Executive Summary
Photocopy-based client onboarding quietly exposes Swiss External Asset Managers, trustees, and portfolio managers to avoidable operational cost, audit weaknesses, and data-protection risk before any AUM is onboarded.
Regulatory expectations in Switzerland and internationally already favor risk-based, traceable, and auditable identity verification over document collection alone.
Replacing passport photocopies with instant, secure verification methods reduces KYC friction and onboarding cost while strengthening audit trails and risk mitigation, without lowering compliance standards.
The Real Cost of “Business as Usual” KYC
For many Swiss SME EAMs and independent portfolio managers, client onboarding still begins with photocopying a passport or ID card. The document is scanned, emailed internally, and stored in a shared folder or physical file. The process feels compliant because it has been accepted for years.
In reality, this approach generates cost and risk long before a mandate generates AUM. Staff time is consumed by document collection, follow-ups for missing pages, manual checks, and internal handovers. Compliance reviews often require revisiting the same files to reconstruct what was done and when.
Operational studies cited by PwC show that manual, document-driven onboarding processes in financial services are among the highest contributors to onboarding cost and delay, particularly for smaller firms without centralized compliance infrastructure. These costs scale directly with client volume but do not improve risk coverage.
From a loss-aversion perspective, the issue is not speed or convenience. It is exposure that accumulates quietly with every new client.
Why Passport Photocopies Are a Weak Control
A photocopy confirms that a document existed at some point. It does not reliably demonstrate who verified it, how authenticity was assessed, when the verification occurred, or whether the process followed internal AML policy.
Swiss supervisory expectations increasingly focus on traceability rather than formality. Guidance from FINMA makes clear that financial intermediaries must be able to demonstrate their controls during audits, not merely assert that documents were collected. When identity checks are reviewed months or years later, undocumented or weakly documented steps become a compliance liability.
This problem is compounded by data-protection exposure. Passport copies are high-risk personal data under the revised Swiss Federal Act on Data Protection and under GDPR for cross-border clients. Industry breach analyses consistently show that shared drives, email attachments, and ad-hoc document repositories remain a primary source of sensitive data leaks in professional services firms.
A stored passport copy is therefore not neutral. It is a permanent risk surface that must be secured, retained, and eventually deleted correctly.
Regulatory Direction Is Already Clear
International AML standards no longer equate compliance with paper handling. The FATF explicitly endorses reliable digital identity verification, provided it is risk-based, well-governed, and auditable. The emphasis is on evidence, not medium.
Swiss industry guidance follows the same logic. The Swiss Bankers Association recognizes non-face-to-face onboarding and digital identification methods when appropriate safeguards are in place. What matters is whether the firm can prove that identity was verified according to policy and risk profile.
In this context, passport photocopies are tolerated as a legacy method. They are not a regulatory benchmark.
riskyWhere Firms Actually Fail: Evidence, Not Intent
Most onboarding-related audit findings do not stem from bad actors. They stem from incomplete or unverifiable records. Auditors typically ask how identity was verified, whether the process matched the firm’s AML policy at the time, and whether verification occurred before onboarding was completed.
Photocopy-based processes often require verbal explanations or reconstructed timelines to answer these questions. That is a weak position for a regulated firm, particularly when operating cross-border or managing higher-risk client profiles.
This is not a technology gap. It is an evidentiary one.
How Instant Secure Verification Changes the Risk Equation
Instant secure identity verification replaces document handling with documented outcomes. Instead of storing copies, firms retain time-stamped verification records that show when identity was confirmed, under which method, and by whom. These records are identity-bound, tamper-evident, and audit-ready.
For SME EAMs and trustees, the benefit is not innovation for its own sake. It is the ability to reduce onboarding costs while strengthening risk mitigation. Manual effort decreases, re-work declines, and compliance teams spend less time reconstructing past decisions.
Crucially, onboarding cost is incurred before management fees accrue. Reducing friction at this stage directly improves the economics of new client acquisition without compromising standards.
.png)
A Hypothesis Worth Testing
The central question is straightforward: how much internal time, cost, and residual risk does passport photocopying actually create per new client?
This article is part of a short validation effort aimed at Swiss EAMs, portfolio managers, and trustees. If the friction and exposure are material, then replacing photocopies with secure, instant verification is not a technology upgrade. It is a risky decision.
Why This Can Be Tested in Isolation
This onboarding approach is intentionally modular. Firms can evaluate it independently, without adopting broader messaging, vault, or record-management systems. If it reduces onboarding friction and audit exposure on its own, it justifies adoption on its own.
This is not about selling software.
It is about removing a fragile control that no longer serves its original purpose.
