FINMASA Art. 3 · nFADP Art. 31 · FINMA Circ. 2017/1
Periodic fit-and-proper verification for Swiss financial institutions
Premtrace runs structured cycles on the client-facing staff of Swiss IAMs, family offices and boutique private banks. At every cycle we document only what has changed since the previous one — and deliver an attestation binder ready for a FINMA examination. Swiss-hosted. Compliant with the nFADP.
The obligation few firms know how to document
FINMASA Art. 3 and FINMA Circular 2017/1 require supervised institutions to ensure, on an ongoing basis, that key-function holders continue to meet the fit-and-proper standard — not just at the point of hire. Annual verification is the prudential expectation. In practice most firms still run this manually, if at all, producing documentation that would not hold up at a FINMA examination.
An ongoing obligation, not an onboarding check
FINMA does not accept a one-off hiring check as evidence of an ongoing fit-and-proper programme. The obligation is continuous. Premtrace structures the periodic cycle that meets it and produces the documentation to prove it.
Risks emerge between cycles
A compliance officer joins the board of a sanctioned entity. A client adviser posts a statement that exposes the firm. A sanctions-list addition post-dates the last attestation. None of this shows up in a hiring check — only a periodic cycle surfaces it.
Delta analysis cuts the noise
Premtrace compares each cycle's findings to the previous one. The Compliance Officer only sees what is genuinely new — not a replay of items already filed. Attention goes where it matters.
Swiss data protection calls for Swiss tooling
Processing fit-and-proper data through US-based tools creates nFADP Chapter 5 transfer issues. Premtrace processes and stores everything on Swiss and EU infrastructure under Swiss law. A signed DPA ships with every programme.
What each cycle produces
Delta findings
- Sanctions-list additions since the previous cycle (SECO, OFAC, EU)
- PEP status changes (OpenSanctions, ~700k entries)
- New adverse media in 200+ languages
- New LinkedIn roles, directorships or board seats
- New social-media content that exposes the firm
Auditable consent ledger
- nFADP Art. 19 notice — one entry per person, per cycle
- Timestamped consent records, exportable for examination
- Consent-withdrawal flag and programme suspension
- Version history of notices, for regulatory traceability
- Aligned with the nFADP Art. 31 overriding-interest framework
Attestation binder
- Covered-population register with role and date history
- Methodology and sources queried
- Per-person findings with severity and source references
- Delta comparison against the prior cycle
- Sign-off page for the Compliance Officer
Legal framework — Swiss law, Swiss servers
Premtrace AG is incorporated in Switzerland and processes data exclusively under Swiss and EU law.
FINMASA Art. 3
Ongoing fit-and-proper obligation for FINMA-supervised institutions. Premtrace produces the structured attestation documentation that evidences it.
nFADP Art. 31
Overriding interest for periodic verification, backed by the notice and consent flow built into every programme.
Data hosted in Switzerland
All processing on Swiss and EU servers. No US data transfers. Compliant with Chapter 5 of the nFADP. A signed DPA ships with every programme.
Public sources only
Only publicly available information. No private accounts, no password-protected content. Aligned with the nFADP Art. 6 minimisation principle.
Designed for the Compliance Officer at a Swiss regulated institution
Turn a manual process into a defensible programme
Book a 30-minute demo. We’ll walk through a live cycle, illustrate the delta analysis and present the attestation binder as your Compliance Officer and your auditor will see it.
Annual programme from CHF 10’000 · CHF 150–250 per covered employee / year