1 The Fintech Landscape
1.1 Please describe the types of fintech businesses that are active in your jurisdiction and any notable fintech innovation trends of the past year within particular sub-sectors (e.g. payments, asset management, peer-to-peer lending or investment, insurance and blockchain applications).
The Swiss fintech landscape has evolved significantly over the past few years and Switzerland continues to be an attractive base for innovators in the financial sector. Approximately 200 active companies in various sub-sectors form the core of the diverse Swiss fintech ecosystem. The total number of fintech-related businesses, however, is much higher. Many established financial institutions and other established financial market players have entered the fintech space in the recent past and, as a result, the distinction between fintech and traditional financial services has become increasingly blurred.
Swiss-based fintech businesses include robo-advisory and social trading services, crowdfunding and crowdlending platforms as well as payment systems and businesses active in the area of collective investment schemes. One of the key focus areas in the past year has been driven by blockchain-based businesses, in particular in the areas of cryptocurrencies and decentralised transaction platforms (e.g. Ethereum and Lykke), many of which are based in the socalled "cryptovalley" in the Canton of Zug. This development is accompanied by a notable increase in so-called initial coin offerings ("ICO") out of Switzerland, i.e. a digital method of raising capital through the issuance of tradable digital units (coins or tokens) to finance or develop early stage projects of start-ups, including but not limited to projects in the fintech sector.
The Swiss fintech industry has formed a number of associations and shared interest groups (e.g. the Swiss Finance + Technology Association, Swiss Fintech Innovation, Swiss Finance Startups and the Crypto Valley Association) to promote, together with investors, experts and media, the development of a strong Swiss fintech sector.
1.2 Are there any types of fintech business that are at present prohibited or restricted in your jurisdiction (for example cryptocurrency-based businesses)?
Switzerland has no specific prohibitions or restrictions in place with respect to fintech. Generally speaking, Swiss financial regulation is technology-neutral and principle-based, which has so far allowed it to cope with technological innovation. That said, fintech operators may be subject to regulation and supervision by the Swiss Financial Market Supervisory Authority FINMA ("FINMA") or by selfregulatory organisations depending on the nature and specifics of their business. The relevance and application of Swiss laws on e.g. anti-money laundering, collective investment schemes, financial market infrastructures, banks, insurance companies and/or securities dealers has to be assessed in the individual case (see question 3.1). With regard to ICOs in particular, FINMA recently published a guidance letter in which it emphasised the concept of an individual review of each business case regarding the regulatory impact. It is therefore prudent for fintech start-ups to seek clearance from the regulator before launching their project in the market.
2 Funding For Fintech
2.1 Broadly, what types of funding are available for new and growing businesses in your jurisdiction (covering both equity and debt)?
Switzerland has an active start-up scene and various funding opportunities are available for companies at every stage of development. There are seed and venture capital firms for early funding as well as mature debt and equity capital markets for successful companies at a later stage. In addition, there are many financial institutions that have a potential interest in buying an equity stake in fintech companies or in a full integration.
Crowdfunding and crowdlending as alternative sources of funding have shown rapid growth rates in Switzerland. The first crowdfunding platform was founded in 2008 and currently there are now around 50 active platforms (compared to only four in 2014). A further professionalisation of the crowdlending market may be expected for the near future as Swiss Parliament is deliberating on changes to the Consumer Credit Act ("CCA") with the intention to subject crowdlending intermediaries to certain reporting duties and further obligations in connection with the review of the creditworthiness of the borrowers.
Furthermore, a growing number of incubators and accelerators, either exclusively fintech-related (such as the association F10 or Thomson Reuters Labs – The Incubator) or focused on digital innovation in general including fintech (such as Kickstart Accelerator), support and guide fintech start-ups in transforming their ideas into successful ventures.
2.2 Are there any special incentive schemes for investment in tech/fintech businesses, or in small/ medium-sized businesses more generally, in your jurisdiction, e.g. tax incentive schemes for enterprise investment or venture capital investment?
There are no specific tax or other incentives for the benefit of the fintech industry in Switzerland. However, depending on the tax domicile of the company and the residence of the shareholders, there are certain tax benefits for start-up companies and tax schemes benefitting investors. In addition, again, depending on the tax domicile of the company, the ordinary profit tax rate in Switzerland can be as low as 12%. Currently, there are also discussions in Switzerland regarding the introduction of special R&D deduction regimes and of an IP box regime.
In particular, start-ups may benefit from a tax holiday on the cantonal and federal level if their tax domicile is located in a structurally less developed region of Switzerland. Furthermore, if a company sells a stake of at least 10% in an investment which has been held for at least one year prior to the sale of the participation, the realised profit benefits from a participation deduction. In addition, Swiss resident individuals are not taxed on capital gains realised on privately held assets. Dividend payments to companies which hold a participation of at least 10% or with a fair market value of at least CHF 1 million in the dividend paying company also benefit from the participation deduction. Dividend payments to Swiss resident individuals on substantial participations of at least 10% are taxed at a reduced rate. Switzerland levies annual wealth taxes. In order to lessen the tax burden for start-up investors, start-up companies are often valued at their substance value for wealth tax purposes (e.g. in the Canton of Zurich).
Finally, it is common in Switzerland to discuss the tax consequences of an envisioned structure with the competent tax administration.
2.3 In brief, what conditions need to be satisfied for a business to IPO in your jurisdiction?
The requirements for a listing on the SIX Swiss Exchange (the main Swiss stock exchange) are laid down in its Listing Rules and its Additional Rules and can be divided into (i) requirements regarding the issuer, and (ii) requirements regarding the securities to be listed. Essential criteria include e.g. that the issuer has existed as a company for at least three years, has a reported equity capital of at least CHF 2.5 million, a free float of at least 20% and a minimum capitalisation of the securities in public ownership of CHF 25 million.
2.4 Have there been any notable exits (sale of business or IPO) by the founders of fintech businesses in your jurisdiction?
There have not been any recent IPOs in Switzerland in the area of fintech. However, in 2017, Warburg Pincus acquired 45% of the shares in Avaloq Group AG, a leading Swiss provider of software solutions and business process outsourcing services for the financial industry.
3 Fintech Regulation
3.1 Please briefly describe the regulatory framework(s) for fintech businesses operating in your jurisdiction, and the type of fintech activities that are regulated.
The Swiss financial regulatory regime does not specifically address fintech. Rather, the legal framework governing the activities of fintech operators consists of a number of federal acts and implementing ordinances as well as circulars and other guidance issued by FINMA. Fintech business models have to be assessed in light of this regulatory framework on a case-by-case basis (see question 1.2).
Based on their (intended) activities, fintech operators may in particular fall within the scope of the Banking Act ("BA") (if engaging in activities involving the acceptance of deposits from the public; see question 3.2), the Anti-Money Laundering Act ("AMLA") (if active as a so-called financial intermediary, e.g. in connection with payments or lending; see question 4.5), the Collective Investment Schemes Act (if issuing or managing investment funds or engaging in other activities relating to collective investment schemes), the Financial Market Infrastructure Act (if acting as a financial market infrastructure, e.g. a multilateral trading facility), the Stock Exchange Act (if acting as a securities brokerdealer or as a proprietary trader), or the Insurance Supervision Act (if acting as an insurer or insurance intermediary). Moreover, inter alia, the CCA, the Data Protection Act ("DPA") as well as the National Bank Act may apply.
Depending on the specific business model, regulatory requirements may include licence or registration requirements as well as ongoing compliance and reporting obligations, in particular relating to organisation, capital adequacy, liquidity and documentation, as well as general fit-and-proper requirements for key individuals, shareholders and the business as such. Certain types of regulated businesses are prudentially supervised by FINMA on an ongoing basis in a two-tier approach whereby a regulatory audit firm appointed by the supervised firm conducts a significant part of the on-site reviews. The individual financial market laws provide for de minimis and other exemptions that can potentially be relevant for fintech operators depending on the type and scale of their activities. FINMA is the unified supervisory authority for the Swiss financial market, ensuring a consistent approach to the qualification and regulatory treatment of fintech operators. Furthermore, Switzerland has an established system of industry self-regulation by private organisations such as the Swiss Bankers Association SBA, the Swiss Funds & Asset Management Association SFAMA as well as numerous professional organisations for financial intermediaries. Some of the regulations issued by self-regulatory organisations have been recognised by FINMA as minimum standards (e.g. in the area of money laundering prevention).
3.2 Are financial regulators and policy-makers in your jurisdiction receptive to fintech innovation and technology-driven new entrants to regulated financial services markets, and if so how is this manifested?
Representatives of FINMA have expressed on various occasions that the Swiss regulator encourages innovation in the Swiss financial marketplace. FINMA has, inter alia, established a dedicated fintech desk to interact with fintech start-ups and held a roundtable focusing on blockchain technology with interested parties in May 2017. Furthermore, FINMA's CEO in particular supports legislative change to lower market entry barriers for innovative financial services providers and to establish Switzerland as a fintech hub. In the recent past, FINMA revised several of its circulars, which specify the practice of the regulator under the current legislation, to render them technology-neutral (e.g. by not requiring certain documentation to be held in physical written form). FINMA also published new circulars with the purpose of removing obstacles for technology-oriented financial services providers, notably a circular enabling video and online customer identification for anti-money laundering purposes (see question 4.5).
To further the efforts of the financial regulator for facilitating fintech, projects for legislative changes at various levels were initiated in late 2016. Certain elements of these projects were already implemented in 2017. In particular, the Swiss Federal Council (i.e. the Swiss federal government) amended the Swiss Banking Ordinance ("BO") with effect as of 1 August 2017, introducing the following reliefs with regard to licensing requirements:
- Innovation sandbox: Firms accepting deposits from the public or publicly holding themselves out as accepting deposits may profit from an exemption from the requirement to obtain a banking licence as long as the deposits accepted do not exceed CHF 1 million. This threshold is measured on the basis of the aggregate deposits held at any given point in time. The exemption is available to fintechs as well as any other type of business. However, operators that are mainly active in the financial sector are only allowed to benefit from the exemption if no interest is paid on the deposits and the funds are not invested. A business making use of the sandbox exemption is required to inform its customers that it is not supervised by FINMA and that deposits are not covered under the Swiss depositor protection scheme. The sandbox introduced with the amended BO allows fintech innovators (and other businesses) to develop and test their business idea without incurring the burden of requiring a banking licence or having to comply with prudential supervision requirements at an early stage of development.
- Extension of the maximum holding period of third-party monies on settlement accounts: With the amended BO, third-party monies accepted on interest-free accounts for the purpose of settlement of customer transactions do not qualify as deposits from the public (and therefore do not count towards a potential banking licence requirement) if the monies are held for a maximum of 60 days (instead of only seven days, as was the case before 1 August 2017). Crowdfunding platforms in particular, but e.g. also payment service providers, the business model of which typically requires holding third-party funds for a certain period of time, benefit from this broadened exemption. It should be noted that settlement accounts of foreign exchange dealers generally do not fall within the scope of the exception for settlement accounts. In the context of fintech, this may in particular affect cryptocurrency traders, which are subject to the same limitation if their business is conducted in a manner comparable to a traditional foreign exchange dealer.
Irrespective of the reliefs granted by the amended BO, anti-money laundering regulation continues to apply to fintech firms if they qualify as financial intermediaries (see question 4.5).
In addition to the changes to the BO, Swiss Parliament is currently preparing changes to the BA with the aim to introduce a new regulatory licence category below the fully fledged banking licence, i.e. a licence geared towards financial innovators (sometimes referred to as banking licence "light"). This project is being discussed in Swiss Parliament in the context of the deliberations on the planned Financial Services Act ("FinSA") and Financial Institutions Act ("FinIA"). The new licence category is intended to be available to fintech firms, but also other entities that accept public deposits but do not engage in commercial banking. Holders of the licence will be able to accept public deposits up to a total value of CHF 100 million, but will not be allowed to invest the deposits or pay interest on them. A higher threshold in excess of CHF 100 million can be approved by FINMA on a case-by-case basis if customers are protected through additional safeguards. The regulatory requirements for obtaining and maintaining the licence will be significantly reduced versus a fully-fledged banking licence. Inter alia, less demanding standards are expected to apply regarding financial reporting and audits as well as organisational, equity, capital adequacy and liquidity requirements. Deposits accepted under a banking licence "light" will not be covered by the Swiss depositor protection scheme, a fact that licence holders have to inform their customers about. As the National Council (the large chamber of Swiss Parliament) proposed a number of changes to the current drafts of the FinSA and FinIA, the Council of States (the small chamber of Swiss Parliament) will deliberate on the revised drafts (including the relevant provisions in the BA) again in its 2018 spring session. The reconciliation of differences between the National Council and the Council of States may be expected to take place in summer 2018 at the earliest.
The Swiss Federal Council is furthermore in the process of examining whether further regulatory measures with regard to fintech are necessary. In this context, the Federal Department of Finance together with the State Secretariat for International Financial Matters and FINMA work on a legal solution regarding the qualification of virtual currencies and regulatory requirements for ICOs. Moreover, the Swiss Federal Council has initiated roundtables with representatives of the financial sector and FINMA.
3.3 What, if any, regulatory hurdles must fintech businesses (or financial services businesses offering fintech products and services) which are established outside your jurisdiction overcome in order to access new customers in your jurisdiction?
The Swiss inbound cross-border regulatory regime for financial services is relatively liberal. Many Swiss financial market regulatory laws do not apply to fintech (and other) businesses that are domiciled abroad and serve customers in Switzerland on a pure cross-border basis, i.e. without employing persons permanently on the ground in Switzerland (including by frequent travel). Notably, the BA and the AMLA apply only to foreign operators that have established a relevant physical presence in Switzerland, e.g. a branch or representative office. That said, cross-border operators that are not regulated in Switzerland should refrain from creating an (inaccurate) appearance of "Swissness", e.g. by using a ".ch" website or referring to Swiss contact numbers or addresses.
It should be noted that some areas of Swiss financial regulation are more restrictive with regard to cross-border activities, notably the regulation of collective investment schemes as well as insurance regulation.
Furthermore, as Switzerland is not a member of the EU nor of the EEA, no passporting regime is available.
4 Other Regulatory Regimes / Non- Financial Regulation
4.1 Does your jurisdiction regulate the collection/use/ transmission of personal data, and if yes, what is the legal basis for such regulation and how does this apply to fintech businesses operating in your jurisdiction?
Swiss data protection law is set forth in the DPA and the implementing Data Protection Ordinance ("DPO"). Swiss data protection law is influenced significantly by EU law, both in terms of content and interpretation.
Fintech firms are subject to the DPA if they process personal data in Switzerland. In this context, the mere storage of personal data on a server in Switzerland is sufficient. Deviating from most foreign data protection laws, the DPA also treats information referring to legal entities as personal data. It is worth mentioning that Swiss data protection law is based on an "opt out" model, meaning that the processing of personal data is not allowed against the express wish of a data subject, but the consent of a data subject is not a requirement for lawful processing (subject to specific rules regarding the processing of particularly sensitive personal data).
A fintech firm processing personal data in Switzerland must do so in accordance with the following data processing principles: good faith, proportionality, purpose limitation, transparency, accuracy, data security, and lawfulness. Furthermore, an obligation to register a data file with the Swiss Data Protection Commissioner ("Commissioner"), prior to any data processing, applies if the controller of a data file regularly processes so-called sensitive personal data (e.g. health data or trade union related views and activities) or personality profiles (i.e. a collection of data that permits an assessment of essential characteristics of the personality of an individual), or regularly discloses personal data to third parties (including affiliates). The Commissioner maintains an online register of such data files (www.datareg.admin.ch). The registration is free of charge.
Swiss data protection law is currently under revision. The revised DPA is, however, not expected to enter into force before January 2019.
4.2 Do your data privacy laws apply to organisations established outside of your jurisdiction? Do your data privacy laws restrict international transfers of data?
The processing of personal data on equipment located in Switzerland is, in principle, in the scope of the DPA (see question 4.1). This is particularly relevant for foreign fintech firms that are processing personal data in Switzerland through branch offices or third-party service providers.
The DPA prohibits a disclosure (transfer) of personal data abroad if such a transfer could seriously endanger the personality rights of the data subjects concerned. This might be the case particularly if personal data is intended to be disclosed to a country where the local legislation does not guarantee an adequate protection of personal data. The Commissioner has published a (non-binding) list of countries that provide an adequate level of data protection. In particular, all EU Member States are deemed countries with adequate data protection rules. The main means to secure adequate protection for transfers to other countries is the use of model contracts for the transfer of personal data to third countries issued by the European Commission (EU Model Clauses), adapted to Swiss law requirements, or other contractual clauses explicitly recognised by the Commissioner. Another option is to obtain consent for the transfer from the data subject whose data is being transferred.
4.3 Please briefly describe the sanctions that apply for failing to comply with your data privacy laws.
The sanctions pursuant to the current DPA are moderate:
- Civil law sanctions: A data subject can file a request for an interim injunction against unlawful data processing. It is also possible to lodge a claim for the correction or deletion of data or a prohibition on the disclosure of data to third parties. In addition, a data subject is entitled to compensation for actual damage caused by unlawful processing or other breaches of the DPA.
- Criminal law sanctions: The Commissioner is not competent to issue any fines. However, based on article 34 DPA, the competent criminal judge may, upon a complaint, sanction private persons with a fine of up to CHF 10,000 if they have wilfully breached certain information obligations stipulated in the DPA.
4.4 Does your jurisdiction have cyber security laws or regulations that may apply to fintech businesses operating in your jurisdiction?
The topic of cyber security is addressed by a number of legal provisions and initiatives:
- The DPA and the DPO set forth certain general security requirements applicable to the IT infrastructure deployed when processing personal data. Such requirements are accompanied by the Commissioner's guide for technical and organisational measures to be taken when processing personal data. It is to be noted that the current DPA does not require data processors to notify a Swiss authority or the data subject concerned of personal data breaches.
- The Swiss Criminal Code ("SCC") provides for statutory offences which protect IT infrastructure against cybercrime (i.e. against the unauthorised obtaining of data, unauthorised access to a data processing system, data corruption, etc.).
- The Reporting and Analysis Centre for Information Assurance MELANI supports private computer and internet users as well as providers of critical national infrastructures (such as banks, telecommunication services providers, etc.) as regards to risks relating to the use of modern information and communication technologies.
In 2011, Switzerland ratified the Council of Europe Convention on Cybercrime of 2001 (which entailed certain amendments of the SCC and the Swiss Federal Act on International Mutual Assistance in Criminal Matters of 20 March 1981).
4.5 Please describe any AML and other financial crime requirements that may apply to fintech businesses in your jurisdiction.
The Swiss rules on the prevention of money laundering and terrorist financing are set forth in the AMLA, the Anti-Money Laundering Ordinance ("AMLO"), ordinances and circulars of FINMA as well as the rulebooks of recognised self-regulatory organisations. Generally speaking, anti-money laundering ("AML") regulation applies to so-called financial intermediaries (and partially to merchants accepting large sums, i.e. more than CHF 100,000, as payment in commercial transactions). On the one hand, certain prudentially regulated entities such as e.g. banks, securities dealers, fund management companies and life insurance undertakings qualify as financial intermediaries based on their regulatory status (per se financial intermediaries). On the other hand, any otherwise unregulated person or entity can qualify as a financial intermediary by virtue of its professional activities. In general, this refers to any person that, on a professional basis, accepts or holds on deposit third-party assets or that assists in the investment or transfer of such assets.
Many fintech business models include elements that lead to their operators qualifying as financial intermediaries. If this is the case and no exemptions are available, the fintech firm is required to either join a recognised Swiss AML self-regulatory organisation or, alternatively, submit to direct AML supervision by FINMA. In this context, the firm is required to comply with certain duties on an ongoing basis, in particular the duty to verify the identity of customers and the beneficial ownership in the relevant assets as well as documentation, reporting and audit requirements. In a push to eliminate barriers for technology-based business models, FINMA has introduced a new circular that enables onboarding of customers via digital channels, e.g. by means of video transmission and other forms of online identification. This model has also been replicated in the rulebooks of recognised AML self-regulatory organisations.
The AMLA includes specific criminal provisions sanctioning the violation of duties under AML regulation. In addition, certain offences in the area of corruption and money laundering are set forth in general criminal law, meaning that they apply to fintech (and other) firms regardless of their qualification as a financial intermediary.
4.6 Are there any other regulatory regimes that may apply to fintech businesses operating in your jurisdiction?
Aside from financial regulation in various areas (see question 3.1 et seqq.) and the data protection regime (see question 4.1 et seqq.), fintech firms have to comply with general corporate and civil law provisions as well as with Swiss competition law on the basis of the Unfair Competition Act. Furthermore, depending on the specific business model, the Telecommunications Act may apply.
Originally published by The International Comparative Legal Guide To: Fintech 2018
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.