Banking & Financial Markets Briefing
Bank-Compliance-Cockpit mit zwei Bildschirmen — Operations und GwG-Fachstelle — beide gespeist aus denselben Betrugsdetektions-Events

Fraud as Predicate Offence: Why Fraud KPIs Belong on the Compliance Board's Agenda

FINMA Supervisory Notice 02/2026 situates digital fraud operationally within operational risk. But Art. 146 StGB fraud is a predicate offence to money laundering under Art. 305bis StGB — institutions that report fraud KPIs only to Operations are leaving a reporting line unused that Art. 6 GwG presupposes.

Dr. iur. Servatius von Tatzenberg

Yesterday this publication argued that FINMA Supervisory Notice 02/2026 of 9 April 2026 anchors digital fraud doctrinally within operational risk — Art. 12 BankV, not Art. 9 GwG. That reading stands. But it is only half the story. The second half lies in the reporting line to the Compliance Board, and the Supervisory Notice does not open that line — it presupposes it.

Art. 146 StGB — fraud — is a felony within the meaning of Art. 305bis StGB. Anyone who conceals assets derived from a completed fraud commits money laundering. That is the doctrinal connection. But it only holds under a condition that is too often passed over in operational discussions: proceeds from a completed predicate offence must have flowed or be flowing through the institution.

Not every event captured by the fraud-monitoring system triggers a predicate-offence indicator. A blocked phishing attempt generates no usable proceeds. A reversed payment instruction leaves no funds that “derive from a criminal offence” within the meaning of Art. 305bis StGB. The AML threshold is not crossed simply because an attack was attempted, detected, or stopped at an early stage.

The predicate-offence indicator arises where a fraud has been fully executed and the proceeds generated have flowed or are due to flow through an account at the institution. Three operational categories warrant the closest attention. First: account misuse with debits that have already been executed, where the withdrawn funds were further transferred and could not be reversed. Second: fully executed CEO or BEC fraud wire transfers, where the bank processed payment instructions on the basis of a deception and the funds have left the account. Third: incoming transfers from accounts at third-party institutions where the financial intermediary has a substantiated indication of fraud at the sender — for example through a report from the correspondent bank or information provided by the customer.

In these constellations, assets may be present that derive from a completed Art. 146 StGB fraud. The enhanced investigation obligation under Art. 6(2) GwG is in principle engaged: the financial intermediary must investigate whether there are reasonable grounds to suspect that the assets involved derive from a felony. The outcome of that investigation determines whether a report to MROS under Art. 9 GwG is required.

What proportion proceeds-generating events represent of total detections depends on an institution’s profile. For banks with active payment operations and e-banking, it is not insignificant. The challenge is not the volume but the classification: which events fall into this category, and which team is responsible for making that determination?

The organisational gap under Art. 8 GwG

Art. 8 GwG requires financial intermediaries to put in place the organisational measures necessary to comply with their GwG obligations. For institutions that operate a fraud-monitoring function, this has concrete content: if the fraud-monitoring system captures events from which an enhanced investigation obligation under Art. 6(2) GwG may arise, a defined escalation path from the fraud-detection unit to the AML compliance unit must exist. If that path is absent, so is the organisational measure Art. 8 GwG demands.

The operational risk department that runs the fraud-monitoring system is not designed for this classification. It manages detection rates, false-positive rates, and loss volumes — that is its mandate. The question whether an executed debit derives from a completed fraud and whether an enhanced investigation under Art. 6(2) GwG must therefore be initiated belongs with the AML compliance unit. Without a structured data transfer, the unit never sees the relevant event.

That is the organisational gap Art. 8 GwG is designed to close: two units that could examine the same event from different angles, operating without a systematic connection. A bank that captures proceeds-generating fraud patterns operationally but does not mirror them in AML monitoring cannot in practice discharge its investigation obligation under Art. 6(2) GwG for those events. The AML compliance unit can only investigate what it sees.

Splitting the reporting

For the next Audit Committee meeting, this means adjusting the reporting architecture. Not two parallel sets of statistics — one categorised analysis of the same data set.

The first reporting line goes to Operations: detection rate, false-positive rate, loss volume. This is the fraud-monitoring system’s management logic and remains unchanged.

The second reporting line runs to the AML compliance unit and the Compliance Board: the same detection events, categorised by AML consequence. Three classes should be reported: events escalated to a suspicious activity report under Art. 9 GwG; events where an enhanced investigation under Art. 6(2) GwG was initiated but no report was filed; and events closed without AML consequence because no completed proceeds-generating fraud was present. This categorisation is the documented proof that fraud monitoring is embedded in compliance with the GwG.

The additional burden is modest if the classification is built into the monitoring system. For institutions that have not yet incorporated split reporting, the next system update is the natural moment to do so.

The supervisory standard and an open question

FINMA Supervisory Notice 02/2026 has situated fraud prevention within the operational risk management framework of Art. 12 BankV. That does not change the fact that the GwG implications begin where a fraud succeeds — not where it is detected. In a FINMA on-site inspection assessing Art. 8 GwG compliance, the question of data transfer from fraud monitoring to the AML compliance unit is not a specialist issue. It is the logical next step after reviewing the transaction-monitoring system itself.

The open question is whether FINMA will expressly address the connection between operational risk management and GwG compliance in future guidance — or whether, as in Supervisory Notice 02/2026, it will leave implementation to the institutions themselves. Without the second reporting line, the Compliance Board cannot today demonstrate that this implementation has taken place.