Rules Navigator

IMY and Swedish banks in GDPR project to reduce money laundering

A small wooden house with a green roof on Swedish banknotes.
Photo: Getty Images

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The Swedish Data Protection Authority and four banks will investigate better information sharing to fight financial crime.

IMY, the Swedish Data Protection Authority, has initiated a new project in partnership with four banks to strengthen its ability to fight fraud and money laundering in Sweden.

It is the authority’s fourth innovation project in a regulatory sandbox, and will feature SEB, Nordea, Swedbank and Handelsbanken.

“It is important that we explore these gray areas about how personal integrity can be protected, while economic crime can be fought more effectively.”

Per Nydén, lawyer IMY 

Organized crime, money laundering and fraud are estimated to cost Swedish society SKr 100 to 150 billion a year ($10 to $15 billion), and this project will look to enhance information sharing between the banks. It is intended to enable them to work more effectively to fight financial crime without flouting strict GDPR requirements.

Data protection of customers

Since the banks are processing large volumes of customer data every day, IMY suggests that its role will primarily be to support the project with in-depth guidance in the “gray area issues of data protection and privacy”.

“It is important that we explore these gray areas about how personal integrity can be protected, while economic crime can be fought more effectively,” said Per Nydén, lawyer at IMY. 

A report on the findings will be published in the spring of 2025.

Money laundering in Sweden and the Baltics

Sweden has faced criticism for its lack of progress in combating money laundering. In September 2023, a report by the International Monetary Fund (IMF) recommended that Nordic and Baltic banks should make efforts to strengthen their anti-money-laundering and counter-terrorism financing (AML/CFT) supervision framework.

In May 2024, Riksrevisionen, the Swedish National Audit Office, found that the work of the Swedish state and some authorities to prevent money laundering lacked effectiveness. Riksrevisionen said that the government’s management of the system for money-laundering supervision was weak, and that supervision by Finansinspektionen (the Financial Supervisory Authority) and the county administrations in Stockholm, Malmö, and Västra Götaland was not effective enough.

In August 2024, a new report was released highlighting the sizeable risks of money laundering through neobanks. National risk assessment 2023/2024 – Neobanks contended that neobanks – digital banks with a limited physical footprint – tend to exclusively use digital and rapid customer recognition and verification processes, which often results in a “lower degree of control.” This, in turn, can enable the layering of anonymity and lead to individuals being exploited as mules to facilitate illicit money flows into the legitimate financial system. This is also a recent area of concern and focus for the UK’s FCA.

Many Nordic and Baltic banks have been fined in connection with money laundering:

  • 2019: the Swedish TV news show Uppdrag Granskning revealed extensive suspected money laundering within Swedbank, where at least SKr 40 billion ($3.9 billion) had been channelled between accounts in Swedbank and Danske Bank in the Baltics. The illegal money flows were linked to a former minister in the Russian government, Mikhail Abyzov.
  • 2020: Swedbank was fined a record $400m as a result of ”major deficiencies in its work to combat money laundering in its Baltic operations”. 
  • March 2022: Swedbank was served with another suspicion of money-laundering notice at its Estonian branch in connection with transactions that had taken place between 2014-2016. Later that year, Swedbank’s former CEO Birgitte Bonnesen went on trial for allegedly covering up money laundering on a massive scale in the bank’s Baltic branches – allegations which she was cleared from by the courts.
  • June 2023: Swedbank AS in Latvia, a subsidiary of Sweden’s oldest bank Swedbank AB, paid $3,430,900 to the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) to settle its alleged breaches of Crimea sanctions. Between 2015 and 2016, OFAC found 386 alleged violations of its Crimea sanctions. These involved a Swedbank Latvia customer who used the e-banking services from an IP address in Crimea to make transactions to persons in Crimea through US correspondent banks totalling up to $3,312,120.
  • September 2024: Birgitte Bonnesen, the former CEO of Swedbank, was sentenced to prison for one year and three months after being convicted of gross fraud. The Court of Appeal found that Bonnesen did provide misleading information when she was interviewed by Swedish media (Svenska Dagbladet and TT) regarding the release of Swedbank’s third quarterly report in 2018. The court held that Bonnesen provided misleading information when she stated that the bank had no suspicion of being involved in money laundering in the Baltics. That information was deemed to “likely to influence the assessment of the Swedish bank in financial terms and thereby cause damage.”
, , , , , , , , ,

You may also like