New NVB standards for risk-based money laundering investigations; also relevant for other Wwft institutions?

On May 30, 2023, the Dutch Banking Association (NVB) published five standards that Dutch banks can use to set up client due diligence (CDD) under the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft) in a more proportionate manner. The standards are the result of a series of roundtable discussions between the banks and the Dutch Central Bank (De Nederlandsche Bank, DNB) in its role as Wwft supervisor. The Ministry of Finance was also involved in drafting the standards.

 

First five standards

The first set of standards see on:

  • the identification and verification of ultimate beneficial owners (UBOs) (link);
  • identifying pseudo-UBOs (link);
  • the CDD measures to be taken when the client/transaction relates to a high-risk country identified by the European Commission (link);
  • establishing a transaction profile (link); and
  • updating client data (link).

 

The standards contain a number of useful and concrete proposals for making CDD more proportional. To illustrate: for example, in the standard relating to updating client data, the NVB states, inter alia, that, when updating data, banks should focus primarily on the data relevant to a client’s risk profile. An update of the data should occur at a particular event (an event-driven review), where banks can primarily use internal data analysis and external sources to update the client file. A query to the client only needs to take place when there really is no other way (such as in certain high-risk cases or when the information is not otherwise available). These are welcome tools for practice.

Other standards are under development

The NVB has announced that about 12 more standards will be published in total. In the coming months, for example, the NVB hopes to draw up new standards for, among others, nonprofit organizations, sex workers, crypto businesses, coffee shops, car dealers, payment institutions and retail. These are all, in the eyes of DNB and the banks, high-risk sectors. Consequently, these sectors are currently most affected by the CDD performed by the banks (or even excluded from service provision). The new standards will be designed so that banks only have to focus on the relevant risks, making CDD more manageable for the client, but certainly also for the banks themselves.

Trend

These (new) standards are part of a trend in which regulators, not only at the national level but also at the European level, are searching for a new balance between, on the one hand, the importance of combating money laundering via the financial sector, but on the other hand, the accessibility of the financial sector to higher-risk parties. DNB already gave a shot across the bow last year with the publication of the study ‘From Recovery to Balance’ in which it advocated a more risk-based approach to money laundering. The bunq ruling by the Trade and Industry Appeals Tribunal (College van Beroep voor het bedrijfsleven, CBb) also creates more room for a risk-based approach with respect to certain obligations under the Wwft. This trend was also described in a blog of ours. A notable absentee in this discussion as far as we are concerned is the Netherlands Authority for the Financial Markets (Autoriteit Financiële Markten, AFM), although the AFM has indicated that it will come out with an update of its own Guidelines for the Wwft and Sanctions this year (see link).

Relevance for other market participants 

The question is to what extent other market participants can (and may) rely on these NVB standards. The NVB itself, when asked for whom the standards are intended, says the following:

 

Banks can use them as a starting point for their policies and processes when conducting their Wwft customer due diligence. The standards answer the question: what constitutes adequate implementation of the legally required customer due diligence? What do banks need to know and record about customers and risks? The standards have been drawn up for banks. But they also provide clarity to other parties. For example, consumers (organizations) and employees in certain sectors. The standards also give other gatekeepers more insight into what information banks need for their statutory customer and transaction due diligence.”

 

In short, the NVB standards are designed for banks. DNB’s report ‘From Recovery to Balance’, published last year, also focuses on preventing and combating money laundering and terrorist financing with respect to banks. So, on the one hand we have to conclude that DNB’s new insights focus mainly on banks, but on the other hand we think other market participants can take inspiration from the new NVB standards. After all, the underlying framework (i.e. the Wwft) is the same for every market participant and contains mostly open standards that should be applied in a risk-based manner. The NVB standards give concrete and proportional substance to those open standards. We believe this interpretation can just as well apply to other Wwft institutions, insofar as the risk profile and type of service provision would allow it.

 

We are of course happy to think along with you about what the NVB standards (can) mean for your internal policy.