The Financial Supervisory Authority of Norway (FSA), known as Finanstilsynet, is the primary government agency responsible for the supervision of Norway’s financial system and is tasked with oversight of all banks and financial institutions within the country. In its supervisory role, the FSA manages licensing and reporting requirements for financial activity within Norway and works to ensure that firms implement regulations introduced by the Norwegian government, including anti-money laundering and counter-financing of terrorism laws.
What is the Finanstilsynet?
An independent government agency, the FSA was formed in 1986 as a merger of the Norwegian Insurance Council, the Bank Inspection Agency and the Broker Control Agency. The FSA was officially titled the Credit Supervisory Authority (Kredittilsynet) until it changed that name in 2009. Headquartered in Oslo, the FSA operates under the supervision of the Norwegian Ministry of Finance and is currently chaired by Finn Arnesen.
The FSA has a mandate to promote financial stability and well-functioning markets within Norway and to cooperate with international regulatory bodies, including ensuring that regulations applicable to EEA member states are implemented effectively within the country.
As Norway’s financial regulator, the FSA fulfills the following functions:
Supervision: The FSA’s supervisory responsibilities include on-site and off-site inspections of banks and other financial institutions within Norway. The FSA assesses firms against a list of risk-based criteria based on international AML standards and conducts regular analyses to detect emergent threats that may cause financial stability problems in the future.
Licensing: The FSA issues licenses to entities wishing to operate as banks or financial service providers within Norway. The FSA sets out the criteria for firms seeking to obtain a license and handles the application process itself. Where the FSA discovers violations of licensing rules, it has the authority to order firms to rectify deficiencies or, in the case of serious deficiencies, withdraw licenses.
Reporting: Banks and financial institutions must report to the FSA when they detect suspicious financial activities. The FSA sets out reporting requirements for different types of financial institutions, along with the relevant reporting forms.
Regulation: The FSA works with the Storting (the Norwegian parliament) to draft, implement and enforce financial regulations and AML/CFT policy. The FSA sets out those regulations, and the institutions to which they apply, online.
Communication: The FSA also performs an important communications role for the financial industry, ensuring that institutions within Norway have the information and resources they need to comply with the country’s AML/CFT regulations.
The primary article of AML legislation in Norway is the Anti-Money Laundering Act (2018), which implements the AML requirements of the EU’s Fourth and subsequently Fifth Anti-Money Laundering Directives (4AMLD and 5AMLD) along with those set out by the Financial Action Task Force (FATF).
The Anti-Money Laundering Act applies to the following institutions operating within Norway:
- Banking and credit service providers
- Financing companies
- Payment services providers
- Holding companies
- Insurance and pensions companies
- Electronic money service providers
Under 4AMLD and 5AMLD, obliged entities within Norway must put AML measures in place to deal with the criminal risks posed by cryptocurrencies. In accommodating this requirement, the Norwegian Anti-Money Laundering Act brought financial institutions that offer cryptocurrency services under the supervision of the FSA and introduced new reporting obligations for crypto storage and exchange services.
Under the requirements of the Anti-Money Laundering Act, the EU’s directives and FATF recommendations, obliged entities within Norway should implement a risk-based AML program. This means that AML measures put in place should be commensurate with the level of risk presented: after a firm conducts a risk assessment, lower-risk customers may warrant a simplified AML response while higher-risk customers may be subject to an enhanced level of AML scrutiny.
AML programs in Norway should feature the following controls and measures:
- Customer due diligence: Banks and financial institutions in Norway must establish and verify the identities of their customers and the nature of the business in which they are engaged by carrying out appropriate customer due diligence (CDD) measures. Beneficial ownership of customer-entities must be similarly established. Higher-risk customers should be subject to enhanced due diligence (EDD) measures.
- Transaction monitoring: In order to detect when customers engage in suspicious financial behavior that may indicate attempts to launder money, firms must put transaction monitoring measures in place. In practice, those measures should be set up to detect unusual volumes, frequencies or patterns of transactions or transactions involving high-risk countries.
- Screening: Banks and financial institutions must screen to find out whether their customers are included on international sanctions and watch lists, including the EU sanctions list. Firms must also conduct PEP screening to find out whether customers are politically exposed persons and so at a higher risk of money laundering.
- Adverse media: Firms in Norway must monitor on an ongoing basis for adverse media stories that involve their customers. Adverse or negative news media often indicate an increased level of money laundering risk, and firms should monitor conventional television and print media sources along with online outlets.