Key Laws and Regulations Governing the Swedish Banking Sector

A substantial portion of Swedish banking regulations is derived from EU directives and regulations, reflecting Sweden’s membership in the European Union. However, the primary domestic legislation governing the banking sector in Sweden is the Banking and Financing Business Act (SFS 2004:297). This act covers various aspects, including rules related to authorisation, governance, operations, corporate provisions, credit assessment, ownership, and supervision.

In terms of financial soundness, the Capital Requirements Regulation ((EU) 575/2013) (as amended by Regulation (EU) 2019/876 (CRR II)) (CRR) is directly applicable. Supplementing this regulation are two additional substantiative pieces of legislation: the Credit Institutions and Securities Companies (Special Supervision) Act (SFS 2014:968) and the Capital Buffers Act (SFS 2014:966), implementing the Fourth Capital Requirements Directive (2013/36/EU) (as amended by Directive (EU) 2019/878 (CRD V)) (CRD).

For recovery and resolution matters, the Resolution Act (SFS 2015:1016) is the pertinent national legislation implementing the Bank Recovery and Resolution Directive (2014/59/EU) (as amended by Directive (EU) 2019/879 (BRRD II)) (BRRD).

Other laws and regulations applicable to the banking sector, depending on specific services offered, include:

• Money Laundering and Terrorist Financing (Prevention) Act (SFS 2017:630);
• Payment Services Act (SFS 2010:751);
• Electronic Money Act (SFS 2011:755);
• Securities Market Act (SFS 2007:528);
• Investment Funds Act (SFS 2004:46);
• Alternative Investment Fund Managers Act (SFS 2013:561);
• Mortgage Business Act (SFS 2016:1024);
• Insurance Distribution Act (SFS 2018:1219);
• Consumer Credit Act (SFS 2010:1846);
• Deposit Business Act (SFS 2004:299); and
• Covered Bonds (Issuance) Act (2003:1223).

The Swedish Financial Supervisory Authority (the SFSA) also issues regulations and general guidelines that complement fundamental rules. Regulations are binding, requiring compliance, while general guidelines offer recommendations on adherence to binding provisions.

Regulators

Supervision of Swedish banks involves multiple authorities: the SFSA, the Swedish Central Bank (Riksbanken), the Swedish National Debt Office (Riksgälden), and the Ministry of Finance (Finansdepartementet). These entities collectively form the Financial Stability Council, a forum for discussing financial stability and crisis measures. Decisions, however, are made independently by the government and relevant authorities.

SFSA

The SFSA is responsible for micro and macro-level supervision of banks and conducts on-site inspections and requests information to analyse and control operations. It also monitors systemic risks, such as financial imbalances in the credit market.

Swedish Central Bank

With a mandate to promote a stable financial system, the Central Bank focuses on maintaining a secure payment system and addressing potential financial crises. Regular monitoring includes analysis of risks to the financial system’s stability, encompassing payment systems, major banking groups, borrower profiles, and macroeconomic developments.

Swedish National Debt Office

Tasked with managing banks in crisis and overseeing the deposit insurance scheme, the Swedish Debt Office plays a critical role in financial stability.

Ministry of Finance

Responsible for formulating laws and regulations applicable to the financial system, the Ministry of Finance plays a key role in shaping the legal framework for the banking sector.

Types of Licenses

Banking or financing operations, with some exceptions, may only be conducted following the granting of authorisation by the SFSA. The prerequisites for conducting banking or financing business are set out by the Banking and Financing Business Act (2004:297) and the Banking and Financing Business Ordinance (2004:329). Special rules for savings banks are set out in the Savings Banks Act (1987:619) and for members’ banks in the Members’ Banks Act (1995:1570).

Definitions

Banking business encompasses:

• payment services via general payment systems; and
• receipt of funds which, following notice of termination, are available to the creditor within not more than 30 days.

Financing business encompasses:

• accepting repayable funds from the public; and
• granting loans, providing guarantees for loans or, for financing purposes, acquiring claims or granting rights of use in personal property (leasing).

Foreign Banks

Credit institutions (which include both banks and credit market undertakings) domiciled in an EEA country may conduct business in Sweden either through a branch or by providing services in Sweden from their home country. Credit institutions domiciled in a non-EEA country may conduct business in Sweden through a branch or a representation office.

Activities and Services Covered

A bank may engage in a broad range of activities, which include, inter alia:

• borrowing funds, for example by accepting deposits from the general public or issuing bonds or other comparable debt instruments;
• granting and brokering loans, for example in the form of consumer credit and loans secured by charges over real property or claims;
• participating in financing, for example by acquiring claims and leasing personal property;
• providing payment services pursuant to the Payment Services Act (SFS 2010:751);
• providing means of payment;
• issuing guarantees and assuming similar obligations;
• participating in the issuance of securities;
• providing financial advice;
• holding securities in safekeeping;
• conducting letters of credit operations;
• providing bank safety deposit services;
• engaging in currency trading;
• conducting securities operations subject to the conditions prescribed in the Securities Market Act (SFS 2007:528);
• providing credit information subject to the conditions prescribed in the Credit Information Act (SFS 1973:1173); and
• issuing electronic funds pursuant to the provisions of the Electronic Money Act (SFS 2011:755).

This list is merely illustrative, and consequently a bank may conduct other financing operations and operations, provided that these have a natural connection with the financing operations.

Conditions for Authorisation

A license to conduct financing business may be granted to Swedish limited companies and co-operative associations. Such entities are referred to as credit market undertakings. A license to conduct banking business may be granted to Swedish limited liability companies, co-operative associations, and savings banks.

Other general conditions that need to be fulfilled in order to have a license granted include:

• the articles of association contain the specific provisions required taking into consideration the scope and nature of the planned operations;
• there is reason to assume that the planned business will be conducted in accordance with the provisions of banking regulation and other statutes that govern the company’s operations;
• the holder or anticipated holder of a qualified holding in the company is deemed suitable to exercise a significant influence over the management of a bank;
• any person who is to serve on the company’s board of directors or serve as managing director, or be an alternate for any of the aforesaid, possesses sufficient insight and experience to participate in the management of a bank and is otherwise suitable for such duties;
• the board of directors as a whole has sufficient expertise and experience to run the company; and
• an initial capital which, at the time of the decision regarding a license, corresponds to not less than EUR5 million.

In conjunction with an assessment of whether a holder is suitable, such person’s reputation and financial strength shall be taken into consideration. It shall also be taken into consideration as to whether there is reason to believe that:

• the holder will impede the bank’s ability to operate in compliance with the requirements that regulate the business; or
• the holding has a connection with, or can increase the risk of, money laundering or terrorist financing.

Filing Documents

The Banking and Financing Business Ordinance (2004:329) lays down the formalities that apply to the application and the information that should be included in the application. This is further outlined in the SFSA’s general guidelines (FFFS 2011:50) regarding an application for authorisation to conduct banking or financing business, which stipulate that the application shall include the following:

• articles of association; and
• a business plan.

The business plan should contain, and append to the plan, the information set out below:

• an organisational chart;
• outsourcing agreements;
• a group or ownership chart;
• documentation for ownership and management assessment;
• annual reports, interim reports, forecasts and lending instructions;
• guidelines and instructions regarding risk management, customer protection, ethical rules, events of material significance, measures against money laundering and financing of terrorism and audit function;
• a description of operations;
• a detailed description of the operations to be conducted; the description should, inter alia, contain:

1. a general outline (organisational chart) regarding the manner in which the operations are organised;
2. a general description of the areas of operation and functions;
3. information regarding the number of employees, broken down by various areas of operation and functions;
4. a description of the responsibility and positions of employees with special responsibility for a particular function or area of operation;
• information regarding the manner in which IT operations will be organised, the systems used and the strategy which may be relevant; information should also be provided regarding how the company intends to organise and structure the responsibility for IT support and information security.

Application Process

The original application and one copy should be submitted to the SFSA. An additional copy should be furnished to the company’s auditor. Applicants must pay a fee of SEK1,400,000 in conjunction with the application.

Once the application has reached the SFSA, an application becomes a matter and is assigned a reference number. An administrator is then appointed as responsible for the matter and confirmation that the application has been received by the SFSA is sent out.

After the application fee has been paid, the administrator conducts a formal review of the application to verify if it is complete. If there are any formal deficiencies, the SFSA will request supplementary information. Once the application is deemed formally complete, the SFSA initiates its material review of the documentation to assess whether the conditions for the authorisation are met. The SFSA may, during the handling process, also request supplementary information before a decision is reached.

Provided that the application is formally complete and the fee has been paid, the SFSA will make a decision within six months.

Requirements Governing Change in Control

Prior the acquisition of a qualified holding of shares an application for authorisation to acquire shares must be submitted to the SFSA.

A “qualifying holding” is defined as a direct or indirect holding that represents 10% or more of the capital or of the voting rights, or which makes it possible to exercise a significant influence over the management (eg, through a shareholder agreement). Notification is also required when a direct or indirect holding increases above a prescribed percentage of 20%, 30% or 50%, or which causes the undertaking to become a subsidiary.

Authorisation must be obtained prior to the acquisition. Where the acquisition has occurred as a result of a division of joint marital property, testamentary disposition, corporate distribution, or any other similar measure, consent shall instead be required for the acquirer to retain the shares of participating interests. The acquirer shall thereupon apply for consent within six months of the acquisition.

Restrictions

There are currently no specific restrictions on private ownership or geographical restrictions on foreign ownership of Swedish banks. However, Sweden is introducing a new legislation (the “FDI Act”) to give effect to the EU Screening Regulation (Regulation (EC) 2019/452) which will introduce a screening regime for certain foreign direct investment transactions. The purpose of such screening is to examine whether the relevant foreign investment may harm national security or public order. The FDI Act will enter into force on 1 December 2023 and will have a significant impact on investments. Any investment that falls within the scope of the FDI Act must, prior to closing, be approved, or subject to a decision of not taking any further actions, by the screening authority. Currently, there is uncertainty as to which financial institutions are considered to provide “protected activities” and subsequently to fall within the scope of the regime.

Factors to be Considered

Authorisation shall be granted for an acquisition where the acquirer is deemed suitable to exercise a significant influence over the management of a bank and it can be assumed that the anticipated acquisition is financially sound. Consideration shall be taken of the acquirer’s likely impact on the business of the bank.

In conjunction with the assessment, the acquirer’s reputation and financial strength shall be taken into consideration. It shall also be taken into consideration whether:

• any person who, as a result of the acquisition, will become a member of the board of directors of the credit institution or act as managing director or act as an alternate for either of the foregoing has sufficient insight and experience to participate in the management of a bank and is also otherwise suitable for such a task, as well as whether the board of directors, taken as a whole, has sufficient expertise and experience to run the institution;
• there is reason to believe that the acquirer will impede the credit institution’s ability to operate in compliance with statutes regulating the business of the bank; and
• there is reason to believe that the acquisition has a connection with, or may increase the risk of, money laundering or terrorist financing.

Information to Include in the Application

The SFSA’s regulations regarding ownership, ownership management and management assessment in credit institutions (FFFS 2023:13) set out the information that a company must submit to the SFSA in conjunction with ownership assessments. These regulations apply during ongoing ownership assessments, but are not applicable at the time of applying for authorisation. During the authorisation phase, the following applies: the Commission Delegated Regulation (EU) 2022/2580 of 17 June 2022 supplementing Directive 2013/36/EU of the European Parliament and of the Council with regard to regulatory technical standards that specify the information to be submitted in a credit institute’s authorisation application and the factors that can prevent competent authorities to conduct efficient supervision.

The information to be submitted includes:

• information about the acquirer;
• registration certificate;
• financial position (including annual reports);
• information about the board of directors and senior management;
• description of the ownership chain;
• relations and interests;
• information about the acquisition;
• financing of the acquisition; and
• business plan and detailed information about the acquisition.

As a part of the ownership assessment, the SFSA collects information from, for example, the Swedish Police, the Swedish Companies Registration Office, the Swedish Tax Agency, the Swedish Enforcement Authority and firms that provide credit assessments.

Application Process

A decision of the SFSA regarding an authorisation to an acquisition shall be issued within 60 working days after the confirmation has been sent (the evaluation period). Where the SFSA requests supplementary information, the evaluation period may be extended. The SFSA shall be deemed to have given consent to the acquisition where the authority has not issued a decision in respect of the application during the evaluation period. The fee is currently SEK30,800.

Governance Rules

The main corporate governance rules applicable to banks are set out in the SFSA’s regulations and general guidelines (FFFS 2014:1) regarding governance, risk management and control. The guidelines on internal governance issued by European Banking Authority are also applicable (EBA/GL/2021/05) in relation to banks’ governance arrangements, including their organisational structure and the corresponding lines of responsibility, processes to identify, manage, monitor and report all risks they are or might be exposed to, and the internal control framework. Due to domestic legislation being incompatible with the guidelines in a few areas, some of the provisions are not applicable (nomination committee and independent board members).

The main governance rules are summarised below.

General organisational requirements

The company shall ensure that it has an appropriate, transparent organisational structure with a clear allocation of functions and areas of responsibility that ensure sound and efficient governance of the undertaking and enable the SFSA to conduct efficient supervision.

The responsibility of the board of directors and the managing director

When the board of directors establishes the company’s strategies, it shall observe long-term financial interests, the risks to which the company is or could perceivably become exposed, and the capital required to cover its risks. Board members shall have sound knowledge and understanding of the company’s organisational structure and processes in order to ensure that they are consistent with the decided strategies. Board members shall be thoroughly familiar with and knowledgeable about the operations and the nature and scope of the risks.

The board of directors or managing director shall regularly review and assess the efficiency of the organisational structure, procedures, measures, methods, etc, as established by the company to comply with laws and other statutes regulating the operations that are subject to authorisation. The board of directors or managing director shall also take appropriate measures for addressing any deficiencies therein.

Ethical rules

The company shall conduct its operations in an ethically responsible and professional manner, and maintain a sound risk culture.

Conflicts of interest in the operations

The company shall identify and address any conflicts of interest that exist or which could perceivably arise in the operations. The company shall have internal rules specifying how it addresses conflicts of interest. The internal rules shall be appropriate, taking into account the size and organisation of the company and the nature, scope and complexity of the operations.

Risk management

The company shall have a risk management framework containing the strategies, processes, procedures, internal rules, limits, controls and reporting procedures required to ensure that the company may, on an ongoing basis, identify, measure, govern, internally report and exercise control of the risks to which it is or could perceivably become exposed.

Control functions

The company shall have a risk control function, a compliance function and an internal audit function. The control functions shall, in organisational terms, be separate from each other. In smaller companies with less complex operations, the risk control function and the compliance function may be combined.

Outsourcing arrangements

The company shall have internal rules for managing its outsourcing agreements. The company shall exercise due skill, care and diligence when entering into, managing and terminating outsourcing agreements relating to work or functions of material significance to the operations.

Regulatory Approval of Appointment

The main requirements applicable to senior management are set out in the Banking and Financing Business Act (SFS 2004:297) which stipulates that any person who is to serve on the board of directors or serve as managing director, or be an alternate for any of the aforesaid, possesses sufficient insight and experience to participate in the management of a bank and is otherwise suitable for such duties and the board of directors as a whole has sufficient expertise and experience to run the company.

Swedish Banks are also, except for certain provisions, subject to the joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body (ESMA35-36-2319 and EBA/GL/2021/06) and key function holders, which further outline the requirements regarding the suitability of members of the management body.

An application regarding suitability assessment must be filed with the SFSA in connection with appointing a new person or making changes to the following positions in the bank:

• chairman of the board;
• board members;
• alternate board members; and
• managing director or deputy managing director, that is, the person serving in the managing director’s stead.

As a part of the suitability assessment, the SFSA collects information from the Swedish Police, the Swedish Companies Registration Office, the Swedish Tax Agency, the Swedish Enforcement Authority and firms that provide credit assessments. Other information and documents that need to be included in the application are:

• information about the person subject to the suitability assessment;
• employment history and senior management positions held;
• CV that contains relevant information about education, work experience and other roles;
• qualifying ownership;
• relations and interests; and
• reputation.

A decision of the SFSA shall be issued within 60 working days provided that the application is complete, and the fee of SEK16,800 has been paid.

For every change to the board of directors, the company must assess whether the board as a whole has the requisite knowledge and experience to manage the company.

Accountability

In terms of accountability, the board of directors of a bank has the overall responsibility to ensure the fulfilment of the provisions regulating the business of a bank.

The SFSA may intervene against a person who is a member of a bank’s board of directors or is its managing director, or an alternate for any such person, where the bank has violated certain obligations pursuant to the business. Intervention may only take place where infringement is serious and the person in question caused the infringement intentionally or through gross negligence.

In addition, senior management may also have to compensate damages caused to the company, the shareholders or other persons due to infringements of the Banking and Financing Business Act (SFS 2004:297) and the Companies Act (SFS 2005:551) – provided, however, that the damages are caused intentionally or negligently.

General

Requirements for the remuneration policies and practices of banks licensed in Sweden are governed by the SFSA’s regulations (FFFS 2011:1) regarding remuneration structures in credit institutions, investment firms and fund management companies licensed to conduct discretionary portfolio management.

The regulation stipulates that the board of the bank shall establish a documented remuneration policy that is in line with and promotes sound and effective risk management and counteracts excessive risk-taking behaviour. The remuneration policy shall encompass all employees.

The board of directors shall decide on:

• remuneration to senior management;
• remuneration to employees who are primarily responsible for any of the firm’s control functions; and
• measures to enable a review of how the firm’s remuneration policy is being applied.

The decision of the board of directors shall, where applicable, comply with decisions made by the Annual General Meeting with regard to the company’s remuneration.

The total variable remuneration shall not limit the ability of the company to maintain, or strengthen as needed, a sufficient capital base. The control function shall annually review the company’s remuneration structure for compliance with the remuneration policy.

Remuneration Structure

Where a company’s remuneration contains variable components, it shall ensure that the fixed and variable components are appropriately balanced. The fixed components shall represent a sufficiently large portion of the employee’s total remuneration that the variable components can be set at zero.

The performance assessment used to calculate variable remuneration components shall primarily be based on risk-adjusted profit measures. Both current and future risks shall be considered. Actual costs of the capital and the liquidity required for the business activities shall also be taken into account.

Specially Regulated Staff

Senior management and employees in the following categories of staff are identified as specially regulated staff:

• employees in strategic management positions;
• employees responsible for control functions;
• risk takers; and
• employees whose total remuneration is equal to or exceeds the total remuneration of any of the members of senior management.

A risk taker is an employee belonging to a category of staff whose professional activities can have a material impact on the firm’s risk level. This normally refers to employees who can enter into agreements or take positions on behalf of the firm or in any other way impact the firm’s risks.

Variable remuneration to specially regulated staff shall be based on both the employee’s performance and the overall performance of both the business unit and the company. Both financial and non-financial criteria shall be considered in the assessment of the employee’s performance. The variable compensation for this category may not exceed the fixed compensation.

The company shall ensure that at least 40% of the variable remuneration to specially regulated staff, whose variable remuneration over a period of one year totals at least SEK100,000, is deferred over a period of not less than three to five years before it is paid or the right of ownership passes to the employee. The company shall also defer at least 60% of the variable remuneration for members of senior management and other employees belonging to the firm’s specially regulated staff with particularly high amounts of variable remuneration.

A significant bank shall ensure that at least 50% of the variable remuneration to a member of senior management consists of the firm’s shares, participations or instruments linked to the firm’s shares or participations, or other instruments that fulfil the conditions for Tier 1 capital contributions. Where appropriate and possible, the company shall allow the variable remuneration components within the meaning of the foregoing.

A significant bank shall ensure that the shares, participations and other instruments are subject to restrictions such that the employee may not exercise control over the instruments for at least one year, or longer depending on the bank’s long-term interests, after the ownership rights to the instrument have passed to the employee. This applies regardless of whether the variable remuneration has been deferred or not.

The company shall ensure that deferred variable remuneration components are only paid or passed to the employee to an extent justifiable by the financial situation and the performance of the company, the business unit in question and the employee. The deferred portion of the remuneration shall also be able to be cancelled in full for the same reasons.

Breaching the Requirements

Where a bank violates the requirements in the foregoing, the SFSA has the authority to, and shall, intervene. Depending on the specific circumstances at hand, the board of directors may also be liable for damages.

The main AML and CTF legislation in Sweden is the Money Laundering and Terrorist Financing (Prevention) Act (SFS 2017:630), transposing the fourth EU Anti-Money Laundering Directive ((EU) 2015/849) (as amended by the fifth EU Anti-Money Laundering Directive (2018/843/EU)). This is further Accompanied by the SFSA’s regulations (FFFS 2017:11) regarding measures against money laundering and terrorist financing.

The regulations impose a range of obligations on banks including:

• general risk assessment and routines;
• customer due diligence;
• monitoring and reporting;
• collaboration against money laundering and terrorist financing;
• processing of personal data; and
• internal monitoring and reporting of suspected infringements.

In addition, banks in Sweden must adhere to the EBA’s guidelines on the use of remote customer onboarding solutions (EBA/GL/2022/15) as well as the EBA’s guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (EBA/GL/2021/02).

Banks are further required to comply with the various international financial sanctions that stem from the EU and the United Nations.

The Swedish deposit insurance scheme was introduced in 1996 and the responsible competent authority is the Swedish National Debt Office. The deposit insurance scheme has been extended on several occasions and today all deposits in banks and credit market institutions are covered.

Deposit insurance applies to all private persons (including minors), as well as companies and other legal persons, such as the estate of a deceased person. However, financial institutions, and public and local authorities are not eligible for compensation.

All types of accounts are covered by the deposit insurance regardless of whether they are restricted or free to withdraw. However, individual pension accounts are not covered. Deposit insurance also does not apply to bank money orders (cashier’s cheques) because these fall outside the definition of deposits under the Deposit Insurance Act (SFS 1995:1571).

For client accounts, the main rule is that every underlying individual owner of the money receives compensation up to the maximum amount covered. A client account is an account whereby a company has deposited money for several customers in a single account.

If the account is covered by the deposit insurance, a depositor is entitled to compensation equal to the amount deposited, including interest, up to the date on which the institution was declared in default or the decision to activate the deposit guarantee scheme was made. The insurance provides compensation of up to SEK1,050,000 per depositor. If an account is opened in two or more person’s names, each person is counted separately.

The deposit insurance scheme is financed by contributions from the member banks and institutions, which are invested in a fund. The fees are calculated based on a number of risk indicators and the institute’s guaranteed deposits as of 31 December of the previous year. The institute’s fee is also affected by the fact that the total fee must amount to 0.1% of total guaranteed deposits. Based on the risk indicators, a risk score is calculated for each institute. Based on the risk score, the institutes are then divided into different risk classes. The institution’s risk class and size of guaranteed deposits then determine which fee the institution must pay.

Duty of Confidentiality

An individual’s relationship with a bank may not be disclosed without authorisation (this includes both physical and legal persons). Bank confidentiality includes all information between the individual and the bank, both written and oral. This also includes whether or not a certain individual is an actual customer at the bank.

However, the duty of confidentiality is not strict, and exceptions can be made when:

• there is a statutory obligation;
• there is a duty to the public to disclose;
• the interests of the bank require disclosure; or
• the disclosure is made with the express or implied consent of the customer.

For example, the Swedish Parental Code (SFS 2008:913) contains provisions regarding the obligation of banks to provide information to the chief guardian. A bank is also obliged to disclose information regarding an individual’s relations with the bank where such information is requested by the investigating officer in the course of an investigation pursuant to the provisions regarding preliminary investigations in criminal actions, by the public prosecutor in a matter pertaining to legal assistance in criminal actions, on application by another country or an international court, or in a matter pertaining to recognition and execution of a European Information Order.

Additional statutory obligations to provide information on individuals’ relationships with banks include, inter alia:

• suspicion of money laundering or terrorist financing;
• market abuse or other crimes;
• bankruptcy proceedings;
• a request by another state or international court;
• a European arrest warrant; or
• a request from the SFSA, the Swedish Tax Agency or the Swedish Enforcement Authority.

Violation of bank secrecy is, depending on the relevant circumstances, punished by:

• public sanctions;
• criminal sanctions;
• civil sanctions; or
• disciplinary sanctions.

Capital Requirements

The capital requirements in Sweden are based on principles designed by the Basel Committee, which have been implemented through the EU capital adequacy regulations, Swedish laws, and SFSA’s regulations. The principles contain minimum own funds requirements (Pillar 1), additional own funds requirements (Pillar 2), and combined buffer requirements.

Pillar 1

Banks measure their risks and calculate minimum own funds requirements following the rules and calculation models set out in the EU Capital Requirements Regulation (575/2013/EU).

The minimum own funds requirement is 8% of the value of the bank’s assets and other assumptions adjusted for their risk, which is called the risk-weighted exposure amount (REA). The requirement is calculated for credit risks, market risks, and operational risks.

Pillar 2

Banks must hold capital that adequately covers all risks to which they are or may be exposed. To ensure that a bank knows which risks it can be exposed to, there are rules set out in the Banking and Financing Business Act (2004:297) that require a bank to identify, measure, govern, internally report, and exercise control over the risks associated with the bank’s business.

The banks must evaluate their capital need for non-Pillar 1 risks in what is called the Internal Capital Adequacy Assessment Process (ICAAP) and determine their total capital need. The SFSA conducts a supervisory review and evaluation process (SREP) for the bank’s governance structures, processes and procedures related to its ICAAP and assesses the bank’s risks and capital needs. After an SREP, the SFSA decides on an additional own funds requirement and provides guidance on additional own funds. The bank’s and the SFSA’s risk and capital assessments are both parts of the Pillar 2 framework.

Combined buffer requirement

Requirements for maintaining different types of capital buffers are set out in the Capital Buffers Act (2014:966). A bank may use the buffers, although only in specific circumstances and subject to restrictions.

Capital conservation buffer

Banks must hold a 2.5% capital conservation buffer in addition to the minimum own funds requirements and the additional own funds requirements. The buffer is an additional layer of capital that the bank should be able to use to cover losses without breaching the minimum capital requirements and additional capital requirements.

Capital buffer for systemically important banks

The SFSA evaluates annually which of the Swedish banks are systemically important and which must hold a buffer designed to provide extra protection to mitigate negative effects that problems in the bank could cause in the financial system. Systemically important banks must hold an institution-specific capital buffer of 1%.

Systemic risk buffer

This buffer must protect against systemic risks that are not covered by other capital requirements. Every other year the SFSA reviews the systemic risk buffer and which banks are subject to it. Banks subject to the requirement must hold a systemic risk buffer of 3%.

Countercyclical capital buffer

During periods of strong economic growth and high credit growth, banks should build up capital buffers that they can then draw upon during periods of financial uncertainty. The objective of the countercyclical capital buffer is to enhance the banks’ resilience and prevent future financial crises. The SFSA sets the countercyclical capital buffer quarterly based on the current economic conditions.

Liquidity Requirements

Since 1 January 2018, binding EU regulations apply in full (CRR and the liquidity coverage requirement regulation (EU) 61/2015 (LCR)). These set out the following requirements:

Quantitative requirement for liquidity coverage (Pillar 1)

The EU regulation imposes a 100% Liquidity Coverage Ratio (LCR) requirement, meaning that an institution must have a sufficient amount of liquid assets to withstand actual and simulated cash outflows during a stressed period of 30 days.

The Pillar 1 requirement in EU regulation is not expressed in individual currency levels, but the regulation imposes a general requirement that the currency composition of the liquidity buffer should align with the net outflows per currency. If there is an imbalance between the currency composition of the liquidity buffer and the net outflows in individual currencies, the supervisory authority may require a bank to limit the imbalance by setting limits on the proportion of liquid assets in one currency that a bank can count towards covering liquidity outflows in another currency.

Quantitative requirement for the stable net financing ratio (Pillar 1)

In addition to the binding minimum requirement for the LCR, there has been a binding requirement for the stable net financing ratio (NSFR) in EU regulations since 2021. The NSFR requirement means that a company must have sufficient stable funding to cover its financing needs over a one-year horizon under both normal and stressed conditions. The NSFR requirement in EU regulations is set at 100%.

Risk Management

The SFSA’s regulations and general guidelines (FFFS 2014:1) regarding governance, risk management and control at credit institutions apply to Swedish banks and impose an obligation on banks to ensure they have an appropriate, transparent organisational structure with a clear allocation of functions and areas of responsibility that ensure sound and efficient governance of the undertaking and enable the SFSA to conduct efficient supervision.

Banks need to have a risk management framework containing the strategies, processes, procedures, internal rules, limits, controls and reporting procedures required to ensure that the company may, on an ongoing basis, identify, measure, govern, internally report and exercise control of the risks to which it is or could perceivably become exposed.

Banks must further have a procedure for regularly reporting the risks that exist or which could perceivably arise in the operations to the board of directors and the risk committee, if such has been appointed, the managing director and other functions that require such information, so that they receive reliable, current and complete reports in a timely manner.

A bank must set clear boundaries (limits and mandates) for the person who is to make decisions within the framework of the company’s risk appetite.

Provisions concerning crisis management are outlined in the Bank Recovery and Resolution Directive (BRRD, as amended by BRRD II) and are implemented in the Swedish Act on Resolution (SFS 2015:1016). The BRRD closely aligns with the Financial Stability Board’s Key Attributes of an Effective Resolution Regime.

In Sweden, the Resolution Authority, represented by the Swedish National Debt Office, has the authority to manage a bank through resolution instead of resorting to bankruptcy. The primary objective is to mitigate adverse effects on financial stability that could arise if the business were to go bankrupt and cease operations. Resolution can take various forms, such as selling the distressed bank to another institution or recapitalising it by converting certain creditors’ liabilities into shares or writing them down. Regardless of the chosen approach, the costs of crisis management are primarily borne by the bank’s shareholders and lenders, ensuring that taxpayers are not burdened with these costs, as was often the case in previous banking crises.

The National Debt Office employs several resolution tools, including:

• the sale of business;
• bridge institution tool;
• asset separation;
• bail-in; and
• appointment of a designated trustee.

Recovery and resolution plans are integral to the preventive efforts, involving both banks and authorities. The banks formulate recovery plans, subject to review by the SFSA. If necessary, the authority can require measures to strengthen these plans, such as reinforcing capital bases or liquidity. Annually, the National Debt Office develops resolution plans detailing how each institute should be managed in the event of a crisis.

For the National Debt Office to enact resolution measures, the targeted bank must possess an adequate amount of own funds and liabilities eligible for write-down or conversion into equity. Consequently, the National Debt Office establishes a minimum requirement for eligible liabilities (MREL) for each bank.

Resolution, considered a significant intervention, is reserved for banks deemed systemically important. Non-systemically important institutions may undergo standard insolvency procedures like bankruptcy or liquidation. The assessment of which institutions require resolution management is an ongoing aspect of planning conducted by the National Debt Office.

The initial funding for managing banks and institutions in crisis is sourced from the failing institution’s internal resources, with shareholders and creditors incurring losses. If necessary, external funding may be sought, but the responsibility for it lies with the institutions themselves. This is facilitated through fees paid by institutions to the National Debt Office, contributing to special state-administered funding arrangements in Sweden, including the resolution reserve, deposit insurance fund, and stability fund.

The main upcoming regulatory developments are outlined below.

Sweden

• A new regulatory framework is set to be introduced, requiring companies seeking to acquire and manage non-performing loans to obtain a license from the SFSA and which brings such companies under the supervision of the SFSA. The proposal also strengthens the borrowers’ protection by introducing certain requirements. The new legislation, which is derived from EU legislation, is set to enter into force on 1 January 2024.

EU

• In 2023, the European Commission published a legislative proposal for a framework for Financial Data Access, which will establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts. The European Commission has further published a proposal to modernise the current Payment Services Directive (PSD2), by establishing PSD3 together with a Payment Services Regulation (PSR).
• The Banking Package is designed to strengthen the risk-based capital framework, enhancing the focus on ESG risks in the prudential framework, further harmonise supervisory powers and tools and reduce public disclosure-related costs and improve access to prudential data.
• The Digital Operational Resilience Act (DORA) is designed to harmonise the frameworks regarding ICT-risk management.
• The revision of the Consumer Credit Directive 2008/48/EEC has introduced many changes, the most important of which involve extending coverage to currently excluded interest-free loans and introducing new information obligations.

Swedish Developments

In November 2022, the Swedish Central Bank (SCB) published a report on banks’ transparency requirements and Pillar 3. The report highlights a growing but still insufficient understanding of the impact of climate change on living conditions and the economic system. It emphasises the critical gap in knowledge about climate change and the financial system’s role. This gap is particularly concerning given the potential for significant negative impacts on the financial system and the crucial role the financial sector can play in mitigating and managing the effects of climate change.

In February 2023, the SFSA announced its prioritised areas of supervision for 2023. One supervisory area that the SFSA identified was the risk of greenwashing in the financial sector. The SFSA stated that there are incentives for advisors and portfolio managers to market their financial products as more sustainable than they actually are. At the same time, climate change is already a fact of life and financial firms need to take into account the risks that arise when society transitions to a more fossil-free everyday life. The risks can include investments that lose value or risks that arise in banks’ lending and insurance and fund companies’ investment activities.

The SFSA will therefore focus on examining whether financial companies take sufficient account of such risks. Due to this, the SFSA has carried out a number of surveys regarding financial institutions’ implementation of sustainability-related regulations.

In April 2023, the IMF published the report “Sweden – Technical note on supervision and disclosure of climate-related risks”. The report reveals that Swedish banks, through their lending activities, are mainly exposed to climate-related physical risks through investments in real estate assets and to companies in high-emission industries, which could be adversely impacted by changes in government policies, legislation, technology, and consumer behaviour. As a result of the exposure of Swedish banks to climate-related risks, the IMF believes that Swedish authorities and legislators should take stronger action to broaden the monitoring of Swedish banks’ risk exposures and enhance supervisory reporting.

EU Developments

The regulatory framework for ESG-related issues is growing in the financial sector. Although the main focus so far has been on channelling investments into sustainable finance projects, there are several initiatives also affecting the banking sector.

On 5 April 2023, the European Commission published a draft delegated act containing technical screening criteria for the last four environmental objectives under the Taxonomy Regulation. The feedback period ran from 5 April 2023 to 3 May 2023. The European Commission has adopted the delegated act, which is now open for comments from stakeholders.

The European Commission has set up an expert group, the European Financial Reporting Advisory Group (EFRAG), to develop reporting standards for the companies covered by the sustainability reporting requirements under the Corporate Sustainability Reporting Directive (CSRD). EFRAG published its draft reporting standards in November 2022. In June 2023, the European Commission submitted supplementary draft reporting standards that entail certain changes to the proposal submitted by EFRAG. CSRD is applicable from 2025 for the financial year 2024 for those companies currently covered by the Non-Financial Reporting Directive (NFRD).

In October 2023, the EBA published a report on the role of environmental and social risks in the prudential framework. The EBA report is based on an EBA discussion paper and the EBA’s roadmap on sustainable finance. The report states that the EBA considers that the prudential framework in this area should introduce specific risk-weighted adjustment factors. The EBA considers, at this stage, that the most consistent way forward from a prudential risk-based perspective is to address environmental risks through effective use of, and targeted amendments to, the existing prudential regime rather than through dedicated treatments such as supporting or penalising factors.

In April 2023, the ECB published its third assessment of the progress made by European banks in climate and environmental risk reporting. The ECB concluded that although banks have been reporting more information over the past year, the quality is still too low to meet future supervisory standards. The ECB argued that European banks need to prepare for new EU rules on disclosures of climate and environmental risks that take effect this year. The implementing technical standards (ITS) on Pillar 3 disclosures, a set of reporting standards on environmental, social and governance risks issued by EBA, will apply to most significant banks in the euro area.