The Act against Anti-Money Laundering and Terrorist Financing (Wwft) came into force on 27 July 2018 and is the result of the fourth EU Anti-Money Laundering Directive and now the fifth Directive as well, with the sixth to come up. The Wwft imposes integrity requirements on your organization with regard to the organizational structure (risk policy, training, compliance function, etc.) and client investigation (determining UBO, identification, unusual transactions, etc.).

Who is covered by the WWFT?

– Financial institutions (banks, insurers, pension funds, investment institutions, payment institutions, etc.)

– (Junior) Notaries or similar professions

– Tax advisers or similar professions

– Accountants or similar professions

– Administration offices

– Lawyers and legal advisers

– Domicile Service Providers (Regus, etc.)

– Estate agents or Brokers

– Jewelers

– Casinos and lotteries

This list is not exhaustive. If you want to know for sure whether or not you have to comply with the Wwft, please check this in Article 1a Wwft.

Who supervises compliance with the Wwft?

De Nederlandsche Bank  (The Dutch Central Bank)
Autoriteit Financiële Markten (Netherlands Authority for the Financial Markets)
Bureau Financieel Toezicht (Financial Supervision Office)
Belastingdienst   (Tax Authority) 

In a few cases, supervision has been outsourced to a sector organization, such as the Orde van Advocaten (Netherlands Bar Association). It is important to check who you contact for further information about the supervision.

What does a Wwft obligation entail?

 If your organization falls under the scope of the Wwft, there are various obligations that need to be met, of which client research is the most noteworthy. This means that you are required to research certain aspects of your client before providing services to that party (research may not be carried our afterwards). The investigation will take place into the identity of the UBO, possible qualification (ownership structure of the client), origin of the assets, is the client (or the UBO of the client) a politically exposed person (PEP). If it is possible to monitor transactions, this is mandatory (e.g. for administration offices). In addition, the organization must have a risk policy and a training plan. Additionally, an organization is expected to have a procedure manual in which the various processes and procedures are laid down.

What is new in the Wwft?

– Firstly, the concept of  UBO is changing. The most important change is that senior management personnel can also be classified as UBOs (read: statutory directors). This should be the case when no UBO can be determined, i.e. a natural person who owns more than 25% of the customer (if the customer is a company) or can exercise similar influence.

– Secondly, the concept of PEP changes. In addition to the foreign PEP, there is now also the domestic PEP: Dutch politicians, ambassadors, generals, central bank management, and so on.

– The functions in which one qualifies as a PEP have been expanded. See Article 2 of the Wwft Implementation Decree for a full description.

– A new obligation is to have a procedure manual (Article 2c Wwft).

– Financial companies are also obliged to set up an independent and effective compliance function (Section 2d Wwft) to the extent appropriate to the nature and size of the institution. Exactly what this entails differs per supervisor. Ask your compliance advisor how this applies to your situation. Excluded from the obligation of a compliance function are partnerships.

– In addition, a new function is being introduced that is already known in the trust and banking sector: the compliance audit function (Article 2d Wwft). This function independently checks whether the organization follows its procedures, carries out  its client screening in accordance with the Wwft, and whether the compliance function operates independently and effectively. Here too the criteria differ per supervisor.

– Furthermore, the way in which training and awareness in relation to the Wwft is dealt with must be recorded in a verifiable manner. A training plan must also be drawn up for each employee.

– Finally, a Systematic Integrity Risk Analysis (SIRA) must be drawn up and kept up to date, and be available to the supervisor at all times. It is important not to underestimate this. If you are unfamiliar with a SIRA, it is advisable to consult a specialist (or your external compliance officer or auditor).

Reporting unusual transactions

If you come across an unusual transaction, you are required to report it to the Financial Intelligence Unit – Netherlands (“FIU”). You will need an account for this purpose. It is therefore advisable to open an account in advance and not wait until you have to file a report.

You are obliged to report unusual transactions without delay, almost immediately after their discovery. You only have a few days to investigate further. If you wait or do not report timeously, you may be prosecuted. However, if you report in time, you will not only be indemnified against prosecution, but also against (civil) claims from the party you reported to.

What are the costs for all this?

The explanatory memorandum  to the law states that the administrative costs of introducing the Wwft for gambling providers will amount to a one-off amount of € 20,000 for technical adjustments and € 4,320 for drawing up policy and procedures. In addition, there are the ongoing costs of client research and the execution of reports to the FIU. The government assumes absolute bottom prices, so it is advisable to expect that costs could double or triple in amount.

For the other financial companies, the government assumes that the compliance framework is already largely in place. For them the additional costs are calculated with an hourly rate between € 37 and € 54 per hour and between 20 – 200 hours.

The explanatory notes state that the average rate for external compliance officers and compliance auditors is around € 150 per hour. All in all, this means a considerable investment.


Finally, some words of wisdom:

• If you buy cheaply, you pay dearly.

• If you think compliance is expensive, try non-compliance (Paul McNulty, former US Deputy Attorney General)

Frequently asked questions

Does the Wwft apply to me?

This depends on your organization. Various parties are listed under the ‘WWFT’ tab together with a link to Article 1a Wwft.

Should I include all procedures in a procedure manual?

Yes. A procedure manual should ensure unambiguity and clarity in the workplace with regard to how to work in order to prevent integrity risks. In addition, the supervisor, but also the compliance officer and possibly the compliance auditor, can assess whether your organization is operating in accordance with the established rules.

Am I obliged to employ a compliance officer?

You are required to have an independent and effective compliance function, depending on the nature and size of the organization. This may be internally, but could also be outsourced. You can therefore hire an external compliance officer who carries out the work for you on an hourly basis. The amount of time required for this depends on your organization. Please note that the compliance officer only carries out second-line activities.

It follows from the law (and the supervisors’ guidelines) that not every company needs to set up a compliance and/or audit function. However, your organization does have to comply with all (other) requirements of the Wwft. So regardless of whether you appoint a compliance officer, some form of guidance is highly recommended.

What is the meaning of second line and third-line of defense?

In the world of compliance, the so-called “three lines of defense” system is used. The first line is the normal daily work and contact with the client. The second line (the compliance officer) monitors and reports whether and to what extent the established procedures are being complied with. In addition, he/she advises the board on improving policy and procedures. The compliance officer does not perform any first-line tasks, including the preparation of client investigation research files. The third line is formed by the compliance auditor who monitors the compliance officer (is he/she effective and independent?) and the organization. In general, the auditor will also make recommendations about possible improvements in the organization.

Who can I ask to be my auditor?

The compliance auditor checks whether the organization complies with laws and regulations. From this point of view, it is logical to choose a legally trained auditor, the so-called operational auditor. Accountants believe that auditing traditionally belongs to them and that the audit function should be performed by an accountant (financial auditor). However, the question is whether your own accountant can take on the role of compliance auditor, because then the independence is not automatically established. A third party is therefore preferable in any case.

Am I obliged to create a compliance file for all my clients?

In principle you are. There are exceptions (e.g. for lawyers when they assist their client in a lawsuit before, during and after), but in principle a file should to be created for everyone. The law lists the exceptions.

Can my compliance file also be digital?

Yes, that is allowed. In the case of digital files, make sure that it is clearly visible when research has been carried out in a verifiable manner. It would be a shame if you carried out the investigation properly, but it is not clearly visible when, and therefore you receive a fine.

Are there also systems to implement compliance activities?

There are several systems in circulation. It is fair to say that many of them are still being developed, although some may be further than the others.

What is a risk analysis of the institution?

In order to be able to properly estimate which risks exist within an organization, it is necessary to make an inventory of those risks and then analyze them. This is a Systematic Integrity Risk Analysis (SIRA). Depending on your organization, this is either limited or extensive in size. It should, in any case not be underestimated in terms of time and investment, and it is advisable to call in a consultant to at least build the framework. Some advisors may have a standard format that you can purchase. You can also build a good analysis yourself in Excel.

Should I monitor everyone for international sanctions?

No. This obligation only applies to financial institutions, such as banks, payment institutions, trust offices and insurers on the basis of the Sanctions Act 1977. It is, of course, sensible to check whether potential counterparties or countries are sanctioned when you operate internationally. Violation of the Sanctions Act 1977 can lead to unpleasant fines.

Audit Partners

Raymond van Wegberg,
Frans-Willem van der Ven &
Robert-Jan van Aken


Koninginnegracht 15
2514 AB, The Hague