DNB publishes new SIRA Good Practices

On 26 August 2025, the Dutch Central Bank (De Nederlandsche Bank, DNB) published new SIRA Good Practices (the “Good Practices“) on its website (see link). These Good Practices replace the old good practices ‘The Integrity Risk Analysis. More where required, less where possible‘ published by DNB in 2015.

Background of SIRA

Financial institutions are required under, among others, the Financial Supervision Act (Wet op het financieel toezicht, Wft) and the Act on the Supervision of Trust Offices 2018 (Wet toezicht trustkantoren 2018, Wtt 2018) to conduct a systematic analysis of integrity risks (SIRA). To this end, an institution must continuously screen its own organization to determine in which business units integrity risks may occur. Based on this risk analysis, the institution must take measures to manage its integrity risks. Pursuant to the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft), there is an obligation to assess applicable money laundering and terrorist financing risks and to record and keep the results of the assessment up to date. These obligations have some overlap, whereby we note that the SIRA has a broader scope of application than the Wwft risk assessment. It therefore makes sense for institutions that are required to prepare a SIRA to make the Wwft assessment part of it.

Reason for revising the old good practices

DNB found that institutions, when preparing the SIRA, in many cases focus only on filling in the elements that DNB mentioned in its old good practices, while also showing limited reflection. According to DNB, this caused institutions to apply a ‘mechanical approach’ and gain insufficient insight into concrete integrity risks. In the absence of adequate insight, an institution cannot effectively mitigate its integrity risks. In the new Good Practices, DNB no longer steers toward a specific approach or model. Instead, DNB offers practical examples and points of attention that institutions can apply at their own discretion, as long as they comply with laws and regulations.

Risk-based approach

DNB emphasizes in the Good Practices the importance of a risk-based approach whereby the intensity of procedures and measures depends on the magnitude of the risk. Less focus on low-risks cases creates room to focus capacity on higher-risks scenarios. This risk-based approach should also prevent unnecessary burden and discrimination of clients.

Risk analysis

In the new Good Practices, DNB emphasizes the concretization of applicable risks. In doing so, it has nuanced its earlier approach whereby the risk analysis must take into account the probability and impact of the occurrence of certain scenarios. Thinking about probability and impact can be a good tool in the analysis phase, but according to DNB, there are more good ways conceivable that can support the analysis.

DNB considers the SIRA an important dynamic management instrument for risk management and to ensure the integrity of business operations. With the new Good Practices, DNB encourages institutions to take more space to independently develop a risk model. The Good Practices contain examples and good practices that institutions – according to DNB – should better enable to define effective control measures. The new Good Practices are emphatically no longer a ‘one size fits all’ approach. We advise institutions to review their SIRA once more in light of this new guidance. DNB offers more room than before.