Common shortcomings in fast-growing fintech companies

Our AML lawyers often find that fintech firms maintain governance documents that, on paper, meet the anti-money laundering regime’s requirements, yet the content is no longer anchored in the actual business. Fintech actors’ compliance with the anti-money laundering regime is a central issue, particularly when the business model evolves through new products, partnerships or changes in distribution channels. The documentation does not always keep pace. When governance documents lag behind, operational AML processes for customer due diligence and transaction monitoring begin to strain as the business develops and is exposed to new risks.

This creates a structural deficiency that the Swedish Financial Supervisory Authority (Finansinspektionen) reacts to during supervision—especially where there is no clear link between identified risks and mitigating measures. Outdated routines that no longer reflect current operations are seen as an indicator that AML work is not integrated into the business, which in turn undermines confidence in the entire control system and weakens fintech AML compliance. Robust AML documentation requirements and internal control procedures are decisive to avoid adverse inspection remarks.

Meeting the Swedish Financial Supervisory Authority’s requirements in practice

The Swedish Financial Supervisory Authority sets high expectations for both documentation and the actual implementation of the AML regime. It is not sufficient to have a business-wide risk assessment and a set of instructions—there must also be functioning processes, clear accountability and ongoing follow-up. The same applies to fintech firms providing payment services, currency exchange or crowdfunding as it does to “classic banks”. A coherent AML governance framework, with defined AML roles and responsibilities, is essential to translate policy into day-to-day controls.

Some areas where supervisory review frequently leads to remarks:

• Insufficient customer due diligence: Information about the customer’s business, purpose and ownership structure is missing or outdated, including beneficial ownership information and CDD documentation.
• Deficiencies in the business-wide risk assessment: The firm has not documented the risks associated with different customer types or products, nor aligned the KYC process with those risks.
• Lack of internal control: There are no routines for ongoing review and improvement of AML work, including testing of transaction monitoring and suspicious transaction reporting.
• Unclear allocation of responsibilities: Accountability for the analysis and reporting of suspicious transactions is not defined within AML roles and responsibilities.

To comply with the regime, firms need continuous, documented collaboration between management, the control function and the AML officer. Regular updates to procedures and staff training are not mere formalities—they are critical to preventing both legal and commercial risks. They also build trust with investors, partners and supervisory authorities. At Morling Consulting, we support fintech actors in their compliance with the anti-money laundering regime. Our AML lawyers provide practical solutions across strategy, documentation and the control function—tailored to your business model, including targeted AML compliance services and enhancements to internal control procedures.