Supervisory authority

A supervisory authority is the public body responsible for monitoring compliance with laws and regulations within a defined area.

Explained – what does supervisory authority mean?

A supervisory authority is responsible for verifying that legislation, regulations and other legal requirements are observed. In areas such as GDPR and anti-money laundering, supervisory authorities play a central role in ensuring correct application and legal certainty. A compliance lawyer works with supervisory expectations to help organisations implement processes and controls aligned with the law.

For GDPR, the Data Protection Agency is the competent supervisory authority in Sweden (known locally as Integritetsskyddsmyndigheten, IMY). For the Anti-Money Laundering Act, several authorities share responsibility depending on sector, including the Swedish Financial Supervisory Authority for banks and financial institutions, as well as the county boards, the Fastighetsmäklarinspektionen, the Spelinspektionen, and others across Europe.

When does the supervisory authority question arise?

The question becomes relevant when a business is subject to frameworks such as GDPR or the Anti-Money Laundering Act and must demonstrate that it meets the applicable requirements for its operations. This may concern the handling of personal data or customer due diligence and risk assessment in financial activities. For example, a bank must show routines to prevent anti money laundering and a company processing personal data must demonstrate GDPR compliance.

Illustration of a supervisory authority audit: officials reviewing compliance documents and records, representing regulatory oversight, inspections and enforcement in financial and data protection regulation.

Key considerations regarding a supervisory authority

Where an organisation is subject to a supervisory authority, it is vital to work systematically with regulatory requirements. Consider the following:

  • Identify which supervisory authorities apply to your specific operations, including any role of the Swedish Financial Supervisory Authority.
  • Maintain documented procedures showing how laws and regulations are complied with.
  • Appoint responsible individuals who can communicate effectively with the supervisory authority.
  • Carry out regular internal audits to detect deficiencies.
  • Train staff in relevant frameworks, for example GDPR or the Anti-Money Laundering Act, including KYC.
  • Be prepared for inspections or reviews by the supervisory authority.
  • Follow the authority’s guidance and statements to remain up to date.

A considered approach to supervisory expectations builds assurance and long-term stability within the organisation.

Supervisory authority

Why is the supervisory authority important?

The supervisory authority is important because it ensures that organisations comply with applicable laws and rules. This is particularly true in higher-risk areas such as anti money laundering and data protection, where shortcomings can lead to legal and financial consequences.

Through the work of supervisory authorities, organisations receive guidance and are required to maintain high standards in their processes. This enables proactive risk management and robust structures rather than purely reactive measures.

In turn, the supervisory authority helps to build trust among customers, employees and partners. When organisations can demonstrate compliance and are subject to supervision, their market credibility strengthens.

Frequently asked questions about the supervisory authority

A supervisory authority examines and oversees whether organisations comply with the laws and regulations applicable in its domain, such as GDPR and the Anti-Money Laundering Act.

Several authorities share responsibility depending on the sector. For example, the Swedish Financial Supervisory Authority supervises banks and credit institutions, the county boards oversee certain bookkeeping businesses and the Revisorsinspektionen supervises auditors.

Contact may be required for routine reporting, during an ongoing review, or when operational changes affect how rules are applied, including KYC and risk assessment.

The Data Protection Agency oversees GDPR, while the Swedish Financial Supervisory Authority supervises the Anti-Money Laundering Act and other financial regulation. The difference lies in the sectors each authority supervises.

Establish a clear compliance structure by documenting processes and conducting internal audits. Common measures include:

  • Updating and documenting procedures
  • Training staff
  • Performing risk assessment
  • Creating an inspection response plan

They both verify compliance and issue guidance on applying the rules. Without effective supervision, anti money laundering and counter-terrorist financing measures may not be effective in practice. Authorities also help create a common standard by:

  • Issuing general guidelines and regulations
  • Applying risk-based supervision to prioritise the greatest threats
  • Pursuing cases that may lead to sanctions for serious shortcomings
  • Strengthening confidence in financial markets and the legal system

Read more about our services

GDPR (Privacy)

When personal data matters need to be handled close to the business, a privacy counsel can prepare and review contracts, records and privacy notices, and handle personal data breaches. For the Data Protection Officer, the IT/Security Manager and the Operational Manager, it is about clear assessments, proportionate measures and a more coordinated response when matters arise.

Anti-Money Laundering

Where ways of working need to be formalised, an AML legal counsel can support with risk assessments, internal procedures, roles and operational documentation that works in practice. For the AML Officer and the Operational Manager, the focus is on gaining control over what actually needs to be done day to day.

Financial regulation

When requirements need to be translated into decisions, priorities and actionable measures, support in financial regulation can be used to create a clear way forward. For the CEO, the Board and the Compliance Officer, this means a more structured basis for decision-making that stands up even when questions come from partners or the Financial Supervisory Authority (FI).

Contact

Felix Morling

Contact us

If you prefer phone, please feel free to contact Felix Morling at +46 70 444 42 85

"*" indicates required fields