Why governance matters more in private banking than anywhere else in finance
Private banking is a trust business in a way that retail banking, investment banking and asset management are not. A retail banking client can switch banks in an afternoon and suffer no meaningful consequence. A private banking client who loses confidence in their bank is not merely inconvenienced — they are withdrawing from a relationship that in many cases has been maintained across generations, that involves the most sensitive details of their financial life, and that was built on the assumption of absolute discretion and institutional integrity.
This asymmetry — between the ease of losing trust and the difficulty of building it — gives corporate governance in Swiss private banking a weight it does not carry in other financial sectors. A governance failure that would be a reputational setback for a retail bank can be existential for a private bank. The institution's governance standards are, in the eyes of its clients, its most important product. And FINMA understands this. The regulator's supervisory approach to Swiss private banks reflects an expectation that governance standards are not merely adequate — they are exemplary.
Corporate governance in Swiss banks is principally governed by FINMA Circular 2017/1 (Corporate governance — banks), which establishes binding requirements for the board of directors, senior management, risk management, internal control systems, and the segregation of functions. The Circular applies on a proportionate basis — with higher expectations for larger and more systemically significant institutions — but its core governance principles apply to all licensed banks, including smaller Swiss private banks.
FINMA Circular 2017/1 is complemented by the Swiss Banking Act (BA), the Banking Ordinance (BO), the FINMA Supervision Ordinance, and — for institutions with EU nexus — applicable EU directives including CRD V. The Swiss Code of Obligations provides the underlying company law framework within which banking-specific governance requirements operate.
The board of directors: the governance standard that defines the institution
In Swiss private banking, the board of directors is not a ceremonial body. FINMA Circular 2017/1 is explicit: the board bears ultimate responsibility for the institution's strategic direction, risk oversight, and the integrity of its governance framework. Board members who treat their mandate as an honorary appointment — attending quarterly meetings, approving management recommendations, collecting fees — are not meeting their legal obligations. They are creating governance risk.
The board's core responsibilities under the Swiss regulatory framework can be organised around five non-delegable functions. Non-delegable means exactly that: the board may engage management to execute, but it cannot transfer the accountability.
Board composition: meeting the challenge of rising regulatory expectations
Building a board that meets FINMA's evolving expectations for collective competence is one of the most genuinely demanding governance challenges facing Swiss private banking institutions. The regulatory bar has risen significantly over the past decade — and continues to rise. What satisfied a supervisory examination in 2015 may no longer satisfy one today. Boards that have served the institution well through one regulatory cycle may find that the expectations of the next cycle require a deliberate investment in complementary expertise.
FINMA's expectations for board composition centre on collective capability — the board as a whole must possess the breadth of expertise needed to oversee the institution's full range of risks and strategic challenges. In practice, this means four distinct perspectives working together: banking and financial services expertise as the foundation; risk and compliance expertise that is increasingly essential given the regulatory intensity of the current environment; financial and accounting expertise to support effective audit committee oversight; and strategic, commercial or technology perspective that strengthens the board's ability to oversee digital transformation and business model evolution. Assembling this breadth — while maintaining the continuity and institutional knowledge that private bank governance also requires — is a genuine balancing act that deserves to be recognised as such.
FINMA's examination of board composition focuses on two dimensions: whether the board collectively possesses the expertise to oversee the institution's risks and strategy, and whether individual board members have the capacity — in terms of time, independence and commitment — to exercise their oversight function effectively. Meeting both dimensions simultaneously, while managing board size, independence requirements and succession planning, is the practical challenge that nomination committees in Swiss private banks navigate in an increasingly demanding regulatory environment.
The three-lines model: governance architecture and the challenge of making it work
The three-lines model — first line (business), second line (risk and compliance), third line (internal audit) — is the governance architecture that FINMA expects all Swiss private banks to operate. Designing the structure is the straightforward part. The genuine challenge lies in sustaining the relationships between the lines in a way that delivers real governance value — genuine independence, meaningful challenge, and risk information that reaches the board in an accurate and timely form. This is more demanding in practice than it appears on paper, and it is where governance investment has the greatest impact.
| Line | Function | What good looks like | The governance challenge to address |
|---|---|---|---|
| First line — Business | Risk ownership. Relationship managers, product teams and operations own the risks they create and are responsible for managing them within the risk appetite. | Business units have embedded risk awareness. Relationship managers understand and apply client risk appetite limits. Escalation is prompt and culturally normalised. | Sustaining genuine risk ownership in first line teams under commercial pressure — ensuring that risk is assessed before decisions are made, not after. |
| Second line — Risk & Compliance | Risk oversight and challenge. Sets risk frameworks, monitors risk-taking, provides independent challenge to business decisions, reports to board and senior management. | Second line has genuine independence, adequate resources and direct board access. Its challenge is taken seriously and documented. It can say no and be heard. | Maintaining the authority and independence of the second line while working constructively with business — ensuring its voice reaches the board without undue filtering. |
| Third line — Internal Audit | Independent assurance. Audits the effectiveness of first and second line controls. Reports directly to the board audit committee without management intermediation. | Internal audit has unrestricted access, adequate expertise and genuine board audit committee engagement. Findings are addressed promptly and tracked to closure. | Building internal audit capacity — particularly technical expertise for complex and evolving risk areas — and ensuring findings receive the board engagement they deserve. |
The governance investment that delivers the greatest return in the three-lines model is not structural — it is relational. Ensuring that each line understands and respects the role of the others, that challenge is received as a contribution rather than an obstacle, and that risk information flows to the board with the accuracy and completeness it needs to exercise genuine oversight. FINMA's governance examinations assess precisely this — not whether the structure exists, but whether the relationships within it are producing real governance value.
"The test of a governance structure is not whether it exists on paper. It is whether it helps the institution make better decisions than it would have made without it."
Board committees: structure, mandate and the common design errors
Swiss private bank boards typically operate through four committees: the audit committee, the risk committee, the compensation committee, and — in larger or more complex institutions — a nomination and governance committee. Each committee's effectiveness depends critically on its composition, its mandate, and the quality of its engagement with management.
The audit committee
The audit committee is the board's primary interface with the institution's financial integrity and internal control framework. Its effectiveness rests on three conditions that require deliberate and sustained attention: at least one member with genuine financial accounting expertise; genuine independence from management in the chair and majority of members; and a direct, productive relationship with the external auditor and head of internal audit.
The most important governance investment an audit committee can make is in the quality of its engagement with audit findings. This means going beyond management summaries to understand the significance and root cause of findings — what they reveal about the control environment, not just whether they are being remediated. A regular private session with the head of internal audit, without management present, is one of the most valuable governance practices an audit committee can establish. It creates a channel through which the committee receives an unfiltered picture of the institution's control health — and signals to the organisation that the board takes its oversight responsibility seriously.
The risk committee
The risk committee is responsible for oversight of the institution's risk profile across all material risk categories — credit, market, liquidity, operational, compliance, reputational. In Swiss private banking, where the risk profile is dominated by operational and compliance risks rather than credit and market risks, designing a risk committee agenda that reflects this balance is itself a governance discipline. The committee's time and attention should be allocated in proportion to the institution's actual risk profile — which in Swiss private banking typically means substantial focus on AML, sanctions, conduct and operational resilience.
The governance standard that FINMA expects from risk committees is reporting that expresses the institution's risk profile against the board-approved risk appetite — not just a description of risks but an explicit assessment of where the institution stands relative to the limits the board has set. This comparison transforms risk reporting from an information exercise into a genuine governance tool. Reaching this standard requires investment in the quality of management information — but it is the investment that makes risk committee oversight substantive rather than procedural.
Related-party transactions and conflicts of interest: the private banking governance challenge
Swiss private banking has a structural governance challenge that is less acute in other banking sectors: the concentration of relationships. In a private bank, it is common for significant clients to also be shareholders, for board members to have personal client relationships with the bank, and for senior management to have financial interests that intersect with the institution's business activities. These are not inherently problematic — they are often the natural consequence of relationship-driven banking. But they create conflicts of interest that must be managed with particular care.
FINMA's expectations for related-party transaction governance are stringent. Transactions with related parties — including board members, senior management, significant shareholders and their connected persons — must be conducted on arm's-length terms, approved at an appropriate governance level, and disclosed in the annual report. Exceptions must be documented and justified. The standard FINMA applies is not whether the transaction was commercially reasonable — it is whether the governance process was adequate to protect the institution's interests independently of the interests of the related parties involved.
In a governance examination, FINMA will ask: how does your board identify, approve and monitor related-party transactions? Who has authority to approve transactions with board members? What is the disclosure process? Can you demonstrate that related-party transactions in the past 12 months were conducted on arm's-length terms?
Boards that have invested in building documented, consistently applied processes for related-party governance are well positioned to answer these questions specifically and confidently. The investment is modest — clear policy, defined approval authorities, a maintained register of related-party transactions — and the governance dividend is significant: regulatory confidence, board clarity and protection for the institution's reputation.
Governance disclosure and transparency: the standard that is rising
The trend in Swiss corporate governance is towards greater transparency — more disclosure of board composition and diversity, more granular reporting of compensation structures, more specific description of risk oversight processes. This trend is driven partly by regulatory expectation, partly by investor and client pressure, and partly by the international governance standards that Swiss private banks increasingly need to meet as they serve clients across multiple jurisdictions.
FINMA does not prescribe a specific governance disclosure format for private banks — the disclosure requirements for unlisted institutions are less prescriptive than for listed companies. But the regulator does expect that governance disclosures are accurate, complete and consistent with the institution's actual governance practices. A governance disclosure that describes a robust three-lines model that does not function as described in practice is not a disclosure problem — it is a governance problem with a disclosure symptom.
What exceptional governance looks like — and how boards get there
Having observed governance across Swiss private banking institutions, the distinguishing characteristics of boards that exercise genuinely effective governance are consistent and recognisable. They are not defined by the sophistication of their governance documentation or the prestige of their board members. They are defined by specific behaviours that are observable in the boardroom and in the quality of the institution's regulatory relationships.
The governance dividend: why strong governance is a competitive advantage
The argument for strong corporate governance in Swiss private banking is sometimes framed as a regulatory obligation — something institutions must do to satisfy FINMA and avoid enforcement action. This framing is accurate but incomplete. Strong governance is not merely a regulatory obligation. It is a commercial advantage, and increasingly a decisive one.
Private banking clients — particularly institutional clients, family offices and ultra-high-net-worth individuals with sophisticated advisers — are increasingly governance-aware. They conduct due diligence on the institutions they entrust with their assets. They ask about board composition, about the independence of the compliance function, about the institution's regulatory history. A private bank that can demonstrate genuinely strong governance — not just adequate documentation but a board that evidently exercises real oversight — has a differentiator that many of its competitors cannot match.
The institutions that build this advantage are those whose boards have decided that governance is not a cost of doing business but an investment in the franchise. That decision — made at board level, embedded in how the institution operates, visible to regulators and clients alike — is the most consequential governance decision a Swiss private bank board can make. And unlike most strategic decisions, its value compounds over time. Every year of consistently strong governance makes the institution more trusted, more resilient to regulatory scrutiny, and more attractive to the clients and talent that sustain its long-term position in the market.