Switzerland — nFADP Art. 31 · FINMASA Art. 3 · FINMA Circ. 2017/1
Your staff’s fit-and-proper status, verified every year.
For Swiss IAMs, family offices and private banks. Each cycle surfaces only what has changed since the last one — press, sanctions, PEP databases — and delivers an attestation binder ready for FINMA examination. Everything stays in Switzerland, end to end.
CHF 10k
Annual programme floor
Delta
Only what has changed
Ledger
Auditable consent records
100%
Swiss-hosted
How a verification cycle runs
A structured programme, not a one-off check. Every cycle is documented, auditable and yields a binder your Compliance Officer can sign off.
01
Define the covered population
You share the list of client-facing staff, key-function holders and board members. Premtrace maintains a versioned register with role and effective-date history, aligned with the scope of your FINMA licence.
02
Notice and consent
Before any verification, every person in the programme receives the notice required by nFADP Art. 19. The proof of consent is recorded in the ledger, timestamped and exportable at any time for examination.
03
Scheduled verification cycle
At each cycle, Premtrace reviews LinkedIn and public accounts on major platforms, Swiss and international press (200+ languages), and queries SECO, OFAC SDN and EU sanctions lists directly alongside the OpenSanctions PEP dataset (~700k records).
04
Delta analysis — only the new
Results are compared against the prior cycle. The Compliance Officer receives only what is genuinely new: a sanctions-list addition, an undeclared directorship, an article or a post that post-dates the previous run. No noise.
05
Attestation binder ready for examination
Each cycle produces a structured PDF: consent ledger, methodology, per-person findings with sources, and a sign-off page for the Compliance Officer. Ready to present at a FINMA examination.
The obligation few firms know how to document
FINMASA Art. 3 and FINMA Circular 2017/1 require supervised institutions to ensure, on an ongoing basis, that persons holding key functions continue to offer a guarantee of irreproachable business conduct. A one-off check at the time of hire does not satisfy the obligation. The regulator expects documented, periodic verification at a cadence proportionate to each role and risk profile.
The legal basis for periodic verification of existing staff is nFADP Art. 31 (overriding interest), provided the institution has first informed the person — purpose, data categories, retention period. Premtrace integrates that notice and the collection of consent directly into the programme workflow.
In practice, most IAMs, family offices and small-to-mid institutions run this exercise manually: spreadsheets, ad-hoc Google searches, an annual attestation that would not hold up at a thorough examination. Premtrace replaces that with a structured, auditable programme at a price point accessible to organisations of 30–150 FTE.
The outcome: a binder your Compliance Officer can sign off and your auditor can examine — not a screenshot and a note in the file.
FINMASA Art. 3
Guarantee of irreproachable conduct — permanent obligation for key-function holders
nFADP Art. 31
Overriding interest — periodic verification with prior notice to the person
FINMA Circ. 2017/1
Corporate governance — ongoing prudential expectations
Built for the Compliance Officer at a Swiss regulated institution
Designed for the person running the compliance or risk function, who owns the fit-and-proper programme and has to evidence it to the regulator.
Independent asset managers
LEFin-licensed IAMs face the same ongoing fit-and-proper obligations as large institutions with a fraction of the compliance resource. Premtrace delivers a documented verification programme, sized and priced for 30–150 FTE organisations.
Family offices and private banks
Client-facing staff in private wealth carry elevated reputational and regulatory exposure. A periodic verification programme and a signed attestation binder demonstrate supervisory diligence to your clients, your auditor and the regulator.
Commodity traders
FINMA-supervised commodity traders need documented verification programmes for their Compliance Officer and key staff. Swiss data residency is non-negotiable where client confidentiality is central to the business.
Annual programme
One annual subscription covers the full programme: consent ledger, verification cycles, delta analysis and attestation binders. Swiss VAT applicable.
Annual floor
Minimum annual commitment, regardless of headcount.
Per covered employee
Tiered rate based on headcount and cycle frequency.
Included in every programme
Indicative pricing. Final quote reflects covered-population size and cycle frequency.
Legal framework
Swiss law, Swiss servers, bought by a Swiss Compliance Officer. Built to withstand a FINMA examination from the first cycle.
nFADP Art. 31
Overriding interest — periodic verification
Periodic verification of existing staff is lawful under nFADP Art. 31 (overriding interest), provided the person has been informed in advance. Premtrace’s consent ledger satisfies that requirement and provides the documentary evidence requested at audit.
FINMASA Art. 3
Guarantee of irreproachable conduct
FINMA-supervised institutions must ensure, on an ongoing basis, that key-function holders continue to offer a guarantee of irreproachable business conduct. Premtrace produces the structured attestation documentation that evidences the obligation at examination.
Swiss-hosted
No US data transfers
All processing and storage take place on Swiss or EU infrastructure. No data is transferred to the United States or to any country lacking adequate protection. Compliant with Chapter 5 of the nFADP. A signed DPA ships with every programme.
Public sources only
Legally defensible methodology
Premtrace accesses only information the person has themselves made public. No password-protected content, no private accounts. Processing is limited to the strict minimum needed to assess fit-and-proper status — aligned with the nFADP Art. 6 minimisation principle.
Frequently asked questions
How is this different from a pre-hire background check?
A pre-hire background check is a one-off assessment at recruitment. Premtrace runs periodic cycles on staff already in post, surfacing only what has changed since the prior cycle. The legal basis, the workflow and the deliverable are different: this is an ongoing compliance programme, not a recruitment tool.
What is delta analysis?
At every new cycle, Premtrace compares the current results with those of the previous cycle for the same person. The Compliance Officer only receives what is genuinely new: a sanctions-list addition, a directorship that was not declared in the prior attestation, an article or a post that post-dates the last run. This removes noise and focuses attention on what has actually changed.
What is the auditable consent ledger?
The consent ledger is a tamper-evident log of every consent-related event: who received which notice (nFADP Art. 19), when, and whether consent was given, refused or later withdrawn. It can be exported in full for a FINMA examination or an internal audit, and satisfies the documentary requirements of nFADP Art. 31.
Which sources are queried at each cycle?
Every cycle covers LinkedIn profiles, public accounts on Instagram, Facebook, TikTok and X/Twitter, Swiss and international press (200+ languages), and queries SECO, OFAC SDN and the EU consolidated sanctions list directly. The OpenSanctions PEP dataset (~700k records, daily updates) is queried on every cycle.
How often should cycles run?
Cycle frequency is set according to the role and the risk profile. Most of our clients opt for annual cycles across the entire covered population, supplemented by half-yearly cycles for senior key-function holders. Premtrace supports any frequency and also allows targeted off-cycle verifications when an event calls for one.
What does the attestation binder contain?
Each cycle produces a structured PDF that includes: the list of people verified and their roles, the proofs of prior notice and consent drawn from the ledger, the methodology followed and the sources queried, per-person findings with references and severity, a comparison against the prior cycle, and the sign-off page for the Compliance Officer to insert into the compliance file.
Founded in Switzerland. Built for discretion.
Premtrace AG is incorporated in Switzerland — a jurisdiction where financial confidentiality and regulatory rigour work hand in hand. Our infrastructure runs exclusively on servers located in Switzerland and the EU. No data is processed under US jurisdiction, and we use no US cloud provider for verification data. A signed Data Processing Agreement ships with every programme.
Switzerland
Turn a manual process into a defensible programme
Book a 30-minute demo. We’ll walk through a live verification cycle, show the delta analysis and present the attestation binder as your Compliance Officer and your auditor will see it.