Fintech 2024 Comparisons

Last Updated March 21, 2024

Contributed By Magnusson

Law and Practice

Authors



Magnusson is a modern law firm with more than 120 lawyers offering legal services across the Nordics and Baltic Sea Region. With offices in Stockholm and Göteborg, Magnusson Sweden is the largest of the firm´s operations. Magnusson’s Swedish team, consisting of 35 lawyers, including eight partners – 50% of whom are female – is renowned for its expertise in fintech. Its specialised and approachable team assists financial services companies at every stage, from initial investments to listings on stock markets. Team members provide expert advice on corporate governance, regulatory reporting to the Swedish Financial Supervisory Authority, listing on regulated markets and trading platforms, and protecting intellectual property and technology. With experience at financial supervisory authorities and in-house roles, the firm offers unique insights to create tailored solutions, advising numerous clients on sector-specific regulatory issues.

General

Sweden has a thriving fintech market and is stated to be one of Europe’s largest fintech communities. It was estimated in 2021 that there are 509 fintech companies in Sweden. These include Klarna and iZettle within the payment and transfer category, Zmarta and Lendo within the capital debt and equity category, amongst others. Some characteristics of the market that have helped the development of the fintech market are solid banks with strong liquidity, high degree of digitalisation and strong talent supply.

The Economic Landscape

As for many industries, the fintech industry in Sweden has been affected by the war in Europe and the consequences this has entailed during the past 12 months.

The COVID-19 pandemic proved to be a contributing factor to the continued high interest in investing in fintech companies due to the accelerated digital development that took place. In 2021, there was also an increased interest in raising capital through IPOs on one of the Swedish trading platforms. However, the Swedish FinTech Association stated in their annual report that from a market which was focusing on growth in 2021, during 2022 the demands on profitability increased and companies were having issues with raising capital. It was identified by the Association that 2023 would also likely be a year of ups and downs for industry participants on the Swedish fintech market, but that harder times can also lead to new innovations on the market.

New Legislation

The EU has placed great emphasis on promoting innovation within the Union. Since 2020, the EU has been working on the Digital Finance Package, which includes legislative proposals on Open Finance, the Digital Operational Resilience Act (DORA) and the new framework for crypto-assets, the Markets in Crypto-Assets Regulation (MiCA).

Another important EU legislation which has potential to greatly affect the Swedish fintech market is the AI Act. The first regulatory framework for AI was proposed in 2021 and, on 9 December 2023, the European Parliament reached a provisional agreement with the Council on the AI Act. The text of the AI Act has yet to be formally adopted. Once adopted, there will be an implementation phase during which different articles of the Act will enter into force at different set times.

The Swedish fintech industry includes a wide range of business models. The main areas in which Swedish fintech companies operate and which currently predominate the Swedish fintech industry are:

  • payment and transfer – eg, bill payments, domestic transfers, neobanks, transaction accounts and international transfers;
  • wealth and cash management – eg, crowdfunding equity, debt investment, execution only, investment advisory, robo-advisory, marketplace, private equity, and savings accounts;
  • capital debt and equity – eg, consumer lending, crowdfunding, and mortgage lending real estate;
  • regtech – eg, financial crime, actor management, e-identification, transaction reporting market integrity, and legal tech;
  • innovation accounting – eg, invoice trading, invoice management, payment monitoring, payment reminder, brokers, and debt management; and
  • insurtech – eg, claims management and processing, risk detection and prevention, underwriting and reinsurance, personalisation (insurance wallets, financial partners), on-demand insurance and product insurance.

Fintech companies in Sweden are subject to a wide range of laws and regulations. The exact regulations depend primarily on the type of business that the individual fintech company operates. Sweden does not have a specific fintech regime that applies to all fintech companies.

Most fintech companies are subject to authorisation or registration requirements and are supervised by the Swedish Financial Supervisory Authority (SFSA).

Examples of regulations that apply to different fintech business models include the following.

  • Payment Services Act (PSA) applicable to payment services – licence or registration requirement.
  • Consumer Credit Operations Act (CCOA) applicable to consumer credit origination or intermediation – licence requirement.
  • Mortgage Business Act (MBA) applicable to consumer mortgage origination or intermediation – licence requirement.
  • Crowdfunding Regulation applicable to crowdfunding – licence requirement.
  • Certain Financial Operations Act (CFOA) applicable to cryptocurrency trading, currency trading or other financial operations – registration requirement.
  • Electronic Money Act (EMA) applicable to the issuance of electronic money – licence or registration requirement.
  • Banking and Financing Business Act (SBFBA) applicable to banking or financing services – licence requirement.
  • Securities Market Act (SMA) applicable to securities business – licence requirement.
  • Insurance Distribution Act (IDA) applicable to insurance distribution – licence and registration requirement.
  • Insurance Business Act (IBA) applicable to insurance business – licence requirement.
  • UCITS Act applicable to fund operations – licence requirement.
  • Alternative Investment Fund Managers Act (the “AIFM Act”) applicable to alternative investment fund management – licence or registration requirement.

In addition to the above, general regulations such as data protection regulations and regulations regarding measures against money laundering and terrorist financing will be applicable to most fintech business models.

Lastly, the SFSA also issues various regulations and guidelines clarifying and supplementing the above-mentioned acts.

Compensation and remuneration models vary between the different fintech business models and on the regulations that apply to such business models. For example, consumer lending businesses will normally charge customers interest and various fees, while asset management services may charge the customers transaction fees, advisory fees, commission fees, or fees for premium features.

Most regulated fintech companies will be subject to extensive disclosure requirements relating to compensation.

During the last few years, the SFSA has focused its supervisory activities on certain compensation models, particularly on compensation models that involve third-party commission, which are believed to have inherent conflict of interests. There has also been focus on lending business models with consumer loans with high cost and high interest, which has led to the introduction of a cost and interest rate ceiling in Sweden. 

Fintech companies and legacy players that conduct the same type of regulated businesses will, in general, be subject to the same regulations. However, legacy players often have more extensive and complex business models, which subject them to more regulatory requirements. Consequently, fintech companies can benefit from fewer regulatory requirements by providing more streamlined business models or more limited numbers of products and services. 

On the other hand, many rules and regulations that apply to fintech business models have not been constructed with the fintech industry participants in mind, but rather are based on the more traditional business models carried out by legacy players. This has caused challenges for fintech companies when applying such rules and regulations to their more streamlined and tech-based business models.

Sweden has not implemented a regulatory sandbox that allows fintech companies live testing of innovations or business models in a sandbox environment. However, the SFSA has instituted an Innovation Centre which aims to provide information and offer guidance to companies that want to provide innovative products and services on the Swedish market. The Innovation Centre arranges seminars and industry meetings on innovation in the financial sector.

Within the framework of the Innovation Centre, the Swedish FSA co-operates with, among others, the Swedish Central Bank, the Swedish Post and Telecom Authority, Vinnova, the Swedish Agency for Economic and Regional Growth, the Swedish Fintech Association, and Findec. The Innovation Centre is also active in international groups with innovation focus within the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), the European Securities and Markets Authority (ESMA) and the International Organization of Securities Commissions (IOSCO).

In addition to the above, it was stated in the SFSA’s regulatory letter of 2024, which is the political governance of the authority, that a new goal for the authority is to strengthen its ability to analyse innovations and digital developments in the financial market. Furthermore, the authority was tasked with reducing companies’ regulatory burdens and administrative costs and, as part of this, consider how the authority can facilitate for supervised companies in terms of the need for legal guidance.

Surveys have shown that there is a strong interest among fintech companies in Sweden of having regulatory sandboxes in order to increase the degree of innovation in the financial market and improve the understanding of the different types of regulations that fintech companies must comply with. The mentioned goal and task in the SFSA’s regulatory letter may possibly lead to greater focus on innovation and increased competition in the market and greater knowledge of the regulations within the area.

The Swedish Authority for Privacy Protection will arrange two regulatory sandboxes during 2024, focusing on grey area questions regarding data protection, which has never been arranged before within this type of area in Sweden. In order to participate, a declaration of interest must be submitted to the authority in advance, and the potential participants shall meet certain criteria such as not having started processing any personal data yet but having identified various legal issues that are of interest to many.

Main Swedish Regulators

The following are the main Swedish regulators.

  • The SFSA is the supervisory authority which authorises and supervises companies that operate regulated activities on the financial market. The SFSA’s mission is to contribute to a stable financial system characterised by high confidence, well-functioning markets and a high level of consumer protection as well as sustainability. The SFSA monitors and analyses trends in the financial market, assesses the risks and control systems in financial companies and supervises compliance with statutes, ordinances and other regulations. The SFSA furthermore issues regulations and guidelines and contributes to discussions regarding whether existing legislation needs to be amended.
  • The Swedish Consumer Agency (the Agency) is specifically tasked with safeguarding consumer interests. The Agency is headed by the Consumer Ombudsman who may represent consumer interests in relation to businesses as well as pursuing legal action in court. The Agency’s responsibilities include receiving and following up complaints from consumers, providing guidance and information to consumers, and identifying consumer issues in different markets.
  • The Swedish Authority for Privacy Protection is an authority tasked with ensuring the protection of personal privacy. This is done by informing and training those who process personal data, supervising that applicable laws are complied with, and exerting influence so that new legislation contains rules which aim to protect privacy. The Agency may also issue sanctions against companies that do not comply with applicable data protection rules.
  • The Swedish Economic Crime Authority is responsible for fighting economic crime such as embezzlement, insider trading, tax fraud and the like.

EU Regulators

Sweden is a member of the EU. The three European supervisory authorities EBA, ESMA and EIOPA (the ESAs) issue guidelines and technical standards which are applicable in Sweden and co-operate with the Swedish competent authorities to harmonise financial supervision in the EU.

Most financial companies, including fintech companies, are subject to extensive rules and requirements on how they can outsource their services and functions. The requirements regarding outsourcing differ slightly between various companies depending on which rules are applicable. However, in general, when it comes to the outsourcing of critical or important functions and services, companies must exercise due skill, care and diligence when entering into, managing and terminating the outsourcing arrangement and when choosing service provider.

Certain regulated companies, such as banks, credit market companies and investment firms, are obligated to notify the SFSA in connection with certain outsourcing.

The outsourcing of activities to companies outside the EU presents a greater geopolitical risk. In these cases, the SFSA has underlined the importance of applying risk-mitigating measures to ensure that the outsourcing does not increase the risks for the outsourcing company’s own business or in any way limit national authorities’ ability to carry out effective supervision.

There are no clear and specific rules that mean fintech companies are always deemed gatekeepers. Any responsibility for the activities on a fintech company’s platform will depend on the business model and the type of operations that the company operates.

During recent years, sanctioning cases from the SFSA have been heavily focused on violations of anti-money laundering regulations. There have been several sanction cases in this area during 2022 and 2023, some of which have concerned fintech companies, specifically in the payment services area. The violations identified by the SFSA have concerned, among other things, deficiencies in risk assessment of customers, deficiencies in procedures and guidelines for customer due diligence and in the monitoring of customers. The fines issued by the SFSA have reached over SEK100 million.

During 2023, the SFSA imposed a SEK850 million fine against a large Swedish bank. The investigation against the bank was initiated by the SFSA in conjunction with an IT-related incident in 2022 and the SFSA found that the bank had not had satisfactory internal control when the bank changed its IT-system.

Other sanctions imposed by the SFSA during 2022 and 2023 include the revoking of authorisations, issuing warnings, and summons for the company in question to cease their business activities.

The Swedish Consumer Agency is also active in its supervision and initiates cases both on its own initiative as well as after receiving complaints. Supervision by the Agency may result in fines, but in other cases the Agency encourages the company in question to address the deficiencies themselves and report which changes have been made. If the Agency is satisfied with the changes, the case will be closed.

The GDPR

The General Data Protection Regulation (GDPR) applies to all industries, including financial services. Hence, financial service providers shall always comply with the provisions on privacy regulation in accordance with the GDPR.

Cybersecurity

Some financial services providers are subject to regulations on cybersecurity. The Network and Information Systems Directive (EU) 2016/1148 (NIS) has been implemented in Sweden through the Swedish Act (2018:1174) on information security for essential and digital services. However, in October 2024, NIS will be replaced by NIS2, which will apply to an expanded scope of providers as compared to the current regulation. Additionally, in early 2025, DORA enters into force. DORA regulates operational resilience in the financial sector.

Intellectual Property Rights

Financial service providers, particularly fintech software developers, shall always consider various regulations on intellectual property rights as well as marketing practices regulations.

The AI Act

The upcoming AI act will apply to technologies utilising AI. The regulation categorises AI systems into different levels, such as AI with unacceptable, high-risk systems, and low-risk systems. When the AI act comes into effect, AI with unacceptable risk will be prohibited, while high-risk systems will be permissible under strict obligations. AI systems employed in applications designed to make decisions regarding access to specific services, such as creditworthiness, have been proposed to be classified as high-risk AI.

The main supervision of regulated financial companies, including fintech companies, is carried out by public regulators. There are several industry associations on the financial market, such as the Swedish Securities Markets Association, the Swedish Banker’s Association, Insurance Sweden, and the Swedish Investment Fund Association. Most industry associations do not supervise their members but rather represent their members and strive to contribute to a sound and efficient financial market and to promote sound and proportional regulations.

In 2017, a specific industry association for fintech companies was founded. The Swedish FinTech Association is one of the largest fintech associations in Europe. The mission of the Association is to increase the understanding of fintech with both decision makers and authorities by initiating meetings, contributing to consultation responses, and speaking to relevant government officials. The Swedish Fintech Association has members from fintech companies operating in the following areas:

  • payments and transfers;
  • lending;
  • wealth and cash management;
  • cloud services and regtech;
  • crowdfunding and blockchain; and
  • investment, trading and advisory.

Most financial companies are obliged to have a certified auditor who is tasked with reporting suspected crime under, for instance, the Penal Code, the Tax Crimes Act and the Money Laundering Crimes Act.

For a number of financial companies, such as investment firms, credit institutions and insurance companies, there are various regulations that limit or prevent how they can provide unregulated product and services in conjunction with regulated activities.

Regulated and unregulated products and services are not bundled to any greater extent on the financial market. However, some regulated companies may work together with co-operative partners to provide unregulated products and services, while others decide to enter the market with a “lighter authorisation”.

For instance, start-up insurtech companies may enter the market by becoming a tied insurance intermediary instead of applying for authorisation as an insurance company. Similarly, a company that intends to provide fintech services that are regulated as investment services may enter the market by becoming a tied agent to an investment firm rather than applying for authorisation from the SFSA.

AML and sanctions rules and regulations impact fintech companies to a great extent. AML has been a focus area for the SFSA’s supervision and sanctioning activities for the last few years.

The Anti-Money Laundering and Counter Terrorist Financing Act (the “AML Act”) and the connected anti-money laundering regulations from the SFSA apply to the absolute majority of regulated fintech companies in Sweden. Fintech companies that are subject to the AML Act and the AML regulations must carry out AML risk assessments and adopt appropriate AML policies, covering such areas as know-your-customer controls, risk classifications and customer and transaction monitoring.

There are no specific legal definitions of a robo-adviser or robo-portfolio manager in Sweden. Companies that provide robo-advisory services or robo-portfolio management services in relation to financial instruments must be authorised by the SFSA to provide investment advice or portfolio management in accordance with the SMA.

Different asset classes would normally not require different business models and would in general be subject to the same authorisation requirement and ongoing regulatory demands.

The initial development in the robo-adviser area was to a large extent driven by niche actors. However, established actors such as banks and existing investment firms entered the market at a relatively early stage and, today, several of the major banks as well as internet banks have implemented robo-adviser and robo-portfolio management services in their business models. Robo business models range from offering full-scale private financial advice that covers the customer’s entire finances to offering only simpler so-called sorting services.

Robo-advisers and robo-portfolio managers are subject to the same best execution rules as traditional actors. The SFSA’s supervisory focus in the area has largely been the same as for traditional investment advice business models. Consequently, supervisory focus has been on, among other things, commission-based remuneration models, suitability assessments, conflict of interest and customer information.

General

Most consumer and business lending in Sweden is provided by banks or credit market companies that are authorised in accordance with the SBFBA. However, a company does not have to be authorised as bank or credit market company to issue loans.

A company that intends to provide credits to businesses must only be registered with the SFSA, while a company that intends to provide or intermediate loans to consumers must be authorised by the SFSA.

Consumer Loans

The provision or intermediation of consumer credits requires authorisation according to the CCOA and is subject to consumer protection provisions in the Consumer Credits Act (CCA). The CCA implements, inter alia, the EU directive on credit agreement for consumers. The rules include requirements on the provision of information prior to the conclusion of credit agreements, marketing information, credit assessment, documentation of credit agreements, interest and fees, and the consumer’s right of withdrawal.

High-Cost Credits

The CCA also includes rules on high-cost credits. These rules do not stem from the consumer credit directive but rather from national Swedish legislation. The rules were introduced as a reaction to issues relating to increasing indebtedness among consumers as a result of so-called instant loans. These loans are easily accessible and can be taken out through, for instance, SMS and have therefore historically been marketed towards financially vulnerable consumers.

When marketing high-cost credits, the creditor must separately disclose that the marketing relates to such credits. The creditor must also provide information on the risks relating to indebtedness and where the consumer may seek support with budget and debt-related matters.

Consumer Mortgages

The provision or intermediation of mortgages to consumers requires authorisation in accordance with either the SBFBA or the MBA. This act and the CCA contain consumer protection provisions that apply to consumer mortgages.

Loan origination is regulated in the SBFBA, the CCA and in regulations and guidelines issued by the SFSA and the Swedish Consumer Agency.

Loans to consumers must be preceded by a creditworthiness assessment to ensure that the consumer has the ability to repay the loan. The CCA and the SFSA’s general guidelines regarding consumer credits contain extensive consumer protection provisions, including the requirement for good lending practices and detailed provisions for creditworthiness assessments.

The source of funds for loans varies between the different market actors. The primary sources of funds for banks and credit market companies authorised under the SBFBA are deposits from the public and the issuance of various securities, including covered bonds. Other actors may utilise lender-raised capital as a source of funds and lending-based crowdfunding platforms normally source funds by investments from consumers and/or private businesses.

Larger banks in Sweden structure and arrange syndicated loans for corporate clients. Such loans could, for example, be arranged for company acquisitions or commercial real estate transactions. Peer-to-peer lending platforms or other lending platforms may diversify the individual loans provided on the platform between several lenders or investors to spread the risks with individual borrowers. 

Payment processors may use existing payment rails or payment systems or implement new ones. A company that wishes to provide payment services must be authorised in accordance with the PSA, the SBFBA or the EMA.

Sweden currently lacks explicit regulatory framework for cross-border payments and remittances. However, tax provisions may apply dependent on the specific nature of each transaction.

The Swedish Central Bank has been part of Project Icebreaker, a collaboration with the central banks of Israel and Norway, as well as the Innovation Hub Nordic Centre (BIS). The initiative explored the possibilities of cross-currency payments utilising virtual currencies between the central banks. The final report of the project, highlighting both the advantage and the challenges of the system, was published in March of 2023.

Swedish investment funds are regulated in the UCITS Act and the AIFM Act. Swedish fund legislation is based on EU directives: the UCITS directive and the AIFM directive.

Fund operations under the UCITS Act and the AIFM Act require authorisation (or in some cases registration under the AIFM Act) from the SFSA. UCITS funds can always be marketed to retail investors and are subject to extensive regulations. AIFM funds under the AIFM Act may only be sold to retail investors under certain conditions.

The regulation of fund administration ultimately depends on the type of services that fund administrators provide. Activities that are covered by the UCITS Act and the AIFM Act, for example, the management of funds or depositary services and related administrative measures, require authorisation.

Fund managers are responsible for compliance with all regulations that apply to their operations. Consequently, fund managers must include provisions that ensure that any functions or services that are carried out by the service provider comply with the relevant regulations. The fund manager must also ensure that the service provider has satisfactory expertise and competence. See more under 2.7 Outsourcing of Regulated Functions.

Permissible Trading Platforms

The definition of trading platform (trading venue) can be found in the SMA, which is an implementation of MiFID II. As the definition comes from EU-law, only such trading platforms that are within the EEA are covered. When referring to trading platforms outside the EEA, terms such as “corresponding trading platforms in a third country” or similar are used.

The definition of trading platform in the SMA encompasses the following three types of platforms that are permissible in Sweden.

Regulated markets

There are currently two regulated markets in Sweden: Nasdaq Stockholm and NGM.

MTF platforms

There are currently three MTF platforms in Sweden: First North, Nordic MTF and Spotlight Stock Market. MTF platforms are trading systems organised by an exchange or by an investment firm, which normally have lower requirements than regulated markets, eg, in the area of disclosure of information.

OTF platforms

OTF platforms are similar to MTF platforms. However, OTF platforms may not arrange trading in stocks and similar equity instruments. There are currently no authorised OTF platforms based in Sweden.

The main legislation for all asset classes is the SMA. As of December 2024, MiCA will enter into force in all member states. As MiCA is a regulation and not a directive, it will be directly applicable without the need for implementation into national law. This regulation will apply to trading in crypto-assets.

Sweden has historically not had any comprehensive regulation of cryptocurrency exchanges or other crypto-asset-related operations. However, this will change with MiCA entering into force in Sweden in December 2024.

The aim of MiCA is to establish uniform rules for crypto-assets on the EU market. MiCA covers crypto-assets which are not currently regulated by, for instance, the SMA. Undertakings that have previously engaged in unregulated activities relating to crypto-assets will now have to apply for authorisation and implement systems to ensure compliance with the new regulatory requirements.

MiCA offers an option for member states to implement transitional measures in accordance with a grandfathering clause. The clause would allow entities already providing crypto-asset services (eg, operation of a trading platform for crypto-assets) in accordance with applicable national law to continue to do so until 1 July 2026 or until they are granted or refused a MiCA authorisation.

The SMA contains rules for the admission of shares and other financial instruments on regulated markets or other trading platforms. Securities exchanges that operate regulated markets are obligated to have clear and openly reported rules for the admission to trading and financial instruments may, in general, only be admitted to trading if conditions exist for fair, orderly and efficient trading.

Each regulated market or MTF publishes its own set of listing rules that apply for admissions to trading on the respective trading platform. For share listings, such listing rules commonly include, among other things, requirements regarding the following:

  • profitability and financial ability;
  • shares are freely transferable and registered with a CSD;
  • sufficient number of shares in public ownership and minimum number of shareholders;
  • appointment of a certified auditor and the application of certain accounting standards;
  • capacity within the company to supply information to the market; and
  • board of directors and management, including rules relating to the composition and independence in the board of directors, as well as competence and good repute for board members and management.

The SMA and a number of EU regulations contain extensive rules regarding order handling and best execution. In general, when executing a client’s order, an investment firm shall take all measures necessary to attain the best possible result for the client in respect of, inter alia, price, cost, etc. The investment firm must also have in place systems and guidelines to enable the institution to attain the best possible result for the client.

When the use of peer-to-peer lending started to grow larger in Sweden, companies that arranged such platforms were not clearly regulated and supervised by the SFSA. It is now established that companies that facilitate peer-to-peer lending platforms by providing or intermediating credits to consumers must be authorised in accordance with the CCOA. However, certain peer-to-peer business models that facilitate payments may instead have to be authorised pursuant to the Payment Services Act.

Crowdfunding platforms that relate to financial instruments must be authorised either under the EU Crowdfunding regulation or the SMA. Peer-to-peer lending platforms and other lending-based crowdfunding platforms have increased the availability of consumer credit on the market, which has increased the consumer risks involved in these types of products. During the past few years, the SFSA has identified over-indebtedness as one of the most prioritised consumer risks on the financial market.

See 7.5 Order Handling Rules.

Payment for order flow is regulated in the SMA. According to the SMA and supplementing regulations issued by the SFSA, investment firms may accept fees or commissions or other non-monetary benefits from a third party only if the payment or benefit is designed to enhance the quality of the relevant service and does not impair compliance with the investment firm’s duty to act honestly, fairly and professionally in accordance with the best interest of the client. Further, prior to the provision of the service, the investment firm must also disclose the existence, nature and amount of such payment or benefit.

Investment firms that execute orders for client must also state the fees for such services separately, so that the fee reflects only the cost of executing the transaction itself.

Portfolio managers and independent investment advisers are subject to a complete ban on receiving third-party commission.

Market abuse violations are regulated in the EU Market Abuse Regulation (MAR) and in the Swedish Market Abuse Penalties Act. These acts contain, among other things, prohibitions against insider dealing, market manipulation and unlawful disclosure of inside information. Furthermore, MAR contains requirements for public disclosure of inside information, as well as rules for insider lists and the reporting of managers’ transactions. MAR and the Market Abuse Penalties Act are supervised by the SFSA and EBM.

The Swedish Securities Council (Sw. Aktiemarknadsnämnden) has been instituted to promote good practice on the Swedish stock market and does so through rulings, advice and information. The Council is part of the self-regulation system on the stock market under the Association for Generally Accepted Principles in the Securities Market. When the Council interprets what constitutes good practice in a specific matter, it often involves supplementing an existing regulatory framework by assessing aspects that are not explicitly regulated already or issuing rulings on situations for which no regulation currently exists.

All financial instruments, regardless of the asset class, are subject to the SMA, which contains the main Swedish rules relating to high-frequency and algorithmic trading. An investment firm that applies algorithmic trading must inform the SFSA. In addition, investment firms that engage in algorithmic trading must have effective systems and risk controls which are adapted to the specific trading operation, and which are sufficient to ensure, inter alia, that the trading systems cannot be used for purposes contrary to the Market Abuse Regulation or the rules of any trading platform to which the company is affiliated. Algorithmic traders must also have effective business continuity arrangements in place to deal with disruptions to their trading systems and shall ensure that those systems are fully tested and adequately monitored.

Companies engaged in algorithmic trading must document the measures they have taken in accordance with the above-mentioned systems and risk measurements so that the SFSA can monitor the company’s compliance with the SMA.

Further requirements apply to investment firms that apply algorithmic high-frequency trading.

An investment firm that engages in algorithmic trading as part of a market-making strategy is subject to certain rules in the SMA. Such market maker must:

  • execute its market-maker strategy continuously during a fixed proportion of trading hours of the trading venue so that liquidity is provided to the trading venue in a regular and predictable manner;
  • enter into a written agreement with the operator of the trading platform, which includes the market maker’s obligations; and
  • implement effective systems and controls to ensure that the institution always fulfils its contractual obligations with the platform operator.

Market makers are obligated to maintain accurate and chronological records of all their orders placed or executed and prices quoted on trading venues. The company shall make these records available to the SFSA upon request.

Furthermore, market makers must publish information of the quality of their execution of transactions. The information shall be published at least once a year and shall be made available free of charge.

The rules regarding algorithmic trading, high-frequency trading and market making set out in the SMA apply to investment firms.

Individual programmers who merely design and develop trading algorithms and other electronic trading tools are not subject to supervision or regulatory oversight. However, investment firms that utilise such programs will have an obligation to ensure that such programmers have sufficient knowledge and experience to program the tools and will also be responsible for the use and functioning of the tools.

Decentralised finance (DeFi) aims to decentralise many of the financial activities within the financial system, which are traditionally based on intermediaries or central systems. Activity in this field is growing rapidly but there are currently no specific regulations governing DeFi.

Platforms publishing financial research are not subject to authorisation requirements. However, persons or companies that produce or disseminate investment recommendations or other information recommending or suggesting an investment strategy must comply with the MAR and delegated regulation (EU) 2016/958.

Further, if critical benchmarks as defined in the EU regulation on reference values, the Benchmark Regulation (BMR), are present, the financial research needs to comply with the requirements set out in the BMR. Benchmarks are indices used to determine the value of financial instruments or contracts or to measure the performance of an investment fund (see Article 3.1.3). The market participants most affected by the BMR are the administrators who control the provision of a benchmark (see Article 3.1.5). The rules for administrators include requirements for control and monitoring as well as for documentation and transparency. The BMR also means increased responsibility for data reporters to administrators and for users of benchmarks.

The manipulation or attempted manipulation of benchmarks can have serious consequences for the market. It can lead to losses for investors and consumers and have a negative impact on the real economy. Therefore, the EU has deemed it necessary to regulate this area.

The spreading of rumours and unverified information could be subject to the provisions regarding market manipulation in MAR and the Swedish Market Abuse Penalties Act.

The SFSA is responsible for monitoring that the market complies with MAR. If the SFSA assesses that an infringement has taken place, the SFSA may intervene by, for instance, issuing an administrative fine. If the SFSA suspects that a crime has occurred, the SFSA will turn the matter over to the Swedish Economic Crime Authority.

A platform provider is responsible for the supervision of the platform in accordance with the Electronic Bulletin Board Act. The act implies that anyone who provides public digital services where people can post content, eg, a website, is responsible for monitoring the service and removing and preventing the distribution of content that does not comply with certain laws and regulations. This means that a platform provider is responsible for removing content such as the following examples:

  • unlawful threats;
  • unlawful violations of integrity;
  • unlawful depiction of violence;
  • sedition; and
  • racism.

In relation to preventing the spread of insider information, pump and dump schemes, etc, MAR is applicable in Sweden. See 9.2 Regulation of Unverified Information.

Insurance underwriting is the process of evaluating risks to determine if the insurance company is able to issue insurance policies and the pricing of such policies. In their underwriting activities, insurance companies must adhere to, for example, the IBA and the Swedish Insurance Contracts Act. These acts contain provisions which more or less cover the whole life span of an insurance policy, from inception up until termination. Manufacturing of insurance products is also governed by the IDA and by EU delegated regulation 2017/2358 regarding product oversight and governance.

Insurance regulations distinguish between life insurance and non-life insurance. There are also important differences depending on whether the insurance product is a consumer insurance or a business insurance.

Sweden currently lacks regulations that explicitly target regtech. Depending on the nature of the services offered, regtech providers may have to adhere to various financial regulations. Additionally, some general regulatory frameworks for technology may apply. For instance, the forthcoming AI Act may be applicable if the regtech application incorporates artificial intelligence.

When a financial service firm outsources services to a regtech provider, it must comply with the outsourcing rules that apply to its operations. These regulations must be considered and incorporated into contractual terms to assure the provider’s performance and accuracy. See more under 2.7 Outsourcing of Regulated Functions.

The SFSA has expressed that blockchain and distributed database technology has potential and that such techniques could be used within a number of sectors, for example to increase efficiency in share trading and to increase resilience against cyber-attacks. At the same time, the SFSA has been clear that it sees a number of challenges with crypto-assets, not only related to investor protection but also in relation to fraud, money laundering and terrorist financing.

In 2017, the Swedish Central Bank decided to investigate whether issuing a central bank digital currency (e-krona) would be feasible. The proportion of the Swedish public using cash as a form of payment has steadily been decreasing over the past few years. The Swedish Central Bank has stated that the e-krona could be a potential option to ensure that the general public has a secure access to state-guaranteed money. The e-krona is not a cryptocurrency.

Some traditional players on the financial market still have a slightly sceptical attitude towards cryptocurrency due to the fact that cryptocurrency can be linked to many common forms of investment fraud.

Sweden currently lacks local regulations governing blockchain technology. However, aligning with the EU Digital Finance Package, two new regulations have been integrated into the legal framework and are applicable in Sweden.

  • Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA) is stated to take full effect on 30 December 2024, with certain sets of rules becoming applicable from 30 June 2024.
  • Regulation (EU) 2022/858 establishing a pilot regime for market infrastructure based on distributed ledger technology (the “DLT regulation”) came into force on 23 March 2023.

In conjunction with the DLT regulation, the Swedish government has introduced a complementary act proposing supplementary provisions to the EU regulation on distributed ledger (SOU 2023:102). It is anticipated that the act will be enforced commencing 1 January 2025.

The EU regulation MiCA divides crypto-assets into three categories:

  • e-money tokens;
  • asset-referenced tokens; and
  • other crypto-assets.

While crypto-assets normally would not be considered financial instruments, the evaluation of whether a crypto-asset or blockchain asset qualifies as a financial instrument must be made on a case-by-case basis.

If a blockchain asset is classified as a financial instrument, the issuer would be subject to the provisions of the SMA.

If a blockchain asset is a crypto-asset, the EU regulation MiCA, which covers both issuers and providers of crypto-assets, applies. MiCA contains various provisions regulating the issuance of crypto-assets.

There is no specific regulation on blockchain asset trading platforms in Sweden. If the blockchain asset is classified as a financial instrument, the SMA and other financial regulations will apply. If the blockchain asset is classified as a crypto-asset, the provisions in MICA will apply. Trading in virtual currencies is furthermore regulated in the CFOA.

Funds that invest in blockchain assets would be subject to relevant fund rules. Note that the SFSA stated in early 2024 that, at this time, they are likely not to authorise funds investing in crypto-assets. The absence of consumer protection regulation for crypto-assets means that crypto funds are currently considered too risky.

Virtual currencies are digital representations of a value that are accepted as a means of payment that can be transferred, stored and traded electronically, although they are not issued or guaranteed by a central bank. Virtual currencies are not necessarily linked to an established currency and do not have the legal status of a currency.

Sweden stands in the forefront of digitalisation and new innovations, earning recognition as an early adopter when it comes to decentralised finance (DeFi). While there are ongoing projects on DeFi platforms, there is currently no specific regulatory framework in place for DeFi in Sweden.

Although NFTs are based on blockchain technology similar to cryptocurrencies, NFTs do not fall within the scope of MiCA. There is currently no explicit regulation on NFTs in Sweden.

Regulated Methods

The primary regulation that allows access to customer data for third-party financial service providers is the second Payment Service Directive (PSD2), which has been implemented into Swedish law through the PSA. Additionally, a financial service provider can access data with the consent of a data subject, in accordance with the GDPR.

Unregulated Methods

Examples of unregulated methods used for accessing personal data include screen scraping or reverse engineering. Some providers have developed supplementary methods for accessing personal data, known as APIs (application programming interfaces). However, the SFSA has stated that APIs are currently not sufficiently widespread or comprehensive to be included in the term “open banking”.

The concerns raised about open banking have particularly centred on consumer and privacy protection. On 28 June 2023, in response to these issues, the EU published a proposal on a framework for financial data access, known as the Open Finance Framework. The primary purpose of the proposed regulation is to establish clear and well-defined rights and obligations related to the management of customer data sharing within the financial sector.

The Open Finance Framework outlines rules for accessing, sharing and utilising certain categories of customer data in financial services. The overarching goal of the proposal is to enhance and ensure consumer and privacy protection in the evolving landscape of open banking. If the proposed regulation successfully comes into effect, it will be legally applicable in Sweden.

The average Swedish consumer is in many ways reliant on digital tools to carry out day-to-day tasks such as banking through, for instance, BankID. In some cases, BankID is the only way to electronically identify oneself when using certain services. As consumers become more and more reliant on digital experiences, fraudsters are coming up with new and innovative ways of exploiting this vulnerability.

Market participants such as banks, the Swedish Central Bank, the SFSA, etc are making efforts to ensure that consumers are aware of the common frauds. For instance, the Swedish banks have started an initiative called Svårlurad! (the direct translation would be “difficult to deceive!”). The initiative includes information about frauds and scams, including common scenarios and how consumers can protect themselves if they are victims of fraud. The SFSA actively and regularly issues warnings relating to investment fraud and collaborates closely with the industry to counter fraud.

The SFSA regularly issues warning relating to investment fraud and just recently issued a warning regarding investment tips through social media.

Further, both the Swedish Consumer Agency and the SFSA have issued repeated warnings related to initial coin offerings and the trading in crypto-assets. Coin offerings and crypto-assets currently lack explicit regulation, particularly concerning consumer protection, and are deemed high-risk financial products.

The SFSA has also issued warnings and information about fraud related to the misuse of BankID.

Magnusson

Hamngatan 15
PO Box 7413
SE-103 91
Stockholm
Sweden

+46 8 463 75 00

info@magnussonlaw.com www.magnussonlaw.com
Author Business Card

Law and Practice in Sweden

Authors



Magnusson is a modern law firm with more than 120 lawyers offering legal services across the Nordics and Baltic Sea Region. With offices in Stockholm and Göteborg, Magnusson Sweden is the largest of the firm´s operations. Magnusson’s Swedish team, consisting of 35 lawyers, including eight partners – 50% of whom are female – is renowned for its expertise in fintech. Its specialised and approachable team assists financial services companies at every stage, from initial investments to listings on stock markets. Team members provide expert advice on corporate governance, regulatory reporting to the Swedish Financial Supervisory Authority, listing on regulated markets and trading platforms, and protecting intellectual property and technology. With experience at financial supervisory authorities and in-house roles, the firm offers unique insights to create tailored solutions, advising numerous clients on sector-specific regulatory issues.