Banking Regulation 2025 Comparisons

Last Updated December 10, 2024

Contributed By Harvest Advokatbyrå

Law and Practice

Authors



Harvest Advokatbyrå was established in 2016 and is Scandinavia’s largest independent specialist law firm with a clear focus on advising financial institutions. Its 26-lawyer-strong banking and finance team advises clients ranging from innovative start-ups, payment institutions, banks, fund managers and credit providers, to crypto-asset service providers and other companies active in the Swedish financial sector. It advises on a wide range of legal and financial regulatory issues important for the finance industry, including compliance, internal audits, application procedures, AML/CTF, sustainable finance, as well as on outsourcing of technology services by financial institutions. The firm maintains frequent and close contact with the Swedish Financial Supervisory Authority (Finansinspektionen, SFSA) and a number of its employees are SFSA alumni. The scope of its services also includes advising companies in the banking and finance sector on corporate matters, such as setting up legal entities, transactional assistance, preparing and negotiating agreements, etc. The firm also advises on data privacy and data protection issues.

Key Laws and Regulations Governing the Swedish Banking Sector

A substantial portion of Swedish banking regulations is derived from EU directives and regulations, reflecting Sweden’s membership in the European Union. However, the primary domestic legislation governing the banking sector in Sweden is the Banking and Financing Business Act (SFS 2004:297). This act covers various aspects, including rules related to authorisation, governance, operations, corporate provisions, credit assessment, ownership, and supervision.

In terms of financial soundness, the Capital Requirements Regulation ((EU) 575/2013) (as amended by Regulation (EU) 2019/876 (CRR II)) (CRR) is directly applicable. Supplementing this regulation are two additional pieces of legislation: the Credit Institutions and Securities Companies (Special Supervision) Act (SFS 2014:968) and the Capital Buffers Act (SFS 2014:966), implementing the Fourth Capital Requirements Directive (2013/36/EU) (as amended by Directive (EU) 2019/878 (CRD V)) (CRD).

For recovery and resolution matters, the Resolution Act (SFS 2015:1016) is the pertinent national legislation implementing the Bank Recovery and Resolution Directive (2014/59/EU) (as amended by Directive (EU) 2019/879 (BRRD II)) (BRRD).

Other laws and regulations applicable to the banking sector, depending on specific services offered, include:

  • Money Laundering and Terrorist Financing (Prevention) Act (SFS 2017:630);
  • Payment Services Act (SFS 2010:751);
  • Electronic Money Act (SFS 2011:755);
  • Securities Market Act (SFS 2007:528);
  • Investment Funds Act (SFS 2004:46);
  • Alternative Investment Fund Managers Act (SFS 2013:561);
  • Mortgage Business Act (SFS 2016:1024);
  • Certain Consumer Credit-related Operations Act (SFS 2014:275);
  • Insurance Distribution Act (SFS 2018:1219);
  • Consumer Credit Act (SFS 2010:1846);
  • Debt Collection Act (SFS 1974:182);
  • Purchase and Servicing of Non-Performing Credit Agreements Act (SFS 2023:714);
  • Deposit Business Act (SFS 2004:299); and
  • Covered Bonds (Issuance) Act (2003:1223).

The Swedish Financial Supervisory Authority (SFSA) also issues regulations and general guidelines that complement fundamental rules. Regulations are binding, requiring compliance, while general guidelines offer recommendations on adherence to binding provisions.

Regulators

Supervision of Swedish banks involves multiple authorities: the SFSA, the Swedish Central Bank (Riksbanken), the Swedish National Debt Office (Riksgälden), and the Ministry of Finance (Finansdepartementet). These entities collectively form the Financial Stability Council, a forum for discussing financial stability and crisis measures. Decisions, however, are made independently by the government and relevant authorities.

SFSA

The SFSA is responsible for micro- and macro-level supervision of banks and conducts on-site inspections and requests information to analyse and control operations. It also monitors systemic risks, such as financial imbalances in the credit market.

Swedish Central Bank

With a mandate to promote a stable financial system, the Central Bank focuses on maintaining a secure payment system and addressing potential financial crises. Regular monitoring includes analysis of risks to the financial system’s stability, encompassing payment systems, major banking groups, borrower profiles, and macroeconomic developments.

Swedish National Debt Office

Tasked with managing banks in crisis and overseeing the deposit insurance scheme, the Swedish Debt Office plays a critical role in financial stability.

Ministry of Finance

Responsible for formulating laws and regulations applicable to the financial system, the Ministry of Finance plays a key role in shaping the legal framework for the banking sector.

Types of Licences

Banking or financing operations, with some exceptions, may only be conducted following the granting of authorisation by the SFSA. The prerequisites for conducting banking or financing business are set out by the Banking and Financing Business Act (2004:297) and the Banking and Financing Business Ordinance (2004:329). Special rules for savings banks are set out in the Savings Banks Act (1987:619) and for members’ banks in the Members’ Banks Act (1995:1570).

Definitions

Banking business encompasses:

  • payment services via general payment systems; and
  • receipt of funds which, following notice of termination, are available to the creditor within not more than 30 days.

Financing business encompasses:

  • accepting repayable funds from the public; and
  • granting loans, providing guarantees for loans or, for financing purposes, acquiring claims or granting rights of use in personal property (leasing).

Foreign Banks

Credit institutions (which include both banks and credit market undertakings) domiciled in an EEA country may conduct business in Sweden either through a branch or by providing services in Sweden from their home country. Credit institutions domiciled in a non-EEA country may conduct business in Sweden through a branch or a representation office.

Activities and Services Covered

A bank may engage in a broad range of activities, which include, inter alia:

  • borrowing funds, for example by accepting deposits from the general public or issuing bonds or other comparable debt instruments;
  • granting and brokering loans, for example in the form of consumer credit and loans secured by charges over real property or claims;
  • participating in financing, for example by acquiring claims and leasing personal property;
  • providing payment services pursuant to the Payment Services Act (SFS 2010:751);
  • providing means of payment;
  • issuing guarantees and assuming similar obligations;
  • participating in the issuance of securities;
  • providing financial advice;
  • holding securities in safekeeping;
  • conducting letters of credit operations;
  • providing bank safety deposit services;
  • engaging in currency trading;
  • providing investment services and activities subject to the conditions prescribed in the Securities Market Act (SFS 2007:528);
  • providing credit information subject to the conditions prescribed in the Credit Information Act (SFS 1973:1173); and
  • issuing electronic funds pursuant to the provisions of the Electronic Money Act (SFS 2011:755).

This list is merely illustrative, and consequently a bank may conduct other financing operations and operations, provided that these have a natural connection with the financing operations.

Conditions for Authorisation

A licence to conduct financing business may be granted to Swedish limited companies and co-operative associations. Such entities are referred to as credit market undertakings. A licence to conduct banking business may be granted to Swedish limited liability companies, co-operative associations, and savings banks.

Other general conditions that need to be fulfilled in order to have a licence granted include:

  • the articles of association contain the specific provisions required taking into consideration the scope and nature of the planned operations;
  • there is reason to assume that the planned business will be conducted in accordance with the provisions of banking regulation and other statutes that govern the company’s operations;
  • the holder or anticipated holder of a qualified holding in the company is deemed suitable to exercise a significant influence over the management of a bank;
  • any person who is to serve on the company’s board of directors or serve as managing director, or be an alternate for any of the aforesaid, possesses sufficient insight and experience to participate in the management of a bank and is otherwise suitable for such duties;
  • the board of directors as a whole has sufficient expertise and experience to run the company; and
  • an initial capital which, at the time of the decision regarding a licence, corresponds to not less than EUR5 million.

In conjunction with an assessment of whether a holder is suitable, such person’s reputation and financial strength shall be taken into consideration. It shall also be taken into consideration as to whether there is reason to believe that:

  • the holder will impede the bank’s ability to operate in compliance with the requirements that regulate the business; or
  • the holding has a connection with, or can increase the risk of, money laundering or terrorist financing.

Filing Documents

The Banking and Financing Business Ordinance (2004:329) lays down the formalities that apply to the application and the information that should be included in the application. This is further outlined in the SFSA’s general guidelines (FFFS 2011:50) regarding an application for authorisation to conduct banking or financing business, which stipulate that the application shall include the following:

  • articles of association; and
  • a business plan.

The business plan should contain, and append to the plan, the information set out below:

  • an organisational chart;
  • outsourcing agreements;
  • a group or ownership chart;
  • documentation for ownership and management assessment;
  • annual reports, interim reports, forecasts and lending instructions;
  • guidelines and instructions regarding risk management, customer protection, ethical rules, events of material significance, measures against money laundering and financing of terrorism and audit function;
  • a description of operations;
  • a detailed description of the operations to be conducted; the description should, inter alia, contain:
    1. a general outline (organisational chart) regarding the manner in which the operations are organised;
    2. a general description of the areas of operation and functions;
    3. information regarding the number of employees, broken down by various areas of operation and functions; and
    4. a description of the responsibility and positions of employees with special responsibility for a particular function or area of operation; and
  • information regarding the manner in which IT operations will be organised, the systems used and the strategy which may be relevant; information should also be provided regarding how the company intends to organise and structure the responsibility for IT support and information security.

Application Process

The original application and one copy should be submitted to the SFSA. An additional copy should be furnished to the company’s auditor. Applicants must pay a fee of SEK1,400,000 in conjunction with the application.

Once the application has reached the SFSA, an application becomes a matter and is assigned a reference number. An administrator is then appointed as responsible for the matter and confirmation that the application has been received by the SFSA is sent out.

After the application fee has been paid, the administrator conducts a formal review of the application to verify if it is complete. If there are any formal deficiencies, the SFSA will request supplementary information. Once the application is deemed formally complete, the SFSA initiates its material review of the documentation to assess whether the conditions for the authorisation are met. The SFSA may, during the handling process, also request supplementary information before a decision is reached.

Provided that the application is formally complete and the fee has been paid, the SFSA will make a decision within six months.

Requirements Governing Change in Control

Prior to the acquisition of a qualified holding of shares, an application for authorisation to acquire shares must be submitted to the SFSA.

A “qualifying holding” is defined as a direct or indirect holding that represents 10% or more of the capital or of the voting rights, or which makes it possible to exercise a significant influence over the management (eg, through a shareholder agreement). Authorisation is also required when a direct or indirect holding increases above a prescribed percentage of 20%, 30% or 50%, or which causes the undertaking to become a subsidiary. A notification shall be made to the SFSA if the holding decreases so that it falls below one of the mentioned thresholds (10%, 20%, 30% or 50%).

Authorisation must be obtained prior to the acquisition. Where the acquisition has occurred as a result of a division of joint marital property, testamentary disposition, corporate distribution, or any other similar measure, consent shall instead be required for the acquirer to retain the shares of participating interests. The acquirer shall thereupon apply for consent within six months of the acquisition.

Restrictions

There are currently no specific restrictions on private ownership or geographical restrictions on foreign ownership of Swedish banks. However, Sweden is introducing new legislation (the “FDI Act”) to give effect to the EU Screening Regulation (Regulation (EC) 2019/452) which will introduce a screening regime for certain foreign direct investment transactions. The purpose of such screening is to examine whether the relevant foreign investment may harm national security or public order. The FDI Act will enter into force on 1 December 2023 and will have a significant impact on investments. Any investment that falls within the scope of the FDI Act must, prior to closing, be approved, or subject to a decision of not taking any further actions, by the screening authority. Currently, there is uncertainty as to which financial institutions are considered to provide “protected activities” and subsequently to fall within the scope of the regime.

Factors to be Considered

Authorisation shall be granted for an acquisition where the acquirer is deemed suitable to exercise a significant influence over the management of a bank and it can be assumed that the anticipated acquisition is financially sound. Consideration shall be taken of the acquirer’s likely impact on the business of the bank.

In conjunction with the assessment, the acquirer’s reputation and financial strength shall be taken into consideration. It shall also be taken into consideration whether:

  • any person who, as a result of the acquisition, will become a member of the board of directors of the credit institution or act as managing director or act as an alternate for either of the foregoing has sufficient insight and experience to participate in the management of a bank and is also otherwise suitable for such a task, as well as whether the board of directors, taken as a whole, has sufficient expertise and experience to run the institution;
  • there is reason to believe that the acquirer will impede the credit institution’s ability to operate in compliance with statutes regulating the business of the bank; and
  • there is reason to believe that the acquisition has a connection with, or may increase the risk of, money laundering or terrorist financing.

Information to Include in the Application

The SFSA’s regulations regarding ownership, ownership management and management assessment in credit institutions (FFFS 2023:13) set out the information that a company must submit to the SFSA in conjunction with ownership assessments. These regulations apply during ongoing ownership assessments, but are not applicable at the time of applying for authorisation. During the authorisation phase, the following applies: the Commission Delegated Regulation (EU) 2022/2580 of 17 June 2022 supplementing Directive 2013/36/EU of the European Parliament and of the Council with regard to regulatory technical standards that specify the information to be submitted in a credit institute’s authorisation application and the factors that can prevent competent authorities from conducting efficient supervision.

The information to be submitted includes:

  • information about the acquirer;
  • registration certificate;
  • financial position (including annual reports);
  • information about the board of directors and senior management;
  • description of the ownership chain;
  • relations and interests;
  • information about the acquisition;
  • financing of the acquisition; and
  • business plan and detailed information about the acquisition.

As a part of the ownership assessment, the SFSA collects information from, for example, the Swedish Police, the Swedish Companies Registration Office, the Swedish Tax Agency, the Swedish Enforcement Authority and firms that provide credit assessments.

Application Process

A decision of the SFSA regarding an authorisation to an acquisition shall be issued within 60 working days after the confirmation has been sent (the evaluation period). Where the SFSA requests supplementary information, the evaluation period may be extended. The SFSA shall be deemed to have given consent to the acquisition where the authority has not issued a decision in respect of the application during the evaluation period. The fee is currently SEK30,800.

Governance Rules

The main corporate governance rules applicable to banks are set out in the SFSA’s regulations and general guidelines (FFFS 2014:1) regarding governance, risk management and control. The guidelines on internal governance issued by the European Banking Authority (EBA) are also applicable (EBA/GL/2021/05) in relation to banks’ governance arrangements, including their organisational structure and the corresponding lines of responsibility, processes to identify, manage, monitor and report all risks they are or might be exposed to, and the internal control framework. Due to domestic legislation being incompatible with the guidelines in a few areas, some of the provisions are not applicable (nomination committee and independent board members).

The main governance rules are summarised below.

General organisational requirements

The company shall ensure that it has an appropriate, transparent organisational structure with a clear allocation of functions and areas of responsibility that ensure sound and efficient governance of the undertaking and enable the SFSA to conduct efficient supervision.

The responsibility of the board of directors and the managing director

When the board of directors establishes the company’s strategies, it shall observe long-term financial interests, the risks to which the company is or could perceivably become exposed, and the capital required to cover its risks. Board members shall have sound knowledge and understanding of the company’s organisational structure and processes in order to ensure that they are consistent with the decided strategies. Board members shall be thoroughly familiar with and knowledgeable about the operations and the nature and scope of the risks.

The board of directors or managing director shall regularly review and assess the efficiency of the organisational structure, procedures, measures, methods, etc, as established by the company to comply with laws and other statutes regulating the operations that are subject to authorisation. The board of directors or managing director shall also take appropriate measures for addressing any deficiencies therein.

Ethical rules

The company shall conduct its operations in an ethically responsible and professional manner, and maintain a sound risk culture.

Conflicts of interest in the operations

The company shall identify and address any conflicts of interest that exist or which could perceivably arise in the operations. The company shall have internal rules specifying how it addresses conflicts of interest. The internal rules shall be appropriate, taking into account the size and organisation of the company and the nature, scope and complexity of the operations.

Risk management

The company shall have a risk management framework containing the strategies, processes, procedures, internal rules, limits, controls and reporting procedures required to ensure that the company may, on an ongoing basis, identify, measure, govern, internally report and exercise control of the risks to which it is or could perceivably become exposed.

Control functions

The company shall have a risk control function, a compliance function and an internal audit function. The control functions shall, in organisational terms, be separate from each other. In smaller companies with less complex operations, the risk control function and the compliance function may be combined.

Outsourcing arrangements

The company shall have internal rules for managing its outsourcing agreements. The company shall exercise due skill, care and diligence when entering into, managing and terminating outsourcing agreements relating to work or functions of material significance to the operations.

Regulatory Approval of Appointment

The main requirements applicable to senior management are set out in the Banking and Financing Business Act (SFS 2004:297) which stipulates that any person who is to serve on the board of directors or serve as managing director, or be an alternate for any of the aforesaid, possesses sufficient insight and experience to participate in the management of a bank and is otherwise suitable for such duties and the board of directors as a whole has sufficient expertise and experience to run the company.

Swedish banks are also, except for certain provisions, subject to the joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body (ESMA35-36-2319 and EBA/GL/2021/06) and key function holders, which further outline the requirements regarding the suitability of members of the management body.

An application regarding suitability assessment must be filed with the SFSA in connection with appointing a new person or making changes to the following positions in the bank:

  • chairman of the board;
  • board members;
  • alternate board members; and
  • managing director or deputy managing director, that is, the person serving in the managing director’s stead.

As a part of the suitability assessment, the SFSA collects information from the Swedish Police, the Swedish Companies Registration Office, the Swedish Tax Agency, the Swedish Enforcement Authority and firms that provide credit assessments. Other information and documents that need to be included in the application are:

  • information about the person subject to the suitability assessment;
  • employment history and senior management positions held;
  • CV that contains relevant information about education, work experience and other roles;
  • qualifying ownership;
  • relations and interests; and
  • reputation.

A decision of the SFSA shall be issued within 60 working days provided that the application is complete, and the fee of SEK16,800 has been paid.

For every change to the board of directors, the company must assess whether the board as a whole has the requisite knowledge and experience to manage the company.

Accountability

In terms of accountability, the board of directors of a bank has the overall responsibility to ensure the fulfilment of the provisions regulating the business of a bank.

The SFSA may intervene against a person who is a member of a bank’s board of directors or is its managing director, or an alternate for any such person, where the bank has violated certain obligations pursuant to the business. Intervention may only take place where infringement is serious and the person in question caused the infringement intentionally or through gross negligence.

In addition, senior management may also have to compensate damages caused to the company, the shareholders or other persons due to infringements of the Banking and Financing Business Act (SFS 2004:297) and the Companies Act (SFS 2005:551) – provided, however, that the damages are caused intentionally or negligently.

General

Requirements for the remuneration policies and practices of banks licensed in Sweden are governed by the SFSA’s regulations (FFFS 2011:1) regarding remuneration structures in credit institutions, investment firms and fund management companies licensed to conduct discretionary portfolio management.

The regulation stipulates that the board of the bank shall establish a documented remuneration policy that is in line with and promotes sound and effective risk management and counteracts excessive risk-taking behaviour. The remuneration policy shall encompass all employees.

The board of directors shall decide on:

  • remuneration to senior management;
  • remuneration to employees who are primarily responsible for any of the firm’s control functions; and
  • measures to enable a review of how the firm’s remuneration policy is being applied.

The decision of the board of directors shall, where applicable, comply with decisions made by the Annual General Meeting with regard to the company’s remuneration.

The total variable remuneration shall not limit the ability of the company to maintain, or strengthen as needed, a sufficient capital base. The control function shall annually review the company’s remuneration structure for compliance with the remuneration policy.

Remuneration Structure

Where a company’s remuneration contains variable components, it shall ensure that the fixed and variable components are appropriately balanced. The fixed components shall represent a sufficiently large portion of the employee’s total remuneration that the variable components can be set at zero.

The performance assessment used to calculate variable remuneration components shall primarily be based on risk-adjusted profit measures. Both current and future risks shall be considered. Actual costs of the capital and the liquidity required for the business activities shall also be taken into account.

Specially Regulated Staff

Senior management and employees in the following categories of staff are identified as specially regulated staff:

  • employees in strategic management positions;
  • employees responsible for control functions;
  • risk takers; and
  • employees whose total remuneration is equal to or exceeds the total remuneration of any of the members of senior management.

A risk taker is an employee belonging to a category of staff whose professional activities can have a material impact on the firm’s risk level. This normally refers to employees who can enter into agreements or take positions on behalf of the firm or in any other way impact the firm’s risks.

Variable remuneration to specially regulated staff shall be based on both the employee’s performance and the overall performance of both the business unit and the company. Both financial and non-financial criteria shall be considered in the assessment of the employee’s performance. The variable compensation for this category may not exceed the fixed compensation.

The company shall ensure that at least 40% of the variable remuneration to specially regulated staff, whose variable remuneration over a period of one year totals at least SEK100,000, is deferred over a period of not less than three to five years before it is paid or the right of ownership passes to the employee. The company shall also defer at least 60% of the variable remuneration for members of senior management and other employees belonging to the firm’s specially regulated staff with particularly high amounts of variable remuneration.

A significant bank shall ensure that at least 50% of the variable remuneration to a member of senior management consists of the firm’s shares, participations or instruments linked to the firm’s shares or participations, or other instruments that fulfil the conditions for Tier 1 capital contributions. Where appropriate and possible, the company shall allow the variable remuneration components within the meaning of the foregoing.

A significant bank shall ensure that the shares, participations and other instruments are subject to restrictions such that the employee may not exercise control over the instruments for at least one year, or longer depending on the bank’s long-term interests, after the ownership rights to the instrument have passed to the employee. This applies regardless of whether the variable remuneration has been deferred or not.

The company shall ensure that deferred variable remuneration components are only paid or passed to the employee to an extent justifiable by the financial situation and the performance of the company, the business unit in question and the employee. The deferred portion of the remuneration shall also be able to be cancelled in full for the same reasons.

Breaching the Requirements

Where a bank violates the requirements in the foregoing, the SFSA has the authority to, and shall, intervene. Depending on the specific circumstances at hand, the board of directors may also be liable for damages.

The main AML and CTF legislation in Sweden is the Money Laundering and Terrorist Financing (Prevention) Act (SFS 2017:630), transposing the fourth EU Anti-Money Laundering Directive ((EU) 2015/849) (as amended by the fifth EU Anti-Money Laundering Directive (2018/843/EU)). This is further accompanied by the SFSA’s regulations (FFFS 2017:11) regarding measures against money laundering and terrorist financing.

The regulations impose a range of obligations on banks including:

  • general risk assessment and routines;
  • customer due diligence;
  • monitoring and reporting;
  • collaboration against money laundering and terrorist financing;
  • processing of personal data; and
  • internal monitoring and reporting of suspected infringements.

In addition, banks in Sweden should adhere to the EBA’s guidelines on the use of remote customer onboarding solutions (EBA/GL/2022/15), the EBA’s guidelines on the role of AML/CFT compliance officers (EBA/GL/2022/05) as well as the EBA’s guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risks associated with individual business relationships and occasional transactions (EBA/GL/2021/02).

Banks are further required to comply with the various international financial sanctions that stem from the EU and the United Nations.

The Swedish deposit insurance scheme was introduced in 1996 and the responsible competent authority is the Swedish National Debt Office. The deposit insurance scheme has been extended on several occasions and today all deposits in banks and credit market institutions are covered.

Deposit insurance applies to all private persons (including minors), as well as companies and other legal persons, such as the estate of a deceased person. However, financial institutions, and public and local authorities are not eligible for compensation.

All types of accounts are covered by the deposit insurance regardless of whether they are restricted or free to withdraw. However, individual pension accounts are not covered. Deposit insurance also does not apply to bank money orders (cashier’s cheques) because these fall outside the definition of deposits under the Deposit Insurance Act (SFS 1995:1571).

For client accounts, the main rule is that every underlying individual owner of the money receives compensation up to the maximum amount covered. A client account is an account whereby a company has deposited money for several customers in a single account.

If the account is covered by the deposit insurance, a depositor is entitled to compensation equal to the amount deposited, including interest, up to the date on which the institution was declared in default or the decision to activate the deposit guarantee scheme was made. The insurance provides compensation of up to SEK1,050,000 per depositor. If an account is opened in two or more persons’ names, each person is counted separately.

The deposit insurance scheme is financed by contributions from the member banks and institutions, which are invested in a fund. The fees are calculated based on a number of risk indicators and the institute’s guaranteed deposits as of 31 December of the previous year. The institute’s fee is also affected by the fact that the total fee must amount to 0.1% of total guaranteed deposits. Based on the risk indicators, a risk score is calculated for each institute. Based on the risk score, the institutes are then divided into different risk classes. The institution’s risk class and size of guaranteed deposits then determine which fee the institution must pay.

Duty of Confidentiality

An individual’s relationship with a bank may not be disclosed without authorisation (this includes both physical and legal persons). Bank confidentiality includes all information between the individual and the bank, both written and oral. This also includes whether or not a certain individual is an actual customer at the bank.

However, the duty of confidentiality is not strict, and exceptions can be made when:

  • there is a statutory obligation;
  • there is a duty to the public to disclose;
  • the interests of the bank require disclosure; or
  • the disclosure is made with the express or implied consent of the customer.

For example, the Swedish Parental Code (SFS 2008:913) contains provisions regarding the obligation of banks to provide information to the chief guardian. A bank is also obliged to disclose information regarding an individual’s relations with the bank where such information is requested by the investigating officer in the course of an investigation pursuant to the provisions regarding preliminary investigations in criminal actions, by the public prosecutor in a matter pertaining to legal assistance in criminal actions, on application by another country or an international court, or in a matter pertaining to recognition and execution of a European Information Order.

Additional statutory obligations to provide information on individuals’ relationships with banks include, inter alia:

  • suspicion of money laundering or terrorist financing;
  • market abuse or other crimes;
  • bankruptcy proceedings;
  • a request by another state or international court;
  • a European arrest warrant; or
  • a request from the SFSA, the Swedish Tax Agency or the Swedish Enforcement Authority.

Violation of bank secrecy is, depending on the relevant circumstances, punished by:

  • public sanctions;
  • criminal sanctions;
  • civil sanctions; or
  • disciplinary sanctions.

Capital Requirements

The capital requirements in Sweden are based on principles designed by the Basel Committee, which have been implemented through the EU capital adequacy regulations, Swedish laws, and SFSA’s regulations. The principles contain minimum own funds requirements (Pillar 1), additional own funds requirements (Pillar 2), and combined buffer requirements.

Pillar 1

Banks measure their risks and calculate minimum own funds requirements following the rules and calculation models set out in the EU Capital Requirements Regulation (575/2013/EU).

The minimum own funds requirement is 8% of the value of the bank’s assets and other assumptions adjusted for their risk, which is called the risk-weighted exposure amount (REA). The requirement is calculated for credit risks, market risks, and operational risks.

Pillar 2

Banks must hold capital that adequately covers all risks to which they are or may be exposed. To ensure that a bank knows which risks it can be exposed to, there are rules set out in the Banking and Financing Business Act (2004:297) that require a bank to identify, measure, govern, internally report, and exercise control over the risks associated with the bank’s business.

The banks must evaluate their capital need for non-Pillar 1 risks in what is called the Internal Capital Adequacy Assessment Process (ICAAP) and determine their total capital need. The SFSA conducts a supervisory review and evaluation process (SREP) for the bank’s governance structures, processes and procedures related to its ICAAP and assesses the bank’s risks and capital needs. After an SREP, the SFSA decides on an additional own funds requirement and provides guidance on additional own funds. The bank’s and the SFSA’s risk and capital assessments are both parts of the Pillar 2 framework.

Combined buffer requirement

Requirements for maintaining different types of capital buffers are set out in the Capital Buffers Act (2014:966). A bank may use the buffers, although only in specific circumstances and subject to restrictions.

Capital conservation buffer

Banks must hold a 2.5% capital conservation buffer in addition to the minimum own funds requirements and the additional own funds requirements. The buffer is an additional layer of capital that the bank should be able to use to cover losses without breaching the minimum capital requirements and additional capital requirements.

Capital buffer for systemically important banks

The SFSA evaluates annually which of the Swedish banks are systemically important and which must hold a buffer designed to provide extra protection to mitigate negative effects that problems in the bank could cause in the financial system. Systemically important banks must hold an institution-specific capital buffer of 1%.

Systemic risk buffer

This buffer must protect against systemic risks that are not covered by other capital requirements. Every other year the SFSA reviews the systemic risk buffer and which banks are subject to it. Banks subject to the requirement must hold a systemic risk buffer of 3%.

Countercyclical capital buffer

During periods of strong economic growth and high credit growth, banks should build up capital buffers that they can then draw upon during periods of financial uncertainty. The objective of the countercyclical capital buffer is to enhance the banks’ resilience and prevent future financial crises. The SFSA sets the countercyclical capital buffer quarterly based on the current economic conditions.

Liquidity Requirements

Since 1 January 2018, binding EU regulations apply in full (CRR and the liquidity coverage requirement regulation (EU) 61/2015 (LCR)). These set out the following requirements:

Quantitative requirement for liquidity coverage (Pillar 1)

The EU regulation imposes a 100% Liquidity Coverage Ratio (LCR) requirement, meaning that an institution must have a sufficient amount of liquid assets to withstand actual and simulated cash outflows during a stressed period of 30 days.

The Pillar 1 requirement in EU regulation is not expressed in individual currency levels, but the regulation imposes a general requirement that the currency composition of the liquidity buffer should align with the net outflows per currency. If there is an imbalance between the currency composition of the liquidity buffer and the net outflows in individual currencies, the supervisory authority may require a bank to limit the imbalance by setting limits on the proportion of liquid assets in one currency that a bank can count towards covering liquidity outflows in another currency.

Quantitative requirement for the stable net financing ratio (Pillar 1)

In addition to the binding minimum requirement for the LCR, there has been a binding requirement for the stable net financing ratio (NSFR) in EU regulations since 2021. The NSFR requirement means that a company must have sufficient stable funding to cover its financing needs over a one-year horizon under both normal and stressed conditions. The NSFR requirement in EU regulations is set at 100%.

Risk Management

The SFSA’s regulations and general guidelines (FFFS 2014:1) regarding governance, risk management and control at credit institutions apply to Swedish banks and impose an obligation on banks to ensure they have an appropriate, transparent organisational structure with a clear allocation of functions and areas of responsibility that ensure sound and efficient governance of the undertaking and enable the SFSA to conduct efficient supervision.

Banks need to have a risk management framework containing the strategies, processes, procedures, internal rules, limits, controls and reporting procedures required to ensure that the company may, on an ongoing basis, identify, measure, govern, internally report and exercise control of the risks to which it is or could perceivably become exposed.

Banks must further have a procedure for regularly reporting the risks that exist or which could perceivably arise in the operations to the board of directors and the risk committee, if such has been appointed, the managing director and other functions that require such information, so that they receive reliable, current and complete reports in a timely manner.

A bank must set clear boundaries (limits and mandates) for the person who is to make decisions within the framework of the company’s risk appetite.

Swedish Developments

In November 2022, the Swedish Central Bank (SCB) published a report on banks’ transparency requirements and Pillar 3. The report highlights a growing but still insufficient understanding of the impact of climate change on living conditions and the economic system. It emphasises the critical gap in knowledge about climate change and the financial system’s role. This gap is particularly concerning given the potential for significant negative impacts on the financial system and the crucial role the financial sector can play in mitigating and managing the effects of climate change.

For several consecutive previous years, the SFSA has had sustainable finance as a prioritised area of supervision, such as the risk of greenwashing or not fully taking climate-related risks into account when assessing risks in financial activities. Even though sustainability was not specifically mentioned as a prioritised area for supervision in 2024, it is evident that the SFSA has continued to focus on this.

For example, as part of a common supervisory activity initiated by ESMA, the SFSA started an in-depth analysis in September 2024, focusing on how Swedish banks and investment firms take consumers’ preferences on sustainability into account when providing investment advice and portfolio management.

A key development in Sweden with regard to the ESG regulatory framework is that the implementation of the Corporate Sustainability Reporting Directive (CSRD) was delayed, and the national rules started applying from 1 July 2024 instead of 1 January 2024. As a consequence, most large companies (depending on the financial year) that are first to report will not have to do so until 2026, for the financial year of 2025.

EU Developments

The regulatory framework for ESG-related issues is growing in the financial sector. Although the main focus so far has been on channelling investments into sustainable finance projects, there are several initiatives also affecting the banking sector.

The sector-agnostic European Sustainability Reporting Standards (ESRS) developed by the European Commission’s expert group, the European Financial Reporting Advisory Group (EFRAG), came into force and started applying from 1 January 2024. During 2024, EFRAG also published its XBRL Taxonomy for the first set of ESRS, which enables digital tagging.

In December 2023, the EBA responded to the European Commission’s request for advice on green loans and mortgages by proposing a voluntary EU green loan label, addressing the currently limited share of green lending in the banking sector. The proposal recommended a flexible framework based on the EU Taxonomy while maintaining alignment with environmental objectives, suggesting that the label should provide clear information about long-term benefits of energy-efficient investments and available financial support schemes. Additionally, the EBA recommended incorporating green mortgage concepts into the Mortgage Credit Directive, including energy performance certificates in pre-contractual information and enhancing related competencies. These recommendations, developed from a survey of 83 credit institutions across 27 EEA countries, aim to boost green lending, particularly in building renovation and SME sectors, to help achieve the EU’s sustainability objectives.

In June 2024, the European Supervisory Authorities (ESAs) outlined their unified approach to addressing greenwashing. The EBA’s final report specifically highlighted a concerning increase in greenwashing cases in 2023 (+21.1% globally, +26.1% in EU), emphasising its growing impact on banks, investment firms, and payment service providers. While the EBA believes the current regulatory framework provides adequate foundations to address greenwashing, they recommended that institutions implement specific measures at both entity and product levels to ensure accuracy and clarity in sustainability claims, and that competent authorities continue their supervisory efforts. The ESAs acknowledged that effectively combating greenwashing requires global co-operation and interoperable sustainability disclosure standards, with a focus on maintaining market confidence and investor trust as the financial sector transitions toward sustainability.

National legislative measures related to DORA

As of 17 January 2025, the rules set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) will apply within the Union, meaning that the vast majority of financial undertakings, in particular including undertakings operating under the Swedish Banking and Financing Business Act (SFS 2004:297), will be subject to DORA. Together with the DORA Regulation, amendments were made to several EU directives in the field of financial markets by Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector (the Amending Directive). For Sweden, DORA and the Amending Directive mean that certain national legislative measures need to be taken to ensure necessary implementation and enforcement. Against this background, the Swedish government has proposed several legislative measures, which since 15 August 2024, are undergoing a consultation procedure with the Council on Legislation (Lagrådet).

The said proposals for legislative measures consist of proposals for legislative amendments to adapt Swedish law to the regulatory framework of DORA, such as amendments to avoid overlapping regulation, and proposals to introduce a new law with supplementary provisions to DORA. The proposed new law contains, among other things, provisions on responsible authorities for threat-based penetration tests, the SFSA’s supervisory powers, interventions and sanctions in the event of breaches of DORA, and fees to finance the SFSA’s and the Swedish Central Bank’s (Riksbanken) activities under DORA. The proposed legislative amendments include the Banking and Financing Business Act (SFS 2004:297) and mainly concern clarifications on compliance with the applicable rules in DORA and certain intervention powers for the SFSA. The proposed powers of intervention stipulate that the SFSA shall intervene against any member of the board of directors of a credit institution or its managing director, or the deputy of any of them, if the credit institution has failed to comply with its obligations under any of Articles 5-10, 11(1)-11(10), 12-14, 16(1), 16(2), 17, 18(1), 18(2), 19(1), 19(3), 19(4), 23-25, 26(1)-26(8), 27, 28(1)-28(8), 29, 30(1)-30(4), 31(12) or 45 of DORA.

Furthermore, on 4 September 2024, the SFSA published a consultation draft containing a proposal for new regulations setting out rules on the technical format in which undertakings must report major ICT-related incidents under Article 19(1) DORA, notify significant cyber threats under Article 19(2) DORA, and report information on third-party ICT service providers under Article 28(3) DORA (Information Register) and when this information must be provided. According to the proposal, undertakings must report the Information Register by 28 February 2025, and annually by the same date.

The main upcoming regulatory developments are outlined below.

Sweden

  • In September 2024, the Swedish government presented a bill proposing amendments to the Consumer Credit Act (SFS 2010:1846), aimed at strengthening consumer protection against risky lending practices and preventing over-indebtedness. The proposal involves, for example, extending the interest rate and cost caps to include additional types of consumer loans and lowering the interest rate cap from 40 to 20 percentage points above the reference rate. The legislative changes are expected to enter into force on 1 March 2025.
  • The Ministry of Finance has proposed that the Certain Consumer Credit-related Operations Act (SFS 2014:275) should be repealed from 1 July 2025, which would entail that only authorised credit institutions, such as banks and credit market companies, would be allowed to conduct consumer credit activities in the future. The proposal, which concerns both lenders and credit brokers, has been strongly criticised by several consultation bodies and will be subject to further consideration within the framework of the legislative procedure.
  • In August 2024, a Swedish Government Official Report (SOU) was published on a new regulatory framework for preventing money laundering and the financing of terrorism. Among other things, the government inquiry has investigated what measures are required in Swedish law to adapt the changes in the regulatory framework against the background of Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR), Regulation (EU) 2024/1620 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA-R) and Directive (EU) 2024/1640 on the mechanisms to be put in place by member states for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD 6). The public inquiry proposes, among other things, that the current Money Laundering Act and the Register Act be replaced with a new common law on money laundering. The investigation is very extensive and will be subject to further consideration within the framework of the legislative procedure.

EU

  • In 2023, the European Commission published a legislative proposal for a framework for Financial Data Access, which will establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts. The European Commission has further published a proposal to modernise the current Payment Services Directive (PSD2), by establishing PSD3 together with a Payment Services Regulation (PSR).
  • The new Banking Package (CRR3/CRD6) was published in the Official Journal of the European Union on 19 June 2024. The Banking Package is designed to strengthen the risk-based capital framework, enhancing the focus on ESG risks in the prudential framework, further harmonise supervisory powers and tools and reduce public disclosure-related costs and improve access to prudential data. The CRR3 and the CRD6 will enter into force on 9 July 2024 (ie, the 20th day following their publication in the Official Journal of the European Union). The CRR3 will generally be applicable from 1 January 2025 (NB: some provisions will already start to apply from 9 July 2024). Some provisions of the CRR3 are also subject to transitional arrangements and will be phased in over the coming years. With regard to the market risk rules and the so-called Fundamental Review of the Trading Book (FRTB), the European Commission announced on 18 June 2024 that the date of application in the EU has been postponed by one year, to 1 January 2026. This delay will be adopted by way of delegated act later during 2024. The CRD6 must be transposed into national law by member states by 10 January 2026. In general, it will be applicable from 11 January 2026, apart from provisions on third-country branches applicable one year later, from 11 January 2027.
  • The provisions of the new Consumer Credit Directive (EU) 2023/2225 shall be applied in the member states from 20 November 2026. The new Directive has an extended scope compared to Directive 2008/48/EC, which involves extending coverage to currently excluded interest-free loans and introducing new information obligations.
Harvest Advokatbyrå AB

Engelbrektsplan 1
Box 7225
103 89 Stockholm
Sweden

+46 8 20 40 11

info@harvestadvokat.se www.harvestadvokat.se
Author Business Card

Law and Practice in Sweden

Authors



Harvest Advokatbyrå was established in 2016 and is Scandinavia’s largest independent specialist law firm with a clear focus on advising financial institutions. Its 26-lawyer-strong banking and finance team advises clients ranging from innovative start-ups, payment institutions, banks, fund managers and credit providers, to crypto-asset service providers and other companies active in the Swedish financial sector. It advises on a wide range of legal and financial regulatory issues important for the finance industry, including compliance, internal audits, application procedures, AML/CTF, sustainable finance, as well as on outsourcing of technology services by financial institutions. The firm maintains frequent and close contact with the Swedish Financial Supervisory Authority (Finansinspektionen, SFSA) and a number of its employees are SFSA alumni. The scope of its services also includes advising companies in the banking and finance sector on corporate matters, such as setting up legal entities, transactional assistance, preparing and negotiating agreements, etc. The firm also advises on data privacy and data protection issues.