Sanctions compliance programme: new law tightens requirements for financial institutions

View as Markdown
3 mins read • Legal Writer • FINANCIAL REGULATION • 12 May 2025
  1. How financial institutions are affected

From 10 June 2025, a new Swedish law implementing the EU Sanctions Directive enters into force. The purpose is to ensure that sanctions adopted within the Union – such as asset freezes, trade restrictions and travel bans – are complied with consistently across all Member States. With the new law, breaches that were previously, in some instances, treated as regulatory non-compliance are criminalised. The framework is thereby strengthened and given a clearer legal foundation, directly affecting financial sector firms. Our experienced AML lawyers advise on how financial institutions can meet the new requirements for sanctions screening within a robust sanctions compliance programme and sanctions compliance framework.

The law marks a shift – not only in how breaches are handled, but also in how financial institutions and fintechs are expected to work preventively with compliance under the sanctions regime. It imposes higher demands on documentation, governance and traceability across the sanctions compliance framework.

How financial institutions are affected

For banks, payment service providers, investment firms and other entities supervised by the Swedish Financial Supervisory Authority (FI), the new rules are particularly relevant. Key changes to consider include:

  • Harsher criminal penalties are introduced for breaches of EU sanctions measures.
  • Less serious infringements may now constitute a criminal offence, increasing risk exposure.
  • Four new offence categories are created: minor sanctions offence, sanctions offence, aggravated sanctions offence and repeat sanctions offence.
  • Participation in the form of attempt or aiding and abetting is criminalised in certain cases.
  • Certain authorities are obliged to refer suspicions to law enforcement bodies.

Those who apply or monitor sanctions measures within a financial organisation must now ensure that internal policies and controls are sufficient to prevent both inadvertent and systematic breaches. In particular, firms should:

  • Review and, where necessary, update alert logic in sanctions screening and KYC routines, including sanctions list screening.
  • Document internal assessments when handling transactions potentially linked to sanctioned individuals or organisations.
  • Ensure clear allocation of responsibilities within sanctions compliance and escalation processes.
  • Train staff – especially in operational roles – in the substance and implications of the new framework under the EU Sanctions Directive.
  • Establish or revise internal reporting channels for identified deviations.

The law means that even minor breaches – previously not criminalised – may now be assessed under criminal law. This alters the risk landscape and heightens the need for a robust, auditable compliance approach across the sanctions compliance framework.

At Morling Consulting, our lawyers support financial businesses across Europe in adapting their procedures for compliance with the sanctions regime to applicable law, ensuring that both processes and controls meet the expected standard.

Material Design illustration showing three legal professionals in front of an AI chip, playground and surveillance symbols, representing IMY’s focus areas public AI, children’s privacy and law enforcement.

5 February 2026

IMY’s priorities for 2026 – what do they mean for your organisation?
Read more
Illustration of a startup GDPR compliance briefing, with team members reviewing a security checklist and data protection policy on a screen.

4 February 2026

GDPR in your start-up – how to build assurance and compliance
Read more
Anonymous lawyer in a suit presses a digital whistleblowing button inside a protective sphere, symbolising secure whistleblowing systems, employee privacy and internal controls under the AMLR.

3 February 2026

AMLR Articles 13–15: employee integrity, whistleblowing and internal control
Read more