Contributed By Harvest Advokatbyrå
Key Laws and Regulations Governing the Swedish Banking Sector
A substantial portion of Swedish banking regulations is derived from EU directives and regulations, reflecting Sweden’s membership in the European Union. However, the primary domestic legislation governing the banking sector in Sweden is the Banking and Financing Business Act (SFS 2004:297). This act covers various aspects, including rules related to authorisation, governance, operations, corporate provisions, credit assessment, ownership, and supervision.
In terms of financial soundness, the Capital Requirements Regulation ((EU) 575/2013) (as amended by Regulation (EU) 2019/876 (CRR II)) (CRR) is directly applicable. Supplementing this regulation are two additional pieces of legislation: the Credit Institutions and Securities Companies (Special Supervision) Act (SFS 2014:968) and the Capital Buffers Act (SFS 2014:966), implementing the Fourth Capital Requirements Directive (2013/36/EU) (as amended by Directive (EU) 2019/878 (CRD V)) (CRD).
For recovery and resolution matters, the Resolution Act (SFS 2015:1016) is the pertinent national legislation implementing the Bank Recovery and Resolution Directive (2014/59/EU) (as amended by Directive (EU) 2019/879 (BRRD II)) (BRRD).
Other laws and regulations applicable to the banking sector, depending on specific services offered, include:
The Swedish Financial Supervisory Authority (SFSA) also issues regulations and general guidelines that complement fundamental rules. Regulations are binding, requiring compliance, while general guidelines offer recommendations on adherence to binding provisions.
Regulators
Supervision of Swedish banks involves multiple authorities: the SFSA, the Swedish Central Bank (Riksbanken), the Swedish National Debt Office (Riksgälden), and the Ministry of Finance (Finansdepartementet). These entities collectively form the Financial Stability Council, a forum for discussing financial stability and crisis measures. Decisions, however, are made independently by the government and relevant authorities.
SFSA
The SFSA is responsible for micro- and macro-level supervision of banks and conducts on-site inspections and requests information to analyse and control operations. It also monitors systemic risks, such as financial imbalances in the credit market.
Swedish Central Bank
With a mandate to promote a stable financial system, the Central Bank focuses on maintaining a secure payment system and addressing potential financial crises. Regular monitoring includes analysis of risks to the financial system’s stability, encompassing payment systems, major banking groups, borrower profiles, and macroeconomic developments.
Swedish National Debt Office
Tasked with managing banks in crisis and overseeing the deposit insurance scheme, the Swedish Debt Office plays a critical role in financial stability.
Ministry of Finance
Responsible for formulating laws and regulations applicable to the financial system, the Ministry of Finance plays a key role in shaping the legal framework for the banking sector.
Types of Licences
Banking or financing operations, with some exceptions, may only be conducted following the granting of authorisation by the SFSA. The prerequisites for conducting banking or financing business are set out by the Banking and Financing Business Act (2004:297) and the Banking and Financing Business Ordinance (2004:329). Special rules for savings banks are set out in the Savings Banks Act (1987:619) and for members’ banks in the Members’ Banks Act (1995:1570).
Definitions
Banking business encompasses:
Financing business encompasses:
Foreign Banks
Credit institutions (which include both banks and credit market undertakings) domiciled in an EEA country may conduct business in Sweden either through a branch or by providing services in Sweden from their home country. Credit institutions domiciled in a non-EEA country may conduct business in Sweden through a branch or a representation office.
Activities and Services Covered
A bank may engage in a broad range of activities, which include, inter alia:
This list is merely illustrative, and consequently a bank may conduct other financing operations and operations, provided that these have a natural connection with the financing operations.
Conditions for Authorisation
A licence to conduct financing business may be granted to Swedish limited companies and co-operative associations. Such entities are referred to as credit market undertakings. A licence to conduct banking business may be granted to Swedish limited liability companies, co-operative associations, and savings banks.
Other general conditions that need to be fulfilled in order to have a licence granted include:
In conjunction with an assessment of whether a holder is suitable, such person’s reputation and financial strength shall be taken into consideration. It shall also be taken into consideration as to whether there is reason to believe that:
Filing Documents
The Banking and Financing Business Ordinance (2004:329) lays down the formalities that apply to the application and the information that should be included in the application. This is further outlined in the SFSA’s general guidelines (FFFS 2011:50) regarding an application for authorisation to conduct banking or financing business, which stipulate that the application shall include the following:
The business plan should contain, and append to the plan, the information set out below:
Application Process
The original application and one copy should be submitted to the SFSA. An additional copy should be furnished to the company’s auditor. Applicants must pay a fee of SEK1,400,000 in conjunction with the application.
Once the application has reached the SFSA, an application becomes a matter and is assigned a reference number. An administrator is then appointed as responsible for the matter and confirmation that the application has been received by the SFSA is sent out.
After the application fee has been paid, the administrator conducts a formal review of the application to verify if it is complete. If there are any formal deficiencies, the SFSA will request supplementary information. Once the application is deemed formally complete, the SFSA initiates its material review of the documentation to assess whether the conditions for the authorisation are met. The SFSA may, during the handling process, also request supplementary information before a decision is reached.
Provided that the application is formally complete and the fee has been paid, the SFSA will make a decision within six months.
Requirements Governing Change in Control
Prior to the acquisition of a qualified holding of shares, an application for authorisation to acquire shares must be submitted to the SFSA.
A “qualifying holding” is defined as a direct or indirect holding that represents 10% or more of the capital or of the voting rights, or which makes it possible to exercise a significant influence over the management (eg, through a shareholder agreement). Authorisation is also required when a direct or indirect holding increases above a prescribed percentage of 20%, 30% or 50%, or which causes the undertaking to become a subsidiary. A notification shall be made to the SFSA if the holding decreases so that it falls below one of the mentioned thresholds (10%, 20%, 30% or 50%).
Authorisation must be obtained prior to the acquisition. Where the acquisition has occurred as a result of a division of joint marital property, testamentary disposition, corporate distribution, or any other similar measure, consent shall instead be required for the acquirer to retain the shares of participating interests. The acquirer shall thereupon apply for consent within six months of the acquisition.
Restrictions
There are currently no specific restrictions on private ownership or geographical restrictions on foreign ownership of Swedish banks. However, Sweden is introducing new legislation (the “FDI Act”) to give effect to the EU Screening Regulation (Regulation (EC) 2019/452) which will introduce a screening regime for certain foreign direct investment transactions. The purpose of such screening is to examine whether the relevant foreign investment may harm national security or public order. The FDI Act will enter into force on 1 December 2023 and will have a significant impact on investments. Any investment that falls within the scope of the FDI Act must, prior to closing, be approved, or subject to a decision of not taking any further actions, by the screening authority. Currently, there is uncertainty as to which financial institutions are considered to provide “protected activities” and subsequently to fall within the scope of the regime.
Factors to be Considered
Authorisation shall be granted for an acquisition where the acquirer is deemed suitable to exercise a significant influence over the management of a bank and it can be assumed that the anticipated acquisition is financially sound. Consideration shall be taken of the acquirer’s likely impact on the business of the bank.
In conjunction with the assessment, the acquirer’s reputation and financial strength shall be taken into consideration. It shall also be taken into consideration whether:
Information to Include in the Application
The SFSA’s regulations regarding ownership, ownership management and management assessment in credit institutions (FFFS 2023:13) set out the information that a company must submit to the SFSA in conjunction with ownership assessments. These regulations apply during ongoing ownership assessments, but are not applicable at the time of applying for authorisation. During the authorisation phase, the following applies: the Commission Delegated Regulation (EU) 2022/2580 of 17 June 2022 supplementing Directive 2013/36/EU of the European Parliament and of the Council with regard to regulatory technical standards that specify the information to be submitted in a credit institute’s authorisation application and the factors that can prevent competent authorities from conducting efficient supervision.
The information to be submitted includes:
As a part of the ownership assessment, the SFSA collects information from, for example, the Swedish Police, the Swedish Companies Registration Office, the Swedish Tax Agency, the Swedish Enforcement Authority and firms that provide credit assessments.
Application Process
A decision of the SFSA regarding an authorisation to an acquisition shall be issued within 60 working days after the confirmation has been sent (the evaluation period). Where the SFSA requests supplementary information, the evaluation period may be extended. The SFSA shall be deemed to have given consent to the acquisition where the authority has not issued a decision in respect of the application during the evaluation period. The fee is currently SEK30,800.
Governance Rules
The main corporate governance rules applicable to banks are set out in the SFSA’s regulations and general guidelines (FFFS 2014:1) regarding governance, risk management and control. The guidelines on internal governance issued by the European Banking Authority (EBA) are also applicable (EBA/GL/2021/05) in relation to banks’ governance arrangements, including their organisational structure and the corresponding lines of responsibility, processes to identify, manage, monitor and report all risks they are or might be exposed to, and the internal control framework. Due to domestic legislation being incompatible with the guidelines in a few areas, some of the provisions are not applicable (nomination committee and independent board members).
The main governance rules are summarised below.
General organisational requirements
The company shall ensure that it has an appropriate, transparent organisational structure with a clear allocation of functions and areas of responsibility that ensure sound and efficient governance of the undertaking and enable the SFSA to conduct efficient supervision.
The responsibility of the board of directors and the managing director
When the board of directors establishes the company’s strategies, it shall observe long-term financial interests, the risks to which the company is or could perceivably become exposed, and the capital required to cover its risks. Board members shall have sound knowledge and understanding of the company’s organisational structure and processes in order to ensure that they are consistent with the decided strategies. Board members shall be thoroughly familiar with and knowledgeable about the operations and the nature and scope of the risks.
The board of directors or managing director shall regularly review and assess the efficiency of the organisational structure, procedures, measures, methods, etc, as established by the company to comply with laws and other statutes regulating the operations that are subject to authorisation. The board of directors or managing director shall also take appropriate measures for addressing any deficiencies therein.
Ethical rules
The company shall conduct its operations in an ethically responsible and professional manner, and maintain a sound risk culture.
Conflicts of interest in the operations
The company shall identify and address any conflicts of interest that exist or which could perceivably arise in the operations. The company shall have internal rules specifying how it addresses conflicts of interest. The internal rules shall be appropriate, taking into account the size and organisation of the company and the nature, scope and complexity of the operations.
Risk management
The company shall have a risk management framework containing the strategies, processes, procedures, internal rules, limits, controls and reporting procedures required to ensure that the company may, on an ongoing basis, identify, measure, govern, internally report and exercise control of the risks to which it is or could perceivably become exposed.
Control functions
The company shall have a risk control function, a compliance function and an internal audit function. The control functions shall, in organisational terms, be separate from each other. In smaller companies with less complex operations, the risk control function and the compliance function may be combined.
Outsourcing arrangements
The company shall have internal rules for managing its outsourcing agreements. The company shall exercise due skill, care and diligence when entering into, managing and terminating outsourcing agreements relating to work or functions of material significance to the operations.
Regulatory Approval of Appointment
The main requirements applicable to senior management are set out in the Banking and Financing Business Act (SFS 2004:297) which stipulates that any person who is to serve on the board of directors or serve as managing director, or be an alternate for any of the aforesaid, possesses sufficient insight and experience to participate in the management of a bank and is otherwise suitable for such duties and the board of directors as a whole has sufficient expertise and experience to run the company.
Swedish banks are also, except for certain provisions, subject to the joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body (ESMA35-36-2319 and EBA/GL/2021/06) and key function holders, which further outline the requirements regarding the suitability of members of the management body.
An application regarding suitability assessment must be filed with the SFSA in connection with appointing a new person or making changes to the following positions in the bank:
As a part of the suitability assessment, the SFSA collects information from the Swedish Police, the Swedish Companies Registration Office, the Swedish Tax Agency, the Swedish Enforcement Authority and firms that provide credit assessments. Other information and documents that need to be included in the application are:
A decision of the SFSA shall be issued within 60 working days provided that the application is complete, and the fee of SEK16,800 has been paid.
For every change to the board of directors, the company must assess whether the board as a whole has the requisite knowledge and experience to manage the company.
Accountability
In terms of accountability, the board of directors of a bank has the overall responsibility to ensure the fulfilment of the provisions regulating the business of a bank.
The SFSA may intervene against a person who is a member of a bank’s board of directors or is its managing director, or an alternate for any such person, where the bank has violated certain obligations pursuant to the business. Intervention may only take place where infringement is serious and the person in question caused the infringement intentionally or through gross negligence.
In addition, senior management may also have to compensate damages caused to the company, the shareholders or other persons due to infringements of the Banking and Financing Business Act (SFS 2004:297) and the Companies Act (SFS 2005:551) – provided, however, that the damages are caused intentionally or negligently.
General
Requirements for the remuneration policies and practices of banks licensed in Sweden are governed by the SFSA’s regulations (FFFS 2011:1) regarding remuneration structures in credit institutions, investment firms and fund management companies licensed to conduct discretionary portfolio management.
The regulation stipulates that the board of the bank shall establish a documented remuneration policy that is in line with and promotes sound and effective risk management and counteracts excessive risk-taking behaviour. The remuneration policy shall encompass all employees.
The board of directors shall decide on:
The decision of the board of directors shall, where applicable, comply with decisions made by the Annual General Meeting with regard to the company’s remuneration.
The total variable remuneration shall not limit the ability of the company to maintain, or strengthen as needed, a sufficient capital base. The control function shall annually review the company’s remuneration structure for compliance with the remuneration policy.
Remuneration Structure
Where a company’s remuneration contains variable components, it shall ensure that the fixed and variable components are appropriately balanced. The fixed components shall represent a sufficiently large portion of the employee’s total remuneration that the variable components can be set at zero.
The performance assessment used to calculate variable remuneration components shall primarily be based on risk-adjusted profit measures. Both current and future risks shall be considered. Actual costs of the capital and the liquidity required for the business activities shall also be taken into account.
Specially Regulated Staff
Senior management and employees in the following categories of staff are identified as specially regulated staff:
A risk taker is an employee belonging to a category of staff whose professional activities can have a material impact on the firm’s risk level. This normally refers to employees who can enter into agreements or take positions on behalf of the firm or in any other way impact the firm’s risks.
Variable remuneration to specially regulated staff shall be based on both the employee’s performance and the overall performance of both the business unit and the company. Both financial and non-financial criteria shall be considered in the assessment of the employee’s performance. The variable compensation for this category may not exceed the fixed compensation.
The company shall ensure that at least 40% of the variable remuneration to specially regulated staff, whose variable remuneration over a period of one year totals at least SEK100,000, is deferred over a period of not less than three to five years before it is paid or the right of ownership passes to the employee. The company shall also defer at least 60% of the variable remuneration for members of senior management and other employees belonging to the firm’s specially regulated staff with particularly high amounts of variable remuneration.
A significant bank shall ensure that at least 50% of the variable remuneration to a member of senior management consists of the firm’s shares, participations or instruments linked to the firm’s shares or participations, or other instruments that fulfil the conditions for Tier 1 capital contributions. Where appropriate and possible, the company shall allow the variable remuneration components within the meaning of the foregoing.
A significant bank shall ensure that the shares, participations and other instruments are subject to restrictions such that the employee may not exercise control over the instruments for at least one year, or longer depending on the bank’s long-term interests, after the ownership rights to the instrument have passed to the employee. This applies regardless of whether the variable remuneration has been deferred or not.
The company shall ensure that deferred variable remuneration components are only paid or passed to the employee to an extent justifiable by the financial situation and the performance of the company, the business unit in question and the employee. The deferred portion of the remuneration shall also be able to be cancelled in full for the same reasons.
Breaching the Requirements
Where a bank violates the requirements in the foregoing, the SFSA has the authority to, and shall, intervene. Depending on the specific circumstances at hand, the board of directors may also be liable for damages.
The main AML and CTF legislation in Sweden is the Money Laundering and Terrorist Financing (Prevention) Act (SFS 2017:630), transposing the fourth EU Anti-Money Laundering Directive ((EU) 2015/849) (as amended by the fifth EU Anti-Money Laundering Directive (2018/843/EU)). This is further accompanied by the SFSA’s regulations (FFFS 2017:11) regarding measures against money laundering and terrorist financing.
The regulations impose a range of obligations on banks including:
In addition, banks in Sweden should adhere to the EBA’s guidelines on the use of remote customer onboarding solutions (EBA/GL/2022/15), the EBA’s guidelines on the role of AML/CFT compliance officers (EBA/GL/2022/05) as well as the EBA’s guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risks associated with individual business relationships and occasional transactions (EBA/GL/2021/02).
Banks are further required to comply with the various international financial sanctions that stem from the EU and the United Nations.
The Swedish deposit insurance scheme was introduced in 1996 and the responsible competent authority is the Swedish National Debt Office. The deposit insurance scheme has been extended on several occasions and today all deposits in banks and credit market institutions are covered.
Deposit insurance applies to all private persons (including minors), as well as companies and other legal persons, such as the estate of a deceased person. However, financial institutions, and public and local authorities are not eligible for compensation.
All types of accounts are covered by the deposit insurance regardless of whether they are restricted or free to withdraw. However, individual pension accounts are not covered. Deposit insurance also does not apply to bank money orders (cashier’s cheques) because these fall outside the definition of deposits under the Deposit Insurance Act (SFS 1995:1571).
For client accounts, the main rule is that every underlying individual owner of the money receives compensation up to the maximum amount covered. A client account is an account whereby a company has deposited money for several customers in a single account.
If the account is covered by the deposit insurance, a depositor is entitled to compensation equal to the amount deposited, including interest, up to the date on which the institution was declared in default or the decision to activate the deposit guarantee scheme was made. The insurance provides compensation of up to SEK1,050,000 per depositor. If an account is opened in two or more persons’ names, each person is counted separately.
The deposit insurance scheme is financed by contributions from the member banks and institutions, which are invested in a fund. The fees are calculated based on a number of risk indicators and the institute’s guaranteed deposits as of 31 December of the previous year. The institute’s fee is also affected by the fact that the total fee must amount to 0.1% of total guaranteed deposits. Based on the risk indicators, a risk score is calculated for each institute. Based on the risk score, the institutes are then divided into different risk classes. The institution’s risk class and size of guaranteed deposits then determine which fee the institution must pay.
Duty of Confidentiality
An individual’s relationship with a bank may not be disclosed without authorisation (this includes both physical and legal persons). Bank confidentiality includes all information between the individual and the bank, both written and oral. This also includes whether or not a certain individual is an actual customer at the bank.
However, the duty of confidentiality is not strict, and exceptions can be made when:
For example, the Swedish Parental Code (SFS 2008:913) contains provisions regarding the obligation of banks to provide information to the chief guardian. A bank is also obliged to disclose information regarding an individual’s relations with the bank where such information is requested by the investigating officer in the course of an investigation pursuant to the provisions regarding preliminary investigations in criminal actions, by the public prosecutor in a matter pertaining to legal assistance in criminal actions, on application by another country or an international court, or in a matter pertaining to recognition and execution of a European Information Order.
Additional statutory obligations to provide information on individuals’ relationships with banks include, inter alia:
Violation of bank secrecy is, depending on the relevant circumstances, punished by:
Capital Requirements
The capital requirements in Sweden are based on principles designed by the Basel Committee, which have been implemented through the EU capital adequacy regulations, Swedish laws, and SFSA’s regulations. The principles contain minimum own funds requirements (Pillar 1), additional own funds requirements (Pillar 2), and combined buffer requirements.
Pillar 1
Banks measure their risks and calculate minimum own funds requirements following the rules and calculation models set out in the EU Capital Requirements Regulation (575/2013/EU).
The minimum own funds requirement is 8% of the value of the bank’s assets and other assumptions adjusted for their risk, which is called the risk-weighted exposure amount (REA). The requirement is calculated for credit risks, market risks, and operational risks.
Pillar 2
Banks must hold capital that adequately covers all risks to which they are or may be exposed. To ensure that a bank knows which risks it can be exposed to, there are rules set out in the Banking and Financing Business Act (2004:297) that require a bank to identify, measure, govern, internally report, and exercise control over the risks associated with the bank’s business.
The banks must evaluate their capital need for non-Pillar 1 risks in what is called the Internal Capital Adequacy Assessment Process (ICAAP) and determine their total capital need. The SFSA conducts a supervisory review and evaluation process (SREP) for the bank’s governance structures, processes and procedures related to its ICAAP and assesses the bank’s risks and capital needs. After an SREP, the SFSA decides on an additional own funds requirement and provides guidance on additional own funds. The bank’s and the SFSA’s risk and capital assessments are both parts of the Pillar 2 framework.
Combined buffer requirement
Requirements for maintaining different types of capital buffers are set out in the Capital Buffers Act (2014:966). A bank may use the buffers, although only in specific circumstances and subject to restrictions.
Capital conservation buffer
Banks must hold a 2.5% capital conservation buffer in addition to the minimum own funds requirements and the additional own funds requirements. The buffer is an additional layer of capital that the bank should be able to use to cover losses without breaching the minimum capital requirements and additional capital requirements.
Capital buffer for systemically important banks
The SFSA evaluates annually which of the Swedish banks are systemically important and which must hold a buffer designed to provide extra protection to mitigate negative effects that problems in the bank could cause in the financial system. Systemically important banks must hold an institution-specific capital buffer of 1%.
Systemic risk buffer
This buffer must protect against systemic risks that are not covered by other capital requirements. Every other year the SFSA reviews the systemic risk buffer and which banks are subject to it. Banks subject to the requirement must hold a systemic risk buffer of 3%.
Countercyclical capital buffer
During periods of strong economic growth and high credit growth, banks should build up capital buffers that they can then draw upon during periods of financial uncertainty. The objective of the countercyclical capital buffer is to enhance the banks’ resilience and prevent future financial crises. The SFSA sets the countercyclical capital buffer quarterly based on the current economic conditions.
Liquidity Requirements
Since 1 January 2018, binding EU regulations apply in full (CRR and the liquidity coverage requirement regulation (EU) 61/2015 (LCR)). These set out the following requirements:
Quantitative requirement for liquidity coverage (Pillar 1)
The EU regulation imposes a 100% Liquidity Coverage Ratio (LCR) requirement, meaning that an institution must have a sufficient amount of liquid assets to withstand actual and simulated cash outflows during a stressed period of 30 days.
The Pillar 1 requirement in EU regulation is not expressed in individual currency levels, but the regulation imposes a general requirement that the currency composition of the liquidity buffer should align with the net outflows per currency. If there is an imbalance between the currency composition of the liquidity buffer and the net outflows in individual currencies, the supervisory authority may require a bank to limit the imbalance by setting limits on the proportion of liquid assets in one currency that a bank can count towards covering liquidity outflows in another currency.
Quantitative requirement for the stable net financing ratio (Pillar 1)
In addition to the binding minimum requirement for the LCR, there has been a binding requirement for the stable net financing ratio (NSFR) in EU regulations since 2021. The NSFR requirement means that a company must have sufficient stable funding to cover its financing needs over a one-year horizon under both normal and stressed conditions. The NSFR requirement in EU regulations is set at 100%.
Risk Management
The SFSA’s regulations and general guidelines (FFFS 2014:1) regarding governance, risk management and control at credit institutions apply to Swedish banks and impose an obligation on banks to ensure they have an appropriate, transparent organisational structure with a clear allocation of functions and areas of responsibility that ensure sound and efficient governance of the undertaking and enable the SFSA to conduct efficient supervision.
Banks need to have a risk management framework containing the strategies, processes, procedures, internal rules, limits, controls and reporting procedures required to ensure that the company may, on an ongoing basis, identify, measure, govern, internally report and exercise control of the risks to which it is or could perceivably become exposed.
Banks must further have a procedure for regularly reporting the risks that exist or which could perceivably arise in the operations to the board of directors and the risk committee, if such has been appointed, the managing director and other functions that require such information, so that they receive reliable, current and complete reports in a timely manner.
A bank must set clear boundaries (limits and mandates) for the person who is to make decisions within the framework of the company’s risk appetite.
Swedish Developments
In November 2022, the Swedish Central Bank (SCB) published a report on banks’ transparency requirements and Pillar 3. The report highlights a growing but still insufficient understanding of the impact of climate change on living conditions and the economic system. It emphasises the critical gap in knowledge about climate change and the financial system’s role. This gap is particularly concerning given the potential for significant negative impacts on the financial system and the crucial role the financial sector can play in mitigating and managing the effects of climate change.
For several consecutive previous years, the SFSA has had sustainable finance as a prioritised area of supervision, such as the risk of greenwashing or not fully taking climate-related risks into account when assessing risks in financial activities. Even though sustainability was not specifically mentioned as a prioritised area for supervision in 2024, it is evident that the SFSA has continued to focus on this.
For example, as part of a common supervisory activity initiated by ESMA, the SFSA started an in-depth analysis in September 2024, focusing on how Swedish banks and investment firms take consumers’ preferences on sustainability into account when providing investment advice and portfolio management.
A key development in Sweden with regard to the ESG regulatory framework is that the implementation of the Corporate Sustainability Reporting Directive (CSRD) was delayed, and the national rules started applying from 1 July 2024 instead of 1 January 2024. As a consequence, most large companies (depending on the financial year) that are first to report will not have to do so until 2026, for the financial year of 2025.
EU Developments
The regulatory framework for ESG-related issues is growing in the financial sector. Although the main focus so far has been on channelling investments into sustainable finance projects, there are several initiatives also affecting the banking sector.
The sector-agnostic European Sustainability Reporting Standards (ESRS) developed by the European Commission’s expert group, the European Financial Reporting Advisory Group (EFRAG), came into force and started applying from 1 January 2024. During 2024, EFRAG also published its XBRL Taxonomy for the first set of ESRS, which enables digital tagging.
In December 2023, the EBA responded to the European Commission’s request for advice on green loans and mortgages by proposing a voluntary EU green loan label, addressing the currently limited share of green lending in the banking sector. The proposal recommended a flexible framework based on the EU Taxonomy while maintaining alignment with environmental objectives, suggesting that the label should provide clear information about long-term benefits of energy-efficient investments and available financial support schemes. Additionally, the EBA recommended incorporating green mortgage concepts into the Mortgage Credit Directive, including energy performance certificates in pre-contractual information and enhancing related competencies. These recommendations, developed from a survey of 83 credit institutions across 27 EEA countries, aim to boost green lending, particularly in building renovation and SME sectors, to help achieve the EU’s sustainability objectives.
In June 2024, the European Supervisory Authorities (ESAs) outlined their unified approach to addressing greenwashing. The EBA’s final report specifically highlighted a concerning increase in greenwashing cases in 2023 (+21.1% globally, +26.1% in EU), emphasising its growing impact on banks, investment firms, and payment service providers. While the EBA believes the current regulatory framework provides adequate foundations to address greenwashing, they recommended that institutions implement specific measures at both entity and product levels to ensure accuracy and clarity in sustainability claims, and that competent authorities continue their supervisory efforts. The ESAs acknowledged that effectively combating greenwashing requires global co-operation and interoperable sustainability disclosure standards, with a focus on maintaining market confidence and investor trust as the financial sector transitions toward sustainability.
National legislative measures related to DORA
As of 17 January 2025, the rules set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) will apply within the Union, meaning that the vast majority of financial undertakings, in particular including undertakings operating under the Swedish Banking and Financing Business Act (SFS 2004:297), will be subject to DORA. Together with the DORA Regulation, amendments were made to several EU directives in the field of financial markets by Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector (the Amending Directive). For Sweden, DORA and the Amending Directive mean that certain national legislative measures need to be taken to ensure necessary implementation and enforcement. Against this background, the Swedish government has proposed several legislative measures, which since 15 August 2024, are undergoing a consultation procedure with the Council on Legislation (Lagrådet).
The said proposals for legislative measures consist of proposals for legislative amendments to adapt Swedish law to the regulatory framework of DORA, such as amendments to avoid overlapping regulation, and proposals to introduce a new law with supplementary provisions to DORA. The proposed new law contains, among other things, provisions on responsible authorities for threat-based penetration tests, the SFSA’s supervisory powers, interventions and sanctions in the event of breaches of DORA, and fees to finance the SFSA’s and the Swedish Central Bank’s (Riksbanken) activities under DORA. The proposed legislative amendments include the Banking and Financing Business Act (SFS 2004:297) and mainly concern clarifications on compliance with the applicable rules in DORA and certain intervention powers for the SFSA. The proposed powers of intervention stipulate that the SFSA shall intervene against any member of the board of directors of a credit institution or its managing director, or the deputy of any of them, if the credit institution has failed to comply with its obligations under any of Articles 5-10, 11(1)-11(10), 12-14, 16(1), 16(2), 17, 18(1), 18(2), 19(1), 19(3), 19(4), 23-25, 26(1)-26(8), 27, 28(1)-28(8), 29, 30(1)-30(4), 31(12) or 45 of DORA.
Furthermore, on 4 September 2024, the SFSA published a consultation draft containing a proposal for new regulations setting out rules on the technical format in which undertakings must report major ICT-related incidents under Article 19(1) DORA, notify significant cyber threats under Article 19(2) DORA, and report information on third-party ICT service providers under Article 28(3) DORA (Information Register) and when this information must be provided. According to the proposal, undertakings must report the Information Register by 28 February 2025, and annually by the same date.
The main upcoming regulatory developments are outlined below.
Sweden
EU
Engelbrektsplan 1
Box 7225
103 89 Stockholm
Sweden
+46 8 20 40 11
info@harvestadvokat.se www.harvestadvokat.se