AFM revises its Guidelines for the Wwft and Sanction
On 5 June 2024, the AFM published a – long-awaited – new version of the Guidelines to the Dutch Money Laundering and Terrorist Financing (Prevention) Act and the Sanctions Act of 1977 (hereinafter, the Guidelines) (see link, Dutch only). The Guidelines provides guidance to the institutions under the supervision of the AFM for complying with the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft) and the Sanctions Act 1977 (Sanctiewet 1977, Sw).
The Guidelines follows new guidance published by DNB (see link, Dutch only), the updated version of the General AML/CFT guidelines (see link, Dutch only), and the recent National Risk Assessments (see link). The new Guidelines cannot be viewed in isolation from the developments described above.
The AFM revises the Guidelines periodically, and in response to certain events. In this revision, among other things, a number of sections have been adjusted in response to AFM’s own investigations of market parties in recent years, for example on the identification and verification of Ultimate Beneficial Owners (UBOs).
Main Points of Guidelines
The Guidelines have been updated on several topics in comparison with the old version (see link). In the new Guidelines, the AFM has emphasized: (i) the risk-based approach, (ii) the identification and verification of UBOs; and (iii) compliance with sanctions legislation. All three topics are discussed – briefly – below.
Risk-based approach
The AFM, like DNB, chooses to put (even) more emphasis on the risk-based approach of the Wwft. The Guideline thus fits within the trend of regulators encouraging institutions to (even) better align the customer due diligence with the applicable risks to conduct a less in-depth customer due diligence where possible.
The AFM agrees that a risk-based approach stands or falls with properly identifying the risks of money laundering and/or terrorist financing at the level of the institution. This risk assessment forms the basis for establishing policies and procedures. The Guidelines explains this process in more detail.
The risk-based approach also has effect on the customer due diligence performed by institutions. In the Guidelines, the AFM discusses, for example, that a single (low or high) risk factor does not automatically lead to the same (low or high) risk profile of a client, now that the client must be viewed holistically. For example, the industry in which a client works is not a decisive factor. Politically Exposed Persons (PEPs), according to AFM, also do not entail a high risk of money laundering or terrorist financing per se. In determining the risk, an institution can consider, for example, the corruption level of the country where the PEP resides or the country or organization where the PEP holds office. However, the foregoing does not alter the fact that in all cases an institution must implement enhanced customer due diligence measures with respect to PEPs.
In the area of transaction monitoring, it is notable that the AFM is explicitly aligning itself with the – useful – NVB standards on this point (see link), while the NVB standards appear less prominently in DNB’s new Q&A.
UBOs
The AFM elaborates in the Guidelines on the reasonable measures that institutions can take to identify and verify UBOs. For example, the Guidelines discuss, among other things, what minimum information must be requested to identify and verify the identity of the (UBOs of the) client, what reliable electronic means of identification are available, when there is ultimate control and when an institution does not need to identify UBOs at a listed company.
Sanctions Act
Unlike DNB, the AFM does choose to update the Guidelines on this topic. For example, the AFM makes explicit in the Guidelines that financial service providers – although not subject to the Sw supervision of the AFM – must take measures to avoid acting in violation of the relevant sanctions regulations.
The AFM also says in so many words that any exposures to sanctions regulations by institutions should be included in the firm-wide risk analysis (e.g. the SIRA).
The Guidelines also pay attention to how institutions must set up their (administrative) organization to comply with the sanctions regulations. For example, institutions will have to record who is screened, and on the basis of which sanction lists. The policy must also address who is responsible for screening, within what time frame a hit must be handled, and what the process is in the event of a “real” hit. The AFM also considers it important that relevant staff and policymakers are trained. Institutions must therefore ensure that their policies address these concerns.
Conclusion
Whereas DNB, in revising its guidance on the Wwft, has chosen to change the form of the policy statement (see link), the AFM continues to build on its existing guidelines. It supplements it on several points and thus gives the sector more practical guidance on how to comply with the Wwft and Sw. The AFM thus explicitly deviates from the previously initiated line of DNB, although the AFM also emphasizes in its “own” Guidelines that its described vision is not the only way to implement the requirements of the Wwft and Sw.
It is striking that the two AML/CFT supervisors of the financial sector have two different practices. Since the Guidelines contains more concrete guidelines, Wwft institutions on the one hand are more familiar with the expectations of the AFM than those of DNB. DNB’s new Q&A, on the other hand, actually gives parties more freedom to come up with their own interpretation of the legal obligations.
Another striking point is that the AFM does pay – briefly – attention in the Guidelines to the EBA guidelines on digital onboarding (see link), but not, for example, to the EBA guidelines on the compliance officer (see link). The AFM thus does not address whether or not it applies these guidelines in its supervision of market participants.
To do’s
It is important that market participants subject to AFM integrity supervision study the new Guidelines, and identify and then address any differences between the new Guidelines and their current policy. For example, institutions can incorporate the AFM’s latest insights regarding customer due diligence, further refine policies and update the business-wide risk assessment to include, among other things, sanctions risks.
Finnius can assist market participants in identifying the impact of the Guidelines on policies and procedures.