Sweden fintech & payments: fully regulated under FSA supervision, PSD2/EMD2 transposition
Sweden maintains a fully regulated fintech and payments environment supervised by Finansinspektionen (the Swedish Financial Supervisory Authority). Payment institutions and registered payment service providers operate under the Payment Services Act, while electronic money institutions are governed by the Electronic Money Act, both transposing EU directives. Recent regulatory updates have focused on aligning operational standards with the EU Digital Operational Resilience Act (DORA) and enhancing fraud reporting requirements.
The regulatory framework mandates strict authorization, capital adequacy, and governance standards for all licensed entities. Finansinspektionen has issued comprehensive regulations covering ownership assessments, management qualifications, and operational risk management. Notable restrictions include rigorous anti-money laundering obligations and mandatory reporting of serious security incidents.
The current direction of travel emphasizes digital operational resilience, with updated rules requiring detailed IT organization disclosures and robust continuity planning. The authority continues to refine licensing procedures and capital calculation methods to ensure stability and consumer protection within the single market.
Payment Services Act (2010)
Governs payment institutions and registered payment service providers, implementing EU payment services directives. It mandates authorization, capital requirements, and operational standards.
[5][6][7][13][21][22][24][27][35][37]Electronic Money Act (2011)
Regulates institutions for electronic money and registered issuers. It sets out requirements for authorization, safeguarding of funds, and operational conduct.
[4][15][20][23][25][36]Clearing and Settlement of Payments Act (2024)
Supplements regulations for clearing companies, mandating enhanced risk management, IT security, and capital requirements.
[8][9]Payment Institution
Requires authorization from Finansinspektionen. Applicants must submit detailed business plans, financial forecasts, and proof of capital. Recent amendments align with DORA and require semi-annual fraud reporting.
[5][7][13][21][22][24][27][35][37]Electronic Money Institution
Requires authorization. Must maintain initial capital of EUR 350,000 and submit three-year financial forecasts. Rules mandate detailed AML/CTF measures and safeguarding of funds. Capital: EUR 350,000
[4][15][20][23][25][36]Registered Payment Service Provider
A lighter registration regime for smaller payment service providers. Requires compliance with operational and security standards, including AML assessments and incident reporting.
[5][6][7][13][21][22][24][27][35][37]Payment service providers must report serious operational or security incidents within four hours, with final details within 20 business days. Semi-annual statistical data on fraudulent proceedings is also mandatory.
[6][27]Entities must implement tailored frameworks for operational risk management, including risk assessments, continuity plans, and security incident notifications, aligned with DORA.
[7]Ownership and management assessments are strictly regulated. Applicants must submit detailed documentation on qualifying holdings, and changes require prior notification or approval.
[2][13][16][18][28]The regulatory environment is evolving to fully incorporate EU Digital Operational Resilience Act (DORA) requirements, focusing on IT security and operational continuity.
[7]Finansinspektionen continues to update regulations to enhance consumer protection, including detailed procedures for payment account switching and transparency in fees.
Email alerts for Sweden updates
New circulars, rules and guidance — a digest in your inbox, same day.