Part of our complete guide to negative news screening for Swiss banks. This post is the deep dive on the Swiss AML evidence rules under FINMA Circular 2023/1; the guide covers the end-to-end picture.
Swiss AML obligations are easy to summarise wrong. There is no single "AML circular" that tells a financial intermediary how long to keep evidence, what evidence counts, or what an examiner expects to see. The obligations are split across the Anti-Money Laundering Act (AMLA / GwG, SR 955.0), the FINMA Anti-Money Laundering Ordinance (AMLO-FINMA, SR 955.033.0), the SBA self-regulation (CDB 20), and, for the operational and data-integrity side, FINMA Circular 2023/1 on operational risks and resilience.
This post maps the obligations that bear on screening evidence specifically, and outlines what a system has to do to be ready for the examiner who reads them.
The three articles that matter most
The substance of the AML evidence obligation lives in three places.
AMLA Art. 7: record-keeping
Article 7 of the Anti-Money Laundering Act requires financial intermediaries to keep documents so that they can fulfil their AMLA duties, including responding within reasonable time to requests from prosecution authorities. The retention period in Art. 7 para. 3 is ten years after termination of the business relationship or completion of the transaction. The 2023 revision of AMLA (in force 1 January 2023) added Art. 7 para. 1bis, which requires that records be periodically reviewed and updated, with the periodicity and scope set on a risk basis.
For screening, this is the floor. Identification records, beneficial owner records, and the underlying decision-supporting evidence have to survive a decade in a usable form.
AMLO-FINMA Art. 22: the reconstruction obligation
This is the article most often quoted in regulatory examinations and the one most institutions underestimate. Art. 22 of AMLO-FINMA requires that documents and supporting evidence be prepared so that individual transactions can be reconstructed, and that the documentation be understandable to a knowledgeable third party.
The ordinance is specific about who that third party is: FINMA itself, FINMA-engaged auditors (FINMASA Art. 25), FINMA-appointed investigators (FINMASA Art. 36), and audit firms approved by the audit oversight authority. Reconstruction has to land at that audience, not at an internal one.
A common operational misreading is to treat Art. 22 as a record-keeping obligation. It is not. Record-keeping says "store the data". Reconstruction says "prove a third party can use it". The two tests diverge in practice. Most AML stacks pass the first and quietly fail the second.
FINMA Circular 2023/1 Chapter IV.D: critical data risk management
Circular 2023/1 is not an AML circular (it covers operational risks and resilience for banks, in force from 1 January 2024), but its Chapter IV, Letter D on Critical Data Risk Management has direct operational implications for AML screening infrastructure.
The chapter expanded the previous focus on confidentiality of client identifying data to all three of confidentiality, integrity, and availability. Banks have to identify, categorise, and inventory critical data across the three dimensions; maintain an inventory of storage locations; define risk-tolerance KPIs; apply controls across the entire data lifecycle; and report to FINMA when integrity or availability of critical data is materially affected.
For screening, this matters because AML evidence is critical data by any reasonable interpretation of the test. Tamper-evidence (integrity) and reconstructability (availability) are not just AML asks any more. They are operational-resilience asks under 2023/1 as well.
AMLA Art. 7 sets the retention floor. AMLO-FINMA Art. 22 sets the reconstruction bar. Circular 2023/1 Ch. IV.D sets the data-integrity expectation around the same evidence. A screening system that is serious about Swiss compliance has to clear all three, not pick one.
What examiners ask for
The cleanest signal for what an examiner expects comes from FINMA's own public enforcement record. The recent AMLA-related cases (Credit Suisse / FIFA / Petrobras / PDVSA (2018), Credit Suisse / Mozambique (2021), the Julius Baer Latin America matter (2020), and the Julius Baer 2024 enforcement decision) do not turn primarily on missing documents. They turn on documentation and reporting that, when produced, did not support the bank's earlier decisions defensibly.
The pattern is reliably:
- The records exist.
- The records can be retrieved.
- The records, in retrospect, do not show what would have justified the decision an examiner is asking about.
A screening system designed only to satisfy item 1 is the kind of system that shows up in these enforcement files. Items 2 and 3 are where Art. 22 actually lives.
What that means for screening systems
Translating the obligations into system properties:
- Inputs as captured, not as re-rendered. The evidence an examiner needs to see is what the analyst was looking at when the decision was made. Captured snapshots of search results, registry pages, and uploaded documents, not links that resolve to today's content.
- Stable identity at write-time. The reviewer's identity, role, and
authority have to be frozen at the moment of capture. "Reviewer:
Maria Schmidt, then VP Compliance, employee 4413" is reconstructable.
A bare
user-id 4413resolved against the current directory is not, if Maria has since left or changed role. - Tamper-evidence over the evidence itself. Storage immutability alone is not enough; the institution should be able to prove, without trusting any single component, that the evidence shown today is what was captured then. SHA-256 chains anchored externally are one approach. See our evidence-chain post for more.
- Schema preservation. Investigations from year X should be readable in their year-X schema, not silently re-shaped by every subsequent schema migration. Either preserve the historical view or backfill explicitly with documented mappings.
- Reasoning, structured. Free-text decision rationale is the category that ages worst. Structured reason codes (with optional free-text supplements) reconstruct cleanly when the original analyst is no longer available to interpret their own notes.
Most AML stacks were built to satisfy "store the data". The reconstruction obligation in AMLO-FINMA Art. 22 is "prove a third party can use it". The systems that pass the first test and fail the second is what enforcement actions tend to look like in retrospect.
What about Circular 2016/7?
FINMA Circular 2016/7 on video and online identification specifies how digital methods can satisfy CDB and AMLA identification duties. It is procedural (about how to identify) rather than an evidence-retention regime. Retention and reconstruction obligations for the resulting records still live in AMLA Art. 7 and AMLO-FINMA Art. 22.
FINMA opened a partial revision of 2016/7 in December 2025, running to February 2026, anticipating the Federal Act on Electronic Identity (e-ID) entering into force mid-2026. Worth tracking if you operate a digital onboarding flow.
Where to start if you are auditing your own setup
Three exercises that surface the most useful gaps:
- Pull a five-year-old completed investigation at random and ask someone who did not work on it to write a defensible timeline of the decision in 30 minutes. (Drill protocol here.)
- Verify a captured artifact's integrity against its hash, then simulate the storage layer being compromised, and verify whether the institution can still prove the artifact has not changed. If the answer depends on trusting the database, the integrity story is incomplete.
- Inventory critical data, in the sense of Circular 2023/1 Ch. IV.D (including AML evidence stores, audit logs, and identity-reference data), and confirm the integrity and availability controls match the stated risk tolerance. Most institutions did this inventory for the operational-resilience deadline and quietly discovered which AML evidence stores were not really covered.
If your team is mid-way through any of these and want to compare notes, we are easy to reach. The frame we work from is that AMLA Art. 7, AMLO-FINMA Art. 22, and Circular 2023/1 Ch. IV.D are not three separate compliance projects. They are three angles on the same operational property: evidence that can be defended on demand, by a person who was not in the room.
