M&A in a regulated environment: navigating Swiss sectoral controls, foreign investment scrutiny and transaction execution

Peter Ruggle

Ruggle Partner, Zürich and Luzern

peter.ruggle@rugglepartner.ch

Introduction

Switzerland’s mergers and acquisitions (M&A) market is disproportionately large relative to its economy, anchored by globally significant pharmaceutical, financial services, commodities and precision engineering clusters and a deep base of family-owned mid-market companies entering generational transitions. Share deals predominate, typically through special purpose vehicle (SPV) acquirers; asset deals are used where regulatory perimeters, employment portability under Article 333 of the Swiss Code of Obligations (CO) or tax considerations work against the use of share transfers; mergers, demergers, transformations and transfers of assets under the Merger Act serve intra-group reorganisations and closing-day steps. Public M&A on the SIX Swiss Exchange is modest in terms of volume, but high profile.

For the present purposes, a ‘regulated environment’ is one in which the target's ability to operate depends on a public law authorisation, supervisory consent or a notification regime distinct from generally applicable corporate, tax and competition law. The category extends well beyond financial services to medicinal products and devices, hospitals, telecommunications, electricity, gas, broadcasting and gambling, together with critical infrastructure designations and sector-specific data obligations. Federal supremacy in most sectors coexists with cantonal authority in healthcare, certain utilities and land use. The cantonal layer is frequently underestimated by international counsel. Corporate, competition and sectoral rules interact rather than operate in silos. A change of control in a Swiss bank simultaneously engages corporate formalities, merger control, the Swiss Financial Market Supervisory Authority’s (FINMA) qualified participation review and, cross-border, the acquirer’s home-jurisdiction foreign investment law, so the applicable sequencing and conditionality must be drafted accordingly. A defining operational advantage is Switzerland’s pre-notification culture. FINMA, the Swiss Competition Commission (ComCo), the Swiss Agency for Therapeutic Products (Swissmedic), the Federal Office of Communications (OFCOM), the Federal Electricity Commission (ElCom) and the cantonal authorities accept early, confidential approaches, so ambiguity is resolved upstream of signing rather than litigated downstream.

The regulatory framework governing M&A transactions

General corporate and transaction law

The CO governs share and asset purchases and the law of the stock corporation (AG), limited liability company (GmbH) and partnerships.[1] The statutory warranty under Article 197 of the CO addresses the object sold and not the underlying business, so Swiss practice relies on contractually agreed warranty catalogues rather than statutory defaults. The Merger Act provides a toolkit for mergers, demergers, transformations and transfers of assets and liabilities (Vermögensübertragung).[2] The transfer of assets is particularly valuable in regulated settings, permitting the transfer of an inventoried set of assets and liabilities by a single Commercial Register entry, while preserving employment continuity under Article 333 of the CO. Reorganisations are tax neutral if continued Swiss tax liability and the going concern persist. A failure triggers retroactive taxation at fair market value.

Competition/merger control

The Cartel Act, administered by ComCo, requires notification where, in the preceding financial year, the undertakings concerned achieved combined worldwide turnover of at least CHF 2bn or Swiss turnover of CHF 500m, with at least two each reaching CHF 100m in Switzerland.[3] The current substantive test, the creation or strengthening of dominance capable of eliminating competition, is stricter than the EU’s SIEC standard, but has yielded only a few prohibitions. The Federal Council’s 2023 Dispatch proposes adopting the SIEC test, which will materially increase the number of transactions exposed to substantive interventions.[4] A phase I review takes one month; a phase II review takes an extra four weeks. The standstill obligation prohibits implementation, not signing. A failure to notify and gun-jumping penalties reach up to ten per cent of the company’s aggregate Swiss turnover. For private equity acquirers, thresholds are computed across the entire portfolio under common control.

Foreign investment controls

Historically Switzerland did not operate a general screening regime. Parliament adopted the Investment Screening Act in late 2023, introducing a sector-specific, state-investor-focused regime administered by the State Secretariat for Economic Affairs (SECO).[5] It is materially narrower than the EU framework, targeting the acquisitions of Swiss undertakings in defence, critical infrastructure and certain critical technologies by acquirers under direct or indirect foreign-state control. Privately controlled acquirers fall outside of the scope of the rules, subject to anti-circumvention provisions. Even before its entry into force, transactions involving state-controlled acquirers in sensitive areas attracted heightened informal federal scrutiny. Once operational, the regime must be built into the relevant documents as a Swiss foreign direct investment (FDI) condition precedent, alongside the existing EU and US filings.

Anti-money laundering (AML) and sanctions

AML compliance is a transversal layer, governed by the Anti-Money Laundering Act and administered by FINMA and certain self-regulatory organisations, with beneficial ownership identification set at a 25 per cent threshold.[6] Sanctions compliance under the Embargo Act, with SECO maintaining the consolidated lists, has become a standard workstream since the introduction of the 2022–2025 Russia-related sanctions packages. Warranty suites now routinely address the sanctions status of the target and its officers, beneficial owners and material counterparties.

Sector-specific regulatory regimes

Financial services and banking

FINMA authorisation is required to operate a bank, securities company, fund manager, portfolio manager, trustee, insurer or financial market infrastructure. The change-of-control regime turns on the qualified participation: any direct or indirect acquisition or disposal reaching ten, 20, 33 or 50 per cent of the capital or voting rights, or otherwise permitting significant influence, must be notified to FINMA before implementation.[7] The fit-and-proper test (Gewähr für eine einwandfreie Geschäftstätigkeit) applies to the participant and senior management, assessed holistically in terms of their integrity, reputation, qualification and financial soundness. The March 2023 emergency resolution issued in relation to Credit Suisse and its acquisition by UBS prompted the ‘too-big-to-fail’ (TBTF) reform package, which is now before parliament. Insurance transactions follow a parallel Swiss Insurance Supervision Act (ISA)/ (Versicherungsaufsichtsgesetz or VAG) regime; fund managers, asset managers and trustees navigate Financial Institutions Act (FinIA) authorisation and Financial Services Act (FinSA) conduct rules; collective schemes are governed by the Collective Investment Schemes Act (CISA).

Healthcare and life sciences

Manufacturing, wholesaling, import and export of medicinal products require Swissmedic authorisation under the Therapeutic Products Act. A change of legal personality typically requires re-authorisation, whereas a change of ultimate ownership may be addressed through a notification.[8] Hospital transactions intersect with cantonal regulation: inclusion on the cantonal hospital list under the Health Insurance Act is the basis for billing mandatory insurance, so acquirers must engage cantonal health departments early and condition deals on its maintenance. Health data is treated as ‘particularly sensitive personal data’ under the revised Data Protection Act, making patient data due diligence a standard workstream.

Telecommunications and infrastructure

Service providers must adhere to notification obligations under the Telecommunications Act, administered by OFCOM; radio spectrum concessions, awarded by the Federal Communications Commission (ComCom), require regulatory consent to conduct a transfer, so acquirers must coordinate corporate control changes with concession continuity. From 2025, the Information Security Act mandates the reporting of cyberattacks on critical infrastructure operators, enforced by the National Cyber Security Centre (NCSC/Bundesamt für Cybersicherheit or BACS), which acquirers must reflect in the relevant integration planning and pre-closing covenants.

Energy and utilities

The Electricity Supply Act (Bundesgesetz über die Stromversorgung (Stromversorgungsgesetz or StromVG)) imposes legal and informational unbundling obligations on grid operators and requires concessions whose transfer needs cantonal or communal approval and frequently carries change-of-control covenants. Public ownership is structural: many distribution grids and generation assets are canton or commune owned, so private investment arises through minority stakes, joint ventures or public–private partnerships. Energy transition policy, the 2023 Climate Protection Act and the revisions to the Energy Act, are accelerating ESG-driven acquisitions of renewables and district heating businesses.

Media, technology and data-driven businesses

The revised Data Protection Act, in force since 1 September 2023, aligns Swiss law with the EU’s General Data Protection Regulation (GDPR) in most material respects, while preserving certain Swiss specificities.[9] Acquirers of Fintech, healthtech and artificial intelligence (AI) platforms must conduct GDPR-equivalent due diligence on information duties, breach notification protocols, processor agreements and cross-border data transfer bases. Cybersecurity diligence is now a standalone workstream, and the FINMA Circular 2018/3 on outsourcing requires verification that the target’s arrangements satisfy the relevant supervisory expectations and will survive the change of control.

Transaction process and execution

Regulatory due diligence

Regulatory due diligence is a discrete workstream: verify the target’s full regulatory perimeter (licences, authorisations, registrations, concessions, notifications); confirm compliance with the substantive obligations attached to each; map the enforcement history; and identify any regulatory event that could impair the value of the transaction between signing and closing. Review is granular. For a bank, the review extends to secondary authorisations, internal model approvals and instruments counted as regulatory capital. For a healthcare target, the review extends to each site’s Swissmedic authorisation, good marketing practice (GMP)/good distribution practice (GDP) certifications and product marketing authorisations.

Structuring considerations

Conditionality reflects the regulatory matrix: ComCo clearance, FINMA non-objection to the qualified participation change, sectoral consents, acquirer-side FDI clearances and the forthcoming Swiss ISA, alongside a material adverse change condition, with the relevant interacting approvals carefully sequenced. Interim operating covenants must keep the target prudently managed without crossing into gun jumping. Regulatory risk allocation is a recurring negotiation: best efforts versus reasonable efforts standards, divestiture undertakings, termination triggers and, increasingly, reverse break fees in larger deals, although hell-or-high-water clauses are not the Swiss market standard.

Regulatory approvals and timelines

Nearly every regulated Swiss transaction requires multijurisdictional coordination, with the gating filing being the critical path. Indicatively, a ComCo phase I review takes one month, a phase II review takes a further four months; a FINMA qualified participation review takes six to 12 weeks for non-controversial cases; Swissmedic and cantonal authorisation takes three to six months; and the forthcoming ISA review will take one to three months. Pre-filing dialogue does not start the statutory clock, but materially reduces the risk of mid-review escalation.

Public M&A considerations

Public takeovers of SIX-listed targets are governed by the Financial Market Infrastructure Act and the Takeover Board’s ordinances.[10] The mandatory offer triggers on exceeding 33⅓ per cent of voting rights, at a price no lower than the 60-day volume-weighted average market price and the highest price paid in the preceding 12 months. A company’s articles of association may provide an opt-out or an opt-up to 49 per cent. Shareholding disclosure thresholds run from three per cent upwards. Break fees must remain compatible with directors’ fiduciary duties and conditions compatible with Takeover Board practice, which restricts subjective conditions.

ESG, sustainability and governance trends

ESG has moved from soft positioning to being a substantive deal driver: acquirers transact to acquire low-carbon assets and transition capabilities, while sellers divest carbon-intensive or politically exposed activities. Non-financial reporting under Articles 964a et seq. of the CO applies to large public interest entities, with conflict minerals and child labour due diligence obligations set out in Articles 964j et seq. of the CO and climate disclosures under the 2022 Task Force on Climate-related Financial Disclosures (TCFD)-aligned Ordinance.[11] ESG representations and warranties have entered standard share purchase agreement (SPA) practice, with warranty and indemnity cover increasingly available subject to ESG-specific exclusions, and interim covenants addressing the maintenance of ESG policies and the notification of material controversies.

Key practical risks and pitfalls

Recurring failure modes include underestimating approval timelines, since statutory clocks start only on formally complete applications and fit and proper and beneficial owner documentation takes time to assemble; unclear allocation of regulatory risk where best-efforts language is not anchored to defined remedies and a clear termination trigger; change-of-control clauses buried in commercial, financing, IT, outsourcing and concession contracts; Lex Koller surprises, where even minority real estate holdings outside the operational perimeter can trigger notification or approval obligations; supervised integration, since FINMA, Swissmedic, OFCOM and ElCom expect continuity of regulated activity and control functions; and data protection and cybersecurity exposure, where post-closing incidents have triggered both warranty claims and supervisory escalation.

Recent market trends and notable developments

Five trends define the current landscape: increased scrutiny of critical infrastructure investments, tightening informally at the federal level even ahead of the ISA; sustained healthcare and life sciences activity through carve-outs from large pharmaceutical groups, medtech consolidation and private equity buy-and-build platforms; cross-border private equity activity in family business succession and secondary buyouts, under more conservative debt multiples than in 2020–2022; digitalisation and AI acquisitions, raising data protection and emerging AI governance questions (FINMA Guidance 03/2024); and the evolving foreign investment debate, where broader sector coverage or lower thresholds cannot be excluded if geopolitical conditions deteriorate.

Future outlook

Three vectors will dominate the coming five years. Regulatory developments: the SIEC reform of the Cartel Act, the ISA’s entry into force and recalibration, the post-Credit Suisse TBTF package and continuing alignment of Swiss data protection and sustainability rules with EU frameworks will lengthen lead times for deals with material regulatory exposure. Geopolitics, neutrality, sanctions alignment and participation in standard setting will keep structural friction high for acquirers with a sensitive parent–jurisdiction nexus. Convergence with EU approaches will continue where it serves Swiss financial centre access, so developments such as the Digital Operational Resilience Act (DORA), the Markets in Crypto-Assets Regulation (MiCA), the AI Act and the FDI-screening recast are leading indicators for the Swiss agenda. The Bilateral III negotiations between the EU and Switzerland, if concluded, may accelerate it.

Conclusion

Switzerland offers a stable, predictable and sophisticated environment for M&A in regulated industries. Its strengths, namely institutional independence, a pre-notification culture, technocratic regulators and civil law clarity, remain decisive for cross-border execution. Its pressure points, namely narrower merger control discretion under a forthcoming SIEC test, a new foreign investment screening regime, the post-Credit Suisse rebuilding of TBTF supervision and steady ESG and data protection layering, demand disciplined planning. Three recommendations crystallise: engage Swiss regulators early and confidentially, as pre-notification dialogue is the single most efficient instrument for de-risking the timing and structuring of a transaction; build the conditionality and risk allocation architecture of the SPA around the full regulatory matrix, not the merger control axis alone; and treat post-closing integration as a regulated process in its own right. Swiss regulated M&A will not become routine, but for counsel willing to invest in the regulatory architecture it remains one of the most rewarding and predictable environments in Europe in which to execute complex transactions.

Annex A — key Swiss regulatory authorities

Annex B — indicative transaction timeline

• T-90 to T-30: regulatory mapping and pre-notification contacts with relevant authorities (FINMA, ComCo, Swissmedic, OFCOM, ElCom, SECO).

• T-0 to signing: SPA executed; announcement and ad hoc disclosure if SIX listed; commencement of statutory clocks.

• T+1 to T+30: ComCo phase I notification; FINMA qualified participation notification; sectoral and ISA filings; acquirer jurisdiction FDI filings.

• T+30 to T+120: phase II (if opened); FINMA fit-and-proper assessment; sectoral consultations; remedies where required.

• T+90 to T+150 to closing: conditions satisfied; Commercial Register filings; payment of consideration.

• T+1 day to T+12 months to integration: supervisory continuity reporting; governance changes; satisfaction of any accepted commitments.