Banking Regulation 2022

Last Updated September 22, 2021


Law and Practice


Advokatfirman Hammarskiöld & Co AB is a leading Swedish business law firm and has developed a strong and recognised position in the banking and finance practice area. It represents a wide range of national and international clients in the financial industry. The practice covers all of the traditional and recently developed areas of banking and financing, such as asset finance, aircraft finance, secured and syndicated loan transactions and guarantees, as well as acquisition finance and bond issues. The firm is especially known for its financial regulatory practice, with notable expertise within all relevant areas of financial regulation, including credit institutions, investment firms, fund managers and payment institutions. Hammarskiöld handles regulatory compliance investigations and provides strategic regulatory advice to senior management in financial institutions. The firm is also experienced in handling matters with the Swedish Financial Supervisory Authority, including authorisations, market regulations, sanctions and anti-money laundering requirements. The banking and finance team consists of three partners, two senior associates and five associates.

Key Laws and Regulations

As Sweden is an EU Member State, Swedish banks are subject to laws and regulations on an EU level and a national level. Consequently, Swedish banks are subject to national laws implementing the Capital Requirements Directive (2013/36/EU) (the CRD) (as amended by Directive 2019/878/EU – CRD V) and directly subject to the Capital Requirements Regulation (EU No 575/2013/EU – the CRR) (as amended by Regulation 2019/876/EU – CRR II), which are the two key European legislative acts that govern the Swedish banking sector.

On a national level, Sweden has implemented the CRD through the Banking and Financing Business Act (2004:297) (the BFA). The CRR is directly applicable in Sweden but has been complemented with certain Swedish rules, including the Credit Institutions’ and Investment Firms’ (Special Supervision) Act (2014:968) (the Special Supervision Act) and the Capital Buffers Act (2014:966) (the CBA). These acts set out general prudential and organisational requirements with which Swedish credit institutions (including banks) must comply. For banks that are limited liability companies, the general Swedish Companies Act (2005:551) (the Companies Act) is also an important piece of legislation that has an implication on the corporate governance of Swedish banks.

Banks that provide investment services are subject to the Securities Market Act (2007:528), implementing MiFID 2 (2014/65/EU). Other key legislation containing requirements in relation to specific financial services includes the Payment Services Act (2010:751) implementing PSD2 (EU) 2015/2366, and the Consumer Credit Act (2010:1846), regulating consumers' rights in relation to credits offered to consumers.

Swedish banks are subject to the Anti-Money Laundering and Terrorist Financing Act (2017:630) (the AMLA), implementing the AML Directive (EU) 2015/849, which stipulates requirements in relation to the prevention of money laundering and terrorist financing.

In relation to depositor protection and the crisis management of banks, the key legislation is the Deposit Guarantee Act (1995:1571) (the DGA) (providing for the Swedish deposit guarantee scheme) and the Resolution Act (2015:1016) implementing the Banking Recovery and Resolution Directive 2014/59/EU.

Swedish laws are supplemented by regulations (mandatory rules) and guidelines (comply or explain principle) issued by the Swedish regulator and the financial supervisory authority, the Swedish Financial Supervisory Authority (Finansinspektionen – the SFSA). Furthermore, the guidelines of the European Banking Authority (EBA) generally apply to Swedish banks, either directly through confirmation by the SFSA or as further implemented by SFSA regulations or guidelines. Upon confirmation by the SFSA, EBA guidelines have the same legal status as the SFSA guidelines.

Regulatory Authorities

The SFSA is the primary regulator in the financial sector and is responsible for the authorisation and supervision of Swedish banks. The SFSA’s objective is to ensure stable financial systems by promoting confidence, well-functioning markets and a high level of consumer protection.

The Swedish National Debt Office (Riksgälden) is responsible for the resolution of banks and the national deposit guarantee scheme. The central bank of Sweden (Riksbanken) acts as a lender of last resort but does not have any supervisory function in relation to banks.

Other relevant regulatory authorities include the Swedish Authority for Privacy Protection (Integritetsmyndigheten), which supervises compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), and the Consumer Agency (Konsumentverket), which has certain supervisory powers regarding the marketing of consumer credits and disclosure requirements in relation thereto.

Although a member of the EU, Sweden does not participate in the European banking union and the institutional frameworks referred to as the “Single Supervisory Mechanism” and the “Single Resolution Mechanism” (the SRM). Therefore, the European Central Bank does not have any direct authority in relation to the licensing and supervision of Swedish banks.

Types of Licences and Activities Covered

The BFA regulates Swedish licence requirements that apply to activities carried out by credit institutions. There are two regulated activities in this regard.

The first activity is “banking business” (bankrörelse), which captures undertakings that participate in the processing of payments through general payment systems and receive money from the public on their own account, which after termination is available to the creditor within a maximum of 30 days. The second activity is “financing business” (finansieringsrörelse), which refers to undertakings that take up deposits and other repayable funds from the public and grant credits for their own account. Companies that are licensed to carry out financing business are referred to in the BFA as credit market institutions.

Conceptually, Swedish banks and credit market institutions are both “credit institutions” within the meaning of the CRD, so may provide every sort of financial service listed in Annex 1 of the CRD. However, institutions that carry out financing business are traditionally less complex than banks, but are in essence subject to the same regulatory requirements as banks. For the purposes of the descriptions below and unless specifically set out below, the word “bank” will be used when describing regulatory requirements applicable to credit institutions in Sweden.

Other Financial Services

Business that includes only limited financial services, such as residential credits, consumer credits and payment services but not deposit-taking, is also regulated and subject to licence requirements under separate legal frameworks.

Foreign Banks

Banks authorised in other European Economic Area (EEA) Member States (including the EU) may provide banking services in Sweden without obtaining a separate licence from the SFSA. These banks may start to operate in Sweden on a cross-border basis or by establishing a branch office by notifying their home state authority, which will in turn notify the SFSA. Third-country banks will need to apply for authorisation in Sweden through establishment in Sweden, and may not provide cross-border services into Sweden.

Third-country banks (ie, non-EEA banks) with at least two subsidiaries within the EEA that are institutions have to establish an intermediate parent undertaking within the EEA if the group’s total assets within the EEA amount to EUR40 billion.

Conditions for Authorisation

In order to obtain a banking licence, an applicant must file a comprehensive application to show that it will meet the conditions for authorisation, including that:

  • the articles of association comply with the BFA and other relevant legislation;
  • there is reason to assume that the business will be conducted in accordance with the BFA and other applicable legislation;
  • owners of qualifying holdings are deemed suitable to exercise significant influence over the undertaking; and
  • members of the board of directors (the board) and senior executives possess the insight, competence and experience necessary to manage a bank.

Furthermore, a bank must have a starting capital corresponding to at least EUR5 million at the time of commencing business once the application has been approved.

The Application Process

Applications are submitted to the SFSA, which will decide whether the conditions for authorisation are fulfilled. Applicants pay a fee to the SFSA in conjunction with the application, currently SEK850,000.

The application must include information on how the undertaking will fulfil and comply with legal, organisational and prudential requirements, including comprehensive and detailed descriptions of the undertaking’s internal rules, procedures and methods with respect to internal governance and risk management.

Documents that must be provided in the application include a detailed business plan, annual reports, capital and liquidity assessments and a wide range of required internal policies, as further described under 4.1 Corporate Governance Requirements. The applicant must also submit information about the owners, management and senior executives for the purpose of the SFSA’s assessment with respect to the criteria described under 3.1 Requirements for Acquiring or Increasing Control over a Bank and 4.2 Registration and Oversight of Senior Management.

The SFSA’s Assessment

As a formal rule, the SFSA should make its decision to grant or refuse a licence within six months of receiving a formally complete application. As the SFSA usually requests complementary information during the evaluation period, a timeline of 12–18 months from the date an application is filed can be expected. The undertaking must then commence its business operations within a year of the application being granted.

During the evaluation period, the SFSA will communicate with the applicant on an ongoing basis – for example, in order to request complementary information. In general, it is advisable to have regular informal contact with the SFSA’s case handler in order to check on the status of the application.

Recent Developments

As a rule, the application must show that the undertaking will be able to fulfil all of the criteria described in the previous sections as soon as the business operations commence. In recent years, the SFSA has increasingly focused not only on whether the conditions for authorisation are formally fulfilled but also on whether the applicant has a credible and viable strategy and business model, which will allow the applicant to generate returns on a long-term basis.

In the past four to five years, the SFSA has only granted licences to a handful of applicants, and many others have either been subject to non-approval or have withdrawn their application following the SFA’s indication that it would not be approved.

For the reasons above and due to the sheer amount of information that must be provided, an application has become a lengthy and costly procedure, which usually requires the involvement of external consultants, such as lawyers with regulatory expertise and capital adequacy experts.

Qualifying Ownership

Any individual or entity acquiring a qualifying holding in a bank must be subject to prior approval and ownership assessment by the SFSA. A qualifying holding is defined as a direct or indirect holding of at least 10% of the capital or the voting rights, or which otherwise makes it possible to exercise significant influence over the bank – eg, through veto rights or representation on the board. An approval must also be obtained if a qualifying holding is increased and reaches or exceeds 20%, 30% or 50% of the capital or the voting rights.

Furthermore, an application should be made if several acquirers act in concert and their aggregate holdings amount to a qualifying holding. When determining whether the acquirers act in concert, consideration should be taken, inter alia, of shareholder agreements and other close ties between the acquirers.

Requirements in Relation to Owners

There are no formal restrictions regarding the categories of persons that may acquire a qualifying holding – eg, in relation to foreign ownership. However, the SFSA will assess whether the acquirer is suitable to own a qualified holding.

An acquisition will be approved only if it does not impede the sound and prudent management of the bank and its ability to conduct business in accordance with applicable legal requirements. In its assessment, the SFSA will consider the following, among other things:

  • the reputation and financial strength of the acquirer;
  • the reputation, competence and experience of the management of the acquirer;
  • the bank’s ability to comply with prudential requirements after the acquisition; and
  • whether the acquisition has a connection to, or increases the risk of, money laundering or terrorist financing.

If the acquisition results in a “close link” between the bank and the owner or an affiliate of the owner, which is assessed based on certain ownership thresholds, it will only be approved if it does not prevent the effective supervision of the bank.

Regulatory Filings

The application for approval is made using standard forms provided by the SFSA. The magnitude of the information that must be provided in the application varies depending on the size of the holding that is acquired, but includes information about the organisational structure of the acquirer (including an ownership chain), the acquirer’s financial situation and the acquirer’s management, as well as business and financing plans.

The SFSA has a handling time of up to 60 working days from the date a formally complete application is filed. During the assessment period, the SFSA may request additional information, in which case the assessment period is suspended.

In order to obtain relevant information about the acquirer, the SFSA will also gather information from other Swedish authorities and, where applicable, foreign authorities.

If the SFSA decides to oppose the proposed transaction, it must inform the proposed acquirer of the decision in writing. The decision may be appealed to the administrative courts of Sweden.

Relevant Legislation and Codes

Key legislation with respect to corporate governance includes the BFA, SFSA regulations and EBA guidelines. For banks that are limited companies, the Companies Act is essential. Furthermore, the Swedish Bankers’ Association publishes recommendations, which banks generally follow. Banks that are listed on stock exchanges must comply with the relevant stock exchange rules and with the Swedish Code of Corporate Governance, which is an industry code for listed companies.

General Corporate Governance

From a general perspective, the Companies Act stipulates that Swedish companies must have three decision-making bodies: the shareholders’ meeting, the board and the managing director (in hierarchical order). Companies are also required to have an external auditor, which is appointed by the shareholders’ meeting.

The board has the ultimate responsibility for the organisation of a company and the management of its affairs. The managing director is responsible for the day-to-day management. The board is required to define and distinguish the duties of the board and the managing director.

In a banking regulatory context, the board is ultimately responsible for the bank’s internal governance, its financial situation and its legal compliance. The managing director of a bank is responsible for managing the bank in accordance with the board’s instructions.

Control Functions in Banks

Banks are required to have independent control functions for risk control, compliance and internal audit. These functions monitor and control the bank’s operations to ensure that risks are properly managed and legal requirements are met. As a general rule, the functions must be organisationally separated from the business operations and each other.

Banks must adopt internal rules for the control functions, stipulating their responsibilities, duties and reporting procedures. As a rule, the functions for risk control and compliance will report regularly to the managing director and the board, while the internal audit function reports directly to the board.

Banks are required to provide the control functions with enough resources, and staff in the control functions must have sufficient experience and knowledge to monitor the bank’s operations.

The control functions may be outsourced to external service providers, subject to certain regulatory requirements for outsourcing.

Internal Governance and Control

Banks must adopt an adequate and effective written framework for internal governance and control, which should include clearly defined decision-making processes and allocations of responsibilities as well as specified reporting lines.

The governance and control frameworks should take into account the nature and scope of the bank’s business, but are in general very comprehensive. Areas where written policies, rules and procedures are a statutory requirement include risk management, anti-money laundering and terrorist financing, compliance, IT systems, business continuity, conflicts of interests, remuneration and outsourcing.


Outsourcing arrangements have become increasingly common in Sweden, especially in relation to IT systems and cloud services. In order to ensure that banks maintain control when critical functions or part of the business are outsourced, they must regularly monitor and evaluate the service provider. Critical outsourcing arrangements must be reported to the SFSA.

Continuity management is of the essence in outsourcing arrangements. Banks must ensure that disruptions can be avoided if the external partners fail to provide the services or if the arrangement is terminated. In this regard, it must be possible to transfer the outsourced activities to another service provider or to the bank within a reasonable period upon termination.


Board members in Swedish companies are appointed by the shareholders’ meeting, and the managing director is in turn appointed by the board.

Banks are required to adopt a suitability policy with respect to board members and senior management. The policy should set out rules on the appointment procedure and which requirements the relevant persons must meet.

Banks must ensure that the board as a whole, as well as the individual members, has sufficient experience and knowledge in relevant areas – eg, financial markets, legal requirements, risk management and the managing of financial businesses. The diversity of the board in terms of age, gender and background must also be considered.

Registration with the SFSA

Board members, alternate board members, the managing director and deputy managing directors are subject to suitability assessments by the SFSA. An application for a suitability assessment must be filed when an undertaking applies for authorisation and when there is a change in these positions.

Applications are made by using standard form questionnaires. The application must include a curriculum vitae and information about the person’s employment and ownership in other undertakings and potential conflicts of interest. When new board members are appointed, the application should include an assessment of the new board member and of the board as a whole.

The SFSA has a handling period of up to 60 working days to assess whether the person is suitable based on their knowledge, experience and reputation.


Please see 4.1 Corporate Governance Requirements regarding the roles and duties of the board and the managing director. Failure to perform these duties properly may lead to civil liability under the Companies Act if the bank has suffered damages or losses. It may also lead to disciplinary action from the SFSA in the form of administrative fines or a banning order that prevents the person from acting as a board member or managing director in a bank for three to ten years.

Relevant Legislation

The remuneration practices in banks are mainly regulated by the BFA and SFSA regulations. Banks must also comply with EBA’s guidelines on remuneration. The legal requirements apply to both monetary and non-monetary benefits.

Remuneration Policy

Banks are required to have a written, gender-neutral remuneration policy that must promote sound and effective risk management, may not encourage excessive risk-taking and should include measures to avoid conflicts of interest. Furthermore, the policy should align with the bank’s strategy, risk appetite, values and long-term interests.

Risk Analysis

Banks are required to carry out an annual analysis in order to identify categories of staff whose professional activities have a material impact on the risk profile of the bank (“risk-takers”). Risk-takers will include senior executives, staff in control functions and staff whose remuneration exceeds certain thresholds. Special rules will apply to the remuneration paid to such staff.

Variable Remuneration

A distinction is made between fixed and variable remuneration, and the levels of fixed and variable remuneration must be appropriately balanced. Variable remuneration is subject to special restrictions, including that it must be based on both financial and non-financial as well as risk-adjusted performance criteria. As a rule, guaranteed variable remuneration is not permitted other than during the first year of employment.

For risk-takers, the total variable remuneration must not exceed the total fixed remuneration they receive. Furthermore, at least 40% of their variable remuneration should be deferred and paid out on a pro rata basis over at least four years for general risk-takers, or over at least five years for senior management in larger banks; if the remuneration is particularly high, at least 60% should be deferred. At least 50% of the variable remuneration of risk-takers should consist of shares or other instruments.

The board is responsible for ensuring that the total variable remuneration paid to staff does not limit its ability to maintain or strengthen its capital base. Variable compensation should be able to be withheld or reduced, if the payout could jeopardise the bank’s financial situation, for example.

Review of Remuneration Practices

The board is required to review the remuneration policy and the risk analysis annually, in order to ensure that actual remuneration practices comply with the policy and the legal requirements. Such a review must also be carried out independently by the control functions.


Banks are required to disclose information to the public about their remuneration policy and practices on an annual basis, including information about variable remuneration paid to risk-takers. The SFSA also collects information from all Swedish banks on their remuneration practices on an annual basis.

Consequences of Breaches

If a bank is in breach of the remuneration requirements, the SFSA may order it to amend its remuneration practices. If the breach is serious, a warning may be given or, in a worst case scenario, the bank’s authorisation may be withdrawn. The SFSA may also issue an administrative fine. The board members and the managing director could be subject to the sanctions described under 4.2 Registration and Oversight of Senior Management.

Exemptions from Remuneration Requirements

The requirements to defer variable remuneration and to pay parts of the variable in shares or other instruments do not apply to:

  • banks that are not large institutions (as defined in the CRR) and whose average total assets during each of the last four years have been below EUR5 billion; and
  • employees with an annual variable remuneration below EUR50,000, if their variable remuneration is less than one third of their total annual remuneration.

Sweden has implemented the Anti-Money Laundering Directive (EU) 2015/849 through the AMLA, which prescribes requirements for the prevention of money laundering and terrorist financing that correspond to the requirements set out in the Directive. The requirements can roughly be divided into three main focus areas:

  • general risk assessment;
  • customer due diligence; and
  • monitoring and reporting.

General Risk Assessment

The general risk assessment shall identify how the products and services provided by the bank can be used for money laundering or terrorist financing, and assess the risks associated with money laundering and terrorist financing. In conjunction with the general risk assessment, special consideration shall be given to the types of products and services that are provided, the existing customers and distribution channels, and the existing geographical risk factors. Banks shall conduct a risk assessment of the customers and determine a risk profile for each customer. The customer’s risk profile shall be based on the general risk assessment and the knowledge of the customer. The SFSA has also confirmed to EBA that it will apply EBA's guidelines on money laundering and terrorist financing risk factors (EBA/GL/2021/02). The SFSA has further stated, inter alia, that the legal definition of “customer” has a more extensive interpretation in the AMLA than in the guidelines.

Customer Due Diligence

A bank may not establish or maintain a business relationship, nor carry out an individual transaction, where it lacks sufficient knowledge of the customer. Such knowledge is essential in order to be able to handle the risk associated with the customer and to supervise and assess the customer’s activities and transactions to identify suspicious activities and potential money laundering or terrorist financing.

Necessary customer due diligence measures include:

  • the identification and verification of customers and potential beneficial owners;
  • ascertaining whether the customer or beneficial owner is considered a political exposed person or appears on any sanctions list;
  • obtaining information regarding the purpose and nature of the business relationship;
  • ascertaining whether the customer is established in a country outside of the EEA that has been identified by the European Commission as a high-risk third country; and
  • following up on the information provided.

Simplified or enhanced measures

Depending on the customer’s risk profile, simplified or enhanced measures can be allowed or required. If the risk associated with the customer relationship is determined as being high, the business operator shall carry out particularly comprehensive verifications, assessments and investigations. Such measures include obtaining additional information regarding the purpose and nature of the business relationship or transaction information regarding the origins of the financial resources of the customer and the beneficial owner.

Ongoing Monitoring and Reporting

A business operator shall monitor ongoing business relationships and evaluate individual transactions for the purpose of discovering suspicious activities and transactions. The focus and scope of the monitoring shall be determined based on the general risk assessment and the customer’s risk profile. If there is reasonable cause to suspect money laundering or terrorist financing, information regarding all indicative circumstances shall be reported promptly to the Swedish Police.


The Swedish deposit guarantee scheme (the Scheme) is administered by the Swedish National Debt Office (the NDO). Relevant legislation includes the DGA, the Deposit Guarantee Ordinance (2011:834) and NDO regulations.

The Scheme protects deposits in cases where a due and payable deposit is not repaid by a bank under the applicable legal or contractual deposits, and where the SFSA has determined there are no current prospects of the bank being able to do so, or where the bank has entered into bankruptcy. The Scheme continues to apply if the NDO takes control of a bank in cases of resolution. As of 2021, compensation has been paid out from the Scheme on three separate occasions, for a total amount corresponding to approximately EUR20 million.

"Deposit" in this regard refers to a credit balance in any kind of bank account, such as current accounts and savings accounts, and regardless of whether the deposit is fixed-term or subject to other restrictions.

Deposits Covered

The Scheme covers deposits with Swedish banks as well as branch offices of Swedish banks in other EEA Member States. Upon a bank's application to the NDO, the Scheme may also cover deposits with branch offices outside the EEA. Swedish branch offices of banks authorised in other EEA Member States may also participate in the Scheme upon application to the NDO. In such cases, the Scheme will supplement the cover provided by the depositor guarantee scheme in the home state.

The Scheme covers deposits, including interest, up to the date on which the SFSA makes a determination that there are no prospects of the bank being able to repay, or up to the date bankruptcy is declared.

Deposits from both individuals and legal persons (including the estates of deceased persons) are protected through the Scheme. However, deposits by financial institutions such as banks, investment firms and insurance companies and public and local authorities made on their own behalf are not covered by the Scheme. Funds found to be connected to money laundering or terrorist financing are not protected.


The maximum amount covered by the Scheme is an amount in SEK corresponding to EUR100,000. The amount nominated in SEK is reviewed and decided by the NDO every fifth year, and is currently SEK1,050,000.

Under certain circumstances, the maximum guaranteed amount covered may be raised to SEK5 million. This is the case with respect to deposits resulting from private residential property transactions and deposits related to divorce, dismissals, pensions, redundancy, invalidity or death, as well as insurance payments and compensation from criminal injuries. However, such higher amounts are only protected for a period of 12 months from the date the deposit was made.

The maximum amount applies per person and per bank, which means that a person holding deposits with several banks may receive the maximum amount for each of the banks with which they have made deposits. With respect to joint accounts and client accounts, every individual owner is, as a main rule, entitled to the maximum amount covered.

The protection enjoyed by depositors under the Scheme is not affected if the depositor also has debts with the bank (eg, a mortgage). Debts will therefore not be subtracted from the compensation but are more likely taken over by another bank.

Information Requirements

Banks are required to inform depositors of the Scheme and whether deposits are covered, the maximum amount covered, and how the guarantee will be paid out.

Banks are also required to submit regular information to the NDO on depositors and their deposits. Information about the total amount of guaranteed deposits at the end of each quarter of a year must be reported no later than 24 January the following year.

Funding of the Scheme

Each bank that is covered by the Scheme must pay an annual fee to the NDO, which is based on the total amount of deposits received by the bank during the preceding year. The basic annual fee is 0.1% of the total deposits made during the preceding year, but the individual fee per bank is set by the NDO, with consideration given to risk-adjusting factors.

The fees are placed by the NDO in a designated account administered by the NDO itself, from which compensation to depositors is paid when required. This account is generally considered to be well funded but in the hypothetical case that the funds are insufficient to compensate all depositors, the NDO will borrow money from the government.

The bank secrecy requirements follow from the BFA, although similar requirements are set out in other related legal areas. In the BFA, the bank secrecy requirements are expressed in a way that an individual’s relationship to a bank may not be disclosed to a third party. There are some exceptions to this rule; however, they are not explicitly expressed in law, but rather as instances when a disclosure may be permissible.

The requirements are directed towards the bank as a legal person, but apply to management and all employees. If a bank violates the bank secrecy requirements, it may face administrative penalties and fees. Such a violation is not classified as a criminal offence.

Information Covered by Bank Secrecy

Bank secrecy protects all information that a bank holds on a customer, documented or not, regardless of how the bank has obtained said information. The “individual’s relationship with the bank” that is covered by bank secrecy also includes relationships where an individual has negotiated with the bank regarding a potential customer relationship but for some reason never entered into one.

It should be noted that bank secrecy also covers a guarantor’s relationship to a bank and any other relationship that results in the bank having information regarding the person in question and where there is a legitimate interest in keeping the information secret. Furthermore, bank secrecy does not cease if a customer relationship with the bank in question ends.

Exceptions Permitting Disclosure

Bank secrecy is not absolute and there are situations where information may be disclosed. In some situations, the secrecy constitutes a duty not to spread information regarding the customer. On the other hand, there may be situations that oblige the bank to disclose the information. In addition, there may be situations where the bank is not obliged to, but instead has a right to derogate from the bank secrecy.

One example of disclosure being permitted is when it is necessary in order to fulfil the customer’s instructions. This may include disclosure internally, within the bank and where the bank has a legitimate interest to disclose the information. Such information can only be disclosed to the extent it is deemed necessary – ie, to the departments or to the group of persons where the information is needed in order to fulfil the customer’s instructions.

To conclude, information regarding the bank’s customers is not considered to be general or widely accessible within a bank. If the bank’s employees gain access to customer information when such information is not required by the employee’s duties and tasks, this would constitute a breach of bank secrecy.

A bank can be legally obliged to disclose customer information to authorities, such as the Swedish Tax Authority or the SFSA. Disclosure due to legal obligations is accordingly permissible.

Within a group of companies that includes a bank, there is often interest in having the information transferred within the group for marketing purposes. It can be argued that marketing constitutes a legitimate interest that would authorise the disclosure of customer information within the group, especially when the information is limited to the name and address of the customer and when the customer gets some kind of benefit in return, such as a discount on other services provided by the group.

To conclude, information regarding the customer can be used within the bank and under certain circumstances within a group of companies, but in no case can the information be used for interests that are in conflict with the customer’s interests.

Other Relevant Legislation

When processing information regarding the consumer, consideration must be given to other relevant legislation. For example, the processing of personal data must be compliant with the GDPR, which requires a legal basis and an explicit purpose for the processing.

The Basel Committee published the first parts of the global regulatory framework called Basel III by the end of 2010 and the framework was finalised in late 2017, but parts of it were transposed in the EU through the CRR, which is directly applicable across the EU. Together with the CRD, these legal acts constitute the main legislative framework for banks in the EU and thus Sweden.

Sweden has implemented the CRD (including the amendments made through CRD V) mainly through the Special Supervision Act, the CBA, the SFSA’s regulations regarding prudential requirements and capital buffers (FFFS 2014:12) and regulations regarding the management of liquidity risks in credit institutions and investment firms (FFFS 2010:7). The regulations contain rules on consolidated situations, own funds, own fund requirements, large exposures, liquidity, reporting, the disclosure of information, capital buffers and documentation of the undertakings' capital and liquidity assessment procedures. Sweden has made an exemption from the requirements set out in Article 129(1)(c) of the CRR to avoid the concentration problems on the Swedish market that could arise if issuers of covered bonds were referred to only a few derivative counterparties.

Pillar 1 Requirements

According to capital adequacy requirements, Tier 1 and Tier 2 capital must exceed 8% of risk-weighted assets (Pillar 1 core requirements). The Tier 1 capital requirements include common equity and other qualifying financial instruments (so-called additional Tier 1 capital), the loss absorption capacity of which is considered equal to equity. The minimum requirement for common equity is 4.5% of risk-weighted assets, while the additional Tier 1 capital is 1.5%. On the other hand, Tier 2 capital is subordinated to unsecured senior debt of the bank and is set at 2%. Moreover, the CRR restricts accelerated repayments, redemptions and other cancellations of equity or debt made available to bank investors for Tier 1 and Tier 2. The CRR further restricts the granting of guarantees or security interests by subsidiaries of the bank in order to protect the quality of the bank’s regulatory capital from dilution.

The 8% minimum capital requirement is fully binding for all banks; breach thereof could lead to a withdrawal of the bank’s licence. However, capital buffer requirements result in much higher levels of capital for banks and especially for the global systemically important institutions (G-SII). A capital conservation buffer of 2.5% of risk-weighted assets is added to this, bringing the total minimum common equity held as part of a bank’s capital to 7% of risk-weighted assets.

Combined Buffer Requirements

Sweden prescribes the following capital buffer requirements:

  • the capital conservation buffer;
  • the institution-specific countercyclical capital buffer;
  • the systematic risk buffer; and
  • the buffers for systemically important institutions.

As mentioned above, the conservation buffer amounts to 2.5% and is designed to ensure that banks build up capital buffers outside periods of stress that can be drawn down as losses are incurred. The countercyclical buffer has a range between 0% and 2.5% of risk-weighted assets comprising common equity or other fully loss-absorbing capital. The countercyclical buffer is utilised to address systemic risk concerns.

The SFSA has issued regulations regarding the calculation of the countercyclical buffer and the credit exposures’ geographic composition. In accordance with the CBA, the SFSA shall set a countercyclical buffer guide and a countercyclical buffer rate each quarter. As of 29 September 2021, the buffer rate is set to 0% and the countercyclical buffer guide is set at 0.2%. With effect from 29 September 2022, the buffer rate will be set to 1% and the buffer guide to 2%.

The purpose of the systemic risk buffer is to prevent systemic risks of a long-term, non-cyclical nature that are not covered by the CRR. The SFSA has imposed a systemic risk buffer of 3% on the larger banks in Sweden.

The CBA provides for a surcharge for any G-SII, with an additional buffer amounting to at least 1% of each bank’s total risk-weighted assets.

The SFSA is also responsible for identifying other systemically important institutions (O-SIIs) and deciding on additional capital buffer requirements for such institutions. As of 1 November 2021, the additional capital buffer for O-SIIs can amount to up to 3% but it is currently set at 1% for all banks subject to it. This capital buffer is in addition to the systemic risk buffer.

Pillar 2 Requirements

Banks must identify, measure, govern, report internally and control their risks on a regular basis in order to ensure that the aggregated risk does not endanger their ability to meet their obligations. The banks must provide the SFSA with a documented internal capital adequacy assessment process (ICAAP) for the SFSA to review and evaluate. Based on this evaluation, the SFSA can impose an additional individual requirement, which should cover risks that are not fully captured by the Pillar 1 requirements. This additional capital requirement is referred to as the "additional own funds requirement". The capital assessment further includes an assessment of the bank’s need for a capital planning buffer, which should constitute a margin to the minimum requirement.

Liquidity Requirements

The CRR together with the delegated regulation and SFSA regulation FFFS 2010:7 prescribe the liquidity requirements for banks in Sweden. On a broad level, the focus areas for liquidity requirements are the liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR).

The LCR can be said to have two components:

  • stock of high-quality liquid assets in stressed scenarios; and
  • total net cash outflows.

Banks shall hold an adequate level of unencumbered, high-quality liquid assets that can be easily converted into cash at little or no loss of value to be able to cover the total net cash outflows over a 30-day time horizon. When banks use the liquidity stock, they need to provide for a plan to restore their holdings of liquid assets, and the SFSA will need to ensure that such plan is adequate and sufficiently implemented.

The NSFR is defined as the amount of available stable funding relative to the amount of required stable funding. This requirement is meant to ensure that the banks have stable funding to cover long-term obligations under a one-year horizon under conditions of extended stress.

FFFS 2010:7 prescribes requirements regarding internal governance, the identification and measurement of liquidity risks, the managing of liquidity risk and the disclosure of information. Banks shall have a documented risk tolerance that is based on a quantitative and qualitative view of appropriate liquidity risk and is adapted to the bank’s operational objective, strategic direction and general risk preference. Furthermore, the bank shall have strategies in place to manage the liquidity risk in accordance with the risk tolerance in order to ensure sufficient liquidity.

In order for the SFSA to control compliance with these requirements, the banks are obliged to report the high-quality liquid assets at least every month to the SFSA and the stable funding at least quarterly to the SFSA.


Sweden has implemented the Bank Recovery and Resolution Directive 2014/59/EU (as amended by Directive 2019/879/EU – the BRRD) through the Swedish Resolution Act. The BRRD in turn incorporates principles from the international standard "Key Attributes of Effective Resolution Regimes", issued by the Financial Stability Board. Although it is an EU Member State, Sweden does not participate in the EU’s SRM.

The purpose of the Resolution Act is to ensure that the government can take over a failing bank and restructure it or wind-down its operations in an orderly manner to maintain the critical functions of the bank and stability in the financial system.

As of 2021, the resolution mechanism has never been put into practice in Sweden.

The basic principle in the resolution procedure is that the costs should be borne by the bank's shareholders and creditors (excluding protected depositors), and not the taxpayers. As a protection, another key principle is the “no-creditor-worse-off” principle, which means that no owner or creditor should be compensated to a lesser extent than he or she would have been under normal insolvency proceedings.

Recovery and Crisis Planning

The NDO is the appointed Swedish resolution authority and, as such, is responsible for preparing for crises in banks and for managing banks in crises.

The NDO must prepare a crisis plan for all Swedish banks but the approach that the NDO will take varies according to which bank is in crisis and what sort of crisis. In practice, only systemically important banks will be placed into resolution. Most banks are not considered systemically important, and the NDO has simplified plans for these banks. In general, these banks will be placed under ordinary insolvency proceedings if necessary.

Banks are required to prepare and maintain recovery plans, setting out the preventative measures and actions they will undertake if under financial distress in order to prevent failure. As the supervisory authority, the SFSA is responsible for assessing the recovery plans of banks, and may order a bank to improve its plan if necessary. The SFSA also has early intervention powers and may order banks to make organisational and strategic changes, to take recapitalisation measures or to activate the recovery plan.

Furthermore, in order for the NDO to implement resolution measures, a bank must have sufficient own funds and liabilities that can be written down or converted to equity. The NDO therefore sets a minimum requirement for own funds and liabilities (MREL) on an individual basis. Sweden has transposed the new MREL requirements that follow from the EU's banking package in 2019 (please see 10.1 Regulatory Developments), which entail stricter subordination requirements and additional measures to address breaches of the MREL.

Requirements for Resolution

If the bank’s financial situation is not improved by actions taken under the bank’s recovery plan or the intervention measures taken by the SFSA, the first step is to determine whether the bank is failing or is likely to fail. The SFSA will hand over the responsibility to the NDO if the following criteria are fulfilled:

  • the bank infringes the requirements for continued authorisation in a way that justifies the withdrawal of its authorisation;
  • its assets are less than its liabilities;
  • the bank is unable to pay its debts as they fall due; and
  • extraordinary public financial support is required (except when it concerns certain forms of precautionary support provided temporarily to fundamentally viable banks).

In order to initiate a resolution procedure, the NDO will also need to establish that there are no alternative measures available to prevent the failure of the bank, and that resolution is necessary with regard to the public interest. The public interest requirement is why non-systemically important banks in general will be placed in ordinary insolvency proceedings.

Resolution Tools

Once a bank has been placed under resolution, the NDO will take over the control and management of the bank, but not any ownership. The NDO will have a number of "resolution tools" at its disposal, which are aligned with the BRRD and can be used separately or in combination.

These tools include the "bail-in tool", where shares and liabilities are written down or converted to equity. The writing down of shares will occur before debts are converted. The NDO might also sell all or parts of the shares issued by the bank, or its assets, rights or liabilities, to one or more buyers (the "sale of assets tool").

The "bridge institution tool" allows the NDO to transfer all or part of the bank’s business to a separate legal entity controlled by the NDO, which will uphold critical functions until the business is sold or wound down. Under the "asset separation tool", assets that are non-critical for the functioning of the financial system can be separated from the bank and managed via an asset management vehicle.

Resolution Reserve and Government Intervention

While the main principle is that shareholders and creditors should bear the bank’s losses and the costs for resolution, there may sometimes be a need for external financing. For that purpose, a resolution reserve has been set up with the NDO.

The resolution reserve may be used as a complement to the bail-in tool, but only where the shareholders and creditors have already absorbed losses corresponding to 8% of the total assets or 20% of risk-weighted assets, and certain other criteria are fulfilled.

The resolution reserve is financed through annual fees, which banks must pay if their reserve is below 3% of their total covered deposits.

Finally, as a last resort, the government stabilisation tool may be used to recapitalise the bank or take temporary public ownership over it. This tool is separate from the use of the resolution reserve and may only be used after all other tools have been assessed and exploited to the maximum extent possible. This tool is subject to EU state aid rules and requires, inter alia, that a government makes the decision on whether the tool shall be used.

Insolvency Preference Rules for Deposits

The depositor guarantee scheme (see 6.1 Depositor Protection Regime) will apply regardless of whether resolution or ordinary bankruptcy proceedings are used. In bankruptcy, guaranteed deposits enjoy preference over unsecured and subordinated liabilities but below a number of secured liabilities, such as covered bonds.

Precautionary Support to Sound Banks

It should be noted that, in some cases, the NDO may provide precautionary government support to systemically important banks that have temporary problems (eg, due to serious systemic disturbances in the economy) but that have sustainable finances on a long-term basis and a fundamentally sound business model. This is not an alternative to resolution under the Resolution Act and will not be provided to failing banks (as defined in the Resolution Act).

After the financial crisis of 2008, Sweden set up a "stability fund", to which the banks paid fees up to the establishment of the resolution reserve. Part of the stability fund was transferred to the resolution reserve but the remainder will finance such precautionary support measures.


On an EU level, amendments to the CRR, CRD and BRRD, among others, were adopted in 2019 and are commonly referred to as the “package”. With the package, certain parts of the final version of the Basel III agreement have been and will be implemented – ie, requirements regarding more stable financing and a non-risk-weighted leverage ratio. The package further includes provisions that implement Total Loss-Absorbing Capacity (TLAC) within the EU.

However, the COVID-19 pandemic had a significant impact on the financial market. From a regulatory perspective, there has been a temporary easing of regulatory capital requirements and other prudential regulations, due to the current situation. For example, a "quick fix package" of the CRR – (EU) 2020/873 (CRR II) – was adopted that, inter alia, extended the transitional arrangements for expected credit loss accounting under IFRS 9 and the treatment of publicly guaranteed loans under the prudential backstop for non-performing loans, offsetting the impact of excluding certain exposures from the calculation of the leverage ratio and deferring the application date for the leverage ratio buffer to 1 January 2023.

The majority of the provisions in the CRR II have applied since 28 June 2021, and Sweden transposed the CRD V by 28 December 2020, which was the last date for transposition for the majority of the provisions in the Directive. The updated EU regulations entail several significant changes, with the key changes being outlined below.

Leverage ratio

One of the major changes is the binding leverage ratio that requires banks to maintain Tier 1 capital of at least 3% of their non-risk-weighted assets. An additional leverage ratio buffer will apply to G-SIIs. The CRR II also allows an initial margin to reduce the exposure measures when applying the leverage ratio to derivatives.

Standardised approach for counterparty credit risk

The CRR II introduces a new approach to counterparty credit risk (SA-CCR) that is more risk sensitive, providing better recognition of hedging, netting diversification and collateral.

Sustainable finance

The CRR II and the CRD V take steps towards a more sustainable future by prescribing some measures that focus on sustainable finance. EBA investigates how to incorporate environmental, social and governance (ESG) risks into the supervision and treatment of assets associated with environmental and social objectives. Large banks are required to disclose their ESG-related risks.

Group level requirements

Certain requirements regarding core capital, large exposures, liquidity and reporting obligations prescribed in the CRR II apply to holding companies.

Non-performing loans

The CRR II adjusts credit risk provisions to mitigate the capital impact of massive disposals of non-performing loans.

A brief timeframe for the parts of the CRR II and CRD V that are yet to come into effect is as follows:

  • 1 January 2022: the EBA final guidelines on credit risk mitigation for institutions applying the internal ratings-based approach with own estimates of loss-given default will apply;
  • 1 January 2022: the new requirement for own funds for G-SIIs will apply;
  • 28 June 2022: the ESG disclosure requirements under the CRR II will apply; and
  • the first or second quarter of 2023: the expected start date for the Internal Model Approach reporting requirements under the CRR II market risk standard will apply.


Certain temporary legislative measures taken to tackle the COVID-19 pandemic ceased to be in effect during 2021. For example, as a response to the COVID-19 pandemic, in April 2020 banks in Sweden were given the possibility to offer all new and existing mortgagors an exemption from amortisation requirements. This temporary exemption ceased in September 2021. Furthermore, in September 2021 the SFSA decided to increase the countercyclical buffer rate to 1% with effect from 20 September 2022, after lowering it to 0% in April 2020.

Anti-money Laundering

In July 2021, the European Commission presented a large package of legislative proposals to strengthen the EU’s AML and CTF rules, including the following:

  • the establishment of a new EU AML authority, which would be the central authority co-ordinating national authorities and ensuring a consistent application of EU rules;
  • a new EU AML regulation, which would make parts of the existing AMLD directly applicable in all Member States, including Sweden; and
  • a sixth AML directive, which will clarify the tasks and powers of supervisory authorities and strengthen co-operation between national authorities.

The European Commission has asked the European Parliament and Council for a speedy legislative process, hoping that the new framework will enter into force during 2024.

Consumer Credits

The SFSA’s new general guidelines on consumer credits (FFFS 2021:29) entered into force on 1 November 2021. Among other things, the guidelines clarify what information lenders should include as a basis for credit assessments and how such information should be collected and assessed.

Proposal on New Bank Tax

The Swedish government has proposed the introduction of a new tax that will be levied on Swedish banks with liabilities attributable to operations in Sweden exceeding SEK150 billion. The tax is proposed to be 0.06% of the banks’ total liabilities during 2020, which will thereafter be increased to 0.07%. Currently, seven Swedish banks would be subject to the tax.

Advokatfirman Hammarskiöld & Co AB

Skeppsbron 42, Stockholm
Visit: Norra Bankogränd 2

+46 8 578 450 68
Author Business Card

Trends and Developments


Advokatfirman Hammarskiöld & Co AB is a leading Swedish business law firm and has developed a strong and recognised position in the banking and finance practice area. It represents a wide range of national and international clients in the financial industry. The practice covers all of the traditional and recently developed areas of banking and financing, such as asset finance, aircraft finance, secured and syndicated loan transactions and guarantees, as well as acquisition finance and bond issues. The firm is especially known for its financial regulatory practice, with notable expertise within all relevant areas of financial regulation, including credit institutions, investment firms, fund managers and payment institutions. Hammarskiöld handles regulatory compliance investigations and provides strategic regulatory advice to senior management in financial institutions. The firm is also experienced in handling matters with the Swedish Financial Supervisory Authority, including authorisations, market regulations, sanctions and anti-money laundering requirements. The banking and finance team consists of three partners, two senior associates and five associates.

Sweden: Booming Fintech Market and Anti-Money Laundering Challenges Within the Payment Services Industry


Stockholm has bred more tech unicorns per capita than any other region in the world, except Silicon Valley, according to Bloomberg. Fundraising is particularly evident in Sweden’s fintech sector, which has an estimated 450 active companies. Sweden is further considered by many to be the most attractive country in the Nordics for fintech-related investments, with success stories including Klarna, which attracted USD650 million in new capital during 2020, and Tink, which was acquired by Visa for USD1.8 billion in June 2021.

The COVID-19 pandemic has accelerated the digital transition, and fintech companies have managed to meet customers’ expectations on digital presence and demand for real-time payments. As one of the world’s most cashless societies, with a tech-savvy population, Sweden has provided a platform for fintechs and new payment methods to flourish, according to the Swedish Financial Technology Association.

Innovative business models are on the rise, but the regulatory frameworks tend to fall behind. Regulatory hurdles raise challenges when fintech innovations do not fit into the regulatory framework. Finding out what regulation applies to a particular business model can be a struggle, entailing compliance risks for fintech companies that operate in new segments. At the same time, real-time payments and the absence of physical meetings can facilitate and enable illicit transactions within the payment chain, making anti-money laundering and fraud detection a prioritised matter for the Swedish Financial Supervisory Authority (SFSA). A recent supervisory case relating to AML routines forced a well-known payment services provider to postpone its IPO.

Payment service providers in Sweden

Open banking regulations such as the implementation of the second Payment Service Directive (PSD2) have helped accelerate fintech adaptation, improving third-party access to data and fostering an environment of collaboration.

PSD2 has acted as a catalyst for the sharing of transaction data, resulting in two new regulated service providers being available through open banking: account information service providers (AISPs) and payment initiation service providers (PISPs). AISPs can typically collect financial information from their customers and digest it in a way that can help customers to understand their financial situation, create a budget and monitor their spending. Some AISPs use the same capability to enable customers to share their financial information with, for example, a lender to enhance their credit assessment and decisions. PISPs, on the other hand, are authorised to make payments on behalf of a customer by initiating payments directly to or from the payer’s bank account.

The authorisation application process may look different for each payment service, depending on whether it is to be provided in isolation or alongside other payment services. Regarding the requirements to prevent money laundering and terrorist financing, the relevant factors to assess are the extent (if any) to which a payment service provider comes into possession of client funds and the payment service providers’ ability to detect suspicious transactions and abnormal behaviour amongst their users.

Sufficient customer due diligence

The Anti-Money Laundering Directive (AMLD) has been implemented in Sweden and sets the standard for regulatory requirements to prevent the financial market from being misused for money laundering and terrorist financing. Obligated entities are required to perform customer due diligence measures when establishing a business relationship with their customers. AISPs are explicitly exempted from the Swedish Money Laundering and Terrorist Financing (Prevention) Act (2017:639) (AMLA); however, PISPs are not exempted and are therefore required to perform customer due diligence.

Entities subject to the AMLA shall apply a risk-based approach to identifying the potential risks of money laundering and terrorist financing, and develop strategies to mitigate them. For PISPs, this requires understanding and articulating the payment flows and the information to which the PISP has access. Depending on the business model, however, it may not always be a straightforward task to determine with whom a business relationship exists and in relation to whom customer due diligence shall be performed.

Who is the customer?

PISPs can interact directly with both payment service users (end users) and merchants, and can have an agreement with either the end user (payer) or the merchant (payee), or both. Taking into account that the PISP plays the role of intermediary between the payer and the payee, it should be decided on whom the PISP should perform the customer due diligence measures.

According to Article 3(13) of the AMLD, "business relationship" means a business, professional or commercial relationship that is connected with the professional activities of an obligated entity and is expected, at the time when the contact is established, to have an element of duration.

It is of great importance to understand what kind of services a PISP offers and its role in the payment flow. Some business models are based on the PISP having a business relationship with a merchant for offering a payment solution by initiation services, and the end user authorises the payment initiation to pay for the merchant’s services. In this situation, could the end user nevertheless be regarded as the PISP’s customer? Obviously, the answer to this question may be very important for a PISP, particularly in cases where the business model does not involve carrying out burdensome customer due diligence measures in relation to thousands of end users rather than far fewer merchants.

The question was somewhat addressed in the European Banking Authority’s (EBA) revised guidelines on money laundering and terrorist financing risk factors (EBA/GL/2021/02), which were published in March 2021 and contain certain sector-specific guidelines for, inter alia, PISPs and AISPs.

According to EBA guideline 18.8, the customer of the PISP is the natural or legal person who holds the payment account and requests the initiation of a payment order from that account. In the specific case where the PISP has a business relationship with the payee for offering payment initiation services, and not with the payer, and the payer uses the respective PISP to initiate a single or one-off transaction to the respective payee, the PISP’s customer is regarded as the payee, and not the payer. However, EBA also makes it clear that customer due diligence must always be performed and obtained when establishing a business relationship and in connection with certain occasional transactions.

This approach is consistent with Recital 34 in the European Commission’s proposed draft of a new AML/CTF Regulation (2021/0239(COD)), where it is stated that some business models are based on the obligated entity having a business relationship with a merchant for offering payment initiation services through which the merchant gets paid for the provision of goods or services, and not with the merchant’s customer, who authorises the payment initiation service to initiate a single or one-off transaction to the merchant. In such a business model, the PISP’s customer for the purpose of anti-money laundering and counter-terrorist financing rules is the merchant, and not the merchant’s customer.

Consequently, it all comes down to determining whether or not a business relationship is established. The guideline and the recital mentioned above both refer to single or one-off transactions with the merchant, which leaves a margin for the interpretation that a business relationship nonetheless can be established with the end user if the end user recurrently uses the payment services.

In a 2018 supervisory report, the SFSA stated that business relationships can be established if a customer recurrently executes single or one-off transactions through an obliged entity’s services. The business relationship is then established by way of conclusive actions, meaning that businesses that are characterised by many smaller and recurring transactions need to define when and how a business relationship is considered to be established.

The SFSA further stated in the report that a business relationship, in any case, should be considered to have been established when transactions are carried out by the same person 12 times during a period of 12 months. According to the SFSA, this is a strong indication that the relationship is of a recurring nature and therefore has an element of duration. The SFSA has further stated that, when the products and services provided by the obligated entity are associated with a high risk of money laundering and terrorist financing, a narrower definition of whether a business relationship is established may be required in order to combat the risk that the business will be used for such illicit purposes.

Furthermore, in connection with its official statement regarding its intention to comply with the EBA’s new guidelines, the SFSA has stated that the legal definition of customers in the AMLA has a broader interpretation than the one used in the guidelines. According to the SFSA, PISPs can have a business relationship with both the payer and the payee. Reference may also be made to the Danish Financial Supervisory Authority’s guidelines on measures to prevent money laundering and financing of terrorism, which were published on 3 November 2020. The Danish guidelines state that PISPs must consider with whom they establish a business relationship, taking into account their business models. Such relationships could be with online businesses that regularly receive payments for goods and services from customers through payment initiating services, or with natural persons using PISPs (often combined with account information services) to manage different accounts potentially maintained by different account servicing payment service providers (ASPSPs).

To summarise, the obligation to perform customer due diligence derives from whether or not a business relationship is established (except for certain occasional transactions and suspicions of illicit transactions). Depending on the business model and the payment services provided, in certain cases a business relationship can be established with the end user if the end user frequently returns to the payment methods offered by the payment service provider (making some of the merchant’s customers their own). Based on the statements and supervisory practices of the SFSA, PISPs established in Sweden are accordingly challenged to analyse their business model and determine to what extent (if any) and under which circumstances a legal or natural person can be considered a customer.

Advokatfirman Hammarskiöld & Co AB

Skeppsbron 42, Stockholm
Visit: Norra Bankogränd 2

+46 8 578 450 68
Author Business Card

Law and Practice


Advokatfirman Hammarskiöld & Co AB is a leading Swedish business law firm and has developed a strong and recognised position in the banking and finance practice area. It represents a wide range of national and international clients in the financial industry. The practice covers all of the traditional and recently developed areas of banking and financing, such as asset finance, aircraft finance, secured and syndicated loan transactions and guarantees, as well as acquisition finance and bond issues. The firm is especially known for its financial regulatory practice, with notable expertise within all relevant areas of financial regulation, including credit institutions, investment firms, fund managers and payment institutions. Hammarskiöld handles regulatory compliance investigations and provides strategic regulatory advice to senior management in financial institutions. The firm is also experienced in handling matters with the Swedish Financial Supervisory Authority, including authorisations, market regulations, sanctions and anti-money laundering requirements. The banking and finance team consists of three partners, two senior associates and five associates.

Trends and Development


Advokatfirman Hammarskiöld & Co AB is a leading Swedish business law firm and has developed a strong and recognised position in the banking and finance practice area. It represents a wide range of national and international clients in the financial industry. The practice covers all of the traditional and recently developed areas of banking and financing, such as asset finance, aircraft finance, secured and syndicated loan transactions and guarantees, as well as acquisition finance and bond issues. The firm is especially known for its financial regulatory practice, with notable expertise within all relevant areas of financial regulation, including credit institutions, investment firms, fund managers and payment institutions. Hammarskiöld handles regulatory compliance investigations and provides strategic regulatory advice to senior management in financial institutions. The firm is also experienced in handling matters with the Swedish Financial Supervisory Authority, including authorisations, market regulations, sanctions and anti-money laundering requirements. The banking and finance team consists of three partners, two senior associates and five associates.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.