association publishing standards and templates for, among other things, the tokenisation of assets. The strategy paper published by the Swiss government on 11 September 2020 for a 'Digital Switzerland'5 shows that government support is continuing and is also the basis for the most recent report.

Regulation

i Licensing and marketing

Under Swiss law, no specific fintech licence exists at present, as Swiss regulation is technology-neutral and principle-based. Nonetheless, a fintech company may be subject to licence or ongoing compliance and reporting obligations. Some forms of financial business activities are prudentially supervised by FINMA on an ongoing basis and require a licence granted by FINMA, while others only have to join one of Switzerland's self-regulatory organisations that were set up to ensure compliance with anti-money laundering (AML) requirements. The regulations of these self-regulatory organisations (SROs) are recognised by FINMA as a minimum standard for AML compliance.

Depending on their business model, fintech companies are particularly likely to fall within the scope of the Banking Act, the FIA and the AMLA.

Banking Act

According to the Swiss Banking Act, anyone who accepts 'deposits from the public on a commercial basis' is subject to banking licence requirements.6 This is the case if either:

  1. deposits of more than 20 investors are actually held; or
  2. the person or entity publicly announces to a non-limited number of persons that it is willing to accept these funds (regardless of the final actual number of investors).

Thus, fintech companies that accept or raise funds stemming from the public, such as crowdfunding or ICOs, may fall under bank licence requirements. Bond issues do not qualify as deposits, neither do capital contributions that do not entail a repayment obligation, which is why ICOs are possible – under certain conditions – under Swiss law.

To better accommodate Swiss fintech projects, in 2017 the Swiss government (the Federal Council) amended the Ordinance on Banks and Savings Banks (the Banking Ordinance) to include exemptions from the requirement to obtain a licence. As from 1 August 2017, the holding of client funds (of more than 20 investors and for a period longer than 60 days) no longer triggers banking licensing requirements (as it is no longer deemed to meet the requirement of being 'on a commercial basis') if certain requirements are met:

  1. the funds do not at any time exceed 1 million Swiss francs;
  2. the funds are neither reinvested nor interest-bearing (with exceptions); and
  3. the depositors have been informed in writing or otherwise in text form prior to making the deposits that their funds are not covered by the Swiss depositors protection regime and that the institution is not supervised by FINMA.

With regard to point (a), the threshold will be calculated on the basis of the aggregate deposits held at any given period.

In addition, funds on settlement accounts may be held for 60 days (previously only seven days) if they are not interest-bearing.7 This provision in particular aims to allow crowdfunding companies to hold assets for a longer period without requiring a banking licence.

Furthermore, on 1 January 2019, a special licence was introduced: undertakings accepting deposits from the public of up to 100 million Swiss francs (including, in the future, crypto-based assets), but not paying interest on these deposits, may qualify for a 'banking licence light', a licence that subjects these undertaking to less stringent rules than the rules applicable to banks.8 This new licence is often referred to as a 'fintech-licence', although it is not only available to fintechs.

FIA

A licence from FINMA is required in order to act as a securities house.9 A securities house is any natural person or legal entity or partnership that, on a commercial basis:

  1. trades in securities in its own name for the account of clients;
  2. trades in securities for its own account on a short-term basis, operates primarily on the financial market and:
    • could thereby jeopardise the proper functioning of the financial market; or
    • is a member of a trading venue; or
  3. trades in securities for its own account on a short-term basis and publicly quotes prices for individual securities upon request or on an ongoing basis (market maker).10

The term 'securities' is now defined in the FMIA and means, in accordance with Article 2, Letter b of the FMIA, 'standardised certificated and uncertificated securities, derivatives and intermediated securities, which are suitable for mass trading'. Further clarification is provided by Article 2 of the Ordinance on Financial Market Infrastructures and Market Conduct in Securities and Derivatives Trading, which states in Paragraph 1:

Securities suitable for mass standardised trading encompass certificated and uncertificated securities, derivatives, and intermediated securities which are publicly offered for sale in the same structure and denomination or are placed with more than 20 clients, insofar as they have not been created especially for individual counterparties.

Therefore, for trading tokens it is relevant whether these are qualified as securities within the meaning of the FIA and FMIA (see below, on ICOs).

AMLA

Even if neither a banking nor a securities house licence is required, AML regulations and provisions may apply. Swiss AML regulations apply to institutions that are considered per se as financial intermediaries (e.g., banks, securities houses, fund management companies and insurance companies) and institutions that engage in a 'financial intermediary activity' (e.g., asset managers and investment advisers with power of attorney). If a fintech company is engaged in financial intermediary activity, it is required to join a recognised Swiss AML SRO or submit to direct supervision by FINMA on AML matters, and needs to comply with the applicable AML duties (such as identification of customers and establishment of beneficial ownership). Under Article 4, Paragraph 1, Letter b of the revised AML Ordinance (effective since 1 August 2021), it may be sufficient to qualify as a financial intermediary if a person helps to transfer virtual currencies to third parties, if that person has an ongoing business relationship with the counterparty. Some of the AML duties entail sanctioning provisions under criminal law, and these provisions are equally applicable to fintech companies. In its Supervisory Notification 02/2019 of 26 August 2019, FINMA held that token transfers require identification of the recipient and its beneficial owner, without a minimum threshold applying. Switzerland has, therefore, one of the strictest AML regimes for token transfers.

Further rules

Fintech companies may market their products and services under the same rules as established financial service providers. Restrictions apply, in particular, if a company looks for funds and contacts more than 20 potential investors (see Section II.i).

If an institution were to set up an automated digital advisory in Switzerland, the same licence requirements would apply as for any other institution offering non-digital advisory services. A 'pure' investment advisory without any power of attorney over clients' accounts is not subject to licence requirements (but is subject to behavioural rules similar to the Markets in Financial Instruments Directive under the new Financial Services Act (FinSA) that became effective on 1 January 2020). Investment advisory with a power of attorney has also required a licence under the FIA since 1 January 2020.

Credit information services may be provided subject to the FADP; under current Swiss law, this Act applies not only to persons but also to legal entities, so that any information about corporate credit ratings may fall under the scope of the Act. The Act is about to be changed and will no longer apply to legal entities in the future; the changes are expected to become effective in the second half of 2022.

ii Cross-border issues

As Switzerland is not a member of the European Union, regulated or licensed activities may not be passported into Switzerland. Holding a licence abroad may sometimes make a licensing process in Switzerland more cumbersome, as FINMA may reach out to the foreign authority to find an agreement on consolidated supervision, which may prove to be a lengthier process.

Companies that provide services to clients in Switzerland on a pure cross-border basis (cross-border inbound) without physical presence may require a licence in certain instances. The distribution of collective investment schemes is permitted only if done by reverse solicitation, namely, on the initiative of the investor itself. The same applies with respect to insurance products. Both collective investment schemes and insurance products are subject to strict rules on marketing. Under the FinSA, client advisers of foreign financial intermediaries may only become active in Switzerland if they are registered in the Swiss client advisers register.

A service provider is deemed to have physical presence in Switzerland if it has a branch or similar formal presence in Swiss territory or the presence of individual persons in Swiss territory on a permanent basis who are employed or mandated by licensee to act on its behalf. The term 'on a permanent basis' means having individuals permanently on the ground in Switzerland or individuals who frequently travel to Switzerland for the purpose of carrying out sales or marketing activities in Switzerland. FINMA has not published guidance on what constitutes frequent travel; whether travel is frequent is assessed by evaluating all relevant facts and circumstances (i.e., frequency of travel, number of persons travelling to Switzerland, etc.). FINMA has substantial discretion when assessing whether physical presence is established in Switzerland.

There are currently no Swiss laws of general application prohibiting or subjecting to prior approval foreign investments in Switzerland (parliament is discussing introducing such rules in the future). Therefore, foreign investors do not generally need formal approval for their investments in Switzerland and no special governmental authority monitors them. Foreign investments in certain regulated industries might require governmental permission. If foreign nationals have a controlling influence on a bank, a securities trader or certain other prudentially supervised entities active in the financial sector (a finance company), the granting of a respective licence by FINMA is subject to certain additional requirements. Investment restrictions also apply to the acquisition of residential (but not commercial) real estate in Switzerland by foreign or foreign-controlled persons and under the Telecommunications Act for radio communication licences, under the Nuclear Act for nuclear power plants, under the Radio and Television Act for broadcasting licences and under the Aviation Act for the professional transport of passengers or goods.

Switzerland does not have currency controls in place. Hence, both investments and repatriation of capital and profits are possible.

Digital identity and onboarding

There is currently no generally recognised digital identity in Switzerland. However, various efforts have been undertaken to raise digital awareness in Switzerland and to introduce a generally recognised digital identity. The Federal Act on Electronic Identification Services required private providers (supervised by the federal administration) to issue recognised digital identities; however, the Act was rejected in a public vote on 7 March 2021. The Federal Administration is currently preparing a revised project. Although, on 22 November 2017, two private project groups (one from Swiss Federal Railways and the postal service, Swiss Post; the other from the former state telecoms company and two major banks, UBS and Credit Suisse) announced that they will join forces and set up a private provider under the name of Swiss-Sign, this has not yet led to the establishment of a broadly accepted Swiss e-ID.

Switzerland has recognised for some time that an electronic signature guarantees the authenticity of a document, a message or other electronic data and ensures the identity of the signatory.

Since 2016, financial service providers have been able to carry out fully digitised onboarding of clients in accordance with FINMA Circular 2016/7 'Video and Online Identification', which entered into force on 18 March 2016 and stipulates AML requirements with regard to the onboarding process of clients via digital channels. The Circular applies directly to financial intermediaries. Subject to adherence to specific requirements, financial intermediaries may onboard clients by means of video transmission. The rules were transferred into the 2020 edition of the Swiss Bankers Association's due diligence rules.

Digital markets, payment services and funding

i Collective investment schemes

Collective investment schemes governed by the CISA are assets raised from investors for the purpose of collective investment, which are managed for the account of the investors, whereby the investment requirements of the investors are met on an equal basis.11 Open-ended collective investment schemes are organised under company or contract law; closed schemes are organised under company law only. No licence is required for a collective investment scheme in the form of a limited stock company if it is either listed or if only qualified investors participate.

ii Crowdfunding

Under Swiss law, crowdfunding is permitted and does not per se trigger a licence requirement. However, if crowdfunding includes 'assets raised from investors for the purpose of collective investment' and these crowdfunding assets are managed for the account of the investors (by a third party), subject to equal treatment provisions, they would qualify as collective investment scheme within the meaning of the CISA. In this case, the respective requirements according to the CISA would have to be adhered to.

iii Crowd-lending

Crowd-lending, also known as peer-to-peer lending, is not per se regulated. However, depending on its specific set-up, it may fall within the scope of the Banking Act, the FIA, the AMLA, etc. In addition, a consumer credit agreement is a contract whereby a creditor grants or promises to grant credit (not exceeding 80,000 Swiss francs) to a consumer in the form of a deferred payment, a loan or other similar financial accommodation.12 In general, the CCA will be applicable to crowd-lending activities if the counterparty were to qualify as a consumer. In this case, the respective rules of the CCA would have to be adhered to; for example, the maximum interest possible for consumer credits currently amounts to 10 per cent.13

Platforms providing crowdfunding and crowd-lending services do not require a licence if the investors' funds are directly sent to the projects (i.e., not through the platform). If funds are sent via platform accounts, this can only be done without a banking licence if the account is non-interest bearing, the funds are kept no longer than 60 days on the account and the client is informed that the platform does not hold a licence. The platform will need to register as a financial intermediary with an SRO and to comply with AML obligations.

Even the project developer may qualify as a bank if it accepts more than 20 loans and the amount exceeds 1 million Swiss francs.

Loans can be traded on secondary markets, subject to compliance with AML laws. However, the transfer of a loan requires either transfer of the contract or assignment of the claim. Assignment of claims can only be done in writing; in other words, with a handwritten (or electronic) signature of the assignor (special rules apply to DLT tokens).

iv Payment systems

Payment systems only require a licence from FINMA if they are deemed relevant for the proper functioning of the financial market or for the protection of financial market participants and if the payment system is not operated by a bank.14 As a rule, payment systems are not deemed relevant and can be operated without a licence; however, in the case of Facebook's now abandoned Libra (later Diem) project, for example, FINMA stated that it considered the project as a relevant system requiring a licence. To be eligible for a FINMA licence as a payment system, certain requirements have to be met; for example, the applicant must be a legal entity under Swiss law and have its registered office and head office in Switzerland,15 provide a guarantee of irreproachable business conduct,16 the minimum capital of the applicant must be fully paid in17 and the applicant must possess appropriate IT systems.18

Switzerland, not being a member of the European Economic Area, decided not to implement the second EU Payment Services Directive. This means that there is no harmonisation of interfaces and no obligation on Swiss banks to grant general access to accounts to third-party payment service providers (however, the private association Swiss Fintech Innovations, supported mainly by banks and insurance companies, has published a common API standard). As banking services in Switzerland are often cross-border, it is expected that many banks will soon provide open access to account interfaces upon client request.

v Digital marketplaces

There are a number of projects to set up digital marketplaces in Switzerland. To date, digital marketplaces exist only for payment tokens, not for security tokens. However, the main Swiss exchange, SIX, recently obtained a licence for a digital exchange (SDX). The Nasdaq-listed Swiss company Smart Valor operates a digital exchange from Liechtenstein.

Under the new DLT Act, the FMIA was amended to introduce a special licensing category for trading systems for DLT securities. These DLT trading systems may offer direct access to individuals (and not only to licensed entities) and have the right to offer not only trading, but also central depositary and payment system services (but may not act as a central counterparty). No licences have been granted to date.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

Switzerland only has limited specific regulations for blockchain technology. Blockchain projects fall under the regulatory regimes of the industries they are applied to, such as the finance industry. Cryptocurrencies caught the attention of the Swiss regulator early: in June 2014, FINMA published a fact-sheet on Bitcoin and confirmed that Bitcoins qualify as currency (i.e., that payments with Bitcoin do not require a licence). Soon after, Switzerland, and in particular the 'Crypto Valley' in the canton of Zug, established itself as one of the world's hubs for ICOs, in particular through the Ethereum ICO, which took place between July and September 2014. Thereafter, there were a number of high-profile ICOs that caught the attention of the fintech world. At the time, FINMA did not provide specific guidance, although its fintech desk was willing to grant negative clearance to submitted projects.

On 16 February 2018, FINMA published the 'Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs)' (the ICO Guidelines), wherein it describes in some detail how it deals with the supervisory and regulatory framework for ICOs under Swiss law. It does so by outlining the principles on which it will base its response to specific enquiries, and by providing a checklist of information required to be submitted in an application for negative clearance. These ICO Guidelines are still in force and available electronically on the FINMA website, and were amended on 11 September 2019 to more specifically address stablecoins.19 The ICO Guidelines provide some guidance on regulatory matters but do not deal with issues of civil or criminal law. Hence, specific legal advice continues to be needed for any ICO or security token offering (STO).

A key message given by the ICO Guidelines is that FINMA continues to be ready to review ICOs and STOs and to give negative clearance as far as regulatory aspects are concerned. When reviewing a project, FINMA will consider, among other things, not only the investor categories that an ICO targets, compliance with AML regulations, and the functionalities of the token generated including the rights it confers to the investor, but also the technologies used (distributed ledger technologies, open source, etc.), technical standards (such as Ethereum ERC20) and the wallets and technical standards for token transfer.

FINMA distinguishes three token categories:

  1. payment tokens (i.e., cryptocurrencies), which are intended to be used as a means of payment and do not grant any claims against the issuer of the token;
  2. utility tokens, which grant access to an application or service; and
  3. asset tokens, which represent assets such as a debt or equity claim against the issuer, or that enable physical assets to be traded on the blockchain.

If a token combines functions of more than one of these categories, it is considered a hybrid token and has to comply with the requirements of all categories concerned.

To assess whether tokens qualify as securities under Swiss law, FINMA applies the general definition from the FMIA. For the time being, FINMA will not consider payment tokens to be securities; utility tokens will only be considered securities if they have an investment purpose at the point of issue. Asset tokens will be considered as securities.

FINMA confirms that the creation of uncertificated securities and their public offering are not regulated, unless they qualify as derivative products. However, underwriting and offering (in a professional capacity) security tokens of third parties publicly on the primary market is a licensed activity. Furthermore, the issuing of tokens that are similar to bonds or shares may trigger prospectus requirements.

FINMA confirms that the issuing of tokens will not qualify as deposits; in other words, it does not require a banking licence unless the tokens grant claims with debt capital character against the issuer (FINMA took action against Envion for that reason). Collective investment schemes regulations may apply if the funds received by an ICO are managed by third parties.

Issuing payment tokens will trigger the application of the AMLA provisions if the tokens can be transferred technically on a blockchain infrastructure. Issuing utility tokens will not trigger this application, as long as their main purpose is providing access to a non-financial application of the blockchain technology. Asset tokens are not deemed a means of payment under the AMLA. FINMA clarifies that the application of the AMLA will not only be triggered by an exchange of a cryptocurrency against a fiat currency, but also by an exchange against a different cryptocurrency.

Rights granted in the presale phase are considered as securities by FINMA if they are standardised and suitable for mass standardised trading. If so, they are not subject to AML regulations.

There are not yet any general guidelines for non-fungible tokens (NFTs); however, the Swiss postal office issued a stamp as an NFT in November 2021.

There are numerous private initiatives to provide market guidance and to establish standards. On 8 January 2018, the Crypto Valley Association, an independent government-supported association established to support fintech institutions in the canton of Zug, published a General Code of Conduct that aims to subject its members to a minimum standard with regard to transparency and information when conducting an ICO. On 21 September 2018, the Swiss Bankers Association published guidelines on the opening of corporate accounts for blockchain companies (with and without ICOs), which aim to promote a diverse fintech ecosystem, at the same time securing the integrity of the Swiss financial market. To further the tokenisation of assets, both the Crypto Valley Association (on 15 December 2019) and the Capital Markets and Technology Association (in October 2018, thereafter again in 2021 on tokenisation of assets) published guidance papers on asset and share tokenisation. Further papers are published on a regular basis in the form of circulars by the Swiss Blockchain Federation. One of the key aspects of these was whether security tokens can be validly transferred on the blockchain. Legal certainty on this and other aspects was provided by the DLT Act, which stipulates that shares and bonds can be issued in tokenised form and that tokens can be transferred on the blockchain. Other assets, such as real estate, are usually held by a special purpose vehicle that issues the token.

There is no separate tax regime applicable to digital currencies and tokens. Cryptocurrencies and tokens are therefore taxed like any other traditional investment vehicle. However, on most tokens, no VAT, no issuing tax and no withholding tax is levied when the token is issued, subject to certain exceptions. Swiss residents do not pay taxes on capital gains of privately held assets.

Tokens may be offered to Swiss residents from outside Switzerland, but are subject to similar requirements as applicable to tokens issued in Switzerland; namely, they may not qualify as derivative products, security tokens may not be offered by a third party in a professional capacity and tokens that are similar to bonds or shares may trigger prospectus requirements.

Other new business models

Self-executing contracts are generally permitted by Swiss law as long as the essential terms and conditions of the contract are agreed upon by both parties. Fully automated investment processes such as robo-advisers are not per se prohibited by Swiss law as long as the clients concerned are informed and agreed, respectively.

Artificial intelligence (AI) projects are not separately regulated and they need to comply with the regulations applicable to the actual project. In addition to data protection and confidentiality issues regarding the access to data to train self-learning systems, a focus of the current discussion is on compliance and liability; various compliance rules stipulate that a regulated entity must be aware of and control its decision parameters (e.g., risk management), which may be difficult in the case of deep learning systems. Furthermore, liability issues are unsolved in the case of non-controlled deep learning through neural networks. The government set up a working group to study AI issues, and a report was issued on 13 December 2019, which led to certain guidelines for the Federal Administration but no legislative proposals.20 A number of insurance companies are experimenting with new insurtech products; for example, in the field of claims management, customer handling or AI applications in risk assessment. The international Blockchain Insurance Industry Initiative (B3i) is domiciled in Zurich.

Intellectual property and data protection

Fintech and software may be protected under patent law or copyright law, depending on the specific details of the technology or software. Unlike in the EU, there is no specific protection of the creator's rights in a database. However, databases and software may be protected under copyright law, if and to the extent they are intellectual creations with individual character with regard to their selection and arrangement. To qualify for patent law protection, a technology or software must be an invention that is new and applicable in the industry and that solves a technical problem (which is usually not the case in standard software). A technical reproduction process of someone else's market-ready work is prohibited.21

If an employee creates a computer program in the course of discharging professional duties or fulfilling contractual obligations, the employer alone shall be entitled to exercise the exclusive rights of use. Inventions and designs produced by the employee alone or in collaboration with others in the course of his or her work for the employer and in the performance of his or her contractual obligations belong to the employer, whether or not they may be protected. By written agreement, the employer may reserve the right to acquire inventions and designs produced by the employee in the course of his or her work for the employer but not in the performance of his or her contractual obligations. Business models, as a rule, cannot be subject to intellectual property rights under Swiss law.

Under the current Swiss Data Protection Act, protected data are not only data relating to persons but equally data relating to legal entities. Personal data must be protected against unauthorised processing by adequate technical and organisational measures. Processing of data is any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data. Thus, merely providing information or comparing products on a website may fall within the scope of Swiss data protection law (unless the data are public). In addition, such a comparison may be considered unfair under the UCA if the services, prices or business situation were reduced by incorrect, misleading or unnecessarily infringing statements. The storage of personal data on a server in Switzerland may be sufficient to trigger application of Swiss data protection law.

Digital profiling may be considered as a personality profile or even include sensitive personal data within the meaning of the Data Protection Act; in other words, a collection of data that permits an assessment of essential characteristics of the personality of a natural person. Consent must be expressly given before processing this data, and personality profiles (and sensitive personal data) must not be disclosed to a third party without justification. In addition, the data processor must inform the person concerned of:

  1. the controller of the data file;
  2. the purpose of the processing; and
  3. the categories of data recipients (if disclosure were planned).

The Swiss Data Protection Act is under review; a new Data Protection Act (more aligned but not identical to the EU General Data Protection Regulation (GDPR)) was approved by parliament on 25 September 2020 and will most likely become effective in the second half of 2022.

Year in review

Once again, the past 18 months have been an intense period for Swiss fintech regulation.

The ICO boom of 2017 is history, the 2018 infrastructure projects (crypto brokers, trading places, wallet and storage providers) matured, and 2019 was expected to be the year of STOs. However, this was delayed and has not (yet) happened. Facebook's Libra project, which intended to issue a stablecoin based on a basket of currencies through an association based in Geneva, was subject to criticism from abroad; Facebook first changed it into the less ambitious Diem project and then sold all related assets to a bank.

After the first two banking licences were issued to crypto banks in Switzerland (SEBA and Sygnum) in August 2019, both banks started to build up their business, offering various crypto-based products. An additional application by Bitcoin Suisse was delayed and abandoned by the applicant. Two 'fintech licences' have been granted and further applications are pending. The major Swiss exchange, SIX, set up its digital exchange, SDX.

On the regulatory side, the dominant story was the new Swiss DLT Act (the Federal Act on the Adaptation of Federal Law to Developments in Distributed Electronic Register Technology), which became effective in two parts: the first on 1 February 2021 and the second on 1 August 2021. The Act does not attempt to set up a comprehensive new regulatory system for cryptoassets, but rather comprises numerous, but in each case limited, changes to existing laws, in particular the Code of Obligations on securities, the Federal Act on Debt Collection and Bankruptcy, the FMIA and others, thereby making the integration of the new rules into the overall legal framework easier.

The DLT Act focuses on security tokens, which are to be regulated as intermediated securities under security law, debt enforcement law and international private law. The Act privileges these tokens in the case of bankruptcy of the wallet holder, thereby limiting the risks to investors. The Act clarifies the legal nature of security tokens under Swiss law, including permitted forms for transferring them, and the use of tokens as collateral.

Furthermore, a new financial market infrastructure, the DLT trading system, was agreed, which may combine the functions of a trading platform, a depositary and a payment system (but not as a central counterparty) (see Section IV.v). Additional rules are provided for banks that accept cryptoassets as deposits.

In the revised FINMA–AML Ordinance (changes initiated in June 2018), additional duties of review were introduced for issuers of means of payment (such as payment tokens); the revised Ordinance became effective on 1 January 2020. In its Supervisory Notification 02/2019 of 26 August 2019, FINMA held that token transfers require identification of the recipient and its beneficial owner, without a minimum threshold applying. Switzerland has, therefore, one of the strictest AML regimes for token transfers.

Finally, as mentioned above, the Swiss government issued its new report, 'Digital Finance: areas of action 2022+', in February 2022, evidencing the government's ongoing commitment to strengthen the Swiss fintech ecosystem.

Outlook and conclusions

The new Data Protection Act (more aligned but not identical to the GDPR) was approved by parliament on 25 September 2020 and will likely become effective in the second half of 2022.

Furthermore, after the rejection of the Federal Act on Electronic Identification Services in a public vote on 7 March 2021, the Federal Administration has been working on a new proposal for a Swiss e-ID; a project for consultation is expected later in 2022.

In the 'Digital Finance: areas of action 2022+' report, various topics are mentioned on which the Swiss government intends to focus. Among others, projects entail regulatory technology and supervisory technology (i.e., the automation of company regulation and supervision of compliance with this). Furthermore, open finance, shared use of data and data protection (cyber security) shall be strengthened. Finally, the use of AI and green tech shall be progressed by, inter alia, the introduction of an innovation platform for the financial sector.

In addition, there continue to be numerous private and public initiatives that focus on establishing a fintech ecosystem in Switzerland. Among others, various private associations, such as the Capital Markets and Technology Association and the Swiss Blockchain Federation, publish papers on a regular basis to establish a market standard. There are also various initiatives at the academic level (e.g., by the Swiss FinTech Innovation Lab at Zurich University, which brings together researchers from banking and finance, business informatics, management and social sciences). Finally, there continue to be numerous initiatives both by start-ups and by established market participants to explore the new opportunities of fintech.

In addition to the above, a focus in 2022 may continue to be the tokenisation of shares, bonds, investment funds and other assets, as well as NFTs. Hence, the environment will remain very dynamic and will continue to be able to rely on industry support, by various associations and by the Swiss and cantonal governments.

Footnotes

1 Thomas A Frick is a partner at Niederer Kraft Frey.

5 www.digitaldialog.swiss/en/actionplan?action_id=.

6 Article 1, Paragraph 2, Banking Act.

7 Article 5, Paragraph 3, Letter c, Banking Ordinance.

8 Article 1a and 1b, Banking Act.

9 Article 2, Paragraph 1, Financial Institutions Act (FIA).

10 Article 41, FIA.

11 Article 7, Paragraph 1, CISA.

12 Article 1, Paragraph 1, Consumer Credit Act (CCA).

13 Article 14, CCA and Article 1, Ordinance on the Consumer Credit.

14 Article 4, FMIA.

15 id., Article 8.

16 id., Article 9.

17 id., Article 12.

18 id., Article 14.

19 www.finma.ch/en/news/2018/02/20180216-mm-ico-wegleitung/ (in four languages: French, German, Italian and English).

21 Article 5, Letter c, Federal Act against Unfair Competition.

The Law Reviews content