The Financial Supervisory Authority of Norway identified severe breaches in anti-money laundering protocols at Svenska Handelsbanken AB NUF ( Handelsbanken Norway) following a comprehensive inspection. This regulatory scrutiny began with meetings in early 2024 and culminated in a final report highlighting systemic deficiencies across multiple compliance domains within the Norwegian branch. The findings emphasize that the branch failed to meet fundamental legal requirements regarding risk assessment, customer due diligence, and internal control mechanisms. While the bank has since initiated structural changes to centralize and improve its compliance framework, the historical gaps remain a significant point of regulatory concern. This case underscores the rigorous expectations placed on foreign bank branches operating within the Norwegian financial ecosystem to prevent illicit financial flows.

Norwegian Anti-Money Laundering Regulatory Findings

The supervisory assessment conducted by the Norwegian regulator meticulously detailed how the financial institution struggled to align its daily operations with the specific mandates of the Anti-Money Laundering Act. One of the most glaring issues resided in the overarching risk assessment process, which serves as the foundation for any effective compliance program. The authorities noted that the bank utilized an external tool for documenting risks but failed to adapt the output to the specific realities of its local operations. Several factors identified as having low or medium inherent risk were essentially ignored in the final analysis, despite the branch having significant exposure to those specific sectors or customer types. This lack of granular analysis meant that the institution could not accurately gauge its real-world vulnerability to financial crime.

Furthermore, the regulator found that the bank did not adequately distinguish between inherent risk and residual risk. For instance, in sectors like real estate and construction, which are globally recognized as being highly susceptible to illicit activity, the bank concluded that its residual risk was moderate or low without providing sufficient evidence of how its controls mitigated the great inherent dangers. The logic used to reach these conclusions was often described as opaque or unsubstantiated. This pattern of behavior suggested a compliance culture that prioritized procedural completion over the substantive analysis of financial threats. The failure to link risk assessments directly to the operational environment created a cascading effect, where subsequent controls were misaligned with the actual dangers present in the portfolio.

Weaknesses In Internal Controls and Operational Training

Internal oversight mechanisms were another area where the institution fell short of statutory requirements. The report indicates that the bank’s internal control routines were static and failed to cover the entire scope of the regulatory framework over time. Specifically, there was a noticeable lack of focus on customers classified as having standard risk, with almost no samples taken to verify the adequacy of ongoing monitoring for this large segment of the client base. This oversight is particularly concerning as it creates blind spots where suspicious activity could go undetected simply because a customer does not fit a high-risk profile. The audit also revealed that a significant number of internal audit observations had remained open for years, some dating back as far as 2017, which points to a slow response in remediating known vulnerabilities.

Training protocols for staff and contractors were similarly found to be insufficient. The law requires that all employees involved in financial transactions receive regular, role-specific training to help them identify indicators of money laundering and terrorist financing. However, the bank’s training materials were deemed too generic and failed to address specific internal processes, such as how to handle transaction alerts or manage outsourced tasks. The regulator noted that the institution could not document that its training program was based on a proper gap analysis of employee skills. Without a well-trained workforce, even the most sophisticated electronic systems are less effective, as the human element remains the final line of defense against the integration of criminal proceeds into the legitimate financial system.

Challenges In Transaction Monitoring and Reporting Obligations

The effectiveness of the bank’s electronic transaction monitoring systems was also called into question during the inspection. The rules programmed into these systems were primarily focused on obvious methods of illicit activity, such as cash transactions and transfers to high-risk jurisdictions. They largely ignored internal domestic transfers, intra-group movements, and specific risks associated with certain industries. The regulator observed that a high volume of false positive alerts was generated, while many other monitoring rules failed to trigger a single alert over a three-year period. This suggests that the system was not properly tuned to the actual risk profile, leading to a situation where compliance staff were likely overwhelmed by irrelevant data while potentially missing real threats.

The reporting of suspicious activities to the national financial intelligence unit, known as Okokrim, showed similar procedural weaknesses. The bank had a high threshold for escalating alerts to full-scale investigations, with a vast majority of cases being closed during the preliminary review phase. In many instances, staff would simply accept a customer’s explanation for a suspicious transaction without performing independent verification or assessing the plausibility of the information provided. The report even highlighted a violation of the tipping-off prohibition, where the bank inadvertently informed a customer that they were under investigation during a communication regarding sanctions risk. This breach of confidentiality is a serious matter, as it can alert potential criminals and allow them to move funds before authorities can take action.

Future Compliance Expectations and Remediation Efforts

In response to these critical findings, the bank has embarked on a significant overhaul of its Norwegian compliance operations. This includes structural changes aimed at centralizing processes to ensure higher quality and consistency across its anti-money laundering activities. The institution has reported to the regulator that many of the weaknesses identified during the 2024 inspection have already been addressed or are included in detailed action plans. These improvements are intended to reduce the number of deviations detected by internal control functions and to ensure that the risk assessments and routines are fully operational and updated. The regulator acknowledged these efforts but emphasized that the ultimate success of these measures will depend on their effective implementation and long-term sustainability.

The supervisory authority has requested regular progress reports from the bank to monitor the status of its remediation work. The first of these reports is due in mid 2026, and all completed measures must be validated by the internal auditor of the branch to ensure they meet the required standards. This ongoing oversight serves as a reminder that regulatory compliance is not a one-time task but a continuous process of adaptation to evolving financial risks. The case of the Norwegian branch illustrates the increasing pressure on financial institutions to move beyond a checklist approach to compliance and to develop a deep, evidence-based understanding of the risks they face. For the broader financial sector, this report serves as a benchmark for the level of detail and rigor expected by modern supervisors in the fight against global financial crime.

The findings also touched upon the bank’s handling of specific customer segments, where the lack of enhanced due diligence was noted in cases that clearly warranted higher scrutiny. By failing to apply the correct level of investigation to complex corporate structures or politically exposed persons, the institution increased its risk of being used for money laundering purposes. The regulator stressed that the responsibility for these failures lies with the branch management, who must ensure that the compliance function has sufficient resources and authority to operate effectively. As the financial landscape becomes increasingly complex, the role of local branch compliance becomes even more critical in protecting the integrity of the national financial system.

Handelsbanken Norway must now demonstrate that it can transform its compliance culture from one that was historically reactive to one that is proactively managing financial crime risks. The steps taken to centralize the anti-money laundering unit are a positive move, but they must be accompanied by a change in mindset at all levels of the organization. Only by fully integrating regulatory requirements into its core business strategy can the branch hope to avoid future supervisory actions and maintain the trust of both the regulator and the public. The upcoming reports will be a crucial test of whether the bank has truly learned from the failures highlighted in the 2026 assessment.

---

Key Points

• The Norwegian Financial Supervisory Authority identified serious failures in risk assessment and internal controls at the bank.
• Staff training was found to be too generic and lacked the role-specific details required to identify complex financial crimes.
• Transaction monitoring systems were poorly calibrated, leading to high false positive rates and potential blind spots in domestic transfers.
• The branch has committed to a structural centralization of its compliance functions to address the identified regulatory gaps.

---

Related Links

• Finanstilsynet Official Tilsynsrapporter Database
• Norwegian Anti-Money Laundering Act Legal Archive
• Okokrim Annual Financial Crime Threat Assessment
• FATF Recommendations on International Compliance Standards
• European Banking Authority AML and CFT Guidelines

Other FinCrime Central Articles About Norway

• TD Bank Faces Intense Scrutiny as Norway Oil Fund Observes $3 Billion Financial Crime Risk

Source: Finanstilsynet Norway

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.