FINMA Report Indicates Unchanged Cybercrime and Money Laundering Risks

  • Richard Marley
  • November 17, 2021
  • 7 minutes read
  • 8251

Money laundering, identity theft, and various other cyberattacks risk have been elevated over the last few years. A sizable portion of Swiss asset management industries’ customers come from emerging nations, which creates a substantial risk of criminal activities. Due to this reason, 2021 was noticeably challenging for Swiss Financial Institutions. Therefore, for financial institutions, the Swiss Financial Market Supervisory Authority (FINMA) published a report about Risk Monitor 2021 on November 11, 2021. The report highlights the most prevalent risks faced by businesses and their resulting focus.

sp blog 17 Nov 2021-02 blog1

According to the Risk Assessment Report For Financial Institution, cyberattacks and money laundering risks are still prevailing in 2021. The Swiss Regulatory Authority stated that these factors are amongst the primary risks apparent in the financial market. 

Prevalent Cyber Attacks on Swiss Financial Centers in 2021

The Covid-19 pandemic has given businesses opportunities to adopt digital tools but also gave rise to cyberattacks amongst financial institutions. For instance, disturbances in the IT systems can create problems in the availability of confidential and critical services. Thus, depending on the severity of the cybercrimes, the vulnerabilities in the security systems can have adverse effects on global and Swiss financial centers. As a result, cyber risks are still prevailing in 2021, and several cyberattacks were successful in companies situated in Switzerland and abroad. 

For instance, some of the significant cyberattacks that happened in 2021 were on: 

A US company Colonial Pipeline

The largest fuel pipeline is the U.S Colonial Pipeline which faced a major ransomware attack resulting from a leaked password. The cybersecurity consultant of the company stated that the attackers gained access through the VPN account. Even though the VPN account has now been deactivated, it did not comprise a basic cyber security tool known as “two-factor authentication,” allowing the fraudsters to breach into the network. 

The Swiss Municipal Administration

The Swiss Municipal Administration faced a severe cyberattack that they thought was a weak attack, but an investigation revealed that it was indeed a massive attack. It took only thirty minutes for a cybersecurity expert to extract sensitive data from the servers of the Rolle municipality. This is another example of not providing extra security to the users through 2FA or other essential cyber security tools.   

The rising cyberattacks make it important to effectively prevent these attacks, which are posing as a major challenge for Swiss financial centers. 

The Perspective of Swiss Regulatory Body on Cyber Attacks 

After implementing the FINMA law on cyberattacks, 80 such instances were reported to the authority in the first year. The reports that FINMA received are mostly related to DDoS attacks, unauthorized access, and identity theft.  

Identity theft is usually prevailing due to the increase in phishing attacks in Switzerland. However, FINMA stated that supply chains of supervised entities have been facing an increased number of attacks since the start of 2021. The risk assessment report mentioned that approximately 25% of cyberattacks were on supply chains, posing a serious threat to the Swiss financial sector. These attacks cannot be deemed weak because they prove to delay or render it impossible to perform financial services. Financial sectors can face substantial reputational damage; hence, it is imperative to give training to combat cyber risks and eliminate weak points. 

In addition to the importance of training, FINMA elaborates to supervised entities the process, strategies, and approaches it expects. It has also expanded its resources to conduct on-site supervisory reviews to combat cyberattacks. The Swiss regulatory authority also stated that it is actively conveying cyber stress scenarios to financial institutions. 

Increased Money Laundering Risks towards Swiss Financial Centers 

Swiss financial services are global leaders in cross-border wealth management for individual clients. As a result, it is particularly vulnerable to money laundering risks. Breach of due diligence and reporting responsibilities can result in sanctions and damage to Switzerland’s financial institutions’ reputation and cross-border. 

Recent worldwide money-laundering violations demonstrate that there are substantial risks for financial institutions engaged in cross-border wealth management. As a result, background screening of Politically Exposed Persons (PEPs), state or quasi-state organizations, and sovereign wealth funds must be performed on global transactions. Furthermore, complex structures increase risks that impair the transparency when identifying the beneficial owners of the assets in question. Domiciliary corporations, fiduciary relationships, and insurance wrappers are all examples of these structures. 

FINMA has been involved in five corruption cases involving Venezuela oil corporation PDSA over the last year, with three of these cases already closed. 

Two of the most talked-about money laundering cases in the world are 

Mozambique loans: Credit Suisse

Credit Suisse violated the AMLA reporting obligations when it failed to report suspicious activity with the MROS. Rather, the bank ended the relationship with the client, who made a USD 8 million payment. The bank could not dispel the suspicions, and questions remained unanswered regarding the background of the payment. Hence, FINMA appointed a third party to monitor the proper implementation by the bank. 

Money Laundering: Julius Baer

A Venezuelan customer laundered USD 78 million, therefore, the Swiss regulatory authority, initiated a lawsuit against the senior management at Julius Baer, a Swiss-based private bank. 


These cases have exemplified the following points:

  • It is a must to tailor the compliance structure of a bank to the risk appetite of the institution
  • The institution must ascertain the origins of assets and determine whether the clients in question are indeed beneficial owners 
  • They must notify the Money Laundering Reporting Office (MROS) of any suspicious activities

What the Swiss Regulatory Body has to say regarding Money Laundering Risks

According to the Swiss regulatory body, transaction monitoring is the tool that most frequently uncovers suspicious behavior on the part of financial intermediaries. Previously, for an extended time, the media served as a primary source of information which indicates that banks are becoming more aware and proactive in reporting suspicious activities. 

FINMA further implied that the money laundering risks (particularly in the context of cross-border asset management) in the crypto space are becoming increasingly apparent, specifically in connection with cryptocurrency. While new technologies improve efficiency in the financial sector, overcoming the risks of money laundering and monitoring cross-border transactions have increased. Hence, cryptocurrencies are frequently used in cyberattacks or to illegally trade on the dark web, therefore, the risks associated with ML might be serious for fintech companies as well. 

Additionally, FINMA, in its risk assessment report, specified the need for an audit program that takes various business models into account when supervising anti-money laundering measures. The audit’s scope and content are to be determined by the type of money laundering risk that financial institutions possess. FINMA also stated that it would continue to pursue enforcement actions whenever necessary. Lastly, FINMA noted that financial institutions operating in this sector that lack an effective anti-money laundering defense system could substantially threaten the Swiss financial center’s credibility. Hence, it is important for financial institutions to adopt a risk management approach to deal with PEPs or quasi-state clients.

How can Shufti Pro Help?

Money laundering and identity theft cases are skyrocketing in all financial sectors, whether situated in Switzerland or in other parts of the world. Therefore, it is essential for businesses to uplift cybersecurity measures to combat money laundering risks and other financial crimes seamlessly.

Shufti Pro provides identity verification and AML screening services to financial institutions and helps them stay put with changing money laundering and terrorist financing regulations. The benefits are available to all big and small businesses, with 2-factor authentication for overcoming cyberattacks and AML screening for regulatory compliance. Shufti Pro’s vision is to make identity verification considerably accurate and provide seamless verification in less than a second. 

What to know more about AML screening and 2FA?