The current Dutch Anti-Money Laundering and Counter-Terrorism Financing Act (Wwft) will be replaced in the coming years by new European AML rules. This so-called EU AML package consists of several legislative instruments, including the AMLR (Regulation), AMLD6 (Directive), and AMLAR (concerning the new European supervisory authority).
Where earlier initiatives, such as Transaction Monitoring Netherlands (TMNL), aimed to share transaction data between banks, have failed, the EU AML package appears to offer more room for collaboration between parties. Especially in the area of data sharing, new possibilities are emerging.
Obliged entities can form partnerships to share information about clients and transactions.
Before joining such a partnership, they must notify the supervisory authority and carry out a Data Protection Impact Assessment (DPIA) to identify and manage privacy risks.
Information sharing is only allowed after explicit approval from the supervisor.
Information may only be shared about clients:
The following types of information may be exchanged:
If an obliged entity receives permission from the Financial Intelligence Unit (FIU), it may also share information about transactions that have been reported as suspicious.
However, each organisation must conduct its own assessment to determine whether a transaction may involve money laundering or other risks.
Decisions must not be based solely on information received from others. Gatekeepers must always perform their own analysis.
Obliged entities may rely on customer due diligence performed by other obliged entities.
However, the responsibility remains entirely with the relying party.
A written agreement must be in place, outlining what information is shared and under what conditions.
At a minimum, the relying entity must receive:
A new feature of the EU AML package is that it will be possible to outsource transaction monitoring, in addition to parts of customer due diligence. The responsibility and liability remain with the outsourcing party. The supervisory authority must be informed in advance, including the reason for outsourcing. Outsourcing must not compromise supervision.
The obliged entity itself must always perform the following tasks and decisions:
Outsourcing to service providers in non-EU countries is not allowed, except within a group under specific conditions.
As of 10 July 2024, the AMLR and AMLD6 have entered into force. Both will apply largely from 1 July 2027. The implementation of AMLD6 in the Netherlands will be carried out through the Implementation Act for the Prevention of Money Laundering and Terrorist Financing, which is currently undergoing public consultation.
The regulation establishing the European AML/CFT Authority (AMLAR) has been largely applicable since 1 July 2025. The AMLA, the new European supervisory authority, will play a central role in developing guidelines and technical standards for implementing the AMLR and AMLD6.
In the coming period, we will continue to closely monitor the developments and keep you informed via our website and our monthly newsletter. You can sign up for our newsletter here:
