The upcoming revision to Swiss anti-money laundering rules again highlights the limitations of a principles-based regime in a world dominated by ever more invasive supervisors. finews.com takes a look.

At first glance, 2023’s update of Swiss anti-money regulation doesn’t stand out much. Even the Swiss financial regulator, Finma, characterizes many of the upcoming changes as a housekeeping exercise.

But the touch-up, which comes into force at the start of January, once again shows the difficulty of being one of the last hands-off supervisors in a global banking landscape where other regulators have little hesitation setting heftier, more intrusive rules.

When it comes down to it, the current round of changes in the ordinance and the related federal act are a further attempt to rectify a number of deficiencies highlighted in the much-debated 2016 Financial Action Task Force (FATF) country report for Switzerland.

Open Question

Whether they ultimately placate the FATF is an open question that is likely to only be answered in the fullness of time, at least publicly. But what is already clear is that divergence between rules-based and principles-based regulatory regimes will continue to cause a large number of headaches for the Swiss banking sector, in particular those with large-scale international businesses.

But rather than look at the big picture, as finews.com did extensively earlier this year, the current changes allow a deeper focus on a small and specific change in Swiss anti-money regulation related to the easily overlooked but not-insignificant matter of keeping client information updated.

And one of the surprising things from looking at the large and the small picture is that the conclusions are much the same. 

No Satisfaction                                                                                               

Until just a few years ago, the task of keeping updated records on clients - as simple as it sounds – caused many banks and wealth managers substantive issues.  Those who drafted the original FATF report in 2016 seemingly understood that, and they characterized the relevant Swiss banking practices back then as unsatisfactory - a term that is as near a fail as one can get in auditing language.

They specifically scoped out private banking institutions, which appeared to have «greater problems» with legacy assets, particularly those that had been held for many years and which had been obtained by way of external growth or acquisitions.

Now, enter the federal government. To deal with the FATF's findings, it has decided to update the overarching anti-money laundering act by plainly stating the requirement for client information to be kept up to date. 

Very Deliberate

The one-line amendment to the act does not go further than that. According to Finma, the government kept the change related to client information «deliberately slim» and that is somewhat understandable given it was worded to allow the law to stand for decades - little changed - at the very minimum.

Although that is a reasonable step for a federal government in a direct democracy, the regulator itself does not really go out on a limb for updated client records either, or at least it doesn't with the current round of changes.

When publicly releasing the results from its hearings in May on the matter, it indicated that banks could compile an internal directive on what the criteria should be and what the periodicity should be for the updates, adding that the actual process around how to keep everything current should not «fundamentally» form part of this.

Reasonable Timeframe

Banks simply put out an internal directive saying client information has to be kept current and they then specify to operations, bankers, and compliance how frequently they need to be reviewed.

But even in a principle-based world, you might reasonably expect at least an indication of some form of a reasonable time frame for the updates or reviews, if nothing else.

But it doesn't and that simply gives many other jurisdictions and regulators the leeway and the initiative when it comes to this and other points.

European Conundrum

In the EU, for example, the European Banking Authority, in conjunction with other key regulators, has a specific section related to wealth management where it specifies that the banker’s relationship with the client should be used to facilitate the collection of information that allows the bank to get a fuller picture of the purpose and nature of the customer’s business, including developing an understanding the client’s source of wealth while ensuring that any complex or unusual arrangements are genuine and legitimate.

It asks banks to perform reviews of higher-risk clients at least annually but more frequently «if risk dictates». Relevant procedures can include the recording of client visits, at home or in business, and these may potentially prompt changes in client profiles and similar information. The authority also asks wealth managers to monitor transactions and public reports on an ongoing basis. It also lays down a clear line, saying that simplified due diligence is not appropriate for a wealth management business.

Enter the HKMA

In Hong Kong, the Hong Kong Monetary Authority (HKMA), the city’s de facto banking regulator, also doesn’t pull punches.

Its guidelines on anti-money laundering and the counter-financing of terrorism have a section related to ongoing client due diligence (5) and a specific one (12) for private banking.

In the latter, it specifies that high-risk clients, by default most private banking clients, should be reviewed annually. Banks also need to have clear policies and procedures related to the frequency of periodic reviews and what constitutes a trigger event, which should, by necessity, prompt a re-review of client information.

Meeting Clients

The subsequent private banking section specifies that the institution should meet clients on a regular basis while the activities of the bankers should be subject to frequent reports and reviews by supervisors given that close relationships often develop between both parties.

As part of that, they also require that ongoing monitoring of the relationship be subject to reviews conducted by staff separate from the bankers to mitigate the risk of abuse and conflicts of interest.

Although all of that isn't directly related to the holding of updated client records, one can surely bet that the HKMA would surely be expecting to see clear and recent records of such when cheerfully heading off to an on-site or thematic inspection.

City-State Update

Now, enter Singapore, another popular jurisdiction for Swiss private banks and wealth managers. Here, the Monetary Authority of Singapore (MAS) requires those with a bank or a merchant bank license to ensure that client data, documents, and information be kept updated. No surprise there.

But, by that, they also mean anyone who acts on behalf of clients, including connected parties and other beneficial owners need to undertake regular reviews of the existing data to ensure that they remain current, particularly for high-risk clients. That, by itself, does go farther than the other jurisdictions.

Moreover, the MAS seems to take a page directly from the FATF’s original finding for Switzerland by specifically indicating that banks making acquisitions must review all client records unless they have absolutely no doubts about the information they received when buying the business or when conducting due diligence on it.

Final Rule

In the US, by any token one of the world’s largest wealth management markets, the Financial Crimes Enforcement Network (FinCEN) has what it calls the final CDD rule, which requires institutions to collect information about expected client activity on an ongoing or periodic basis while conducting and keeping adverse news search records and those from other underlying transacting parties.

At first glance, it seems a great deal more laissez-faire than the others by stating that the requirement to update client information on a periodic or continuous basis is a risk-based decision that a bank is free to take.

However, there is a catch. There has to regular monitoring of the relationship and if an institution then becomes aware of any change in client information because of ongoing monitoring, it then must update that information and make a decision as to whether the customer risk profile and rating should change.

Operational Freedom

In the comments made during Finma's hearings and throughout the Swiss financial hub, many stand firmly behind the idea of principles-based regulation, believing it gives institutions more freedom to operate in an unfettered, entrepreneurial, manner.

That is unlikely to change. But there is only one problem with all of this. An international Swiss private bank and wealth manager has to fully comply with all the rules of the different jurisdictions they operate in.

By default, that means that the only clients and banks that can benefit from the approach currently taken by Finma and the government are those that are pure domestic plays with no cross-border activities or accounts.

Small Facet

Moreover, keeping updated client records is just one small part of the overall banking business. But the same pattern is repeated over and over when it comes to the other FATF findings, and to the rules other jurisdictions impose on banks.

By implication, remaining with the current approach also means that others around the world are increasingly and unapologetically defining private banking and wealth management, a business that had characteristically been considered either as Swiss - or as having a strong Swiss heritage.

That should give many in the industry plenty of food for thought.