Regulations amending Finansinspektionen’s regulations and general guidelines regarding measures against money laundering and financing of terrorism

Finansinspektionen’s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished for information purposes only and is not itself a legal document. 1 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2009:1) regarding measures against money laundering and financing of terrorism; decided on 16 November 2015. Finansinspektionen prescribes pursuant to section 18 of the Money Laundering and Terrorist Financing (Prevention) Ordinance (2009:92) in part that current Chapter 4, sections 14–16 shall be designated sections 16–18, in part that Chapter 1, sections 1 and 3, Chapter 2, sections 2 and 3, Chapter 3, sections 2 and 3, Chapter 4, sections 4, 5, 7, 10 and 11, Chapter 5, sections 2 and 3, Chapter 6, section 1, Chapter 8, section 1 and the headings immediately preceding Chapter 4, sections 4 and 7 and Chapter 5, section 2 shall have the following wording, in part that the heading immediately preceding Chapter 4, section 12 shall read “Provisions on simplified customer due diligence”, in part that three new sections, Chapter 2, section 4 and Chapter 4, sections 14 and 15, shall be inserted and a new heading immediately preceding Chapter 4, section 14 shall have the following wording, and in part that the general guidelines to Chapter 5, section 3 shall be repealed. Chapter 1 Section 1 These regulations contain provisions governing the measures which an undertaking shall implement in order to prevent the operations from being used for money laundering or terrorist financing. These regulations specify, among other things, what is meant by a risk-based approach, risk assessment, risk-based procedures, etc., customer due diligence, the obligation to provide information and conduct reviews as well as training and protection of employees. Section 3 The definitions in these regulations are the same as those in Chapter 1, section 5 and 5a and Chapter 2, section 7a of the Act on Measures against Money Laundering and Terrorist Financing (2009:62). Furthermore, the following definitions are used:

1. company: a body that conducts business as set out in Chapter 1, section 2, lines 1–7, 17 and -20 of the Act on Measures against Money Laundering and Terrorist Financing.
2. internal regulations: policy and governance documents, guidelines, instructions or other written documents through which a company directs its operations; FFFS 2015:7 Published 20 November 2015

FFFS 2015:7 2 3. internal control: a process through which the firm's board of directors, managing director, senior management or other personnel create reasonable certainty that the firm’s goals are achieved in the following areas: – that the undertaking has an appropriate and efficient organisation and management of the operations; – that information submitted to the Swedish Police is reliable, and – that the firm complies with applicable laws, ordinances and other regulations. Chapter 2 Section 2 In order to fulfil the requirement in section 1, an undertaking shall:

1. conduct a risk assessment pursuant to section 3, which shall be assessed and updated pursuant to section 4, and
2. maintain procedures, etc. in accordance with Chapter 3. The undertaking shall continuously take into account information relating to new trends and patterns which are used as well as methods which may be used for money laundering and terrorist financing. The undertaking shall also gain access to other information from organisations, authorities and other bodies within the area. 3 § An undertaking shall survey and assess the risks pursuant to Chapter 5, section 1 of the Act on Measures against Money Laundering and Terrorist Financing (2009:62) in an appropriate manner given the undertaking’s operations, scope and complexity. The risk assessment shall contain an analysis of the undertaking’s customers, products, services and other relevant factors for the operations such as distribution channels and geographical areas. 4 § The risk assessment shall be made regularly, at least once a year, evaluated, and when necessary updated. An undertaking shall update its risk assessment before introducing new or significantly altered products, services, markets and other factors relevant for its operations. Chapter 3 Section 2 An undertaking shall maintain the following procedures, etc.:
3. Procedures making, evaluating and updating the risk assessment in accordance with Chapter 5, section 1 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 2, sections 3 and 4 of these regulatory codes,
4. procedures for: – basic customer due diligence measures according to Chapter 2, section 3 of the Act on Measures against Money Laundering and Terrorist Financing, – customer due diligence measures in accordance with Chapter 2, section 5 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 4, sections 12 and 13 of these regulatory codes, and – more extensive measures to attain customer due diligence measures according to Chapter 2, sections 6, 6a and 7a of the Act on Measures against Money Laundering and Terrorist Financing,
5. systems or routines for ongoing follow-up of business relationships in accordance with Chapter 2, section 10 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 4, sections 16 and 17 of these regulatory codes,
6. routines for preserving documents submitted or measures taken to achieve customer due diligence in accordance with Chapter 2, section 13 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 4, section 18 of these regulatory codes,

FFFS 2015:7 3 5. systems or routines for ongoing follow-up of business relationships in accordance with Chapter 3, section 1 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 5, section 1 of these regulatory codes, 6. procedures for the obligation to provide information to the Swedish National Police Board in accordance with Chapter 3, section 1 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 5, section 2 of these regulatory codes, 7. routines for preserving documents submitted or measures taken to achieve customer due diligence in accordance with Chapter 3, section 1b of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 5, section 3 of these regulatory codes, 8. training programmes in accordance with Chapter 5, section 1 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 7, section 1 of these regulatory codes, 9. procedures to protect employees from threats or hostile measures pursuant to Chapter 5, section 2 of the Act on Measures against Money Laundering and Terrorist Financing and Chapter 7, section 2 of these regulatory codes, and 10. guidelines for internal control, compliance and internal information pursuant to Chapter 8 of these regulations. The undertaking’s procedures, etc. shall be based on its operations and risk assessment. The undertaking’s routines shall be updated when necessary. Section 3 An undertaking shall notify its branches and majority-owned subsidiaries outside the EEA about the undertaking’s risk assessment and procedures, etc. Chapter 4 Simplified customer due diligence for a natural person Section 4 If the provisions governing basic measures for customer due diligence do not need to be applied pursuant to Chapter 2, section 5 of the Act on Measures against Money Laundering and Terrorist Financing (2009:62), or Chapter 4, section 12 of these regulatory codes, the undertaking shall still verify a customer’s identity by a) obtaining information regarding the customer’s name, civic registration number or the equivalent and address, and b) verifying the information against external registers, certificates, other documentation, or the equivalent. Section 5 An undertaking shall verify the identity of a customer that is a legal person by means of a registration certificate, corresponding authorising documents if the registration certificate has not been issued for the legal person, or conduct corresponding verification against external registers.

The undertaking shall also verify the identity of a representative of a legal person pursuant to section 2 or 3. Simplified customer due diligence for a legal person Section 7 If the provisions governing basic measures for customer due diligence do not need to be applied pursuant to Chapter 2, section 5 of the Act on Measures against Money Laundering and Terrorist Financing (2009:62), or Chapter 4,

FFFS 2015:7 4 sections 12 and 13 of these regulatory codes, the undertaking shall still verify a customer’s identity in an appropriate manner. The undertaking shall also verify the identity of a representative of a legal person by: – obtaining information on the person’s name and civic registration number or the equivalent, and – verifying the information against the legal person’s registration certificate, external registers, identity documents for the representative pursuant to section 2, or other corresponding document. Section 10 An undertaking may rely on measures for basic customer due diligence which has been carried out by a third party pursuant to Chapter 2, section 3, fourth paragraph of the Act on Measures against Money Laundering and Terrorist Financing (2009:62) even if the documents and data are different from those required in accordance with these regulations. This applies if the measures are taken pursuant to corresponding requirements of a country within the EEA and in a country outside the EEA as set forth in Chapter 9, section 1 of these regulations. Section 11 The provisions in Chapter 2, section 3, fourth paragraph of the Money Laundering and Terrorist Financing (Prevention) Act (2009:62) that an undertaking may rely on measures performed by a third party do not apply to outsourcing agreements or the equivalent where an outsourcing service provider performs a measure which the undertaking would otherwise have performed pursuant to the Money Laundering and Terrorist Financing (Prevention) Act. Politically exposed persons Section 14 An undertaking shall, through the measures it takes in accordance with the Money Laundering and Terrorist Financing (Prevention) Act (2009:62), acquire reliable and adequate information to determine whether the customer, or the customer’s beneficial owner, is a politically-exposed person. The data can be gathered from the customer, from external sources or in an other way. Section 15 The assessment of risk in accordance with Chapter 2, section 7b of the Money Laundering and Terrorist Financing (Prevention) Act (2009:62) shall be carried out in an appropriate manner and take into account relevant factors, such as whether a person in a new position is linked to his or her earlier function or whether the person exercises any formal or informal influence. Chapter 5 Information to the Swedish National Police Board Section 2 An undertaking shall provide information, pursuant to Chapter 3, section 1, second paragraph of the Act on Measures against Money Laundering and Terrorist Financing (2009:62) in the manner instructed by the Swedish National Police Board. Section 3 An undertaking shall document and preserve information on measures and decisions pursuant to Chapter 3, section 1b of the Act on Measures against Money Laundering and Terrorist Financing, in a safe manner, electronically or on paper. The undertaking shall ensure that the documents and data are easy to produce and identify.

FFFS 2015:7 5 Chapter 6 Section 1 An undertaking’s board of directors or managing director shall appoint a central functional manager within the undertaking who is responsible for the obligation to provide information and conduct reviews pursuant to Chapter 3, section 1, first to third and fifth paragraphs and section 1b of the Act on Measures against Money Laundering and Terrorist Financing (2009:62) and Chapter 5 of these regulations. The central functional manager is also responsible for reporting to the board of directors or the managing director. The person responsible for the central function may appoint one or more persons to assist him or her and delegate powers to these persons. Chapter 8 Section 1 Through internal control and control of compliance, an undertaking shall ensure that it meets the requirements of the Act on Measures against Money Laundering and Terrorist Financing (2009:62), these regulations and the undertaking’s procedures, etc. This particularly applies to the follow-up of the obligation to provide information and conduct reviews and to ensuring that there are controls which guarantee that information to the Swedish National Police Board reflects the operations in a reasonable manner.

---

These regulations shall enter into force on 1 December 2015. ERIK THEDÉEN Carin Carlsson