Section 2b of the Wwft obligates crypto service providers to prepare an integrity risk analysis and keep it up to date. In it, an institution must establish its risks of money laundering and terrorist financing, at a minimum taking into consideration the risk factors relating to its specific types of customers, products, services, transactions and supply channels, as well as countries or geographies. The integrity risk analysis is at the heart of any integrity policy.
Before implementing or revamping controls and procedures, an institution must first thoroughly examine the nature (manifestations and scenarios of financial crime) and the scale of the risks.
This is done in two phases:
Then follows the tailoring of the control framework: fleshing out policies, controls and procedures. The integrity risk analysis forms the basis for selecting adequate risk mitigation controls, also stating the extent to which those controls are effective in mitigating the risks identified. The outcome of the process is net risk – the magnitude of risk that remains if all procedures and controls are effective. The question then is to what extent the remaining net risk is acceptable and matches the firm's risk appetite.
The analysis also encompasses risks identified within the framework of sound and ethical operational management, such as risks inherent in outsourcing certain corporate functions. Institutions must also use their integrity risk analysis to consider whether independent compliance and audit functions are in place, as meant in Section 2d of the Wwft.
At regular intervals, firms must revisit their risks, analysis and controls, and test the effectiveness of those controls. This is because risks are not static. Risks to which a firm is exposed may change as a result of both internal and external factors. Similarly, unplanned events may necessitate an update of the analysis. Accordingly, we will check whether it is up to date as part of our supervision.
Institutions governed by the Wft are subject to a similar obligation to prepare a systematic integrity risk analysis. This is the subject of a good practices document we issued in 2015. (Should there be any discrepancies between the Dutch and the English version of this good practice document, the Dutch version shall prevail)
On 14 July 2023, De Nederlandsche Bank (DNB) imposed an order subject to penalty on Payward International Markets Limited (Payward International), operating under the trade name Kraken.
Read more Order subject to penalty imposed on Payward International Markets Limited for offering crypto services in the Netherlands without registration
Supervisory authority De Nederlandsche Bank (DNB) is submitting a new anti-money laundering approach to financial institutions and other stakeholders as part of a public consultation. In a policy document presented today [...]
Read more DNB submits new anti-money laundering approach to financial sector
DNB has conducted a series of examinations to assess financial institutions’ compliance with sanctions regulations and, more specifically, whether their compliance operations are fit for purpose. We are happy to share the results of these investigations.
Read more Sanctions Act examinations: room for improvement, but sector shows strong commitment to compliance
Did you know that you can track the status of your assessment application in My DNB? As of 11 May 2023 you can see the status of your assessment application in My DNB – Supervisory Applications Service.
Read more New: status of your assessment application with DNB
