We supervise financial institutions that are governed by Dutch supervisory legislation, including the Financial Supervision Act (Wet op het financieel toezicht – Wft), the Act on the Supervision of Trust Offices (Wet toezicht trustkantoren – Wtt) and the Pensions Act (Pensioenwet – PW). Our supervisory tasks include issuing licences, conducting fit and proper assessments and keeping records of registrations and notifications. For this purpose, we document information about supervised institutions. We also keep records to monitor the collection of fines, penalties and fees. In legal proceedings, we compile and manage case files.
Supervision and oversight
We collect information from and about supervised institutions to be able to perform our supervisory tasks, demanding them to submit information if necessary. We record all information that is relevant for our supervision in individual supervisory files and we manage these files.
A supervisory file may in any event contain the personal data and categories of personal data listed below:
- the names and details of contacts at supervised institutions and reports of interviews with them
- data on the fitness and propriety of directors and policymakers
- personal data of officers having access to inside information
- customer data of supervised institutions, including economic and financial information (e.g. mortgage data or balance details)
- personal data in the incidents database
- personal data included in research data
This personal data processing is necessary for compliance with a legal obligation to which we are subject (under Article 6(1)(c) of the GDPR) or for the performance of a taks carried out in the public interest as a supervisory authority (under Article 6(1)(e) of the GDPR). The majority of the personal data we process are submitted by the supervised institutions themselves.
Combatting money laundering and financing of terrorism
DNB processes personal data in the execution of risk-oriented supervision on financial service providers in the context of the Anti-money laundering regulation and sanction-legislation.
We keep records on the collection of amounts receivable, fines, cease and desist orders and fees, to monitor that these sums are effectively paid. These records include contact details of supervised institutions.
This personal data processing is necessary for the performance of a task carried out in the public interest, as a supervisory authority (under Article 6(1)(e) of the GDPR).
In handling objections and conducting legal proceedings, we compile case files. Case files may contain personal data of natural persons affiliated with the parties involved, e.g. names and contact details. We collect these data from the relevant parties or retrieve them from the relevant supervisory file, or both.
This personal data processing is necessary for the performance of a task carried out in the public interest as a supervisory authority under Article 6(1)(e) of the GDPR.
Processing of reports under
When an individual wishes to report an integrity issue which he or she finds it difficult to address with the organization itself, then it is possible to report this to DNB through firstname.lastname@example.org. The notification may contain personal data and personal data may also be processed in the investigation following the notification. This from DNB’s role as supervisory authority (GDPR Article 6e).