Answer ... (a) Commercial/corporate
Switzerland has recently enacted amendments to the Code of Obligations extending companies’ obligations to keep registers of shareholders and beneficial owners. Failure to comply can have serious consequences. While most companies can be expected to comply with the new rules, any potential buyer should ensure that this is the case for the target.
As of 1 January 2022, large companies and companies dealing with certain minerals and metals originating from conflict zones or offering products and services which may reasonably be suspected to involve child labour are subject to new reporting requirements and other obligations concerning environment, social and governance issues.
Swiss companies must prepare annual financial statements, which must be approved by the shareholders. External audits are mandatory for larger companies only. Private companies are not required to publish their financial statements and very few do.
Swiss law requires companies to take measures if they have good cause to suspect over-indebtedness. Failure to comply may trigger the personal liability of the directors even if they are not responsible for the over-indebtedness. Buyers of ailing companies should ensure that all required measures are taken before completion.
There are no jurisdiction-specific due diligence issues relating to litigation. Buyers will typically ensure that they are aware of and understand the risks of all material litigation, whether ongoing or threatened.
The statute of limitations for most tax obligations is 10 years. The due diligence should cover at least that period.
Other than that, there are no jurisdiction-specific due diligence issues relating to tax. Buyers typically ensure that:
- filings and payments are in order;
- audits have been passed successfully; and
- potential risks are well understood and managed.
In a business transfer (asset deal), employment contracts related to the target are transferred to the buyer by law. The employee may refuse to accept such transfer, but the buyer may not. Buyers should identify all employment contracts related to the target. If they do not wish to continue certain employment relationships, appropriate measures should be taken before closing; such measures may trigger an obligation to consult with employees and their representatives.
To avoid cumbersome legacy issues, buyers should ensure that the target has complied with its obligations towards social security institutions and pension funds.
Certain industries are subject to collective employment contracts which set minimum terms that apply regardless of the individual agreements by the parties.
(f) IP and IT
There are no jurisdiction-specific due diligence issues relating to IP and IT.
Buyers will typically ensure that the registration of IP rights is up to date, and that know-how is adequately protected. If IP rights are important for the business of the target and technically complex (eg, patents), the buyer should consider consulting with specialised advisers.
Similarly, buyers will ensure that the target’s rights to use crucial IT tools are adequately protected.
(g) Data protection
The main statute on data protection in Switzerland is the Federal Act on Data Protection (FADP). The FADP was recently revised and the new law is expected to enter into force in the third quarter of 2023. The new law is conceptually very close to the EU General Data Protection Regulation (GDPR). It imposes a variety of new obligations on entities which control data. Although the new law is not yet in force, prudent companies should be taking appropriate measures to be ready to comply.
As a large number of Swiss companies do business in EU member states, the provisions of the GDPR may apply to them.
Swiss law imposes no general obligations related to cybersecurity on businesses or companies. Ensuring adequate cybersecurity is a part of the board of directors’ duties; the required measures depend on the actual risks.
Cybersecurity as a legal issue is very much linked to data protection. The current FADP requires a data controller to take appropriate technical measures to ensure protection from breaches. The revised FADP will specifically require technical data protection to be state of the art and commensurate to the type, volume and risk of the processed data.
Certain regulated activities – in particular, the financial industry – are subject to specific cybersecurity requirements.
(i) Real estate
The statutory restrictions on the purchase of real estate by foreigners apply to the acquisition of Swiss companies holding real estate assets. Any foreign buyer will therefore have to determine whether the target owns real estate assets and, if so, whether such assets can be held by foreigners.
The owner of a real estate asset may be liable to remove and remedy contamination of the soil or groundwater, even if such contamination was caused prior to the acquisition.