Anti-money laundering in 2022

How can banks improve in 2022 when it comes to anti-money laundering obligations?

Banks should adopt a holistic view in managing and monitoring risks. A more systematic approach will help banks prepare for new waves of regulations while strengthening the trust of their clients and stakeholders.

To meet the expectations of supervisory authorities and bank shareholders, what do we need to be aware of in 2022? Here is a quick overview of what you should have on your radar based on our experience, what we are seeing in the market and indications given by the Swiss Financial Market Supervisory Authority (FINMA) and other foreign regulators.

Evaluate the quality of your "Know Your Client (KYC)" data

In recent years, many banks have chosen – or have been forced – to implement KYC data remediation procedures. Such processes are designed to improve the quantity, quality and structure of information concerning clients and in particular, the client’s source of wealth, the source of funds as well as the development of their career and funds. This is set to continue in 2022. The KYC data must be complete, documented and precise enough to enable a third party to obtain detailed knowledge of the client from the data alone. If this is not the case, targeted remedial action should be provided.

Reto Gareus

Partner, Financial Services, Regulatory & Compliance

KPMG Switzerland

Corroboration of the origin of the assets

Regulators make it clear that financial institutions must obtain and hold records of the documents that corroborate the origin of a client's wealth. Clients must document and provide sufficient evidence of the source of their assets. The higher the risk associated with the client, the more important it is to confirm the source.

Periodical review of clients without increased risk

The new Anti-Money Laundering Act (when it comes into force) sets out the principle that clients without increased risk will need to be reviewed periodically. This will be a major undertaking for banks, requiring considerable resources and time. Banks would be well-advised to start planning these periodical reviews and define the methodology (review of KYC data, transactions, public information, etc.).

Criteria for increased risk regarding clients and transactions

We see that banks are increasingly asked about the adequacy of their risk criteria concerning clients and transactions: are they aligned with the bank's activity and clientele? Are the current criteria relevant or are some criteria more pertinent? Can the bank provide data for all the criteria? It doesn’t need to be complex – a model that corresponds to the risk appetite and characteristics of the bank will suffice.

Dividing compliance tasks between the first line and second line of defense

FINMA is of the opinion that compliance tasks are, for the time being, primarily carried out by the compliance team, i.e., the second line of defense. Such teams are experts in the field. However, if this is the case, this means that the bank has only one effective line of defense, which is inadequate. Tasks related to compliance should therefore predominantly be carried out by the front (first line of defense) under the supervision of the second line of defense. For that reason, FINMA is in the process of stipulating that major banks perform the majority of compliance tasks within the first line and monitor them within the second line. This results in personnel and responsibility being shifted towards the first line.

Consequence management

With this rather obscure term, FINMA refers to how banks, in order to evaluate relationship managers' performance, must not only take their financial results into account, but also their implication in carrying out compliance tasks. If relationship managers are negligent or careless, this should be reflected in their total compensation (reducing the manager's bonus, for example). Banks must therefore define performance indicators that enable a clear understanding of the work undertaken by the front office regarding compliance and set up a mechanism that impacts compensation.

Relationship with external managers and business introducers

External managers will certainly be better monitored with the implementation of the Financial Services Act (FinSA). However, this is likely inadequate in the eyes of regulators as far as risk management is concerned, given the fact that, for these business relationships, there is a greater distance between the bank and the client. Banks should implement a procedure – similar to the system in place for clients – for categorizing external managers and business introducers according to risk, conduct regular due diligence and monitor them according to their respective risk category.


This list is by no means exhaustive (we could have mentioned the automation of compliance tasks, consolidated supervision, regulatory watch, outsourcing, crypto assets, etc.), but there is a clear trend: We believe that in order to improve in 2022, banks should adopt a holistic view in managing and monitoring risks. A more systematic approach will help banks prepare for new waves of regulations while strengthening the trust of their clients and stakeholders

This article was first published in French on