In April 2026, FINMA published Guidance 02/2026, a survey of 19 Swiss banking institutions conducted at the end of 2025 examining how Swiss banks manage digital fraud. The findings are specific and require direct attention. Eight of the nineteen institutions surveyed, 42%, had no dedicated digital fraud policy. Seven had no standard response plan for fraud incidents. Three lacked any steering committee with responsibility for digital fraud risk. Approximately a quarter had no process for identifying emerging fraud trends. FINMA noted a steady rise in digital fraud cases since the end of 2022, driven by AI-generated attacks, deepfake technology, and the shift to online banking. The regulator concluded with an implicit warning: in the event of a spate of fraud cases, institutions may face temporary restrictions on certain services.
This guidance arrived eighteen months after Switzerland’s most significant change to its payments infrastructure in decades. Three structural pressures are converging on Swiss retail and commercial banks simultaneously, each one capable of standing alone as a strategic justification for AI investment. Together, they define the environment in which Swiss banks are now operating.
SIC5 has changed the fraud architecture of Swiss banking
On 20 August 2024, the Swiss National Bank and SIX launched SIC5 instant payments, the fifth generation of the Swiss Interbank Clearing system. The launch made Switzerland’s payments infrastructure current with the standard set by FedNow in the United States, the NPP in Australia, and Pix in Brazil. From that date, over 100 financial institutions covering more than 95% of customer payments in Switzerland could receive and process instant payments in seconds, around the clock. The remaining approximately 260 banks are required to participate by end of 2026.
The structural consequence is identical to every other market that has deployed real-time irrevocable settlement infrastructure. SIC5 settles payments irrevocably and with finality. A bank that scores fraud decisions on a batch basis, assessing patterns periodically rather than at the point of payment initiation, is making a prevention decision after the funds have already moved. The SIC5 processing window is ten seconds. Fraud filtering that is too permissive exposes banks to compliance and financial risk. Filtering that is too strict blocks legitimate payments. Operating within that ten-second window with sufficient precision to distinguish fraud from legitimate transactions is not achievable with rule-based threshold systems. It is an AI problem.
The Swiss Bankers Association’s collaborative fraud prevention study, covering the period from the SIC5 launch in August 2024 through March 2025, explicitly identified the SBA’s priority recommendation as a network-level real-time risk scoring service to flag suspicious payments as they happen. The SBA described this as especially critical as SIC5 volumes scale, noting that the speed of instant payments leaves almost no time to intervene once funds are transferred. That recommendation is an institutional acknowledgement that the current fraud infrastructure was designed for a payment architecture that SIC5 has superseded.
The fraud threat has arrived alongside the infrastructure
Switzerland’s experience of the SIC5 fraud problem is consistent with every other country that has implemented instant payments. Swiss crime statistics for 2024 recorded a 40% increase in cyber fraud cases to over 42,000 reported incidents, according to the Swiss Bankers Association. CEO fraud cases nearly doubled between 2023 and 2024. The National Cyber Security Centre identified phishing, invoice fraud, identity theft, and social engineering as the primary attack vectors. FINMA’s Guidance 02/2026 observed that AI-generated content, deepfake technology, and social engineering are the mechanisms driving the escalation. This is the same pattern documented by SABRIC in South Africa, by FinCEN in North America, and by BioCatch across APAC. Switzerland is not ahead of this problem. It is in the same position as every other market that has deployed real-time payment infrastructure before fully equipping its fraud prevention systems to defend it.
The Swiss Bankers Association’s preliminary study noted that Switzerland and Denmark report among the highest per-victim fraud losses globally, a distinction that reflects Switzerland’s high transaction values and wealthy customer base rather than exceptionally high fraud rates by volume. The consequence per error in Swiss banking is, by that measure, structurally higher than in most other retail banking markets. That makes the precision of fraud scoring more commercially consequential in Switzerland than in markets where average transaction values are lower.
FINMA Has Published Its Supervisory Direction Twice in Five Months
The governance dimension of the Swiss AI story is defined by two documents published within five months of each other.
FINMA Guidance 08/2024, published on 18 December 2024, established FINMA’s expectations for AI governance and risk management across all supervised institutions. The guidance requires institutions to maintain comprehensive inventories of all AI systems in use, conduct rigorous risk assessments, document AI governance frameworks, ensure explainability of AI-driven decisions, and conduct independent reviews of AI systems where applicable. FINMA’s April 2025 survey of approximately 400 licensed institutions found that around 50% used AI or had initial applications in development, with an average of five applications in use and nine in development. The finding that concerned FINMA most directly was that institutions focused their governance attention on data protection risks rather than model risks. Bias, lack of explainability, and lack of robustness were consistently under-addressed relative to FINMA’s expectations.
FINMA then published its comprehensive AI governance guidelines in April 2026, described by FINMA as the most significant regulatory intervention in AI within the Swiss financial sector to date. FINMA stated explicitly that board-level AI governance will be assessed as part of its regular supervisory review processes. The principle underlying both documents is consistent with FINMA’s broader supervisory approach: same business, same risks, same rules. Existing operational risk and governance frameworks apply in full to AI. The question FINMA will put to every board is direct: can you describe every AI system in production, the governance structure around it, and what your human oversight mechanism looks like in practice?
FINMA Guidance 02/2026 then applied the same lens to digital fraud specifically, with the survey findings described above. The combined signal from these two regulatory documents is unambiguous: FINMA is moving from observing AI adoption to examining AI governance, and from examining AI governance to examining digital fraud controls specifically. Swiss banks that cannot demonstrate governance-grade fraud AI, specifically explainable, auditable, and continuously monitored systems, are approaching examination cycles that will ask for documentation they have not yet built.
The dual compliance challenge for internationally active Swiss banks
Switzerland is not an EU member and Swiss banks operating domestically are governed by FINMA rather than the European Banking Authority or FCA. The EU AI Act does not apply to purely domestic Swiss operations. But Switzerland is home to international banks with EU branches, EU clients, and AI systems whose outputs affect EU residents. For these institutions, the EU AI Act’s extraterritorial reach means that EU-facing AI operations are simultaneously governed by FINMA domestically and by EU AI Act requirements for EU-affecting activities. The boundary between the two is not always clear and requires active legal assessment for each AI system in production.
Switzerland signed the Council of Europe’s AI Convention on 27 March 2025, signalling alignment with international AI governance standards. The Swiss Federal Council has instructed relevant departments to produce a plan for AI regulation compatible with both the EU AI Act and the Council of Europe Convention, with non-binding measures planned by end of 2026. The direction of travel for Swiss domestic AI regulation is toward the EU framework rather than away from it. Swiss banks that build AI governance infrastructure aligned with FINMA Guidance 08/2024 and the April 2026 comprehensive guidelines are simultaneously building infrastructure that positions them ahead of domestic legislative developments and supports EU AI Act compliance for their EU-facing operations.
The addressable value across Swiss retail and commercial banking
The opportunity for institutions that act is material across four decision categories. The Swiss market is smaller in absolute terms than North America, EMEA, or APAC, but the per-transaction consequence is higher, the FINMA supervisory signal is among the most specific in this series, and the SIC5 instant payment fraud surface will continue to expand as the remaining 260 banks join by end of 2026.
| Decision type | Estimated annual value | Basis |
|---|---|---|
| SIC5 real-time fraud prevention | CHF 0.8–1.8B | Swiss cyber fraud up 40% in 2024 to 42,000+ cases. CEO fraud doubled. SIC5 irrevocable settlement requires inline AI scoring. FINMA Guidance 02/2026 found 42% of banks have no digital fraud policy. (Swiss crime statistics 2024; FINMA Guidance 02/2026) |
| AML programme efficiency | CHF 1–2.2B | Switzerland’s AML obligations under FATF standards and strengthened beneficial ownership requirements. Rule-based alert systems produce identical false positive burden to global benchmark. AI reduces analyst cost while improving genuine detection rates. (Industry estimates; Swiss AML framework) |
| Commercial credit and fraud prevention | CHF 0.6–1.5B | Invoice fraud and CEO fraud among fastest-growing attack categories. AI document verification and behavioural anomaly detection directly address dominant commercial fraud vectors. (Swiss Bankers Association; NCSC 2024) |
| FINMA AI governance compliance | CHF 0.4–1B | Cost of retroactively building governance infrastructure (AI inventories, explainability documentation, independent review processes) into existing production models. Typically 3–5× the cost of building it in from the start. (Industry estimates; FINMA Guidance 08/2024) |
| Total | CHF 2.8–6.5B | Ranges are order-of-magnitude estimates. CHF/USD approximately at parity. SIC5 fraud category sourced from primary data; other categories are industry estimates. |
The SIC5 fraud category is the most precisely sourced: the 40% increase in cyber fraud and the FINMA findings are primary data. The AML and commercial fraud categories are industry estimates consistent with global benchmarks applied to Swiss market size. The governance compliance category reflects the observed cost differential between proactive and reactive AI governance investment, which is consistent across every market in this series.
Part 1 of 3.
Sources
FINMA. Guidance 02/2026: Digital Fraud at Banks: Survey Findings and Supervisory Expectations. April 2026. FINMA. Guidance 08/2024: Governance and Risk Management when using Artificial Intelligence. 18 December 2024. FINMA. Comprehensive AI Governance Guidelines. April 2026. FINMA. Survey on AI Use in the Swiss Financial Sector. April 2025. Swiss National Bank / SIX. SIC5 Instant Payments Launch. 20 August 2024. Swiss Bankers Association. Results of the Preliminary Study on Collaborative Fraud Prevention. March 2025. Swiss Bankers Association. Preventing Fraud in Swiss Payments. December 2025. Swiss Federal Statistical Office. Crime Statistics 2024: Cyber Fraud Cases. Republic of Switzerland. Federal Act on Data Protection (nFADP). In force September 2023. Council of Europe. AI Convention: Switzerland signature, 27 March 2025. 27 March 2025.
