FINMA Issues Guidance 02/2026 on Digital Fraud Risks for Swiss Banks, Switzerland, April 2026

On 9 April 2026, the Swiss Financial Market Supervisory Authority (FINMA) published Guidance 02/2026 on digital fraud risks for banks and persons authorised under Article 1b of the Banking Act (FinTech licensees). The guidance is published in final form and takes effect immediately upon publication; it does not create new binding legal obligations but clarifies FINMA's supervisory expectations regarding operational and reputational risks arising from digital fraud.

The controlling legal basis for FINMA's supervisory expectations is Article 3 of the Banking Act (SR 952.0), which requires banks to maintain an adequate organisation and internal controls, together with FINMA Circular 2023/1 on operational risks and resilience, which sets out requirements for identifying and managing operational risk events including fraud. FINMA Guidance 02/2026 supplements these instruments by specifying how banks and FinTech licensees should address digital fraud scenarios — including social engineering, investment fraud perpetrated through digital channels, and authorised push payment fraud — as part of their operational risk management obligations.

Swiss-supervised banks and Article 1b FinTech licensees must review their digital fraud risk management programmes against the scenarios FINMA has identified. Institutions offering digital investment, payment, or custody services face heightened scrutiny because digital channels are the primary vector for the fraud types addressed in the guidance. Banks must confirm that their client communications, transaction monitoring, and incident-response protocols address digital fraud specifically — not merely generic cyber or operational risk. Compliance officers and risk functions should treat the guidance as a roadmap for FINMA's next on-site examination cycles covering operational risk.

FINMA guidance does not have the status of a circular or ordinance and cannot be enforced independently through a direct enforcement action; however, failure to align with guidance creates evidence of inadequate organisation under Article 3 Banking Act, which FINMA may cite in supervisory proceedings. The guidance is addressed specifically to banks and Article 1b licensees; insurance companies, fund managers, and other supervised entities are not direct addressees, though they may face analogous expectations under their own supervisory regimes.

Prokopiev Law Group advises on Swiss financial market regulation, FINMA supervisory compliance, and FinTech licensing matters. Our dedicated partner network includes Swiss-qualified practitioners who assist with FINMA examination preparation, operational risk programme reviews, and Banking Act compliance. Institutions supervised under the Banking Act or FinMIA with questions about Guidance 02/2026 are welcome to contact us. We advise on matters including FINMA licensing, operational risk management, digital asset supervision, Banking Act compliance, and FinTech authorisation.

Source: FINMA, Guidance 02/2026 — Digital fraud risks for banks and persons under Article 1b of the Banking Act, 9 April 2026, https://www.finma.ch/en/documentation/finma-guidance/ (confirmed 20 April 2026).

The information provided is not legal, tax, investment, or accounting advice and should not be used as such. It is for discussion purposes only. Seek guidance from your own legal counsel and advisors on any matters. The views presented are those of the author and not any other individual or organization. Some parts of the text may be automatically generated. The author of this material makes no guarantees or warranties about the accuracy or completeness of the information.