Regulatory framework

Regulatory authorities

What national authorities regulate the provision of financial products and services?

In the Netherlands, the supervision of the provision of financial services and products is divided over two competent authorities, the Netherlands Authority for the Financial Markets (AFM) and the Dutch Central Bank (DNB). This division follows a ‘twin peaks’ model, meaning that general regulation and supervision of the financial markets is jointly executed, with the AFM tasked with the regulation and supervision of market conduct, and DNB with the regulation and supervision of prudential matters.

The first ‘peak’, the market conduct component supervised by the AFM, relates to fair and orderly financial market processes, prudent relationships between market parties, and protections and conduct concerning clients.

The second ‘peak’, the prudential component supervised by DNB, relates to the solidity of financial undertakings and the integrity and stability of the financial markets, including financial health of financial institutions and the (managed) resolution of certain financial undertakings.

Additionally, certain areas of banking regulation fall within the scope of the Single Supervisory Mechanism, with regulation and supervision exercised by the European Central Bank (ECB), in many areas in cooperation with DNB in a system of Joint Supervisory Teams (JSTs).

Finally, the Dutch Authority for Consumers and Markets (ACM) has a limited role in relation to certain market access and consumer protection topics.

What activities does each national financial services authority regulate?

As discussed in question 1, the AFM and DNB are jointly tasked with regulating all financial services, but from two differing functional angles (prudential and market conduct).

Additionally, each competent authority is tasked with licensing and regulating specific financial institutions. The AFM is tasked with the regulation of, among other things, investment companies, asset managers, trade platforms, and collective investment schemes. DNB is tasked with the regulation of, among other things, banks, insurers, pension funds, payment institutions and electronic money institutions.

As a result, while both competent authorities will oversee the integrity of the financial markets from their own purviews, each authority’s emphasis is on differing financial services. In practice, this means that a substantial part of (sizable) financial institutions need to deal with both the AFM and DNB in relation to their businesses.

What products does each national financial services authority regulate?

Generally, the supervision of financial markets in the Netherlands does not follow a product-specific approach. Rather, the AFM’s or DNB’s competence relates to the type of service provided, meaning that the competent authority for the specific financial service also regulates the products covered by the specific service.

Authorisation regime

What is the registration or authorisation regime applicable to financial services firms and authorised individuals associated with those firms? When is registration or authorisation necessary, and how is it effected?

A licence is required for the majority of financial services provided to customers in the Netherlands. Most licensing requirements are based on (or implement) the relevant provisions of European Union (EU) financial regulations (in particular, the Capital Requirements Directive, Markets in Financial Instruments Directive, Payment Services Directive, Solvency II Directive, and the Alternative Investment Fund Managers Directive (AIFMD), to name the most prominent ones). In addition, there are certain specific financial services requiring a licence in the Netherlands (with national scope). For example, offering consumer credit and offering of, or advising on, certain types of financial products (not being financial instruments) generally requires a specific type of licence under Dutch law.

The requirements for licensing and the scope of said authorisation differs from service to service. A licence for a financial service regulated at European level (and implemented in the Netherlands) generally has a European scope based on a so-called European passport. A licence for a specific financial service only regulated at a national level will also have a scope limited to the Netherlands market.

Finally, as already referred to above, certain financial institutions need to apply for a licence with the AFM and others with DNB. The following is a non-exhaustive summation of the main financial services for which an authorisation is required, together with the licensing authority:

  • banking services - DNB and ECB;
  • (re)insurance services - DNB;
  • payment services - DNB;
  • electronic money institution services - DNB;
  • clearing services - DNB;
  • investment services - AFM;
  • AIF or UCITS investment fund management - AFM; and
  • services as financial service providers - AFM.

A licence will be required as soon as a person or entity offers a type of financial service in the Netherlands, which customarily means to Dutch-resident clients and in some cases also from an entity established in the Netherlands.

In this respect, Dutch competent authorities constantly monitor relevant activities and will prevent (or sanction) service providers that do not hold the required licence from engaging in licensable activities. Depending on the type of financial institution or service, differing authorisation regimes apply. As a rule, for a licence application the competent authority will test, among other things:

  • the financial service or products to be offered (business plan);
  • the applying institution’s internal governance, infrastructure and policy framework (sound business operations);
  • integrity and prevention of conflicts of interest (ethical business operations);
  • transparent ownership structure, competency and reliability (fit and properness) of the institution’s senior management; and
  • certain financial health requirements, such as minimum capital, solvability and liquidity.

Once a request for authorisation has been submitted, the competent authority will determine if the submission is complete and meets the regulatory requirements. The competent authority will only assess the actual substance of the submission once the competent authority is satisfied the submission is complete. By law, the competent authorities are obligated to respond to most licence applications within 13 weeks. However, as the competent authorities use a ‘stop-the-clock’ mechanism for questions or requests for further information, in practice the authorisation process often takes longer.


What statute or other legal basis is the source of each regulatory authority’s jurisdiction?

Both the AFM and DNB are independent public bodies, with national mandates for the supervision of financial services. The financial supervision tasks and duties of the AFM and DNB are granted in the Financial Supervision Act (Wft).

As independent public bodies, the AFM and DNB are also subject to the general rules of administrative law in the Netherlands.

In addition to its tasks under the Wft, DNB also has certain non-supervisory tasks relating to the central bank function, monetary policy and responsibility for the Dutch payment system.

What principal laws and financial service authority rules apply to the activities of financial services firms and their associated persons?

The main body of law for financial regulation in the Netherlands is the Wft. The Wft is a substantial statutory instrument, consisting of more than 1,200 articles and containing all general provisions for the regulation of financial services and institutions. Further, the Wft is a framework law referring to a variety of more detailed requirements in lower, secondary decrees and regulations.

In addition to the Wft, the varying EU financial directives, regulations and related guidance are also a source of regulatory legislation in the Netherlands. Most EU financial directives have been implemented in the Wft and the decrees and regulations promulgated thereunder. The provisions of EU financial regulations all have direct effect in the Netherlands, and so there is no need for implementing measures.

Finally, there are certain financial laws with a more limited scope, such as the Giro Securities Act, Pension Act, Act on the Supervision of Trust Offices 2018, and the Anti-Money Laundering and Anti-Terrorist Financing Act.

Scope of regulation

What are the main areas of regulation for each type of regulated financial services provider and product?

In general, the Wft will provide extensive areas of regulation for all regulated financial services providers. The common goal of regulation is to protect the integrity of the financial markets. Depending on the impact a financial institution or product can have on the financial markets or the benefit for consumers, the areas of regulation may be broadened and specified. For example, the prudential regulations, such as capital and liquidity, for banks, insurers and pension funds are more exacting than for investment companies or payment service providers.

With regard to the ongoing supervision of licensed entities, financial institutions are under a statutory obligation to constantly monitor and self-assess their compliance with the regulatory requirements and licence requirements. The relevant laws and regulations contain a system of reporting obligations that generally require regulated entities to notify the competent authorities of potential and actual non-compliance. For example, a Dutch bank is under a statutory obligation to report certain financial ratios (eg, solvency and liquidity) to DNB on a regular basis but would also be required to make ad hoc notifications in case of a material shortfall.

Finally, the obligation to comply with regulatory requirements also covers an institution’s compliance with organisational requirements and market conduct rules.

Additional requirements

What additional requirements apply to financial services firms and authorised persons, such as those imposed by self-regulatory bodies, designated professional bodies or other financial services organisations?

For financial services firms such as banks, insurers and investment companies, there exist extensive and stringent requirements that are outside the scope of regulatory legislation and the powers of regulatory authorities. These requirements are self-imposed and focus on the behavioural aspects of by financial services firms’ conduct.

For example, the Dutch Association of Banks (NVB) works with the Dutch government in implementing self-regulating norms. The compliance with these norms is ensured by internal disciplinary procedures. The majority of the norms are aimed at the individual employees of the relevant bank, but portend to create a culture of self-regulation. In case of serious violations, the findings in disciplinary investigations can be transferred to regulatory authorities.

Other important financial professional bodies are the Dutch Association on Insurers and the Dutch Fund and Asset Management Association (DUFAS).

In addition to professional bodies, providers of financial services may also choose to register and receive accreditation from the Dutch Securities Institute. This organisation works with the regulatory authorities to protect the integrity of the financial markets. It allows consumers to verify that their financial services providers are accredited and subject to more stringent norms than legislation requires. It also subjects financial services providers to disciplinary proceedings.


Investigatory powers

What powers do national financial services authorities have to examine and investigate compliance? What enforcement powers do they have for compliance breaches? How is compliance examined and enforced in practice?

The AFM and DNB have various ways to monitor and investigate financial institutions’ compliance with laws and regulations. Part of the monitoring is done on the basis of public information, for example relating to market conduct (eg, stock prices and financial transactions) and media coverage. In addition, both competent authorities reach out to supervised financial institutions with requests for market data and thematic questionnaires. Finally, the AFM or DNB may open an investigation into certain conduct or an institution.

For this investigation, the Wft contains a general right for the competent authorities to ask information from any person in exercise of their supervisory tasks. However, most of the investigative powers of the AFM and DNB are enshrined in the General Act on Administrative Law (Awb). Under the Awb, the AFM and DNB have a broad scope of investigatory powers, including the power to demand any information, enter and search offices, and search and copy business data and records (including access to digital portals, computers and smartphones).

Financial institutions are expected to cooperate with the competent authorities in investigations, but do not have an obligation to provide self-incriminating statements.

In the investigative phase, issues may come to light that do not warrant disciplinary action but do warrant some form of heightened compliance. In those cases, the competent authorities may issue directives to institutions with clear expectations for change or set ultimatums during which enhanced oversight is required. Financial penalties may be enforced after said time periods have passed.

The onus on investigation for financial institutions is with the competent authorities. The scope of the various powers is oriented towards providing the competent authorities with the requisite tools their role requires. As such, the AFM and DNB have the mandate within any financial services investigation.

Certain violations of financial regulations are also a criminal offence under the Economic Offences Act (WED) or as part of the implementation of EU law (for example, the Market Abuse Regulation (MAR)). For those offences, the public prosecutor also have a mandate to investigate any suspicion of criminal activity.

Disciplinary powers

What are the powers of national financial services authorities to discipline or punish infractions? Which other bodies are responsible for criminal enforcement relating to compliance violations?

Violations of financial regulations can be sanctioned through administrative proceedings (by one of the competent authorities) or, in certain cases, criminal proceedings (by the public prosecutor).

For the administrative proceedings, the Wft contains a regime of administrative fines and penalties to be imposed by the competent authority. These sanctions range from the suspension of services and authorised individuals or the removal of authorisations, to monetary fines up to as much as €5 million or 10 per cent of an institution’s annual (consolidated) revenue. The AFM and DNB customarily publish sanctions as well as the grounds for their decisions.

In criminal proceedings, both legal entities and individuals can be prosecuted for financial crimes. Under the WED, fines of up to €870,000 can be imposed as well as prison sentences of up to eight years for individuals involved. In the most pertinent cases, the public prosecutor can demand the complete shutdown of a company.

A common sanction outside of monetary fines is the repossession or deprivation of economic profits derived from the illicit activity. This will occur either during the settlement phase or if the prosecutor can prove that the firm or individual profited from their acts.

As described under question 9, the AFM and DNB work in tandem with, but separately from, the public prosecutor. The conventions that determine which body is responsible for which particular infraction decree a case-by-case approach to jurisdiction. Double jeopardy generally limits or prevents the possibility for cumulative, concurrent penalties for the same infraction.


What tribunals adjudicate financial services criminal and civil infractions?

In administrative proceedings, any decision by the AFM or DNB to subject a financial institution to a penalty is subject first to a written appeal with the relevant competent authority. After such written appeal is denied, an institution can appeal the decision in administrative court. After the initial administrative courts, the court of final appeal is the Trade and Industry Appeals Tribunal (CBb), which specialises in administrative proceedings for corporate entities. In administrative proceedings, the Tribunal’s decisions are final, unless the substantive law in question is EU law, in which case there is the possibility of referring the matter to the European Court of Justice.

In case of criminal proceedings, there are three levels of appeal. The criminal court adjudicate criminal cases and decide on the admissibility of evidence and their substance when compared to the claim. At the appeals court, said proceedings are repeated as if the previous, lower court proceedings never occurred. Evidence is re-entered and new arguments are allowed. After an appeal, the only remaining option is the Supreme Court. Only if an argument can be made that the appeals court misapplied the substantive issues at hand will the Supreme Court even consider the matter. In this final phase, the facts as substantiated during the appeals phase will be accepted as fact, and no new evidence can be entered. The majority of cases which are put to the Supreme Court will not be handled, but will be dismissed for lack of substantive grounds. As in administrative proceedings, if the substantive law in question is EU law, there is the possibility of referring the matter to the European Court of Justice.

Most civil matters relating to financial services will be handled by the regular Dutch civil courts, including such issues as duty of care, liability, tort, civil fraud and property law. Dutch civil proceedings follow a similar appeals structure to the criminal proceedings described above, with the caveat that anything substantiated in lower courts needs to be challenged upon appeal for the courts to accept it as a matter of contention.

For civil claims, Dutch law also provides for a specific alternative dispute resolution institute for small contentious matters regarding financial services providers. The relevant institute, the Complaints Institute Financial Services (Kifid) is intended to create a level playing field for consumers, without high court costs and legal representation fees. Consumers can enter a claim themselves, and matters are less legalistic than in a normal civil court. The majority of small claims at Kifid are related to duty of care, lack of proper information and similar issues where the power disparity between consumers and financial institutions may apply. Claims are generally very small and are not subject to substantive arguments.


What are typical sanctions imposed against firms and individuals for violations? Are settlements common?

As described above, administrative and criminal sanctions can be severe. Settlements are common to prevent protracted investigations and public court cases. For example, a major Dutch bank came to a settlement with the public prosecutor for an amount of €775 million stemming from anti-money laundering (AML) violations in September 2018. Such high fines or settlements are rare in the Netherlands, but this illustrates the significant power in sanctions of the competent authorities and public prosecutor.

The AFM and DNB have discretionary powers to impose sanctions. Assessments are made on a case-by-case basis and follow sanctions guidelines from the competent authorities themselves as well as case law set by both administrative and criminal courts. Most of the sanctions imposes by the AFM and DNB consist of administrative fines and cease and desist orders.

It is not very common for the directors or authorised individuals to be subject to sanctions for an institution’s non-compliance with financial regulations, especially when a punishment has already been levied on the institution itself.

Compliance programmes

Programme requirements

What requirements exist concerning the nature and content of compliance and supervisory programmes for each type of regulated entity?

For certain types of financial institutions, particularly investment firms, the relevant EU and national legislation contains explicit requirements for the setting up of an independent, permanent and effective compliance function. The compliance function’s tasks include, among other things, monitoring the adequacy and effectiveness of the institution’s policies and procedures, internal reporting to the management body and monitoring of complaints and complaints handling. On the basis of these tasks, the compliance function shall establish a risk-based monitoring programme.

The competent authorities view a compliance function as an essential part of the sound business operations of a financial institution. In published guidance and instructions for licence applications the AFM and DNB also require other financial institutions, such as insurers, payment institutions and banks, to establish an independent and effective compliance function. This guidance customarily also contains indicative tasks for the compliance function (similar to the above mentioned tasks for investment firm’s compliance function) as well as the (optional) obligation to adopt an annual compliance plan.


How important are gatekeepers in the regulatory structure?

An internal audit or control function that can internally and independently assess the effectiveness of a financial institution’s organisation and its internal control mechanisms, procedures and measures, is an essential element of an institution’s sound business operations.

For most financial institutions an internal audit or internal control function is explicitly required in EU and national regulations or in competent authorities’ guidance. Customary tasks of the internal control function include establishing, implementing and maintaining an audit plan (annually), issuing audit recommendations and direct reporting to the institution’s senior management.

Directors' duties and liability

What are the duties of directors, and what standard of care applies to the boards of directors of financial services firms?

Most financial institutions incorporated in the Netherlands will be either a public limited liability company (NV) or a private limited liability company (BV). Dutch corporate law provides for one-tier boards (a board consisting of one single corporate body with executive directors and non-executive directors), however most BVs and NVs have a two-tier board, consisting of a management board and a separate supervisory board.

For Dutch legal entities, management boards generally have the duty to manage and set the strategy of the general course of affairs of the company. Furthermore, the management board represents the company. The supervisory board (or non-executive directors) needs to supervise the management board’s policy as well as the general course of affairs of the company and its business.

Boards of financial institutions have the same tasks and responsibilities under corporate law as boards of other companies. However, boards of financial institutions are also subject to the standards and requirements of the Wft and the competent authorities. For most financial institutions, members of the management board and supervisory board need to be tested for competence and integrity by the competent authorities prior to taking office and may be removed if the authorities have reason to doubt their integrity or ability to manage a financial institution.

When are directors typically held individually accountable for the activities of financial services firms?

Managing directors can be held individually accountable for the activities of their company for different reasons, including mismanagement. Special liability may apply in case of a company’s bankruptcy. In general, supervisory directors can only be held liable for a company’s actions in cases where they are found to have directed actions as de facto managing directors.

Under Dutch corporate law, members of the management board of a company are personally accountable to the company for any damage caused by not fulfilling their obligations with care and attention. This mismanagement exists when there is serious misconduct by the directors, a standard tested by the question whether a reasonable and experienced managing director would have taken the same act.

In case of serious misconduct, all managing directors are jointly accountable for all internal damages. A director can be exonerated by proving that either he or she had no knowledge of the misconduct or that he or she did try everything, reasonable to power, to prevent the misconduct. This can mean that a director who does not agree with decisions may need to step down to avoid liability.

Managing directors may also be held liable by third parties for damages caused during their tenure as director. This external liability is based on the ‘unlawful act’ described under question 17. If a director takes an action that causes damages to third parties, and the damages are a direct result of the director’s actions, the director may be held liable.

Private rights of action

Do private rights of action apply to violations of national financial services authority rules and regulations?

The Wft provides that private law legal acts that are performed in violation of the Wft and the rules promulgated thereby or thereunder, cannot be challenged on that basis (subject to certain exceptions where explicitly provided otherwise). This means that actions of a financial institution that violate most financial regulations cannot be annulled on that basis by third parties, however, of course, the competent authorities may take actions against the violating institution.

In addition, actions in violation of financial regulations can provide added cause for private rights of action such as an unlawful act and a breach of duty. Certain financial institutions, typically banks and retail financial services providers, are deemed to have a special societal role, adding an additional duty of care vis-a-vis customers. Duties of care are also enumerated in the Wft from a regulator’s perspective, but can add additional grounds to a private right of action.

Standard of care for customers

What is the standard of care that applies to each type of financial services firm and authorised person when dealing with retail customers?

As noted previously, certain financial institutions have a special duty of care, especially when dealing with retail clients. Professional clients are generally afforded less protection. Dutch law also distinguishes in the degree of protection depending on the services provided by a financial institution.

A financial firm’s duty of care obligation typically entails client protection measures, such as the provision of sufficient information before entering into an agreement and during the contractual relationship, assess the suitability or appropriateness of a financial service or product for a client, and maintaining well-functioning complaints handling procedures.

Does the standard of care differ based on the sophistication of the customer or counterparty?

Financial services providers are required to tailor their products, advice and services to the level of sophistication of the customer or counterparty. This tailoring is achieved through a process of customer due diligence, client level qualification, and suitability and appropriateness assessments. In general, the three levels of customer (ie, retail, professional, eligible counterparty) are sufficient to specify the sophistication of a customer.

In addition, certain financial institutions are required to take all (new) financial products offered through a product approval and review process, whereby the institution must assess the so-called target market of clients for a product prior to offering it to the market (and regular review thereof).

Rule making

How are rules that affect the financial services industry adopted? Is there a consultation process?

As set out above, the Dutch financial regulations consists of financial laws and secondary decrees and regulations with more detailed rules. In addition, the AFM and DNB issue further rules and guidance (binding and non-binding).

Laws and (governmental) decrees need to be adopted by the parliament as the Dutch legislator. Laws and decrees relating to the financial services industry are customarily subject to a consultation process. In the course of the consultation process, the first draft of the respective act is usually published by the Dutch government (the responsible ministry) for consultation and will often be amended before it is finally adopted by the Dutch parliament.

DNB and AFM usually also initiate a consultation process and publish a draft of the guidance. The guidance may be amended following comments received and result in new a final guidance.

During the consultation process, any person (typically including industry groups, regulatory specialists and market participants) may comment on the envisaged new legislation, regulations or guidance. Consultation plays an important role in the rulemaking of the Dutch legislator and competent authorities, and it is not uncommon for draft provisions to be materially changed as a result of the feedback received.

Cross-border issues

Cross-border regulation

How do national financial services authorities approach cross-border issues?

Apart from certain financial services that are regulated on a national level only (such as the offering of consumer credit or advising on financial products other than financial instruments), most financial regulations are based on European financial services regulations.

This means that for most types of financial institutions, it is possible to operate throughout the European Economic Area (EEA) on the basis of a licence granted in a single EEA state. This is done by way of a so-called passporting system, allowing firms to use the European freedom of establishment and freedom to provide services. On this basis, a financial institution licensed in the Netherlands by the AFM or DNB can send a notification to the competent authority that it intends to provide services in another EEA state on a cross-border basis or by establishing a local branch office. This also works the other way around: financial institutions licensed in other EEA states can provide services in the Netherlands on a cross-border basis or by establishing a Dutch branch office without the need to apply for an additional license in the Netherlands.

For financial institutions established in countries outside the EEA (third-country institutions), a Dutch licence will generally be required for the provision of services in the Netherlands (either cross-border or by way of a branch office), subject to exemption regimes for various financial services for, among other things, third countries with an ‘equivalent’ regulatory system, certain cross-border services provided to professional clients only, and services provided on a reverse solicitation basis.

International standards

What role does international standard setting play in the rules and standards implemented in your jurisdiction?

EU financial regulations have a prominent role in the Dutch financial laws and regulations. As set out above, EU financial legislation in the legislative form of a ‘directive’ need to be implemented in national legislation in the EEA states (usually within a set timeframe). In the Netherlands, this is done following the principles referred to in question 20. EU financial regulations in the legislative form of a ‘regulation’ have direct effect in the Netherlands.

In addition, all guidance published by the European Supervisory Authorities, including interpretations, guidance, opinions and Q&A, is customarily considered by the AFM and DNB. The competent authorities typically amend their guidance notes or approaches in light of updated international standards.

Other international standards published by the Basel Committee on Banking Supervision or the International Organization of Securities Commissions (IOSCO), among others, will impact on the financial regulations in the Netherlands, as those standards are reflected in EU financial regulation.

Update and trends

Key developments of the past year

Are there any other current developments or emerging trends that should be noted?

Key developments of the past year23 Are there any other current developments or emerging trends that should be noted?

A lot of the current focus of the AFM and DNB is on financial and economic crime (AML/CTF), Brexit-related dossiers and sustainable finance.

In addition, the AFM has announced that in 2020 it will continue to focus on the protection of consumers in vulnerable situations. A second item on the AFM’s agenda is the increased supervisory attention for the Dutch capital markets, in view of additional market parties (because of Brexit) and a much larger volume of available transaction data. Other trends identified by the AFM relate to interest-only mortgages, the IBOR transition and digitalisation of retail financial services.

DNB also published its supervisory forecast for 2020. In addition to announcing that it intends to adopt a more data-driven approach and focus on the use of digital technologies in its supervision, DNB confirms that combating financial and economic crime and sustainability remain key topics in 2020.

Law stated date

Correct on

Give the date on which the information above is accurate.