1 Legal and enforcement framework
1.1 In broad terms, which legislative and regulatory provisions govern the fintech space in your jurisdiction?
Switzerland has no specific fintech regulations. A technology-neutral approach has been adopted, meaning that the same rules apply to all businesses, whether they are using traditional or innovative technologies. Frequently, fintech companies offer services and develop technologies without themselves being subject to financial market laws. However, this requires examination on a case-by-case basis. The relevant federal acts include:
- the Banking Act;
- the Collective Investment Schemes Act;
- the Stock Exchange Act;
- the Anti-money Laundering Act;
- the Financial Market Infrastructure and Market Conduct in Securities and Derivatives Trading Act;
- the Financial Market Supervision Act; and
- the Consumer Credit Act.
These acts have been implemented through ordinances enacted by the Federal Council and the regulator, the Financial Market Supervisory Authority (FINMA), which has issued further guidance. In addition, self-regulation may apply.
Although the financial market laws may not apply directly to fintech companies, they may apply by contractual agreement with a financial institution (eg, outsourcing regulations).
1.2 Do any special regimes apply to specific areas of the fintech space?
Switzerland has no fintech-specific regulations. A technology-neutral approach has been adopted, meaning that the same rules apply to all businesses, whether they are using traditional or innovative technologies. The Swiss government closely monitors new technological developments and the potential need for regulatory adjustments in order to reduce unnecessary administrative burdens.
As a result, the Federal Council introduced a sandbox exemption, which is available to all companies. Under the sandbox exemption, the acceptance of public deposits of up to CHF 1 million will no longer trigger a licence requirement under the Banking Act (subject to the fulfilment of certain conditions). Further, the exemption from the licence requirement under the Banking Act for pure payment service providers which accept deposits for settlement purposes only has been expanded. On 1 April 2019 the sandbox was extended to include consumer loans. Consumer loans provided through the intermediation of crowd-lending platforms are subject to the Consumer Credit Act.
Further, as of 1 January 2019, a new licence category (fintech licence) is available for companies that accept deposits from third parties up to a maximum amount of CHF 100 million without granting loans or paying interest on the deposits. Facilitated conditions apply to such a licence. The most important points in this regard include:
- substantially reduced minimum capital requirements;
- an exemption from the requirements regarding the equity capital, risk diversification and liquidity of banks;
- an exemption from the deposit guarantee; and
- reduced accounting and auditing requirements.
1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?
FINMA is responsible for enforcing the fintech regulatory framework. It has a broad range of supervisory and enforcement powers at its disposal. It can conduct audits or arrange for them to be carried out by licensed audit companies or audit agents. It can take precautionary measures and, in case of violation of the supervisory provisions by a supervised entity or person, must implement any measures necessary to restore compliance with the law.
Further, if FINMA detects a serious violation of the supervisory provisions, it may:
- issue a declaratory ruling;
- prohibit the person responsible from acting in a management capacity at any supervised entity;
- publish its supervisory rulings; and
- confiscate any profits that a supervised person or entity or a person in a management position has made.
FINMA must revoke the licence of a supervised person or entity if it no longer fulfils the requirements for such activities or has seriously violated the supervisory provisions.
In addition to these competences, FINMA has certain regulatory powers, which it exercises by issuing ordinances based on the financial markets legislation and circulars on the application of the financial markets laws.
1.4 What is the regulators' general approach to fintech?
Switzerland takes a liberal and business-orientated approach to regulatory policy for fintech products and services. It has initiated various consultation processes and legislative changes to allow the fintech industry to grow and embed its products and services in the existing business environment. The Swiss regulators have recognised that the law was orientated towards big financial institutions, whose start-up requirements could not be met by smaller enterprises due their lack of capacity (eg, net asset requirements).
FINMA, which is responsible for the implementation of the fintech regulatory framework, is seeking to maintain and enhance Switzerland's status as an innovative and competitive financial centre. In its regulations it has therefore adopted an essentially neutral approach to certain business models and technologies.
1.5 Are there any trade associations for the fintech sector?
Yes. Some trade associations support fintech start-ups in general (eg, Swiss Finance Start-ups, www.swissfinancestartups.com/); others focus on specific areas, such as blockchain (eg, the Swiss Blockchain Federation, https://blockchainfederation.ch/).
2 Fintech market
2.1 Which sub-sectors of the fintech industry have become most embedded in your jurisdiction?
The fintech industry in Switzerland covers a broad range of sectors, including mobile payments, crowdfunding, robo-advice, cybersecurity and blockchain-related services.
2.2 What products and services are offered?
A variety of innovative products and services are offered by traditional financial institutions and new market players, including mobile/online payment services, account information services and crowd-funding platforms. In addition, the fintech industry offers compliance tools for financial institutions.
2.3 How are fintech players generally structured?
In Switzerland, there are many fintech start-ups. In addition, the SIX Swiss Exchange, Swisscom and a number of banks and insurance companies have established their own fintech teams.
2.4 How are they generally financed?
The following financing and investment schemes are commonly used by fintech start-ups in Switzerland:
- friends and family;
- grants from private and/or state-sponsored fintech incubators and accelerators (eg, F10);
- business angels;
- investment clubs;
- family offices;
- seed funds;
- grants from state agencies (eg, Innosuisse);
- venture funds; and
- corporate ventures.
2.5 How are they positioned within the broader financial services landscape?
Switzerland has a well-established fintech scene. Many fintech start-ups are working closely with banks, insurance companies and other financial institutions. Many banks and insurance companies, as well as the SIX Swiss Exchange, support fintech start-up incubators and accelerators, such as www.f10.ch.
2.6 Do start-ups generally outsource back office functions and is there a developed market for them to access? What are the legal implications of outsourcing?
A number of start-ups outsource back office functions to various service providers. However, the board of directors of the company remains responsible for the outsourced services. This is particularly relevant where compliance matters are outsourced.
3.1 How are the following key technologies in the fintech space regulated and what specific legal issues are associated with each? (a) Internet (e-commerce); (b) Mobile (m-commerce); (c) Big data (mining); (d) Cloud computing; (e) Artificial intelligence; and (f) Distributed ledger technology (Blockchain, cryptocurrencies)
(a) Internet (e-commerce)
There are no specific internet-related regulations in the fintech space.
(b) Mobile (m-commerce)
There are no specific mobile-related regulations in the fintech space.
(c) Big data (mining)
There are no specific big data-related regulations in the fintech space.
(d) Cloud computing
There are no specific cloud computing regulations in the fintech space. In cloud computing, the main regulatory issues concern data protection and cybersecurity. When cloud services are used to store client information, the Data Protection Act applies. Certain financial institutions such as banks and securities dealers must comply with additional regulations aimed at protecting client data. For example, banks must uphold banking secrecy and take certain technical, organisational and contractual security measures to protect client information. FINMA has specified the requirements for the handling of electronic client data by banks and securities dealers in its circular on operational risks and outsourcing. Further, the Swiss Bankers Association has issued non-binding guidelines for the implementation of secure cloud computing services compliant with the law.
(e) Artificial intelligence
There are no artificial intelligence-related regulations in the fintech space.
(f) Distributed ledger technology (Blockchain, cryptocurrencies)
On 16 February 2018 FINMA published an initial coin offering (ICO) guideline, which sets out how it intends to apply the financial markets legislation in handling enquiries from ICO organisers. FINMA focuses on the commercial function and purpose of the tokens issued by the ICO organiser in assessing ICOs and categorises tokens into three types: payment tokens, utility tokens and asset tokens. Many tokens are hybrid tokens that fall within more than one category.
On 22 March 2019 the Federal Council submitted a draft bill proposing several legislative amendments to improve the framework conditions for blockchain and distributive ledger technology (DLT) for consultation. The bill proposes the following adjustments, among others:
- in the Code of Obligations, the introduction of the possibility to electronically register value rights, thereby guaranteeing the functions of negotiable securities;
- in the Debt Enforcement and Bankruptcy Act, the express regulation of the segregation of crypto-based assets in case of bankruptcy; and
- in the Financial Market Infrastructure Act, the inclusion of a licence requirement for so-called ‘DLT trading facilities'.
The consultation process concluded in June 2019. The results have not yet been published.
4.1 How are the following key activities in the fintech space regulated and what specific legal issues are associated with each? (a) Crowdfunding, peer-to-peer lending; (b) Online lending and other forms of alternative finance; (c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb); (d) Forex; (e) Trading; (f) Investment and asset management; (g) Risk management; (h) Roboadvice; and (i) Insurtech.
(a) Crowdfunding, peer-to-peer lending
Switzerland continues to see growth in crowdfunding (including crowd-supporting, crowd-sale and crowd-lending). The revision of the Swiss Banking Ordinance provides that the acceptance of funds for settlement purposes is allowed for up to 60 days without triggering a banking licence requirement. This exception is particularly important for crowdfunding platforms in Switzerland, as most collect money from supporters in a separate account on the platform before transferring the funds to the borrower or project initiator.
(b) Online lending and other forms of alternative finance
Alternative financing through initial coin offerings (ICOs) has also become popular and is thus receiving attention from the regulator. It is important to review each business model on a case-by-case basis. At present, ICOs are governed by no specific regulations and must therefore be individually reviewed for compliance with general financial market regulations. These includes the Banking Act, which may be applicable if the ICO includes the acceptance of deposits. The Anti-money Laundering Act may apply where the creation of a token by an ICO vendor involves issuing a payment instrument or where one virtual cryptocurrency is exchanged for another. The Stock Exchange Act may apply if the tokens qualify as securities. The Collective Investment Schemes Act may apply if the assets collected as part of the ICO are pooled and managed by a third party with a view to a return of profit.
(c) Payment services (including marketplaces that route payments from customers to suppliers (eg, Uber and AirBnb)
EU member states were required to implement the EU Payment Services Directive (2007/64/EC) by the beginning of 2018. The directive aims to make electronic payment transactions safer, more convenient and more cost effective. However, as it is an EU directive, it does not apply directly in Switzerland.
At present, there is no evidence that Swiss banks will need to consider the EU Payment Services Directive due to their participation in the Single Euro Payment Area. However, EU-based subsidiaries of Swiss banks must comply with the respective national implementation regulations. Further, the EU Payment Services Directive has an indirect effect on Swiss companies, given that EU payment service providers must also adhere to it if:
- only one payment service provider has its seat in the European Union; and
- currencies other than the euro are involved.
For the time being, the Swiss legislature has no plans to implement analogous regulations. The Swiss Finance Start-ups Association has launched an initiative for the self-regulation of market participants. As long as there are no analogous regulations to the EU Payment Services Directive in Switzerland, each bank is free to decide whether and how to make its application programming interface (API) accessible to third parties. If APIs are accessible, the bank must ensure compliance with adequate safety requirements.
Anyone that transfers money from one account to another, or that exchanges money/cryptocurrencies, must ensure it holds the necessary registrations as a financial intermediary in accordance with the Anti-money Laundering Act.
Pursuant to the Swiss Federal Act on Combating Money Laundering and Terrorist Financing of 10 October 1997, financial intermediaries include persons who, on a commercial basis, accept or keep assets belonging to others or who assist in the investment or transfer of such assets. Instead of being directly supervised by FINMA, such financial intermediaries may become a member of a recognised self-regulatory organisation to ensure compliance with the duties relating to the combating of money laundering. These self-regulatory organisations are in turn supervised by FINMA.
All securities dealers must be licensed by FINMA pursuant to the Swiss Federal Act on Stock Exchanges and Securities of 24 March 1995. The law distinguishes between various categories of securities dealers. Securities dealers are individuals, entities and partnerships that, on a commercial basis:
- trade in securities on the secondary market, either on their own account on a short-term basis or for the account of third parties;
- offer securities to the public on the primary market; or
- create derivatives and offer them to the public.
(f) Investment and asset management
The legislature has established innovation initiatives that may also cover business models in the field of investment, asset and wealth management. The acceptance of public deposits up to CHF 1 million no longer triggers a banking licence requirement, subject to the fulfilment of certain conditions. This sandbox exemption does not apply to other financial markets regulations, such as the Collective Investment Schemes Act and the Anti-money Laundering Act, which may also apply in this field. It is therefore important to review each business model on a case-by-case basis.
For the time being, asset managers that do not manage collective investment schemes are not subject to FINMA supervision – rather, they are required only to register as a financial intermediary under the Anti-money Laundering Act.
A supervisory regime for all asset managers will be introduced by the Financial Institutions Act, which is expected (together with the Financial Services Act) to come into force with the implementing ordinances on 1 January 2020.
(g) Risk management
Financial institutions must be adequately organised in view of the scope and complexity of the proposed business activities. They must also establish effective risk management systems,
in particular involving appropriate identification, limitation and monitoring of market, credit, default, settlement, liquidity, image operational and legal risks. In addition, they must have an effective
internal control system and an internal audit function which is independent from the executive management. Further details are included in circulars published by FINMA.
Switzerland has seen an increase in the use of roboadvice by financial institutions. A number of fintech businesses based in Switzerland are using artificial intelligence methods, which also benefit from the Domain of the Swiss Federal Institutes of Technology's international position.
For the time being, pure investment advice does not trigger any licence requirements if it does not involve the distribution of any units of collective investment schemes. A new regime for investment advisers will be introduced by the Financial Services Act, which is expected to come into force with the implementing ordinances on 1 January 2020.
Even under the Financial Services Act, mere investment advice remains possible without a licence in principle. However, certain client advisers must now be entered in an adviser register and are subject to all duties of conduct set out in the new financial regulations, including their penal provisions. This will apply to client advisers of unregulated domestic financial service providers (ie, pure investment advisers) and of foreign financial service providers.
Fintech start-ups intending to provide insurance require authorisation under the Insurance Supervision Act. Further, independent insurance intermediaries that do not represent an authorised insurance company are subject to registration. The Insurance Supervision Act is currently under revision. Envisaged amendments include the possibility for insurance companies with particularly innovative business models to be exempt from supervision if they can guarantee the protection of policyholders.
5 Data security and cybersecurity
5.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?
The Data Protection Act and corresponding Data Protection Ordinance establish the rules and minimum requirements for data security and the processing and transfer of personal data. The Data Protection Act is being revised and major changes are expected.
Further, although Switzerland is not an EU member state, the EU General Data Protection Regulation may have implications for Swiss fintech businesses which offer cross-border services.
If a fintech business requires a licence or enters into agreements with regulated financial institutions, additional requirements apply (eg, the FINMA circulars on operational risks and outsourcing).
5.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?
Switzerland's numerous cybersecurity laws include the following:
- the Data Protection Act, which primarily settles the minimum requirements for the protection of personal data; and
- the Telecommunications Act and its corresponding ordinances and directive, which serve as grounds to provide a qualitative and competitive cyber-infrastructure. The Telecommunications Act aims to limit cyber-risks. The Federal Office for Communication is responsible for the provision and enforcement of a reliable communication environment. The Telecommunications Act also contains a chapter regarding important national interests, including various security-relevant provisions. Communication services must ensure that the communication system functions flawlessly.
If a fintech business requires a licence or enters into agreements with regulated financial institutions, additional requirements apply (eg, the FINMA circulars on operational risks and outsourcing).
There are no particular fintech specific laws, but as fintech solutions regularly affect sensitive data, fintech businesses must adhere to data protection laws and provide the required security measures.
6 Financial crime
6.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for fintech companies?
Payment service providers and any other persons that dispose of financial assets for third parties must, as financial intermediaries, ensure that the necessary registrations in accordance with the Anti-money Laundering Act are in place. Among other duties, financial intermediaries must identify their contractual counterparties and the beneficial owner of the assets. Even if a company does not qualify as a financial intermediary, it must ensure adequate governance to prevent its services or products from being used for money laundering.
A number of other financial crime regulations may come into play in the provision of fintech products and services, including:
- anti-fraud, anti-corruption and misconduct in public procurement procedures; and
- the prohibition of insider trading and market manipulation.
Before starting operations, a fintech business should verify whether it qualifies as a financial intermediary under the Anti-money Laundering Act and whether registration is required. If registration is required, the company may be incorporated, but should not start business before registration.
Companies should identify the risks involved with their particular business model and should establish a suitable internal governance and compliance structure. Under Swiss law, companies may also be fined if they fail to prevent financial crimes because of a lack of adequate structures.
7.1 Does the fintech sector present any specific challenges or concerns from a competition perspective? Are there any pro-competition measures that are targeted specifically at fintech companies?
8.1 How is innovation in the fintech space protected in your jurisdiction?
As a research and innovation hub, Switzerland is frequently highly ranked in international studies (eg, the World Economic Forum and the European Commission). The high degree of technological development, labour market efficiency, effective cooperation between industry and research institutions and effective protection of IP rights contribute to this ranking.
Fintech innovations are protected primarily as copyright or patents. Software is typically protected under Swiss copyright law rather than patent law, as computer programs are not considered technical solutions per se. However, computer-implemented inventions that solve a technical problem can be protected through patent registration. This is one of the key issues to be reviewed.
Design and trademark registrations may provide additional protection. However, contractual safeguards are crucial to protect fintech innovations, regardless of whether the above categories of IP rights apply.
In addition to the statutory and registered IP rights, fintech innovations may include manufacturing and trade secrets. Protection of these secrets is subject to a specific statutory or contractual duty. Non-disclosure agreements and corresponding enforcement clauses are key instruments to protect manufacturing and trade secrets, alongside or without IP protection.
8.2 How is innovation in the fintech space incentivised in your jurisdiction?
The federal government and, in some circumstances, the cantonal governments have created a series of financial and business incentives.
Regulatory sandbox: In order to promote the development of fintech business models, the acceptance of public funds of up to CHF 1 million no longer triggers a licence requirement under the Banking Act (subject to the fulfilment of certain conditions). This allows firms to test out a business model before being required to obtain bank authorisation.
New ‘light' banking licence: Fintech business models may also benefit from the new ‘light' banking licence, which permits the commercial acceptance of public deposits of up to CHF 100 million (subject to the fulfilment of certain conditions).
Tax incentives: Start-ups benefit from a more lenient taxation regime in many parts of Switzerland. Accordingly, start-ups are taxed only on net asset value "until representative business results are available" (see the Financial Directorate on the Valuation of Securities and Balances for Property Tax directive – available in German only). However, the tax office has wide discretion to assess whether and when representative business results are available. According to the tax office, the following points are crucial:
- whether a positive cash flow exists;
- whether the company has established itself in the market; and
- whether it can prove a regular turnover with a marketable product.
Grants: Innosuisse, the Swiss Innovation Promotion Agency, promotes science-based innovation in the interests of industry. Accordingly, it supports start-ups in the development of their projects. Moreover, numerous cantons have their own programmes that support fintech start-ups, both financially and in terms of know-how and office space.
9 Talent acquisition
9.1 What is the applicable employment regime in your jurisdiction and what specific implications does this have for fintech companies?
In Switzerland, companies tend to employ both foreign workers and Swiss nationals. As a rule, foreign nationals engaging in any form of gainful employment in Switzerland require a permit. The specifics of immigration law must be carefully considered in advance to ensure successful staff management. Both foreign employees and the Swiss employer are punishable if they fail to comply with the applicable immigration law. Employees or employers found guilty of such infringements find it difficult to obtain subsequent work permits.
In general, any work performed by a foreign national in Switzerland over eight days per calendar year requires a work permit or is subject to an online registration procedure. Business visits of less than eight days per calendar year are not subject to a work permit.
Employers with a registered seat in an EU or European Free Trade Association (EFTA) member state can post their employees to Switzerland for up to 90 days per year without applying for a work permit. Instead, employers must register the posted employees online at least eight days before they start work in Switzerland.
There are no special regimes for the tech or financial industry. However, since there is a shortage of specialists in the IT and tech industries, it will be easier to prove the economic need for such work in a third-country national's work permit application.
9.2 How can fintech companies attract specialist talent from overseas where necessary?
A general distinction is made in Switzerland between EU, EFTA and third-country nationals. While EU and EFTA nationals benefit from a number of treaties and free movement in the European Union, work permits for well-qualified employees who are third-country nationals are subject to federal and national quotas.
Under the Agreement on Free Movement of Persons within the European Union, employees who have an employment contract with a Swiss company are entitled to a work permit on presentation of their employment agreement. Self-employed applicants must present an acceptable business plan and show that their business will generate employment in the local market in order to obtain a work permit.
Work permits for third-country nationals will be granted only where:
- they are sponsored by an employer;
- quotas are available;
- applications by Swiss nationals and EU and EFTA applicants have been prioritised;
- they have the required qualifications (a master's degree at least is required); and
- the salary or terms and conditions of employment are customary in the particular sector and region.
10 Trends and predictions
10.1 How would you describe the current fintech landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?
Switzerland supports innovation and takes a liberal and business-orientated approach to regulatory policy for fintech products and services. Therefore, it is expected that Switzerland will remain a preferred domicile for fintech companies.
On 22 March 2019 the Federal Council submitted a draft bill proposing several legislative amendments to improve the framework conditions for blockchain and distributive ledger technology for consultation. The consultation process concluded in June 2019. The results have not yet been published.
According to the Federal Council's timetable, the Financial Services Act and the Financial Institutions Act are to enter into force on 1 January 2020. The results of the consultation on the corresponding Federal Council ordinances are now available. It is expected that the Federal Council will release the definitive texts of the ordinances in October 2019. Only a few months remain until the new laws come into force. Even if generous transition periods are granted in some cases, financial service providers should adapt to the new circumstances in good time and take the necessary measures to ensure compliance. Fintech companies should closely monitor whether these new regulations will impact on their business.
11 Tips and traps
11.1 What are your top tips for fintech players seeking to enter your jurisdiction and what potential sticking points would you highlight?
Fintech players should seek regulatory advice at an early stage of the process. This will save costs in the long run, since regulation presents not merely burdens, but also opportunities for fintech players.