Snapshot: the regulatory framework for financial services compliance in Netherlands

Regulatory framework

What national authorities regulate the provision of financial products and services?

In the Netherlands, the supervision of the provision of financial services and products is divided between two competent authorities: the Netherlands Authority for the Financial Markets (AFM) and the Dutch Central Bank (DNB). This division follows a ‘twin peaks’ model, meaning that general regulation and supervision of the financial markets is jointly executed: the AFM is tasked with the regulation and supervision of market conduct, and the DNB with the regulation and supervision of prudential matters.

The first ‘peak’, the market conduct component supervised by the AFM, relates to fair and orderly financial market processes, prudent relationships between market parties, and protections and conduct concerning clients.

The second ‘peak’, the prudential component supervised by the DNB, relates to the solidity of financial undertakings and the integrity and stability of the financial markets, including the financial health of financial institutions and the (managed) resolution of certain financial undertakings.

Additionally, certain areas of banking regulation fall within the scope of the Single Supervisory Mechanism, with regulation and supervision exercised by the European Central Bank (ECB), in many areas in cooperation with the DNB in a system of Joint Supervisory Teams.

Finally, the Dutch Authority for Consumers and Markets has a limited role in relation to certain market access and consumer protection topics.

What activities does each national financial services authority regulate?

The AFM and DNB are jointly tasked with regulating all financial services, but from two differing functional angles (market conduct and prudential conduct, respectively).

Additionally, each competent authority is tasked with licensing and regulating specific financial institutions. The AFM is tasked with the regulation of, among other things, investment companies, asset managers, trade platforms and collective investment schemes. The DNB is tasked with the regulation of, among other things, banks, insurers, pension funds, payment institutions and electronic money institutions.

As a result, while both competent authorities will oversee the integrity of the financial markets under their own purviews, each authority’s emphasis is on differing financial services. In practice, this means that a substantial part of (sizable) financial institutions need to deal with both the AFM and DNB in relation to their businesses.

What products does each national financial services authority regulate?

Generally, the supervision of financial markets in the Netherlands does not follow a product-specific approach. Rather, the AFM’s or DNB’s competence relates to the type of service provided, meaning that the competent authority for the specific financial service also regulates the products covered by the specific service.

What is the registration or authorisation regime applicable to financial services firms and authorised individuals associated with those firms? When is registration or authorisation necessary, and how is it effected?

A licence is required for the majority of financial services provided to customers in the Netherlands. Most licensing requirements are based on (or implement) the relevant provisions of EU financial regulations (in particular, the Capital Requirements Directive, the Markets in Financial Instruments Directive, the Payment Services Directive, the Solvency II Directive and the Alternative Investment Fund Managers Directive (AIFMD), to name the most prominent ones). In addition, there are certain specific financial services that require a licence in the Netherlands (with national scope). For example, offering consumer credit and the offering of, or advising on, certain types of financial products (not being financial instruments) generally requires a specific type of licence under Dutch law.

The requirements for licensing and the scope of said authorisation differs from service to service. A licence for a financial service regulated at the European level (and implemented in the Netherlands) generally has a European scope based on a so-called European passport. A licence for a specific financial service only regulated at a national level will also have a scope limited to the Netherlands market.

Finally, certain financial institutions need to apply for a licence with the AFM and others with the DNB. The following is a non-exhaustive summation of the main financial services for which an authorisation is required, together with the licensing authority:

• banking services – DNB and ECB;
• (re)insurance services – DNB;
• payment services – DNB;
• electronic money institution services – DNB;
• clearing services – DNB;
• cryptocurrency exchange and custody services (based on anti-money laundering requirements, until the Markets in Cryptoassets Regulation (MiCAR) comes into force) – DNB;
• cryptocurrency exchange and custody services, issuance (after MiCAR comes into force) – AFM
• investment services – AFM;
• alternative investment fund or undertakings for the collective investment in transferable securities investment fund management – AFM; and
• services as financial service providers – AFM.

A licence will be required as soon as a person or entity offers a type of financial service in the Netherlands, which customarily means to Dutch-resident clients and in some cases also from an entity established in the Netherlands.

In this respect, the competent Dutch authorities constantly monitor relevant activities and will prevent (or sanction) service providers that do not hold the required licence from engaging in licensable activities. Depending on the type of financial institution or service, differing authorisation regimes apply. As a rule, for a licence application the competent authority will test, among other things:

• the financial service or products to be offered (business plan);
• the applying institution’s internal governance, infrastructure and policy framework (sound business operations);
• integrity and prevention of conflicts of interest (ethical business operations);
• transparent ownership structure, competency and reliability (fit and properness) of the institution’s senior management; and
• certain financial health requirements, such as minimum capital, solvability and liquidity.

Once a request for authorisation has been submitted, the competent authority will determine if the submission is complete and meets the regulatory requirements. The competent authority will only assess the actual substance of the submission once the competent authority is satisfied that the submission is complete. By law, the competent authorities are obligated to respond to most licence applications before a deadline of 13 weeks, which can be extended by a maximum of eight weeks. However, as the competent authorities use a stop-the-clock mechanism for questions or requests for further information, in practice the authorisation process often takes longer.

What statute or other legal basis is the source of each regulatory authority’s jurisdiction?

Both the AFM and DNB are independent public bodies, with national mandates for the supervision of financial services. The financial supervision tasks and duties of the AFM and DNB are granted in the Financial Supervision Act (Wft).

As independent public bodies, the AFM and DNB are also subject to the general rules of administrative law in the Netherlands.

In addition to its tasks under the Wft, the DNB also has certain non-supervisory tasks relating to the central bank's function, monetary policy and responsibility for the Dutch payment system.

What principal laws and financial service authority rules apply to the activities of financial services firms and their associated persons?

The main body of law for financial regulation in the Netherlands is the Wft. The Wft is a substantial statutory instrument, consisting of more than 1,200 articles and containing all general provisions for the regulation of financial services and institutions. Further, the Wft is a framework law referring to a variety of more detailed requirements in lower, secondary decrees and regulations.

In addition to the Wft, the varying EU financial directives, regulations and related guidance are also a source of regulatory legislation in the Netherlands. Most EU financial directives have been implemented in the Wft and the decrees and regulations promulgated thereunder. The provisions of EU financial regulations all have direct effect in the Netherlands, so there is no need for implementing measures.

Finally, there are certain financial laws with a more limited scope, such as the Giro Securities Act, the Pension Act, the Act on the Supervision of Trust Offices 2018, and the Anti-Money Laundering and Anti-Terrorist Financing Act.

What are the main areas of regulation for each type of regulated financial services provider and product?

In general, the Wft will provide extensive areas of regulation for all regulated financial services providers. The common goal of regulation is to protect the integrity of the financial markets. Depending on the impact a financial institution or product can have on the financial markets or the benefit for consumers, the areas of regulation may be broadened and specified. For example, the prudential regulations (such as capital and liquidity requirements) for banks, insurers and pension funds are more exacting than for investment companies or payment service providers.

With regard to the ongoing supervision of licensed entities, financial institutions are under a statutory obligation to constantly monitor and self-assess their compliance with the regulatory requirements and licence requirements. The relevant laws and regulations contain a system of reporting obligations that generally require regulated entities to notify the competent authorities of potential and actual non-compliance. For example, a Dutch bank is under a statutory obligation to report certain financial ratios (eg, solvency and liquidity) to the DNB on a regular basis but would also be required to make ad hoc notifications in the case of a material shortfall.

Finally, the obligation to comply with regulatory requirements also covers an institution’s compliance with organisational requirements and market conduct rules.

What additional requirements apply to financial services firms and authorised persons, such as those imposed by self-regulatory bodies, designated professional bodies or other financial services organisations?

For financial services firms such as banks, insurers and investment companies, there exist extensive and stringent requirements that are outside the scope of regulatory legislation and the powers of regulatory authorities. These requirements are self-imposed and focus on the behavioural aspects of financial services firms’ conduct.

For example, the Dutch Association of Banks works with the Dutch government on implementing self-regulating norms. Compliance with these norms is ensured by internal disciplinary procedures. The majority of the norms are aimed at the individual employees of the relevant bank, but portend to create a culture of self-regulation. In the case of serious violations, the findings in disciplinary investigations can be transferred to the regulatory authorities.

Other important financial professional bodies are the Dutch Association of Insurers, and the Dutch Fund and Asset Management Association.

In addition to professional bodies, providers of financial services may also choose to register and receive accreditation from the Dutch Securities Institute. This organisation works with the regulatory authorities to protect the integrity of the financial markets. It allows consumers to verify that their financial services providers are accredited and subject to more stringent norms than legislation requires. It also subjects financial services providers to disciplinary proceedings.