Banking Regulation 2025

SWEDEN Law and Practice Contributed by: Richard Engblom, Per Josephson, Anna Cumzelius and Amin Bell, Harvest Advokatbyrå

ings, in particular including undertakings operat - ing under the Swedish Banking and Financing Business Act (SFS 2004:297), will be subject to DORA. Together with the DORA Regulation, amendments were made to several EU direc - tives in the field of financial markets by Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/ EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digi - tal operational resilience for the financial sector (the Amending Directive). For Sweden, DORA and the Amending Directive mean that certain national legislative measures need to be taken to ensure necessary implementation and enforce - ment. Against this background, the Swedish government has proposed several legislative measures, which since 15 August 2024, are undergoing a consultation procedure with the Council on Legislation ( Lagrådet ). The said proposals for legislative measures con - sist of proposals for legislative amendments to adapt Swedish law to the regulatory framework of DORA, such as amendments to avoid over - lapping regulation, and proposals to introduce a new law with supplementary provisions to DORA. The proposed new law contains, among other things, provisions on responsible authori - ties for threat-based penetration tests, the SFSA’s supervisory powers, interventions and sanctions in the event of breaches of DORA, and fees to finance the SFSA’s and the Swedish Cen - tral Bank’s ( Riksbanken ) activities under DORA. The proposed legislative amendments include the Banking and Financing Business Act (SFS 2004:297) and mainly concern clarifications on compliance with the applicable rules in DORA and certain intervention powers for the SFSA. The proposed powers of intervention stipulate that the SFSA shall intervene against any mem -

ber of the board of directors of a credit institution or its managing director, or the deputy of any of them, if the credit institution has failed to comply with its obligations under any of Articles 5-10, 11(1)-11(10), 12-14, 16(1), 16(2), 17, 18(1), 18(2), 19(1), 19(3), 19(4), 23-25, 26(1)-26(8), 27, 28(1)- 28(8), 29, 30(1)-30(4), 31(12) or 45 of DORA. Furthermore, on 4 September 2024, the SFSA published a consultation draft containing a pro - posal for new regulations setting out rules on the technical format in which undertakings must report major ICT-related incidents under Article 19(1) DORA, notify significant cyber threats under Article 19(2) DORA, and report information on third-party ICT service providers under Article 28(3) DORA (Information Register) and when this information must be provided. According to the proposal, undertakings must report the Informa - tion Register by 28 February 2025, and annually by the same date. 11. Horizon Scanning 11.1 Regulatory Developments The main upcoming regulatory developments are outlined below. Sweden • In September 2024, the Swedish government presented a bill proposing amendments to the Consumer Credit Act (SFS 2010:1846), aimed at strengthening consumer protection against risky lending practices and preventing over-indebtedness. The proposal involves, for example, extending the interest rate and cost caps to include additional types of consumer loans and lowering the interest rate cap from 40 to 20 percentage points above the refer - ence rate. The legislative changes are expect - ed to enter into force on 1 March 2025.

556 CHAMBERS.COM

Powered by