Customer due diligence for fintech – balancing innovation and compliance

View as Markdown
2 mins read • Legal Writer • ANTI–MONEY LAUNDERING • 4 September 2025
  1. What the law requires – and why it becomes complex

The fintech sector is among the most innovative in Europe – and at the same time tightly regulated. To operate in payment services, lending or currency exchange, firms need not only technical excellence but also robust compliance, in particular measures against money laundering and the financing of terrorism.

Under the Swedish Anti-Money Laundering Act (2017:630), fintech actors are obliged entities. They must identify and understand their customers, document the purpose of business relationships and continuously monitor transactions – even when everything is digital, rapid and at scale.

What the law requires – and why it becomes complex

The framework aims to prevent the financial system from being exploited for criminal purposes. Fintech companies must therefore implement risk-based procedures for customer due diligence (often framed as know your customer fintech) and ongoing transaction monitoring, including for seemingly low-value amounts or simple services.

Key duties under the Anti-Money Laundering Act:

  • Identify and verify the customer’s identity – including onboarding via, for example, an app.
  • Understand the customer’s business relationship and the purpose of that relationship.
  • Assess the risk of money laundering or terrorist financing for each customer (customer risk assessment AML).
  • Where there is suspicion, submit a suspicious activity or transaction report to the Swedish Financial Intelligence Unit (Finanspolisen).
  • Document and retain KYC information for five years, or longer in certain cases.

Digital onboarding, neobanks, payment solutions and the e-krona introduce new technical solutions – but also new risks. In its 2024 annual report, the Swedish Financial Intelligence Unit highlights increased use of false identities, professional money launderers and cross-border flows that challenge existing controls.

This means control procedures must be adapted to emerging risks and modi operandi. Fintech firms need to innovate – but within the boundaries of the law.

At Morling Consulting, our fintech lawyers provide tailored advice on regulatory compliance. We help fintech companies across Europe to design effective AML programmes, interpret reporting obligations and embed sustainable KYC routines from day one – combining fintech compliance consulting with practical know your customer fintech execution, ongoing transaction monitoring and customer risk assessment AML.

Material Design illustration showing three legal professionals in front of an AI chip, playground and surveillance symbols, representing IMY’s focus areas public AI, children’s privacy and law enforcement.

5 February 2026

IMY’s priorities for 2026 – what do they mean for your organisation?
Read more
Illustration of a startup GDPR compliance briefing, with team members reviewing a security checklist and data protection policy on a screen.

4 February 2026

GDPR in your start-up – how to build assurance and compliance
Read more
Anonymous lawyer in a suit presses a digital whistleblowing button inside a protective sphere, symbolising secure whistleblowing systems, employee privacy and internal controls under the AMLR.

3 February 2026

AMLR Articles 13–15: employee integrity, whistleblowing and internal control
Read more