FI revokes Intergiro’s licence – requirements and takeaways for fintech companies

The Swedish Financial Supervisory Authority (FI) decided on 17 June 2025 that Intergiro Intl AB must cease all regulated activities no later than 19 September 2025. The decision rests on extensive shortcomings in the firm’s work to combat money laundering and terrorist financing. Do you want to ensure your own framework meets today’s standards? Contact our AML lawyers for support with both strategic and operational AML work.

Background to FI’s decision to revoke the licence

Intergiro is an electronic money institution under the Electronic Money Act (2011:755) (LEP) and also provides payment services. Under the Anti-Money Laundering Act (2017:630), institutions of this type must apply a risk-based approach, which is put to the test when a business is transaction-intensive. FI’s review covers February 2021 to October 2023 and shows that several core requirements — the enterprise-wide risk assessment, customer due diligence (KYC) and the reporting of suspicious transactions — were disregarded over a prolonged period.

The enterprise-wide risk assessment and KYC are pivotal because they underpin the correct application of the Anti-Money Laundering Act. The enterprise-wide risk assessment identifies where the greatest risks lie in the business — i.e. where the company needs to focus resources to control the risk of being misused for money laundering and terrorist financing. KYC is the starting point for accurately risk-classifying customers; without it, the right measures are not taken for the right customer based on a risk-based approach. Where appropriate, firms should be prepared for a formal risk assessment review and maintain documented customer due diligence procedures aligned to their enterprise-wide risk assessment.

Reporting suspicious transactions to the Swedish Financial Intelligence Unit (Finanspolisen, FIPO) is essential to ensure that suspicions arising in the business can be used in criminal investigations. Intergiro did submit reports, but often too late and not as transactions. Where suspicions were incorrectly reported as activities, not all of the information required for a transaction-based report was included. Timely SAR submissions — and, where relevant, STRs — are a core expectation.

FI’s investigation exposes a set of interlinked failings that seriously undermine the institution’s ability to prevent money laundering and terrorist financing. Below are the three most critical deviations the authority identified during its supervision, which together reveal a pattern of inadequate risk controls, deficient KYC and missed reporting.

• Incomplete enterprise-wide risk assessment – two versions during the review period lacked analysis of how products could be exploited, and the fourth assessment from May 2025 shows residual risk remains high.
• Insufficient KYC measures for high-risk customers – the statutory triggers for enhanced due diligence under the Anti-Money Laundering Act were not met.
• Delayed or omitted reporting of suspicious transactions – reported as “activities” and often with significant delay, contrary to the Anti-Money Laundering Act.

Why FI opted for revocation rather than a warning

Interventions for AML breaches must be proportionate to the risk level and the nature of the infringement. In Intergiro’s case, the failings are long-standing and systemic, striking at the heart of the most central rules in the Anti-Money Laundering Act. FI also notes the firm’s highly transaction-intensive model, which magnifies the consequences of each shortcoming. Taken together, FI considers the risk of continued breaches so high that a warning is insufficient; the licence is therefore revoked. Key considerations in FI’s assessment include:

• Systemic breaches of core requirements: FI stresses that when central AML requirements are disregarded, the alternatives are generally limited to revocation or a warning.
• Transaction-intensive business model: High volume and speed in payment flows increase risk where controls are weak.
• Imminent risk of large-scale money laundering: Failure to report in connection with large refund claims may have impaired the police’s ability to secure criminal proceeds.
• Deficient handling of refund claims – certain high-value transactions were not reported at all.

FI has not only reviewed history but also assessed the firm’s future ability to comply. The authority finds that Intergiro lacks credible prospects of remedying the failings, which weighs heavily in favour of revocation. In its assessment FI took into account, for example:

• The board and management have been largely unchanged since 2019, reducing the likelihood of sustainable remediation.
• The remediation programme from March 2023 was not described with sufficient specificity, including which concrete measures form part of the programme.
• The firm’s own risk assessments still rate residual risk as high (“significant”).

The authority characterises the company’s attitude as notably uninformed and dismissive, which is why a warning is not considered adequate.

The core of the regime: risk-based methodology

A risk-based approach means controls and resources must be proportionate to the risks identified in the business. The Anti-Money Laundering Act is based on the EU’s Fifth Anti-Money Laundering Directive (AMLD5) and requires obliged entities to:

• Document and update the enterprise-wide risk assessment when products, customers, distribution channels or geographies change.
• Conduct ongoing monitoring of transactions and document anomalies.
• Report suspicious transactions without delay to the Swedish Financial Intelligence Unit (FIPO), with clear, timely SAR submissions.

In its practice FI has clarified that failure to report should be treated as serious because it directly hinders law enforcement. The authority also underlines that prompt and accurate reporting is central to maintaining confidence in the financial system.

Lessons and practical actions for fintech firms — risk assessment review

1.  Treat the enterprise-wide risk assessment as a living document: update at least annually — and more frequently when launching new services or entering new markets.
2. Enhanced KYC for high-risk customers: apply enhanced due diligence under the Anti-Money Laundering Act, for example by verifying tax residence, ownership structures and transaction patterns. Where relevant, formalise kyc measures and customer due diligence procedures to ensure consistency.
3. Transaction monitoring: ensure systems flag anomalies in real time and that each alert is assessed by qualified staff.
4. Reporting (SAR/STR): embed processes so that a suspicious transaction triggers an immediate report. Delay may result in non-compliance with the Anti-Money Laundering Act.
5. Governance and culture: the board should annually approve an AML instruction and receive incident reporting. FI considers tone-at-the-top when assessing a firm’s ability to comply.

How Morling Consulting can help

We combine deep regulatory expertise with practical fintech experience to rapidly identify and remediate critical gaps in your AML framework. Where needed, we can act as an external interim AML function during intensive supervisory or transformation phases. Our fintech lawyers provide:

• Independent reviews of the enterprise-wide risk assessment, KYC routines and transaction monitoring.
• Training packages for the board, senior management and operational teams.
• Contingency plans for FI dialogue and reporting routines, including SAR governance.

Do you need to strengthen your AML framework or prepare for supervision? Get in touch — our aml lawyer team supports clients across Europe to protect both business and reputation.