.svg)
Organisations operating in the Swedish payments ecosystem are preparing for tougher rules regarding their operations, with new compliance requirements due to be introduced in weeks.
Sweden’s Financial Supervisory Authority (FSA), known locally as Finansinspektionen, has announced sweeping regulatory changes that will require firms offering currency exchange and most types of payment services to obtain a permit, following the adoption of a new law and amendments to the country’s Payment Services Act.
The new rules will take effect on July 1, 2025.
The new registration regime removes some of the more light-touch elements of the previous regulation, introducing accountability for firms, including those licensed in other European Economic Area (EEA) countries, which should have passporting rules to be able to operate in other parts of the single market.
“The new law is a step towards combating criminal networks, where licensing for currency exchangers and certain payment service providers is required. Previously, these activities were only subject to a registration requirement,” said Jens Olsson, a fintech advisor based in Sweden.
He explained that introducing a licensing requirement gives the regulator stronger tools to oversee these businesses.
“Making Finansinspektionen better equipped to monitor these businesses and ultimately more difficult to misuse for money laundering purposes or terrorist financing.”
Balancing cost and security
Under the revised framework, all currency exchange providers and payment service firms, excluding those offering only account information services (AISPs), must be licensed by the FSA. However, AISPs will still be subject to the country’s anti-money laundering (AML) framework.
Olsson warned that although the aim is to strengthen the financial system's integrity, it may also lead to increased operational costs and compliance burdens for smaller firms.
“It could reduce the availability of services in parts of the market and could squeeze out smaller, specialized actors, potentially affecting market diversity and consumer choice,” he said.
“However, this must be weighed against the need to prevent the financial system from being exploited by criminals.”
Firms have until the end of 2025 to apply for a licence and will be deregistered after that.
“The question is whether this timeframe is sufficient for all affected businesses, especially smaller ones with limited resources, to fully adapt to the new requirements,” Olsson said.
The FSA has also emphasised that it may impose sanction fees on entities operating without proper authorisation from July 2025 onward.
A significant change
The step change in compliance requirements for firms with a Swedish presence is significant.
Sweden is a hub for payment champions in the European Economic area (EEA), which includes Trustly and Klarna, and the new rules will have inescapable implications for EEA-licensed payment and e-money institutions operating under passporting rights.
The changes mandate enhanced transparency, requiring firms to clearly disclose their Swedish agents to customers and adhere to stricter notification protocols for agent and branch activities.
The FSA is also now empowered to act on non-compliance reports from home regulators, including imposing sanctions or removing entities from registers.
In addition, the supervision of outsourcing arrangements has intensified, which will trigger rigorous oversight and mandatory notifications to the FSA.
Firms will need to take a variety of steps to become compliant. They must clearly disclose their agents to customers, while notifying the regulator of any new agents, branches or changes to existing arrangements.
They should also prepare for more active oversight going forward, and appreciate the heightened risk of enforcement action, including removal from public registers or sanctions, especially if a firm's home regulator reports non-compliance.
In short, firms need to take steps to prioritise transparency, communicate effectively with the regulator and strengthen internal controls to remain compliant and avoid regulatory intervention.
