NETHERLANDS Law and Practice Contributed by: Roderik Vrolijk, Rogier Raas, Ingrid Viertelhauzen and Maarten Weekenborg, Stibbe
11. Open Banking 11.1 Regulation of Open Banking
Common fintech fraud patterns in the Netherlands include: • push-payment scams; • phishing and spoofing; • account takeovers; • marketplace and invoice fraud; and • the use of money-mule networks for money laun- dering. In parallel, the AFM enforces the market abuse regime under the MAR for financial instruments and, since MiCAR’s application, the equivalent market abuse pro - visions for crypto-assets under MiCAR. Administrative fines of up to EUR20 million or 15% of annual turno - ver (whichever is higher) may be imposed. Many Wft violations also constitute economic offences under the Economic Offences Act ( Wet op de economische delicten ), enabling criminal prosecution alongside or instead of administrative enforcement for breaches of financial regulations. 12.2 Areas of Regulatory Focus The AFM and DNB focus their supervisory attention on fraud typologies that directly affect customers. Priority areas include authorised push-payment fraud (includ - ing bank helpdesk impersonation and invoice scams), phishing and spoofing, and online account takeover. DNB monitors compliance with the strong customer authentication (SCA) requirements under PSD2 and the application of SCA exemptions. Both regulators expect effective transaction monitoring and disruption of money-mule networks. Cross-border co-operation between banks, fintechs and law enforcement fea - tures prominently, given that fraud networks operate internationally and move rapidly between channels. 12.3 Responsibility for Losses A fintech provider’s liability for customer losses depends on the type of service provided and the appli - cable regulatory framework. For payment services, Dutch law implementing PSD2 (Book 7, Title 7B of the Dutch Civil Code ( Burgerlijk Wetboek )) distinguishes between unauthorised and authorised transactions. For unauthorised payments, the PSP must in principle refund the customer promptly, subject to timely noti - fication (generally within 13 months). The PSP bears the evidentiary burden of proof to demonstrate proper
In line with PSD2, Dutch financial supervision law supports open banking. PSD2 was implemented with some delay in the Netherlands, in particular because of concerns around data protection and the conflicting priorities of PSD2 and GDPR. Now, PSD2’s access to account (XS2A) rule is among the more powerful ena - blers. The fair and collaborative supervisory frame - work in the Netherlands also helps. 11.2 Concerns Raised by Open Banking Data privacy and data security compliance remain significant challenges in the Netherlands. Banks and other financial institutions continue to invest heavily in cybersecurity. Since DORA became fully applica - ble in January 2025, covered firms have reached the active compliance stage, including the enforcement of contractual arrangements with ICT third-party service providers. Firms have also strengthened board-level expertise, also in view of the board-level account - ability requirements and expectations under relevant financial supervision laws (including DORA). A further complexity arises from the fact that GDPR compliance and PSD2 compliance fall under different supervisory authorities (the AP and DNB, respective - ly). Firms accordingly face scrutiny from both regula - tors simultaneously. The regulators have entered into a co-operation protocol governing their joint oversight of personal data processing obligations arising under PSD2 and the GDPR. There is no dedicated financial services fraud offence in the Netherlands. Fintech-related fraud is prosecut - ed under the general provisions of the Dutch Crimi - nal Code ( Wetboek van Strafrecht ), principally the offences of fraud, forgery, embezzlement, computer intrusion, and identity fraud. Fraud requires that the perpetrator induces another person to surrender prop - erty, provide services or make data available through false pretences, with the intent to obtain an unlawful benefit. 12. Fraud 12.1 Elements of Fraud
582 CHAMBERS.COM
Powered by FlippingBook