What Does the County Administrative Board Require for KYC Supervision?
If you run an accounting firm, audit firm or other business covered by the Anti-Money Laundering Act (2017:630), you are required to have documented customer due diligence for all your clients. The County Administrative Board (Länsstyrelsen) has increased its supervisory activity in recent years — and inadequate KYC is one of the most common remarks.
What does customer due diligence mean?
Customer due diligence, or KYC (Know Your Customer), means that as a business operator you must:
- Identify your client and verify their identity
- Understand the client's business and ownership structure
- Assess the risk of money laundering or terrorist financing
- Continuously monitor the client relationship
It's not enough to collect the information once. Customer due diligence must be current and updated regularly — more frequently for high-risk clients.
What does the County Administrative Board look at during supervision?
During a supervision, the County Administrative Board typically reviews the following:
- ✓ Documented risk assessment of your business (general risk assessment)
- ✓ Individual risk classification for each client
- ✓ Verification of how identity checks were performed
- ✓ Complete and accessible documentation
- ✓ Procedures for ongoing follow-up
- ✓ PEP checks (Politically Exposed Persons)
Consequences of deficiencies: If documentation is missing or incomplete, the County Administrative Board can issue injunctions or penalty fees. The amounts vary but can amount to hundreds of thousands of SEK.
Common deficiencies
The most common problems we see at firms:
- ✗ Customer due diligence is completely missing for older clients who were onboarded before procedures were in place
- ✗ Risk assessments have not been updated according to schedule
- ✗ Documentation exists but is scattered across Excel, Word and binders without a cohesive structure
- ✗ No audit trail showing who did what and when
How do you solve it practically?
There are two paths: continue with manual handling and hope everything is in order at the next supervision, or digitize the process with a dedicated KYC system.
With a digital platform, you send a request to the client, who identifies themselves with BankID and answers the questions themselves. The system calculates risk level automatically based on 8 weighted factors according to the Anti-Money Laundering Act, and all documentation is gathered in one place — encrypted, traceable and ready for supervision.
Digitize your customer due diligence
ITRAB KYC helps accounting firms meet the Anti-Money Laundering Act requirements — with BankID verification, automatic risk calculation and complete documentation.
Book a 15-minute demo →
