A high-profile money laundering case in Sweden is raising concerns about risk culture at some of the largest banks in the Nordics.
Sweden’s Supreme Court recently agreed to review the conviction of Swedbank CEO Brigitte Bonnesen, who was convicted of providing misleading information on the bank’s money laundering risks in 2018. The case, the first of its kind in Sweden, could set a precedent for how similar issues will be addressed in other countries.
While the legal question centers on whether Bonnesen intentionally provided misleading information, the broader issue revealed in court documents is a troubling picture of weak risk culture at the top levels of management. The case exposed serious deficiencies in anti-money laundering (AML) practices of Swedbank’s Estonian operations, where major process breaches were found.
I’ve spent the past few years working the Nordic markets, noting differences in risk culture between the countries. That background has given me insight into how leadership attitudes and structural oversight vary. Below, I'd like to dive into what the Swedbank case may reveal about risk culture in financial institutions and how similar blind spots could threaten trust in global banking systems. In particular, I’ll explore how resources and regulatory tone can shape institutional behavior, sometimes allowing systemic issues to go unchallenged.
Shallow investigations undermine AML efforts
In BioCatch’s 2025 Dark Economy Survey, 41% of anti-money laundering (AML) professionals surveyed globally said their organizations typically limit AML investigations to only the individual account in question, rather than expanding to explore a wider network of associated accounts. This narrow approach can leave large gaps in intelligence and risk assessment, ultimately benefiting money launderers and criminal networks.
While I believe there’s no absolute model for what’s right or wrong, I’ve done my best to understand how risk culture might affect performance.
In my research, I've found the depth of AML investigations often depends not only on the investigator but also on two key limitations: resource availability and local regulatory guidance.
In many financial institutions, limited resources, such as time, staffing, or budgets, force investigators to cut their investigations short. These constraints become embedded in the firm's risk culture, pressuring employees to prioritize efficiency over thoroughness.
A second limitation arises from local financial intelligence units (FIUs). Across the Nordics, FIUs differ in how deeply they expect financial institutions to investigate suspicious activity. Some agencies request comprehensive reports, while others prefer to conduct their own analyses. However, FIUs themselves are not large organizations with limitless resources, meaning they cannot feasibly conduct deep investigations into every case. This dynamic creates a frustrating ceiling for investigators who may wish to pursue more extensive leads but are constrained by the local culture of the FIU.
Tone from the top matters
An effective risk culture must be championed from the highest levels of leadership. According to the Financial Stability Board , key drivers of sound risk management include tone from the top, clear accountability, and open internal communication.
I believe we have issues with all these factors in the Nordics, specifically with tone from the top, as illustrated in the Swedbank-case. These issues suggest a broader cultural problem, where leadership failed to foster the transparency and accountability needed to detect and prevent financial crime.
I think this leadership gap is common across many mid- to large-sized Nordic financial institutions. The larger the organization, the greater the distance between executive management and operational staff, often diluting responsibility and weakening internal risk signals. In smaller firms, where leadership and frontline staff interact more closely, the problem may not be as pronounced.
Technology alone is not enough
While innovative technologies are key to managing the growing volume of fraud and money laundering cases in the Nordics, it must be supported by a risk culture that enables informed decision-making and ensures appropriate levels of investigative depth.
Data from the Dark Economy Survey shows that 77% of practitioners globally think financial institutions are winning the war on financial crime, and yet 71% say fraud attempts have increased. Maybe these opposing statistics are a result of the risk culture, in which a practitioner feels pressured to say we’re winning the war even though we’re clearly not. This, of course, hurts the real fight against crime by turning a blind eye to what’s really happening.
Toward a culture of accountability
For financial institutions in the Nordics and beyond to truly advance the fight against financial crime, they must cultivate a culture rooted in honesty, accountability, and depth. This means aligning leadership tone with investigative practice, bridging the gap between management and staff, and removing institutional incentives that reward surface-level compliance over substantive action.
The Swedbank case serves as a wake-up call. Without a strong, consistent risk culture, even the most advanced technology solutions and well-funded compliance teams may fail to make a lasting impact, and institutions may be left vulnerable to regulatory action and reputational damage. Only by facing internal weaknesses head-on can institutions begin to shift from reactive posturing to proactive crime prevention.
