Global data and insights ensure a reliable, fast and watertight compliance process. This page answers all your questions about compliance.

Compliance - Table of contents

Compliance is adherence to applicable laws and regulations and is an English term.

In business, there is often a compliance department. This department is responsible for checking that the organization complies with current laws and regulations and ensures that the company's internal rules are also followed. These departments are managed by a compliance officer.
A compliance officer is actually the internal supervisor of compliance with both internal regulations and compliance with applicable laws and regulations within the jurisdiction in which the company operates.

Compliance officers' duties include monitoring any compliance risks, identifying them. They are also responsible for drawing up measures and strategies to minimize compliance and reputation risks. A compliance officer also keeps in touch with external regulators such as the ACM and the Nederlandsche Bank, for example.

The Prevention of Money Laundering and Financing for Terrorism Act (wwft) is to ensure that banks and institutions prevent criminals from laundering their money.

The wwft applies to any company dealing with money flows. Think banks, but also brokers and tax consultants. In short, also called financial service providers. Precisely because they have good insight into the spending patterns and often income of individuals, they must be vigilant to prevent money laundering. A complete list of companies and individuals affected by the wwft can be found here here.

The wwft is the local version of the anti money laundering (AML) directive, combined with counter terrorist financing (CFT).

The EU releases a new version of the AML every so often. Currently, the most recent version is the 2021 AML 6 Directive. These updates ensure that the EU has enough tools to continue to enforce. Because of technology, criminals develop faster, and revised versions of the AML remain necessary. So the wwft is the Dutch interpretation of the AML6 and the CFT.
There are two ministries that share responsibility: The Ministry of Finance and the Ministry of Justice and Security. Supervision and enforcement are also broken down by industry.

  • For brokers, traders, pawnbrokers and companies that provide a (mailing) address, there is the Wwft Supervision Bureau (the Tax Office).
  • Accountants, tax consultants and notaries are monitored by the Office of Financial Supervision.
  • The Dutch Central Bank supervises credit institutions, bureaux de change, (electronic) money institutions, life insurers, safe deposit box lessors and, of course, banks;
  • Investment firms and institutions, banks and financial service providers are supervised by the Financial Markets Authority (AFM);
  • Dutch (online) gaming casinos are monitored by the gaming authorities;
  • The Dutch Bar Association supervises lawyers.

An executive order usually provides more guidance to better enforce a law or several laws. They are clarifications to an existing law with more detailed rules and elaborations of definitions.

This executive order clarifies definitions and adds rules on trustworthiness and integrity. The full executive order is here to be consulted.

A wwft check is often linked to a KYC (Know-Your-Customer) or KYV (Know-Your-Vendor) process. In fact, the wwft check is part of this. This can also be included in a client acceptance process. After all, you need to be compliant and be able to present a file to an auditing body if they ask for it.

Horitzontal fraud covers all forms of fraud against people (citizens), businesses and financial institutions. Think of mortgage fraud or the well-known WhatsApp fraud.
The AML stands for Anti Money Laundering Directive, or anti-money laundering directive. The six represents the new additions to the previous AMLs. A new directive comes out periodically, incorporating the latest developments within money laundering. This is a European Directive, which means that countries often make a local variant, such as in the Netherlands the wwft.

There are 5 major differences between the AML5 and AML6. We have briefly described these below.

1. 'criminal activity' has a fixed definition
In AML5 we could already read that "criminal activity" should be punishable in all participating EU member states. Since this interpretation was seen as vague, a list of basic offenses that should be criminalized by all EU member states (if not already criminalized before) has now been drawn up.



2. Complicity of money laundering punishable
Aiding, abetting, attempting, and instigating the 22 previously mentioned crimes are now also punishable. Aiding and abetting can now also be seen as perpetrators of money laundering and therefore stands a chance of being punished as severely as being a direct perpetrator. As a result, the EU hopes to drastically reduce the number of accomplices.

3. Close cooperation at the international level
The list of 22 offenses ensures a consistent approach across EU countries. By doing so, the European Union hopes to encourage more uniformity and better cooperation among EU countries. In addition, the 6th Directive states that member states involved in a prosecution of an offence should cooperate to centralize the proceedings. The European Banking Authority (EBA) has the coordinating role in this area.

4. Heavier penalties
Member states were still allowed to choose the maximum penalties they imposed when a crime occurred within AML5. AML6 now stipulates that the minimum sentence must be four years' imprisonment. Thus, member states may still impose a higher sentence, but not less than four years. In doing so, member states may also impose additional sanctions impose such as curtailing subsidies, (temporarily) prohibiting the performance of commercial activities, or a fine.

5. Extension of criminal liability
In addition to an expansion of punitive measures, the criminal liability of legal persons has also been broadened. Under the old rules, only natural persons were punishable for money laundering. In AML6, criminal liability has been expanded, making legal entities of B.V.'s and N.V.'s punishable as well.

On July 20, 2021, the EU Council came up with new changes for the AML. These would become the AML7, however, they are only proposals and the words AML7 are not being put in the mouth.

It is already known what has been proposed. The possible new changes in a row:

1. An EU centralized AML authority (AMLA).
Initially, the AMLA is not intended to replace local AML enforcers. The initial goal of the AMLA is to ensure that AML legislation is implemented correctly and consistently across the EU. Also, the AMLA will not be established until 2023 and will not begin this task until 2026.


2. Unit of AML/KYC rules in each EU member state
Recent years have shown that not every state implements AML rules equally well or equally quickly. An example of this is the UBO registry. Its introduction took 3 years longer than planned in Cyprus and Hungary. On top of that, in one country only 1 document needs to be signed, while in other countries very expensive video and passport verification is required. So the EU now wants to apply clarification and unity to all AML and KYC rules with immediate effect. This means that adaptation of local legislation is unnecessary.


3. Single Access Point for bank accounts and related records.
This system should become a single access point for all national centralized bank accounts. This should allow enforcers in each EU member state to immediately access bank accounts of European banks and view their stakeholder(s). The EU believes this would reduce the number of fraud attempts concerning bank accounts, as it would make verification easier.


4. Expanding control of crypto business models and their definition
Currently, only certain categories of crypto companies registered in the EU are required to comply with the AML. These are the so-called crypto wallets and crypto exchanges. The new amendment should ensure that any company dealing with crypto on a professional basis must comply with the AML. Companies engaged in below must therefore comply with the AML.

  • Companies that keep records on crypto assets for third parties;
  • Operating a trading platform for crypto assets;
  • Trading crypto assets for any legal tender;
  • Trading crypto assets for other crypto stocks;
  • Trading or performing actions related to crypto assets on behalf of third parties;
  • Placing crypto assets;
  • Receiving and processing crypto asset requests on behalf of third-party parties
  • Advising on crypto assets


5. Implementing the "Crypto Travel Rule."
The EU is happy to follow the global trend to implement the "Travel Rule" also when it comes to crypto companies. This adaptation would provide a direct obligation (so no adaptation of local legislation is needed). Each Crypto company (see previously mentioned list) will then have to collect and exchange information about the principal and interested party, just like with bank transfers.



6. Banning anonymous crypto wallets.
It sounds extraordinary at first glance, but the ban will cover anonymous accounts in crypto exchanges and hot wallets. Hot wallets are crypto wallets that are connected to your phone or the Internet.


7. Prohibiting cash purchases over 10,000 euros.
The European commission plans to ban all cash purchases above 10,000 euros. Currently, different countries have different ceilings on cash purchases. For example, in Poland it is 15,000 euros, but in Greece it is already 500 euros.

CFT stands for Counter Financing Terrorism and is a European Law. In the Netherlands, the law falls under the wwft. The CFT is often mentioned in the same sentence with the AML because both aim to combat the financing of illegal actions.

Sanctions are measures imposed when a person, group, company or countries exhibit undesirable actions. Often these are political or economic measures imposed at a high level. In the Netherlands, these are laid down in the Sanctions Act.

A country can introduce a sanction, but in practice you often see that it is only (combined) superpowers that impose sanctions. Think of the United States, but also the European Union or the United Nations. The more major powers introduce the same sanction, the greater the impact of this sanction will be. Consider, for example, the sanctions imposed on Russia.

Sanctions come in different forms. For example, there are diplomatic sanctions. These include breaking diplomatic ties with a sanctioned country and closing embassies. In addition, there are military sanctions. These types of sanctions are very rare and are implemented only in extremely rare cases. These sanctions include the use of armed forces, arms embargoes and even targeted attacks with military personnel.

A milder form of sanctions are sports sanctions. When a country receives a sports sanction it means that athletes from a sanctioned country are not allowed to participate in major international sporting events (think Olympic Games). The purpose of this sanction is to draw attention around the wrongdoing of the sanctioned country and encourage improvement. Sanctions can also be imposed on individuals. This often takes the form of travel bans or asset freezes.

The Sanctions Act 1977 is a collection of laws describing the requirements that agencies must meet to maintain integrity and to combat terrorism, illegal trade and money laundering. These companies must screen their (new) business relationships to see if they (or owners of them) appear on sanctions lists.
Financial institutions such as banks and insurers also include leasing companies, casinos and pension funds. The Dutch Central Bank and the AFM are the supervisory parties. Other natural persons, companies and legal entities may also come into contact with the Sanctions Act through their professional activities.
Sanction lists are public and exist at the corporate, country and personal level. Also, sometimes you are not allowed to do business with family members of sanctioned persons. All sanctions lists can be found online, and there are a lot of them. For example, there is an EU sanctions list, a UN sanctions list, a Dutch sanctions list, a Belgian sanctions list and a U.S. sanctions list. These lists are regularly updated, which is why it is important to periodically check for sanctions at companies, this is also called monitoring. We offer several ways to check companies and UBOs (internationally) for sanctions and have the possibility to monitor them automatically. View the possibilities here.
Customer Due Diligence (CDD) is also known as Know Your Customer. This term literally means due diligence with the customer. Every company has a Due dilligence duty and, as a result, a customer due dilligence policy. Due Diligence is all about integrity and getting to know a customer or other third party better. Who does your company do business with? Could the customer or supplier pose a risk (both financial and legal)? This helps a company avoid doing business with fraudulent/criminal parties. Financial institutions often bear the greatest responsibility when it comes to a due diligence process. After all, they have the best view of a company's various cash flows and therefore must comply with by far the most laws regarding due diligence. Consider the wwft, and internationally to the AML6. Also, many companies fall under the sanctions act, or all of the aforementioned laws. A due diligence process often consists of a KYC check.

As a company, you do a KYC check before entering into a new business relationship. This could be a prospect, but also potential suppliers or other third parties you want to work with. A KYC check ensures that the company you are going to do business with has integrity and is not sanctioned or poses a high business risk.

KYC checks can be performed in several ways. Often a KYC check begins with verifying the customer. Is Company A indeed Company A? Then you go on to determine the shareholders, directors and ultimately stakeholders (UBO check). The company and the UBOs must then be screened for sanctions, and a check is made on whether you, as a company, are indeed allowed to do business with this company (compliance part). This process must then be documented in an audit trail, so that auditing agencies can verify that all steps were (correctly) followed through. A KYC check ends in three ways.


1) You may do business with this customer (no details found),


2) You may do business with this customer, but there are parts you need to pay extra attention to (specifics found),


3) You are not allowed to do business with this customer (the company is sanctioned or there are other details that prevent you from doing business).


A KYC check is often a time-consuming process, especially when doing business internationally. Fortunately, there are many ways to speed up this process or even automate it entirely. Several options include here to be found.


Always stay up to date on Compliance news?

Sign up now!

Yes, I want to be informed every month about trends & development around Credit Risk, Compliance, Master Data, Supply Chain en Sales & Marketing.

Looking up a company or D-U-N-S number?

Looking up an article or topic?


Je keuze voor

quizz outcome