Sweden to Replace Annual AML Questionnaire With Risk-Based Reporting Framework

Key Takeaways

• New Reporting Framework: Sweden's Financial Supervisory Authority will replace its existing annual AML reporting questionnaire with a new framework effective 1 January 2027 for all obliged entities it supervises under the Swedish Money Laundering Act.
• Risk-Based Focus: The updated reporting places greater emphasis on firms' inherent money laundering risks and the strength of their control environments, reflecting a more risk-oriented supervisory approach.
• Aligned With EU Standards: The new questions are based on risk indicators developed with the European Banking Authority and the Anti-Money Laundering Authority as part of the EU's common AML risk classification methodology.
• Reporting Process Remains Familiar: Firms will continue to submit reports through FI's Fidac portal between 1 January and 31 March each year, while entities under AMLA's direct supervision will report using the EBA's taxonomy.

Deep Dive

Sweden's annual anti-money laundering reporting exercise has long been a familiar ritual. Each year, supervised firms answer the same set of questions, submit them to the Financial Supervisory Authority (FI), and move on. That routine is about to change. Beginning on 1 January 2027, the regulator will replace the existing reporting framework with an entirely new questionnaire that asks firms not simply what they do, but what kinds of risks they carry and how well their controls are built to contain them.

The change reaches every obliged entity supervised under the Swedish Money Laundering Act. Although the reporting window itself remains untouched, running each year from 1 January through 31 March, the substance of what firms will report has been rewritten. The first submissions under the new framework will draw on data as of the 31 December 2026 balance sheet date.

What emerges from FI's announcement is less a revision than a shift in perspective. The regulator is placing inherent risk alongside the control environment as the two central questions of annual reporting, asking supervised entities to describe both the conditions that create exposure to money laundering and terrorist financing and the systems intended to manage that exposure. It is a subtle distinction, but an important one. The exercise becomes less about documenting compliance activities in isolation and more about explaining the relationship between risk and governance.

That direction is no accident. FI says the new questions are aligned with risk indicators developed jointly with the European Banking Authority and the European Union's new Anti-Money Laundering Authority as part of work on a common EU risk classification methodology. Rather than standing apart as a national reporting exercise, Sweden's framework is being brought into step with a broader supervisory model that seeks to make risk assessments more consistent across Member States.

The reporting requirements themselves draw heavily from the annexes to the draft technical standards supporting that methodology under Regulation (EU) 2024/1620 and Directive (EU) 2024/1640. They also reflect the data collection template AMLA has been using while developing the common methodology. FI is careful to note that some individual data points could still change before implementation and that AMLA's template will not itself become the reporting format used in Sweden. More detailed guidance is expected during the autumn.

For most firms, the mechanics of reporting will feel reassuringly familiar even as the questions change. Submissions will continue to be made through FI's Fidac reporting portal. The exception lies with entities that fall under AMLA's direct supervision. Those firms will report according to the EBA's taxonomy instead, and FI says it will contact them separately with further instructions.

The announcement offers an early glimpse of how Europe's new anti-money laundering architecture is beginning to take practical shape. Before AMLA assumes its full supervisory role, the language of supervision is already becoming more uniform. National reporting frameworks are being reshaped around common definitions of risk, common indicators and, increasingly, common expectations about what regulators should know before they decide where to focus their attention.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.