FINMA sets digital-fraud risk expectations for banks
Swiss banks must bring digital-fraud risks into operational-risk and AML controls
FINMA
·
Change
On 9 April 2026, FINMA issued guidance requiring banks and persons under Article 1b of the Banking Act to establish risk-management frameworks that identify, assess, manage and monitor digital-fraud risks.
Why it matters
FINMA now expects digital-fraud risk to be handled as an enterprise-wide operational-risk and AML issue, not only as a customer-protection problem. Banks must cover risks from online client onboarding, unauthorised account access and the use of bank accounts to launder fraud proceeds. The guidance makes digital-channel controls, fraud-risk monitoring and AML detection part of the same supervisory expectation.
Implications
- — Senior management at banks and persons under Article 1b of the Banking Act must document a digital-fraud risk-management framework covering all business activities — failure leaves the firm outside FINMA’s stated supervisory expectations.
- — Operational-risk teams must include online client onboarding and unauthorised account-access scenarios in digital-fraud risk assessments — failure leaves key digital-channel attack vectors outside the firm’s control framework.
- — AML and compliance teams must update monitoring controls to detect bank accounts used to launder proceeds of digital fraud — failure leaves fraud-proceeds laundering risk insufficiently covered under FINMA’s guidance.
Full decision brief
See the decision layer
Use 1 free preview to unlock implications, who’s affected, what to watch, and Clarify for this brief.
2 free previews left this month · Resets 1 Jun
Source