NETHERLANDS Law and Practice Contributed by: Roderik Vrolijk, Rogier Raas, Ingrid Viertelhauzen and Maarten Weekenborg, Stibbe
Many regtech providers operate as B2B technology or software servicers that assist regulated firms with compliance obligations and are not themselves sub - ject to financial services regulation. Examples include the following. • KYC/onboarding software and digital identity tools – software solutions provided to regulated entities without the provider itself performing regulated activities. • Regulatory reporting tools – software that auto - mates transaction reporting (eg, under MiFID II or EMIR) on behalf of clients, where the regtech pro - vider is not itself transmitting orders or acting as a financial intermediary. • AML monitoring and transaction screening soft - ware – tools that flag suspicious activity for the regulated firm’s own compliance team. • Risk and compliance software – software enabling financial firms to manage compliance workflows and monitor regulatory developments. The following regtech activities may trigger a licence requirement. • Automated investment advice (robo-advisory) – providing automated investment recommendations to end clients constitutes an investment service and requires an investment firm licence under MiFID II as implemented in the Wft. • Transaction reporting as a delegated service – reporting trades on behalf of clients under MiFID II as an Approved Reporting Mechanism (ARM) requires authorisation. Finally, regtech providers may indirectly be subject to supervision if they provide outsourced services or other ICT-services to regulated entities. 9.2 Contractual Terms to Ensure Performance and Accuracy Provisions typically included in agreements with tech - nology service providers are shaped by hard EU law (primarily DORA), Dutch national regulation (in par - ticular statutory outsourcing restrictions and guid - ance and “good practices” published by the AFM and DNB) and market practice. Key contractual provisions include the following:
• a clear and complete description of the outsourced or contracted service, including service levels and uptime requirements; • termination provisions and related transitional services; • restrictions on subcontracting; • obligations on the supplier to disclose without delay any incidents or circumstances that may affect the security or continuity of the service; • audit and inspection rights (also in favour of the regulator); • cybersecurity, confidentiality and encryption requirements; and • data protection obligations, including compliance with applicable data processing requirements and restrictions on cross-border data transfers. 10. Blockchain 10.1 Use of Blockchain in the Financial Services Industry Traditional market participants in the Netherlands are actively exploring the integration of blockchain technology into their business models. Several major Dutch banks are developing use cases for blockchain technology within their payment and settlement infra - structure. • ING, the largest bank in the Netherlands, joined forces with eight other European banks to develop a euro-denominated stablecoin intended for cross- border payments, digital asset settlement and supply chain management. The initiative aims to provide a euro-based alternative to existing stable - coins. • ABN AMRO, another significant Dutch bank, has obtained a European licence for crypto custody services under MiCAR and has completed its first international Smart Derivative Contract (SDC) transaction in collaboration with another bank. 10.2 Local Regulators’ Approach to Blockchain The principal EU legislative framework applicable to crypto-assets in the Netherlands is MiCAR. MiCAR establishes rules concerning the issuance, offering and trading of crypto-assets and requires national
578 CHAMBERS.COM
Powered by FlippingBook