Sanctions and Embargoes – FINMA Specifies Requirements for Swiss Financial Intermediaries

Classification of the innovations ¹

 
_{1 This is a highly simplified presentation intended to enable a quick initial categorisation of the topic. Each institution should determine the relevance and the specific need for action individually and specifically.}

Recent Developments

Sanctions are now considered a key risk factor for the Swiss financial center – regardless of whether an institution operates globally or locally. Switzerland implements international sanctions measures through autonomous ordinances based on the Embargo Act. UN sanctions are legally binding for Switzerland under international law and must be adopted. Sanctions imposed by the EU or other countries are adopted selectively, depending on Switzerland’s foreign policy interests. At the same time, extraterritorial regulations – particularly those of the United States – are having an increasing impact, for example in USD payment transactions, the use of U.S. technologies, or through correspondent banking relationships.

Recent geopolitical developments – such as those in Russia or the Middle East – are leading to the continuous expansion and increasing complexity of sanctions lists and requirements. The prohibitions now extend beyond direct asset flows and sectors (such as energy, crude oil or defense) to include services like auditing, management and corporate consulting, IT infrastructure, cybersecurity, legal advisory services, and specific modes of transportation. The EU’s most recent sanctions package, for example, focuses on selected vessels with the aim of restricting the trading activities of Russia’s shadow fleet.

Expectations of FINMA and Supervisory Organisations (SO)

In May 2025, FINMA and SO further clarified their expectations regarding effective sanctions compliance management.

Rapid and Accurate Sanctions List Screening

FINMA expects financial intermediaries to screen new entries on sanctions lists against their client base within 24 hours and to update transaction filters accordingly (the latter primarily applies to banks). In addition to the SECO lists, depending on the institution’s risk appetite, this may also involve screening against EU, U.S. (OFAC), and UK sanctions regimes. Relying solely on third-party service providers is insufficient, as such providers often integrate updates with delays. Institutions must independently ensure that their systems and processes function on a real-time, up-to-date basis.

For portfolio managers with a relatively low-risk business model (in particular those working exclusively with Swiss, EU, or UK custodian banks), a sanctions screening within one week is considered appropriate – at least according to the communication of certain SOs. While a more in-depth review of sanctions implementation may be waived under certain circumstances during the supervisory audit, this does not imply that the institution is exempt from conducting sanctions list screening altogether.

Risk-Based Handling of Foreign Relationships

Clients from countries with an elevated risk of circumventing Russia-related sanctions – such as Turkey, Armenia, Kazakhstan, or the UAE – must be subject to enhanced due diligence. For foreign clients, FINMA expects clearly defined risk models, strengthened due diligence measures, and geographically tailored transaction filters. Domestic clients engaged in export activities may also be affected – particularly in cases involving goods subject to licensing requirements.

Monitoring of Sensitive Sectors and Services

Institutions must have a clear understanding of whether clients are active in sectors that are relevant from a sanctions perspective – such as technology, infrastructure, consulting, or dual-use goods. A central aspect is the economic plausibility of the client’s structure, business purpose, and payment flows.

Internal Organisation and Training

Clear policies, responsibilities, and control mechanisms must be established. Employees – particularly those in client-facing roles – must receive regular and targeted training on sanctions-related risks.

Consistent Review and Enforcement

Response times of more than 24 hours are considered risk-sensitive, and delays exceeding one week are deemed unacceptable from a regulatory standpoint. A lack of defined processes or excessively long review periods may result in findings or deficiencies noted by the audit firm.

Conclusion

Sanctions are not only legally relevant but also pose significant reputational and operational risks. Regulatory expectations for financial intermediaries are steadily increasing – technically, through more robust screening processes; organisationally, through deeper KYC checks, stricter client onboarding procedures, and enhanced transaction monitoring. Clear policies, functioning processes, and effective controls are just as critical as the regular reassessment of an institution’s sanctions risk exposure. 

At the same time, it is essential that potential sanctions hits are identified and addressed within 24 hours (or within one week for low-risk institutions), whether system-based or manual. Response times of one week or more are considered unacceptable from a supervisory perspective and require immediate adjustments to internal procedures.