SWEDEN: An Introduction
Introduction
The Swedish fintech sector has historically been prominent and it remains highly competitive both within the EU and from a global perspective. Fintech operations in Sweden are facing an increasingly regulated landscape as a result of new legislation both at the EU level and domestically. Current key trending areas in the Swedish fintech market, which are impacted by recent or upcoming legislative developments, include artificial intelligence (AI), consumer credit and criminal penalties for failure to obtain regulatory authorisation where required.
Those looking to raise capital in the Swedish fintech market recently have faced difficulties caused by high rates of inflation and rising interest rates, which is a particularly troublesome combination for tech companies dependent on investment and consumer spending. The global economic climate has also been uncertain, and general investor sentiment has been cautious. However, the current economic conditions in Sweden are showing positive signs, with lower interest rates and signs of recovering investor interest in Swedish IPOs – good news for those looking to start and/or operate fintech businesses
The Swedish fintech sector takes an active role in developing its own legal and regulatory environment, and has taken the initiative to suggest that the Swedish Financial Supervisory Authority (SFSA) should introduce a regulatory sandbox to promote innovation in the Swedish financial market. A regulatory sandbox would allow firms to test innovative products, services or business models in accordance with a specific testing plan agreed and monitored by a dedicated function of the SFSA. However, the SFSA has dismissed the initiative and has not seen it fit to introduce a regulatory sandbox in similar shape and form to certain other financial supervisory authorities in the EU.
AI
The first regulatory framework for AI, an EU regulation commonly referred to as the AI Act, entered into force on 1 August 2024 and will, in principle, start applying two years after its entry into force (2 August 2026). The AI Act aims to make sure that AI systems used in Europe are safe, transparent, traceable, non-discriminatory and environmentally friendly.
AI allows for multiple uses and areas of application within the financial sector and new generative AI technology (eg, Chat GPT) has been rapidly and widely adopted. In a survey by the SFSA from December 2024 a vast majority (84%) of respondents (supervised companies in the financial sector) stated that their employees currently utilise some form of generative AI in their operations.
However, efforts to manage the risks associated with the new AI technology tend to lag behind. The survey indicated that almost half of the respondents who use AI currently lack a developed AI strategy for their organisation, some of which are companies that reported significant AI use. A majority of Swedish financial institutions expressed the belief that they are lagging behind their international competitors, mainly due to the smaller scale of Swedish companies and a perception that applicable regulations are practically burdensome.
Consumer Credit Providers
In May 2024, the Swedish government put forward a memorandum with proposals to strengthen consumer protections in the consumer credit market and decrease over-indebtedness by consumers. The proposal seeks to repeal the Certain Consumer Credit Operations Act, a domestic legislation for a bespoke consumer credit institution licence. The revised legislation is proposed to enter into force in mid-2025 and would require consumer credit institutions to become authorised as credit institutions.
The proposal would significantly increase the thresholds for starting and running fintech companies in the consumer credit segment, resulting from increased compliance resource requirements, capital requirements and operational costs associated with authorisation as a credit institution. As a result, the proposal risks striking a blow to the Swedish fintech industry, which has historically stood out in Europe for its innovation and internationally recognised companies.
Cybersecurity
Cybersecurity remains as much an area of focus in Sweden as elsewhere in the world. Companies across a wide range of sectors are investing significantly in cybersecurity to protect sensitive financial information, maintain customer trust, and comply with stringent regulatory requirements and industry standards. EU-level cybersecurity regulations are expanding to address the complexities of the current digital ecosystem, leading to the introduction and revision of several legislative acts such as the Digital Operational Resilience Act (DORA), the Cyber Resilience Act (CRA) and the updated Network and Information Systems Directive (NIS 2), each addressing different aspects of cybersecurity and operational resilience. Implementing these regulations presents challenges for financial companies as it demands considerable time and resources.
Criminal Penalties for Unauthorised Financial Activities
The Swedish government proposed, in October 2024, a new law imposing criminal penalties for a person conducting financial activities without obtaining authorisation from or registration with the SFSA where such requirements apply. Although the primary motivation behind the proposal is stated to be addressing the risk of unauthorised currency exchange and money remittance services, the proposal will have equal effect on all activities subject to authorisation or registration requirements, such as banking, insurance, fund management and payment services. The proposal seeks to introduce penalties in the form of fines or personal imprisonment for any person who intentionally or negligently carries out licensable financial activities without the required authorisation or registration. The new legislation is proposed to enter into force in October 2025.
The proposal has received mixed reactions from Swedish market participants and authorities. The SFSA has welcomed the proposal, but said that criminalisation should be limited to the activities that are primarily seen as problematic: currency exchange, payment services and crypto-assets. The reasoning being that these activities are particularly exposed to the risk of being used for criminal purposes and are carried out largely without authorisation or registration.
The proposal has also faced criticism that there is not always a clear line between activities requiring authorisation or registration and other activities. The concern is therefore that the uncertainty will limit innovation and competitiveness in the Swedish financial market, including the Swedish fintech sector.