The Dutch “Anti-Money Laundering and Terrorist Financing Act” – and how to comply
Updated on 22 February 2024
When you aspire to start a business overseas, you should take into account that you will be subjected to entirely new international laws and regulations, which are often much different than the prevalent ones in your home country. This means, that you should always research the country you would like to establish a new business in, as you will need to adhere to national and international laws if you want to run a successful and legally correct business. There are a few important Dutch laws that apply to (certain) business owners. One such law is the Anti-Money Laundering and Terrorist Financing Act (“Wet ter voorkoming van witwassen en financieren van terrorisme”, Wwft). The nature of this law is quite clear, when you look at its title: it is meant to prevent money laundering and financing terrorist organizations by starting or owning a Dutch business. Unfortunately, there are still criminal organizations around that try to funnel money via dubious ways. This law aims at preventing such activities, since it also ensures that Dutch tax money ends up where it belongs: in the Netherlands. If you are interested in starting a Dutch business (or you already own such a business) that generally deals with cash flows, or with the purchase and sale of (expensive) goods, then the Wwft will also be applicable to you as a business owner.
In this article, we will outline the Wwft, provide you with all necessary details and also provide you with a checklist, to find out whether you are adhering to the law. Due to pressure from the European Union (EU), several Dutch supervisory authorities, such as the DNB, AFM, BFT and Belastingdienst Bureau Wwft) must monitor compliance more strictly by using the Wwft and the Sanctions Act. These Dutch regulations apply not only to large, listed financial institutions and multinationals, but also to small and medium-sized enterprises that provide financial services, such as asset managers or tax advisors. Especially for these smaller companies, the Wwft can seem a bit abstract and hard to follow. Next to that. The regulations might also seem quite intimidating to less experienced entrepreneurs, which is why we aim to clarify all the requirements, so you know where you stand.
What is the Anti-Money Laundering and Terrorist Financing Act and what does it mean for you as an entrepreneur?
The Dutch Anti-Money Laundering and Terrorist Financing Act mainly aims at the prevention of money laundering by criminals, with money earned through illegal activities, via due diligence performed by banks and other financial institutions. This money could have been earned through various nefarious criminal activities, such as human or drug trafficking, scams, and burglaries, amongst others. When criminals then want to put the money into legal circulation, they generally spend it on excessively expensive purchases, such as houses, hotels, yachts, restaurants, and other objects that can ‘launder’ the money. Another goal of the regulations is the prevention of financing of terrorists. In some cases, terrorists receive money from individuals to continue their activities, very much like political campaigns are subsidized by wealthy individuals. Of course, regular political campaigns are legal, whereas terrorists operate illegally. The Wwft thus provides more insight into illegal financial flows, and the risk of money laundering and terrorist financing is limited this way.
The Wwft mainly revolves around customer due diligence and a reporting obligation for businesses when they notice strange activity. This means it’s extremely important to know who you're doing business with and to map out your current relationships. This prevents you from unexpectedly doing business with a company or an individual, who is on a so-called sanctions list (which we will explain in detail later in this article). The law does not literally prescribe how you must conduct this customer due diligence, but it does prescribe the result that the investigation must lead to. Needless to say, you, as a business owner, decide which measures you take in the context of customer due diligence. This will depend on the risk of money laundering or terrorist financing of a particular customer, business relationship, product, or transaction. You estimate this risk yourself by putting a solid due diligence process in place whenever you aspire to attract new customers. Ideally, this process should be both thorough and practical, making it easier for you to scan new clients within a reasonable amount of time.
The types of businesses that deal directly with the Wwft
As we already briefly discussed above, the Wwft doesn’t apply to all businesses in the Netherlands. For example, a baker or thrift store owner will not be at risk of dealing with criminal organizations that want to launder money via his or her company due to the small prices of the products offered. Laundering money that way would imply that the criminal organization would have to buy the entire bakery or store, and this would simply attract too much attention. Therefore, the Wwft principally only applies to businesses and individuals that deal with large financial flows, and/or the purchase and sale of expensive goods. Some clear examples are:
- Banks
- Brokers
- Notaries
- Tax advisors
- Accountants
- Lawyers
- Employees in the public domain
- (Expensive) car salesmen
- Art dealers
- Jewelry stores
- Popular restaurants and hotel chains
- All other businesses and organizations where large sums of cash can flow through without the tax authorities noticing discrepancies.
These service providers and businesses generally have a good view of their customers due to the nature of their work. They also often have to deal with large amounts of money. Therefore, they can actively prevent criminals from using their services to launder money or pay for terrorism, by investigating new clients and making sure they know who they are dealing with. The exact institutions and persons that are covered by this law is set out in Article 1a of the Wwft.
The institutions that supervise the Wwft
There are multiple Dutch institutions that work together, to be able to supervise the correct application of this law. This is divided by sector, to make sure the supervisory organization is acquainted with the work of the businesses and organizations they are supervising. The list is as follows:
- The Ministry of Finance is responsible for creating policies and rules against money laundering and the financing of terrorists. For each sector, a supervisor checks whether all parties comply with the Wwft.
- The Ministry of Justice and Security is jointly responsible for creating policies and rules against money laundering and the financing of terrorists. For each sector, a supervisor checks whether all parties comply with the Wwft.
- The Bureau of Supervision Wwft of the Dutch Tax Authorities supervises brokers, appraisers, traders, pawnshops, and domicile providers. These are parties that make it possible to do business from an address other than your home or business address, or offer a postal address for your business activities. This makes it easier for individuals to stay anonymous, which is why this is checked.
- The Dutch Bank supervises all banks, credit institutions, exchange institutions, electronic money institutions, payment institutions, life insurers, trust offices, and landlords of lockers.
- The Netherlands Authority for Financial Markets supervises investment firms, investment institutions, banks, and financial service providers that take out life insurance.
- The Financial Supervision Office supervises accountants, tax advisers, and notaries.
- The Dutch Bar Association supervises lawyers.
- The Gaming Authority supervises gaming casinos.
As you can see, the supervising institutions are well-matched with the organizations and companies they supervise, allowing for a specialized approach. This also makes it much easier for company owners to contact one of these supervising institutions, since they generally know all about their specific niche and market. If you are in doubt about the steps you need to take, you can always contact one of these institutions for help and advice.
What specific obligations are connected to the Wwft when you are a Dutch business owner?
As we briefly discussed above, when you fall under the categories of businesses specifically mentioned in Article 1a of the Wwft, you are obliged to research your customers, and where their money comes from, through customer due diligence. If you see anything out of the ordinary, you need to report unusual transactions. Of course, to be able to adhere to these regulations, you will need to know what due diligence according to the Wwft actually means. In customer due diligence, institutions that fall under the Wwft always need to investigate the following information:
- Their client’s identity
- The source of their client’s money
- What exactly are the clients spending their money on?
You are not only obliged to research these matters, but you also need to continually monitor your clients' progress on these subjects. This will, amongst other things, provide you as an organization with the necessary insight into unusual payments made by clients. However, the correct way to perform due diligence is entirely up to you, there are no strict standards mentioned. It largely depends on your current processes, how you can implement due diligence to fit these processes, and how many people will be able to perform due diligence. The way you carry this out also depends on the specific client and the potential risks that you, as an institution, see. If the due diligence does not provide sufficient clarity, the service provider may not carry out any work for the customer. So the end result needs to be conclusive at all times, in order to prevent the facilitation of illegal activities via your company.
The definition of unusual transactions explained
To be able to carry out due diligence, it is logically important to know what kind of unusual transactions you are looking for. Not every unusual transaction is illegal, so it is important to know the difference, before you accuse a client of something they potentially never did. This might cost you clients, so try to be balanced about your approach in order to adhere to the law, but still manage to be attractive to potential clients as an institution. You do want to keep making profits, after all. Unusual transactions generally include (large) deposits, withdrawals, or payments that do not fit into the normal process of an account. Whether a payment is unusual, the institution determines on the basis of a list of risks. This list varies by institution. Some common risks that most institutions and companies are on the lookout for are:
- Unusually large cash withdrawals, deposits, and cash payments
- Money exchange transactions of unusually large amounts
- Large transactions that cannot be explained by the ordinary business operations of a customer
- Payments to a high-risk country or a war zone
- Transactions that are aimed at acquiring unusual goods or products, out of the ordinary acquisitions.
This is a rather crude list, as it’s the general basics every company should look out for. If you would like to have a more extensive list, you should contact the supervisory institution that your own organization falls under, as they can probably offer a more extensive summary of unusual client activity to watch.
What can clients expect regarding due diligence due in line with the Wwft?
As we already explained extensively, the Wwft obliges institutions and companies to know and investigate every customer. This means that almost all customers have to deal with standard customer due diligence. This applies whenever you want to become a customer at a bank, or apply for a loan, or make a purchase with a hefty price tag—activities related to money in any case. Banks, and other institutions that offer services that fall under the Wwft, can ask you for a valid form of identification to begin with, so they know your identity. This way, institutions can be sure that you are the person with whom they are potentially doing business. It is up to the institutions to decide which proof of identity they request. For example, sometimes you can provide only a passport, and not a driver's license. In some cases, they ask you to take a picture with your ID and the current date, to know for sure you are the one sending the request, and you didn’t steal someone’s identity. Many cryptocurrency exchanges work this way. Institutions are required by law to handle your information accurately, which means they are not allowed to use the information you provide for other purposes. The government has tips for you, to be able to issue a secure copy of your ID.
An institution or company that falls under the Wwft, can also always ask you for an explanation of a certain payment that they find unusual. The (financial) institution may ask you where your money comes from, or what you are going to use it for. Consider, for example, a large amount that you deposited into your account, whilst that is not a regular or normal activity for you. Therefore, keep in mind that questions from institutions can be very direct and sensitive. Nonetheless, by asking these questions, his particular institution is fulfilling its task of investigating unusual payments. Also note, that any institution may request data more often. For example, to keep their database up to date, or to be able to carry out customer due diligence. It is up to the institution to decide which measures are reasonable for this purpose. Furthermore, if an institution reports your case to the Financial Intelligence Unit (FIU), you will not be notified immediately. Financial institutions and service providers have a duty of confidentiality. This means that they may not inform anyone about the report to the Financial Intelligence Unit. Not even you. This way, institutions prevent clients from knowing in advance that the FIU may be investigating suspicious transactions, which might enable said clients to change transactions or undo certain transactions, in order to try to escape the consequences of their actions.
Can you refuse customers or terminate the business relationship with clients?
A question we get quite often, is whether an institution or organization can refuse a client, or terminate an already existing relationship or contract with a client. If there are any discrepancies, for example, in an application, or in a client’s recent activity dealing with this institution, any financial institution may decide that a business relationship with this client is too risky. There are some standard cases in which this is true, such as when a client does not provide any or insufficient data when asked for, provides incorrect ID data, or states they want to remain anonymous. This makes it very hard to perform any due diligence at all, since there is a minimum amount of data needed to identify someone. Another large red flag is when you are on a sanctions list, for example, the national terrorism sanctions list. This flags you as a potential threat, and this might entail many institutions refusing you from the start, due to the risk you potentially pose to their company. If you have ever been involved in any kind of (financial) criminal activity, please keep in mind that it will be very hard to either become a customer of a financial institution, or set up such an organization for yourself in the Netherlands. In general, only someone with an entirely clean slate can do this.
What to do when an institution or the FIU is not handling your personal data properly
All institutions, including the FIU, must handle personal data accurately, in addition to having the correct reasons to use the data at all. This is stated in the Privacy Act General Data Protection Regulation (GDPR). First, contact your financial service provider if you do not agree with a decision based on the Wwft, or if you have a further question. Are you not satisfied with the answer, and would you like to file a complaint? If you believe that your personal data is being used in a way that is contrary to privacy laws and regulations, you can file a complaint with the Dutch Data Protection Authority. In such a case, the latter can investigate the privacy complaint.
How to adhere to the regulations in the Wwft as a business owner
We can understand that the way to adhere to this law is quite extensive and a lot to take in. If you are currently the owner of a company or institution that falls under the Wwft, it is very important that you stick to the rules. If you don’t, there is a large risk that you may become jointly liable for any criminal activities that happen with the ‘help’ of your institution. You basically have the duty to perform due diligence and know your clients, as ignorance will not be tolerated, due to the fact that by performing due diligence, unusual activities are foreseeable. Therefore, we have created a list of steps you can take, in order to comply with the Dutch Anti-Money Laundering and Terrorist Financing Act. If you follow this, the chances of getting sucked into someone’s illegal activities are close to zero.
1. Determine whether you are subject to the Wwft as an institution
The first step is obviously determining, whether you are one of the institutions that fall under the Wwft. On the basis of the term 'institution', Article 1(a) of the Wwft lists which parties fall under this law. The law applies, amongst others, to banks, insurers, investment institutions, administrative offices, accountants, tax advisers, trust offices, lawyers, and notaries. You can view Article 1a, which states all obliged institutions, on this page. If you are unsure, you can always contact Intercompany Solutions to clarify whether the Wwft applies to your company.
2. Identify your clients and verify the provided data
Whenever you receive a new application from a client, you need to ask them for their identity details before you start to offer your services. You need to capture and save this data too. Determine that the specified identity matches the actual identity before you begin the service. If the client is a natural person, you can ask for a passport, identity card, or driver’s license. In the case of a Dutch company, you should ask for an extract from the Dutch Chamber of Commerce. If it’s a foreign company, see whether they are also established in the Netherlands, because you can also ask for an extract from the Chamber of Commerce. Are they not established in the Netherlands? Then ask for reliable documents, data, or information that is customary in international traffic.
3. Identifying The Ultimate Beneficial Owner (UBO) of a legal entity
Is your client a legal entity? Then you need to identify the UBO and verify their identity as well. The UBO is a natural person who can exercise more than 25% of the shares or voting rights of a company, or is the beneficiary of 25% or more of the assets of a foundation or trust. You can read more about the Ultimate Beneficial Owner in this article. Having "significant influence" is also a point at which someone can be a UBO. In addition, you should investigate the control and ownership structure of your client. What you need to do to determine the UBO depends on the risk you have estimated. In general, the UBO is the person (or persons) who have the most influence in the company and can therefore be held responsible for any criminal or illegal activities, that arise. When you have estimated a low risk, it is generally sufficient to have a statement signed by the client about the correctness of the specified identity of the UBO. In the case of a medium- or high-risk profile, it is wise to carry out further research. You can do this by yourself via the internet, by questioning acquaintances in the client's country of origin, by consulting the Dutch Chamber of Commerce, or by outsourcing the research to a specialized agency.
4. Check whether the client is a Politically Exposed Person (PEP)
Investigate whether your client holds or has held a certain public position abroad now, or until one year ago. Also involve family members and loved ones. Check the internet, the international PEP list, or another reliable source. When someone is classified as a PEP, chances are they have come into contact with particular types of individuals, such as people who offer bribes. It is important to know whether someone is sensitive to bribery, since this might be a potential red flag regarding the risk of criminal and/or illegal activities.
5. Check whether the client is on an international sanctions list
Next to checking someone’s PEP status, it is also necessary to search for clients on international sanctions lists. These lists contain individuals, and/or companies, that have been involved in criminal or terrorist activities in the past. This might give you an idea of someone’s background. In general, it’s wise to refuse anyone who is mentioned on such a list due to their volatile nature and the threat this might pose to your company.
6. (Continuous) risk assessment
After you have identified and checked on a client, it is also extremely important to stay up-to-date on their activities. This means you should continually monitor their transactions, especially when something seems unusual. Form a rational opinion about the purpose and nature of the business relationship, the nature of the transaction, and the origin and destination of resources to make a risk assessment. Also, make sure you get information from your client. What does your client want? Why and how do they want this? Do their actions make sense? Even after the initial risk assessment, you must continue to pay attention to the risk profile of your client. Check whether transactions deviate from your client's normal behavior pattern. Does your client still meet the risk profile you have drawn up?
7. Forwarded clients and how to handle this
If your client is introduced to you by another advisor or colleague within your firm, you can take over identification and verification from that other party. But you do need to check whether identification and verification have been done correctly by other colleagues, so request details about this, because once you take over a client or account, you are the one who is responsible. This means you will have to perform the steps yourself in order to be sure you have carried out the necessary due diligence. The word of a colleague is not enough, make sure you have the proof.
8. What to do when you see an unusual transaction?
In the case of objective indicators, you can consult your list of indicators. If the indicators seem rather subjective, you should rely on your professional judgment, possibly in consultation with colleagues, a supervising professional organization, or a confidential notary. Make sure you record and save your considerations. If you conclude that the transaction is unusual, you need to report the unusual transaction to the FIU without delay. Within the framework of the Wwft, the Financial Intelligence Unit Netherlands is the authority where you must report suspicious transactions or clients. An institution shall notify the Financial Information Unit of any unusual transaction made or planned to be made immediately after the unusual nature of the transaction has become known. You can easily do this through a web portal.
Intercompany Solutions can assist you with setting up a due diligence policy
By far, the most important aspect of the Wwft is knowing with whom you are doing business. By following the abovementioned steps, you can set up a relatively simple policy that meets the legal requirements set by the Wwft. Insight into the correct information, registering the steps taken, and applying a uniform policy are essential to being able to pick up on risky and unusual behaviors quickly and efficiently. Nonetheless, it still happens too often that compliance officers and compliance employees work manually, so they do a lot of unnecessary work. We advise you to think about the possibility of developing a uniform approach within your organization. If you are currently thinking about starting a business that falls under the legal framework of the Wwft, we can assist you with the entire company registration process in the Netherlands. This only takes a few business days, so you can start doing business almost immediately. We can also handle some extra tasks for you, such as setting up a Dutch bank account, and pointing you to interesting partners. Please feel free to contact us with any inquiries you might have. We will reply to your query as soon as possible, but generally within just a few business days.
Sources:
