Recent publications on Financial Supervision Act, EBA Guidelines and CRD & CRR

Changes to the Further Regulations on the Supervision of the Conduct of Financial Undertakings (Financial Supervision Act)

Forthcoming legislative changes will lead to amendment (in Dutch) of the Further Regulations on the Supervision of the Conduct of Financial Undertakings (Financial Supervision Act) (Nadere regeling gedragstoezicht financiële ondernemingen Wft, “Nrgfo”). The changes mainly concern the introduction of a comparison chart and of a Key Information Document, and rules on asset segregation for investment firms.

The legislature is expected to introduce a comparison chart for financial service providers on 1 April 2023, with a six-month transition period. This chart will replace the existing service provision document currently used by financial service providers to provide information to their customers/clients. The chart’s introduction is accompanied by an obligation for financial service providers to inform potential clients whether they advise on an independent or a dependent basis. The Nrgfo will be amended accordingly later in 2023.

Also, as of 1 January 2023, investment funds and undertakings for collective investment in transferable securities (UCITS) and their managers are required to draw up a Key Information Document if they offer unit-holders’ rights to retail investors. This Key Information Document will replace the Key Investment Information Document.

A segregated asset account was recently introduced in the Financial Supervision Act (Wet op het financieel toezicht) as a new option for investment firms to protect clients’ money. An investment firm which uses such an account requires no prior approval to do so from the Dutch Authority for the Financial Markets (AFM). The Nrgfo will be amended in this respect in January 2023.

EBA Guidelines on the Use of Remote Customer Onboarding Solutions

On 22 November 2022 the European Banking Authority (EBA) published its long-awaited guidelines on remote customer onboarding solutions. Customer onboarding refers to the processes and arrangements used by financial enterprises in order to properly assess their new customers, document new contractual relationships, and lay down relevant customer information in their relevant systems and databases.

This guidance is relevant for all EU financial institutions that fall under the scope of EU anti-money laundering legislation, including all Dutch institutions having to comply with the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme). National regulatory authorities, including AFM and De Nederlandsche Bank (DNB) need to inform the EBA whether they comply with these guidelines within two months after publication.

The EBA notes that there has been a significant increase in demand for remote onboarding from financial institutions and their customers. This trend was exacerbated by restrictions on movement in the context of the COVID-19 pandemic, which highlighted the importance of institutions having at their disposal reliable and effective means to meet their customer due diligence (CDD) obligations in this context.

One of the European Commission’s priorities, within the framework of its “Digital Finance Strategy”, is to address the fragmentation in the Digital Single Market for financial services. To this end, the Commission asked the EBA to issue guidelines on the application of anti-money laundering and countering the financing of terrorism rules where customers are onboarded remotely. The EBA confirms in the Guidelines that what credit and financial institutions do to comply differs across Member States. It notes that regulatory divergence is an obstacle to innovation and the cross-border provision of financial services and can also create gaps and expose the Union’s single market to financial crime. For this reason, the Guidelines set common EU standards on the development and implementation of sound, risk-sensitive initial CDD processes in the remote customer onboarding context.

The Guidelines cover 6 key topics relating to remote customer onboarding:

• Policies and procedures: The Guidelines specify minimum requirements on risk-sensitive internal policies and procedures, specifying the bandwidth in which remote onboarding can be applied and the governance requirements relating thereto, imposing a mandatory pre-implementation assessment aimed at identifying and mitigating risks relating to remote customer onboarding tools, and finally specifying ongoing monitoring measures that need to be in place.
• Acquisition of identity information: The Guidelines set out requirements on the quality, accuracy and appropriateness of identity information obtained electronically, as well as requirements on record keeping and safeguarding the integrity of digital identity information obtained.
• Assessing document authenticity & integrity as part of the process: The Guidelines specify how institutions need to ascertain the reliability of identity information received, such as photos of identity documents. Such steps could include verifying the integrity of information embedded in the machine readable zone of a passport or obtaining information through near-field communication technology that allows information to be read through the chip embedded in new EU passports or identity cards.
• Matching/reconciling persons with documentation/information provided: Remote onboarding should at least ensure that there is a match between visible information of the natural person and the identity documentation provided. Additional requirements apply for legal entities. Biometric data used should be sufficiently unique. Evidence of insufficient quality should result in termination of the process and redirection to a face-to-face verification process. Unattended remote onboarding processes need to contain a liveness check and controls to ensure that photos or videos used were captured as part of those processes, and not pre-recorded.
• Reliance on third parties and outsourcing: The Guidelines specify the aspects institutions need to take into account and verify when relying on remote CDD performed by other financial institutions or when outsourcing their own remote CDD processes to third parties.
• ICT and security risk management: Institutions should identify and manage ICT and security risks related to the remote onboarding process, including (intra-group and other) outsourcing thereof and reliance on third parties. This includes using secure, i.e. encrypted, communication channels.

New DNB Policy Interpretation of Specific CRD and CRR Options and Discretions, Amending the 2019 DNB Policy Interpretation

Background

On 8 December 2022, DNB published amendments (only in Dutch) to its 2019 policy interpretation of specific provisions from the EU Capital Requirements Directive (CRD) and the EU Capital Requirements Regulation (CRR). These legislative packages set out in great detail the prudential framework applicable to EU banks, and contain several Member State options and discretions.

Key aspects

This policy specifies how DNB addresses certain of these Member State options/discretions set out in CRD and CRR. DNB organised a consultation on its draft amendments during the summer of 2022. The update was prompted by the various amendments to CRD and CRR which have occurred in the last couple of years, resulting in CRD V and CRR II and the entry into force of the Liquidity Coverage Ratio Delegated Regulation (Delegated Regulation (EU) 2015/61), giving rise to new options and discretions.

Options and discretions addressed by this new policy include:

• The Systemic Risk Buffer, aimed at preventing or mitigating macroprudential or systemic risks within the meaning of Article 133 CRR;
• The recognition by DNB of foreign macroprudential measures based on Article 458 CRR.
• Exemptions to the “Large Exposures” regime of Article 395(1) CRR for specific exposures.
• The determination of a stock market index as a material stock market index of a Member State or a third country.
• Relevant factors for the stable funding of off-balance sheet exposures.

In addition, the policy contains an Annex specifying detailed guidance for the recognition of exemptions to the limits for Large Exposures as set out in Article 400(2) CRR.

Other Financial Regulatory Publications

We have highlighted a selection of other publications by legislatures and regulators for the financial markets and financial supervision since our December 2022 News Update.

AFM

• Further explanation on the application of NHG management criteria in the event of discharge from joint and several liability (only in Dutch);

DNB

• Adoption of the amended risk methodology of the Dutch Deposit Guarantee (Regeling tot wijziging van de Regeling risicoindicatoren bijdragen depositogarantiestelsel Wft in verband met aanpassing van de berekeningswijze van de risicoscores en bepaling van de risicocategorieën voor banken ten behoeve van het depositogarantiestelsel, only in Dutch) – enters into force on 31 December 2022;
• Results of the consultation on Q&A Retention fees (feedbackstatement consultatie Q&A Retentievergoedingen, only in Dutch);
• Results of the consultation on DNB’s policy regarding options and discretions banks (feedbackstatement consultatie O&D’s, only in Dutch).

European Supervisory Authorities – ESA

• Joint advice in response to the European Commission’s October 2021 call for advice on the review of the securitisation prudential framework.

ECB

• Publication of enhanced rules for private financial transactions of high-level officials (European Central Bank, Code of Conduct for high-level ECB officials 2022/C478/03);
• Thematic review on the transparency and level of fees and charges for retail banking products in the EU;
• Consultation paper on draft Guidelines on overall recovery capacity in recovery planning;
• Publication of Final report on draft Implementing Technical Standards specifying the requirements for information that credit institutions selling NPL are to provide to prospective buyers;
• Final draft Regulatory Technical Standards on the identification of a group of connected clients under the CRR.

European Insurance and Occupational Pensions Authority

• Discussion paper on the prudential treatment of sustainability risks

European Securities and Markets Authority

• Application of the AIFMD, on the DLT Pilot Regime, on European crowdfunding service providers for business Regulation and on MiFID II and MiFIR market structures;
• Peer review into the National Competent Authorities’ handling of relocation to the EU in the context of the UK’s withdrawal from the EU;
• MiFID II Supervisory briefing. Supervision of cross-border activities of investment firms;
• Public statement to promote coordinated action by National Competent Authorities under MiFID II;
• Final report including Guidelines on standard templates, forms, and formats to apply for permission to operate a DLT market infrastructure;
• Positive opinion on amended RTS 1 and 2;
• Guidelines for reporting under EMIR.

Single Resolution Board

• Revised Memorandum of Understanding between the Single Resolution Board and the European Central Bank in respect of cooperation and information exchange.

Basel Committee on Banking Supervision

• Publication of frequently asked questions on climate-related financial risks;
• Third evaluation report along with a technical annex evaluating the impact and efficacy of the Basel III reforms;
• Publication on the prudential treatment of cryptoasset exposures.

If you have any financial regulatory questions, please do not hesitate to contact Berry van Wijk, Juan Vervuurt, Gijs Hamelijnck and Lisanne Haarman. For questions related to Investment Management, you can also contact our colleagues Oscar van Angeren and Marthe Bollen.