Meeting the requirements of the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wwft) and the Trust Office Supervision Act (WTT) remains a major challenge for many organizations, demanding significant time and resources. Despite these efforts, mistakes are still common. In 2024, the Dutch Central Bank (DNB) issued substantial fines (e.g., Paninvest, Intertrust) or announced pending fines (e.g., Volksbank) for insufficient customer due diligence (CDD). So why do these issues persist, even after years of tightened supervision, detailed guidelines, and penalties?
The consultants at Projective Group have extensive expertise in customer due diligence and related services: conducting CDD investigations, drafting policies, reviewing files for various financial institutions, and executing or validating remediation projects.
In this article, we share our insights into the common pitfalls and, more importantly, what organizations subject to the Wwft—whether asset managers or law firms—can do to ensure their CDD practices are in order.
From our experience, the main challenges boil down to three key areas:
This order is intentional. Without a robust, regularly updated risk analysis and clear policies, properly conducting individual customer investigations is almost impossible.
Risk analysis (whether standalone or as part of the SIRA) provides the foundation for how organizations subject to the Wwft or WTT manage and mitigate money laundering and terrorism financing risks. These include customer risks, sector-specific risks, geographical risks, and distribution-related risks. The clearer the risks are defined for the organization, the easier it is to implement tailored mitigating measures. For instance, online distribution channels present different risks compared to face-to-face interactions, and mitigating measures must reflect these differences.
Practical example A financial institution identified commercial real estate as a high-risk factor. While reasonable, their policy lacked clarity. This led to any client involved in commercial real estate automatically being labeled high-risk. |
By revising the policy, we provided a more nuanced definition of commercial real estate risk, differentiating between various scenarios.
Anti-money laundering policies should align with the organization’s risk analysis, the Wwft, WTT, and guidance from regulators like the AFM and DNB. These regulations are updated periodically, impacting CDD requirements. In practice, many organizations struggle to keep their policies current, making compliance a challenge. Outdated policies often lead to ineffective CDD practices.
Practical example We often encounter organizations with policies that fail to reflect the latest regulations. For instance, a trust office overlooked the July 2022 ban on services to clients based in Russia or Belarus, resulting in significant compliance risks. |
Besides avoiding issues with regulators, a well-executed risk analysis and corresponding policies have other advantages. A focused risk analysis prevents unnecessary measures and excessive client questioning, reducing operational burden without sacrificing compliance.
CDD files must demonstrate compliance with laws and regulations. Regulatory investigations typically begin with a file review. Even with a solid risk analysis and clear policies, issues often arise in execution—whether in investigating risks, selecting standard versus enhanced CDD, or documenting findings.
CDD files must be comprehensive and allow independent reconstruction of the client’s risk classification. Conclusions should be substantiated. For example, instead of “the declared source of wealth is plausible,” it should state: “The declared source of wealth is plausible based on the sale of their business in 2023 for x million, etc.”
Supervisors often deem such files ineffective if they lack proper documentation, regardless of the quality of the underlying investigation. Non-demonstrable often equates to non-compliant.
Even with strong policies, skilled analysts, and the right expertise, compliance issues can arise without proper process support. For large-scale CDD reviews or onboarding projects, using Excel to track requests, outstanding information, or risk measures quickly becomes unmanageable under tight deadlines. A robust workflow system is essential for supporting the process and providing real-time management insights.
Similarly, relying on local folders and Excel files for documentation can cause chaos, especially with a large client base. Responding to a DNB file request often becomes a project in itself.
Practical example During a remediation project at a real estate bank, CDD reviews were recorded in Excel files linked to another Excel file for reporting. As the project grew, the reporting file frequently crashed, causing delays and reporting issues. Solution Together with the client’s IT team, we implemented a CDD workflow system based on Microsoft Dynamics. Existing Excel files were migrated to this stable environment, dramatically improving reporting and project management. |
Achieving compliance with the Wwft and WTT is an ongoing challenge that requires a solid foundation in risk analysis, clear policies, flawless execution, and robust process support. By addressing common pitfalls and aligning your CDD practices with regulatory requirements, your organization can not only avoid fines but also enhance operational efficiency and build trust with stakeholders.
Want to learn more about how to optimize your compliance processes? Visit our KYC as a Service page for detailed insights, or contact us directly to discuss how we can support your organization in achieving compliance excellence.