Switzerland's FINMA Issues Fresh Crypto Custody Framework: What Banks and Asset Managers Must Know

On January 12, 2026, Switzerland’s financial watchdog released comprehensive guidance addressing how institutions should handle the safekeeping of digital holdings. The new framework—Guidance 2026/1—tackles the operational and legal complexities that arise when managing crypto assets, setting clear expectations for banks, asset managers, and product distributors. The core message: treating digital asset custody with the same professional standards as traditional investments is no longer optional but mandatory.

FINMA emphasized that crypto remains inherently speculative. Even when proper custody safeguards are in place, the underlying assets carry substantial volatility and loss potential. This reality means institutions cannot simply apply outdated practices to crypto management. They must implement governance structures specifically designed to address digital-native risks.

Understanding the Risks Behind Crypto Safekeeping

The guidance identifies three primary threat categories to crypto asset security. First, operational risks include cyber-attacks, loss of private keys, and technical failures—dangers unique to blockchain-based holdings where secure key management directly determines asset accessibility. Second, counterparty risk emerges when institutions delegate custody to third parties. If a custodian fails financially, segregated protection may prove inadequate, especially when that custodian operates overseas or lacks prudential oversight.

Third, volatility risk reflects crypto’s price sensitivity. While stablecoins theoretically mitigate this concern, they provide genuine protection only when backed by physical assets held in reserve.

FINMA stressed that institutions cannot downplay these interconnected risks. The speculative nature of crypto compounds every safekeeping challenge. Institutions bear responsibility for acknowledging this reality in their internal risk frameworks.

Mandatory Segregated Holdings and Custodian Requirements

For portfolio management activities, FINMA mandates that crypto holdings be placed in segregated custody arrangements. Acceptable custodians include banks, securities firms, or entities operating under equivalent regulatory oversight—even foreign custodians qualify if supervision standards align with Swiss requirements.

Portfolio managers face concrete obligations. They must conduct thorough due diligence before onboarding any custodian, then maintain ongoing monitoring of custody arrangements. Internal policies must document these procedures comprehensively.

Limited exceptions exist. Managers may engage custodians lacking full regulatory equivalence provided clients receive complete transparency and grant written consent. However, FINMA made clear that regulatory requirements cannot be circumvented through offshore structures or technical workarounds.

For collective investment schemes, crypto assets must be held by a Swiss depositary bank. Third-party delegation remains permissible if the delegated entity maintains equivalent supervision and bankruptcy protections. Notably, FINMA confirmed that existing rules under Switzerland’s Collective Investment Schemes Act apply equally to crypto holdings—no separate regime exists.

Structured crypto products and exchange-traded products fall under the Financial Services Act. Market operators like SIX Swiss Exchange and BX Swiss already enforce specific collateral frameworks for crypto ETPs. The new guidance leaves these frameworks unchanged but reinforces their importance.

Transparency Obligations: How Institutions Must Protect Investors

FINMA’s most emphatic directive concerns investor communication. Institutions must explicitly inform investors that crypto assets are not considered safe or conservative investments. Even when custody rules are meticulously followed, the underlying assets remain volatile and speculative.

Financial institutions—whether providing banking services, portfolio management, or product distribution—must issue clear risk notices. These disclosures must articulate the potential for substantial or total losses. The requirement applies uniformly across all service channels and customer types.

FINMA positioned transparency as essential infrastructure for market integrity. When investors understand custody arrangements, volatility exposure, and insolvency risks before committing capital, they make better-informed decisions. This protection mechanism benefits both individual investors and systemic stability.

The regulator expects institutions to move beyond boilerplate disclaimers. Meaningful communication must help investors grasp why crypto custody differs from traditional safekeeping, why volatility presents unique risks, and what happens if institutions fail. Only through this transparency can the crypto market develop the institutional credibility it currently lacks.