Regulations amending Finansinspektionen’s regulations and general guidelines governing payment institutions and registered payment service providers

Finansinspektionen’s Regulatory Code Publisher: Acting Chief Legal Counsel Sophie Degenne, Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished solely for information purposes. Only the printed version of the regulation in Swedish applies for the application of the law. 1 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2010:3) governing payment institutions and registered payment service providers; decided on 18 December 2024. Finansinspektionen prescribes pursuant to section 5, points 1, 7, 17 and 19 of the Payment Services Ordinance (2010:1008) with regard to Finansinspektionen’s regulations and general guidelines (FFFS 2010:3) governing payment institutions and registered payment service providers in part that Chapter 12, section 4 shall be repealed, in part that the heading immediately preceding Chapter 12, section 4 shall be removed, in part that current Chapter 12, sections 5 and 5a shall be designated Chapter 12, sections 4 and 5, in part that Chapter 1, section 2; Chapter 2, sections 16 and 16a; Chapter 10, section 1; and Chapter 12, section 11 shall have the following wording, and in part that the headings immediately preceding Chapter 12, sections 5 and 5a shall be placed immediately preceding Chapter 12, sections 4 and 5. Chapter 1 Section 2 Terms and expressions used in these regulations and general guidelines have the same meaning and scope as in Chapter 1, sections 2–4 of the Payment Services Act (2010:751). In addition, the following terms and expressions shall be defined as

1. AIF manager: the same as in Chapter 1, section 3 of the Alternative Investment Fund Managers Act (2013:561).
2. DORA Regulation: Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011. Chapter 2 Section 16 An undertaking shall state in its business plan how it will organise its IT operations for payment services. In particular, the business plan shall specify how the undertaking complies with the provisions set out in the DORA Regulation. The undertaking shall in part describe in general the functions and areas of use of its systems and in part describe which confidentiality functions it uses in its payment FFFS 2024:24 Published on 27 December 2024

FFFS 2024:24 2 service operations to prevent unauthorised persons from obtaining access to information about an individual's personal or financial circumstances. The business plan shall also state if the undertaking shares its premises or technical equipment with other parties and how the undertaking, when applicable, intends to handle confidentiality issues within its payment service operations due to such an arrangement. Section 16a An undertaking shall describe in its business plan its systems for managing operational risks and security risks pursuant to Chapter 5b, section 1 of the Payment Services Act (2010:751) and Chapter 5, section 1 of Finansinspektionen's regulations (FFFS 2018:4) regarding activities of payment service providers. The description shall include the undertaking’s procedures for notifying Finansinspektionen about serious operational incidents and security incidents pursuant to Article 19 of the DORA Regulation. The undertaking shall also provide in its business plan the information set out in Chapter 6, section 1 of Finansinspektionen’s regulations regarding activities of payment service providers. Chapter 10 Section 1 This chapter contains provisions governing how payment institutions and registered payment service providers shall enter into, maintain and terminate outsourcing agreements that are of material significance to their payment service operations. This chapter does not apply to outsourcing agreements subject to Chapter V of the DORA Regulation. Chapter 12 Section 11 Finansinspektionen decides on exemptions from the provisions set out in sections 5, 6 and 9, if special grounds exist.

These regulations shall enter into force on 17 January 2025. DANIEL BARR Agneta Blomquist