Credit Registration System Act, Revision, PSD2, AFM, remuneration

News Update Financial Regulatory

Consultation on the Credit Registration System Act and revision of PSD2
24 juli 2023

In this News Update we discuss a consultation on the Credit Registration System Act; a revision of PSD2; and the AFM notice for non-compliance with remuneration rules.

We further highlight some other financial regulatory publications issued since our last News Update.

Consultation on the Credit Registration System Act

On 21 June 2023, the Minister of Finance published the Credit Registration System Act (Wet stelsel kredietregistratie) and the accompanying Explanatory Memorandum for consultation. Market participants have until 3 September 2023 to give their views on this bill (in Dutch only).

The bill will create legal safeguards for today's credit registration practices by making the management of the credit registration system a statutory duty. It lays down conditions for a consistent, high-quality and objective credit registration system. Given the importance of preventing problem debts and the overextension of credit and in view of the type of information processed in the credit registration system, it should not be left up to the private sector but to the legislature to decide what information to register and how long to retain this information.

The rules aim to ensure that personal data is handled with care in the credit registration process. Statutory rules will apply to agreement registration. The Minister of Finance will designate an entity (i.e. the Credit Registration Office (BKR)) as legally responsible for managing the credit registration system. This will be subject to strict conditions. The Minister will supervise the manager, while the Dutch Data Protection Authority will monitor how personal data is used.

The bill applies to all consumer credit within the meaning of the Financial Supervision Act (Wet op het financieel toezicht). It specifies what data must be recorded for each loan and offers the option of creating subordinate legislation to lay down what other categories of agreements must be registered and what other categories of data must be specified.

Revision of PSD2

On 28 June 2023, the European Commission published three proposals on payment services and financial data access: to modernise and amend the current Payments Services Directive (PSD2) resulting in PSD3 and to establish a Payment Services Regulation and a Financial Data Access Regulation. These proposals build on the European Commission's 2020 Retail Payment Strategy and the 2020 Digital Finance Strategy.

See below the proposed amendments for payment services.

Competition and level playing field by

  • Allowing non-bank payment service providers (non-bank PSPs) access to all EU payment systems, with appropriate safeguards. Payment system operators must carry out appropriate risk assessments, and the rules on the admission of payment institutions as participants in payment systems will be reinforced.
  • Introducing stricter requirements for bank account services to non-bank PSPs. Banks must explain why they refuse to open or wish to close a bank account. Payment institutions that have been refused will have right of appeal with a national authority. Furthermore, central banks will have the option to provide account services to non-bank PSPs.

Stronger measures to combat payment fraud including

  • Extending the IBAN/name matching verification service to all credit transfers.
  • Enabling PSPs to share fraud-related information between themselves in full respect of the General Data Protection Regulation via dedicated IT platforms.
  • Extending the refund entitlement for victims of fraud to situations where the IBAN/name verification service failed to detect a mismatch and to victims of "spoofing" fraud, where the fraudster contacts the consumer pretending to be an employee of the consumer's bank, tricking the consumer into taking actions that damage their finances. In order to claim damages for "spoofing" fraud the victim must file a police report and notify their PSP immediately (without undue delay).
  • Improving Strong Customer Authentication (SCA). This includes the requirement that methods to perform SCA do not depend on a single mechanism or device, like the possession of a smartphone. Another requirement in this area is the obligation to perform SCA when, in short, a payment instrument is placed in a wallet.

Merging the legal frameworks applicable to electronic money and to payment services

  • The E-money Directive and the PSD2 will be merged into one new directive on payment services and electronic money services. The new directive will focus on the licensing and supervision of payment institutions (and will amend certain other Directives).

Further improvement of consumer information and rights

  • Introduction of three new transparency requirements: (i) for credit transfers and money remittances from the EU to third countries by providing information about the estimated charges for currency conversion and the estimated time for the funds to be received by the payee's PSP in a third country; (ii) for payment account statements, including requirements to clearly specify the name of the payee's commercial trade name, and (iii) for ATM charges.
  • For blocked funds on payment cards there will be changes to speed up the pay-out of unused blocked funds and to introduce requirements on the proportionality of the blocked amount.
  • Improvements to the availability of cash by allowing retailers to provide a cash provision service without the need to obtain a licence or to be an agent of a payment institution. The amount is limited to EUR 50 and the retailer must disclose any possible fees charged. In addition, ATM operators which do not service payment accounts will no longer need a licence. This should encourage more ATMs.

Other amendments relate to

  • Improving the functioning of open banking / open finance, especially as regards the performance and standardisation of data interfaces, removing obstacles to open banking services and consumer control over their data access permissions. Noteworthy in this regard is that the framework for financial data access introduces a general obligation for all financial institutions (i.e. data holders) to make customer data available to data users at the customer's request.
  • Reinforcing the enforcement powers of national competent authorities and facilitating implementation of the rules clarifying various elements.

AFM notice for non-compliance with remuneration rules

In late October 2022, the Dutch Authority for the Financial Markets (AFM) issued a notice to Verzekeringsadviescentrum Zaanstad BV (VACZ), informing VACZ that it should change its remuneration of freelancers to bring it in line with the remuneration rules of the Financial Supervision Act.

The AFM said that VACZ did not currently comply with those remuneration rules. Natural persons working under a financial services provider's responsibility, including freelancers, are entitled to variable pay of up to 20% of their fixed remuneration per year (the bonus cap). At least 50% of this variable pay must be based on non-financial criteria. According to the AFM, however, the freelancers' remuneration was completely variable. Moreover, less than 50% of the freelancers' appraisal and subsequent granting of variable pay was based on non-financial criteria. In addition, the remuneration policy must describe which of the pay components or pay structures could potentially lead to poor client treatment. Variable pay is such a component, in the AFM's view. VACZ's remuneration policy lacked this description, meaning VACZ had breached the description obligation.

The AFM's press release shows that VACZ has remedied these shortcomings.

Other financial regulatory publications

We have highlighted a selection of other publications by legislatures and regulators for the financial markets and financial supervision since our June 2023 News Update.




  • Dutch Central Bank (DNB) published a news item How effectively do bank and payment institutions manage cyber risk?;
  • DNB fined Lewben Netherlands BV, a trust office, for failing to commission audits; the amount of the fine was EUR 10,000;
  • DNB fined trust office TMF Netherlands for not meeting the customer due diligence legal requirements; the amount of the fine was EUR 3,125,000;
  • DNB published a factsheet on the scope of know your client requirements for trust offices (in Dutch only);
  • On 10 July 2023, DNB published a factsheet for investment firms and investment funds on various prudential aspects (licences and declarations of no-objection) (in Dutch only, an English translation will be published soon).










Ministry of Finance


If you have any financial regulatory questions, please do not hesitate to contact Berry van Wijk, Juan Vervuurt, Lisanne Haarman or Gijs Hamelijnck.

Written by:
Berry van Wijk

Key Contact

Advocaat | Partner

Key Contact

Advocaat | Counsel

Key Contact

Advocaat | Senior Associate
Gijs Hamelijnck

Key Contact

Advocaat | Senior Associate