1 March 2026
Methodology About Contact
ZUG DLT
The Vanderbilt Terminal for Distributed Ledger Technology
INDEPENDENT INTELLIGENCE FOR SWITZERLAND'S DLT ECOSYSTEM
DLT Securities Issued CHF 500M+| SDX Participants 25+| Swiss DLT Firms 1,200+| Project Helvetia Active| FINMA DLT Licences 2+| DLT Act Aug 2021| DLT Securities Issued CHF 500M+| SDX Participants 25+| Swiss DLT Firms 1,200+| Project Helvetia Active| FINMA DLT Licences 2+| DLT Act Aug 2021|
Legislation Intelligence

Switzerland's AMLA and Crypto: Anti-Money Laundering Obligations for DLT Businesses

Switzerland's Anti-Money Laundering Act (AMLA/GwG) applies to crypto and DLT businesses with the same force it applies to banks. Any person who professionally accepts or holds third-party assets — including cryptocurrency — is a financial intermediary under Swiss law, subject to due diligence, suspicious activity reporting, and Travel Rule obligations that carry criminal penalties for non-compliance.

Donovan Vanderbilt · 25 February 2026 · 11 min read

Switzerland’s anti-money laundering framework did not require fundamental reinvention to accommodate cryptocurrency and DLT businesses. The Federal Act on Combating Money Laundering and Terrorist Financing — the Geldwäschereigesetz (GwG), known in English as the Anti-Money Laundering Act (AMLA) — already applied the financial intermediary concept broadly enough to capture crypto businesses from the earliest days of Swiss crypto market development. What changed with the emergence of crypto was the application of established AMLA concepts to novel technical circumstances: blockchain-based asset transfers, pseudonymous addresses, decentralised custody, and cross-border transactions conducted outside the conventional correspondent banking network.

This article provides a comprehensive analysis of AMLA obligations for DLT businesses operating in or from Switzerland — covering who is subject, what is required, how the Travel Rule applies to crypto, and what penalties apply for non-compliance.

The AMLA Framework: Core Architecture

The GwG has three interlocking elements that define its scope and operation:

The financial intermediary concept defines who is subject to AMLA. Under Article 2 GwG, the Act applies to “financial intermediaries” — a category that includes banks, securities dealers, fund managers, and insurance companies (the parafiscal sector), but also, critically, any person who professionally accepts or holds third-party assets or assists in the investment or transfer of such assets (the non-banking financial sector). This second category is the gateway through which crypto businesses enter AMLA scope.

Due diligence obligations (Articles 3–11 GwG) require financial intermediaries to verify client identities, establish the identity of beneficial owners, understand the purpose of business relationships, and conduct enhanced due diligence for higher-risk relationships (politically exposed persons, high-risk business activities, high-risk countries).

Duty to report (Articles 9–11 GwG) requires financial intermediaries to file suspicious activity reports (SARs) with the Money Laundering Reporting Office Switzerland (MROS) when they know or have reasonable grounds to suspect that assets are connected to money laundering, a predicate offence, or terrorist financing — and to freeze the assets pending MROS investigation.

Who Is a Financial Intermediary Under AMLA?

For a crypto or DLT business, the first analytical question is whether it falls within AMLA’s financial intermediary definition. The Federal Department of Finance has confirmed, and FINMA has applied in practice, that the following crypto activities constitute professional acceptance or holding of third-party assets, bringing the operator within AMLA scope:

Cryptocurrency exchanges (virtual asset service providers / VASPs): Any platform that exchanges one cryptocurrency for another, or cryptocurrency for fiat currency, for clients on a professional basis is a financial intermediary. This includes centralised exchanges, OTC trading desks, and crypto brokerage services.

Crypto custody services: Any business that holds private keys or otherwise maintains custody of cryptocurrency on behalf of clients is a financial intermediary. The legal analysis is identical to that for a bank holding cash or a securities custodian holding bonds: the business has physical or digital control over third-party assets.

Crypto payment processors: Services that accept cryptocurrency payments on behalf of merchants — converting crypto receipts to fiat and crediting the merchant — are financial intermediaries because they professionally hold third-party assets in transit.

DLT securities issuance and custody: Entities that issue Registerwertrechte (DLT securities under the Swiss DLT Act) or provide custody services for such instruments must satisfy AMLA obligations in the same manner as traditional securities intermediaries.

What is NOT a financial intermediary: Mining and validation node operation (passive infrastructure, no third-party asset custody); development of open-source DLT software; non-custodial wallet software providers (where the user retains sole control of private keys); and academic or research DLT activities.

The “professional” threshold under AMLA is important: occasional or one-off crypto transactions do not create AMLA obligations. FINMA guidance indicates that commercial intent and regularity of activity determine whether the “professional” threshold is met — there is no fixed transaction count or volume threshold.

Affiliation Obligation: FINMA or an SRO

Every financial intermediary under AMLA that is not already supervised by FINMA as a licensed institution (bank, securities dealer, etc.) must affiliate with a self-regulatory organisation (SRO) recognised by FINMA under Article 24 GwG.

The SRO system is Switzerland’s solution to the challenge of supervising a large and diverse population of non-bank financial intermediaries. Recognised SROs develop AMLA compliance rules for their member categories, enforce those rules through member audits and disciplinary procedures, and report to FINMA on systemic AML issues in their sector.

VQF (Verein zur Qualitätssicherung von Finanzdienstleistungen) is the most widely used SRO for crypto businesses in Switzerland. VQF has developed crypto-specific AMLA compliance rules, has staff experienced in assessing blockchain-based business models, and has established a track record of working with FINMA on emerging crypto AML issues. VQF membership for a crypto VASP typically requires submitting a detailed business description, demonstrating an AML compliance programme, passing an initial compliance assessment, and submitting to ongoing annual audits.

Other relevant SROs for crypto businesses include ARIF (Association Romande des Intermédiaires Financiers, primarily for French-speaking Switzerland) and PolyReg (Allgemeiner Selbstregulierungs-Verein).

Entities that exceed the thresholds requiring a FINMA licence (as a bank, securities dealer, or payment institution) cannot be members of an SRO — they must be directly supervised by FINMA. The DLT Act’s creation of the DLT trading facility licence and FINMA’s licensing of Sygnum and AMINA Bank as full banks are examples of direct FINMA supervision applied to crypto businesses that have reached licence-threshold scale.

Key Due Diligence Requirements

Client Identification

All clients must be identified before a business relationship is established or, for one-off transactions, before the transaction is executed. For natural persons, identification requires a valid government-issued photo identity document. For legal entities, identification requires commercial registry excerpts and documentation of authorised signatories.

Crypto businesses must verify identification documents through equivalent procedures to banks — physical or digital document review, with enhanced procedures for higher-risk clients. Remote KYC (video identification or document scanning with liveness detection) is permissible under FINMA guidance, provided it meets equivalence standards.

Beneficial Owner Identification

Where a client is acting for a beneficial owner other than themselves — a corporate client with natural person shareholders, a trust, or a nominee arrangement — the beneficial owner must be identified. Swiss AMLA uses a 25% shareholding threshold: any natural person with 25% or more ownership or control of a legal entity client must be identified as a beneficial owner.

For crypto clients using smart contract-based structures (DAOs, multi-signature wallets with multiple natural person controllers), beneficial owner identification requires analysis of the governance structure and control mechanisms — a fact-specific exercise that is more complex than for conventional corporate clients.

The CHF 5,000 Cash Transaction Threshold — and Its Crypto Equivalent

Article 3(2) GwG requires financial intermediaries to identify clients for any cash transaction of CHF 5,000 or more, regardless of whether a continuing business relationship exists. This threshold was designed for cash transactions but applies equivalently to cryptocurrency transactions for AMLA purposes.

FINMA’s position, consistent with FATF Guidance on Virtual Assets, is that the CHF 5,000 threshold applies to cryptocurrency transactions by reference to the CHF equivalent value at the time of the transaction. A crypto exchange must therefore identify any client conducting a cryptocurrency transaction with a fiat equivalent of CHF 5,000 or more, even on a one-off basis with no continuing relationship.

For blockchain-based businesses where transactions may be pseudonymous, this requires implementing address screening and value monitoring systems that flag transactions at or above the identification threshold before processing.

The Travel Rule in Switzerland: FINMA Circular 2022/2

The Travel Rule — FATF Recommendation 16, requiring that originator and beneficiary information travel with wire transfers — was extended to virtual asset transfers by the FATF’s 2019 revision of its standards on virtual assets. Switzerland implemented the crypto Travel Rule through FINMA Circular 2022/2 on the Combating of Money Laundering in the Banking Sector, which came into force on 1 January 2023.

What the Swiss Travel Rule Requires

Under FINMA Circular 2022/2, Swiss-regulated VASPs and financial intermediaries must, for every virtual asset transfer:

  1. Collect and verify originator information before the transfer is executed: the originator’s name, account number (blockchain address), and one of: physical address, national ID number, date and place of birth, or customer identification number.

  2. Transmit originator and beneficiary information to the receiving VASP with the transfer. For transfers to VASPs in countries that have implemented FATF Recommendation 16 equivalently, the information must be transmitted through a VASP-to-VASP messaging system.

  3. Screen received transfers for completeness of originator/beneficiary information and for sanctions and PEP exposure.

The CHF 1,000 Threshold

The Swiss Travel Rule applies to virtual asset transfers above CHF 1,000 (equivalent value). This is lower than the FATF’s default threshold of USD/EUR 1,000, reflecting Switzerland’s decision to apply a more conservative standard. For transfers below CHF 1,000, the full Travel Rule data transmission requirement does not apply, though basic transaction monitoring obligations remain.

Unhosted Wallets

A significant operational challenge for Swiss VASPs is the treatment of transfers to and from unhosted wallets — blockchain addresses not controlled by any regulated VASP. When a client withdraws cryptocurrency to their own personal wallet, there is no receiving VASP to transmit Travel Rule data to.

FINMA’s approach, reflected in Circular 2022/2, requires enhanced due diligence for unhosted wallet transfers. A Swiss VASP must verify that its client controls the destination unhosted wallet — typically through a micro-transaction proof or a signed message from the wallet address — before processing withdrawals to that address. This “proof of ownership” requirement adds friction but provides meaningful assurance that crypto outflows are not being diverted to third-party controlled addresses for layering purposes.

Travel Rule Technology

The practical implementation of the Travel Rule for crypto requires interoperability between VASPs’ Travel Rule systems. Several Travel Rule protocols are in use globally — TRISA (Travel Rule Information Sharing Architecture), OpenVASP, Notabene, and Sygna Bridge among them. Swiss VASPs are not mandated to use any specific protocol but must be able to exchange compliant Travel Rule data with their counterparties. FINMA has indicated that inability to implement Travel Rule data transmission with counterparty VASPs is a compliance deficiency.

Suspicious Activity Reporting: The MROS Process

Switzerland’s Money Laundering Reporting Office Switzerland (MROS) — Meldestelle für Geldwäscherei — is the national financial intelligence unit (FIU) responsible for receiving, analysing, and disseminating suspicious activity reports from financial intermediaries.

The SAR Filing Obligation

Under Article 9 GwG, a financial intermediary must file a SAR with MROS when:

  • It knows or has reasonable grounds to suspect that assets involved in a business relationship or transaction are connected to money laundering, a predicate offence, or terrorist financing; or
  • It is contacted in connection with assets that it has previously frozen under Article 10 GwG.

The filing obligation is not discretionary — it is mandatory when the knowledge or suspicion threshold is met. Filing a SAR is not a criminal allegation; it is a regulatory requirement to report suspicion to the appropriate authority.

The Tipping-Off Prohibition

A financial intermediary that has filed or is contemplating filing a SAR must not tip off the subject of the report. Informing a client that their account has been flagged, that a SAR has been filed, or that their assets are under investigation is a criminal offence under Article 10a GwG. For crypto businesses, this means that AML compliance systems must be segregated from client-facing systems — automated transaction monitoring alerts must not be visible to client service staff who may inadvertently reveal them.

Asset Freezing

Upon filing a SAR, a financial intermediary must freeze the relevant assets — suspend any further transactions in the cryptocurrency or fiat funds subject to the report — pending MROS guidance. MROS has five business days to either direct the financial intermediary to maintain the freeze pending prosecution referral or to release the assets. The maximum freeze period without a prosecution order is 40 days.

For a crypto VASP, asset freezing means technically blocking the withdrawal or transfer of the flagged cryptocurrency holdings. This requires integration between the AML monitoring system and the custody/transaction execution system — a technical architecture requirement that must be built before the VASP commences operations, not retrofitted after a suspicious transaction is identified.

FATF Recommendations 15 and 16: The International Framework

Switzerland’s AMLA framework is designed to implement the Financial Action Task Force (FATF) standards — the international AML/CFT framework that FATF member states (including Switzerland) are obligated to implement and subject to mutual evaluation.

FATF Recommendation 15 requires that countries assess and mitigate the money laundering and terrorist financing risks of virtual assets and virtual asset service providers. It requires that VASPs be regulated, licensed or registered, and supervised for AML/CFT compliance. Switzerland’s AMLA financial intermediary framework, the SRO system, and FINMA’s direct supervision of licensed crypto entities collectively satisfy this requirement.

FATF Recommendation 16 — the Travel Rule for wire transfers — requires that originator and beneficiary information accompany wire transfers of USD/EUR 1,000 or more. The 2019 FATF guidance extending this to virtual assets is what Switzerland implemented in Circular 2022/2, with the more conservative CHF 1,000 threshold.

Switzerland completed its most recent FATF Mutual Evaluation in 2016 (with a follow-up review in 2020), receiving generally positive assessments of its AML framework. The mutual evaluation noted the breadth of the financial intermediary concept as a strength, and recommended further work on virtual asset oversight — work that FINMA and the Federal Council have since addressed through the enhanced crypto AMLA framework and the DLT Act’s regulatory infrastructure.

Penalties for AMLA Violations

The GwG’s penalty regime is both administrative and criminal:

Administrative consequences: FINMA can withdraw a financial institution’s licence, issue enforceable orders requiring remediation of AML deficiencies, publish enforcement actions (the “naming and shaming” mechanism under Article 34 FINMAG), and order disgorgement of illegally acquired profits.

Criminal penalties under the GwG: Article 37 GwG provides for fines of up to CHF 500,000 for wilful failure to comply with due diligence obligations and up to CHF 150,000 for negligent failure. For SRO members, the SRO’s own disciplinary procedure (which can include expulsion, ending the member’s AMLA compliance pathway) runs in parallel with criminal proceedings.

Criminal liability under the Swiss Criminal Code: Participation in or failure to prevent money laundering under Article 305bis SCC carries imprisonment of up to three years or a fine for natural persons. Corporate criminal liability under Article 102 SCC can result in fines of up to CHF 5 million for corporations that failed to take the required organisational measures to prevent money laundering.

FINMA enforcement actions against crypto businesses for AMLA violations have increased in frequency since 2021. Documented actions have included licensing denials, orders to cease operations pending remediation, and referrals to the Swiss attorney general for criminal investigation.

Frequently Asked Questions

Does AMLA apply to a DeFi protocol deployed from Switzerland?

FINMA has taken the position that the AMLA financial intermediary test applies to persons, not protocols. A DeFi protocol that operates fully autonomously without any identifiable operator or administrator controlling asset custody may fall outside AMLA scope. However, if a Swiss-domiciled entity or individual controls the protocol’s upgrade keys, collects fees, or exercises administrative control over user assets, that entity is likely a financial intermediary subject to AMLA. FINMA’s 2019 guidance on DLT/Blockchain explicitly noted that the degree of decentralisation is a key factor in AML scope analysis.

What is the penalty for failing to join an SRO?

Operating as a financial intermediary without SRO affiliation (or direct FINMA licensing) is a criminal offence under Article 44 FINMAG, carrying imprisonment of up to three years or a fine. FINMA maintains a list of unauthorised financial intermediaries and has actively prosecuted unlicensed crypto businesses operating from Switzerland.

Are NFT platforms subject to AMLA?

NFT platform operators may be financial intermediaries if they professionally facilitate the transfer of high-value assets. FINMA has not issued specific NFT guidance, but the FATF’s 2021 updated guidance on virtual assets indicates that NFTs used for investment or speculative purposes — rather than as pure collectibles — may fall within VASP scope. Swiss NFT platform operators should conduct a specific AML scope analysis rather than assuming exemption.

How does the Travel Rule apply to privacy coins?

FINMA has not specifically prohibited privacy coin (Monero, Zcash) transactions, but the inability to extract originator/beneficiary information for Travel Rule compliance from a privacy coin transaction creates a practical compliance problem. Most Swiss-regulated VASPs have chosen to delist or refuse to process privacy coins to avoid Travel Rule non-compliance — a de facto market standard rather than a formal legal requirement.

What records must be kept, and for how long?

Under Article 7 GwG, financial intermediaries must keep records of client identification documents, business relationship documentation, and transaction records for 10 years after the end of the business relationship or execution of the transaction. For blockchain-based businesses, this means retaining the mapping between blockchain addresses and KYC-verified client identities — not merely the on-chain transaction records, which are immutable but pseudonymous.

Donovan Vanderbilt is Editor of ZUG DLT, published by The Vanderbilt Portfolio AG, Zurich. This analysis is for informational purposes only and does not constitute legal advice. See our full Disclaimer.

AMLA Switzerlandcrypto AMLGwGTravel RuleFINMADLT complianceVQF SRO
READ THE NETWORK PERSPECTIVE
Zug Blockchain — Crypto Valley Intelligence → Blockchain ecosystem intelligence
About the Author
Donovan Vanderbilt
Founder of The Vanderbilt Portfolio AG, Zurich. Institutional analyst covering Swiss DLT legislation, tokenised securities regulation, enterprise distributed ledger adoption, and the legal infrastructure enabling Switzerland's digital asset economy.
In This Article
Market Indicators
DLT Securities Issued CHF 500M+
SDX Participants 25+
Swiss DLT Firms 1,200+
Project Helvetia Active
FINMA DLT Licences 2+
DLT Act Aug 2021
Related Intelligence
Legislation Intelligence
27 Feb 2026
Legislation Intelligence
27 Feb 2026
Legislation Intelligence
27 Feb 2026
Network Intelligence
Zug Blockchain
Crypto Valley blockchain intelligence
Zug Finance
Swiss private banking & fintech
Zug Economy
Canton Zug economic intelligence
Zug Business
Swiss company formation & operations
Zug Web3
Decentralised protocol intelligence
Zug DAO
Decentralised governance intelligence
Zug Commodities
Swiss commodity trading intelligence
Zug Trading
Digital asset trading & exchanges
Zug Oil
Swiss energy trading intelligence
Zug Estates
Swiss real estate intelligence