The Federal Council wants to ratify the Council of Europe's AI Convention What challenges will the financial sector face?

Artificial intelligence (AI) is fundamentally changing the financial sector. Automated trading algorithms manage investments in real time, AI- supported chatbots advise customers around the clock and machine learning optimises risk management at banks and insurance companies. The possible applications are numerous and diverse: from AI solutions for research to core business and back office to sales. However, these advances also present new challenges. How can we ensure that AI models work transparently and fairly? What risks does automation harbour for customers and investors?

In view of the risks associated with AI, comprehensive regulations such as the EU's AI Act have recently been adopted at international level. In Switzerland, there is no specific AI legislation so far. However, the existing provisions are foreseeably not sufficient to adequately regulate the rapid pace of technological change. Against this backdrop, the Federal Council decided on 12 February 2025 to ratify the European Council's Convention on Artificial Intelligence and to make the necessary adaptations to Swiss law. The responsible federal departments are to prepare a corresponding consultation draft by the end of 2026.

The decision to implement the AI Convention could have far-reaching consequences for the financial sector in particular: Banks, asset managers, insurance companies and fintechs will have to comply with new requirements - particularly in the areas of transparency, ethical responsibility and governance. What specific changes can be expected and how should the industry prepare for them?

The current AI regulatory landscape in Switzerland from a financial market law perspective

As already mentioned, there is no specific AI legislation in Switzerland to date. However, AI-supported financial services are already subject to various existing regulations:

• Banking Act, Insurance Supervision Act, Financial Institutions Act: These laws and their implementing decrees oblige financial institutions to have a suitable organisation and to maintain an appropriate risk management system that ensures compliance. These requirements must also be adhered to when using AI.
  
  
• Financial Services Act: In particular, this Act is intended to ensure that clients are treated fairly. If AI is used in the processes of asset management or investment advice, there is a risk of unequal treatment of clients. The provisions of the Financial Services Act are intended prevent this.
  
  
• Data Protection Act: AI applications that process personal data must strictly comply with data protection regulations. The higher the risk of affecting personal rights associated with the processing of personal data, the higher the requirements for data security and monitoring.
  
  
• Published Finma practice: In recent years, the Swiss Financial Market Supervisory Authority Finma has issued various statements on the use of AI systems in the financial market. On 18 December 2024, it published the new Guidance 08/2024. In it, FINMA specifically draws attention to the risks associated with the use of artificial intelligence in the financial market and communicates concrete expectations for appropriate governance and adequate risk management.

Possible impact of the AI Convention on Swiss financial service providers

As a member of the Council of Europe, Switzerland played an active role in the development of the AI Convention. With the intended ratification of the convention, Switzerland commits to transposing it into national law. This means that AI systems in Switzerland must be regulated in a way that guarantees human rights, democracy and the rule of law.

The regulations will vary depending on the risks associated with the AI applications concerned. In the financial sector, for example, AI applications for the credit business or in algorithmic trading are likely to be considered increased risks and are subject to correspondingly stricter requirements.

In particular, the AI Convention regulates the following principles, which are likely to be reflected in future Swiss legislation and have an impact on the financial sector:

• Transparency requirements: The new regulation will impose transparency requirements. This means that financial service providers will have to disclose the extent to which AI models make relevant decisions for them, and affected persons will have information rights. This could have a particular impact on AI-supported processes in areas such as creditworthiness checks or investment advice.
  
  
• Accountability and responsibility: Companies can be held liable for incorrect decisions made by their AI models. For financial service providers, this means that potential damage caused by their AI systems must be taken into account when analysing, assessing and monitoring their operational risks.
  
  
• Equal treatment and non-discrimination: It must be ensured that the use of AI systems does not result in unequal treatment or discrimination against customer groups. Against this backdrop, financial service providers must ensure that the results of AI applications can be replicated, explained and reproduced. It is important to understand what the drivers of the applications are and how the applications behave under different conditions in order to be able to assess the plausibility and robustness of the results.
  
  
• Privacy and protection of personal data: When using AI, the individual's right to privacy and the protection of their personal data should remain guaranteed. The current legal framework, in particular the recently amended Data Protection Act, already offers a good level of protection in this regard. If necessary, additional specific information obligations will be introduced.
  
  
• Reliability: AI systems should fulfil quality and safety requirements in order to strengthen public trust. The focus here is on specific key elements in the functioning of AI systems such as reliability, robustness, security, accuracy and performance as well as functional requirements such as quality, data integrity and data security and cyber security. Financial service providers already have to fulfil such requirements for the management of operational risks, particularly with regard to information and communication technology. These requirements are likely to be expanded to include AI-specific elements.
  
  
• Risk management: Companies that use AI applications to a relevant extent must take these applications into account in their risk management. Specifically, financial service providers will maintain AI inventories and ensure their completeness. Additionally, they will have to carry out specific risk analyses and adequate measures will have to be defined to limit these risks. Depending on the scope and complexity, this will require complex testing procedures and monitoring systems.
  
  
• Governance and supervisory mechanisms: Financial service providers will need to issue internal directives and introduce control mechanisms to ensure that the new regulations on the use of AI systems are appropriately regulated, controlled and integrated into internal reporting.

The intended ratification of the AI Convention shows Switzerland cannot escape international regulatory developments in the area of AI either. The question of how closely the draft legislation to be prepared will be modelled on the EU's AI Act is still open. The AI Act came into force on 1 August 2024 and is directly applicable in the EU member states from 2 August 2026 - with certain exceptions. The AI Act does not apply to Switzerland in principle, but does apply to Swiss actors that operate in the EU market within the scope of the AI Act. It categorises AI systems into four risk categories. For financial service providers, in particular the "high-risk" applications must fulfil strict test criteria and require special monitoring measures.

Switzerland must decide whether to pursue an independent approach to AI regulation or to orientate itself closely to EU standards. The adoption of the Council of Europe’s Convention indicates that it is not opting for a purely liberal approach, but is instead focussing more on international rules. It also remains to be seen whether there will be new horizontal (cross-sector) legislation or whether existing legal foundations will simply be expanded in certain areas.

Conclusion and outlook 

To summarise, the Federal Council's decision to adopt the Council of Europe’s Convention is a significant step towards clear yet innovation-friendly AI regulation. Whilst the exact legislative adaptations still have to be developed, it is already clear that the Swiss financial sector will have to prepare for significant regulatory changes in the use of AI in the coming years. Affected financial service providers must establish AI governance structures to ensure that their systems comply with the new requirements. The associated liability risks will increase.

However, the new regulation also offers opportunities. Companies that  adapt early on could benefit from a reputational advantage. A well-thought-out regulatory environment can ultimately strengthen trust in AI-supported financial services.

This article appeared in the Private Magazine issue 01/2025.