On April 2, the Swiss Financial Market Supervisory Authority (FINMA) published its 2019 Annual Report. The Report for the first time integrates FINMA’s Enforcement Report, which previously had been published separately. While it covers all aspects of FINMA’s supervisory and regulatory activity, three elements of the Report are of particular interest from a risk and compliance perspective.
The Report presented the following statistical data regarding FINMA’s 2019 enforcement efforts:
- Investigations: FINMA had 307 open investigations at year-end 2019, which represents a 14 percent decline from 2018 (355) and a 4 percent decline from 2017 (320) (p. 52).
- Enforcement Rulings: FINMA had 48 enforcement rulings in 2019. That represents a nearly 50 percent decline from 2018 (90) and a nearly 30 percent decline from 2017 (67) (p. 52). In addition, because FINMA rulings can be contested in court, there were 37 court rulings in 2019. Of those rulings, FINMA had 84 percent of its enforcement rulings upheld wholly or predominantly (p. 48).
- International Cooperation: FINMA received 337 incoming requests for international assistance from other countries. That total reflects a 10 percent decline from 2018 (371) and a 25 percent decline from 2017 (444). It made 32 outgoing requests regarding enforcement proceedings that it was conducting. That total reflects a 10 percent increase from 2018 (29) and a 23 percent increase from 2017 (26) (p. 52).
Focal Points for Risk-Based Supervision
Consistent with its “risk-based approach to supervision” (p. 6), FINMA stated that “money laundering remains one of the principal risks for FINMA’s supervised institutions and the Swiss financial centre” (p. 28). Another key area of FINMA’s supervision and enforcement activities was the FinTech sector. FINMA reported that it “paid close attention” to Initial Coin Offerings (ICOs) in Switzerland, conducting investigations into approximately 60 ICOs. At more than 10 ICOs, FINMA identified a breach of the AMLA and brought charges against persons responsible. FINMA made entries for eight additional cases on its warning list and initiated enforcement proceedings against three companies (p. 48).
In addition, FINMA “identified an increasing involvement on the part of Swiss providers in secondary market-related financial services in the crypto-area,” which included trading and custody of tokens as well as operation of trading venues and associated support activities. FINMA‘s Enforcement Division conducted investigations into a number of those providers (p. 48).
FINMA also required a number of FinTech companies to comply with measures “to restore compliance with the law” (p. 48). These measures included the repayment of unlawfully received public deposits under the Banking Act and the removal of the word “bank”, or the withdrawal of advertisements, in cases where FINMA had not granted a license. (P. 48)
Finally, in December 2019 FINMA published its first-ever Risk Monitor. The Risk Monitor, which will be published annually every fourth quarter beginning in 2020, provides an overview of the main risks to the financial sector “with a time horizon of up to three years and the corresponding supervisory aims for the year ahead” (p. 28). It identifies six principal risks for its supervised institutions and the Swiss financial center: (1) the persistent low interest-rate environment; (2) a “possible correction on the real estate and mortgage market”; (3) cyberattacks; (4) what FINMA described as “a disorderly abolition of LIBOR benchmark interest rates”; (5) money laundering; and (6) increased impediments to cross-border market access, particularly in the European Union.
Money Laundering Enforcement Case Analysis
A notable feature of the Report was FINMA’s analysis of enforcement cases concerning the Swiss Anti-Money Laundering Act (AMLA) from recent years. FINMA conducted this analysis “to learn lessons that can be applied to regular money laundering supervision activities” (p. 28).
That analysis highlighted two types of features identified in those enforcement cases. The first feature was business relationships displaying risk factors (measured as a percentage of AMLA cases involving such business relationships):
- High level of assets under management and/or transaction volumes: 68 percent
- Client relationships with a beneficial owner with multiple domiciliary companies or private accounts: 50 percent
- Business relationships with profitability from institution’s perspective: 36 percent
- Relationships with government-affiliated clients: 32 percent
- Relationships involving independent asset managers: 27 percent
- Business relationships from markets with significant money laundering risks, where the institution is pursuing a growth strategy: 23 percent
- Business relationships in which an Executive Board/Board of Directors member/owner of an institution is heavily involved: 18 percent
- Business relationships in which multiple locations/units are involved: 18 percent
- Business relationships that do not correspond to the institution’s business model: 14 percent
- Pass-through transactions: 14 percent
- Business relationships that were taken over from a predecessor institution: 14 percent
- Retained correspondence business relationships: 9 percent (p. 29)
The second feature was legal shortcomings and breaches in business relationships (also measured as a percentage of AMLA cases involving such business relationships):
- Clarification of plausibility of transactions: 100 percent
- Clarification of plausibility of business relationships: 86 percent
- Defective organization or risk management, or breach of guarantee of irreproachable conduct: 77 percent
- Failure to recognize a risk category and/or no license: 77 percent
- Breach of disclosure obligation: 55 percent
- Incorrect identification of beneficial owner: 50 percent
- Lack of overall monitoring of business relationships and transactions: 36 percent
- Documentation obligation: 36 percent
- Defective monitoring system for high-risk transactions: 32 percent
- Weak point, lack of risk awareness at second line of defense: 27 percent
- Lack of anti-money laundering training: 14 percent
- Defective monitoring of independent asset managers after having delegated client identification process: 14 percent (p. 29)
Overall, FINMA had a series of notable risk- and compliance-related accomplishments during 2019, including its enforcement procedures against Credit Suisse for AML deficiencies, its issuance of the Risk Monitor, and continuing cooperation with foreign regulators such as the U.S. Securities and Exchange Commission. FINMA has continued to maintain an aggressive stance in its investigative and enforcement efforts during 2020, such as its imposition of measures and sanctions against Julius Baer for serious AML failings and its investigation of the corporate surveillance at Credit Suisse that led to the ouster of its chief executive.
Enforcement-watchers should nonetheless take note of the significant declines in FINMA investigations and enforcement actions. Those declines are highly likely to continue in 2020, as the coronavirus pandemic takes its toll of the Swiss population and the national lockdown constrains supervision and enforcement operations.
In any event, attorneys advising financial institutions on AML compliance and AML compliance officers should peruse the FINMA enforcement case analysis with some care. That analysis indicates that AML compliance programs need to focus not only on sustaining standard components of AML compliance programs, such as overall monitoring and training, but also on informing business leaders and first- and second-line compliance team members that certain factors indicate the implausibility and illogic of certain types of transactions and business relationships from an AML perspective. Moreover, AML compliance officers should compare the FINMA risk factors against their own AML risk and compliance programs, to see whether other aspects of their programs can be strengthened.