9 Supervising International Banks: Swiss Regulatory Practice
- International Monetary Fund
- Published Date:
- June 2007
1.1. A robust framework for cross-border supervision is of key importance to the Swiss Federal Banking Commission (SFBC), which is Switzerland’s supervisory authority for banks as well as collective investment funds, securities firms, and securities exchanges.
1.2. The reasons are quite obvious. First, Switzerland has, and has always had, a large presence of foreign banks. There are about 350 banks incorporated in Switzerland, 124 of which are foreign owned, and 28 branches of foreign banks. Second, Switzerland is the home of two large, internationally active financial groups that have branches and subsidiaries in more than 30 countries and have the majority of their assets booked abroad. The SFBC thus plays a significant role as both home regulator and host regulator and, as such, needs to cooperate closely with foreign home and host regulators.
1.3. The Basel Committee on Banking Supervision’s (hereinafter referred to as the Basel Committee) Concordat (1983), Minimum Standards (1992), Report on Cross-Border Banking Supervision (1996), and Core Principles (1997) state the principles that no banking establishment should escape supervision and that all foreign establishments are subject to effective consolidated supervision. More recently, consolidated supervision has been extended beyond prudential requirements and the management of banking risk to the management of legal and repu-tational risk on a consolidated basis and the group-wide application of due diligence standards to avert money laundering/financing of terrorism (ML/FT) risk. As such, and as set forth in the Basel Committee’s Papers on Customer Due Diligence (2001) and Consolidated KYC Risk Management (2004), banking groups are expected to apply accepted know-your-customer (KYC) policies and procedures to both their local and overseas operations. To exercise consolidated supervision and to verify compliance with all relevant rules and procedures in a cross-border context, the regulator relies on intragroup information flows and supervisory cooperation and information sharing. The following sections review the underlying regulatory framework for those two components of cross-border supervision in Switzerland.
2. Intragroup Information Flows
2.1. A prerequisite for effective consolidated supervision is that the information necessary can flow from the branch or subsidiary to the head office or parent. If the group does not have the necessary data or cannot verify compliance with its internal policies, rules, and procedures within the entire group, it cannot adequately manage and control its group-wide risks, nor can the supervisory authority accomplish its mission of consolidated supervision. Intragroup information flows are by far the most important channel for cross-border supervisory information. It is therefore important that there be no impediments to the flow of information from a foreign establishment to its parent institution. The SFBC therefore regards the free flow of information necessary for consolidated supervision from the foreign establishments to the Swiss parent as a prerequisite for allowing Swiss banks to set up establishments in other jurisdictions.
2.2. For branches and subsidiaries of foreign banks in Switzerland, Swiss law allows the flow of information from a Swiss banking subsidiary or branch to its foreign parent for the purpose of group internal control and consolidated supervision. Banking secrecy is waived vis-à-vis the group for the purpose of consolidated supervision.2
2.3. In application of Article 4 quinquies3 of the Swiss Banking Act, information necessary for consolidated supervision purposes can be directly transmitted from a Swiss banking subsidiary or branch of a foreign bank or financial group to its foreign head office or parent company, subject to the following conditions:
2.3.1. Speciality. The information transmitted must serve exclusively internal control and supervisory purposes, which include the verification of compliance with all prudential and other regulatory requirements, including anti-money laundering/combating the financing of terrorism (AML/CFT) obligations of the bank.
2.3.2. Confidentiality. The foreign parent company and its supervisory authority must be subject to professional or official secrecy and be prohibited from disclosing information to third parties without a specific legal basis. It is acknowledged that the principle of confidentiality is limited by legal constraints, such as the obligation to report suspicious transactions under AML/CFT provisions or legally enforceable demands for information.
2.3.3. “Long-arm principle..” The information must not be retransmitted to third parties without the Swiss banking institution’s prior consent. Best efforts suffice, in that it is acknowledged that in all jurisdictions there may be legal constraints that require a retransmission of information by law, by court order, or as a result of parliamentary investigation.
3. Information Sharing in AML/CFT Context
3.1. The scope for intragroup information sharing is no longer limited to credit risks on the asset side, but encompasses the entire universe of risks, including legal and reputational risk associated with ML/FT. To a limited extent, the shared information may relate to individual customers; otherwise, banks would not be able to monitor concentration and funding risk, verify the proper application of KYC standards, and evaluate the risk associated with certain higher-risk customers on a group-wide basis. The customers’ consent is not required. The foreign supervisor may gain access to this information in the course of its supervisory activities. Yet, if the supervisor seeks specific information from foreign establishments, it must circumvent formal administrative assistance procedures by taking advantage of intragroup information flows.
3.2. The SFBC Anti-Money Laundering Ordinance4 extends the scope of group-wide information sharing more explicitly to customer-related information. This is in line with the international recommendations contained in the Basel Committee’s customer due diligence paper,5 which more recently was further supplemented by a paper on consolidated KYC risk management.6 The SFBC’s ordinance requires that the group compliance unit at the head office can gain access, if necessary, to the business relationships of all affiliated companies located in Switzerland and abroad, in order to verify compliance with KYC standards. A centrally held client base is not required. The Basel Committee has stressed this principle in connection with the fight against terrorist financing:7 “. . . information would be kept at branches and subsidiaries and made available to the parent bank on request, or at the initiative of the branches and subsidiaries when the reputation or liability of the group could be threatened by the relationship [italics added].” Should banks face impediments to direct access to customer data in foreign branches or subsidiaries, or where foreign laws disallow the communication of relevant customer information to the Swiss parent, they are required to inform the SFBC. If the SFBC is informed of such barriers, the SFBC will contact the foreign regulator in order to confirm whether there are genuine legal impediments and explore alternative arrangements satisfactory to the SFBC. If the impediments prove insurmountable, the SFBC may require banks to close down their operations, or prohibit them from setting up establishments, in the jurisdiction.
3.3. Branches and subsidiaries of foreign financial intermediaries in Switzerland must likewise grant group auditors or compliance staff of the foreign head office or parent access to data on individual clients and beneficial owners that are kept in their Swiss offices.8 They may also proactively provide information concerning higher-risk customers and activities to the head office or parent bank. For instance, if they are requested by their head office to search their files against a list of individuals or organizations suspected of aiding and abetting terrorist financing or money laundering, they may report back matches that they find. Such information does not constitute a violation of the “tipping-off” prohibition stipulated by the Anti-Money Laundering Law if, at the same time, they have the obligation to file a suspicious transaction report to the Swiss financial intelligence unit, the Money Laundering Reporting Office of Switzerland (MROS).9
4. Cooperation on Domestic Level
4.1. The SFBC has access to all information from the banks and their external auditors necessary to fulfill its supervisory mandate and may also order special audits to obtain necessary information. Swiss banks are subject to extensive record-keeping requirements. The SFBC Anti-Money Laundering Ordinance requires banks to be organized in such a way as to be able to respond to information requests from authorities within a reasonable time and to establish, by means of documented proof, whether or not a particular individual is a customer of the bank or has the power to represent a customer, or is a beneficial owner of an account held with the bank, or has carried out a cash transaction, which required identification. The account opening documentation, as well as the transaction records, must be retained for at least 10 years.
4.2. The SFBC may share information with other Swiss regulatory authorities. As such, the SFBC, on a regular basis, shares information with the Swiss National Bank. It also cooperates with the Federal Office of Private Insurance, in particular, with respect to the supervision of financial conglomerates. On AML/CFT, the SFBC works closely with the MROS and the Money Laundering Control Authority,10 which oversees the application of the Money Laundering Act by all financial intermediaries and other professions that are not subject to a special supervisory regime.11
4.3. The SFBC is required to provide information, upon request, to federal and cantonal law-enforcement authorities. The information sharing operates in both directions, in that the SFBC may also request information from law-enforcement authorities, for instance where impending cases are relevant to judge compliance with licensing and operating requirements. The SFBC has, however, shared information, to a more limited extent, on several occasions with Swiss tax authorities on supervised institutions and their shareholders.
5. Supervisory Cooperation on International Level
5.1. Besides intragroup information flows, the SFBC relies, for effective cross-border supervision, on supervisory cooperation information exchange, which takes various forms:
5.1.1. Regular contacts. Regular personal contacts with foreign home or host country supervisors to discuss supervisory matters and other issues of mutual interest are key to keeping abreast of regulatory developments. They enhance efficient cooperation and serve to build trust. The SFBC holds trilateral meetings two or three times a year with the Federal Reserve Bank of New York and the Financial Services Authority in the United Kingdom. Similar arrangements are in the process of being set up with other supervisory authorities. There is no formal legal underpinning or agreement to hold such meetings. This does not, however, hinder candid discussions on specific supervisory issues.
5.1.2. Provision of unsolicited information. The SFBC may provide information or arrange for information to be provided on a voluntary basis, even though no request has been made. The SFBC proactively provides information to its foreign counterparts if it believes that information will enable or assist the foreign authority to perform its regulatory functions, including supervisory and enforcement functions.
5.1.3. Information sharing for supervisory matters. The SFBC may be requested by a foreign regulator to share information in its possession or to confirm or verify information provided by the requesting authority. Nonconfidential information may be exchanged informally, via the phone or e-mail. Requests for the provision of confidential information are generally made in writing or, if made orally, confirmed in writing. The SFBC always requires that the requesting authority specify the purpose for which the information is sought.
5.1.4. Joint supervisory actions. Another practice developed over time by the SFBC and its foreign counterparts is joint supervisory visits and joint meetings held with the bank’s management, both in Switzerland as well as in the host country.
5.1.5. On-site inspections. Under its system of indirect supervision, the SFBC relies on external audit firms to conduct on-site inspections in foreign establishments of Swiss banks.12 To this end, the audit firm of the Swiss parent needs to have full access to the foreign establishment’s files and records, including customer-related data. Whereas the SFBC may carry out supervisory visits at foreign institutions, it does not itself seek direct access to individual customer files in foreign branches or subsidiaries of Swiss banks. This approach is also reflected in the provisions governing on-site inspection by foreign supervisors in Switzerland. Foreign supervisors cannot have direct access to customer information at Swiss offices of foreign banks if that information is related to private banking transactions (“private banking carve-out”). Although direct access by a foreign supervisor is excluded, the information may be requested from the SFBC or be inspected by an audit firm—a special audit mandated by a foreign regulator and carried out by an audit firm is considered admissible under Swiss law. With the sole exception of private banking-related customer data, foreign regulators can gain full access to all records at offices of foreign banks in Switzerland, including client information in other than private-banking transactions, e.g., commercial loans. To date, supervisors from seven jurisdictions have conducted on-site inspections in Switzerland.
5.1.6. Information sharing for enforcement matters. If a request for assistance relates to actual or possible enforcement action, the requesting authority has to provide a description of the conduct or suspected conduct that gives rise to the request, and the applicable law or regulation and relevance of the requested assistance. Assistance provided by the SFBC on enforcement matters may also consist of questioning or taking testimony from persons designated by the requesting authority, or the conduct of inspections or examinations of financial institutions.
5.1.7. Joint/coordinated enforcement. When circumstances arise that lead to an investigation, in which both the SFBC and its foreign counterpart have a joint interest, the SFBC will consult with the foreign authority as to the allocation of responsibilities and the appropriateness of conducting a joint investigation and coordinated enforcement action. In a recent enforcement case against UBS regarding banknote dealings, the SFBC coordinated its actions with the Federal Reserve Bank of New York.13 UBS had operated an extended custodian inventory (ECI) facility for the New York Fed in Zurich and committed breaches of its contractual agreement with the New York Fed. The SFBC and the Federal Reserve Bank of New York cooperated closely in this matter and shared the results of their respective investigations.
6. Cooperation Arrangements
6.1. What are the underpinnings for supervisory cooperation and information exchange? There are different ways in which the relationship with a foreign supervisory authority can gain expression. The conclusion of a memorandum of understanding (MoU) is neither a prerequisite nor a legal requirement under Swiss law. According to its regulatory practice, the SFBC enters into exchanges of letters, or MoUs, with those supervisory authorities with whom it maintains close regular contacts. In the absence of an MoU, the SFBC can also exchange information on an ad hoc basis provided the foreign authority gives the necessary assurances as required under Swiss banking law.
6.2. These assurances relate to the following: (1) the confidential treatment of the information provided, (2) the exclusive use of the information for supervisory purposes, and (3) the affirmation that the information will not be transferred to third parties without the SFBC’s prior consent. Confirmation of the requesting authority that it will endeavor to seek consent from the SFBC before disclosing nonpublic information received from the SFBC will suffice. If the requesting authority is subject to a mandatory disclosure requirement, or receives a legally enforceable demand for information under applicable laws and regulations, the requesting authority should notify the SFBC of its obligation to disclose and endeavor to seek consent from the SFBC before making a disclosure. It should make its best efforts to protect the confidentiality of information obtained from the SFBC and, if necessary, use all reasonable legal means to resist disclosure, including by asserting such appropriate legal exemptions or privileges as may be available, for example, by advising the concerned or other requesting party (e.g., a parliamentary commission) of the possible negative consequences of a disclosure on future cooperation between the authorities.
6.3. The SFBC may seek cooperation with its foreign counterparts to perform its functions as financial regulator more effectively. At the same time, it is authorized to provide assistance to foreign authorities to the extent that it serves the supervision of financial markets and institutions, and the enforcement of financial laws and regulations. This “specialty principle” excludes information exchange with other authorities, such as foreign law-enforcement authorities or tax authorities. These authorities will have to seek cooperation via their counterparts and mutual legal assistance procedures.
Although it is true that cooperation arrangements can be further improved, Swiss law provides for an adequate legal framework for supervisory cooperation and information sharing. This framework consists of two components: (1) the intragroup flow of information necessary for risk management on a global basis, compiling consolidated reports to the home supervisor, and robust cooperation arrangements; and (2) the cooperation between the SFBC and its foreign counterparts, which includes the sharing of information and the conduct of on-site inspections. Yet, a legal framework is not enough; what makes cooperation and information sharing really work are good working relations based on mutual trust and the willingness to cooperate and share information when the circumstances justify it.
The text benefited from helpful comments by Marco Franchetti. It is intended as a description of the current legal framework and regulatory practice in Switzerland.
See Daniel Zuberbühler, Director, Swiss Federal Banking Commission, “Regulatory Challenges for Swiss Banking Secrecy,” 30 Years Association of Foreign Banks in Switzerland, Conference on “Foreign Banks in Switzerland: On Course in Choppy Waters” held in Zurich, June 21, 2002, available on the Web at http://www.ebk.ch/e/archiv/2002/pdf/neu05e-02.pdf.
Article 4 quinquies came into effect in 1995.
Ordinance of the Swiss Federal Banking Commission concerning the Prevention of Money Laundering (SFBC Money Laundering Ordinance, MLO SFBC), December 18, 2002, available on the Web at http://www.ebk.ch/d/regulier/pdf/gwv-181202-e.pdf. See Article 9.
The “Customer Due Diligence for Banks” paper of the Basel Committee of 2001 (available on the Web at http://www.bis.org/publ/bcbs85.pdf) requires supervision on a global basis of all important customer relationships; see, in particular, Section 16: “Customers frequently have multiple accounts with the same bank, but in offices located in different countries. To effectively manage the reputational, compliance and legal risk arising from such accounts, banks should be able to aggregate and monitor significant balances and activity in these accounts on a fully consolidated worldwide basis, regardless of whether the accounts are held on balance sheet, off balance sheet, as assets under management, or on a fiduciary basis.”
Basel Committee on Banking Supervision, “Consolidated KYC Risk Management,” October 2004, available on the Web at http://www.bis.org/publ/bcbs110.pdf.
Basel Committee on Banking Supervision, “Sharing of Financial Records Between Jurisdictions in Connection with the Fight Against Terrorist Financing,” April 2002, which is the summary of a meeting of representatives of supervisors and legal experts of the Group of Ten central banks and supervisory authorities on December 14, 2001 in Basel.
Article 9 of the Anti-Money Laundering Ordinance states that “financial intermediaries forming part of a financial group, either from Switzerland or abroad, shall allow the group’s internal control bodies and external auditors to access any information which may be required concerning specific business relationships, provided that such information is essential for the management of legal and reputational risk on a global basis.”
Article 10 of the Swiss Anti-Money Laundering Law provides that a financial intermediary must freeze the assets that are linked to the reported suspicious transaction until a formal order is received from the prosecuting office, but only for a maximum of five days, during which the concerned client or a third party must not be informed.
Articles 17–22 of the Money Laundering Act; see also the website of the Money Laundering Control Authority at http://www.gwg.admin.ch.
All those financial intermediaries not subject to special supervision by the SFBC, the Federal Office of Private Insurance (FOPI), or the Gaming Commission are directly subject to the Money Laundering Control Authority’s oversight unless they join a self-regulatory organization (SRO) that is licensed and supervised by the Money Laundering Control Authority.
With the exception of the large banks, where the SFBC itself also carries out on-site examinations.
See the press releases of the SFBC at http://www.ebk.ch/e/archiv/2004/20 040510/M_10_05_2004_e.pdf and the Federal Reserve Board at http://www.federalreserve.gov/boarddocs/press/enforcement/2004/200405102/default.htm.