Anti-money laundering and terrorist financing
Everything Swedbank does should be characterised by high ethical standards, with Swedbank and its employees actively assessing every transaction, relationship and activity from the standpoint of the bank’s ethical norms and positions. According to Sweden's Anti-Money Laundering Act (the Money Laundering and Terrorist Financing Prevention Act), Swedbank is obligated, without delay, to report suspicions of money laundering or terrorist financing (suspicious activity reports, SAR) to the Financial Intelligence Unit within the Swedish Police.
Intelligence and collaborations
For security work to be effective, access to intelligence is essential. Swedbank works with a number of public and private actors to track and understand threats to the financial sector. Swedbank’s security response team collaborates with others in the sector, in addition to police authorities. As a bank, Swedbank is obligated to report suspicions of market abuse such as insider trading, market manipulation and unlawful disclosure of inside information (pursuant to the EU's Market Abuse Regulation, MAR).
To prevent its payment systems from being exploited for criminal activity, Swedbank has built up a set of internal rules, processes and support functions to ensure that we comply with applicable laws and regulations in the area. Swedbank has an obligation to know all its customers, understand where their money comes from and why they want a relationship with the bank, in order to better detect unusual behaviour. Swedbank minimises these risks through the “Know Your Customer” process, where systems monitor transactions and reconciliations of customer databases against sanction lists.
Internal alerts process (”whistle blowing”)
For Swedbank it is important that irregularities within the Group are detected and addressed in time. For this reason an internal alert process (“whistle blowing”) has been established within the Group, enabling employees to anonymously report suspected violations of internal or external rules. In 2018 a total of 58 reports were filed using the internal alerts process.
Swedbank has organised a central function responsible for coordinating and leading information security work. It is led by the bank’s Chief Information Security Officer (CISO) and maintains a management system for information security as well as functions for incident response and proactive security testing of the bank’s IT environment. Every business area also has Information Security Managers, who coordinate security work locally. Swedbank’s security and Incident Response team is a certified TF-CSIRT Trusted Introducer since 2010. Regular external security audits and vulnerability assessments are executed.
Training for employees
Swedbank takes an active role to prevent financial crime, where the preventive work mainly consists of various trainings, guidelines and materials connected to the work. All Swedbank employees are required to participate in annual training sessions on countering money laundering and terrorist financing, and further in-depth training may be undertaken, according to the role and tasks that the employee has. In addition, all Swedbank employees undergo mandatory training on Swedbank's code of conduct and general safety training.