“Effective and active supervision” – that is the objective for the Finnish Financial Supervisory Authority’s (FIN-FSA’s) renewed strategy for 2026-2028. The authority will also be guided by renewed values such as reliability, independence, togetherness, and effectiveness.
It will continue to take a risk-based approach as a guiding factor for its supervisory work, and will during 2026 focus on preparing for extreme economic phenomena. It will also ensure the operational reliability of digital services, including both digital resilience and cybersecurity, in addition to the security of digital services.
“We seek supervisory effectiveness through risk-based prioritisation whereby we specifically focus supervision on where it has the greatest impact. We cannot supervise everything all the time, but we naturally react and target supervision when we observe that an area’s significance and risk levels are increasing or in some areas there are significant shortcomings requiring supervisory action,” said Tero Kurenmaa, director general of the FIN-FSA.
Extreme economic and market phenomena
The authority says that the strategy’s priorities will lead it to conduct “active, effective supervision that takes digital development into account and in strengthening its ability to change in its internal activities.”
“We actively monitor developments in the operating environment. The digitalisation of the work and environment of supervised entities, together with artificial intelligence and cyber-resilience regulations, make it a supervisory priority,” Kurenmaa added.
Jyri Helenius, deputy director general of the FIN-FSA, said that both: “The operation and use of financial sector services are completely dependent on the reliable functioning of digital channels,” and that the FIN-FSA will therefore “focus its supervision on digital resilience and mitigating risks related to the use of digital customer channels.”
“We seek supervisory effectiveness through risk-based prioritisation whereby we specifically focus supervision on where it has the greatest impact.”
Tero Kurenmaa, director general, FIN-FSA
Another priority is preparing for “extreme economic and market phenomena.” The FIN-FSA will take supervisory actions to ensure that supervised entities are risk resilient and prepared for possible events.
The priority stems from earlier analysis of the effects of expected and weaker-than-expected economic development on the Finnish financial sector, based on the Bank of Finland’s baseline forecast, and EBA and EIOPA stress test scenarios. In addition, there was also an assessment of the impact of potential, though not considered likely, “negative scenarios.” These related to, for instance, a general mistrust in US investment targets, Russia’s war of aggression and hybrid influence, and the adverse effects of sovereign indebtedness.
“Although extreme chains of events are unlikely, we seek to use supervision to ensure that the financial sector is prepared and able to cope even in such situations. Ensuring this is an important part of societal resilience,” Helenius said.
Inspections 2026
As in previous years the FIN-FSA will, during its supervisory work, conduct multiple inspections and thematic assessments within the insurance, banking, and capital markets sectors. The inspections will this year be focused on and around:
| Capital markets | |
|---|---|
| Listed companies | Investor information – Listed companies’ obligations in disclosing and managing inside information and management transactions |
| Investment service providers | Code of business conduct – Sale of complex investment products |
| Fund managers | Sound governance – Valuation of open real estate funds |
| Investment firms | Sound governance – Sound governance Preventing money laundering and terrorist financing – Reporting entity risk assessment and customer due diligence |
| Securities infrastructure | Operational risk – DORA requirements compliance inspection |
| Crypto-asset service providers | Operational risk – DORA requirements compliance inspection |
| Insurance | |
|---|---|
| Statutory pension insurance | Sound governance – Adequate risk management and internal control |
| Unemployment funds | Code of business conduct – Accuracy and quality of benefit decisions |
| Non-life insurance | Code of business conduct – Proper implementation, use and quality content of product management systems (POG) Sound governance – Adequacy of internal control Operational risk – Information system inspection |
| Bank | |
|---|---|
| Credit institutions (LSI) | Credit risk – Covered bond pool management, identification and processing of problem loans – Credit risk management in mortgage banking – Doubtful receivables process, groups of connected clients and collateral assessment in corporate loan portfolio Preventing money laundering and terrorist financing – Enhanced customer due diligence Interest rate risk – Financial balance sheet interest rate risk (IRRBB) |
| Payment institutions | Preventing money laundering and terrorist financing – Compliance with the Payment Institutions Act and money laundering regulations, particularly risk assessment of reporting entities – Customer due diligence |
Previous supervisory priorities can be seen here, 2025 and 2024.