SRO Membership Switzerland: Requirements & Costs

Every financial intermediary operating in Switzerland must be supervised. If your business handles third-party funds, exchanges currencies, provides payment services, deals in crypto assets, or carries out any of a broad range of para-banking activities, Swiss law requires you to affiliate with a FINMA-recognised Self-Regulatory Organisation (SRO) before commencing operations — or face criminal liability.

This guide covers the legal basis, who must join, how to choose the right SRO, what the application involves, what it costs, and what your ongoing obligations look like once you are a member.

The Legal Basis: AMLA and the SRO System

The obligation to join an SRO flows directly from the Anti-Money Laundering Act (AMLA / Geldwaeschereigesetz, GwG). Under AMLA Article 2, financial intermediaries are subject to the full scope of Swiss AML obligations. Under AMLA Article 14, every financial intermediary must either:

• be directly supervised by FINMA as a directly supervised financial intermediary (DUFI) — this covers banks, insurance companies, and securities firms — or
• affiliate with a FINMA-recognised Self-Regulatory Organisation and remain subject to its supervision

There is no third option. Operating as a financial intermediary in Switzerland without one of these two supervisory relationships is a criminal offence under AMLA Article 44, punishable by a fine of up to CHF 500’000 for the responsible individuals, and FINMA can order immediate cessation of the business.

The SRO system is not a light-touch compliance formality. FINMA sets the overarching AML standards; each SRO translates those standards into binding member regulations and supervises compliance through ongoing reporting requirements, periodic audits, and the power to expel non-compliant members.

Who Must Join an SRO?

The category of persons required to join an SRO under AMLA is broader than most founders expect. The statutory definition of “financial intermediary” in AMLA Article 2(3) covers any person who, on a professional basis, accepts or holds third-party assets or assists in transferring or investing them.

FINMA’s interpretive guidance (GwV-FINMA) clarifies that the following activities typically constitute financial intermediation:

• Currency exchange and foreign exchange dealing (forex dealers, currency exchange offices)
• Payment services — processing third-party payments, operating payment infrastructure
• Crypto and virtual asset services — exchanges, brokers, custodians, payment processors dealing in digital assets
• Independent asset management of third-party portfolios (below the FinIA licensing threshold or for intermediaries that are not FinIA-licensed)
• Fund distribution — distributing collective investment schemes without a CISA licence
• Leasing companies — commercial leasing where the intermediary holds and manages financing flows
• Factoring companies — purchasing receivables from third parties as a business activity
• Trust and fiduciary services — managing assets or structuring transactions on behalf of clients
• Consumer credit and mortgage intermediation — where the intermediary handles client funds

The “professional basis” threshold is met when financial intermediation generates revenue and is conducted with the intent of generating profit on a recurring basis. Occasional or one-off activities may fall below the threshold, but any business whose core revenue model involves the activities listed above is professional.

Who Does NOT Need an SRO

FINMA-licensed entities are already directly supervised and do not require SRO membership:

• Banks licensed under the Banking Act (BankG)
• Insurance companies licensed under the Insurance Supervision Act (ISA)
• Securities firms and licensed asset managers authorised under the Financial Institutions Act (FinIA)
• Fund management companies licensed under CISA

The critical distinction introduced by the FinSA/FinIA reforms (effective 1 January 2020) is that independent asset managers managing third-party assets must now obtain a FINMA licence under FinIA rather than relying on SRO membership alone. SRO membership was the prior standard for independent asset managers; since 2020 it is no longer sufficient. Asset managers with existing SRO membership had until 31 December 2022 to obtain FinIA authorisation. An asset manager operating in Switzerland with only SRO membership and no FinIA licence is non-compliant. The upcoming AMLA revision 2026 is expected to further tighten obligations for financial intermediaries, including expanded due diligence requirements and enhanced transparency rules, making early compliance preparation even more critical.

This means: para-banking financial intermediaries (forex dealers, payment processors, crypto businesses, leasing companies, distributors, factoring) require SRO membership. Independent asset managers managing third-party portfolios require a FinIA licence from a FINMA-recognised supervisory organisation. See our guide on asset management licensing in Switzerland for the FinIA pathway.

FINMA-Recognised SROs: Which One Is Right for You?

FINMA currently recognises twelve SROs. Most financial intermediaries in practice work with one of five:

For businesses based in Zug or German-speaking Switzerland conducting fintech, crypto, payment, or forex activity, VQF is the standard first choice. Its published compliance standards are detailed, its AML review committee is experienced with complex digital-asset business models, and its size means FINMA and Swiss banks treat VQF membership as a well-understood credential.

PolyReg is the preferred alternative for pure crypto businesses, particularly those with novel token structures or DeFi-adjacent models, where PolyReg’s committee has developed specific interpretive practice.

For companies uncertain which SRO is appropriate, a pre-application business model assessment is the correct starting point — the choice of SRO has downstream consequences for the scope of AML obligations and the audit methodology applied.

Application Requirements

The application process is substantive. Both VQF and PolyReg require a complete dossier before the compliance committee will begin its review. Submitting an incomplete application does not start the clock — it generates a request for further documents and delays the timeline.

A compliant application dossier includes:

Corporate documentation

• Certificate of incorporation and commercial register extract
• Articles of association (current version)
• Organisational chart showing the full group structure, including parent entities and affiliates
• List of directors, senior managers, and ultimate beneficial owners (UBOs) with percentage ownership

Fit-and-proper documentation for all directors and UBOs

• Curriculum vitae (professional history, qualifications, relevant experience)
• Copy of valid identity document
• Police clearance certificate or equivalent declaration of no criminal conviction
• Signed declaration of no pending proceedings before financial regulators

Business model description

• Detailed description of the services offered, client types, geographies served, and revenue model
• Overview of the IT systems and platforms used in service delivery
• Description of the client onboarding process

AML compliance programme (the core document — see below)

Financial documentation

• Most recent audited financial statements (for established businesses)
• For start-ups: a detailed business plan with 12-24 month financial projections and evidence of initial capitalisation

Appointment of an AML officer (Geldwaeschereibeauftragter)

• Written appointment of a named individual as the AML compliance officer
• CV of the AML officer demonstrating relevant qualifications and experience

The AML Compliance Programme

The AML compliance programme is the document on which most applications succeed or fail. It must be specific to the business model — a generic template will be identified immediately and will result in rejection or a request for substantial revision.

A compliant programme addresses:

• Written AML policy and risk appetite statement
• Client risk classification framework (low / medium / high / PEP / sanctioned)
• KYC and CDD procedures: identification thresholds, identity verification methods, source of funds requirements for higher-risk clients
• Enhanced due diligence procedures for politically exposed persons (PEPs), high-risk jurisdictions, and complex ownership structures
• Transaction monitoring methodology: rules, thresholds, automated vs. manual review
• MROS reporting procedures: internal escalation workflow for suspicious activity reports
• Record-keeping procedures: what is retained, for how long (minimum 10 years under AMLA)
• Staff AML training programme: content, frequency, and documentation

For crypto businesses, the programme must additionally address blockchain analytics, wallet screening, travel rule compliance (FATF Recommendation 16), and the handling of unhosted wallets. For details on the broader crypto licensing requirements, see our dedicated page.

Costs: What to Budget

SRO membership involves two categories of cost: the SRO’s own fees, and the professional cost of preparing the application. The numbers below are drawn from actual client engagements, not estimates.

SRO fees — VQF

• One-time admission fee: CHF 500-1’500 (depending on the category of membership applied for)
• Annual membership fee: CHF 1’000-8’000, scaled by the member’s annual revenue and size
• Smaller intermediaries with revenues below CHF 1 million typically pay CHF 1’000-2’500 annually; mid-sized businesses CHF 3’000-5’000; larger intermediaries approach the upper end

SRO fees — PolyReg

• Broadly similar to VQF; admission and annual fees in the same range, scaled by business size and activity category. One practical difference: PolyReg requires a bilaterally signed contract with counterparties for certain business models (e.g. payment processors working with exchanges), whereas VQF may accept standard terms/AGB as a functional equivalent. This distinction has caused delays in real cases.

AML compliance programme and application preparation

• Initial retainer for application assistance: CHF 10’000 (fixed)
• Additional regulatory work (programme design, committee responses, revisions): CHF 25’000+
• Total professional costs for a crypto or complex fintech business: routinely CHF 25’000-40’000

These are not theoretical ranges. In a recent engagement for a crypto payment company, total professional fees reached CHF 38’000 (including VAT) over 36+ hours of work — and the client ultimately abandoned the process after changing their business model mid-application. The initial CHF 10’000 retainer proved insufficient within the first month. This is a representative experience, not an outlier.

The lesson: budget for the full CHF 25’000+ from the outset. Clients who budget only the initial retainer and expect the process to complete within that amount are setting themselves up for a difficult conversation partway through.

AML officer — the hidden bottleneck

• If an internal person is appointed, there is no incremental external cost, though training and qualification costs apply
• Finding a qualified AML officer is genuinely difficult. The person must have demonstrable AML/CFT experience, understand the specific business model, and be prepared to bear personal regulatory responsibility. For crypto businesses in particular, the pool of qualified candidates willing to take on this role is small.
• An external AML officer — including Lawsupport’s external AML officer service — is a recognised and accepted structure for early-stage or smaller intermediaries. External AML officer engagement typically costs CHF 3’000-8’000 annually depending on the scope of ongoing responsibilities

Total first-year budget estimate

• Simple business model, internal AML officer: CHF 15’000-25’000 (professional fees + SRO admission and first-year fee)
• Crypto or multi-activity business, external AML officer: CHF 35’000-55’000 in year one, with ongoing annual costs of CHF 8’000-18’000

The Three-Month Audit Trap

One cost that founders consistently fail to budget for: the mandatory SRO audit that occurs approximately three months after licence grant. If the director or AML officer cannot demonstrate competence during this audit — cannot explain the AML programme, cannot walk through the KYC procedures, cannot describe the transaction monitoring methodology — the licence is revoked. Not suspended. Revoked.

This means the company must be operationally ready from day one of membership, with trained personnel, functioning systems, and documented procedures. Companies that treat SRO membership as a box to tick and plan to “sort out compliance later” lose their membership within the first quarter.

A Case That Worked: Coinbridge AG

For comparison, a crypto company (Coinbridge AG) obtained VQF membership through our firm, built a compliant AML/CFT framework, and went on to establish a strategic partnership with Binance Pay. The company later put itself up for sale as a going concern — with the VQF membership and compliance infrastructure as a core part of the sale value. The difference between success and the earlier failure case was not budget but preparation: Coinbridge had a stable business model from the start and did not alter it during the application process.

Timeline: How Long Does SRO Membership Take?

For a well-prepared application with a complete dossier submitted on day one, the standard timeline is 4-12 weeks from submission to formal acceptance.

The variance is driven by:

• Complexity of the business model: novel or multi-layered models take longer for the compliance committee to review
• Completeness of the application: missing documents or insufficient AML programme detail generate requests for supplemental information, each of which adds 2-4 weeks
• Fit-and-proper assessment: background checks on directors and UBOs with international profiles or complex ownership structures take longer
• SRO workload: VQF in particular has periods of high application volume; allow for queue time

A realistic planning assumption for a crypto or fintech business preparing its application from scratch: 6-10 weeks from engagement of legal counsel to submission, plus 4-8 weeks for SRO review, giving a total of 10-18 weeks from the start of preparation to membership. Businesses should not commence regulated activities — including onboarding clients, processing transactions, or holding client assets — until membership is confirmed.

Annual Obligations After Membership

SRO membership is not a one-time event. Members have recurring obligations that must be built into operational and compliance processes:

Annual compliance reporting Members submit an annual self-assessment to the SRO covering the volume of business, client base, material AML events, and any changes to the AML programme. This is a substantive document, not a checkbox form. Members handling financial transactions must also ensure compliance with Verrechnungssteuer (withholding tax) obligations where applicable — particularly when distributing dividends or interest from Swiss sources, as the 35% federal withholding tax applies and must be correctly accounted for in the compliance reporting.

Periodic on-site audits SROs conduct periodic compliance audits of members, either on-site or document-based. VQF typically audits members every 2-4 years, with the frequency calibrated to the member’s risk profile. Crypto businesses and higher-risk intermediaries are audited more frequently.

Annual fee payment Fees are invoiced annually and must be paid to maintain active membership status.

Notification of material changes Members must notify the SRO promptly of any material change, including:

• New directors or UBOs, or changes in ownership structure
• New product lines or services that alter the business model
• Entry into new markets or geographies
• Significant incidents (data breach, suspicious transaction, regulatory inquiry)
• Change of AML officer

Failure to notify is among the most common compliance findings in SRO audits, and repeated failures can result in expulsion.

Ongoing staff training The AML training programme must be delivered to relevant staff at least annually, with attendance records maintained.

Consequences of Operating Without SRO Membership

The consequences are not theoretical. Operating as an unregistered financial intermediary under AMLA:

• Is a criminal offence under AMLA Article 44, with fines of up to CHF 500’000 applicable to the responsible individuals
• Exposes the company to a FINMA order to cease operations — FINMA has the power to order immediate closure and wind-down of unlicensed financial intermediary activities
• Makes it effectively impossible to obtain or maintain a Swiss bank account — Swiss banks conduct AMLA due diligence on their own clients and will not service unregistered financial intermediaries
• Disqualifies the business from exchange listings, institutional partnerships, and regulatory equivalence assessments in other jurisdictions

FINMA actively monitors for unlicensed activity, including through referrals from Swiss banks and whistleblower reports. The enforcement risk is real and increasing.

Do You Need SRO Membership, a FINMA Licence, or Both?

Step 1: Are you a financial intermediary under AMLA?

• No: No SRO membership required.
• Yes: Continue to Step 2.

Step 2: Are you already directly supervised by FINMA (as a bank, insurer, or securities firm)?

• Yes: You do not need SRO membership. FINMA supervision covers your AML obligations.
• No: SRO membership is mandatory. Continue to Step 3.

Step 3: Do your activities also trigger a separate FINMA licensing requirement?

• You accept deposits above CHF 100M or lend: Banking licence required alongside SRO membership.
• You accept deposits up to CHF 100M without investing them: FinTech licence required alongside SRO membership.
• You manage third-party assets on a discretionary basis: FinIA licence required. Your AO may also cover AML supervision, but verify this.
• None of the above: SRO membership alone is sufficient.

Step 4: Which SRO should you join?

• Crypto exchange, custody, payment processing: VQF (largest, crypto-experienced) or PolyReg (smaller, blockchain-native).
• Fiduciary, trust, wealth structuring (Romandy): OAD FCT or ARIF.
• Insurance intermediary: SRO-SVV.
• Gold/precious metals dealer: VQF or OAR-G.

The Real Cost Ladder: SRO to Banking

How Lawsupport Supports Your SRO Application

Lawsupport (Morgan Hartley Consulting) manages the full SRO membership process for financial intermediaries across the spectrum — from forex dealers and payment processors to crypto exchanges, fund distributors, and fiduciary businesses.

Our service covers:

• Business model analysis to determine whether SRO membership or a FINMA licence (or both) is required, and which SRO is the right fit
• AML compliance programme design: drafting a bespoke, SRO-ready policy, KYC procedures, transaction monitoring framework, and MROS reporting workflow
• Dossier preparation and submission: compiling and submitting the complete application, managing the SRO committee correspondence, and responding to follow-up questions
• AML officer services: Lawsupport provides external AML officer services for intermediaries that do not have a qualified in-house candidate — a formally accepted structure under AMLA
• Ongoing annual reporting: preparing the annual SRO compliance report and maintaining the AML programme as the business evolves

For businesses that also need to form a Swiss company before applying, or that require a corporate bank account alongside SRO membership, we handle the full sequence.

Frequently Asked Questions

Do I need SRO membership if my company is incorporated abroad but serves Swiss clients?

If your company is incorporated outside Switzerland but conducts financial intermediary activities from within Switzerland — through staff, infrastructure, or a branch — the AMLA obligation applies. Foreign companies providing services entirely from abroad to Swiss clients may fall outside the scope in certain cases, but the analysis turns on where the activity is carried out, not where the legal entity is registered. A Swiss subsidiary with SRO membership is the standard structure for foreign groups seeking compliant access to Swiss clients.

Can the AML officer be an external person or does it have to be an employee?

AMLA and the SRO regulations permit the appointment of an external AML officer. This is a formally recognised and widely used arrangement, particularly for smaller intermediaries and start-ups where a full-time internal compliance hire is not commercially viable. The external AML officer must meet the same qualification and experience requirements as an internal appointee, and the appointment must be documented in writing. Lawsupport provides external AML officer services to SRO members.

Is SRO membership sufficient for a crypto business, or do I also need a FINMA licence?

For most crypto businesses — exchanges, brokers, custodians, payment processors — SRO membership satisfies the AMLA financial intermediary obligation and is sufficient to operate lawfully. A FINMA licence is additionally required if your activities trigger a separate licensing threshold: for example, if you accept public deposits above the Art. 1b BankG threshold (CHF 100 million), trade securities on a proprietary basis at scale, or manage collective assets. Many crypto businesses hold SRO membership only.

What happens if the SRO rejects our application?

A rejection does not preclude reapplication, but the applicant must address the grounds for rejection — typically a deficient AML compliance programme, an unsatisfactory fit-and-proper outcome for a director or UBO, or an insufficiently documented business model — before resubmitting. In serious cases involving criminal history or regulatory sanctions, rejection may be final. The most effective way to avoid rejection is a thorough pre-application assessment and the submission of a complete, business-specific dossier from the outset.

How long must AML records be retained?

Under AMLA, all documents relating to financial intermediary activities — KYC files, transaction records, internal reports, correspondence with MROS — must be retained for a minimum of 10 years from the date the business relationship ends or the transaction is completed. SROs may impose longer retention periods in specific cases.

Can I operate while the SRO application is pending?

No. The AMLA obligation applies before commencing financial intermediary activities. A pending application does not constitute membership, and operating before formal acceptance exposes the business to the same criminal and regulatory consequences as operating without any SRO affiliation at all. Plan your timeline accordingly.

What is the difference between SRO membership and a FINMA licence?

SRO membership covers para-banking financial intermediaries under AMLA — the SRO supervises compliance with AML obligations. A FINMA licence is a direct authorisation from the Swiss financial regulator for activities that fall under specific financial market laws (Banking Act, FinIA, CISA, Insurance Supervision Act). Some businesses need both: SRO membership for AML compliance and a FINMA licence for their specific regulated activity.

Do trustees and fiduciaries need SRO membership?

Yes. Trust companies and fiduciaries that manage assets, structure transactions, or hold funds on behalf of clients are financial intermediaries under AMLA. They must affiliate with an SRO. The OAD FCT and ARIF are the SROs most commonly chosen by fiduciaries, particularly those based in Romandy.

Is SRO membership transferable if the company is sold?

SRO membership is not automatically transferred in a share sale. The SRO must be notified of any change of ownership, and the new owners and directors must satisfy the fit-and-proper requirements. In practice, a change of control often triggers a re-assessment by the SRO. The membership itself continues, but approval of the new beneficial owners is required.

What are the most common reasons for SRO application delays?

The three most frequent causes of delay are: (1) an incomplete AML compliance programme that does not address the specific business model, (2) missing or inadequate fit-and-proper documentation for directors or UBOs with complex international backgrounds, and (3) an unclear business model description that leaves the SRO committee unable to assess the risk profile. A well-prepared dossier addresses all three from the outset.