2024 Regulatory highlights

As indicated in the recent FINMA Guidance 01/2024, a majority of the portfolio managers who filed a license application have now been authorized, while the remaining opened applications shall soon be approved.  

Having reached this first important step, portfolio managers must now ensure to complete their implementation properly and apply their new internal regulations and policies to pass the next milestone: their first full prudential audit, which will cover not only anti-money laundering aspects, but also compliance with the Financial Services Act (“FinSA”) and the Financial Institution Act (“FinIA”).

 

Cecilia Peregrina
Senior Manager, Banking and Asset Management, Fintech,
Blockchain & Digital Assets, PwC Legal Switzerland

 

The year 2023 is also the year that marked the entry into force of the revised Act on Data Protection as well as some amendments to the Anti-Money Laundering Act (“AMLA”) and its corresponding Ordinance (“AMLO”).

Finally, as newly supervised entities, portfolio managers should particularly pay attention to their tax-related duties.

Without being exhaustive, these should be the main regulatory highlights of 2024 for portfolio managers.

 

1. Implementation of internal regulations

After receiving FINMA’s authorization, portfolio managers must confirm to FINMA the entry into force of their organizational regulations and internal policies. As a result, authorized portfolio managers now need to comply with their internal policies and must ensure that they can adequately document such compliance. In practice, this means:

  1. Identifying and understanding all of their duties;
  2. Defining the processes that must be implemented to comply with such duties;
  3. Updating the current internal documentation or establishing new documentation.

Among the most important new or to-be-updated internal documents, are the following:

  • Minutes of meetings of the Board of Directors and of the Executive Management;
  • Reports from the various bodies, i.e. Executive Management, Risk management and Compliance functions, including notably the updated risk matrix and AML risk analysis;
  • Clients’ register including AML, FinIA and FinSA related-information;
  • Onboarding package for clients from an AML and FinSA perspective and their approval by the concerned body, i.e. the Executive Management and/or the Compliance function;
  • Traveling list of the employees;
  • Watch list and restricted list;
  • List and monitoring of continuous training of notably the qualified directors and person(s) in charge of the compliance and risk management functions.

 

2. Implementation of the revised AML regulation and the updated AML risk analysis

The latest amendments to the AMLA came into force on 1 January 2023 and introduce the following new obligations:

  • Verification of information concerning the beneficial owner;
  • Regular updating of clients’ data.

Consequently, the portfolio managers’ AML policy must be updated accordingly.

In addition, in the context of the overall AML framework of portfolio managers, particular attention should be paid to FINMA Guidance 05/2023 on Money laundering risk analysis pursuant to Article 25 para. 2 AMLO-FINMA, where FINMA has identified systematic deficiencies in banks’ compliance with their AML risk analysis. In response to these findings, FINMA has transparently published its expectations regarding compliance with its Ordinance. Even though established based on the AML risk analysis drafted by Banks, FINMA explicitly stated that its observations and experiences can also be applied analogously to FinIA institutions, including therefore portfolio managers.

Consequently, when establishing their updated AML risk analysis, portfolio managers should consider FINMA’s expectations detailed in the Guidance 05/2023.

 

3. Implementation of the revised Act on Data Protection

The revised Swiss Federal Act on Data Protection (revFADP) entered into force on 1 September 2023. The aim of this new Act is to align Swiss data protection law with the standards of the European Union, under the General Data Protection Regulation (GDPR).

Depending on the activities and organization of each portfolio manager, a stand-alone policy on data protection may not always be required.

However, each portfolio manager should analyze the potential need for such policy and at least put in place internal processes such as to ensure compliance with the revFADP, in particular when personal data is transferred abroad, and to ensure timely reporting in case of cyberattack and data breach.

 

4. Overall compliance with tax-related matters

Finally, it is worth mentioning that, as newly supervised entities, portfolio managers should pay particular attention to their tax-related duties.

A review of the treatment of the payments to business introducers in terms of VAT and/or social insurance would be advisable.

In addition, portfolio managers managing assets deposited with foreign custodian banks shall ensure that they comply with their obligations in connection with the securities transfer tax, see notably for more detailed information the Newsletter VSV Nr. 14.

 

 

Biography

Cecilia Peregrina is an experienced legal and regulatory advisor in the financial services industry. She is a senior manager within PwC Legal Switzerland. She is actively involved in all legal, regulatory, and corporate matters relating to financial institutions, including portfolio managers.