Norway's Financial Supervisory Authority identifies material AML and credit risk governance weaknesses at Storebrand Bank

Norway's Financial Supervisory Authority published an on-site inspection report on Storebrand Bank ASA, concluding that the bank has had significant, long-running weaknesses in internal control, particularly in anti-money laundering (AML) compliance, and that its lending practices have created credit risk that is not aligned with the board’s stated risk appetite. The supervisor criticised the board for not adequately following up weaknesses that have been known since 2019, despite strong lending growth. The findings point to persistent failures in first- and second-line controls, shortcomings in risk reporting and governance, and insufficient follow-up of internal audit observations on areas such as enhanced customer due diligence, risk scoring, customer data quality, documentation and AML training. On credit risk, the report highlights high lending growth driven by large individual exposures and lending to customers with characteristics commonly associated with corporate clients, alongside extensive use of interest-only structures and repeated reliance on the Lending Regulation’s flexibility quota, with inadequate documentation and servicing-capacity assessments in loan files, including cases where requirements are breached. Monitoring of large exposures, credit risk models, collateral valuation controls and the use and follow-up of loan covenants were also assessed as insufficient, while the bank has begun implementing changes to strategy, organisation and risk limits and has decided on a controlled wind-down of a higher-risk sub-portfolio. Finanstilsynet plans to assess the bank’s risk and associated capital needs in 2026, including whether the current Pillar 2 requirement adequately reflects the risk profile, and will follow up remediation actions covering the lending portfolio, credit risk models, control functions and compliance with AML rules.