LogoRegulatory Alerts
2024-12-20

Regulations Amending Operational Risk Management Rules (FFFS 2024:10)

Finansinspektionen issued amendments to its operational risk management framework that impose stricter continuity planning and testing mandates on banks, credit institutions, and securities firms. The updated regulations require covered entities to define maximum permissible interruption periods for each process and specify the exact types and frequencies of continuity tests in their internal rules. Furthermore, the amendments mandate annual testing of contingency, continuity, and recovery plans for all critical processes and supporting IT systems, effective 1 July 2024.

Finansinspektionen logo

Sweden

Finansinspektionen

Click to view thumbnail

Finansinspektionen’s Regulatory Code Publisher: Chief Legal Counsel Eric Leijonram, Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished solely for information purposes. Only the printed version of the regulation in Swedish applies for the application of the law. 1 09 Regulations amending Finansinspektionen’s regulations and general guidelines (FFFS 2014:4) regarding the management of operational risks; decided on 18 June 2024. Finansinspektionen prescribes pursuant to Chapter 6, section 1, point 54 of the Securities Market Ordinance (2007:572) that Chapter 1, sections 2 and 3 and Chapter 5, sections 16 and 23 of Finansinspektionen’s regulations and general guidelines (FFFS 2014:4) regarding the management of operational risks shall have the following wording. Chapter 1 Section 21 The regulations apply to the following undertakings:

  1. banking companies,
  2. savings banks,
  3. members’ banks,
  4. credit market companies,
  5. credit market associations, and
  6. securities companies as referred to in Chapter 1, section 2, first paragraph, point 7c–g of the Credit Institutions and Securities Companies (Special Supervision) Act (2014:968). The regulations, in accordance with Chapter 3, section 4 of the Credit Institutions and Securities Companies (Special Supervision) Act shall be applied at group or subgroup level. Section 32 For securities companies, Chapter 5, sections 15–23 and Chapter 6, section 4, first paragraph, point 1 do not apply. Chapter 5 Section 163 An undertaking shall determine the longest period permitted for an interruption for each process pursuant to section 1. Section 234 An undertaking shall determine the following in its internal rules for continuity management under section 15: 1 The change entails in part that the third paragraph has been removed. 2 The change entails that the second paragraph has been removed. 3 The change entails that the second paragraph has been removed. 4 The change entails in part that the third paragraph has been removed. FFFS 2024:10 Published on 25 June 2024

FFFS 2024:10 2

  1. which types of tests it will perform under section 22, and
  2. how often the tests are to be performed. An undertaking shall test at least annually contingency plans, continuity plans and recovery plans for processes in accordance with section 1 and the IT systems that support these processes.

These regulations shall enter into force on 01 July 2024. DANIEL BARR Axel Olofsson

Share