The AMLA1 will execute direct AML/CTF supervision of selected FIs, including the possibility to impose binding decisions on monitored institutions, along with administrative sanctions of up to 10% of turnover. It is currently anticipated that around 40 institutions in the EU will be selected for AMLA supervision, however, the precise risk methodology for selection is still being finalised (as of January 2024).
Non-selected FIs are less impacted. Yet, there are still implications as
AMLA will indirectly monitor via periodic assessment (e.g. questionnaires) to assess their compliance with AML/CTF standards. Furthermore, local supervisors can take stricter actions inspired or instructed by AMLA and non-selected FIs can still be investigated and sanctioned for breaches of EU and national law.
AMLA will monitor appointed FIs with the supervisor in the Member State in joint supervisory teams. The exact working of those teams is still to be further detailed. Despite these joint supervisory teams, the FIs should be aware that a regulatory change most likely increases the administrative burden, as AMLA will request much information to start their supervision. In addition, currently DNB and Dutch FIs have a constructive relationship in which they connect in round tables on topics like the risk-based approach. It is still unsure if FIs will have a similar working relationship with the AMLA. Also, the question is whether AMLA will be able to demonstrate the same level of understanding of the Dutch market and developments, such as TMNL and locally developed risk-based approach guidelines.
The AMLA will inherit several powers from local supervisors. One of those for Dutch FIs (both selected and non-selected for AMLA supervision) to consider, is the ability AMLA is given in the AMLR to issue technical standards, guidelines and recommendations. It enriches the AMLR, e.g. on the type of simplified due diligence measures or the reliable and independent sources of information that may be used to verify the identification data of natural or legal persons. Such guidance documents are formally non-binding, but in practice followed.
This means that FIs can expect additional guidance from AMLA that does not necessarily align with the current and upcoming DNB and Nederlandse Vereniging van Banken (NVB) guidelines, such as the consultation version of DNB Q&As and Good Practices WWFT2 and the NVB Risk-Based Industry Baselines3. New guidance by AMLA could potentially result in changes in the current AML/CTF policies and procedures of FIs.
The Anti-Money Laundering Regulation will largely replace AMLD5. Once it comes in effect, the AMLR is directly applicable to Dutch FIs, eliminating the need for implementation of a transposition law. Hence, the AMLR serves as the “single rulebook”, offering a uniform framework for AMLA to oversee the enforcement of these rules in its capacity as a direct supervisor of certain FIs. This is contrary to the current AMLD5, which is transposed into the WWFT in The Netherlands. Large parts of the WWFT will be replaced by AMLR.
An implication of the Anti-Money Laundering Regulation is how the AMLR implements the risk-based approach. In the last few years, the Dutch FIs have made efforts to make AML/CTF policies and procedures more risk-based, for example by the NVB Industry Baselines, supported by DNB in ‘Van herstel naar balans’.4
In ‘Van herstel naar balans’, DNB notes that partly as a result of drastic enforcement measures, banks have increased their efforts significantly in the fight against financial crime. However, according to DNB, the combatting of financial crime can be more effective and efficient through the application of a risk-based approach. More effective by less criminal money flowing through the financial infrastructure and more efficient by less burden on banks and their clients. DNB emphasizes in the report that the intensity of the measures to prevent money laundering and financing of terrorism should be tailored
to the specific risks a client faces to the FI.
The NVB Industry Baselines are the result of round tables between banks and the Dutch supervisor DNB regarding more risk-based client due diligence and describe the risk-based Dutch banking practice to several gatekeeper topics and clarifies how to act in a risk-based manner.
However, given what we know now about the AMLR, the AMLR has a different perspective on the risk-based approach than DNB and the NVB. This is illustrated by the following example. The consultation version of DNB Q&As and Good Practices WWFT (which will replace the “DNB Leidraad Wwft en SW”) describes that client data must be updated if relevant circumstances of the client change.5 This document does not mention a timeline for periodic review. The NVB Risk Based industry Baseline Client Data Actualization6
goes even further, mentioning “banks may determine that data correctness does not expire until there are reasons to doubt the correctness of client data. To make client data actualisation risk relevant and to prevent unnecessary client outreach, the preferred moment of data actualisation is trigger-based.” This is contrary to the AMLR, which prescribes that client information must be updated on an event driven and periodic basis, at least every five years.
The introduction of AMLA and the AMLR harmonises the Anti-Money Laundering rules and the supervision thereon: the coexistence of an integrated, enforceable single financial market policy (AMLR) enforced by an integrated supervisory system composed of the AMLA and national structures of AML supervision. This harmonisation could be a blessing for FIs as it reduces regulatory uncertainty. However, it remains to be seen if the advancements in the risk-based approach we have seen recently in The Netherlands will prevail. Only if the focus of AMLA and AMLR will be truly on enhancing AML effectiveness and not on adding additional layers of technical compliance, a curse can be averted. As in many regulatory environments, the promise of the EU AML package is in the hands of the people working with the rules.
2 DNB (2023), ‘Consultatieversie DNB ‘Q&As’ en ‘Good Practices’ Wwft’, https://www.dnb.nl/media/lqehbkau/dnb-wwft-qa-good-practices-consultatieversie.pdf,
3 NVB (2023), ‘Risk-Based Industry Baselines’, https://www.nvb.nl/publicaties/protocollen-regelingen-richtlijnen/nvb-standaardennvb-risk-based-industry-baselines/
4 DNB (2022), ‘Van herstel naar balans. Een vooruitblik naar een meer
risicogebaseerde aanpak van het voorkomen en bestrijden van witwassen en
terrorismefinanciering’, www.dnb.nl/media/2ambmvxt/van-herstel-naar-balans.pdf
5 DNB (2023), ‘Consultatieversie DNB ‘Q&As’ en ‘Good Practices’ Wwft’, https://www.dnb.nl/media/lqehbkau/dnb-wwft-qa-good-practices-consultatieversie.pdf, p. 83
6 NVB (2023), ‘Risk-Based Industry Baseline Data Actualisation, https://www.nvb.nl/media/5706/nvb-standaarden_5_client-data-actualisation_30-5.pdf , p. 4