The most effective early warning system for many Swiss SMEs has long been at the table: the insurance broker. However, instead of recognizing risks early on, they are often only involved when it is too late and becomes expensive .
Imagine you are driving your car in fog. No helpful instruments. No warning display. No GPS.
You are confident because you know the road. Because you have driven it hundreds of times.
This is not a parable about the weather. This is the reality in thousands of Swiss SMEs today.
The CEO knows his company. He knows his customers, his figures, his products. But he doesn’t know what happens if he delegates incorrectly. If his GmbH is no longer protected, even though he thought it was. Or if he didn’t know something he should have known.
It is at these moments that personal liability begins.
The GmbH or AG is not a protective shield, it is a piece of paper
Many entrepreneurs in Switzerland believe that the legal form of their company is a protective shield. The GmbH protects me. The AG protects me. In the worst case, I simply dissolve it.
This belief is wrong.
The Swiss Code of Obligations, in this case Art. 754 CO, says something different: whoever actively manages the company is personally liable. Not the company. The person with the private assets.
The home. The savings account. The pension plan. The watch or car collection.
The legal form limits liability in normal business life. But as soon as someone neglects their duties through inactivity, ignorance or lack of documentation, this protection ceases to apply. The legislator calls this a “breach of duty”.
Those who don’t know this usually find out when it’s too late and becomes expensive. Money and a good reputation. Up and away.
The law knows no excuse – not even ignorance
There is an old legal principle that is as simple as it is merciless:
“Ignorance is no defense against punishment.”
This is specified in the Swiss Criminal Code in Art. 21 StGB. A manager who does not know what he or she should know will nevertheless be held accountable. Lack of experience is not an argument. Too little time is not an argument. “Nobody told me that” is not an argument. “I assumed that everything was covered by the contract” is not an argument.
A CEO must actively gather information. He must create structures. He must document that he has led. Not just that he was there.
Under civil law, the situation is even more direct: Anyone who mismanages employees, who ignores data protection rules, for example, or who fails to act in good time in the event of imminent over-indebtedness, is liable. Personally. With everything he has.
The law does not ask whether you knew. It asks whether you could have known.
The protective shield that hardly anyone opens
There is a rule in Swiss law that can protect CEOs if they know it and apply it correctly. The “Business Judgment Rule.”
Imagine an umbrella. It protects you, but only if you open it. What happens if the umbrella is not opened? That’s right, you get wet.
The idea behind the Business Judgment Rule is fair: entrepreneurial action always carries a risk. Decisions can look wrong in hindsight, even though they were sensible at the time. That’s why courts say: We don’t review whether the decision was wise. We examine how it was made. In short: What was the basis for the decision?
And this is where the protection lies. Three conditions must be met:
Firstly, the decision must be based on real, sufficient information.
Secondly, there must be no personal conflict of interest.
Thirdly, the manager must have acted honestly in the interests of the company.
Quite simple, isn’t it? Anyone who can prove these three points is protected. Even if the decision was wrong. Even if money was lost.
The problem, however, is that most CEOs in Swiss SMEs do not carry out external risk assessments. They have no documentation of the basis for their decisions. They have not consulted anyone who could have provided an independent assessment. These are blind spots at the highest corporate level.
Smoke detectors, not fire extinguishers. Can the broker do that?
Now the insurance broker comes into play. And with it the biggest misunderstanding in the industry.
Most SMEs use their broker like a fire extinguisher: it hangs on the wall, you’re glad it’s there and you hope you’ll never need it. Once a year, someone comes by, checks the pressure and then it’s good again.
This is the wrong role. The expensive part… in hindsight.
A modern, good estate agent is not a fire extinguisher. He is the smoke detector. He notices before there is a fire. He sees that the cabling on the second floor has been sparking for some time. He knows from industry data that companies of this size are unable to produce for an average of 23 days after a cyber attack. He calculates what this means in concrete terms for this company.
From the field: A customer shared his experiences during an audit. A mechanical engineering company invests in new production facilities. Production capacity increases by 30 percent. No problem. Except that no one had adjusted the insurance cover. Loss event. Around two thirds of the new production facilities were destroyed in a fire. The company was massively underinsured. The loss remained with the owner. Personally.
The broker, who carries out regular risk assessments, would have discovered this before the claim, addressed the issue, pointed it out and received a decision for or against an adjustment to the insurance cover.
The difference between prevention and reaction is often a single conversation.
The cockpit: when five numbers change everything
Together with the VZ (VermögensZentrum), the Lucerne University of Applied Sciences and Arts has investigated how Swiss SMEs should structure their risk management. The result is surprisingly simple.
It doesn’t need an expensive system. No staff unit. No external consulting firm for six months.
We need an overview, a risk cockpit.
The principle is familiar from any airplane: the pilot does not need to know everything. But he must keep an eye on the five to ten most critical instruments. The ones that tell him whether the aircraft is flying in the right corridor. Whether corrections need to be made or where there could be problems.
For an SME, this means: Which five to ten risks could bring this company into an existential crisis? How much does a cyber attack cost in concrete terms? Not as an estimate, but as a calculated figure? What happens to cash flow if the largest supplier is out of business for three months? What are the consequences of a data protection breach under the Data Protection Act(DPA)?
The broker calculates these figures. He translates abstract risks into concrete amounts in Swiss francs. This makes the risk less frightening. Not because it disappears, but because you know what you need to prepare for.
Simulation games or scenarios help to play out “what if”.
The cockpit has a second function that is often overlooked: It is proof. Documented proof that the management has managed the company systematically and responsibly. Exactly what a court wants to see when examining the requirements of the Business Judgment Rule.
Five numbers can save your private assets in an emergency.
How does the broker actively bring the topic into the customer dialog?
Many brokers wait until the customer has a problem. Then they solve it. But the old days are over. Longer-lasting and new small and large global crises are present.
The good, strong brokers don’t wait. They bring the issue to the table themselves. Even if no damage has occurred. Especially then.
It starts with a simple question: “Do you know what you are personally liable for?”
Not as a threat. As an introduction to a conversation that most CEOs have never had. Because they don’t know their blind spots.
What follows is not a product discussion. It is a governance discussion. The broker explains what Art. 716a, Art. 717 or Art. 961c of the Swiss Code of Obligations (CO) means, without using legalese. He shows which duties cannot be delegated.
He asks whether there is a documented risk management system. Whether the Board of Directors has carried out a formal annual risk assessment. Whether D&O insurance is in place and whether the compliance structures are sufficient. This in order to remain insurable.
Now this broker is no longer perceived as a policy seller. He is seen as a sparring partner. As someone who knows what is at stake.
That is the difference between a supplier and a partner.
In addition, the broker brings knowledge about new regulations into the dialog. Have you heard of them? The EU Deforestation Regulation (EUDR) – yes, it really exists. Betrifft Schweizer Unternehmen, die mit Holz, Rindern oder Kaffee handeln?
The Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG ) has an indirect effect on anyone who is active in German or EU supply chains. Which also affects some Swiss companies.
The Data Protection Act (DPA) places new requirements on anyone who processes customer data. The EU AI Act is also leaving its mark. These are no longer marginal issues. Entrepreneurship no longer stops at the national border. This is part of everyday life for thousands of Swiss SMEs. Many are still closing their eyes. But the pressure, the question of monetization, is increasing.
Costs without benefits – or benefits without costs?
Now to the question that always resonates in the background: What does it all cost?
The honest answer: it depends on how you do the math.
There are various remuneration models:
Commission-based: The costs are included in the premium, no direct additional burden, but transparency about the interest situation is limited.
Fee-based: Direct hourly rate or flat fee, full independence, but a visible investment.
Service fee: An ongoing fee based on the volume managed, which ensures continuous support.
None of these variants is right or wrong per se. The decisive question is a different one: What is the cost if the broker does not bring the issue of due diligence to the table?
A single avoided liability claim exceeds years of consultancy fees. A single unreported coverage shortfall can plunge the company into an existential crisis. A single regulatory change that is not recognized in time can lead to a fine that exceeds all investments in prevention many times over.
The true comparison is not “cost of advice” versus “no advice”. The true comparison is: what does professional guidance cost, and what does the lack of it cost?
Governance is not an expense. It is a reinsurance policy for private assets. A strong component of due diligence.
In the end, it’s like in the circus, with the acrobats on the tightrope. The net has to be taut in case you fall!
There is a simple truth behind all this:
The CEO who uses his broker as a strategic partner has an early warning system. He has a documented basis for decision-making. He can prove that he has led in a structured, informed and careful manner. He has the protective shield in place. He uses the Business Judgment Rule.
The CEO, who treats his broker as a policy salesman, has a premium bill.
Both pay. But only one is protected.
There are around 600,000 SMEs in Switzerland. Most of them are well managed. However, most of them do not have a risk cockpit. No documented compliance system. No broker who regularly checks the gaps in cover. No external sparring partner who says what no employee is allowed to say.
The storm does not always come with notice.
The net must be taut before you fall – not during.
Judgments on the subject: BGer 4A_74/2012 of June 18, 2012 – reference to Art. 754 CO OR BGE 132 III 564 of June 27, 2006 – reference to Art. 725, 754 and 759 CO (duty of care, formation of commission, causal connection, joint and several liability).
How do you turn governance, risk and compliance from a cost driver into a competitive advantage? Let’s talk about the operational “how”.
TURNING REGULATION INTO VALUE!
Thomas Schubert, solexa.ch
Mr. #DeedsCountMore
Thomas Schubert: Mr. #DeedsCountMore. Senior GRC & Transformation Leader with over 20 years of practical experience at the interface between subject / specialist areas and IT, for banks, insurance companies and SMEs. National and international: Switzerland, Germany, UK, Italy, Spain, India. What he does differently: He translates regulation and compliance issues into decision-making power. His work leads to measurable results: Cost savings through optimized governance processes, risk reduction through operational, pragmatic compliance structures, KYS, stronger negotiating position through regulatory clarity, successful change not on paper but in the organization.
Thomas Schubert is not a GRC alarmist. He is a sparring partner for anyone who sees regulation for what it is: the strongest strategic lever that you are not yet using. As an ISO standards auditor for QMS 9001, ISMS 27001 and CMS 37301, he is also familiar with the audit side and knows what is important.
Read also: Who is really behind your insurance?
Search:
Sponsors:
