FINMA reports Digital Fraud Risks and Readiness in Swiss Banking

Digital fraud is no longer a niche risk for banks and financial institutions. It has become a structural challenge for digital financial services, particularly in relation to the opening, access and management of customer relationships online.

With “FINMA Guidance 02/2026: Digital fraud risks for banks and persons under Article 1b of the Banking Act”, the Swiss Financial Market Supervisory Authority has firmly placed digital fraud on the agenda for banks and fintech institutions in Switzerland.

The guidance does not introduce a completely new legal framework. Instead, it clarifies how digital fraud risks should be understood within existing obligations around operational risk management, anti-money laundering, online identification, and institutional governance.

Furthermore, it sends a clear signal that the threat landscape has changed. Fraudsters are using automation, stolen identities, forged documents, phishing, manipulated videos and, increasingly, deepfake technologies to attack digital financial services.

Therefore, the question is no longer whether institutions need digital fraud defence mechanisms. The real question is whether their existing mechanisms remain robust enough.

FINMA Guidance 02/2026: What it is about

FINMA has observed a steady increase in digital fraud cases at banks since the end of 2022. The guidance focuses on three central areas:

Firstly, operational risk management. Banks and institutions under Article 1b of the Banking Act must have the appropriate structures, processes, and controls in place to identify, assess, manage, and monitor digital fraud risks.

Secondly, it addresses the fraudulent use of accounts opened online. FINMA highlights the risks associated with forged identity documents, identity theft, manipulated videos and deepfakes, as well as accounts that are opened legitimately but later handed over to criminals.

Thirdly, it covers money laundering prevention. Fraudulently opened or misused accounts can be used to channel illicit funds. This makes digital fraud directly relevant to AML systems, transaction monitoring and suspicious activity reporting.

This guidance is based partly on FINMA’s supervisory work and partly on a survey conducted at the end of 2025 among 19 banks spanning various supervisory categories. Although the document focuses on Switzerland, the risks described are not limited to the Swiss market.

FINMA’s survey findings:

FINMA’s survey suggests that readiness for digital fraud is still uneven across the Swiss financial sector. While many institutions are aware of the risks, this awareness does not always translate into clear responsibilities, real-time detection capabilities, or the ability to respond proactively.

• 12 out of 19 surveyed institutions stated that they have sustainable governance structures for digital fraud. However, responsibilities are often distributed among individuals with multiple roles. In practice, this can hinder the coordination of fraud prevention efforts between compliance, IT security, AML, operations and customer onboarding teams.
  
  
• In fact, 8 out of 19 surveyed institutions (42%) do not have a dedicated digital fraud policy. Instead, digital fraud is often covered indirectly through other policies, such as information security or AML policies. This can lead to fragmented processes and slower decision-making when fraud is suspected.
  
  
• Only 12 out of 19 (63,2%) banks use real-time fraud detection. Seven do not analyse ongoing fraud attacks at all, or only do so manually – which makes pattern recognition more difficult. Furthermore, many institutions are unable to update detection rules promptly due to their reliance on third-party providers, which compromises their ability to respond.
  
  
• 3 of the surveyed institutions do not use technical controls, such as geo-blocking, IP risk rating or device fingerprinting, to authenticate clients. Around 20% either lack key controls or do not regularly review their effectiveness.

Overall, the findings show that general awareness alone is insufficient for digital fraud prevention. Financial institutions need clear ownership, dedicated policies, continuous monitoring, and technical controls that are regularly tested and updated.

Why online onboarding is becoming a high-risk entry point

FINMA explicitly highlights the fraudulent use of online accounts. Criminal organisations are increasingly trying to open accounts using sophisticated technical methods. These accounts can then be used to transfer illicit funds.

The guidance identifies several risk factors, including forged identity documents, identity theft, manipulated videos, deepfake technologies, phishing-based account takeovers, money mule activity, and individuals who are tricked into handing over access to their accounts after they have opened them.

This last point is important. Not every problematic account is opened with a fake identity. The accounts are often opened using valid identity documents and in accordance with applicable due diligence requirements. The actual fraud may occur at a later stage, when a third party gains control of the account.

This demonstrates why digital fraud prevention cannot end at the onboarding stage. While identity verification is essential, it must form part of a broader fraud prevention strategy that also considers account access, behavioural patterns, transaction monitoring, and AML signals.

Deepfakes change the risk model

Deepfakes are not just another type of fraud. They challenge one of the fundamental principles of remote identification: the idea that the person in the video or selfie is genuine, physically present, and acting in real time.

FINMA explicitly states that the risks of fraudulent online account opening are exacerbated by artificial intelligence, video manipulation software, and deepfake technologies. Manipulated videos and forged identity documents are becoming increasingly difficult to detect, as they accompany online account opening.

This is why traditional checks alone are no longer sufficient. Liveness detection, document verification and manual review remain important. However, these need to be complemented by dedicated deepfake and injection attack detection, device intelligence, and continuous risk analysis.

The key question is not whether one individual security layer works. Rather, the key question is whether the entire verification process can withstand coordinated manipulation across multiple layers.

How PXL Vision supports compliant and fraud-resistant identity verification

The challenge for financial institutions is to combine regulatory compliance, fraud prevention and conversion. Stronger security measures should not create unnecessary friction for legitimate customers and user experience. At the same time, smooth onboarding cannot be achieved at the expense of weak identity checks.

PXL Vision supports banks, fintechs, and other regulated institutions with automated, browser-based identity verification and electronic signature solutions that are designed for complex regulatory environments.

The PXL Vision platform helps companies implement digital onboarding processes that align with Swiss AML requirements, FINMA's expectations regarding video and online identification, and other relevant regulatory frameworks, such as ZertES and eIDAS.

PXL Vision invests and does research for years on the topics of deepfakes and fraud prevention. We early teamed up with Idiap Research Institute in order to develop leading deepfake detection capabilities. These capabilities, among other security measurements, are well integrated in our GwG compliant Onboarding, Identity verification and qualified electronic signature (QES) solutions.

This is particularly relevant given FINMA’s explicit guidance on the risks of manipulated videos, forged identity documents, deepfakes, and inadequate technical controls in online account opening.

A layered security approach to identity verification

Modern identity fraud is rarely one-dimensional. Fraudsters may use a combination of stolen personal data, forged documents, synthetic media, manipulated camera streams, suspicious devices and social engineering.

This is why PXL Vision follows a layered security approach. Fraud signals are analysed across multiple independent layers, including:

• passive liveness detection
• deepfake detection
• injection and screen attack detection
• document verification and document forensics
• NFC verification
• anomaly detection and device intelligence
• device-related and behavioural risk signals, including mechanisms such as device fingerprinting

This layered model reflects the direction FINMA points to in its guidance. Digital fraud prevention should not rely on one isolated control. It should combine organisational structures, technical measures, detection capabilities, response processes and AML integration.

Why this matters now

FINMA Guidance 02/2026 shows that digital fraud is now a topic for the board and compliance teams. It affects operational resilience, legal exposure, the effectiveness of anti-money laundering measures, customer trust, and institutional reputation. However, the broader message is even more significant: fraud prevention must evolve at the same rate as fraud itself.

As AI-generated manipulation becomes more accessible, institutions require defence mechanisms capable of detecting not only fake documents or faces, but also suspicious patterns throughout the entire identity verification process.

For regulated financial institutions, this means shifting from a tick-box approach to onboarding to a risk-based, layered one. Strong identity verification is about more than just confirming who a customer is at the beginning of the relationship. It is about establishing a secure and trustworthy basis for the entire digital customer lifecycle.

Source: FINMA Guidance 02/2026: Digital fraud risks for banks and persons under Article 1b of the Banking Act”