Corporate Criminal Exposure

Swiss corporate criminal liability is narrower in scope than its equivalents in the United States, the United Kingdom, or France, and the maximum fine is a fraction of the sums imposed abroad. That surface characterisation understates the practical burden on a board when its company is the subject of a criminal investigation. The board is, in Swiss criminal procedure, a party in its own right; the company is separately represented; and the decisions taken in the first weeks of an investigation — on cooperation, on internal fact-finding, on privilege, on communications — will shape the civil liability exposure of the directors personally for years afterwards. This article sets out the statutory framework, the content of the organisational-defect standard, the posture the board should adopt during an investigation, the individual liability that runs in parallel, and the cross-border dimensions that regularly make Swiss proceedings the smaller half of a larger problem.

1. The statutory framework

Corporate criminal liability in Switzerland is concentrated in a single provision: Art. 102 StGB, added to the Swiss Criminal Code in 2003. The article establishes two distinct regimes, not always distinguished carefully in practice.

Subsidiary liability — Art. 102 para. 1. Where an offence is committed within a company "in the exercise of commercial activities in accordance with the purposes of the undertaking," and the offence cannot be attributed to any specific natural person because of an organisational defect of the company, the company itself becomes liable. The attribution here is subsidiary: a natural perpetrator cannot be identified, and the company’s failure to organise itself such that the perpetrator could have been identified is the predicate. The class of underlying offences is, under this paragraph, open.

Concurrent liability — Art. 102 para. 2. For a closed catalogue of offences — Art. 260ter (support of a criminal organisation), Art. 260quinquies (financing of terrorism), Art. 305bis (money laundering), Art. 322ter, Art. 322quinquies, Art. 322septies para. 1 (active bribery of Swiss and foreign officials), and Art. 322octies (private-sector bribery) — the company is independently liable even if the natural perpetrator is identified, provided the company “has failed to take all reasonable and necessary organisational measures to prevent” the offence. This second regime is the one that in practice generates the bulk of Swiss corporate criminal exposure, because it anchors directly to the anti-money-laundering and anti-bribery frameworks in which most cross-border exposure arises.

The sanction under both regimes is a fine of up to CHF 5 million (Art. 102 para. 3 StGB). The number is low by international comparison — nowhere near the nine-figure sanctions routinely imposed by the US Department of Justice or the UK Serious Fraud Office — and it should not be allowed to obscure three features of the Swiss system that inflate real-world exposure well beyond the headline cap: disgorgement of illicit benefit under Art. 70 ff. StGB is not limited by Art. 102 and can run to very large sums; parallel civil liability under Art. 754 OR and claims under Art. 41 OR can compound the exposure; and reputational, licensing, and regulatory consequences frequently dwarf the fine itself.

A note on structure: unlike the UK Bribery Act section 7 failure-to-prevent offence, Swiss law does not recognise a free- standing “failure to prevent” as a corporate offence. Swiss corporate liability is always attributive — the company is liable for a predicate offence, attribution being the work done by the organisational-defect analysis. In practice, the two frameworks converge: the central question under both is whether the company’s organisation was reasonably designed to prevent the conduct at issue.

2. Organisational defects — the content of the standard

The operative phrase in Art. 102 para. 2 — “all reasonable and necessary organisational measures” — is the hinge on which Swiss corporate criminal exposure turns. The standard is not defined in the statute and has been elaborated almost entirely through jurisprudence and prosecutorial practice. Its content varies with the company’s size, sector, international footprint, and risk profile, but four elements recur in the cases.

A risk-calibrated compliance programme. The first expectation is that the company has identified the offences under Art. 102 para. 2 that its business could plausibly produce — bribery exposure for companies dealing with public officials or in corruption-prone geographies; money-laundering exposure for financial intermediaries and precious-metals dealers; financing-of- terrorism exposure for cross-border payment businesses — and has implemented measures proportionate to the risk identified. The Swiss Federal Supreme Court has been clear that size-proportionality applies: a multinational financial group is expected to do more than a fifteen-employee Swiss trading house. Case law specifically developing the Art. 102 para. 2 organisational-defect standard remains relatively thin at Federal Supreme Court level; most elaboration is found in first-instance criminal judgments and in FINMA enforcement decisions applying adjacent governance standards.

Segregation and internal control. Payment and decision authorities that eliminate single points of unchecked discretion; dual-signatory requirements for material transactions; independent accounting; reconciliation controls; whistleblowing channels that function and are followed up; documented escalation paths to senior management and, for sufficiently serious matters, to the board.

Training and awareness. Personnel in exposed functions must receive training that is actually adapted to the risks they face. Generic annual e-learning is unlikely to meet the standard for a sales team operating in jurisdictions where facilitation payments are the local norm; tailored training, refreshed, and documented, is.

Monitoring, review, and response. The standard is not satisfied by a programme that exists on paper. Internal audit, compliance monitoring, review of incidents, and demonstrable follow-through on escalated concerns are what a prosecutor or court will look for when asking whether the programme was a genuine risk- management system or a liability shield. A whistleblower report that was closed without investigation is more damaging than no whistleblower channel at all.

The board’s role in this framework is direct. Under Art. 716a para. 1 ch. 5 OR, the board’s non-delegable duty of Oberaufsicht extends expressly to compliance with laws and regulations. A board that cannot evidence board-level engagement with the company’s compliance posture — committee mandates, board-level reports, substantive minuted discussion of exposure and remediation — is the board that the organisational-defect analysis will scrutinise first. The comparative-law commentary on Marchand v. Barnhill sets out the same expectation seen through a Delaware lens; the Swiss regime arrives at it by a shorter route.

3. Investigation posture — the first six weeks

The board’s conduct in the first weeks of a criminal investigation is the period in which most durable decisions are taken, almost always under incomplete information and time pressure. Five dimensions deserve structured attention.

The company as a separate party. In Swiss criminal procedure under Art. 112 StPO, the company accused under Art. 102 StGB is a defendant in its own right and must be represented. The company’s representative is ordinarily designated by the board; the choice is substantive, because the representative carries the procedural rights of the accused for the company. A director who is personally under suspicion cannot credibly represent the company. Where the board is itself conflicted, designating an outside professional — frequently counsel — is the ordinary response.

Preservation. From the moment exposure becomes plausible, the board must ensure that documents, electronic records, and data susceptible to the investigation are preserved. Routine retention cycles should be suspended in the affected scope. Destruction of documents that would have been called for in the investigation is separately punishable and, almost more gravely, produces inferences that damage the company’s position on the merits.

Privilege. Swiss attorney professional secrecy (Art. 13 BGFA / Art. 321 StGB) and the corresponding right of attorneys to refuse evidence (Art. 171 StPO) protect communications with Swiss-admitted external attorneys acting in their professional capacity. The position of in-house counsel changed materially with the 2025 ZPO revision: Art. 167a ZPO (in force 1 January 2025) grants a limited refusal-to-cooperate right for in-house legal departments in civil proceedings, subject to defined conditions (the company is registered as a legal entity, the legal department is led by a person admitted to a cantonal bar or with equivalent foreign qualifications, and the activity is profession-specific). In criminal proceedings, the position remains that in-house counsel do not benefit from equivalent protection. The practical implication for internal fact-finding in criminal-exposure matters is unchanged: memoranda produced by in-house compliance function are, as a working assumption, accessible to Swiss criminal authorities. Boards conducting internal investigations in exposed matters routinely run the investigation through external counsel for this reason.

Cooperation. Swiss criminal procedure provides certain incentives for cooperation — including the possibility of a reparation-based discontinuance under Art. 53 StGB in narrowly defined cases (the post-2018 reform restricted the provision to offences carrying a suspended sentence of up to one year, requires low public-interest in prosecution, and an admission of the facts), and in ongoing matters the informal but consistent practice of recognising cooperation in the eventual penalty. The cooperation calculus is not costless. A company that waives privilege in support of cooperation may expose its directors personally to materials that can be used in civil liability and, in cross-border matters, to overseas authorities. The decision to cooperate, and the scope of any cooperation, should be taken by the board with explicit awareness of these second-order consequences.

Internal investigation. An internal investigation is not a procedural step mandated by Swiss law, but it is almost always undertaken by companies of any size facing exposure. Its purposes — establishing facts, identifying remediation, positioning the company’s cooperation — are legitimate and frequently indispensable. Its risks — loss of privilege, entrenchment of inaccurate preliminary findings, disruption of witness cooperation with the public investigation — are real. The Independent Oversight article sets out the governance posture in which internal investigations are most credibly commissioned; the Litigation Readiness article treats the documentary discipline that supports both the investigation and the defence.

4. Director exposure in parallel

Art. 102 StGB attaches to the company; the natural persons involved remain exposed under the substantive offences on their own account. For directors, three dimensions of this parallel exposure regularly appear.

Direct substantive liability. Directors who participate in, or fail to prevent in breach of a specific duty, the predicate offence are exposed individually. The commentary on BGE 151 IV 258 treats the current state of Art. 158 StGB (unfaithful management) as applied to directors of closely-held Swiss AGs; the insolvency offences (Art. 163 ff. StGB) reach directors whose conduct during over-indebtedness causes creditor harm; and sector-specific offences attach in regulated industries. Individual criminal liability is therefore not a function of Art. 102 but runs alongside it, and a prosecution of the company will frequently co-exist with targeted proceedings against named directors.

Civil spillover. A finding of criminal conduct is, in practice, a dispositive evidentiary event in any subsequent civil liability action under Art. 754 OR. Civil and criminal proceedings are formally independent, but the civil court confronted with a final criminal judgment is unlikely to re-open the factual findings. Directors and their insurers approach the criminal defence, accordingly, with the civil consequences in mind. The commentary on 4A_62/2024 — the Papierschlamm case illustrates the pattern in civil terms; the same facts, had they been pursued criminally, would have produced conviction-driven civil outcomes.

Insurance. Directors and officers liability insurance in Switzerland ordinarily covers defence costs during criminal proceedings, but excludes indemnification of fines and excludes coverage where conduct is established to be intentional or fraudulent. Coverage under modern D&O wording frequently continues pending a final judgment, such that defence costs are advanced but subject to repayment if a qualifying exclusion is triggered at the end. Review of the D&O tower — limits, retention, entity-versus-individual priority, reporting obligations — should be among the first steps the board takes once exposure is apparent.

5. Cross-border dimensions

Swiss corporate criminal proceedings frequently sit within a larger multi-jurisdictional matter. Three patterns are dominant.

Parallel US and UK proceedings. Swiss companies listed in the United States, with US subsidiaries, or doing business in dollars through US-correspondent banking, are regularly exposed to the DoJ and US regulators in parallel with Swiss proceedings. The sanctions differential between the jurisdictions is stark and well-documented; Swiss-criminal outcomes settle alongside US global resolutions in which the economic centre of gravity is US. The practical art is sequencing, attributing conduct across entities, avoiding contradictory admissions, and managing parallel discovery.

Mutual legal assistance. Swiss MLA practice under the IMAC and relevant treaties produces substantial cross-border document flow. Swiss banking and professional secrecy remain, formally, robust, but the circumstances in which they are displaced by MLA obligations have expanded. Boards should assume that material held in Switzerland is reachable by foreign criminal authorities through properly framed requests.

The Art. 271 StGB trap. Art. 271 StGB prohibits acts performed on Swiss soil for a foreign state without Swiss authorisation. In the cross-border context, this creates a recurring dilemma: foreign authorities demand production of Swiss-held documents directly; compliance may breach Art. 271; refusal may escalate the foreign proceeding. The resolution is procedural — route requests through MLA or obtain ministerial authorisation — but it requires early legal advice and the discipline not to improvise under pressure.

6. What this means for boards

Three practical points follow.

Pre-exposure: build the programme honestly. A compliance programme whose content is driven by the company’s actual risk profile — not a template — and which is visibly supported at board level is the single most important determinant of whether an Art. 102 para. 2 exposure ever crystallises. The board should be able to identify, on the record, what the company’s exposed risks are, what controls address them, who owns those controls, what KPIs report on their operation, and when the board last discussed each.

At first signal: preserve, separate, advise. The first meeting following a credible signal of exposure — a dawn raid, a subpoena, a whistleblower report, a press enquiry — should formally preserve affected documents, designate a conflicted or unconflicted representative for the company, instruct external counsel, and clarify the split between the company’s interests and the individual interests of directors, officers, and employees. The instinct to defer these questions until more facts are known is the instinct to accept adverse defaults.

During the investigation: the minutes are the record. Board decisions on cooperation, on privilege, on settlement approaches, on public communications are made under pressure and will be reviewed later — by directors' own counsel on civil liability, by insurers on coverage, by courts if matters do not settle. The Litigation Readiness discipline is the tool; contemporaneous, accurate, reasoned minutes are the output on which later assessment will rely.