Regulatory AlertsFinansinspektionen Regulations and General Guidelines on Operational Risk Management
Issued by Finansinspektionen, these regulations require credit institutions, investment firms, and very large securities companies to establish comprehensive operational risk management frameworks overseen by their boards and managing directors. The rules mandate robust procedures for legal, personnel, and safety risks, continuity management, securities trading, and explicit coverage of risks arising from outsourcing agreements. Recent amendments align the scope with EU digital operational resilience standards, exclude clearing organizations, and adjust applicability to prevent regulatory duplication while maintaining strict oversight of operational vulnerabilities.
Finansinspektionen’s Regulations and General Guidelines regarding the management of operational risks
In force from 2014-06-01
Summary
The regulations apply to credit institutions and investment firms and enter into force on 1 June 2014. They regulate, for example, the responsibility of the board of directors and the managing director and the managing of operational risks in the business, including with regard to procedures, legal risks, personnel, safety, procedures for approval and continuity management. The regulations also include requirements on the undertakings' securities business and currency trading.
Amendments
The amended regulations entail that some provisions are repealed or amended to avoid duplicate regulation in relation to EU Regulation on digital operational resilience for the financial sector.
The amendments enter into force on 17 January 2025. Amendment 2024:29
The amendments entail that clearing organisations are no longer included in the scope and are the result of the term clearing organisation being removed from the Securities Market Act (2007:528).
The scope of the regulations has been expanded to include very large securities companies.
The amendments enter into force from 8 March 2023. Amendment 2023:4
The scope is changed so that securities companies, with the exception of those that will continue to apply the Capital Requirements Regulation (575/2013/EU), are no longer subject to the regulations. Small editorial changes were also made. These amendments enter into force on 7 July 2021. Amendment 2021:22
Under the amendment, the methods and processes used to identify, measure and manage operational risks must also cover risks resulting from outsourcing agreements.
The amendments enter into force on 29 December 2020. Amendment 2020:31
According to the amendment, undertakings with authorisation to conduct clearing operations according to Chapter 19 of the Securities Market Act (2007:528) shall be covered by some of the provisions on continuity management set out in Chapter 5 of Finansinspektionen's regulations and general guidelines (FFFS 2014:4) regarding the management of operational risks.
The amendment also reinserts the second paragraph under Chapter 1, section, which had been removed by accident.
The amendments will enter into force on 1 March 2018. Amendment 2018:1
Finansinspektionen is amending the reference to provisions regarding outsourcing agreements.
The amendment enters into force on 3 January 2018.
FI is amending the scope to agree with the scope in the Credit Institutions and Securities Companies (Special Supervision) Act (2014:968). The amendments enter into force on 2 August 2014. Amendment 2014:31
Documents
FFFS 2014:4
Changes
Number
FFFS 2024:29
Date
2025-01-17
Heading
FFFS 2024:29
Number
FFFS 2024:10
Date
2024-07-01
Heading
FFFS 2024:10
Number
FFFS 2023:4
Date
2023-03-08
Heading
FFFS 2023:4
Number
FFFS 2021:22
Date
2021-07-07
Heading
FFFS 2021:22
Number
FFFS 2020:31
Date
2020-12-29
Heading
FFFS 2020:31
Number
FFFS 2018:1
Date
2018-03-01
Heading
FFFS 2018:1
Number
FFFS 2017:9
Date
2018-01-03
Heading
FFFS 2017:9
Number
FFFS 2014:31
Date
2014-08-02
Heading
FFFS 2014:31