On 12 May 2026 FINMA opened a consultation on the partial revision of the Geldwäschereiverordnung (GwV-FINMA). Responses are due by 9 June 2026; entry into force is scheduled for 1 January 2027, alongside updates to the relevant self-regulatory standards including CDB 20. Three of the proposed clauses, read together, do something FINMA itself describes as codification: they require the financial intermediary to produce the documentary chain rather than rely on the client’s word and wait for the regulator to disprove it.

FINMA’s stated rationale names three drivers: amendments to the Geldwäschereigesetz (GwG), implementation of FATF recommendations from Switzerland’s most recent Mutual Evaluation Report, and “Kodifizierung der aktuell geltenden Aufsichtspraxis” — codification of supervisory practice already in force. The third driver is the operative one. The expectations the regulator has been enforcing through supervision now sit in ordinance text, which removes the next defendant’s surprise argument.

1. Ownership and control. The new wording requires the financial intermediary to be able to trace (nachvollziehen können) the counterparty’s ownership and control structure. The standard is documentary: the intermediary must produce the chain on demand, not rest on a representation from the client. The Form A declaration remains a necessary step; the new wording adds an independent reconstruction duty on top. The trace extends to sub-accounts the counterparty maintains for its own clients — the intermediary owes the same documentation for the next layer down.

2. Sanctions and embargoes. The revision adds an express provision requiring organisational measures aimed at preventing breaches of coercive measures under the Embargo Act (EmbG). General risk-management principles already covered sanctions screening; the change is what it does in litigation. A sanctions hit that traces to an absent control becomes a breach of a named ordinance article rather than a derived expectation. “We screened in line with industry standard” loses its anchor when the ordinance prescribes the standard.

3. Correspondent banking via transitory accounts. The intermediary may execute payments on behalf of the counterparty’s clients through pass-through or payable-through arrangements. The operative condition: the counterparty must be able to supply the underlying client information on request. The clause is drafted as a precondition, not a backstop. The retrospective due-diligence model — process the wire, gather the file later — is no longer compliant. The intermediary that processes the payment without the file already in hand has already breached.

Codification. In its press release FINMA describes the revision as writing existing supervisory practice into ordinance text. The regulator is not announcing new law; it is converting expectations it has already been applying into named ordinance obligations. Counsel who would later argue at a proceeding that the nachvollziehen können standard came as a surprise would be arguing against the regulator’s own published characterisation of what the revision does.

Two further changes deserve a line each. The revision repeals the long-obsolete Liechtenstein payment exemption — a provision rendered redundant by the QR-code payment systems introduced in 2020, which transmit the full payment data the exemption was designed around. And the consultation extends the ordinance’s reach to Digital Asset Service Providers, a quiet but consequential expansion. Fincrime Central emphasises senior-management accountability and the prospect of more frequent on-site audits under the new regime; GRC Report concentrates on the beneficial-ownership and correspondent-banking obligations.

For an in-house counsel, the brief to the CFO runs in three sentences. The mechanism is a documentary burden-shift: the financial intermediary must now produce, on demand, the chain of beneficial ownership, the sanctions-screening evidence, and the contemporaneous customer information for any pass-through payment. The cost lies in KYC remediation, file-completion programmes, and audit budget ahead of the first FINMA visit under the new regime, which becomes operative on 1 January 2027 alongside updates to the relevant self-regulatory frameworks. The consultation text is silent on whether the documentary burden also attaches to the responsible officer in addition to the institution, which leaves the individual-liability question to be tested in the first enforcement decision under the new wording.

FINMA already holds the Berufsverbot under Art. 33 FINMAG to bar individuals from senior functions, and has applied it sparingly to date. The revised GwV-FINMA codifies the institutional duty without extending the operative breach to a named natural person; whether FINMA reaches for Art. 33 alongside an institutional sanction in the first proceeding under the new wording will settle the practical scope. That proceeding is unlikely to surface before late 2027, once a 2027-vintage audit cycle produces a triable file. Until then, the consultation comment period — closing 9 June — is the only forum for narrowing the ordinance’s reach.