NETHERLANDS Law and Practice Contributed by: Roderik Vrolijk, Rogier Raas, Ingrid Viertelhauzen and Maarten Weekenborg, Stibbe
transparency, fair treatment of customers and market integrity. DNB supervises prudential soundness (pri - marily, compliance with capital requirements), finan - cial stability and the integrity of the financial system. DNB is the primary supervisor of entities subject to capital and liquidity requirements, including banks, insurers, payment institutions and certain crypto-asset issuers. DNB works closely with the ECB in its super - vision of banks, where the ECB directly supervises and licenses significant Dutch banks under the Single Supervisory Mechanism. DNB also supervises com - pliance with the Dutch Anti Money Laundering and Financing of Terrorism Act ( Wet ter voorkoming van witwassen en financieren van terrorisme , Wwft) AML/ CFT requirements. The AFM is the primary supervisor of investment firms, fund managers, financial service providers and certain crypto-asset service providers. Most larger financial institutions are in regular contact with both regulators. Under PSD2, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , AP) and the ACM have specific supervisory roles. At EU level, the European Supervisory Authorities (ESAs) (EBA, ESMA and EIOPA) complement national supervision, promote regulatory convergence and develop technical standards. 2.7 No-Action Letters DNB and the AFM do not issue “no-action letters”. In practice, however, market participants may seek informal guidance through supervisory engagement or via the InnovationHub. Such guidance may clarify the regulators’ interpretation of applicable rules but does not constitute a legally binding “safe harbour”. Regu - lators retain full supervisory and enforcement pow - ers, and reliance on informal views does not preclude future action if circumstances change. 2.8 Outsourcing of Regulated Functions Regulated entities may generally outsource activities to, or procure ICT services from, regulated and non- regulated entities, subject to regulatory limitations. For example, regulated entities:
• must ensure their sound and controlled business operations (including maintaining adequate sub - stance); • may not outsource the responsibility of the man - agement board; and • must comply with the governance, monitoring and contracting requirements that apply pursuant to the rules on outsourcing and DORA. A regulated entity remains fully responsible for com - pliance with financial regulations when outsourcing functions. If the outsourced function constitutes a regulated activity, the vendor must generally hold the relevant authorisation or licence to perform that ser - vice, as this requirement applies to whoever carries out the activity. However, for ancillary or operational functions that merely support a regulated activity (eg, IT infrastructure or cloud services), outsourcing to unregulated third parties is permitted, provided there are robust controls in place. Vendors are typically subject to the following: • mandatory contractual requirements covering audit rights, data security, business continuity, and ter - mination provisions; • regulatory notification or approval for material out - sourcing arrangements; and • ongoing oversight obligations imposed on the outsourcing entity. 2.9 Gatekeeper Liability The concept of “gatekeeper” has particular signifi - cance in the Dutch anti-money laundering framework. The Wwft imposes specific obligations on a broad range of institutions, including banks, payment institu - tions, electronic money institutions, investment firms, insurers and CASPs: • conducting institutional and client risk assess - ments; • performing customer due diligence; • monitoring transactions on an ongoing basis; • reporting unusual transactions to the Financial Intelligence Unit (FIU-Netherlands); and • maintaining adequate records.
569 CHAMBERS.COM
Powered by FlippingBook