Our actions to prevent financial crime
A selection of actions we have taken since 2016.
Society’s rapid digitisation is accelerating the transition from bank branches to digital banking, and this is causing greater demand for stable IT environments and protection against external threats. It is critical that Swedbank provides secure IT systems, including stable and reliable digital channels and internal IT environments. Combating financial crime is also a continuous effort within Swedbank, with steadily improving routines, system support and processes.
Everything Swedbank does should be characterised by high ethical standards, with Swedbank and its employees actively assessing every transaction, relationship and activity from the standpoint of the bank’s ethical norms and positions. According to the Swedish Act on Measures against Money Laundering and Terrorist Financing (2017:630), Swedbank is obligated, without delay, to report suspicions of money-laundering or terrorist financing (suspicious activity reports, SAR) to the Financial Intelligence Unit within the Swedish Police.
Preventive work to detect and report suspected money-laundering and terrorist financing remains the highest priority at Swedbank. The bank has established an Economic Crime Prevention (ECP) unit to strengthen the fight against money-laundering and financial crime.
How we work with anti-money laundering and counter-terrorist financing
For security work to be effective, access to intelligence is essential. Swedbank works with a number of public and private actors to track and understand threats to the financial sector. Swedbank’s security response team collaborates with others in the sector, in addition to police authorities. As a bank, Swedbank is obligated to report suspicions of market abuse such as insider trading, market manipulation and unlawful disclosure of inside information (pursuant to the EU's Market Abuse Regulation, MAR).
To prevent its payment systems from being exploited for criminal activity, Swedbank has built up a set of internal rules, processes and support functions to ensure that we comply with applicable laws and regulations in the area. Swedbank has an obligation to have knowledge about its customers and to understand where their money comes from and why they want a relationship with the bank, in order to better detect unusual behaviour. Swedbank minimises these risks through the Know Your Customer process, where systems monitor transactions and reconciliations of customer databases against sanction lists.
For Swedbank, it is important that irregularities within the Group are detected and addressed promptly. For this reason, an internal alert process (whistleblowing) has been established within the Group, enabling employees to anonymously report suspected violations of internal or external rules.
Swedbank has a central function that is responsible for coordinating and leading information security work. It is led by the bank’s Chief Information Security Officer (CISO) and maintains a management system for information security as well as functions for incident response and proactive security testing of the bank’s IT environment. Swedbank's CISO reports directly to the Head of Anti-Financial Crime. However, the CISO can, if relevant, also report on and escalate certain matters related to information security directly to the CEO. Each business area also has Information Security Managers, who coordinate security work locally.
The Board of Directors' Risk and Capital Committee (RCC) oversees the information security work and the implementation of the information security strategy. In this regard, the RCC supports the Board in its work to ensure that routines are in place to identify information security risks and that the risks are adequately monitored and managed. Swedbank’s security and incident response team is a certified TF-CSIRT Trusted Introducer, since 2010. Regular external security audits and vulnerability assessments are executed.
Swedbank takes an active role to prevent financial crime, where the preventive work mainly consists of various trainings, guidelines and materials connected to the work. All Swedbank employees are required to participate in annual training sessions on combating money-laundering and terrorist financing, and further in-depth training may be undertaken according to the employee's role and tasks. In addition, all Swedbank employees undergo mandatory training on Swedbank's Code of Conduct, on data privacy (GDPR) and on information security (this also applies to contractors), as well as general safety training.
For security reasons, Swedbank cannot act upon information that you submit via e-mail or via unidentified calls.