Negative news screening for Swiss banks: the complete guide

If you have been asked to bring your bank's negative news screening "up to standard" and you are reading this on a Tuesday morning with a FINMA examination on the calendar for Q3, this is the page you bookmark and forward to your team. It is the canonical guide we wish existed when we started building NNSFlow with Swiss compliance officers, internal auditors, and procurement leads. It will not flatter your existing setup, and it will not pretend the obligation is easier than it is. What it will do is map the obligation end to end (statute by statute, control by control, evidence property by evidence property) and link out to the deeper material on each of the parts.

The audit nightmare is concrete. A FINMA-engaged auditor under FINMASA Art. 25, three years from now, asks why your private bank cleared a specific high-net-worth onboarding in 2026 when the counterparty's controlling shareholder was, in fact, the subject of a German-language press allegation that month. Your team pulls the file. The screening ran. A search was performed. The disposition reads "no concerns". The article does not appear in the captured evidence. The analyst has since left. The reviewer has since changed roles. The link in the notes field, when clicked, returns a 404. This is the failure mode the rest of this post is structured to prevent.

The intended audience is a compliance officer, a procurement lead, an internal auditor, or a CTO at a Swiss financial institution who needs a single coherent view of what negative news screening involves, written by someone who has built it. It is not a marketing document and it is not a vendor pitch. It cross-links every one of our 15 deeper posts on specific topics in this cluster, so you can follow any thread to its substance without us re-deriving it here.

What negative news screening is

Negative news screening (NNS, also called adverse media screening) is the structured search of publicly available information for derogatory or risk-relevant facts about a counterparty. The counterparty is usually a client or a beneficial owner. The facts are usually allegations or findings of money laundering, fraud, sanctions evasion, corruption, terrorist financing, or related predicate offences. The output is documented evidence that informs a money-laundering risk assessment under Swiss AML rules.

The function is straightforward to describe and operationally demanding to execute well. The substantive 101 explainer, including the worked example of a Zurich-based cantonal bank onboarding a Swiss SME, lives in our practical definition of negative news screening for Swiss compliance teams. If you are entirely new to the topic, that post is the prerequisite reading. The rest of this guide assumes the definition.

The thing to fix in mind before going further is that "negative news screening" is a pragmatic umbrella term, not a regulator-defined one. The Wolfsberg Group's 2022 FAQs use it specifically to mean information available in the public domain that financial institutions would consider relevant to the management of financial crime risk. That is narrower than adverse media in general, which extends to reputational and material business news. In practitioner usage the two terms slide into each other; the legal exposure does not.

The screening categories disambiguated

Procurement decks routinely collapse four distinct things onto a single line item called "screening". They are not the same. Mixing them up costs money at audit time and during vendor selection.

The four categories sit on a spectrum from rule-bound and binary to judgement-bound and probabilistic.

• Sanctions screening is list-based, binary, and mandatory. The Swiss legal anchor is the Federal Act on the Implementation of International Sanctions (Embargo Act, EmbA, SR 946.231), with the SECO consolidated list as the legal reference; the international anchors are FATF Recommendations 6 and 7 on targeted financial sanctions.
• PEP screening is rule-bound on the definition (foreign, domestic, international-organisation PEPs, plus family members and close associates per FATF Recommendations 12 and 22) and risk-based on the response under AMLA Art. 6 and AMLO-FINMA.
• Adverse media is probabilistic and broad. Inputs are unstructured: news, regulatory press releases, court filings, NGO reports. The implicit obligation traces through FATF Recommendation 10 on customer due diligence and ongoing monitoring.
• Negative news (in the Wolfsberg sense) is the financial-crime-relevant subset of adverse media. The 2022 Wolfsberg FAQs are explicit that NNS is not a zero-tolerance process and the level applied should be proportionate to the risk profile of the relationship.

The full disambiguation, with side-by-side mandate, frequency, and evidentiary-bar matrix, is the substance of our post on negative news vs sanctions vs PEP vs adverse media screening. The headline finding: only sanctions screening has a hard legal floor where failure is a legal violation (asset freezing not performed). The other three are control deficiencies, which is serious but different. All four feed the same evidentiary obligation under AMLO-FINMA Art. 22.

A common operational anti-pattern is treating sanctions hits as auditable by default (because they are binary) and adverse-media decisions as auditable on a best-effort basis (because they are judgement-bound). Five years later an examiner asks for the reasoning behind an adverse-media disposition and the trail is sparse. The examiner's question does not soften because the input was probabilistic.

The Swiss regulatory framework

There is no Swiss statute or circular titled "Negative News Screening". The obligation is implicit in a small number of texts that are read together. Four do the heavy lifting.

AMLA Art. 6: the clarification duty

Article 6 of the Anti-Money Laundering Act (AMLA / GwG, SR 955.0) requires financial intermediaries to clarify the economic background and purpose of a transaction or business relationship if it appears unusual, or if there are indications that assets stem from a crime, or if the counterparty is on a sanctions list, or if the relationship is otherwise high-risk. The clarification has to be "appropriate to the circumstances".

NNS is one of the core tools institutions use to satisfy this duty. The article does not say "do an adverse media search" in those words, but the clarification owed under Art. 6 is substantively impossible to discharge without one. If a counterparty has been publicly named in a corruption investigation and the institution did not look, the gap is hard to defend.

AMLA Art. 7: record-keeping and the 2023 periodic review

Article 7 requires financial intermediaries to keep documents so they can fulfil their AMLA duties, including responding within reasonable time to requests from prosecution authorities. The retention period in Art. 7 para. 3 is ten years from termination of the business relationship or completion of the transaction.

The 2023 AMLA revision (in force 1 January 2023) added Art. 7 para. 1bis, which requires that records be periodically reviewed and updated, with the periodicity and scope set on a risk basis. That revision is what made periodic re-screening of the existing book explicitly an obligation, not just an industry norm. For NNS specifically, Art. 7 sets the floor: ten years, in a usable form, including the search results and the analyst's reasoning.

AMLO-FINMA Art. 22: the reconstruction obligation

Article 22 of AMLO-FINMA (SR 955.033.0) goes further. It requires that documents and supporting evidence be prepared so that individual transactions can be reconstructed, and that the documentation be understandable to a knowledgeable third party. The ordinance is specific about who that third party is: FINMA itself, FINMA-engaged auditors (FINMASA Art. 25), FINMA-appointed investigators (FINMASA Art. 36), and audit firms approved by the audit oversight authority.

Most institutions read Art. 22 as a record-keeping obligation. It is not. Record-keeping says "store the data". Reconstruction says "prove a third party can use it". The two tests diverge in practice and most AML stacks pass the first while quietly failing the second.

FINMA Circular 2023/1 Ch. IV.D: critical data risk management

FINMA Circular 2023/1 on operational risks and resilience for banks (in force from 1 January 2024) is not an AML circular, but its Chapter IV, Letter D on Critical Data Risk Management has direct operational implications for NNS infrastructure. The chapter expanded the previous focus on confidentiality of client identifying data to all three of confidentiality, integrity, and availability. NNS evidence is critical data by any reasonable interpretation of the test, which means tamper-evidence and reconstructability are operational-resilience asks now, not just AML asks. Our deeper post on what Swiss AML rules actually require for screening evidence walks through the combination article by article.

nFADP and the data-protection layer

The revised Federal Act on Data Protection (FADP / DSG, SR 235.1), in force since 1 September 2023, sits alongside the AML stack. The "AMLA wins" framing is correct only for AMLA-required records. Outside that scope (analyst notes that did not become evidence, abandoned drafts, browsing artefacts) the nFADP destruction obligation applies in full. PEP and sanctions screening qualifies as high-risk processing under Art. 22 nFADP, so a written DPIA is required regardless of headcount; the small-organisation exemption does not apply. Our post on nFADP and AML files: what actually changed for Swiss FIs in 2023 goes through the five obligations that matter for an AML system, including the cross-border transfer mechanics under Arts. 16 and 17.

The risk-based approach

The phrase "risk-based approach" appears in almost every Swiss AML policy document and functions, in most of them, as a slogan rather than a control. FINMA does not accept that ambiguity. The legal hooks are in three places.

AMLA Art. 6 obliges intermediaries to clarify when there are indicators of unusual circumstances or heightened money-laundering risk. AMLO-FINMA Arts. 13 to 19 operationalise this: Art. 13 requires risk classification with documented criteria, Arts. 14 and 15 enumerate higher-risk categories, Arts. 16 to 18 define the additional clarifications for higher-risk relationships, and Art. 19 covers the periodic review obligation. FINMA Circular 2023/1 expects integrity and availability controls over the same evidence used to back the risk-based decisions.

The international anchor is the FATF guidance on the risk-based approach for the banking sector, which Switzerland operationalises domestically. FATF Recommendation 1 puts the obligation plainly: institutions must identify, assess, and understand their ML/TF risks and take commensurate measures.

The practical consequence is that a Swiss FI cannot run a flat "once a year for everyone" review schedule and call it risk-based. The cadence has to vary by classification, and the variance has to be documented. Frequency and depth are two dials, not one. Risk band drives the cadence; the line of defence (LoD1 front office, LoD2 compliance, LoD3 audit) drives the depth; events override both.

What a defensible cadence matrix looks like, what feeds the classification, the trigger taxonomy that overrides scheduled reviews, and how LoD1/LoD2/LoD3 maps cleanly onto the framework, is the substance of our post on the risk-based approach to AML screening: how often, how deep, for whom.

What FINMA wants in audit is not a single risk score but the documented rationale behind it: the factors that fed the classification, the cadence applied, and the justification for any deviation. The recent FINMA enforcement record bears this out repeatedly.

The screening lifecycle

NNS is not a single event. It runs across the lifecycle of a relationship in three distinct triggers, each with its own cadence and evidence expectation, and a disposition workflow that holds the output together.

Onboarding

The first NNS pass runs at account opening, before the business relationship is established. The CDB 20 identification process (CDB 20) and the AMLA Art. 6 clarification duty land here. For low-risk relationships the pass can be light; for high-risk relationships the pass is part of enhanced due diligence and tends to involve multiple sources, multiple languages, and four-eyes review.

Periodic re-screening

AMLA Art. 7 para. 1bis (added in 2023) makes periodic review explicit. The practical interpretation is that high-risk relationships get re-screened more often than low-risk ones, the cadence is documented, and the cadence is followed. Annual is common for high risk; longer intervals are common for low risk. The cadence is itself part of the record because an examiner will ask "what is your periodicity, and where is the evidence you stuck to it?".

Event-driven re-screening

A change in the relationship triggers a re-screen. New beneficial owner, new transaction pattern, new jurisdiction of operation, new public allegation surfaced through monitoring, sanctions designation, PEP status change, atypical transaction. AMLO-FINMA's general expectation is continuous review of risk during the relationship, not only at fixed checkpoints. Event-driven NNS is what closes the gap between two scheduled periodic reviews. A trigger that depends on an analyst happening to read the news is not really a trigger, it is a hope; the policy needs a defined ingestion path for each category.

The disposition workflow

Every alert, hit, and review needs to land on a disposition that reads cleanly years later. A standard five-code disposition vocabulary (closed-no-match, closed-false-match, closed-true-match, escalated, pending) is the cheapest single intervention that improves audit defensibility. False-positive rates of 90% to 99% are typical for sanctions and PEP screening at Swiss FIs and are not, in themselves, a finding. What FINMA examines is whether each closure can be justified by reading a single record, years after the analyst who made the decision has left the firm.

The full vocabulary, the threshold-tuning vs contextual-disambiguator trade-off, and the structured-reason-codes-versus-free-text discussion is in our post on managing false positives in AML screening: a Swiss-aligned disposition framework. The headline finding: an audit that finds inconsistency between two analysts disposing of structurally identical alerts is more damaging than one that finds a high overall false-positive rate. Inconsistency suggests the framework is not real.

Four-eyes review

The Basel Committee's Principles for the Sound Management of Operational Risk and the older Framework for Internal Control Systems in Banking Organisations treat segregation of duties as a baseline expectation. ISO 27001 lists segregation of duties as a control. Swiss FIs inherit it through general internal-control obligations. The implementation, however, is yours.

A four-eyes implementation that survives an audit needs server-side eligibility predicates that check different employee IDs, separation rules, and reporting relationships, not just two distinct sessions. Approval has to be of a frozen snapshot (decision, evidence, hashes, notes), not the live investigation. Edits after submission start a new approval cycle. Every state transition becomes an audit log row with timestamp, actor, reason, and snapshot hash. Exception handling (vacation delegation, emergency override, late-discovered conflicts) is harder than the happy path, and is exactly what auditors test. The architecture is the substance of our post on the four-eyes principle: from regulation to system architecture.

In NNSFlow, the LoD level is a property of both the user and the investigation. LoD1 users perform initial screening; LoD2 users run the deep investigation and four-eyes approval; LoD3 users have read-only access for retrospective review. The default configuration sets the minimum reviewer LoD for four-eyes approval to LoD2 and the minimum LoD for PEP-touching cases also to LoD2. The mapping between user role, LoD level, and permitted actions is configurable per deployment.

Source selection

Once the workflow is right, the open question is what the workflow runs against. NNS draws on multiple source categories that map imperfectly onto vendor markets.

Sanctions data: OpenSanctions vs World-Check

The two providers most Swiss FIs evaluate are OpenSanctions and LSEG's World-Check One. The transparency asymmetry is itself information. OpenSanctions publishes its source list (320+ data sources in the Default collection), refresh schedule (Default rebuilt every 6 hours), licensing (CC BY-NC 4.0 with paid commercial options), and the open-source Yente matching engine. World-Check publishes coverage claims (240+ countries, 300+ sanctions programmes, 900+ lists) but reserves operational specifics to NDA contracts.

OpenSanctions tends to fit institutions that want self-hosting, source transparency, and predominantly European retail volumes. World-Check tends to fit institutions with broader jurisdictional exposure (Latin America, Africa) and demanding PEP coverage. Whichever is chosen, the FATF R.6/R.7 sanctions obligations sit with the institution, not the vendor; AMLO-FINMA Art. 22 reconstruction requires that vendor match metadata survive a five-year audit. The deep procurement-side comparison, with the questions to ask in the RFP and the concrete tests to run during evaluation, is in our post OpenSanctions vs LSEG World-Check: how to evaluate them for Swiss FIs.

NNSFlow integrates with OpenSanctions through the open-source Yente matching engine for sanctions and PEP screening. The platform records PEP tier assignments (PEP, RCA, Associate, Not PEP) on the entity profile and enforces 4-eyes approval overrides for PEP-flagged relationships even when the global four-eyes policy is otherwise relaxed.

PEP data

PEP data is typically sourced from commercial or open data providers rather than a single official list. Commercial options include Dow Jones Risk and Compliance, LSEG World-Check One, and Moody's KYC. The OpenSanctions PEP dataset, with its documented methodology, represents individuals as PEPs while they hold a position or for up to five years after they leave it (subject to position type and data quality). National open data sources (parliament rosters, government appointments, party officer lists) are useful for verification against vendor data rather than as a primary source.

Adverse media

Adverse media sourcing is the messy category. Inputs are unstructured: news articles, regulatory press releases, court filings, regulator enforcement notices, NGO reports. Two providers with similar coverage claims can return wildly different hit sets on the same name because the underlying entity recognition and relevance models differ. The probabilistic nature is the source of most operational complaints. NNSFlow does not maintain a proprietary adverse-media index. Adverse media sourcing is via the configured search integrations and captured into the evidence trail; institutions that want a purpose-built adverse-media feed bring their own and we capture the outputs into the same evidence model.

Public registries

Commercial register extracts, real-estate registries, sanctions ordinances published by SECO, court calendars, regulator enforcement notices. These are typically authoritative but fragmented and language-specific. A serious NNS workflow on a multilingual book runs registry checks in the local language of the counterparty's domicile and source-of-funds country, not English by default.

Evidence preservation

What survives in the file is the load-bearing artefact. Five properties hold up at audit.

Snapshots, not links

The captured evidence is what the analyst saw at the moment of review. URLs rot, paywalls change, CDNs move assets. A link in a 2026 investigation file pointing to a third-party news site is overwhelmingly likely to be broken or changed by 2031. The article itself, captured as HTML or PDF and stored in the evidence layer, is what survives.

Structured reasoning, not free text

"False positive, name collision" is defensible if it is captured as a structured reason code with the matched entity name and the disambiguating fact. The same idea written as freeform "not the same person" in a notes field is much harder to defend five years later, especially if the analyst has left the firm. Structure where you can; supplement with free text where you cannot.

Reviewer identity frozen at write-time

"Reviewer: Maria Schmidt, then VP Compliance, employee 4413, delegated authority X, supervised by Y" reconstructs cleanly. A bare user-id 4413 resolved against the current directory does not, if Maria has since changed roles, left, or had her authority revoked.

Tamper-evidence over the underlying evidence

Storage immutability alone is not sufficient. The institution should be able to prove, without trusting any single component, that the evidence shown today is what was captured then. SHA-256 chains anchored externally are one approach. The pattern is well-trodden: Certificate Transparency (RFC 6962, with its successor RFC 9162) applies the same idea to TLS issuance using a Merkle tree. The cryptography is not the hard part; making the chain head escape the institution's control before anyone has reason to forge it is. Public blockchain anchoring is technically attractive but uniformly rejected by regulated banks; internal HSM signing, separate-team append-only logs, and notary publication are the practical anchors. The full design discussion is in our post on building tamper-evident evidence with SHA-256 hash chains.

Reconstructable end-to-end

The combination of the four properties above produces the property that matters most: a third party who has never seen the case can pick up the file in 2031 and write a defensible timeline of why the decision was made. That property is what AMLO-FINMA Art. 22 actually asks for. The cheapest way to verify it is to run the drill against your own system before someone else does. The protocol (selector discipline, random selection, 30-minute time box, written output, common findings) is the substance of our post on how to run an audit drill on your AML screening system.

Record-keeping says "store the NNS evidence". Reconstruction says "prove a third party can use it". Most NNS deployments pass the first test and quietly fail the second. The systems that show up in enforcement files tend to be the ones where item 1 was the only test that ever ran.

Tooling decisions

By the time an institution is shopping for an NNS platform, the question is rarely "do we need this?". It is "what do we need, from whom, on what terms, deployed how?". Three substantive sub-questions matter.

In-scope (NNS) vs out-of-scope (transaction monitoring)

Transaction monitoring detects anomalous payment flows on data the bank already owns. Negative news screening clarifies what the open record says about a specific entity at a specific moment using data the bank does not own. The two are different categories with different vendor markets. Buyers conflate them at procurement and discover the gap in production. The integration points that matter are the alert intake, the entity reference, and the audit trail that ties the two records together. NNSFlow is a negative news screening and evidence platform, not a transaction monitoring system. The full breakdown of the handoff, the data model differences, and where to draw the line is in our post on transaction monitoring vs negative news screening: where they meet, where they don't.

Vendor due diligence

FINMA Circular 2018/3 Outsourcing: banks and insurers governs the relationship between a regulated FI and any third party performing a function the bank would otherwise perform itself. The circular has been in force since 1 April 2018; the transition for existing arrangements ended 1 April 2023, so all arrangements are now subject to it. AML and sanctions screening, when the vendor materially influences whether a client can be onboarded or a transaction can settle, is "significant" outsourcing by any reasonable reading.

The bank, its external auditors, and FINMA itself must have the contractual right to inspect and audit the outsourced function at any time, without restriction. Generic security questionnaires (SIG, CAIQ, SOC 2, ISO 27001) are the floor; the Swiss-specific asks come from FINMA 2018/3, Banking Act Art. 47 on banking secrecy, and FINMA 2023/1 on resilience. ISO 27001 produces a verifiable certification; SOC 2 produces a vendor-controlled attestation report. For a Swiss bank's regulator-facing file, the certificate is the cleaner artefact. Source code escrow is theatre for SaaS (no realistic path to run a tarball) and meaningful for on-prem (the bank already operates the software). The full procurement checklist is in our post on vendor due diligence: what a Swiss bank's procurement team should be asking.

SaaS vs on-premise deployment

Many Swiss banks operate segregated network segments where outbound internet egress is blocked at the perimeter. What is usually called "air-gap" is in practice a no-egress segment: working DNS, an internal CA, and possibly a tightly controlled outbound proxy for explicitly-listed destinations, but no general internet route. The NIST glossary keeps the strict definition; NIST SP 800-82 guidance for industrial control systems and SP 800-53 PE-family controls describe the realistic version most enterprises operate.

The hardest leaks in an on-prem deployment are browser-side: web fonts pulled from CDNs, map tiles, telemetry SDKs, and OCSP revocation checks that can hang TLS for up to 15 seconds. Container images that fetch at runtime (Liquibase JDBC drivers, Elastic plugins) are the second category. Mirroring images is not enough; the test is whether the system makes any first-run network calls after install. The full pre-release audit checklist (browser-side leaks, container runtime fetches, OCSP, telemetry, time synchronisation) is in our post on air-gapped deployment: what actually breaks. NNSFlow ships in both SaaS and on-prem deployment shapes; the on-prem release is the one we test with the network unplugged.

Audience-specific notes

Most of the pillar above is written from the perspective of a mid-sized Swiss private bank, which is the modal NNSFlow customer. Two adjacent audiences deserve their own framing.

Asset managers under FinIA

The Financial Institutions Act (FinIA / FINIG, SR 954.1), in force since 1 January 2020, brought portfolio managers and trustees under direct FINMA licensing, with ongoing supervision delegated to FINMA-recognised supervisory organisations (SOs). The AML obligations themselves did not move. Portfolio managers, trustees, fund management companies, and managers of collective assets remain financial intermediaries under AMLA and AMLO-FINMA. What changed is the audit bar.

FINMA-mandated audits look for the same evidence properties at an asset manager that they look for at a bank: identification records, beneficial-owner records, risk classification rationale, monitoring outputs, and SARs filed with MROS, all reconstructable to a knowledgeable third party. The most common operational gap at smaller asset managers is the screening step: consumer-grade or general-purpose tools that produce results but no defensible evidence of what was checked, when, against which list, and with what reasoning. The full mapping of FinIA obligations to the AML stack is in our post on FinIA expectations for Swiss asset managers: AML obligations under FINMA supervision.

Casinos under AMLA and the Money Gaming Act

Swiss casinos operate under two laws and a different supervisor than banks. AMLA applies as the general AML statute. The Money Gaming Act (BGS / LJAr / LGD, SR 935.51), in force since 1 January 2019, applies on top with casino-specific identification thresholds, social-protection duties, and integrity requirements. The supervisor is not FINMA. It is the Federal Gaming Board (ESBK in German, CFMJ in French, CFCG in Italian), which is the AML supervisor for licensed casinos under AMLA Art. 12.

Online and land-based concessions trigger different KYC moments (account opening for online play, in-house identification at thresholds for land-based) but the documentation and reconstruction obligations apply to both. Gaming-board audits look for the same evidence properties as FINMA audits. The framework, the supervisor contact, and the casino-specific edges (junket operations, VIP host arrangements, multi-jurisdictional online concessions) are in our post on negative news screening for Swiss casinos: navigating AMLA and the Money Gaming Act.

The audit-readiness checklist

A copy-and-paste version for procurement docs and internal audit work programmes. Each line corresponds to an obligation or design property discussed above.

• Risk classification. Every relationship has a classification with the values that drove it captured in structured form, the methodology version recorded, and the result reproducible from inputs.
• Cadence per band. A documented periodic-review cadence per risk band (low / medium / high / PEP), declared in the institution's policy under AMLA Art. 7 para. 1bis.
• Trigger taxonomy. Defined trigger events (sanctions designation, PEP status change, adverse media hit, beneficial owner change, atypical transaction, country-risk change, internal-source trigger) with documented ingestion paths and required actions per type.
• LoD assignment. Reviewer authority mapped to case depth (LoD1 front office, LoD2 compliance, LoD3 audit), with the minimum LoD for four-eyes approval declared.
• Source coverage. Sanctions list inventory (SECO, EU FSF, OFAC SDN, UN, country-specific where exposure exists), PEP source, adverse media source, public registries by jurisdiction.
• Snapshots not links. Every captured artefact stored as the bytes the analyst saw, not a URL that resolves to today's content.
• Structured disposition vocabulary. Five-code vocabulary (closed-no-match, closed-false-match, closed-true-match, escalated, pending), with named disambiguators on false matches.
• Reviewer identity at write-time. Reviewer name, role, employee ID, delegated authority, and supervisor frozen at the moment of the decision, not resolved against the current directory.
• Four-eyes integrity. Server-side eligibility predicates enforcing different employee IDs, separation rules, and reporting relationships; approval of a frozen snapshot, not a live investigation.
• Tamper-evidence. SHA-256 hash chain over the evidence set, with the chain head periodically anchored outside the institution's sole control (HSM signing, separate-team append-only log, notary publication, regulatory inbox).
• Schema preservation. Investigations from year X readable in their year-X schema, or backfilled explicitly with documented mappings.
• Audit log of state transitions. Every state transition captured as a row with timestamp, actor, reason, and snapshot hash.
• Retention. Ten-year minimum from termination of the relationship or completion of the transaction (AMLA Art. 7 para. 3), in usable form.
• Periodic review evidence. Records that the periodic review ran on the cadence the policy declared, with deviations individually justified and the justification preserved.
• DPIA on file. Written data protection impact assessment under Art. 22 nFADP for sanctions and PEP screening, with cross-border transfer mechanism documented per Arts. 16 and 17 nFADP for any data leaving Switzerland.
• Vendor file. ISO 27001 certificate (preferred) or SOC 2 Type II report; FINMA 2018/3 audit-rights clause; FINMA 2023/1 resilience attestation; signed sub-processor list with locations; exit and continuity plan.
• Air-gap or no-egress test. For on-prem deployments, evidence that no first-run network calls occur after install, including from the browser side; OCSP and time-synchronisation paths documented.
• Reconstruction drill. A documented five-year reconstruction drill in the last 12 months, with selector discipline, the reconstructor not on the case team, a 30-minute time box, and the written output retained.

If the institution can defend each of those lines with a captured artefact rather than an interview, the AMLO-FINMA Art. 22 obligation is being met. If any line collapses to "we have a process for that but no evidence", the obligation is not being met regardless of how much storage you have.

FAQ

The questions practitioners actually ask, answered without the caveats that hide the answers.

Does Swiss law require negative news screening explicitly? No Swiss statute or circular is titled "Negative News Screening". The obligation is implicit in AMLA Art. 6 (clarification duty) and operationalised through AMLA Art. 7, AMLO-FINMA Art. 22, and FINMA Circular 2023/1 Ch. IV.D. The clarification duty under Art. 6 is substantively impossible to discharge without a structured public information search.

How long must NNS evidence be retained? Ten years from termination of the business relationship or completion of the transaction (AMLA Art. 7 para. 3). The 2023 revision added Art. 7 para. 1bis, which requires periodic review and update of the records on a risk basis.

How often does AMLA require periodic re-screening? AMLA Art. 7 para. 1bis (in force from 1 January 2023) makes periodic review explicit but does not set a fixed cadence. Market consensus is roughly every 24 to 36 months for low-risk relationships, every 12 months for medium-risk, every 6 to 12 months for high-risk, every 6 months or less for foreign PEP relationships. The numbers are an institution-level decision; documenting them and following them is not optional.

Can a transaction monitoring system replace NNS? No. Transaction monitoring detects anomalous payment flows. NNS clarifies what the open record says about a specific entity. They share a workflow handoff but have different data sources, cadences, outputs, and vendor categories.

What does FINMA actually look at in an examination? Not whether the records exist (they usually do) but whether, when produced, they defensibly support the institution's earlier decisions. Recent enforcement actions (Credit Suisse / FIFA / Petrobras / PDVSA in 2018, Credit Suisse / Mozambique in 2021, the Julius Baer Latin America matter in 2020) turned on records that did not, in retrospect, defend the original decisions.

What changed in the 2023 AMLA revision? Art. 7 para. 1bis was added, requiring records to be periodically reviewed and updated on a risk basis. That made periodic re-screening of the existing book an explicit statutory obligation rather than an industry norm.

How does ISO 27001 status interact with on-prem deployments? ISO 27001 is a verifiable third-party certification and is the cleaner artefact for a Swiss bank's regulator-facing file than a SOC 2 report alone. For on-prem deployment specifically, the certification covers the vendor's information security management system; the deployed instance is operated by the bank, so the bank's own ISO 27001 or equivalent applies to the running environment. Both apply; they do not substitute for each other.

How does nFADP interact with AMLA retention? Art. 31 nFADP treats legislation as a justification ground for processing, so the ten-year AMLA retention floor takes precedence over the data-lifecycle obligation in Art. 6 para. 4 nFADP for AMLA-required records. Outside that scope (analyst notes that did not become evidence, abandoned drafts) the nFADP destruction obligation applies in full.

Does the same evidence bar apply to asset managers and casinos? Yes. FinIA-licensed portfolio managers and trustees are financial intermediaries under AMLA and AMLO-FINMA, supervised by FINMA- recognised supervisory organisations. Licensed casinos are financial intermediaries under AMLA Art. 2 para. 2, additionally regulated by the Money Gaming Act, supervised by the Federal Gaming Board. The supervisor differs; the AMLA Art. 22 reconstruction bar does not.

What is the cheapest way to test whether our screening evidence holds up? Run a five-year reconstruction drill. The selector should not be on the team being tested. The reconstructor should not have worked the case. The time box is 30 minutes. The output is a written timeline an external auditor could follow without explanation. The drill costs an afternoon and surfaces the gaps an examination would surface a year later, with the difference that you have time to fix them.

Bottom line

Negative news screening is a structured public-information search done at onboarding, periodically, and on events; it informs the clarification duty under AMLA Art. 6; it has to be retained for ten years under AMLA Art. 7; the documentation has to clear the reconstruction bar in AMLO-FINMA Art. 22; the underlying evidence has to clear the integrity expectations of FINMA Circular 2023/1 Ch. IV.D; and the data-protection perimeter is set by the nFADP. None of those texts uses the words "negative news screening" and none of them stands alone. Read together they define the obligation operationally.

The combination that holds up in audit is straightforward to state and harder to operate: classified relationships, documented cadence, trigger taxonomy, LoD assignment, captured snapshots, structured reasoning, frozen reviewer identity, tamper-evident evidence, schema preservation, audit-logged state transitions, ten-year retention, written DPIA, FINMA 2018/3-compliant vendor file, no-egress-tested deployment, and a reconstruction drill that ran in the last twelve months. If your institution can defend each of those lines with a captured artefact, the obligation is being met. If the answer to any line is "process, but no evidence", the obligation is not.

If your team is mid-procurement, mid-audit, or mid-redesign on any of this and wants to compare notes, we are easy to reach. The frame we work from is that AMLA, AMLO-FINMA, FINMA Circular 2023/1, FinIA, the Money Gaming Act, and the nFADP are not separate compliance projects. They are different angles on the same operational property: evidence that can be defended on demand, by a person who was not in the room.