Every financial intermediary operating in Switzerland must be supervised. If your business handles third-party funds, exchanges currencies, provides payment services, deals in crypto assets, or carries out any of a broad range of para-banking activities, Swiss law requires you to affiliate with a FINMA-recognised Self-Regulatory Organisation (SRO) before commencing operations — or face criminal liability.
This guide covers the legal basis, who must join, how to choose the right SRO, what the application involves, what it costs, and what your ongoing obligations look like once you are a member.
The Legal Basis: AMLA and the SRO System
The obligation to join an SRO flows directly from the Anti-Money Laundering Act (AMLA / Geldwaeschereigesetz, GwG). Under AMLA Article 2, financial intermediaries are subject to the full scope of Swiss AML obligations. Under AMLA Article 14, every financial intermediary must either:
- be directly supervised by FINMA (as a bank, insurance company, or securities firm), or
- affiliate with a FINMA-recognised Self-Regulatory Organisation and remain subject to its supervision
There is no third option. Operating as a financial intermediary in Switzerland without one of these two supervisory relationships is a criminal offence under AMLA Article 44, punishable by a fine of up to CHF 500’000 for the responsible individuals, and FINMA can order immediate cessation of the business.
The SRO system is not a light-touch compliance formality. FINMA sets the overarching AML standards; each SRO translates those standards into binding member regulations and supervises compliance through ongoing reporting requirements, periodic audits, and the power to expel non-compliant members.
Who Must Join an SRO?
The category of persons required to join an SRO under AMLA is broader than most founders expect. The statutory definition of “financial intermediary” in AMLA Article 2(3) covers any person who, on a professional basis, accepts or holds third-party assets or assists in transferring or investing them.
FINMA’s interpretive guidance (GwV-FINMA) clarifies that the following activities typically constitute financial intermediation:
- Currency exchange and foreign exchange dealing (forex dealers, currency exchange offices)
- Payment services — processing third-party payments, operating payment infrastructure
- Crypto and virtual asset services — exchanges, brokers, custodians, payment processors dealing in digital assets
- Independent asset management of third-party portfolios (below the FinIA licensing threshold or for intermediaries that are not FinIA-licensed)
- Fund distribution — distributing collective investment schemes without a CISA licence
- Leasing companies — commercial leasing where the intermediary holds and manages financing flows
- Factoring companies — purchasing receivables from third parties as a business activity
- Trust and fiduciary services — managing assets or structuring transactions on behalf of clients
- Consumer credit and mortgage intermediation — where the intermediary handles client funds
The “professional basis” threshold is met when financial intermediation generates revenue and is conducted with the intent of generating profit on a recurring basis. Occasional or one-off activities may fall below the threshold, but any business whose core revenue model involves the activities listed above is professional.
Who Does NOT Need an SRO
FINMA-licensed entities are already directly supervised and do not require SRO membership:
- Banks licensed under the Banking Act (BankG)
- Insurance companies licensed under the Insurance Supervision Act (ISA)
- Securities firms and licensed asset managers authorised under the Financial Institutions Act (FinIA)
- Fund management companies licensed under CISA
The critical distinction introduced by the FinSA/FinIA reforms (effective 1 January 2020) is that independent asset managers managing third-party assets must now obtain a FINMA licence under FinIA rather than relying on SRO membership alone. SRO membership was the prior standard for independent asset managers; since 2020 it is no longer sufficient. Asset managers with existing SRO membership had until 31 December 2022 to obtain FinIA authorisation. An asset manager operating in Switzerland with only SRO membership and no FinIA licence is non-compliant.
This means: para-banking financial intermediaries (forex dealers, payment processors, crypto businesses, leasing companies, distributors, factoring) require SRO membership. Independent asset managers managing third-party portfolios require a FinIA licence from a FINMA-recognised supervisory organisation. See our guide on asset management licensing in Switzerland for the FinIA pathway.
FINMA-Recognised SROs: Which One Is Right for You?
FINMA currently recognises twelve SROs. Most financial intermediaries in practice work with one of five:
| SRO | Primary Focus | Typical Members | Notable Features |
|---|---|---|---|
| VQF (Verein zur Qualitaetssicherung von Finanzdienstleistungen) | Broad — asset managers, fintech, crypto, forex, payment services | 1’000+ members; largest SRO in Switzerland | Dedicated crypto/VASP track; well-documented standards; experienced committee |
| PolyReg | Crypto/digital assets, payment services, forex | Popular for crypto-native businesses | Strong expertise in blockchain-based business models; pragmatic review process |
| OAD FCT (Organisme d’autoregulation de la Federation romande des fiduciaires) | Trust companies, fiduciaries, wealth structuring | Francophone Switzerland professionals | Regionally focused; strong fit for Geneva/Vaud-based fiduciaries |
| SRO-SVV (SRO of Swiss Insurance Intermediaries) | Insurance intermediaries | Insurance brokers and agents | Sector-specific AML standards; required for insurance-linked financial products |
| ARIF (Association Romande des Intermediaires Financiers) | Financial intermediaries in Romandy | Geneva-area intermediaries; lawyers-as-trustees | French-language administration; long-established |
For businesses based in Zug or German-speaking Switzerland conducting fintech, crypto, payment, or forex activity, VQF is the standard first choice. Its published compliance standards are detailed, its AML review committee is experienced with complex digital-asset business models, and its size means FINMA and Swiss banks treat VQF membership as a well-understood credential.
PolyReg is the preferred alternative for pure crypto businesses, particularly those with novel token structures or DeFi-adjacent models, where PolyReg’s committee has developed specific interpretive practice.
For companies uncertain which SRO is appropriate, a pre-application business model assessment is the correct starting point — the choice of SRO has downstream consequences for the scope of AML obligations and the audit methodology applied.
Application Requirements
The application process is substantive. Both VQF and PolyReg require a complete dossier before the compliance committee will begin its review. Submitting an incomplete application does not start the clock — it generates a request for further documents and delays the timeline.
A compliant application dossier includes:
Corporate documentation
- Certificate of incorporation and commercial register extract
- Articles of association (current version)
- Organisational chart showing the full group structure, including parent entities and affiliates
- List of directors, senior managers, and ultimate beneficial owners (UBOs) with percentage ownership
Fit-and-proper documentation for all directors and UBOs
- Curriculum vitae (professional history, qualifications, relevant experience)
- Copy of valid identity document
- Police clearance certificate or equivalent declaration of no criminal conviction
- Signed declaration of no pending proceedings before financial regulators
Business model description
- Detailed description of the services offered, client types, geographies served, and revenue model
- Overview of the IT systems and platforms used in service delivery
- Description of the client onboarding process
AML compliance programme (the core document — see below)
Financial documentation
- Most recent audited financial statements (for established businesses)
- For start-ups: a detailed business plan with 12-24 month financial projections and evidence of initial capitalisation
Appointment of an AML officer (Geldwaeschereibeauftragter)
- Written appointment of a named individual as the AML compliance officer
- CV of the AML officer demonstrating relevant qualifications and experience
The AML Compliance Programme
The AML compliance programme is the document on which most applications succeed or fail. It must be specific to the business model — a generic template will be identified immediately and will result in rejection or a request for substantial revision.
A compliant programme addresses:
- Written AML policy and risk appetite statement
- Client risk classification framework (low / medium / high / PEP / sanctioned)
- KYC and CDD procedures: identification thresholds, identity verification methods, source of funds requirements for higher-risk clients
- Enhanced due diligence procedures for politically exposed persons (PEPs), high-risk jurisdictions, and complex ownership structures
- Transaction monitoring methodology: rules, thresholds, automated vs. manual review
- MROS reporting procedures: internal escalation workflow for suspicious activity reports
- Record-keeping procedures: what is retained, for how long (minimum 10 years under AMLA)
- Staff AML training programme: content, frequency, and documentation
For crypto businesses, the programme must additionally address blockchain analytics, wallet screening, travel rule compliance (FATF Recommendation 16), and the handling of unhosted wallets. For details on the broader crypto licensing requirements, see our dedicated page.
Costs: What to Budget
SRO membership involves two categories of cost: the SRO’s own fees, and the professional cost of preparing the application.
SRO fees — VQF
- One-time admission fee: CHF 500-1’500 (depending on the category of membership applied for)
- Annual membership fee: CHF 1’000-8’000, scaled by the member’s annual revenue and size
- Smaller intermediaries with revenues below CHF 1 million typically pay CHF 1’000-2’500 annually; mid-sized businesses CHF 3’000-5’000; larger intermediaries approach the upper end
SRO fees — PolyReg
- Broadly similar to VQF; admission and annual fees in the same range, scaled by business size and activity category
AML compliance programme and application preparation
- For a straightforward business model (single-activity forex dealer, simple payment processor): CHF 8’000-15’000 in legal and consulting fees to design and document a compliant AML programme and prepare the full dossier
- For a crypto business with multiple asset classes, cross-border clients, and complex KYC workflows: CHF 15’000-35’000
- These figures assume the business has no prior AML documentation; where a partial framework exists and requires refinement rather than construction from scratch, costs are lower
AML officer
- If an internal person is appointed, there is no incremental external cost, though training and qualification costs apply
- An external AML officer — including Lawsupport’s external AML officer service — is a recognised and accepted structure for early-stage or smaller intermediaries. External AML officer engagement typically costs CHF 3’000-8’000 annually depending on the scope of ongoing responsibilities
Total first-year budget estimate
- Simple business model, internal AML officer: CHF 12’000-20’000 (professional fees + SRO admission and first-year fee)
- Crypto or multi-activity business, external AML officer: CHF 25’000-50’000 in year one, with ongoing annual costs of CHF 8’000-18’000
Timeline: How Long Does SRO Membership Take?
For a well-prepared application with a complete dossier submitted on day one, the standard timeline is 4-12 weeks from submission to formal acceptance.
The variance is driven by:
- Complexity of the business model: novel or multi-layered models take longer for the compliance committee to review
- Completeness of the application: missing documents or insufficient AML programme detail generate requests for supplemental information, each of which adds 2-4 weeks
- Fit-and-proper assessment: background checks on directors and UBOs with international profiles or complex ownership structures take longer
- SRO workload: VQF in particular has periods of high application volume; allow for queue time
A realistic planning assumption for a crypto or fintech business preparing its application from scratch: 6-10 weeks from engagement of legal counsel to submission, plus 4-8 weeks for SRO review, giving a total of 10-18 weeks from the start of preparation to membership. Businesses should not commence regulated activities — including onboarding clients, processing transactions, or holding client assets — until membership is confirmed.
Annual Obligations After Membership
SRO membership is not a one-time event. Members have recurring obligations that must be built into operational and compliance processes:
Annual compliance reporting Members submit an annual self-assessment to the SRO covering the volume of business, client base, material AML events, and any changes to the AML programme. This is a substantive document, not a checkbox form.
Periodic on-site audits SROs conduct periodic compliance audits of members, either on-site or document-based. VQF typically audits members every 2-4 years, with the frequency calibrated to the member’s risk profile. Crypto businesses and higher-risk intermediaries are audited more frequently.
Annual fee payment Fees are invoiced annually and must be paid to maintain active membership status.
Notification of material changes Members must notify the SRO promptly of any material change, including:
- New directors or UBOs, or changes in ownership structure
- New product lines or services that alter the business model
- Entry into new markets or geographies
- Significant incidents (data breach, suspicious transaction, regulatory inquiry)
- Change of AML officer
Failure to notify is among the most common compliance findings in SRO audits, and repeated failures can result in expulsion.
Ongoing staff training The AML training programme must be delivered to relevant staff at least annually, with attendance records maintained.
Consequences of Operating Without SRO Membership
The consequences are not theoretical. Operating as an unregistered financial intermediary under AMLA:
- Is a criminal offence under AMLA Article 44, with fines of up to CHF 500’000 applicable to the responsible individuals
- Exposes the company to a FINMA order to cease operations — FINMA has the power to order immediate closure and wind-down of unlicensed financial intermediary activities
- Makes it effectively impossible to obtain or maintain a Swiss bank account — Swiss banks conduct AMLA due diligence on their own clients and will not service unregistered financial intermediaries
- Disqualifies the business from exchange listings, institutional partnerships, and regulatory equivalence assessments in other jurisdictions
FINMA actively monitors for unlicensed activity, including through referrals from Swiss banks and whistleblower reports. The enforcement risk is real and increasing.
How Lawsupport Supports Your SRO Application
Lawsupport (Morgan Hartley Consulting) manages the full SRO membership process for financial intermediaries across the spectrum — from forex dealers and payment processors to crypto exchanges, fund distributors, and fiduciary businesses.
Our service covers:
- Business model analysis to determine whether SRO membership or a FINMA licence (or both) is required, and which SRO is the right fit
- AML compliance programme design: drafting a bespoke, SRO-ready policy, KYC procedures, transaction monitoring framework, and MROS reporting workflow
- Dossier preparation and submission: compiling and submitting the complete application, managing the SRO committee correspondence, and responding to follow-up questions
- AML officer services: Lawsupport provides external AML officer services for intermediaries that do not have a qualified in-house candidate — a formally accepted structure under AMLA
- Ongoing annual reporting: preparing the annual SRO compliance report and maintaining the AML programme as the business evolves
For businesses that also need to form a Swiss company before applying, or that require a corporate bank account alongside SRO membership, we handle the full sequence.
Frequently Asked Questions
Do I need SRO membership if my company is incorporated abroad but serves Swiss clients?
If your company is incorporated outside Switzerland but conducts financial intermediary activities from within Switzerland — through staff, infrastructure, or a branch — the AMLA obligation applies. Foreign companies providing services entirely from abroad to Swiss clients may fall outside the scope in certain cases, but the analysis turns on where the activity is carried out, not where the legal entity is registered. A Swiss subsidiary with SRO membership is the standard structure for foreign groups seeking compliant access to Swiss clients.
Can the AML officer be an external person or does it have to be an employee?
AMLA and the SRO regulations permit the appointment of an external AML officer. This is a formally recognised and widely used arrangement, particularly for smaller intermediaries and start-ups where a full-time internal compliance hire is not commercially viable. The external AML officer must meet the same qualification and experience requirements as an internal appointee, and the appointment must be documented in writing. Lawsupport provides external AML officer services to SRO members.
Is SRO membership sufficient for a crypto business, or do I also need a FINMA licence?
For most crypto businesses — exchanges, brokers, custodians, payment processors — SRO membership satisfies the AMLA financial intermediary obligation and is sufficient to operate lawfully. A FINMA licence is additionally required if your activities trigger a separate licensing threshold: for example, if you accept public deposits above the Art. 1b BankG threshold (CHF 100 million), trade securities on a proprietary basis at scale, or manage collective assets. Many crypto businesses hold SRO membership only.
What happens if the SRO rejects our application?
A rejection does not preclude reapplication, but the applicant must address the grounds for rejection — typically a deficient AML compliance programme, an unsatisfactory fit-and-proper outcome for a director or UBO, or an insufficiently documented business model — before resubmitting. In serious cases involving criminal history or regulatory sanctions, rejection may be final. The most effective way to avoid rejection is a thorough pre-application assessment and the submission of a complete, business-specific dossier from the outset.
How long must AML records be retained?
Under AMLA, all documents relating to financial intermediary activities — KYC files, transaction records, internal reports, correspondence with MROS — must be retained for a minimum of 10 years from the date the business relationship ends or the transaction is completed. SROs may impose longer retention periods in specific cases.
Can I operate while the SRO application is pending?
No. The AMLA obligation applies before commencing financial intermediary activities. A pending application does not constitute membership, and operating before formal acceptance exposes the business to the same criminal and regulatory consequences as operating without any SRO affiliation at all. Plan your timeline accordingly.
What is the difference between SRO membership and a FINMA licence?
SRO membership covers para-banking financial intermediaries under AMLA — the SRO supervises compliance with AML obligations. A FINMA licence is a direct authorisation from the Swiss financial regulator for activities that fall under specific financial market laws (Banking Act, FinIA, CISA, Insurance Supervision Act). Some businesses need both: SRO membership for AML compliance and a FINMA licence for their specific regulated activity.
Do trustees and fiduciaries need SRO membership?
Yes. Trust companies and fiduciaries that manage assets, structure transactions, or hold funds on behalf of clients are financial intermediaries under AMLA. They must affiliate with an SRO. The OAD FCT and ARIF are the SROs most commonly chosen by fiduciaries, particularly those based in Romandy.
Is SRO membership transferable if the company is sold?
SRO membership is not automatically transferred in a share sale. The SRO must be notified of any change of ownership, and the new owners and directors must satisfy the fit-and-proper requirements. In practice, a change of control often triggers a re-assessment by the SRO. The membership itself continues, but approval of the new beneficial owners is required.
What are the most common reasons for SRO application delays?
The three most frequent causes of delay are: (1) an incomplete AML compliance programme that does not address the specific business model, (2) missing or inadequate fit-and-proper documentation for directors or UBOs with complex international backgrounds, and (3) an unclear business model description that leaves the SRO committee unable to assess the risk profile. A well-prepared dossier addresses all three from the outset.
Request a Free Assessment
Whether you need SRO membership, a FINMA licence, or both depends on your specific business model and activities. Morgan Hartley, Senior Corporate Lawyer & Partner at Lawsupport, reviews your situation and sets out the steps needed — without obligation.
Lawsupport (Morgan Hartley Consulting) Grafenauweg 4, Zug, Switzerland +41 44 51 52 592 info@lawsupport.ch