What can financial institutions expect when the supervisory authority—AFM or DNB—announces an investigation? This article outlines how such an investigation typically unfolds in practice and the role a compliance officer can play. A second article will follow in November explaining what happens after the investigation has been completed.
Why does the supervisor visit?
The AFM and DNB are tasked with ensuring that financial institutions comply with statutory obligations. Among other things, they do so by conducting investigations. An investigation can have various triggers. Sometimes it forms part of regular supervision: a review to determine whether an institution complies with legal requirements. In other cases, it concerns a thematic investigation, for example into the execution of CDD (customer due diligence) or the implementation of DORA. Signals of potential shortcomings, incidents or reports from the market can also prompt the supervisor to launch an investigation.
For financial institutions, this can be stressful because supervisors do not conduct investigations very often. Laws and regulations are complex, and policies, procedures and files must be in perfect order. Supervisors also expect firms to cooperate fully and transparently. The sense that “everything must be perfect” can put pressure on directors and staff. This is where Projective Group, acting as an external compliance officer, can play an important role: providing oversight and guidance before and during an AFM or DNB investigation.
First steps when an investigation is announced
When the supervisor announces an investigation—usually by means of a written request for information—it is important to involve the compliance officer immediately to clarify a number of points together:
Reason and scope: What is the purpose of the investigation and which theme is central?
Objective of the investigation: Is the AFM or DNB looking into a specific breach, or does the supervisor, for example, want to understand how the market has implemented new regulation?
Required information: Which data and documents must be submitted to the supervisor in advance? Have these documents been redacted for confidential (personal) data where appropriate? Which processes or systems does the supervisor wish to review during the on-site work?
Further preparation: Which additional steps are needed, such as updating internal documents, testing processes, and preparing directors and employees for an interview or meeting with the supervisor?
Timeline and planning: By when must the information request be answered, and when will the on-site investigation take place?
Composition of the core team: Who will be involved internally in the preparation for and during the investigation, and what role will each person have?
Communication and coordination: How will communications with the supervisor be organised, and who will serve as the primary point of contact?
Types of investigation
The type of investigation the supervisor will conduct often determines how extensive and intensive it will be. A distinction can be made between the following types:
Self-assessment or questionnaire: The institution answers questions itself about its level of compliance. This is often used for a market-wide review of particular topics, after which findings are fed back to the market. This is the least intensive type.
Thematic investigation: An investigation into a specific topic, usually carried out at a selection of institutions. This can lead to sector-wide recommendations or policy changes. Depending on the topic and depth, thematic reviews can be intensive.
Compliance investigation: Often triggered by signals, complaints or reports from the market, a targeted investigation at a specific institution into compliance with legislation and regulation.
How does an investigation work in practice?
A supervisor’s investigation broadly consists of three phases: (1) announcement and preparation, (2) execution, and (3) completion and reporting.
The supervisor usually announces an investigation in advance and requests certain documents, such as policies and procedures, risk assessments, client files, or compliance/audit reports. The supervisor will review these documents in preparation for the on-site work. It is important that the financial institution provides this information promptly and in a structured manner. The compliance officer helps set up a core team, which often consists of a management board member, one or two staff members and the compliance officer.
The on-site work usually takes place at the institution’s premises. It may last a day or half a day, and sometimes several days. This is typically explained in the announcement letter. The supervisor often contacts the institution a few days before the visit to provide a verbal outline of how the investigation will proceed.
During the investigation, the supervisor speaks with directors and key function holders, and sometimes also with staff on the work floor. Depending on the subject, access to systems and, for example, client files may be requested. The aim is to gain a complete picture of how the institution has embedded applicable legal obligations and how these are complied with in practice. Often, a verbal debrief by the supervisor follows at the end of the on-site visit.
The supervisor then prepares a minutes-of-meeting report. This is shared with the institution, which can respond if it identifies factual inaccuracies. The supervisor adds this response to the file. In addition, the supervisor drafts an investigation report setting out the established facts, findings and potential areas for improvement. The institution receives the draft report and can respond to factual inaccuracies. The final report follows thereafter, and the supervisor indicates what follow-up steps are expected. Sometimes this leads to enforcement measures such as a supervisory interview to convey expectations (normoverdragend gesprek), a formal instruction, or a fine.
The role of the compliance officer
The compliance officer is an indispensable sparring partner in preparing for—and during—a supervisory investigation. Depending on the organisation’s set-up, this role may be performed by an external or internal compliance officer.
He or she checks whether policies, procedures and client files are in order and identifies any gaps or risks. The compliance officer can also provide training to prepare directors and staff for conversations with the supervisor. In addition to key do’s and don’ts, this training can include practice with possible supervisory questions. This provides calm and confidence.
The compliance officer can attend meetings with the supervisor to, for example, interpret the supervisor’s questions so that directors can give clear and complete answers.
When the supervisor shares its findings, the compliance officer assists with analysing the report, drafting a response, and, where necessary, drawing up an improvement plan. The compliance officer also supports the implementation of measures and monitors that improvement points are actually carried out.
The compliance officer’s added value lies in experience and independence: drawing on knowledge from previous investigations, he or she can manage expectations and propose practical solutions.
Conclusion
A supervisory investigation need not be a cause for concern. It can also be an opportunity to demonstrate that an institution’s operations are in good order. With sound preparation, transparent communication and the right expertise, such an investigation can even help to strengthen trust and optimise processes. The compliance officer plays an essential role as adviser, guide and connective link—turning a potentially stressful moment into a chance to demonstrate that the institution is future-proof.
Support from Projective Group
An AFM or DNB investigation requires structured preparation and careful execution. Projective Group has extensive legal, risk and compliance expertise, including several former supervisors from the AFM and DNB. With this knowledge and experience, we support financial institutions as an external compliance officer—preparing for, guiding and finalising supervisory investigations, and managing communications with supervisors. In doing so, we ensure a legally robust and professional process with compliance and transparency at its core.
We closely monitor developments and keep you informed via our website and monthly newsletter. Would you like to stay up to date? Sign up for our newsletter:
