As one of the richest countries in the world1 and host to a vibrant startup ecosystem, Norway is on the brink of incredible digital transformation. Demand for digital services and products is already high, with cashless payments and electronic IDs popular amongst the country’s tech-savvy population. Social stability and one of the highest global standards of living make it an even more attractive hub for fintech startups and financial investment.
The effects of the COVID-19 pandemic have not significantly altered Norway’s promising digital trajectory. The Norwegian economy contracted by 2.5% in 2020—its weakest performance in 75 years—though it was not affected as severely as the eurozone, which took a 6.8% plunge in GDP.2 The IMF projects that the economy could grow 3.2% by the end of 2021, a higher growth rate than its pre-pandemic level.3 Norway’s comparatively unscathed status and quick recovery will cement its reputation for financial stability and boost the development of innovative technologies.
Indeed, Norges Bank, the country’s central bank, is exploring the possible introduction of a central bank digital currency (CBDC) and will take the next two years to test technical solutions. Norway has the lowest cash use in the world at less than 4% of transactions,4 making it well-suited for the launch of a new virtual currency. A CBDC might also counter the growing interest in cryptocurrencies, the volatility of which could threaten to upset banking system stability. In reaction to a 30% one-day drop in bitcoin value, Executive Director for Financial Stability Torbjorn Haegeland said in an interview, “We don’t see these swings that we’ve seen yesterday as major threats to financial stability but if exposures continue to increase, that may pose a threat.”5
Financial Regulatory Bodies
Central Bank: Norges Bank is the central bank of Norway. The bank’s primary objective is to promote and maintain economic stability in the country. The bank also manages The Government Pension Fund of Norway, one of the largest sovereign wealth funds in the world.
The Norwegian Data Protection Authority (Datatilsynet) is the national agency responsible for implementing and managing the Personal Data Act 2000 and is the primary data protection authority for the country. The agency independently operates under the Ministry of Government Administration and Reform.
The Financial Supervisory Authority of Norway (Finanstilsynet) is a government agency operating under the Ministry of Finance that supervises financial companies within Norway.
Standards, Laws and Regulations
Norges Bank’s Financial Infrastructure Report points to the Norwegian financial system’s marked stability over the past few years, even amidst the COVID-19 pandemic. The report then outlines areas for focus and improvement, including cyber resilience, CBDCs and the regulation of crypto- assets.
Because of the growing sophistication of cybercrime, cyber threats are increasingly posing a danger to national security interests, and Norway is ratcheting up its preparedness. Indeed, in October 2020 and May 2021, two major cyberattacks successfully infiltrated the Norwegian Parliament. Norges Bank and the Financial Supervisory Authority are currently preparing for the launch of the threat intelligence-based ethical red teaming (TIBER-NO) framework, modeled after the TIBER-EU framework published by the European Central Bank in 2018. The TIBER framework lays out testing requirements applying to ICT systems, technical defense mechanisms, processes, skills and contingency plans. The tests simulate real-life cyberattacks and are conducted by an external team, offering companies the opportunity to assess and improve their measures and contingency plans.
Regarding cryptoassets, Norges Bank recognizes that, while risky, decentralized finance can also spur on innovation and improve financial sector efficiency. However, the central bank sees uncertainties, pointing to the unclear regulatory status of decentralized finance market infrastructures under the European Commission’s MiCA proposal. “Even if such market infrastructures were to come under the regulation, it is unclear how the regulation would be enforced if such market infrastructures were operated in a decentralised manner. Decentralised finance will amplify some of the challenges associated with market infrastructures for trading in tokenised assets…” Norges Bank will monitor developments in cryptoassets, and might even propose regulations of its own.
The Norwegian Financial Supervisory Authority published its Risk and Vulnerability Analysis 2021, which outlines the 2020 threat landscape and evaluates measures employed by obliged entities. Top issues include data protection, internal fraud, operations and emergency preparedness, ID theft and money laundering. Although the COVID-19 pandemic presented uncertainties and new challenges, it did not markedly affect the financial system and regulated companies. Still, the report notes the rise of evolving criminal methods, which might not be adequately addressed by existing measures. For instance, traditional transaction monitoring might not properly identify money laundering risks stemming from new criminal methods.
Norway’s overall smooth handling of the COVID-19 pandemic points to the strength of its financial stability, relative insularity from EU turbulence and attractiveness as a growing fintech hotspot.
Finance Ministry Publishes Market Report 2021, 23 April 2021
The Norwegian Ministry of Finance submitted the Financial Market Report 2021 to the Storting, the Norwegian legislature. The report summarizes key developments ranging from consumer protection to digitalization, and includes the central bank’s annual report as an appendix. Chapter 4 on “Capital access, digitalisation and regulatory development” is especially significant. The chapter points to the rise of fintech in Norway, and that new market participants and technology—like virtual currencies—might warrant further regulatory guidance. The Ministry’s general outlook on digitalization in finance is positive, and notes that collaboration between the public sector and the finance industry has the potential to develop cost-saving digital solutions.
A subsequent, brief overview of Norges Bank’s research into the possible development of a CBDC points to Norway’s low cash use, but notes its introduction “is not on the cards at this point in time.”
Regarding regulatory development, the Ministry of Finance stresses the importance of Norwegian markets’ affiliation with the European Single Market, per its European Economic Area (EEA) membership. In safeguarding its “well-functioning” affiliation, relevant EU provisions must be quickly transposed onto Norwegian law. Due to the increasing scale and complexity of EU regulations, both EU and Norwegian authorities must ensure that regulations do not cause an undue burden on small market participants. Norway must also seek to maintain strong economic relations with the UK, which left the EEA alongside its withdrawal from the EU.
Norges Bank Publishes Third Working Group Report on CBDC, 21 April 2021
Norges Bank’s Central bank digital currencies: third report of working group outlines the third phase of its research into the possible development of a CBDC. The report reviews a potential CBDC’s necessary technical characteristics, including CBDC-cash parity, accessibility to a broad swath of the population, frictions (like volume restrictions) to prevent bank runs, payment immediacy, offline functionality and compliance with EEA law. Regarding its technical architecture, Norges Bank suggests a closed distributed ledger technology (DLT) variant, which would allow the bank control over the currency while still permitting aspects of it to be decentralized. Other solutions include a register-based token and programmable money, though neither appear as likely as a DLT-based architecture. On the user side, a digital wallet is currently the most feasible solution, though this could be accompanied by a physical card. In an overview of the effects a CBDC would have on the Norwegian financial system, the report points to the increased probability of bank runs and the difficulty in gauging demand ahead of a possible CBDC launch. It reiterates the uncertainty involved in the possible introduction of a CBDC due to its relatively new technology and limited real-world trials. The central bank will test possible technical solutions over the next two years, and states that, “Any introduction of a CBDC will still lie some time in the future. The time spent [researching] reflects Norges Bank’s view that there is no immediate need to introduce a CBDC.”
Norwegian Financial Supervisory Authority Report on Money Laundering and Financing of Terrorism, 26 March 2021
The Norwegian Financial Supervisory Authority report on money laundering and financing of terrorism, part of its series on reports from the supervised sectors 2020, points to an increase in fraud amidst pandemic-driven uncertainty. The authority notes that obliged entities’ compliance with AML legislation has not been significantly impacted by the altered landscape, though there is room for improvement.
Norway has traditionally been proactive in its AML/CFT measures. It recently entered a partnership with seven other Nordic and Baltic states in requesting the IMF to examine the region’s ML/TF threat landscape and possible weaknesses. The IMF will deliver its analysis and recommendations in 2022.
Publication of 2020 National Risk Assessment Report, 17 December 2020
The Norwegian Police Directorate published its 2020 national risk assessment report, which outlines the money laundering and terrorist financing threat landscape. The COVID-19 pandemic was instrumental in altering the threat landscape, especially in exacerbating money laundering and fraud. Cryptocurrency and new types of payment services pose an especially high risk of ML. Even registered crypto exchanges are risky, while the anonymity in unregistered exchanges poses a particularly high risk.
The report notes, “Cryptocurrency exchangers are primarily actors with little experience who lack established routines for reporting suspicious relationships. Several of the registered exchanges are small enterprises with limited resources and expertise to perform customer control. It is an inherent vulnerability that virtual currency is a digital and cross-border product, where exchanges go fast. Virtual currencies that are anonymous or partially identifiable and mixed with other currencies makes it difficult to trace the blockchain.”
Cryptocurrencies can also facilitate tax fraud, the sale of illegal goods and investment fraud, a type of scam which soared amidst the COVID-19 pandemic. The Norwegian Tax Administration (NTA) warned taxpayers who owned or sold crypto in 2020 to enter it on their tax returns, and noted that only about 2% of cryptocurrency holders made declarations for 2019.6 Given these risks, it is likely that Norway will explore stricter and more comprehensive AML and crypto regulations in cracking down on tax evasion and hard-to-trace transactions.
1. “GDP per capita (current US$).” World Bank Group, 2019. https://data.worldbank.org/indicator/NY.GDP.PCAP.CD
2. “Norway's economy weakest in 75 years in 2020, but Q4 shines.” Reuters, 12 February 2021.
3. “IMF: Norway has handled the Covid-19 crisis very well.” Regjeringen, 26 April 2021. https://www.regjeringen.no/en/aktuelt/imf-norway-has-handled-the-covid-19-crisis-very-well/id2845979/
4. Central bank digital currencies: third report of working group. Norges Bank, 2021. https://www.norges-bank.no/contentassets/554ee1f1ac53417d99d43708f5abbe14/norges-bank-papers-1-2021.pdf?v=05/19/2021132229&ft=.pdf
5. Ummelas, Ott. “Crypto Swings May Become a Threat, Norway’s Central Bank Warns.” Bloomberg, 20 May 2021. https://www.bloomberg.com/news/articles/2021-05-20/crypto-swings-may-become-a-threat-norway-s-central-bank-warns
6. Wright, Turner. “Norwegian authorities urge crypto users to declare earnings on upcoming return.” Coin Telegraph, 21 April 2021. https://cointelegraph.com/news/norwegian-authorities-urge-crypto-users-to-declare-earnings-on-upcoming-return
*DISCLAIMER: This information is OneSpan's interpretation of the compliance requirements as of the date of publication. Please note that not all interpretations or requirements of the applicable laws are well-settled and its application is fact- and context-specific. The information contained in this document should not be relied upon as legal advice or to determine how the law applies to your business or organization. We encourage you to seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. This information is provided “as-is” and may be updated or changed without notice. OneSpan does not accept liability for the contents of these materials.
Last updated: November 2021