Licensing, supervision and enforcement
We supervise financial institutions that are governed by Dutch supervisory legislation, including the Financial Supervision Act (Wet op het financieel toezicht – Wft), the Act on the Supervision of Trust Offices (Wet toezicht trustkantoren – Wtt) and the Pensions Act (Pensioenwet – PW). Our supervisory tasks include issuing licences, conducting fit and proper assessments and keeping records of registrations and notifications. For this purpose, we record data about supervised institutions. We also keep records to monitor the collection of fines, penalties and fees. In legal proceedings, we compile and manage case files.
Supervision
We collect data from and about supervised institutions to be able to perform our supervisory tasks. We process personal data to carry out risk-oriented supervision under the Financial Supervision Act (Wet financieel toezicht − Wft), the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financiering van terrorisme – Wwft) (Regulation 2006/1781/EC), and the Sanctions Act (Sanctiewet 1977 – Sw). To this end we may demand that supervised institutions submit data. We record all data that are relevant for our supervision in supervisory files. Large data sets can be searched using eDiscovery.
Personal data categories
- Names and details of contacts at supervised institutions and reports of interviews with them
- Data on the fitness and propriety of directors and policymakers, including any criminal-law antecedents
- Personal data of officers having access to inside information
- Customer data of supervised institutions, including economic and financial data (e.g. mortgage, transaction or balance data)
- Personal data in the incidents database
- Personal data included in research data
- Digital data such as email inboxes and chats
- Public data from the Internet (OSINT)
Legal basis
This personal data processing is necessary to carry out a task in the public interest as a supervisory authority (Article 6(1)(e) of the GDPR).
Your personal data and third parties
Your personal data may be provided to third parties for the purposes of supervision, protection of the integrity of the financial sector, and required consultations − for example in the event of prosecution − with other authorities (including supervisory authorities), such as the Netherlands Authority for the Financial Markets (AFM), the relevant authorities of the Financial Expertise Centre (FEC), the Info Desk for Criminal and Unexplainable Assets (infobox Crimineel en Onverklaarbaar Vermogen − iCOV), supervisory authorities in other Member States, supervisory authorities of countries that are not Member States, the European Commission, the European Supervisory Authorities, the European Central Bank in its capacity as supervisory authority, the Resolution Board, the Joint Committee of the European Supervisory Authorities and the European Systemic Risk Board.
Our collaborations with the AFM and as part of the FEC and iCOV are laid down in agreements. See Dutch Government Gazette,10 July 2007, no. 130 (AFM); Dutch Government Gazette, 7 February 2014, no. 2351 (FEC), and Dutch Government Gazette, 1 March 2019, no. 11305 (iCOV). Privacy statements have been posted on the FEC and iCOV websites.
Record keeping
We keep records on the collection of accounts receivable, fines, penalties and fees, to monitor that these sums are effectively paid. These records include contact details of supervised institutions.
Personal data categories
Personal data necessary for handling objections and conducting legal proceedings, including names and contact details.
Legal basis
This personal data processing is necessary to carry out a task in the public interest as a supervisory authority (Article 6(1)(e) of the GDPR).
Your personal data and third parties
In the event of a relevant exception to supervisory confidentiality, personal data may be shared with participants within a cooperative venture for the purpose of strengthening the integrity of the financial sector.
Enforcement
For supervisory purposes we collect data for our examinations. We may demand evidence from complainants. Data can be collected from the potential offender, but also from third parties that have relevant information, through the exercise of supervisory powers. We record all data that are relevant for our supervision in supervisory files, which we manage.
Personal data categories
- Name, contact details and any financial details of the complainant
- Personal data in the complainant’s evidence
- Name and contact details of the offender’s contact person
- Personal data obtained from third parties (following the exercise of supervisory powers)
Legal basis
This personal data processing is necessary to carry out a task in the public interest as a supervisory authority (Article 6(1)(e) of the GDPR).
Your personal data and third parties
Your personal data will not be shared with third parties, unless that is necessary for the proper performance of the supervisory examination and provided that there is no obligation of confidentiality (e.g. Section 1:89 of the Wft).
DNB uses cookies
We use cookies to optimise the user-friendliness of our website.
Read more about the cookies we use and the data they collect in our cookie notice.