Crypto Institution License under FINIG – the next regulatory stage for the Swiss crypto market (Federal Council moves forward with stablecoins and cryptos: consultation opened)

With the planned revision, the existing fintech license under the Banking Act (BankG) is to be transferred and further developed into a new Payment Instrument Institution category under FINIG. Concurrently, a new Crypto Institution category is to be created.

Payment Instrument Institutions shall, in particular:

• accept client funds within the scope of payment services,
• issue certain stablecoins ("value-stable crypto-based payment instruments"),
• be exempted from the previous upper limit of CHF 100 million, as protection is to be ensured through the segregation of client funds and stricter capital and resolution rules.

Crypto Institutions, as a new licensing category, shall cover those service providers that offer trading and custody services with crypto-based assets, in particular:

• Custody and staking,
• Client trading and short-term proprietary trading,
• Crypto exchange services,
• Custody of certain stablecoins.

The supervisory requirements are based on the regime for securities firms, but are to be specifically tailored to crypto services and less extensive, as they do not focus on traditional financial instruments.

For years, the Swiss financial center has been an important location for blockchain, crypto, and fintech companies. At the same time, the volume, complexity, and systemic relevance of these business models have significantly increased. With this revision, the Federal Council pursues several objectives:

• Legal certainty for professional providers of crypto services and stablecoins,
• Strengthening location attractiveness and competitiveness compared to foreign jurisdictions,
• Protection of investors and clients through clearly defined licensing and conduct obligations,
• Risk limitation in the areas of financial stability, market integrity, and anti-money laundering,
• Implementation or consideration of international standards, particularly in the area of crypto assets and tax transparency

Another central point is anti-money laundering (AML): Payment Instrument Institutions and Crypto Institutions shall explicitly be considered financial intermediaries and be directly subject to FINMA supervision. For crypto financial intermediaries currently supervised via SROs, this would prospectively result in a shift of supervision to FINMA.

The currently known roadmap is as follows:

• October 22, 2025: Opening of the consultation on the FINIG revision by the Federal Council.
• Until February 6, 2026: Consultation period; cantons, associations, and interested parties can submit their comments.
• From 2026/27: Following the evaluation of the consultation, the Federal Council's dispatch to Parliament will follow, and subsequently, parliamentary deliberation. Entry into force is realistically possible from 2027 at the earliest, depending on the political process.

Until entry into force, the current patchwork of banking, fintech, securities firm, asset manager, or pure AML structures will remain. However, the planned categories of Payment Instrument Institution and Crypto Institution already indicate the regulatory direction.

For existing and future providers in the crypto and payment sectors, the following questions arise in particular:

• Can the current or planned business model be classified more as a Payment Instrument Institution (Payment & Stablecoins) or as a Crypto Institution (Trading & Custody of crypto-based assets)?
• Is there already a license today (e.g., fintech license, securities firm) or only a subordination to the AML Act via an SRO – and what transitional or adaptation obligations are to be expected?
• Are governance, risk management, compliance, and AML/KYC processes designed to meet the stricter, FINMA-based requirements in the future?

Even if the new categories are not yet in force, it is worthwhile now to align regulations, contracts, organization, and business cases with the upcoming architecture – especially for institutions that want to strategically position themselves in the regulated crypto segment.

With the introduction of the new Crypto Institution licensing category, the supervisory framework for many providers in the crypto sector will change significantly. Numerous financial intermediaries currently supervised via an SRO would in the future be directly subject to FINMA supervision, with corresponding consequences for governance, organization, and compliance.

The associated requirements for structures, processes, and internal controls are substantial and in many cases necessitate a fundamental review and adjustment of existing compliance systems. An efficient, digitally supported implementation of these obligations will thus become a key success factor.

Against this background, the use of specialized RegTech solutions such as VELA can make an important contribution. The digital platform enables a systematic mapping of regulatory requirements, supports the documentation and monitoring of obligations, and thus contributes to a sustainable and audit-proof compliance organization.

Subordination to FINMA entails higher requirements for structure, documentation, and control. In addition to demonstrating AML compliance, prudential compliance elements must also be met in the future, such as formalized control processes, regular reporting, and internal audit mechanisms.

Crypto Institutions will require a clearly defined organizational structure with independent functions for compliance, risk management, and internal control (ICS). Increased requirements for qualifications, integrity, and oversight obligations apply to the executive board and board of directors. Even smaller providers must prepare to implement a structured governance framework with a responsibility matrix (Three Lines of Defence).

As Crypto Institutions are considered financial intermediaries, FINMA circulars on identification, monitoring, and risk analysis will be directly applicable in the future. In addition to existing AML obligations, increased requirements for transaction monitoring, risk analyses, and ongoing client due diligence are likely to be added – particularly in connection with stablecoins, cross-chain transfers, and Decentralized Finance (DeFi) structures.

Many crypto providers work with external custody, wallet, or cloud providers. Here, FINMA's outsourcing requirements (Circular 2018/3) will apply in the future: Outsourcing arrangements must be clearly regulated, control rights contractually enshrined, and data availability ensured. Cybersecurity and key management will also explicitly become part of compliance responsibility.

With the new license, extended reporting and audit obligations are likely to apply. These include annual reporting to FINMA, auditing by an approved audit firm, and ad-hoc notifications in the event of security-relevant or organizational incidents.

Companies currently subject to SRO supervision should promptly assess to what extent their structures already comply with FINMA requirements. This includes the adaptation of compliance frameworks, policies, risk analyses, and internal control mechanisms, as well as the formal appointment of individuals responsible for compliance and risk management.

The planned FINIG revision will elevate compliance in the crypto sector to a new level. Early alignment with future requirements not only provides providers with regulatory certainty but also a strategic advantage in an increasingly professionalized market environment.

For institutions that do not wish to build their compliance function internally, there is the option to outsource it to Velaw. Through compliance outsourcing, experienced specialists take over the operational and strategic implementation of relevant regulatory obligations. In combination with our digital compliance platform VELA, an integrated solution is created that combines expertise and technology. This enables institutions to fulfill their regulatory tasks securely, efficiently, and with a high degree of peace of mind. Further information can be found on our website at:

www.velaw.ch/leistungen/compliance-outsourcing

velaw AG was founded in Zurich in 2021 and combines legal expertise in the financial market and compliance environment with digital innovation. With our approach of "digital compliance meets legal expertise," we guide financial service providers through regulatory challenges in a practical, efficient, and solution-oriented manner.