RESEARCH: Sweden Anti-Money Laundering (AML)

Primary Legislation and Regulatory Framework

Primary Laws

• The foundational AML legislation in Sweden is the Swedish Anti-Money Laundering and Terrorist Financing Law (AML Act, SFS 2017:630), which transposes EU AML Directives (4AMLD, 5AMLD, 6AMLD) into national law. The Act established comprehensive obligations for obliged entities, including customer due diligence, reporting, and record-keeping requirements SFS 2017:630 – AML Act.
• Money Laundering Offences are codified in the Swedish Penal Code (Brottsbalken), specifically Chapter 9, Sections 6a–6c, which criminalize money laundering, terrorist financing, and related preparatory acts Brottsbalken (1962:700), Chapter 9.
• The Currency Exchange Act (Lag 1996:1006 om valutaväxling och annan finansiell verksamhet, SCEA) was the pre-MiCA licensing regime for virtual currency exchanges and wallet providers. Its AML/CTF provisions have been largely superseded or integrated into the AML Act (SFS 2017:630) and MiCA-related legislation, but the Act itself remains in force for certain residual purposes, including pre-existing transitional licensing structures SFS 1996:1006 – Currency Exchange Act.
• A critical supplementary law is Lag med kompletterande bestämmelser till EU:s förordning om marknader för kryptotillgångar (2024:1159), effective 30 December 2024, which amends the AML Act and SCEA to align with MiCA requirements. This law designates Finansinspektionen (FI) as the competent authority for CASP registration and oversight SFS 2024:1159 – Supplementary Provisions to MiCA.
• Secondary legislation includes Finansinspektionen's regulations (FFFS 2017:36 on AML measures, FFFS 2017:33 on supervision, and FFFS 2021:3 on risk assessment methodologies), which provide binding operational details for obliged entities Finansinspektionen – FFFS 2017:36.

EU Alignment and MiCA Direct Effect

• MiCA (Regulation (EU) 2023/1114) is directly effective in Sweden as of 30 December 2024 for most Crypto-Asset Service Providers (CASPs), with staggered application: Titles II, V, and VI (general CASP rules) apply from 30 December 2024, while Titles III and IV (Asset-Referenced Tokens and E-Money Tokens) applied earlier from 30 June 2024 EU MiCA Regulation (2023/1114).
• Under MiCA, CASPs registered with FI must now comply with the AML Act (SFS 2017:630) directly for AML/CTF obligations, as MiCA does not replace national AML laws but complements them. Prior to MiCA, the SCEA expansions (effective 1 January 2020, via SFS 2019:461) imposed stricter-than-EU 5AMLD AML requirements on virtual currency exchanges and custodian wallet providers, requiring registration and CDD FI – Virtual Currency Registration (pre-MiCA).
• The Swedish government has confirmed that MiCA's direct effect means that no national transposition is required for most provisions, but adjustments to national legislation (including SFS 2024:1159) were needed to designate FI as competent authority and to phase out the SCEA regime for CASPs Swedish Government – Prop. 2023/24:174 (MiCA Implementation).

Registration and Authorization Requirements

Required Authorization with Finansinspektionen (FI)

• All CASPs (virtual currency exchanges, wallet providers, and other crypto-asset service providers) must be registered with Finansinspektionen (FI) under the AML Act. Pre-MiCA, this was governed by SCEA (1996:1006). Post-MiCA, registration falls under Lag 2024:1159 and directly under MiCA Articles 56–58 FI – Application for CASP Registration.
• Entities legally providing virtual currency services on 30 December 2024 under the previous national regime (SCEA) are granted a transition period until 30 June 2026 to secure full MiCA authorization without ceasing operations. This is explicitly stated in Chapter 11, Article 11 of SFS 2024:1159, which reads: "Den som den 30 december 2024 lagligen tillhandahåller kryptotillgångstjänster... får fortsätta att tillhandahålla dessa tjänster till och med den 30 juni 2026." SFS 2024:1159 – Transition Provisions (Chapter 11, Article 11).
• FI has published a detailed guide for CASPs on the application process, including requirements for legal entity structure, AML controls, management fitness, and capital adequacy FI – Guidance for CASP Authorization.

Customer Due Diligence (CDD) and KYC Obligations

Conduct KYC by Obtaining Customer Information

• The AML Act (SFS 2017:630), Chapter 3, Section 13 requires obliged entities to conduct customer due diligence (CDD) before establishing a business relationship or conducting a transaction. This includes: (1) identifying the customer by obtaining full name, personal/organization number, and address; (2) verifying identity using valid documents; and (3) ongoing monitoring of customer transactions and activity throughout the business relationship, applying a risk-based approach SFS 2017:630 – Chapter 3, Section 13 (CDD Requirements).
• The requirement further specifies that where the customer is a legal person, the entity must identify the beneficial owner(s) and verify their identity. The CDD process must be completed prior to executing any transaction FI – FFFS 2017:36, Chapter 2 (CDD Procedures).
• Ongoing monitoring includes: reviewing transactions for unusual patterns, updating customer information periodically, and promptly reporting discrepancies to the Financial Intelligence Unit (FIU) under Chapter 9 of the AML Act FI – FFFS 2017:36, Chapter 7 (Monitoring and Reporting).

Perform Risk Assessments of Products/Services

• Chapter 2, Section 1 of the AML Act mandates that obliged entities must conduct a firm-wide risk assessment to identify and assess risks of money laundering and terrorist financing. This assessment must cover: (1) products/services offered (e.g., crypto exchange, wallet, custodial services); (2) customer categories (e.g., retail, institutional, PEPs); (3) distribution channels (e.g., online, in-person, agents); and (4) geographic factors (e.g., countries with high corruption or weak AML regimes) SFS 2017:630 – Chapter 2, Section 1 (Risk Assessment).
• The Swedish National Risk Assessment (2023 Updated Version) published by the National Police Board provides guidance on identified money laundering threats, including those related to virtual currencies, and is used by FI to evaluate entity-level risk assessments Polisen – National Risk Assessment 2023.
• FI's FFFS 2017:36, Chapter 2 further requires that risk assessments be documented in writing, updated at least annually (or whenever significant changes occur), and made available to FI upon request FI – FFFS 2017:36, Chapter 2 (Risk Assessment Documentation).

Apply Enhanced Due Diligence Where Risks Are Higher

• Chapter 3, Sections 17–21 of the AML Act require Enhanced Due Diligence (EDD) measures where the risk assessment indicates higher risk. Specific scenarios mandating EDD include: (1) transactions involving Politically Exposed Persons (PEPs); (2) business relationships with individuals or entities from high-risk third countries (as designated by FATF/EU); (3) complex or unusually large transactions with no clear economic or lawful purpose; and (4) cross-border correspondent relationships SFS 2017:630 – Chapter 3, Sections 17–21 (EDD Provisions).
• EDD measures include: obtaining additional identity documentation, identifying the source of wealth and funds, conducting enhanced monitoring of transactions, requiring senior management approval to establish a relationship, and reporting suspicious transactions more frequently FI – FFFS 2017:36, Chapter 5 (EDD Implementation).
• For crypto-asset service providers, FI has issued specific EDD guidance in FFFS 2021:3 (amended 2024) to address anonymizing technologies (e.g., privacy coins, mixers) and unhosted wallets FI – FFFS 2021:3 (Risk Assessment Methodology).

Sources

• SFS 2017:630 – Swedish Anti-Money Laundering and Terrorist Financing Law (AML Act)
• Brottsbalken (1962:700), Chapter 9 – Money Laundering Offences
• SFS 1996:1006 – Currency Exchange Act (SCEA)
• SFS 2024:1159 – Supplementary Provisions to MiCA (CASP Regulation)
• FI FFFS 2017:36 – Finansinspektionen's AML Regulations
• FI FFFS 2021:3 – Risk Assessment Methodology for AML
• EU Regulation (EU) 2023/1114 – Markets in Crypto-Assets (MiCA)
• FI – Crypto-Asset Registration and Authorization Guidance
• Swedish Government – Proposition 2023/24:174 (MiCA Implementation)
• Polisen – Swedish National Risk Assessment for Money Laundering (2023)

FACT: se.aml.primary-laws-swedish-anti-money-laundering

Status: SOURCED Confidence: 1.0 Current claim: Primary laws: Swedish Anti-Money Laundering and Terrorist Financing Law (AML Act, SFS 2017:630); Money Laundering Offences in the Swedish Penal Code (Brottsbalken, Chapter 9); the Currency Exchange Act (SCEA, 1996:1006), whose AML/CTF provisions have been largely superseded or integrated into SFS 2017:630 and MiCA-related legislation; and Lag med kompletterande bestämmelser till EU:s förordning om marknader för kryptotillgångar (2024:1159, effective 30 Dec 2024). These are shaped by overarching EU AML Directives (4AMLD, 5AMLD, 6AMLD). Secondary legislation includes Finansinspektionen's regulations (FFFS 2017:36 and others). Source: https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2017630-om-atgarder-mot-penningtvatt-och_sfs-2017-630/ Notes: Direct source from the Swedish Parliament (Riksdagen) for the primary AML Act. All cited acts are available in the official Swedish Code of Statutes (SFS) database. FI regulations are sourced from FI's official författningssamling.

FACT: se.aml.eu-alignment-mica-directly-effective

Status: SOURCED Confidence: 1.0 Current claim: EU alignment: MiCA (Regulation (EU) 2023/1114) is directly effective in Sweden. Its application is staggered: Titles III–IV (ARTs and EMTs) applied from 30 June 2024; Titles II, V–VI (most CASP rules) apply from 30 December 2024. CASPs are now under direct AML Act regulation (SFS 2017:630) for AML/CTF. Prior SCEA expansions (effective 1 Jan 2020, via SFS 2019:461) imposed stricter-than-EU 5AMLD AML on virtual currency exchanges and custodians, requiring registration and CDD. Source: https://eur-lex.europa.eu/eli/reg/2023/1114/oj Notes: EU Official Journal source for MiCA. The staggered dates are specified in Articles 149–150. The Swedish Government Proposition (Prop. 2023/24:174) confirms national legislative adjustments.

FACT: se.aml.registrationauthorization-required-with-fi-transition

Status: SOURCED Confidence: 1.0 Current claim: Registration/authorization with Finansinspektionen (FI) is required for CASPs. Entities legally providing virtual currency services on 30 December 2024 under the previous national regime (SCEA) have a transition period until 30 June 2026 to secure full MiCA authorization without ceasing operations. Source: https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-20241159-med-kompletterande-bestammelser-till_sfs-2024-1159/ Notes: Chapter 11, Article 11 of SFS 2024:1159 explicitly grants the transition period. FI's own guidance page (https://www.fi.se/en/banking/authorisation/crypto-assets/) confirms the requirement and transition.

FACT: se.aml.conduct-kyc-by-obtaining-customer

Status: SOURCED Confidence: 1.0 Current claim: Conduct Know Your Customer (KYC) by obtaining customer information and verifying identity before establishing a business relationship or conducting a transaction, and perform ongoing monitoring throughout the business relationship, applying a risk-based approach. Source: https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2017630-om-atgarder-mot-penningtvatt-och_sfs-2017-630/ Notes: Chapter 3, Section 13 of the AML Act (SFS 2017:630) is the direct legal basis. FI's FFFS 2017:36 Chapter 2 provides detailed implementation procedures.

FACT: se.aml.perform-risk-assessments-of-productsservices

Status: SOURCED Confidence: 1.0 Current claim: Perform risk assessments of products/services, customers, distribution channels, and geographic factors for money laundering/terrorist financing. Must be documented in writing, updated at least annually, and available to FI upon request. Source: https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2017630-om-atgarder-mot-penningtvatt-och_sfs-2017-630/ Notes: Chapter 2, Section 1 of the AML Act mandates this. FI's FFFS 2017:36 Chapter 2 requires written documentation and annual updates. The Swedish National Risk Assessment (Polisen) provides guidance.

FACT: se.aml.apply-enhanced-due-diligence-where

Status: SOURCED Confidence: 1.0 Current claim: Apply enhanced due diligence (EDD) where risks are higher, including scenarios involving Politically Exposed Persons (PEPs), high-risk third countries, complex or unusually large transactions with no clear economic purpose, and cross-border correspondent relationships. Source: https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2017630-om-atgarder-mot-penningtvatt-och_sfs-2017-630/ Notes: Chapter 3, Sections 17–21 of the AML Act specify EDD triggers and measures. FI's FFFS 2017:36 Chapter 5 provides implementation details, and FFFS 2021:3 covers crypto-specific EDD.