Finansinspektionen’s Regulations on Deposit Systems

Finansinspektionen’s Regulatory Code Publisher: Acting Chief Legal Counsel Sophie Degenne, Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished solely for information purposes. Only the printed version of the regulation in Swedish applies for the application of the law. 1 S Finansinspektionen’s regulations and general guidelines regarding deposit systems; decided on 18 December 2024. Finansinspektionen prescribes the following pursuant to Chapter 5, section 2, point 5 of the Banking and Financing Business Ordinance (2024:329) and Chapter 6, section 1, point 33 of the Securities Market Ordinance (2007:572), and issues the following general guidelines. Chapter 1 Scope and definitions Scope Section 1 These regulations contain provisions on how an undertaking shall manage deposit systems. Section 2 These regulations apply to

1. banking companies,
2. savings banks,
3. members’ banks,
4. credit market companies,
5. credit market associations, and
6. securities companies as referred to in Chapter 1, section 2, first paragraph, points 7c–g of the Special Supervision of the Credit Institutions and Investment Firms Act (2014:968). The provisions set out in Chapters 1–2, in accordance with Chapter 3, section 4 of the Special Supervision of Credit Institutions and Investment Firms Act (2014:968), shall be applied at group or subgroup level. Chapter 2 Deposit systems Scope Section 1 The provisions in this chapter apply to undertakings that receive or intend to receive deposits covered by the deposit guarantee pursuant to the Deposit Guarantee Act (1995:1571). FFFS 2024:21 Published on 27 December 2024

FFFS 2024:21 2 Deposit systems Section 2 An undertaking, when managing its information about depositors and their deposits, shall use IT systems that make it possible for the undertaking to automatically compile data on depositors and their deposits in accordance with the Swedish National Debt Office’s regulations (RGKFS 2011:2) on institutions’ obligation to provide data on depositors and their deposits. Functions and procedures Section 3 An undertaking shall ensure that the IT systems under section 2 have technical functions and that administrative procedures are in place to ensure information is available in accordance with the Swedish National Debt Office’s regulations (RGKFS 2011:2) on institutions’ obligation to provide information on depositors and their deposits. Monitoring and reporting Section 4 The internal audit function of the undertaking shall review yearly the undertaking’s deposit systems and the technical functions and administrative procedures that are of significance for the security of the system. If the undertaking does not have an internal audit function, it shall assign the yearly review to a person with particular competence in the area of security. The review shall be documented and reported to the board of directors of the undertaking. General guidelines The undertaking should base the review on established security principles.

1. These regulations and general guidelines shall enter into force on 17 January 2025.
2. These regulation repeal Finansinspektionen's regulations and general guidelines (FFFS 2014:5) regarding information security, IT operations, and deposit systems. DANIEL BARR Agneta Blomquist