Notification of an intention to implement a change
Section 23e(1) of the Anti-Money Laundering and Anti-Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft) requires crypto services providers to notify DNB of an intention to implement a change regarding:
- the identity of the crypto service provider's policymakers or co-policymakers
- the identity of those with a direct or indirect qualifying holding in the provider;
- the identity of the provider's ultimate beneficial owner (UBO).
Crypto service providers must notify us of an intention to implement a change for each entity directly or indirectly affected by the change.
Pursuant to Section 23e(3) of the Wwft, crypto service providers must obtain DNB’s approval before these changes can be implemented. We wish to stress that new policymakers who have not yet been assessed may not represent the company or take any formal decisions.
Notification of changes to operational management or control structure
Some specific operational management changes must be notified to DNB immediately and in writing pursuant to Section 23e(3) of the Wwft. These changes do not require our prior approval. They are:
- changes to the formal and actual control structure of the group to which the crypto service provider belongs. These are changes within the group that (in)directly affect the supervised entity.
- changes regarding the antecedents of the crypto service provider's policymakers or co-policymakers
- changes regarding the antecedents of holders of a qualifying holding in the crypto service provider as well as changes to the size of such holdings
- the antecedents of the provider's ultimate beneficial owner
- changes to the crypto service provider's formal and actual control structure or operational management
- changes to the size of a qualifying holding in the crypto service provider.
We have observed that crypto service providers typically neglect to notify us of changes in their operational management, or fail to do so in time. We wish to stress that this is a statutory requirement and that failure to notify us hampers our supervision. Especially relevant in this regard are changes in the services offered that affect the company's risk profile, such as enabling transactions to external wallets not managed by the provider, offering exchange or custody services of (semi-)privacy coins, and offering cryptocards or crypto currency payment services.
Institutions that are also licensed by DNB or the AFM for other types of services must be alert, since operational management or control structure changes may be subject to notification requirements from both supervisory authorities.
You can notify us of such changes at crypto@dnb.nl.