EST · MMXXVI
Home/Jurisdictions/Crypto Regulation and Licensing in Switzerland
Licensing & Registration

Crypto Regulation and Licensing in Switzerland

Crypto Regulation and Licensing in Switzerland. Cross-border digital-asset legal counsel for business – licensing, disputes and structuring. Talk to OBOLUS.

Switzerland has established one of the most clearly articulated legal regimes for digital assets in the world. Under FINMA – the Swiss Financial Market Supervisory Authority – operators must map every business activity to an existing licence category before approaching a bank, onboarding clients or issuing a token. The question is not whether Swiss law covers your activity; it almost certainly does. The question is which regime applies and how the licence stack interacts with your cross-border footprint.

This page covers the FINMA regulatory perimeter, the available licence routes, the substance and capital expectations that determine whether an application succeeds, the AML posture that Swiss law requires, and the tax headline that shapes how operators structure their Swiss entities. It is the hub for OBOLUS's Switzerland scenario pages.

What Does FINMA Regulate in the Crypto Space?

FINMA applies Switzerland's existing financial-market legislation to digital assets through its published guidance on token classification and its supervisory practice – not through a single stand-alone crypto statute. The result is a layered regime that maps activity to the most appropriate existing law: banking law, securities law, collective-investment-schemes law, anti-money-laundering law, or the fintech licence framework.

The starting point is FINMA's token taxonomy, which classifies digital assets into three functional categories: payment tokens (used as a means of exchange), utility tokens (granting access to a service or platform), and asset tokens (representing an economic right over an underlying asset). Hybrid structures – tokens that combine characteristics of more than one category – are common in practice. Each category triggers different regulatory consequences, and a label applied in a whitepaper does not bind FINMA. What matters is the economic substance of the rights conferred on the holder.

A direct result of this substance-over-form approach: operators who describe their token as a "utility token" but structure it to confer profit-participation rights will find themselves inside the securities regime, irrespective of the marketing. In our practice, we conduct a pre-issuance classification review before any public communication goes out, because reclassification after the fact is significantly more costly than getting the analysis right at the outset.

The practical perimeter covers exchanges and trading platforms, custodians and wallet providers, stablecoin issuers, lending and borrowing platforms, and collective investment vehicles with digital-asset exposure. Each of these activities will engage one or more of the regulatory pathways described below.

What Are the Main Licence Routes in Switzerland?

Switzerland offers four principal regulatory pathways for digital-asset businesses, and the right choice depends entirely on the activity profile of the applicant. Each pathway carries distinct capital expectations, ongoing obligations and FINMA supervisory intensity.

The fintech licence (formally, the banking licence with the so-called "fintech exception") is the route most frequently used by crypto custody and payment businesses that take client deposits or hold client assets but do not engage in the full range of banking activities. It is a lower-threshold entry point than a full banking licence, but it still imposes meaningful capital requirements and organisational expectations. FINMA sets the minimum capital for this route at a level that varies by activity scope; the exact figure should be confirmed against current FINMA guidance before any commitment is made.

The full banking licence is required where a business accepts deposits from the public in a way that does not fall within the fintech exception. For most crypto businesses, this is the most demanding route in terms of capital, governance and ongoing reporting. It is the appropriate vehicle for a Swiss crypto bank – a structure several established operators have pursued. Capital expectations here are significantly higher than under the fintech licence.

The securities dealer (today reconstituted as an investment firm under the Financial Institutions Act) route applies where a business engages in proprietary trading in securities, operates a multilateral trading facility, or otherwise carries on investment-firm activity. Operators who intermediate in tokenised securities or run an exchange that lists asset tokens with securities characteristics will find themselves in this category.

Affiliation with a self-regulatory organisation (SRO) under the Anti-Money Laundering Act is the baseline requirement for any financial intermediary operating in Switzerland that does not hold a FINMA licence directly. A significant number of crypto businesses – including exchange operators and payment service providers – enter the Swiss perimeter via SRO affiliation as their first regulatory anchor, then layer on additional licences as activity grows. FINMA supervises the SROs; the SROs supervise their members. This indirect supervision model is a structural feature of Swiss financial regulation, not a lower-compliance route.

A note on the cross-border dimension: a Swiss entity that passports services into the European Union must separately address MiCA and the relevant national competent authority. Swiss regulatory status does not travel into the EU. Operators we advise regularly maintain a Swiss entity alongside an EU CASP authorisation (crypto-asset service provider authorisation under MiCA), or route EU client flows through a separately licensed EU subsidiary, to preserve Swiss banking relationships while meeting EU regulatory requirements.

For a scoped assessment of which licence route fits your business model, contact OBOLUS at info@oboluslaw.com. The process above describes the standard path. Your facts – the token structure, the client base, the custody model – change the analysis materially.

What Substance and Capital Does FINMA Expect?

FINMA applies the same substance expectations to digital-asset businesses that it applies to any financial intermediary: qualified management resident in or accessible to Switzerland, adequate internal controls, a governance structure that separates oversight from executive function, and capital that is genuine and unencumbered at authorisation.

On capital, the applicable minimum depends entirely on the licence category. The fintech licence sets a floor that is materially lower than a banking licence. An investment-firm authorisation sits in a range that reflects the nature and scale of the activity. All figures are subject to FINMA's current published requirements, which should be verified before any commitment to a structure; the registry marks these as requiring verification before use in client work, and we advise accordingly.

What FINMA consistently scrutinises in applications – across all categories – is the quality of the governance package rather than the nominal capital figure alone. Applications that fail in Switzerland tend to fail not on capital but on three recurring issues: management that cannot demonstrate relevant supervised-entity experience; an AML/KYC framework that is policy-rich but operationally thin; and a business plan that does not persuade FINMA the applicant genuinely understands the risk its activity creates.

In a recent licensing matter, a payments company approached us after a FINMA pre-inquiry came back with detailed questions about its outsourcing arrangements and the fitness of its proposed compliance officer. We restructured the governance package, identified a replacement compliance officer with direct Swiss supervisory experience, and resubmitted with a revised outsourcing framework. The application proceeded without further substantive challenge. Cases of this kind illustrate that the substance assessment at FINMA is qualitative as much as quantitative.

How Does the FINMA Application Process Work?

The FINMA authorisation process follows a structured sequence, and operators who approach it without preparation typically experience significantly longer timelines than those who engage counsel before submitting.

The recommended first step is a preliminary inquiry to FINMA – a written submission setting out the proposed business model and requesting FINMA's view on the applicable regulatory category. FINMA's response to a preliminary inquiry is not binding, but it is the most reliable signal available before a full application is filed. Many applicants skip this step in the belief that their model is clear-cut; in our experience, this regularly results in a formal application that misidentifies the relevant licence type.

Following the preliminary inquiry, the formal application package is assembled. The core components are broadly consistent across licence categories: a detailed business plan, draft AML and compliance policies, a governance chart with board and senior-management biographical information, a capital evidence package, and a technology and security assessment where custody or client-asset functions are involved. For investment firms and banks, an external audit report is a standard component.

The timeline from formal submission to authorisation varies by licence type and by the completeness of the application. For fintech licences and SRO affiliations, a well-prepared application moves materially faster than for a full banking licence. FINMA publishes indicative processing benchmarks, but in practice the dominant variable is responsiveness: incomplete applications, late responses to FINMA's questions, and governance changes mid-process all extend timelines. A full banking licence for a crypto-focused institution should be expected to take considerably longer than a fintech licence or SRO affiliation.

The cross-border complexity compounds this. An operator simultaneously pursuing a Swiss fintech licence and a MiCA CASP authorisation in an EU member state is managing two distinct supervisory processes with different timelines, different governance expectations and – critically – different banking-relationship implications. We manage these processes as a single coordinated mandate where possible, using allied counsel in the relevant jurisdiction for the EU leg.

What AML and Travel Rule Obligations Apply in Switzerland?

Switzerland has implemented the FATF Recommendations – including Recommendation 15 on virtual assets – into its domestic AML framework, and the Travel Rule (the obligation to pass originator and beneficiary data with a transfer) applies to Swiss-licensed and SRO-affiliated virtual-asset service providers.

The Travel Rule threshold – the transaction value above which originator and beneficiary information must accompany a transfer – is set by Swiss law and should be confirmed against current FINMA and SRO guidance; the registry records this as a figure requiring verification before client use. What is settled is the principle: any VASP or financial intermediary subject to Swiss AML law must implement Travel Rule-compliant processes for transfers above the applicable de-minimis.

In practice, this means Swiss-licensed operators must integrate with a Travel Rule solution provider, establish counterparty verification procedures for transfers to unhosted wallets, and maintain a sanctions-screening programme that covers OFAC, EU restrictive measures and the Swiss State Secretariat for Economic Affairs (SECO) sanctions list. SECO administers Switzerland's own sanctions regime, which runs in parallel to – but is not identical with – EU restrictive measures. Operators serving EU clients need both.

FINMA's supervisory expectation on AML is that the programme is genuinely operational, not merely documented. Periodic FINMA inspections and SRO audits test the programme against actual transaction data. Weak transaction monitoring – particularly monitoring that is calibrated on generic thresholds rather than the specific risk profile of the business – is among the most common findings in Swiss supervisory practice.

For operators with a cross-border footprint, the AML stack should address the jurisdiction of the entity (Switzerland), the jurisdiction of the users (EU, US, Asia), and the jurisdiction of the banking relationship. These three layers frequently involve different reporting and screening obligations. A sanctions hit that triggers no SECO obligation may still require OFAC reporting if the operator's bank is US-correspondent-bank-dependent.

What Is the Tax Position for a Swiss Crypto Entity?

Switzerland is a comparatively favourable tax environment for digital-asset businesses, but the headline rate is not the whole picture. The effective tax rate depends on the canton of incorporation, the characterisation of token proceeds, and the VAT treatment of the services the entity provides.

Switzerland does not apply a single national corporate tax rate. The combined federal and cantonal rate varies by canton, with certain cantons offering materially lower combined rates. Zug – Switzerland's established crypto hub – has historically offered a competitive combined rate, but the base has narrowed following OECD minimum-tax changes for larger groups. The specific rate applicable to your entity should be confirmed with Swiss tax counsel; the registry marks cantonal rate figures as requiring verification.

On token characterisation, the Swiss Federal Tax Administration's (FTA) published guidance distinguishes between payment tokens (typically treated as foreign currency for tax purposes), utility tokens (typically no VAT on issue; possible VAT on the underlying service), and asset tokens (income and capital-gains consequences vary). Staking rewards, mining income and DeFi yield each raise distinct characterisation questions that the FTA has addressed with varying degrees of clarity. An entity designing its Swiss token issuance or staking programme should build the tax analysis into the structure before the product launches.

VAT on crypto services is a point of genuine complexity. Switzerland's value-added tax law treats exchange services for payment tokens as exempt (parallel to currency exchange), but services that do not qualify for this treatment – including advisory services, certain custody services and platform-access fees – may attract Swiss VAT. For an operator serving both Swiss and EU clients from a Swiss entity, the VAT position must be modelled across both regimes.

If a prior application stalled or a banking relationship closed, a fresh structural analysis often surfaces the reason and the route forward. Write to info@oboluslaw.com to scope the work.

Which Operator Profile Should License in Switzerland?

Switzerland suits operators whose model requires the credibility of a rigorously supervised jurisdiction and who can meet the substance and capital expectations that FINMA imposes. It is not the right first choice for every business.

The operator profiles that consistently derive value from a Swiss structure are: established fintech and payments businesses that want a banking-proximate licence and access to Swiss banking rails; token issuers who want a legally classified token under a respected taxonomy that international counterparties recognise; investment firms running digital-asset strategies that require a securities-law-compliant framework; and family offices or asset managers seeking a regulated custody and portfolio-management structure for institutional clients.

By contrast, an early-stage operator with a minimal governance budget, no qualified management with supervised-entity experience, and a business model that has not yet achieved product-market fit will find the Swiss process disproportionately demanding. For that profile, a CASP authorisation in an EU member state or a registration in a common-law offshore hub may be the more appropriate starting point – with Switzerland as a subsequent layer once the business achieves the scale to support the substance requirement.

A decision matrix in practical terms:

Profile A – Established payments or exchange operator with EU/Swiss users: FINMA fintech licence as the primary Swiss anchor; MiCA CASP authorisation in an EU hub (Luxembourg, Malta or Lithuania) for the EU perimeter; SRO affiliation as the AML baseline in both. Timeline measured in months for the fintech licence; EU CASP timeline varies by member state and application completeness.

Profile B – Token issuer seeking a classified Swiss structure: preliminary FINMA inquiry for token classification; Swiss simple partnership or foundation for governance depending on token type; SRO affiliation mandatory if the entity acts as a financial intermediary in issuing or trading the token. Timeline from preliminary inquiry to SRO affiliation is generally a matter of weeks to a few months, depending on FINMA's processing load.

Profile C – Asset manager or fund manager with digital-asset exposure: investment-firm authorisation under the Financial Institutions Act, with a FINMA-licensed depository for the underlying assets. Timeline is the most extended of the three profiles; governance and capital expectations are at the higher end of the Swiss spectrum.

What Are the Most Common Mistakes in Swiss Crypto Applications?

Applications to FINMA fail or stall for identifiable, recurring reasons. Knowing them in advance materially improves the odds of a clean authorisation.

The first is misclassifying the token or the activity at the outset. An operator who files a fintech licence application for what FINMA will ultimately classify as securities-dealing activity wastes significant time and professional fees before the mismatch surfaces. A preliminary inquiry is not optional for novel structures.

The second is importing a compliance policy from another jurisdiction without adapting it to Swiss AML law. Swiss SROs conduct detailed audits of member policies, and a generic GDPR-era European AML policy that has not been calibrated to FINMA's and the SRO's specific guidance will not pass. The Travel Rule implementation, in particular, must reflect Swiss-specific thresholds and counterparty-verification expectations.

The third – and perhaps the most common in our cross-border practice – is failing to resolve the banking relationship before or alongside the licensing process. A FINMA licence without a functioning Swiss banking relationship is operationally useless. Swiss banks conduct their own due diligence on crypto clients, and a business that approaches a bank after receiving its licence, with no prior relationship, faces a second time-consuming process. The licence and the banking mandate should run in parallel from day one.

A common assumption among operators is that a single offshore licence – BVI, Cayman or a lightly supervised EU registration – is sufficient to serve Swiss and EU clients without separate Swiss authorisation. This assumption is incorrect. FINMA applies its regulatory perimeter on the basis of the Swiss nexus of the activity: Swiss clients, Swiss-resident directors with decision-making authority, or Swiss payment rails each independently engage the Swiss perimeter. The AML obligations imposed on Swiss financial intermediaries apply regardless of where the licensing entity is domiciled if the activity has a Swiss dimension.

Related at OBOLUS

FAQ

How long does a crypto licence take to obtain?

Timeline depends on the licence category and the completeness of the application. SRO affiliation in Switzerland typically takes a matter of weeks for a well-prepared applicant. A FINMA fintech licence takes longer – generally a number of months from formal submission to authorisation. A full banking licence or investment-firm authorisation takes considerably longer still. In all cases, incomplete applications and slow responses to FINMA's questions are the primary cause of delay. Parallel EU licensing adds further timeline variables governed by the relevant national competent authority under MiCA.

Which jurisdiction is best for licensing my crypto business?

There is no universal answer. Switzerland suits operators who need banking-proximate credibility, a recognised token taxonomy and the backing of rigorous FINMA supervision – and who can meet the associated substance and capital expectations. An early-stage business may find an EU MiCA CASP authorisation or an offshore VASP registration more proportionate as a starting point. The right answer depends on your activity profile, user geography, banking requirements and capital position. OBOLUS maps the full licence, banking and tax stack before recommending a structure.

Do I need a separate custody licence?

In Switzerland, custody of client assets is a regulated activity. An operator that holds client digital assets on a proprietary basis – controlling private keys or holding assets in its own name for clients – will engage the Swiss regulatory perimeter and must hold the appropriate FINMA authorisation or SRO affiliation. A fintech licence may suffice for lower-threshold custody operations; larger or more complex custody structures may require a banking licence. The analysis turns on the specific mechanics of how client assets are held. This question is one of the first we address in any Swiss licensing mandate.

OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance that sit around them. We map the licence stack across operating, custody and payment layers before you commit – structuring licensing, banking and tax as one mandate rather than three disconnected workstreams. Digital assets are the whole of our practice. To discuss your Switzerland licensing matter or your cross-border structure, contact info@oboluslaw.com.

By Aisha Tan, Licensing & Jurisdictions Analyst – specialises in multi-hub licensing strategy for exchanges, custodians and token issuers, with a focus on FINMA and the MiCA transition.

This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.

Tell us the task — we'll map your options in 30 minutes.

Fixed-fee packages with defined scope and SLAs. The first call is free and under NDA. Business clients only.

Map your optionsinfo@oboluslaw.com · t.me/oboluslaw · reply < 2 hours