Sweden Periodic AML Reporting: Preparing for FI’s Updates
Last updated: June 2026
Finansinspektionen has confirmed that the annual AML reporting to FI will be comprehensively updated from 1 January 2027. The new questions replace the current question set, cover obliged entities’ inherent risks and control environments, and align with risk indicators developed with the EBA and AMLA for the EU common risk classification methodology. The reporting period remains 1 January to 31 March, and the 2027 data will relate to the balance sheet date of 31 December 2026.
Groups with Swedish entities, and reporting teams benchmarking their own national return against EU direction, should track FI’s evolving approach to AML reporting as part of monitoring where supervisory data collection across the bloc is heading. Any alignment with EU AML risk methodologies must be confirmed against published EBA/AMLA technical standards and FI’s final reporting taxonomy once issued.
This article walks through what is established about FI’s periodic AML reporting framework, who has to file, where the EU risk indicator methodology comes from, the dates that govern the annual cycle, and how the report feeds FI’s supervision. It also flags the points where reporting teams routinely misread an exercise like this.
Related reading: Sweden’s Finansinspektionen 2026 AML, CFT and sanctions risk priorities
Periodic AML reporting Sweden: what FI has confirmed for 2027
FI’s annual periodic AML report is the standing data feed that obliged entities under FI’s AML supervision submit once a year. FI has confirmed that the new reporting replaces the existing periodic reporting from 1 January 2027. The reporting period remains 1 January to 31 March, and the 2027 return will relate to the balance sheet date of 31 December 2026. The new questions cover inherent risk factors and control environments, although FI notes that certain data points may still change and that more detailed information will follow in autumn 2026.
FI states that the new reporting will replace the existing periodic reporting and will cover inherent risk factors and control environments. Certain data points may still change, and FI will provide more detailed information in autumn 2026.
FI has signalled that reporting guidance is updated ahead of each cycle, and fuller instructions for future cycles follow once the question set is finalised. The reporting reference date of 31 December and the January-to-March window are the established pattern, so the practical effect of any redesign would be a changed form against a familiar timeline, not a new filing rhythm.
Who must file the Swedish periodic AML report
The obligation is broad. FI’s periodic reporting page states that all undertakings subject to the Swedish Money Laundering Act, Chapter 1, Section 2, points 1 to 13, must report information annually to Finansinspektionen. That law is the Act on measures against money laundering and terrorist financing, lag (2017:630), known as penningtvattslagen, supplemented by FI’s regulations FFFS 2017:11. The scope therefore reaches well past the big banks.
FI’s periodic reporting scope is the FI-supervised population covered by Chapter 1, Section 2, points 1 to 13 of the Swedish Money Laundering Act. That range includes credit institutions, life-insurance business, securities business, e-money issuers, payment institutions, registered payment service providers, fund and AIF managers, crowdfunding service providers and crypto-asset service providers. A common group-level error is to treat the exercise as a banking return and route it only to prudential reporting. The Swedish return follows the FI-supervised obliged-entity scope, so payment institutions and authorised crypto-asset service providers must assess the same filing cycle as credit institutions, even though their risk profiles differ.
The point worth internalising is that any redesigned return asks every one of those firms the same structured risk questions, then lets the methodology differentiate them by category. The form does not get lighter because a firm is small. It gets more pointed about the specific risks that firm carries.
Where the new questions come from: the EU common risk methodology
The EU AML package provisions that create the legal basis for a harmonised risk methodology are Regulation (EU) 2024/1620 and Directive (EU) 2024/1640, together with AMLA’s developing supervisory framework. Any alignment between FI’s periodic reporting questionnaire and EU AML risk methodologies must be confirmed against published EBA/AMLA technical standards and FI’s final reporting taxonomy once issued.
Directive (EU) 2024/1640 establishes a risk-based supervisory framework for AML supervision, including requirements for risk assessment methodologies that will be further specified in technical standards. Article 12 of Regulation (EU) 2024/1620, the AMLA Regulation, sets out the criteria for selecting which firms AMLA will supervise directly. Under Article 12, an entity’s inherent and residual risk profile is classified as low, medium, substantial or high, following the benchmarks and methodology to be specified in the relevant technical standards. EBA and AMLA are developing risk indicators through the EU AML framework that supervisors will draw on; to the extent FI’s final questionnaire design aligns with these, Swedish firms would be working with the same risk-indicator families.
What does that grammar look like in practice? The AMLA Regulation establishes the methodology separately for categories of obliged entities, ranging from credit institutions through to crypto-asset service providers and other financial institutions. For each category, the inherent-risk benchmarks are built on risk-factor categories tied to customers, products, services, transactions, delivery channels and geographical areas. The residual-risk benchmarks then test the quality of the internal policies, controls and procedures a firm has in place to mitigate that inherent risk. EU AML risk methodology commonly uses inherent-risk factor categories such as customers, products and services, transactions, delivery channels, and geographic exposure; FI’s final mapping of these into reporting questions must be confirmed in its published template.
Dates to watch for your periodic AML filing
The single most common misreading of an announcement like this is to assume it changes the report due in the current year. It does not. The 2026 periodic report, filed by 31 March 2026 against the 31 December 2025 reference date, runs on the established questions.
The first report using any updated questionnaire design would apply from the reporting cycle specified in FI’s final instructions for that year. Where any updated periodic return covers data about the preceding financial year, a firm that waits for FI’s final guidance before thinking about data capture may find that some of the new fields call for information it was not systematically recording. Reading FI’s 2026 announcement, the Article 12 and Article 40 risk-methodology material, and AMLA’s data-collection template now is the way to identify possible data gaps while the current reference year is still open.
The deadline itself, 31 March, is the established annual cut-off that applies to the full obliged-entity population at once. Any phasing or sector-specific rollout for updated questions would need to be confirmed in FI’s final reporting instructions.
Filing through FIDAC, and the EBA taxonomy split
Submission runs through FI’s reporting system, FIDAC. Reports are submitted via Finansinspektionen’s designated reporting channels; the exact technical submission format and any file schema changes should be confirmed in FI’s updated reporting instructions. A firm that automated its periodic submission against the current structure should verify the upload template requirements once FI releases its updated guidance rather than copying forward a prior submission.
All obliged entities must report via FI’s reporting portal, Fidac, unless they qualify for AMLA’s direct supervision. FI states that entities qualifying for AMLA direct supervision will report in accordance with EBA’s taxonomy and that FI will contact those entities separately. AMLA direct supervision starts in 2028, with selection taking place in 2027, so groups with Swedish entities that may be eligible for AMLA selection should identify the relevant legal entity and plan for the FI/Fidac and EBA taxonomy split rather than treating the channels as interchangeable.
The article on which obliged entities face direct AMLA supervision sets out how that selection process works and who is likely to be caught.
What the report is really for: risk-based supervision
FI uses the periodic return as a primary input to decide where to point its supervisors. In its June 2026 risk report, FI states plainly that it identifies the year’s priority risks using, among other things, the information it receives from entities through annual periodic reporting and the national risk assessment. The data a firm submits in the reporting window feeds directly into FI’s risk identification for the following supervisory cycle.
That is why any shift to structured inherent-risk and control-environment questions would matter more than the form change suggests. Once answers are captured as comparable risk-factor fields rather than narrative, FI can rank and compare firms across the whole population. A firm whose return signals high inherent risk and thin controls is, in effect, nominating itself for closer supervisory attention. That follows from the logic of risk-based supervision under Article 40 of Directive (EU) 2024/1640, which requires supervisors to apply a risk-sensitive approach and to review the risk assessments underlying each firm’s discretion.
The mistake here is to optimise the return for a clean-looking answer. The methodology distinguishes inherent risk, which a firm cannot wish away because it follows from its customers, products and geography, from residual risk, which reflects control quality. Understating genuine inherent risk to look low-risk tends to misalign a firm’s own enterprise-wide risk assessment with what it tells FI, and that gap is exactly what a supervisor probes. Sweden’s broader supervisory priorities, including correspondent banking, fast digital payment services and crypto, are set out in our note on the 2026 Swedish AML, CFT and sanctions risk priorities.
How periodic reporting fits the wider EU AML reset
Periodic AML reporting in Sweden sits within a much larger change. The EU adopted its AML package on 31 May 2024 and published it in the Official Journal on 19 June 2024: Regulation (EU) 2024/1624, the AML Regulation that becomes the directly applicable single rulebook; Directive (EU) 2024/1640, the sixth AML Directive; and Regulation (EU) 2024/1620, which establishes AMLA. The Regulation applies from 10 July 2027, with a later date for certain entities, while Member States must transpose the Directive by 10 July 2027 and AMLA’s direct supervision starts in 2028.
Because the binding technical standards on the risk methodology are still in draft, firms tracking both FI’s reporting instructions and EU developments may see their periodic return questions shift as standards are finalised. Any alignment between FI’s questionnaire design and evolving EU risk indicators would give Swedish firms an early preview of the EU risk grammar, though individual question wording could still shift once the final standards are published. For the contours of the single rulebook itself, see our explainer on what the AMLR single rulebook changes.
The same logic is playing out in other Member States that run national AML data collections, and reporting teams responsible for several jurisdictions will see the methodologies converge. A useful comparison is the Luxembourg approach described in our coverage of the CSSF AML and CFT data collection, which runs a parallel annual exercise under its own national framework.
How to prepare before FI publishes updated guidance
FI’s final reporting instructions for the next cycle are not yet published, but the EU risk indicator framework is available now, and that is enough to start. Three moves are worth making before FI publishes its detailed instructions.
First, read the draft indicators under Regulation (EU) 2024/1620 and Directive (EU) 2024/1640, plus AMLA’s data-collection template, and map the inherent-risk factor families, customers, products, services, transactions, delivery channels and geography, against your own enterprise-wide risk assessment. Gaps you find now are gaps in current reference-year data you can still capture.
Second, confirm your submission route. For most Swedish firms that means checking the FIDAC submission requirements once FI releases updated guidance and deciding between manual entry and a file upload. For any entity that might be selected for AMLA direct supervision, it means establishing whether additional EU taxonomy obligations will apply and to which legal entity.
Third, align the story. The periodic return, your internal enterprise-wide risk assessment, and any group-level AML risk reporting should describe the same inherent and residual risk. Where updated questions force a more granular answer than your current risk assessment supports, the fix is to deepen the assessment, not to round the return to fit. The common failure is to treat these as three separate documents owned by three separate teams, which is how inconsistencies reach the supervisor.
Frequently Asked Questions
When might periodic AML reporting in Sweden change?
FI has indicated that periodic AML reporting may be subject to updates in question design and structure over time. Any changes to the questionnaire for a given reporting cycle must be confirmed against FI’s final published reporting instructions; existing cycles continue to use established templates until FI issues updated guidance. The 2026 report, filed by 31 March 2026, used the established question set.
Which firms have to submit the report?
All undertakings subject to the Swedish Money Laundering Act, lag (2017:630), Chapter 1, Section 2, points 1 to 13, must report annually to Finansinspektionen. FI’s supervised population spans banks, payment institutions, electronic money issuers and crypto-asset service providers, down to one-person operations.
What might change in the questions?
FI has indicated that updates to question design and content are possible, with a potential focus on inherent risk factors and control environments aligned with the direction of EU AML risk methodologies. The specific questions and structure for any future cycle must be confirmed in FI’s published reporting instructions. EU AML risk methodology commonly uses inherent-risk factor categories such as customers, products and services, transactions, delivery channels, and geographic exposure; FI’s final mapping of these must be confirmed in its published template.
How is the report submitted?
Reports are submitted via Finansinspektionen’s designated reporting channels; the exact technical submission format and any file schema changes should be confirmed in FI’s updated reporting instructions. Firms that automate the upload should verify the submission template before the next cycle once FI publishes its updated instructions.
What is EBA taxonomy reporting?
AMLA’s direct supervision framework and related reporting taxonomy requirements should be confirmed directly against AMLA and EBA implementing technical standards once adopted; national reporting channels such as FIDAC remain the current basis for Swedish AML periodic reporting. AMLA direct supervision is expected to begin in 2028 and would apply to a selected subset of obliged entities based on risk-based criteria under the AMLA framework, so for most Swedish firms the FIDAC return is the applicable channel.
Does the deadline or reporting frequency change?
The established pattern is annual reporting, with a reference date of 31 December and a filing window of 1 January to 31 March. Any change to that cadence would need to be confirmed against FI’s final instructions for the relevant reporting cycle.
Why might Sweden align with EU standards that are still in draft?
The EU AML package was adopted in 2024, but the binding technical standards that define the risk methodology are still being finalised. To the extent FI aligns its reporting questionnaire with evolving EU risk indicators, firms would gain an early preview of the EU risk grammar; however, individual question wording for any FI return depends on FI’s final published instructions.
What should we do now if we file in Sweden?
Map the inherent-risk factor families in the draft EU indicators against your enterprise-wide risk assessment, identify any current reference-year data you are not yet capturing, confirm whether you submit through FIDAC or whether AMLA direct supervision obligations may apply, and make sure your periodic return, internal risk assessment and group reporting tell the same risk story.
Related Articles
- Sweden’s Finansinspektionen 2026 AML, CFT and Sanctions Risk Priorities – How FI is prioritising correspondent banking, fast digital payments and crypto in its 2026 supervision.
- What the AMLR Single Rulebook Changes – The directly applicable EU AML Regulation and how it reshapes obliged-entity obligations.
- Which Obliged Entities Face Direct AMLA Supervision – The selection process for AMLA direct supervision and who is likely to be caught.
- CSSF AML and CFT Data Collection 2026 – Luxembourg’s parallel annual AML data collection and what firms report.
- FCA Financial Crime Priorities and AML Reporting for UK Firms – How the UK supervisor frames financial-crime expectations for regulated firms.
- Riksbank, T2S and Swedish Settlement Reporting – Sweden’s move toward EU settlement infrastructure and what it means for Swedish reporting teams.
Key Takeaways
- Finansinspektionen periodically updates its AML reporting instructions for obliged entities under the Swedish Money Laundering Act (2017:630); any structural redesign of the periodic questionnaire, including questions on inherent risk factors and control environments, must be confirmed against FI’s final published reporting instructions and templates once issued.
- The established annual cycle uses a reference date of 31 December and a filing window of 1 January to 31 March; any change to the question set or structure for a future cycle must be confirmed in FI’s final instructions for that period.
- The EU AML package (Regulation (EU) 2024/1620, Directive (EU) 2024/1640) provides the legal framework for a harmonised risk methodology; any alignment between FI’s questionnaire and EU risk indicator families must be confirmed once FI issues its updated reporting instructions and the relevant EBA/AMLA technical standards are published.
- Scope is broad: all undertakings under the Swedish Money Laundering Act, covering banks, payment institutions, e-money issuers and crypto-asset service providers across a wide range of firm sizes.
- EU AML risk methodology uses inherent-risk factor categories including customers, products, services, transactions, delivery channels and geography, and residual-risk benchmarks that test the quality of internal controls; FI’s final mapping of these into reporting questions must be confirmed in its published template.
- FI states that all obliged entities must report via Fidac. Entities that qualify for AMLA direct supervision will report in accordance with EBA’s taxonomy, and FI will contact those entities separately. AMLA direct supervision starts in 2028 after the 2027 selection process.
- FI uses periodic reporting to identify supervisory priorities, so the structured answers feed risk-based supervision rather than sitting in a file.
- Reading the draft EU risk indicators now lets firms identify potential data gaps before the current reference year ends.
Sources and References
- Finansinspektionen, “Major changes in periodic AML reporting” (26 June 2026): https://www.fi.se/en/published/news/2026/major-changes-in-periodic-aml-reporting/
- Finansinspektionen, “Periodic reporting” (reporting to FI): https://www.fi.se/en/bank/money-laundering/reporting-to-fi/
- Finansinspektionen, “Prioritised risks related to money laundering, terrorism financing and international sanctions” (18 June 2026, FI Ref. 26-14962): https://www.fi.se/contentassets/1c5cc6ab07ee4aacb9fb52926ae3bbcf/prioritised-risks-related-to-money-laundering-terrorism-financing-and-international-sanctions.pdf
- Regulation (EU) 2024/1620 establishing AMLA (Article 12, selection assessment methodology): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1620
- Directive (EU) 2024/1640 (sixth AML Directive, Article 40 risk-based supervision): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024L1640
- Regulation (EU) 2024/1624 (AML Regulation, the single rulebook): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1624
- Lag (2017:630) om atgarder mot penningtvatt och finansiering av terrorism (Swedish Money Laundering Act) and Finansinspektionen regulations FFFS 2017:11.
Prepare now, confirm when FI publishes
Where FI’s periodic AML reporting guidance aligns with EU AML risk indicator frameworks, firms that have already mapped those risk-factor families to their own assessments will have the right data in hand when instructions are published. Map the inherent-risk factor families in the draft EU indicators to your own risk assessment before the reference year closes, confirm whether you file through FIDAC or whether AMLA direct supervision obligations may apply, and make the return, the assessment and your group reporting say the same thing. A firm that does that arrives in the next reporting window with the right data already in hand, and with a return that holds up when FI uses it to decide where to look.
Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.