On 3 June 2026, FINMA published Guidance 03/2026 on the risks associated with the use of products in individual portfolio management. The Guidance responds to a rise in cases escalated to FINMA due to deficiencies (escalation cases) concerning portfolio managers licensed under Article 17 FinIA. Although primarily addressed to such portfolio managers, FINMA stresses that its findings are also relevant to other institutions providing individual portfolio management, including without limitation managers of collective assets, securities firms, and banks.

Findings from the escalation cases

FINMA’s analysis revealed recurring risk patterns, particularly in connection with in-house products, products lacking equivalent supervision and unsupervised structures. The instruments most frequently involved were foreign funds without equivalent supervision, structured products (in particular actively managed certificates, AMCs) and securities of foreign, unregulated issuing or structuring entities. Such products are often subject to reduced supervisory, transparency, valuation, liquidity and diversification requirements; their complexity and limited liquidity had a risk-increasing effect, in some cases resulting in substantial client losses.

The principal deficiencies were: (i) the sale or use of complex, high-risk or illiquid products without adequate suitability assessment, without regard to clients’ risk capacity and risk appetite and without appropriate risk disclosures; (ii) excessive concentration in such products in clear contradiction to clients' risk profiles; (iii) insufficient management of conflicts of interest arising from in-house products, including non-transparent double fee charging, remuneration incentives favouring own products, and the absence of objective, industry-standard product selection processes; and (iv) inadequate initial and ongoing due diligence and risk management. FINMA also flagged the risks of outsourcing control functions — risk management and compliance — to unauthorised service providers, which often produced standardised rather than tailored controls, unclear responsibilities and control gaps.

Requirements recalled by FINMA

Conduct requirements (FinSA/FinSO). FINMA emphasises the obligation to perform a suitability assessment (Art. 12 FinSA; Arts. 16–17 FinSO) and the handling of conflicts of interest (Art. 25 FinSA; Arts. 24–28 FinSO). A risk profile must be prepared for each client and an investment strategy defined; the instruments used must be suitable in light of that profile and strategy, with particular care where high-risk, complex or illiquid instruments are used for retail clients. Clients must be informed whether the selection covers only own or also third-party instruments. The use of own products must not be favoured through staff remuneration, and unavoidable conflicts of interest must be disclosed.

Risk management (FinIA/FinIO). A portfolio manager's risk management must cover all business activities and be organised so that all main risks can be identified, assessed, controlled and monitored (Art. 12 para. 4 FinIO). This includes the risks to which the assets managed under mandates, and any products managed, are or could be exposed — such as concentration, liquidity, valuation and conflict of interest risks. The instruments used must undergo careful, risk-based due diligence; for unsupervised products, warning signs include missing audited financials, outstanding audit opinions and a change or termination of the audit firm.

Outsourcing. Responsibility for outsourced control functions remains with the institution, which must retain the resources and expertise to monitor them (Arts. 16–17 FinIO). The scope of the outsourcing – in particular whether it covers risk management of client portfolios and products – must be clearly defined.

Supervisory context

The Guidance confirms a continued rise in supervisory activity: 68 supervisory cases were opened in 2025 (2024: 34; 2023: 9). In the most serious instances, shortcomings placed substantial client assets – including retirement assets – at risk.

What affected institutions should do

Institutions providing individual portfolio management should review their suitability processes, conflict of interest and product selection frameworks, product due diligence and risk management, and any outsourcing of control functions against the standards reaffirmed in the Guidance. Particular scrutiny is warranted where in-house, complex or illiquid products are used in retail client portfolios.