.svg)
Sweden’s financial watchdog has told the retail banking giant that it has closed its investigation; however, it warned that there are some areas where strong customer authentication (SCA) compliance is not up to scratch.
Swedbank has become one of the first EU banks to receive an on-record slap on the wrist from regulators over its compliance with the revised Payment Services Directive (PSD2).
An investigation that began in September 2021 has resulted “in certain observations that FI (Finansinspektionen) has assessed as deficiencies in the bank's handling of strict customer authentication when identifying and authentication as well as equivalent and basic functions in customer and special interface”, according to the FI.
The Stockholm-headquartered Swedish Financial Supervisory Authority (FI) has set a deadline of the third quarter of this year for deficiencies to be remedied, which Swedbank has said it will honour.
On a positive note for Swedbank, the FI has also reviewed the availability and stability of the interfaces used and, after dialogue and correspondence with the bank, has concluded they are satisfactory.
“FI assesses that the measures specified by the bank are sufficient to rectify the shortcomings that FI has pointed out. The bank's timetable for the measures is acceptable.”
For this reason, the case has been written off.
Sources close to the bank have been keen to play down the impact of the investigation, with one stating that it was simply “first out”.
Yet, a spokesperson for the FI said that it is currently not investigating any other banks.
The spokesperson continued: “Finansinpektionen is using a risk-based approach in the supervision activity, where different types of supervision activities are performed related to PSD2/SCA.”
Investigation of the bank likely originates from a European Banking Authority (EBA) diktat that was released a year ago.
This called on national competent authorities to take supervisory actions to ensure the removal of obstacles to account access under the directive.
In an opinion published by the banking authority in Summer 2020, the EBA identified a number of practices that “are obstacles to the provision of third-party provider services under the PSD2, which are, therefore, a breach of law”, and need to be removed by financial institutions.
Despite EBA's encouragement, when VIXIO previously approached a number of national authorities, many remained coy regarding what action they were taking.
