Regulations amending Finansinspektionen’s regulations on the management of operational risks

Finansinspektionen’s Regulatory Code Publisher: Acting Chief Legal Counsel Sophie Degenne, Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished solely for information purposes. Only the printed version of the regulation in Swedish applies for the application of the law. 1 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2014:4) regarding the management of operational risks; decided on 18 December 2024. Finansinspektionen prescribes pursuant to Chapter 5, section 2, point 5 of the Banking and Financing Business Ordinance (2004:329) in respect of Finansinspektionen’s regulations and general guidelines (FFFS 2014:4) regarding the management of operational risks in part that Chapter 5, sections 8, 9 and 19 shall be repealed, in part that current Chapter 5, sections 10–18 and 20–23 shall be designated Chapter 5, sections 8–20, in part that Chapter 1, section 2; Chapter 3, section 1; and new Chapter 5, sections 8 and 12 shall have the following wording, and in part that the heading immediately preceding Chapter 5, section 10 shall be placed immediately preceding the new Chapter 5, section 8; the heading immediately preceding Chapter 5, section 15 shall be placed immediately preceding the new Chapter 5, section 13; the heading immediately preceding Chapter 5, section 17 shall be placed immediately preceding the new Chapter 5, section 15; the heading immediately preceding Chapter 5, section 20 shall be placed immediately preceding the new Chapter 5, section 17; and the heading immediately preceding Chapter 5, section 22 shall be placed immediately preceding the new Chapter 5, section 19. Chapter 1 Section 2 These regulations apply to

1. banking companies,
2. savings banks,
3. members’ banks,
4. credit market companies,
5. credit market associations, and
6. securities companies as referred to in Chapter 1, section 2, first paragraph, point 7c–g of the Credit Institutions and Securities Companies (Special Supervision) Act (2014:968). The regulations, in accordance with Chapter 3, section 4 of the Special Supervision of Credit Institutions and Investment Firms Act (2014:968), shall be applied at group or subgroup level. The provisions set out in these regulations do not apply to the management of ICT risks as referred to in the DORA Regulation. FFFS 2024:29 Published on 27 December 2024

FFFS 2024:29 2 Chapter 3 Section 1 An undertaking shall identify operational risks in its products, services, functions, and processes. Chapter 5 Section 8 An undertaking shall have a process for the approval of new or materially altered products, services, markets, processes, and major changes to the undertaking’s operations and organisation. The undertaking shall take into consideration the nature, scope and complexity of its operations when applying the first paragraph. Section 12 When an undertaking decides on a new product, service, market or process, it shall establish the person or function that is responsible for managing risks associated therewith.

These regulations shall enter into force on 17 January 2025. DANIEL BARR Agneta Blomquist