News Update Financial Regulatory
2 January 2023
In this News Update we discuss a number of changes to the Further Regulations on the Supervision of the Conduct of Financial Undertakings (Financial Supervision Act); the EBA Guidelines on the use of remote customer onboarding solutions; and the new DNB policy interpretation of specific CRD and CRR options and discretions.
Changes to the Further Regulations on the Supervision of the Conduct of Financial Under-takings (Financial Supervision Act)
Forthcoming legislative changes will lead to amendment (in Dutch) of the Further Regulations on the Supervision of the Conduct of Financial Undertakings (Financial Supervision Act) (Nadere regeling gedragstoezicht financiële ondernemingen Wft, "Nrgfo"). The changes mainly concern the introduction of a comparison chart and of a Key Information Document, and rules on asset seg-regation for investment firms.
The legislature is expected to introduce a comparison chart for financial service providers on 1 April 2023, with a six-month transition period. This chart will replace the existing service provision document currently used by financial service providers to provide information to their customers/clients. The chart's introduction is accompanied by an obligation for financial service provid-ers to inform potential clients whether they advise on an independent or a dependent basis. The Nrgfo will be amended accordingly later in 2023.
Also, as of 1 January 2023, investment funds and undertakings for collective investment in transferable securities (UCITS) and their managers are required to draw up a Key Information Document if they offer unit-holders' rights to retail investors. This Key Information Document will replace the Key Investment Information Document.
A segregated asset account was recently introduced in the Financial Supervision Act (Wet op het financieel toezicht) as a new option for investment firms to protect clients' money. An investment firm which uses such an account requires no prior approval to do so from the Dutch Authority for the Financial Markets (AFM). The Nrgfo will be amended in this respect in January 2023.
EBA Guidelines on the use of Remote Customer Onboarding Solutions
On 22 November 2022 the European Banking Authority (EBA) published its long-awaited guide-lines on remote customer onboarding solutions. Customer onboarding refers to the processes and arrangements used by financial enterprises in order properly assess their new customers, document new contractual relationships, and lay down relevant customer information in their relevant systems and databases.
This guidance is relevant for all EU financial institutions that fall under the scope of EU anti-money laundering legislation, including all Dutch institutions having to comply with the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme). National regulatory authorities, including AFM and De Nederland-sche Bank (DNB) need to inform the EBA whether they comply with these guidelines within two months after publication.
The EBA notes that there has been a significant increase in demand for remote onboarding from financial institutions and their customers. This trend was exacerbated by restrictions on move-ment in the context of the COVID-19 pandemic, which highlighted the importance of institutions having at their disposal reliable and effective means to meet their customer due diligence (CDD) obligations in this context.
One of the European Commission’s priorities, within the framework of its "Digital Finance Strat-egy", is to address the fragmentation in the Digital Single Market for financial services. To this end, the Commission asked the EBA to issue guidelines on the application of anti-money laun-dering and countering the financing of terrorism rules where customers are onboarded remotely. The EBA confirms in the Guidelines that what credit and financial institutions do to comply dif-fers across Member States. It notes that regulatory divergence is an obstacle to innovation and the cross-border provision of financial services and can also create gaps and expose the Un-ion’s single market to financial crime. For this reason, the Guidelines set common EU standards on the development and implementation of sound, risk-sensitive initial CDD processes in the remote customer onboarding context.
The Guidelines cover 6 key topics relating to remote customer onboarding:
- Policies and procedures: The Guidelines specify minimum requirements on risk-sensitive internal policies and procedures, specifying the bandwidth in which remote onboarding can be applied and the governance requirements relating thereto, impos-ing a mandatory pre-implementation assessment aimed at identifying and mitigating risks relating to remote customer onboarding tools, and finally specifying ongoing monitoring measures that need to be in place.
- Acquisition of identity Information: The Guidelines set out requirements on the quality, accuracy and appropriateness of identity information obtained electronically, as well as requirements on record keeping and safeguarding the integrity of digital identity information obtained.
- Assessing document authenticity & integrity as part of the process: The Guide-lines specify how institutions need to ascertain the reliability of identity information received, such as photos of identity documents. Such steps could include verifying the integrity of information embedded in the machine readable zone of a passport or obtaining information through near-field communication technology that allows in-formation to be read through the chip embedded in new EU passports or identity cards.
- Matching/reconciling persons with documentation/information provided: Remote onboarding should at least ensure that there is a match between visible information of the natural person and the identity documentation provided. Additional require-ments apply for legal entities. Biometric data used should be sufficiently unique. Ev-idence of insufficient quality should result in termination of the process and redirec-tion to a face-to-face verification process. Unattended remote onboarding process-es need to contain a liveness check and controls to ensure that photos or videos used were captured as part of those processes, and not pre-recorded.
- Reliance on third parties and outsourcing: The Guidelines specify the aspects in-stitutions need to take into account and verify when relying on remote CDD per-formed by other financial institutions or when outsourcing their own remote CDD processes to third parties.
- ICT and security risk management: Institutions should identify and manage ICT and security risks related to the remote onboarding process, including (intra-group and other) outsourcing thereof and reliance on third parties. This includes using secure, i.e. encrypted, communication channels.
- The Systemic Risk Buffer, aimed at preventing or mitigating macroprudential or sys-temic risks within the meaning of Article 133 CRR;
- The recognition by DNB of foreign macroprudential measures based on Article 458 CRR.
- Exemptions to the "Large Exposures" regime of Article 395(1) CRR for specific ex-posures.
- The determination of a stock market index as a material stock market index of a Member State or a third country.
- Relevant factors for the stable funding of off-balance sheet exposures.
- Further explanation on the application of NHG management criteria in the event of dis-charge from joint and several liability (only in Dutch);
- Adoption of the amended risk methodology of the Dutch Deposit Guarantee (Regeling tot wijziging van de Regeling risicoindicatoren bijdragen depositogarantiestelsel Wft in ver-band met aanpassing van de berekeningswijze van de risicoscores en bepaling van de ri-sicocategorieën voor banken ten behoeve van het depositogarantiestesel, only in Dutch) – enters into force on 31 December 2022;
- Results of the consultation on Q&A Retention fees (feedbackstatement consultatie Q&A Retentievergoedingen, only in Dutch);
- Results of the consultation on DNB's policy regarding options and discretions banks (feedbackstatement consultatie O&D's, only in Dutch).
- Joint advice in response to the European Commission’s October 2021 call for advice on the review of the securitisation prudential framework.
- Publication of enhanced rules for private financial transactions of high-level officials (European Central Bank, Code of Conduct for high-level ECB officials 2022/C478/03);
- Thematic review on the transparency and level of fees and charges for retail banking products in the EU;
- Consultation paper on draft Guidelines on overall recovery capacity in recovery plan-ning;
- Publication of Final report on draft Implementing Technical Standards specifying the re-quirements for information that credit institutions selling NPL are to provide to prospec-tive buyers;
- Final draft Regulatory Technical Standards on the identification of a group of connected clients under the CRR.
- Discussion paper on the prudential treatment of sustainability risks
- application of the AIFMD, on the DLT Pilot Regime, on European crowdfunding service providers for business Regulation and on MiFID II and MiFIR market structures;
- Peer review into the National Competent Authorities' handling of relocation to the EU in the context of the UK's withdrawal from the EU;
- MiFID II Supervisory briefing. Supervision of cross-border activities of investment firms;
- Public statement to promote coordinated action by National Competent Authorities un-der MiFID II;
- Final report including Guidelines on standard templates, forms, and formats to apply for permission to operate a DLT market infrastructure;
- Positive opinion on amended RTS 1 and 2;
- Guidelines for reporting under EMIR.
- Revised Memorandum of Understanding between the Single Resolution Board and the European Central Bank in respect of cooperation and information exchange.
- Publication of frequently asked questions on climate-related financial risks;
- Third evaluation report along with a technical annex evaluating the impact and efficacy of the Basel III reforms;
- Publication on the prudential treatment of cryptoasset exposures.
New DNB policy interpretation of specific CRD and CRR options and discretions, amending the 2019 DNB policy interpretation
On 8 December 2022, DNB published amendments (only in Dutch) to its 2019 policy interpreta-tion of specific provisions from the EU Capital Requirements Directive (CRD) and the EU Capital Requirements Regulation (CRR). These legislative packages set out in great detail the prudential framework applicable to EU banks, and contain several Member State options and discretions.
This policy specifies how DNB addresses certain of these Member State options/discretions set out in CRD and CRR. DNB organised a consultation on its draft amendments during the summer of 2022. The update was prompted by the various amendments to CRD and CRR which have occurred in the last couple of years, resulting in CRD V and CRR II and the entry into force of the Liquidity Coverage Ratio Delegated Regulation (Delegated Regulation (EU) 2015/61), giving rise to new options and discretions.
Options and discretions addressed by this new policy include:
In addition, the policy contains an Annex specifying detailed guidance for the recognition of exemptions to the limits for Large Exposures as set out in Article 400(2) CRR.
Other financial regulatory publications
We have highlighted a selection of other publications by legislatures and regulators for the fi-nancial markets and financial supervision since our December 2022 News Update.
European Supervisory Authorities – ESA
European Insurance and Occupational Pensions Authority
European Securities and Markets Authority
Single Resolution Board
Basel Committee on Banking Supervision
If you have any financial regulatory questions, please do not hesitate to contact Berry van Wijk, Juan Vervuurt, Gijs Hamelijnck and Lisanne Haarman. For questions related to Investment Management, you can also contact our colleagues Oscar van Angeren and Marthe Bollen.