Swiss banks in Europe: The EU Anti-Money Laundering (AML) regime is coming – are you ready?

For many years, Swiss banks with European branches or subsidiaries have navigated a puzzle of AML requirements: EU directives, national applications, local supervisory expectations, and differences in interpretation. The EU is now moving from a directive-based AML framework to a single rulebook: the EU Anti-Money Laundering Regulation (AMLR), backed by the new Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA). While Switzerland is not a EU Member State, Swiss institutions are affected: Either directly, if you operate EU subsidiaries or branches, or indirectly, as Swiss banks can not ignore the potential of regulatory arbitrage by customers trying to leverage the differences in the Swiss regime while doing business in the EU. In any case, Swiss banks need to rethink and adjust their current AML framework in light of AMLR.

The new EU Single Rulebook

The EU AML Single Rulebook, applicable from 10 July 2027, will necessitate adjustments across governance and organisation, operational processes, IT systems and data management. The key changes are as follows:

• Regulatory framework: AMLR + RTS + ITS + Guidelines
  The AMLR will be complemented by Regulatory Technical Standards (RTS), Implementing Technical Standards (ITS) and Guidelines drafted by AMLA. RTS and ITS will be adopted by the European Commission as directly binding regulations. RTS will be adopted by the European Commission as directly binding regulations. While Member States retain limited discretion on some issues, national deviations and interpretative flexibility will be significantly reduced. Continuously regulatory monitoring and timely implementation of RTS and guidelines will therefore be critical. This will create a harmonized AML framework across all EU and EEA member states around Switzerland, which in some areas will deviate from the Swiss framework.
• AML and sanctions regimes move closer together
  For the first time, the regulatory AML framework explicitly addresses targeted financial sanctions (restrictive measures against designated individuals and entities). This marks a significant shift towards an integrated compliance approach: AML and sanctions should no longer be managed in silos, but through a coherent set of preventive measures and controls designed to strengthen effectiveness across both risk domains. While the integration of sanctions enforcement into an AML legislation can be questioned, the resulting holistic client view across all areas of mandatory diligence will improve and over time simplify the management of compliance risks.
• Stricter organisational requirements
  The requirements increase for governance, accountability and resourcing, especially for the designated board member responsible for AML, the AML Officer and all staff involved in KYC tasks. Designated staff must undergo fit-and-proper assessments prior to taking up their role, and regularly thereafter. In addition, institutions must implement robust conflicts-of-interest frameworks to detect and manage personal or economic conflicts between customers and KYC-staff. Ensuring group-wide consistency of this framework across entities will be critical. This requirement might also make an impact on the current plans of Swiss legislators to implement a senior manager regime.
• KYC harmonisation comes first
  KYC expectations become more prescriptive. The threshold for ultimate beneficial ownership (UBO) changes from “more than 25%” to “25% or more” of shares or voting rights, together with an updated calculation approach. The periodic review cycle is amended to at least five years for low- and medium-risk customers, while the one-year review cycle remains unchanged for high-risk customers. These KYC-requirements apply to new customer relationships from July 2027 onward, with legacy customers transitioning progressively. It remains to be seen where the differences to the Swiss CDB regime will be and how they might create an opportunity for regulatory arbitrage.
• Risk-based means data-driven and tech-enabled
  The Single Rulebook reinforces the risk-based approach (RBA) by requiring institutions to identify, assess and manage AML risks and apply preventive measures accordingly. This heightened focus is also reflected in the new supervisory model: AMLA will directly supervise 40 institutions deemed to pose the highest risk, while all other obliged entities remain under the oversight of competent national authorities.
  
  To meet these increased expectations around consistency, traceability and control effectiveness, institutions must strengthen their data foundations and make greater use of technology, enabling AML and sanctions processes to adapt dynamically as customer, product, and transactional risks evolve. This might also create an opportunity to give up on legacy formalities in favor of more dynamic and data driven risk models.

Start now: Turn pressure into transformation

Swiss banks with branches or subsidiaries in EU countries can use the new EU AML regime requirements to transform their AML operations, while other Swiss banks will get interesting insights and arguments to transform and modernize their current compliance framework Start with an AMLR readiness and gap assessment across your entities to define a clear target operating model and governance requirements aligned to the single rulebook.
Most importantly, use this moment to upgrade technology and data: streamline KYC and reviews, strengthen UBO logic, improve data quality, tune monitoring and automate where technology makes sense. Done right, it’s not ’more compliance’. It’s better compliance: more efficient, scalable, and effective in detecting money laundering risks and preventing sanctions breaches. Finally, while observing and planning, let’s keep a close look at potential risks for regulatory arbitrage.

Authors

• Ralph Wyss, Partner, Regulatory & Compliance | Deloitte Switzerland
• Shahanaz Müller, Partner Deloitte Austria | Risk, Regulatory & Forensic | AML & Sanctions