Relaxation of statutory bonus cap: limitations only for identified staff
On 27 January 2026, the Dutch House of Representatives approved the Van Eijk et al. amendment (Parliamentary Papers II 2025/26, 36 711-19, in Dutch), which eases Dutch remuneration rules, including the bonus cap under the Financial Supervision Act (Wet op het financieel toezicht, or “FSA“), for a considerable group of persons working under a financial company’s responsibility. The current scheme still includes a strict limitation on variable remuneration for all persons working under a financial company’s responsibility (Article 1:121 FSA), but the adopted amendment limits the scope to persons whose work fundamentally affect the company’s risk profile (in other words, identified staff).
The proposed changes will take effect in 2027 (after entry into force of the Cash Payment Transactions Act (Wet chartaal betalingsverkeer)). As a result, the bonus cap of up to 20% of variable pay will only apply to identified staff. Employees outside this group will, in principle, no longer be subject to the statutory 20% bonus limitation. However, the overall bonus limitation of 100% will continue to apply to all persons working under a financial company’s responsibility. According to the initiators, the current rules’ wide scope has created practical bottlenecks in attracting and retaining specialised staff, especially in IT and technology positions.
The ‘collective labour agreement (CLA) exception’ will also be amended. Currently, the average ratio between fixed and variable remuneration considers all financial company non-CLA employees in the Netherlands. In the future, this assessment will apply only to non-CLA employees who also qualify as identified staff. Additionally, the scope of various other FSA remuneration rules – including obligations regarding retention premiums, retention periods, annual management reporting on remuneration payments and the requirement to base variable pay on at least 50% non-financial performance criteria – will also be limited to this group.
These changes will more closely align the Dutch remuneration regime with the European approach, with bonus limitations targeting only risk-relevant jobs. However, the Dutch framework will continue to apply to a wider group of institutions than required under EU law, including insurers and other financial service providers.
In practice, financial companies, such as banks and fintechs, will have more scope to pay variable remuneration to employees in non-risk relevant positions. The bill has been adopted by the Dutch House of Representatives and is part of a wider legislation package that is yet to be put to the vote. The Dutch Senate has yet to set out its views.
The AFM has published its agenda for 2026
In its Agenda 2026, the Dutch Authority for the Financial Markets (the “AFM“) focuses on four ongoing issues: digitalisation, internationalisation, sustainability and integrity. In this context, it will monitor aspects including proper communication on the pension transition, responsible data and AI use, consumer protection in the credit market and the strengthening of digital resilience in the financial supply chain. The supervisory authority has determined its overall objectives for 2026 based on key developments and the AFM Strategy 2023-2026. These priorities are grouped into sub-areas: financial services, capital markets, asset management and audit firm quality.
For financial services, the emphasis will be on ensuring clear, timely and balanced communication during the pension transition, supervising ‘choice guidance’ and maintaining a focus on client interests in the use of new technologies, such as AI. The AFM will also focus on consumer protection in evolving credit markets by supervising new regulated parties, such as Buy Now Pay Later (BNPL) providers and credit service providers. The authority will further investigate automated acceptance processes and increased data use in lending. It will also strengthen its supervision of financial service providers and mortgage advice by adopting a more data-driven approach. In that respect, it will (among other things) examine how audit departments monitor the quality of their mortgage advice, extend its survey on the prioritisation of client interests to the 50 largest financial service providers and initiate a compliance investigation into financial service providers that fall under the national regime.
In capital markets, the AFM will focus on digitalisation-related risks by supervising market participants’ digital and operational resilience and their compliance with the Digital Operational Resilience Act (“DORA“). It will also address market abuse by AI-driven sources and other means and non-transparent or uncontrolled trading practices involving self-learning and autonomous AI systems. The AFM will also focus on identifying concentration and supply chain dependencies that could undermine market stability.
Regarding asset management, the supervisor aims to improve asset manager resilience by assessing whether asset managers have taken appropriate control measures in the areas of governance, integrity risks and risk management to ensure sound operational practices and controlled business operations. Other points of attention are asset managers’ digital resilience and their implementation of DORA requirements. The AFM will examine whether outsourcing ICT services leads to increased vulnerabilities, including by assessing asset managers’ IT risk management and implementation of adequate IT processes. Another area of focus will be asset managers’ AI use for portfolio management, risk management and compliance activities. The AFM will investigate how asset managers have organised their model risk management and the extent to which they apply the AFM’s previously published guidance in that respect. It will also monitor the reliability of sustainability information in accordance with the Sustainable Finance Disclosure Regulation (“SFDR“) to prevent greenwashing.
In its supervision of audit firms and reporting, the AFM stresses the importance of having a strong quality control system, enhancing the sector’s self-learning capacity and strengthening auditors’ gatekeeper role in identifying fraud. It will also focus on inspection investigations that give audit firms better insight into their current quality level and compliance with legal requirements.
Regarding AFM-wide topics, the focus for 2026 will be on combating investment fraud, protecting crypto investors, preventing money laundering, ensuring clear sustainability rules and pushing internationally for a risk-driven, data-driven and results-oriented supervisory approach.
DNB – survey into insurers’ AI use
At the end of January, the Dutch Central Bank (“DNB“) published the results of a survey (in Dutch) on insurers’ AI use. The Dutch insurance industry is increasingly using AI. However, DNB notes that the use of high-risk applications remains limited for now and has observed major differences in the extent to which AI applications are used in the Dutch insurance industry. Almost 80% of large and medium-sized insurers had one or more AI applications in use in regular business processes at the beginning of 2025. In contrast, this percentage was only 21% for smaller insurers. AI applications are primarily used in the Dutch insurance sector to increase the efficiency of internal business processes and to improve client satisfaction. A large proportion of these AI applications in use has been developed by the insurers themselves, while approximately 21% of applications are sourced from third parties.
The European Insurance and Occupational Pensions Authority (“EIOPA“) previously published a number of principles for insurers’ AI use. Slightly more than 70% of insurers indicated that they had considered these principles in their AI governance. In the survey, most insurers indicated that they had considered the impact of AI on internal risk management and governance. However, subsequent DNB investigation revealed that the steps taken, the decisions made and the parties involved are not always fully documented. It also showed that insurers do not consistently implement sufficient safeguards to monitor whether their AI applications meet the stated goals and perform as intended once deployed.
DNB expects insurers to implement proper record keeping before using AI applications that may create or increase prudential risks, in order to trace back the choices made in the applications’ development. Once these AI applications are in use, DNB also expects insurers to monitor, at appropriate intervals, whether the applications meet the minimum requirements and the goals set for them.
DNB’s increased focus on AI use in the financial sector is correlated with the partial entry into force (in February and August 2025) of various AI Act provisions. Additionally, the requirements regarding high-risk AI applications and transparency obligations will take effect from August 2026. In the insurance sector, AI applications used for risk assessment and pricing in relation to natural persons in life and health insurance are considered high risk. From August 2026, these systems will therefore be subject to additional requirements concerning documentation, data use, transparency, human oversight, risk management and monitoring, and AI application registration. Consequently, market participants will need to comply with new AI Act rules on high-risk AI applications in 2026. However, DNB observed that the use of high-risk applications is still limited in the insurance industry.
Not surprisingly, EU supervisory authorities have also been focusing their attention on AI in the financial sector. For example, the European Securities and Markets Authority (“ESMA“) investigated asset managers’ operational use of AI in 2025. ESMA concluded that new forms of risk to investor protection and financial stability may arise in the future. At the end of 2025, EIOPA published an opinion on AI governance and risk management addressed to national supervisors. In the opinion, EIOPA clarifies the key principles and requirements in insurance-sector legislation for the use and supervision of AI systems. At the end of 2025, the European Banking Authority (“EBA“) published a document with the AI Act’s implications for the banking and payments sector.
It is important for market participants to meet AI Act requirements and integrate AI use into their risk management, sound operational practices and controlled business operations. This will remain a matter of regulatory attention. For example, DNB will conduct another sector-wide survey in 2026 to gather information about how AI is used in business processes and how effectively risks are managed. Depending on the results, DNB had indicated that it would conduct a further in-depth investigation in the second half of 2026. However, it remains uncertain whether DNB will be designated as the AI Act supervisor.
DNB on AMLA and future integrity reporting adjustments
On 19 December 2025, DNB provided further information on the consequences of the establishment of the EU Anti-Money Laundering Authority (“AMLA“) for annual integrity risk assessment process (“IRAP“) reporting by banks, life insurers and payment service providers. From 2028, AMLA will play a key role in the EU’s supervision of money laundering and terrorist financing risks and will directly supervise institutions that operate in at least six Member States.
From 2026, DNB will include additional questions in the IRAP on cross-border activities to identify the entities that will fall under AMLA’s direct supervision from 2028. DNB will notify AMLA of the institutions that meet the AMLA criteria, after which AMLA will select those to be directly supervised.
From 2027, DNB will calculate institutions’ risk ratings based on the methodology developed by AMLA, as laid down in the Regulatory Technical Standards (“RTS“) for Article 40(2) of the sixth Anti-Money Laundering Directive (“AMLD6“). DNB will continue to be responsible for gathering the IRAP data, but from 2027, the IRAP will include an amended set of data points aligned with Annex 1 of the RTS. Additionally, a number of elements of the current IRAP will be removed.
In practice, institutions must review their data-gathering, governance and reporting processes in good time. Especially institutions with substantial cross-border activities would do well to assess whether their current AML risk frameworks and IT structures align with the future EU supervision model. Accordingly, the years ahead will be marked by further harmonisation and a more data-driven supervisory approach at EU level.
Other financial regulatory publications
Below, we highlight a selection of other publications that are relevant to the financial markets and their supervision.
MiFID II – conflicts of interest
On 2 December 2025, ESMA announced that in 2026, it would launch a Common Supervisory Action (“CSA“) with national competent authorities on compliance with MiFID II conflict-of-interest requirements in the distribution of financial instruments. The CSA will focus on remuneration structures and inducements, digital distribution platforms and the ways firms manage potential conflicts between their own commercial interests and the needs of retail investors. The goal is to enhance consistency in the application of rules and to strengthen investor protection. Firms can expect increased regulatory monitoring of their conflicts-of-interest policies and incentive structures.
DNB sets supervisory focus areas for 2026
On 18 December 2025, DNB announced that in 2026, its supervision of investment firms, fund managers and UCITS (in Dutch) would particularly focus on the timeliness and quality of prudential reporting, geopolitical risks, and the market and operational risks for proprietary trading firms.
DNB indicated that persistent shortcomings in reporting will prompt enforcement measures, referring to the Prudential Reporting Good Practices Guide (in Dutch) and the recently published self-assessment. Geopolitical risks will also be explicitly considered in the Supervisory Review and Evaluation Process (“SREP“) and proprietary traders’ market-risk and capital calculations will be subject to further assessment. DNB emphasised that companies must comply with capital and liquidity requirements at all times and that strict enforcement also serves to limit supervisory costs for the sector.