FINMA, the Swiss financial regulator, recently identified a significant rise in digital fraud cases occurring within the banking sector. The Swiss Financial Market Supervisory Authority has published a comprehensive communication detailing findings from an investigation involving nineteen different financial institutions. This report emphasizes that technological advancements, particularly in the realm of artificial intelligence and automated payment processing, are creating new vulnerabilities for money laundering. Banks and certain persons defined under the Banking Act are now expected to implement much more robust organizational and technical measures to prevent financial crime. Failure to address these structural deficiencies can lead to severe legal consequences and a lasting loss of public trust in the Swiss financial marketplace.
Table of Contents
Digital Fraud Risk Management and Regulatory Compliance
The landscape of financial crime is shifting rapidly as criminals exploit the benefits of the digital transition to target banking infrastructures and their customers. According to recent findings, there has been a continuous increase in digital fraud cases since the end of 2022, a trend that is only expected to accelerate with the widespread adoption of generative artificial intelligence and instant payment systems. The regulator defines digital fraud functionally as any scam that utilizes digital technologies, information systems, or electronic communication to deceive and cause financial loss. Common examples include identity theft, the use of falsified documents to open accounts, and social engineering tactics like CEO fraud or wire fraud. These incidents do not just result in direct monetary losses for clients but also pose massive operational, legal, and reputation risks for the institutions themselves. When a bank fails to secure its digital channels, it risks becoming a conduit for illicit funds, which directly implicates its anti-money laundering responsibilities. The regulatory framework in Switzerland, including the Banking Act and the Anti Money Laundering Act, requires every institution to maintain a risk management system that is commensurate with its activities. This means that every essential risk must be detected, assessed, managed, and monitored at all times. The recent investigation revealed that many banks still lack clear governance structures to handle these specific digital threats. For instance, while some have formed temporary groups to discuss security, they often lack a documented regulation of competencies or a clear division of tasks among staff members.
Operational Deficiencies and the Need for Proactive Detection
The investigation into nineteen banks across various supervisory categories highlighted several critical gaps in how operational risks are handled. A notable portion of the surveyed institutions did not have any formal process for horizon scanning, which is the practice of identifying and anticipating future trends in fraud. Without this capability, banks are unable to proactively prepare for emerging threats or update their prevention measures before a new wave of attacks hits their systems. Furthermore, while some banks use real-time fraud detection technology, others still rely on manual analysis or ad hoc reviews that occur only after an incident has already been reported. This slow response time is particularly dangerous in the context of instant payments, where funds can be moved across borders in seconds. The regulator also noted a heavy reliance on third-party service providers, which sometimes prevents banks from quickly adjusting their detection rules when a new fraud pattern is identified. Effective defense requires a system that is integrated across the entire organization, yet many banks have fragmented policies where fraud is mentioned in separate documents for information security or money laundering, without any central coordination. Only about half of the institutions surveyed regularly present digital fraud indicators to their senior management, suggesting a lack of top-level oversight for what has become a major operational risk. To mitigate these issues, the authority recommends the establishment of interdisciplinary fraud desks that bring together expertise from security operations, payments, and risk management under a clearly defined hierarchy.
Vulnerabilities in Digital Account Opening and Transaction Monitoring
The shift toward digital onboarding has introduced specific risks related to identity verification and the subsequent misuse of accounts. Criminal organizations are increasingly using sophisticated methods to bypass regulatory controls, such as deepfake technology and manipulated video streams during the identification process. While digital account opening is a core part of modern banking, it must be accompanied by technical controls capable of detecting these advanced forgeries. The Swiss authorities have observed an increase in reports to the Money Laundering Reporting Office Switzerland specifically linked to accounts opened through digital channels. In many cases, the initial opening is performed using valid documents, but the account is later handed over to malicious third parties through phishing or social engineering. This creates a significant challenge for monitoring systems because the account holder appears legitimate at the start. Current findings show that many banks maintain high thresholds for identifying increased risk transactions, often reaching 100,000 or 200,000 Swiss francs. Such high limits, combined with systems that rely on fixed rules rather than behavior-based scenarios, make it extremely difficult to catch the smaller, rapid transactions typical of money muling or digital scams. There is also a distinct lack of integration between the data collected during the know your customer process and the actual monitoring of transactions. Often, the information gathered at the start of the relationship is used only for occasional plausibility checks rather than to inform the automated systems that flag suspicious activity. The regulator insists that these systems must become more sophisticated to detect the specific patterns of digital fraud and money laundering as they happen.
Strengthening Internal Controls and Client Awareness Programs
Building a resilient financial institution requires more than just technical tools; it demands a culture of continuous learning and rigorous internal testing. The survey indicated that several banks have no plans to increase training for their staff regarding digital fraud, while others provide only generic information that does not account for the specific roles of employees. For example, client advisors who interact directly with the public need specialized training to recognize the signs of social engineering that a back office IT specialist might never encounter. Similarly, the frequency and quality of client awareness initiatives vary wildly across the sector. Since customers are often the first line of defense against phishing and account takeovers, educating them is a critical component of a bank’s overall risk strategy. The effectiveness of any prevention measure must also be verified through regular audits and key control evaluations. Around twenty percent of the banks surveyed do not have central tools for controlling fraud risks or fail to evaluate the effectiveness of their existing controls on a regular basis. Technical measures like geoblocking, IP address risk assessment, and device fingerprinting are essential for authenticating clients in a digital environment, yet some institutions still do not utilize these standard tools. The regulator emphasizes that as risks evolve, the internal dispositif must be reevaluated and supplemented with additional measures if fraud cases begin to multiply. This could even include temporary restrictions on certain high-risk services if an institution cannot demonstrate that it has the necessary controls in place to prevent systematic abuse.
Key Points
- Swiss banks must establish clear governance and interdisciplinary desks to manage digital fraud.
- Technological advances like generative artificial intelligence require updated detection and verification tools.
- Transaction monitoring thresholds must be refined to capture the specific patterns of money muling.
- Regular staff training and client awareness programs are mandatory elements of a robust risk strategy.
Related Links
- FINMA Supervision Communication 02/2026 regarding digital fraud risks
- Swiss Banking Act and regulatory requirements for risk management
- Federal Act on Combating Money Laundering and Terrorist Financing
- Money Laundering Reporting Office Switzerland annual statistics and reports
- FATF guidance on digital identity and remote onboarding for financial institutions
Other FinCrime Central Articles About FINMA
- Strong Claims, Small Numbers, Are FINMA AML Penalties Enough?
- Leonteq Management Discharge Postponed Amid Serious Compliance Allegations
- FINMA Flags Stablecoins as High-Risk for Money Laundering
Source: FINMA
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
