Product

A structured programme, not a one-off check.

Premtrace covers client-facing staff and key-function holders. At every cycle we compare the results against the previous run and surface only what has changed. Output: an attestation binder ready for a FINMA examination, for your Compliance Officer to sign off. Swiss-hosted. Compliant with nFADP Art. 31.

The cycle, end to end

Five steps from setup to Compliance Officer sign-off. Runs at any cadence — annual, half-yearly, or triggered by an event.

Step 01

Define the covered population

You share the list: client-facing staff, key-function holders, directors, board members. Premtrace then maintains a versioned register with role and effective-date history, aligned with the scope of your FINMA authorisation and proportionate to the risk profile of each role. Every movement — new hire, role change, departure — is timestamped.

Step 02

Notice and consent

Before any run, each person in the programme receives the notice required by nFADP Art. 19: identity of the controller, purpose (fit-and-proper assessment under FINMASA Art. 3), categories of public sources queried, retention period, and their rights. The proof of consent goes to the ledger — timestamped, exportable, kept for the life of the programme. Consent withdrawal is flagged immediately.

Step 03

Scheduled cycle

At each cycle we scan LinkedIn, public Instagram / Facebook / TikTok / X accounts, Swiss and international press in 200+ languages, and query SECO, OFAC SDN and the EU consolidated sanctions list directly. The OpenSanctions PEP dataset (~700k entries, daily updates) runs every cycle. Name disambiguation reduces false positives on common names across jurisdictions.

Step 04

Delta analysis — only the new

The cycle's results are compared against the prior cycle for the same person. The Compliance Officer receives only what is genuinely new: a sanctions-list addition since last run, a directorship that was not declared at the last attestation, an article or post that post-dates the previous cycle. Findings that were present before and are unchanged stay in the archive but are not re-reported.

Step 05

Attestation binder — ready for a FINMA examination

Each cycle closes on a structured PDF: list of covered employees and their roles, consent and notice records pulled from the ledger, methodology and sources, per-person findings with severity and source URLs, a delta comparison against the prior cycle, and the sign-off page for the Compliance Officer to insert into the compliance file.

What each cycle looks at

Three families of fit-and-proper risk, checked against public sources in 200+ languages and sanctions lists queried live.

Reputational risk

  • Adverse media coverage
  • Controversial public statements
  • Association with sanctioned or disqualified entities
  • Social media conduct inconsistent with role

Compliance risk

  • Regulatory sanctions or investigations
  • Sanctions list matches (OFAC, EU, SECO)
  • Politically Exposed Person (PEP) status
  • Undisclosed conflicts of interest

Security risk

  • Credential exposure in data breaches
  • Mentions on paste sites or dark web indices
  • Anomalous online activity patterns
  • Account compromise indicators

Built to hold up at examination

A fit-and-proper programme you cannot demonstrate to the regulator is not a programme. Premtrace produces the documentation a FINMA examination or internal audit expects:

  • Timestamped consent records, with legal basis, scope and notice version
  • Versioned covered-population register with role and effective-date history
  • Per-cycle attestation binder: methodology, sources, findings
  • Delta analysis: what changed since the prior cycle, person by person
  • Programme-level audit log: who ran what, when, for which cohort
  • Configurable retention aligned with your DPA commitments
  • PDF export ready to drop into the compliance file

Attestation binder extract — delta findings

HIGH

NEW (since cycle 10-2025) — Subject appears on the SECO consolidated list (added 12.03.2026). Cross-referenced with OFAC SDN. Not present in the previous cycle.

MEDIUM

NEW (since cycle 10-2025) — LinkedIn profile shows an undeclared directorship at XYZ Holdings SA since February 2026. Not in the last fit-and-proper attestation.

LOW

UNCHANGED — PEP proximity via the spouse's cantonal role. Already noted and filed. No escalation needed unless the scope of mandates changes.

Each finding includes the source URL, the date of publication, the delta status against the previous cycle and the rationale for the severity rating.

Data protection by design

Swiss data residency

All processing and storage occurs on Swiss and EU infrastructure. No data is transferred to the United States or any non-adequate jurisdiction. Satisfies nFADP Chapter 5 transfer restrictions.

Public sources only

Premtrace accesses only information the subject has placed in the public domain. No password-protected content, private accounts, or purchased data. Legally sound basis for processing under nFADP Art. 6.

nFADP Art. 31 — overriding interest

Periodic verification of staff already in post rests on overriding interest (nFADP Art. 31), backed by the notice and consent flow built into every programme. The legal basis is documented in the DPA, which ships signed with every programme.

See a cycle in practice

Book a 30-minute demo. We’ll walk through a live cycle, illustrate the delta analysis and present the attestation binder as your Compliance Officer and your auditor will see it.

Book a demoView sample report