The FIN-FSA’s strategy for 2023–2025 steers supervision and the development of activities. The strategy promotes proactivity and predictability, the utilisation of digitalisation in operations, leadership that supports expertise as well as flexibility and adaptability.

In 2024, the supervisor carried out supervision in line with its established focus areas. These were related to operational and financial risks posed by the unstable operating environment, long-term trends and the reliability of supervised entities’ governance.

Macroprudential measures strengthened the resilience of the financial system to structural risks

The FIN-FSA Board makes decisions concerning the use of macroprudential tools in Finland. In June 2024, the FIN-FSA decided to keep the additional capital requirements for Other Systemically Important Institutions (O-SII) unchanged. The FIN-FSA had set a systemic risk buffer at 1% in 2023 and approved the partial application of a Norwegian systemic risk buffer to Finnish banks’ exposures in Norway; both of these requirements entered into force in the review year.

In September, the FIN-FSA reciprocated the 7% sector-specific systemic risk buffer requirement set by the Danish macroprudential authority. This requirement applies to Finnish credit institutions’ exposures in Denmark with entities operating in the real estate sector. The requirement entered into force on 1 January 2025.

The structural capital buffer requirements entered fully into effect, raising the overall macroprudential buffers to a level deemed sufficient by the FIN-FSA.

On a quarterly basis, the FIN-FSA assessed both the need to set a countercyclical capital buffer requirement for credit institutions and to tighten the maximum loan-to-value ratio, or the loan cap, which limits mortgage lending to households. Market or cyclical developments did not indicate a need to tighten these requirements at any time during the review year.

According to a report prepared during the review year, credit institutions complied well with the FIN-FSA recommendation on a maximum debt-servicing burden for housing loan applicants’ loans and housing company-related charges for financial costs as well as restrictions on new housing loans and housing company loans, which entered into force in 2023.

New supervised entities among consumer lenders

Companies granting consumer loans were transferred under FIN-FSA supervision in 2023 when the Act on the Registration of Certain Credit Providers and Credit Intermediaries as well as provisions on the management of default risk in consumer lending entered into force.

Assessments and reviews concerning the fulfilment of the preconditions of registration by these new supervised entities and with regard to their customer protection procedures and default risk management were completed in the first half of the year. These reviews looked into the extent to which the lenders’ procedures were in line with the requirements of the new provisions, the content of the new supervised entities’ contract terms and their customer complaints handling processes. The reviews showed that individually agreed contract terms had some shortcomings. In addition, they revealed differences among different operators in the management of default risk and shortcomings in their credit granting practices.

Omissions were found in the reporting of changes in registered information. The FIN-FSA updated its register and examined the entities’ ownership structures in the same context. Based on applications by the companies concerned to have themselves removed from the register, the FIN-FSA revoked the registration of 14 companies. Removal from the register was conditional on the company no longer granting new consumer credit and having no outstanding credit stock from its previous activity.

Risk management by banks as an object of supervision

The FIN-FSA supervises the largest banks in Finland together with the European Central Bank: Nordea Bank Plc, OP Financial Group, Municipality Finance Plc and Danske Bank A/S Finland Branch. The supervision of other banks is under the FIN-FSA’s direct responsibility.

In the review year, the FIN-FSA focused in banking supervision on the management of credit and liquidity risks, compliance with new regulations on interest rate risk as well as questions concerning corporate governance due to changes in the operating environment. Inspections targeted credit and liquidity risks, corporate governance and internal models used in capital adequacy calculation.

The FIN-FSA conducted a review of banks under its direct supervision with regard to the extent to which they comply with regulations on the valuation practices for real estate collateral and how they manage credit risks associated with housing company loans. The most significant shortcomings were related to the valuation of commercial real estate collateral for non-performing exposures, the independence of valuation from the lending decision-making process and the monitoring frequency of the values of real estate collateral.

The FIN-FSA also reviewed how banks comply with the European Banking Authority’s (EBA) updated regulations on interest rate risk. Shortcomings were identified both in credit institutions’ own approaches and supervisory outlier tests, and particularly in the management of measurement methods and models. Shortcomings in measurement methods and models combined with their inadequate management cast a doubt on the reliability of credit institutions’ interest rate risk measurements. 

The FIN-FSA participated in a joint crisis exercise of the Nordic and Baltic authorities for financial stability. The exercise tested the authorities’ readiness for a potential crisis event affecting a hypothetical bank operating in the Nordic and Baltic countries. Nearly 450 persons from the authorities of different countries and the EU participated in the exercise. A representative of the International Monetary Fund (IMF) was also involved. From the FIN-FSA, approximately 25 persons participated in the exercise.

The importance of attending to ICT and cyber security was highlighted during the year

In the prevailing security situation, particular attention was paid to the operational performance and resilience of services provided by the financial sector. The FIN-FSA monitored cyber security and the functioning of services on an enhanced basis.

During the autumn, the financial sector faced denial-of-service attacks that caused more prolonged disruption to the use of services by customers than before. Denial-of-service attacks also took place more extensively in other Nordic countries, the Baltic countries and Europe. The attacks were covered in the media and societal debate more prominently in Finland than in other Nordic countries.

Different frauds and scams related to payment also increased in 2024. Fraud methods are evolving continuously, and therefore the security of online and mobile banking as well as online payments and technical solutions for strong customer identification must be able to respond to new security threats in electronic payments.

In 2024, the FIN-FSA published a thematic review of the security of online banking, mobile banking and online payments, and recommended that banks develop controls for online banking and mobile payments so that users would have the option to set more versatile security restrictions on their credit transfers than what is currently possible. Such restrictions include, for example, the option to set a daily or one-time usage limit for payments as well as to limit the countries or geographical areas and receiving parties to which payments are directed. In addition, banks should improve the monitoring of potentially fraudulent transactions, blocking them and requesting further confirmations. The FIN-FSA also recommended that banks develop their payment monitoring to be able to more precisely block payments that differ significantly from the customer’s previous payment history.

It is important to provide information about different types of scams and to guide customers on secure online transactions. Banks must continue to communicate actively through various channels about the security threats to their services and continue to remind and guide customers on how to use their electronic services securely. In autumn 2024, the FIN-FSA, in cooperation with the Bank of Finland and the Financial Literacy Centre, organised an event targeted at secondary school students on the identification of scams and secure payments.

During the spring, the FIN-FSA surveyed how significant financial sector entities have ensured their disruption resilience under normal and emergency conditions. In the autumn, the FIN-FSA assessed the preparedness of credit institutions operating in Finland to use both the back up account system created to secure the continuity of daily payments and the fallback arrangement for interbank payments.

The FIN-FSA finalised two inspections of ICT and data security risks. A specialist from the FIN-FSA participated in cyber stress tests concerning banks under the European Central Bank’s (ECB) direct supervision during the first part of the year.

During the year, preparations were made for the beginning of the application of the regulation on the digital resilience of the financial sector (Digital Operational Resilience Act, DORA) in January 2025. Delays in the finalisation of lower-level provisions complementing the Regulation affected the preparations of the supervised entities and the FIN-FSA alike.

The FIN-FSA continued cooperation in the exchange of information with other financial market authorities in the context of various disruptions affecting the financial markets. Cooperation for the coordination of actions with foreign authorities during operational disruptions continued with the Nordic and Baltic authorities. The FIN-FSA also made preparations to function as the national contact point in the Systemic Cyber Incident Coordination Framework (EU-SCICF).

The solvency and conduct of business supervision in the insurance sector

In the insurance sector, the FIN-FSA directed its supervision in line with its own focus areas and the strategic objectives set out by the European Insurance and Occupational Pensions Authority (EIOPA). The focus areas included the functioning and reliability of supervised entities’ governance system, quantitative risks, and real estate risks in investment activities. Supervision focused on consumer protection and, within that area, assessment of the need for insurance cover and the role of supervised entities’ boards of directors in questions concerning the code of conduct.

The FIN-FSA mapped non-life and life insurance companies’ internal audit procedures and the sufficiency of the competence and resourcing of the function as part of the supervision of governance systems. In this context, shortcomings were identified in ensuring the resourcing and competence of the function as well as in audit plans. The assessment also indicated room for improvement in the interaction between internal audit and the board of directors. EIOPA published a statement on risk factors it had identified in insurance companies’ remuneration schemes.

The FIN-FSA examined the operation of non-life and life insurance companies’ boards of directors. According to the review, boards of directors have particular room for development in terms of the adequacy of the governance system, assessment of risk appetite, dialogue on the board and interaction with personnel. As a good practice, the supervisor highlighted a model where interaction by the board was recorded clearly and, based on the minutes, the board of directors exercised strong steering over the operations of the company.

The FIN-FSA conducted four inspections of unemployment funds and gave recommendations based on the findings on issues including the outsourcing of a public administrative duty, written policies, internal audit and upholding the professional competence of management.

The survey of pension foundations and funds providing statutory pension insurance showed that the entities’ policies for risk management and internal control were mainly appropriate. The FIN-FSA reminded entities that policies concerning risk management and internal control must be made in writing and adopted by the board of directors, and that their up-to-dateness must be assessed on a regular basis.

The FIN-FSA conducted an in-depth analysis of non-life insurance companies’ reinsurance arrangements with respect to their risk-mitigation characteristics, effectiveness, accuracy of calculations, basis and counterparty risks as well as opinions of the actuarial function. The results of the analysis emphasised the need for continuous evaluation as reinsurance arrangements change. It is particularly important for primary insurers to ensure that insurance terms and conditions and underwriting policies reflect the changing content of reinsurance contracts.

EIOPA carried out stress tests on a group of European non-life and life insurance companies. The FIN-FSA augmented the stress test to cover a group of insurance companies and groups as well as employee pension institutions selected at the national level. Based on the results, the FIN-FSA determined that the Finnish non-life and life insurance sector would withstand the impacts of a severe and immediately realising stress scenario without a deterioration of their solvency. The solvency of the employee pension institutions withstood the stress scenario’s impact on liquid investments well. After a very severe and unlikely rapid deterioration affecting illiquid investments, in the absence of special measures, the solvency situation would have been weak.

A thematic review of pension insurers found that the fair values of real estate investments as at end-2023 were mainly up to date and had undergone an assessment by an independent external appraiser. The fair values of pension insurers’ real estate investments reflected the weakened situation in the real estate markets, and the largest write-downs had been made to offices and residential real estate, which are also the largest categories of real estate. Similar findings were also made in the supervision of non-life and life insurance companies’ real estate investments.

Based on the boards of directors’ minutes, the FIN-FSA assessed key procedural questions concerning policyholders, such as any references to processing times and the number of complaints raised on the boards of directors of employee pension companies and the largest life and non-life insurance companies. There were significant company-specific differences in the handling of procedural issues by the companies’ boards of directors as well as variance in the manner of record-keeping. The FIN-FSA recommended that the boards of directors of the companies pay particular attention to ensuring the regulatory compliance of their main service processes.

The FIN-FSA also reminded the companies of the importance of assessing the customer’s need for insurance and the clarity and understandability of the marketing of company specific expense loading components by employee pension companies.

Exceptional number of investigation requests and observations concerning prospectuses and IFRS compliance

The quality of prospectuses submitted to the FIN-FSA for review in spring 2024 was weaker than before. The FIN-FSA highlighted the deteriorating quality of prospectuses in its Market Newsletter in the summer.

The number of supervisory observations made in IFRS Enforcement (International Financial Reporting Standards) increased. The observations were concerned with basic issues in a context where the uncertainty of the operating environment makes reporting increasingly complex. The new sustainability reporting obligation is the largest reporting change for listed companies since the introduction of the IFRSs, and it requires significant resources from the companies. The FIN-FSA published the focus areas in the supervision of listed companies proactively in events arranged for listed companies towards the end of last year.

In the supervision of market abuse, the FIN-FSA guided investment service providers in the supervision of wash trades and adoption of good practices. As regards EU regulations, amendments to the Market Abuse Regulation entered partly into force towards the end of the year. The FIN-FSA decided that the notification threshold for managers’ transactions in Finland be aligned with the Regulation at EUR 20,000 (previously EUR 5,000).

At the beginning of May, the FIN-FSA exceptionally published a release on a request for investigation it had filed with the police concerning suspected securities market offences related to Oma Savings Bank. The release confirmed that the request for investigation disclosed by the police had come from the FIN-FSA.

In 2023, the FIN-FSA imposed a prohibition on Ermitage Partners from continuing and repeating the provision of investment service in violation of the Investment Services Act. By a decision issued on 27 November 2024, the Helsinki Administrative Court decided to keep the prohibition in force. This decision is not yet legally binding.

OP Corporate Bank Plc joined the Euribor Panel of the European Money Market Institute (EMMI). As part of the college of the European Securities and Markets Authority (ESMA), the FIN-FSA supervises the activities of OP Corporate Bank Plc as a member of the Euribor Panel.

The FIN-FSA carried out an annual survey of fund managers and investment service providers. The survey revealed shortcomings in, among other things, the composition of the boards of directors of authorised firms with respect to the management of conflicts of interest, in supervision and audit measures by the compliance function, the allocation of time and outsourcing. The FIN-FSA published a report of its findings and views about the application of regulations and on issues requiring particular attention by the companies.

In its supervisory activities in 2024, the FIN-FSA paid attention, among other things, to developments in the real estate sector affecting the valuations of real estate both as investments and collateral by real estate funds and supervised entities. The FIN-FSA assessed the remediation of shortcomings identified in a stress test concerning the management of liquidity by managers of open-ended real estate funds. The FIN-FSA had identified these shortcomings in a thematic review in 2023. The FIN-FSA also reviewed redemptions from open-ended real estate funds on a monthly basis. During the review year, two inspections concerning risk management by managers of open-ended real estate funds were completed, and towards the end of the year, the FIN-FSA started inspections concerning the valuation of open-ended real estate funds.

In a press conference on 12 September 2024, the FIN-FSA made a statement on the situation of real estate funds: There had been net redemptions and negative revaluation adjustments in 2024, which had also caused some degree of increase in leverage. Starting from 2023, open-ended real estate funds have reduced their subscription and redemption frequency and increased the use of liquidity management tools. As their liquidity situation has deteriorated, individual real estate funds have also temporarily restricted or suspended redemptions in 2023 and 2024.

At the beginning of 2025, the suspensions of redemptions from real estate funds were raised as a media topic, and the FIN-FSA’s specialists have actively engaged in discussion on the subject in the media.

MiCA Regulation concerning crypto-asset operators entered gradually into force

The EU’s Market in Crypto-Assets Regulation (MiCA) entered gradually into force in 2024, and it applies fully from the end of 2024.

The Regulation requires crypto-asset service providers (CASPs) to comply with several established financial market requirements. These requirements are related, among other things, to governance, management’s competence, own funds, transparency of information, information security and the management of conflicts of interest.

By the deadline, the FIN-FSA received seven applications for authorisation as a CASP from companies registered under the prevailing law. The right to provide services related to virtual assets will end if they are not granted an authorisation by the end of the transition period at the latest.

Supervision of anti-money laundering

The supervision of anti-money laundering (AML) is based on an anti-money laundering strategy prepared for 2023–2024, which centres on communication and guidance as well as supervisory activities and risk assessment. The joint impact of these measures is geared to implement AML supervision on a holistic basis.

In 2024, the FIN-FSA finalised anti-money laundering inspections on in one credit institution, two payment service providers and one virtual asset service provider. Moreover, the supervisor started three inspections that will be completed after the turn of the year. The number of inspections of anti-money laundering and the supervision of conduct concerning sanctions has stabilised at five (moving 12-month average), in line with the target.

AML supervision covers several supervision sectors, and the FIN-FSA met with approximately 60 supervised entities during the review year. AML supervisors also participated for the first time in meeting with employee pension insurers.

The FIN-FSA imposed penalty payments on two money remitters for omissions concerning AML regulation. The omissions were concerned, among other things, with threshold value reporting and the assessment of the risk of money laundering and terrorist financing associated with customer relationships.

The FIN-FSA examined the compliance by consumer lenders that were moved to under its supervision in 2023 with their obligations under the AML Act. According to the review, the FIN-FSA’s active measures have had a positive impact on enhancing the entities’ awareness of money laundering and terrorist financing risks as well as risk management. The majority of the entities have reacted swiftly to the FIN-FSA’s requests for further clarifications. Based on feedback given by the FIN-FSA, the operators have developed their internal risk management processes to enhance the effectiveness of anti-money laundering.

In autumn 2024, the FIN-FSA launched its first inspection of compliance with sanctions. The FIN-FSA also prepared a risk assessment on sanctions compliance. Exposure to sanctions risk is elevated in sectors providing various types of cross-border payment services that enable one to transfer funds fast and easily from one place to another. These include, for example, credit and payment institutions providing international payment services. These operators should pay particular attention to the level of policies, procedures and internal control. Money remitters and virtual asset service providers should also ensure that they have sufficient policies and procedures in place to comply with sanctions regulations.

The FIN-FSA also prepared an assessment of money laundering and terrorist financing risks concerning virtual asset service providers. The risk associated with the products and services provided by the sector is very significant, as they enable cross-border person-to-person payments in near real time. In addition, in many cases it is very difficult to identify the parties involved in virtual asset transfers. With a few exceptions, however, these activities are still limited in terms of number of customers and geographical scope.

A working group on the reform of the Anti-Money Laundering Act began its work after the adoption of the European Union (EU) Anti Money Laundering (AML) package. The FIN-FSA is participating actively in this work and in preparations for the beginning of the work of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA).