Risk policy under the AMLD


Risk policy under the AMLD

Reading time: 4 min

In short

Institutions which are covered under the AMLD (Anti Money Laundering Directive) are obliged to implement a risk policy. Depending on the level of risk which is identified during the client investigation a more thorough investigation may be required. Risk factors may be related to multiple origins: the client, the product, the nature of the service, transactional risk, supply channel-related risk factors, and geographic risk factors. Some of these risk factors are deemed to be unacceptable, meaning that you may not engage in a business relationship with this client.

Risk policy consists of risk factors: client-related risk factors, product, service, transaction or delivery channel-related risk factors and geographic risk factors. 

Client-related risk factors

Client-related risk factors are, as the name implies, risks associated with the client. Some examples are:

  • Certain companies such as catering companies, call shops, painting companies and construction companies and companies dealing in products related to drugs;
  • Clients with a lot of cash on hand;
  • Clients who provide incorrect or incomplete information, or who provide a reason to doubt the accuracy and completeness of the provided information;
  • Clients with an unclear or variable location address without an explanation;
  • Clients who are part of an opaque, or complex, ownerships- structure or control structure.


Product, service, transactional, and supply channel risk factors

Product, service, transactional, and delivery channel risk factors are risks associated with the delivery of your product or service, OR with the work of your client. Certain transactions or supply channels may entail additional risks, elevating the risk assessment and requiring a more extensive investigation.

Some examples of product, service, transactional or supply channel-related risk factors are:

  • Opening bank accounts in the name of an accountant or tax advisor with the intention of transferring or funneling funds to third parties, thereby concealing the link between the (illegal) origin and the destination of the money.
  • Products or transactions that promote anonymity, for example, clients using cryptocurrencies (such as Bitcoins).
  • Services setting up international structures to disguise the ultimate stakeholder.
  • Drawing up private loan agreements or admissions of debt in which it is unclear what the origin of the financing is.
  • Stock transactions where the value of the shares is difficult to determine.

Geographic risk factors

There are multiple sources that define geographic risk factors, such as the FATF lists, the European Sanctions Countries and the CPI. 

The FATF publishes a list of countries with high risk of financial abuse regarding money laundering or the financing of terrorism multiple times a year. The EU sanctions map provides an overview of countries with the corresponding sanctions. 

The CPI scores and ranks countries/territories based on how corrupt a country's public sector is deemed to be by experts and business leaders. It is a composite index, combining 13 separate investigations and reviews into corruption by various reputable institutions. The CPI is the most widely used indicator of corruption worldwide. Some examples of geographical risk factors are:

  • Countries or geographical areas subject to sanctions, embargoes, and similar measures, adopted by, for example, the United Nations, the European Union or the United States.
  • Countries or geographical areas identified by reliable sources (e.g. FATF, CPI, European Sanctions Countries) as countries or territories that have not adequately established a system for the prevention of money laundering and/or terrorist financing.
  • Countries or geographical areas identified by reliable sources as funders of terrorist activities, or which otherwise support terrorism.
  • Countries or geographical areas identified by reliable sources as having a high level of corruption or other criminal activity.
  • Countries or geographical areas where there is political instability.
  • Countries or geographical areas known as offshore financial havens.

In the event of unacceptable risks, it is prohibited to do business with a party.

Unacceptable risks

If the client investigation shows that the client poses too high a risk, the institution may not enter a business relationship with this client. Even existing business relationships need to be terminated at the next possibility if intermediate assessments deem the risk beyond this level. If the WWFT-liable institution suspects money laundering or the financing of terrorism, the institution is obliged to report it to the Financial Intelligence Unit (FIU-NL). The institution must establish a client-exit policy to ensure that the business relationship is no longer retained in such a case. This policy should include, among other things, the circumstances, and procedures through which the business relationship with the client will be terminated. Some unacceptable risks may be:

  • Clients who provide incorrect or no identifiable information.
  • Clients who are on a sanction list.
  • Clients who provide no or inexplicable information about the origin of funds.
  • When the organizational structure is too complex or not transparent, so that the UBO (Ultimate Beneficial Owner) cannot be identified.

CDD On Demand

CDD On Demand makes it easy to carry out part of the client research by allowing you to quickly identify risk factors of your clients, to identify the UBO, and identify geographical risks. Request your free credits today to experience the time-savings of CDD On Demand firsthand! Better safe than sorry

Customer Due Diligence (CDD) in ten steps - step 4


CDD in 10 steps

Stap 4: Achterhaal de UBO

Reading time: 3 min.

In short

Na het bepalen of u Wwft-plichtig bent, de identificatie en verificatie van uw client, dient u in het geval van een rechtspersoon de UBO, oftewel de uiteindelijk belanghebbende te bepalen. Deze stap hoeft uiteraard niet uitgevoerd te worden wanneer u zakendoet met een natuurlijk persoon.

Wat is een UBO?

UBO staat voor Ultimate Beneficial Owner, oftewel de persoon die 25% of meer van de aandelen in bezit heeft of de uiteindelijke zeggenschap binnen een onderneming heeft. Volgens de Europese wetgeving is de UBO:

‘’De natuurlijke perso(o)n(en) die de uiteindelijke eigenaar is (zijn) van of zeggenschap heeft (hebben) over de cliënt en/of de natuurlijke persoon of de natuurlijke personen voor wiens/wier rekening een transactie of activiteit wordt verricht.’’

Een UBO-verklaring is een schriftelijk ondertekend document met daarop de UBO. In  specifieke gevallen kan een persoon of personen behorend tot het hoger leidinggevend personeel  worden vastgesteld als zogenaamde “Pseudo-UBO”

Een UBO-verklaring is een schriftelijk ondertekend document waarop is aangegeven wie de UBO’s van een onderneming zijn. Een dergelijke verklaring is nodig om ervoor te zorgen dat natuurlijke personen die kwaadwillende bedoelingen hebben met betrekking tot het witwassen van geld of terrorismefinanciering zich kunnen verschuilen achter juridische entiteiten.


In bepaalde specifieke gevallen kan een persoon of personen behorend tot het hoger leidinggevend personeel (bijvoorbeeld de bestuurders) worden vastgesteld als UBO’s (zogenaamde “Pseudo-UBO”). Dit is bijvoorbeeld mogelijk als er op grond van aandelen, stemrecht of eigendom geen echte UBO te achterhalen is. Deze regeling zorgt ervoor dat voor iedere rechtspersoon een UBO kan worden geregistreerd. Echter mag pas een pseudo-UBO worden aangewezen wanneer er alles aan is gedaan om de echte UBO te achterhalen.

Vanaf 27 september 2020 komt het UBO register online. In het UBO-register moeten bepaalde ondernemingen zich verplicht inschrijven en aangeven die de UBO’s zijn

UBO register

Vanaf 27 september 2020 komt het UBO-register online. In het UBO-register moeten bepaalde ondernemingen zich verplicht inschrijven en aangeven die de UBO’s zijn. Het UBO-register is voor iedereen toegankelijk, alleen is bepaalde informatie alleen toegankelijk voor bevoegde autoriteiten.

Als er aan de hand van de gehouden belangen geen UBO aanwijsbaar is, worden de bestuurders van de onderneming of rechtspersoon als UBO geregistreerd. Bij registratie moeten niet alleen de persoonsgegevens en het belang van de UBO worden opgegeven, maar moeten ook documenten worden overgelegd ter onderbouwing van de aard en herkomst van het uiteindelijke belang in een organisatie.

The UBO register in almost online


The UBO register is almost online

Reading time: 4 min

In short

On 23 June 2020, the Senate of The Netherlands approved the bill for the introduction of the UBO register. From 27 September, organisations are obligated to register the UBOs in the new UBO register. Vanaf 27 september moeten organisaties de UBO’s gaan inschrijven in het nieuwe UBO-register.


UBO means Ultimate Beneficial Owner



An UBO is the 'ultimate beneficial owner' of an organisation. A UBO is the person who owns the organisation or has control within the organisation. These are, for example, natural persons who own more than 25% of the shares or persons who directly or indirectly have more than 25% of the ownership interest.


The purpose of the UBO register is to further combat money laundering or terrorist financing within the European Union


UBO register

All Member States of the European Union are obligated to keep a UBO register. The purpose of the UBO register is to further combat money laundering or terrorist financing within the European Union. The UBO register is designed to improve the transparency of who is ultimately in control within an organisation. This should make it more difficult for persons who commit financial and economic crimes to hide behind legal entities.

Who should register?

Registration for the UBO register will open on 27 September 2020. Organisations then have eighteen months to register in the UBO register. The following legal forms must register in the UBO register:

  • Unlisted private and public limited companies
  • Foundations
  • Associations:
    • With full legal capacity
    • With limited legal capacity but with company
  • Mutual guarantee companies
  • Cooperatives
  • Partnerships: partnerships, general partnerships and limited partnerships
  • Shipping companies
  • European public limited companies (SE)
  • European cooperative societies (SCE)
  • European economic partnerships that, according to their statutes, have their registered office in the Netherlands (EEIG)

Who has access to the data?

The UBO register will be public from 27 September 2020. The data of an organisation and its UBOs can be consulted by purchasing a Chamber of Commerce extract from the UBO register for €2.50. However, some authorities will have access to more information than others for investigating suspicious cash flows.

Data that is visible to everyone include the name, month of birth, year of birth, state of residence, nationality and the 'nature and size' of the interest that the UBO has:

  • 25%-50%;
  • 50%-75%;
  • 75%-100%.

Data that is only visible to competent authorities, such as the tax authorities, include the date of birth, place of birth, country of birth, address, social security number, foreign tax identification number, documentation confirming identity and documentation substantiating the share interest.

Guarantees with the register

There are several basic principles associated with the UBO register. For example, everyone who wants to request data must pay a fee for this. To guarantee the reliability of the register, UBOs must substantiate the UBO statement with necessary documents. This should ensure that the registry information is correct. The register does not allow for searches by personal name but only by organisation name. It is also not possible to request large datasets in one go, and UBOs have insight into how often their data has been requested. However, UBOs cannot see who has requested the data.

Duty to report back

With the UBO register going live, the obligation to report back also comes into effect. This obligation applies to all companies subject to the AML and means that if the compliance investigation by the AML service provider reveals other information than is apparent from the UBO register, the AML service provider must report this to the Chamber of Commerce. This notification must be substantiated with documents. The Chamber of Commerce will start working on this report and inform the relevant organisation and give it the opportunity to check the information in the UBO register. This information is only requested from the legal entity and not from the UBOs. Please note: the obligation to report back has no consequences for the obligation to report unusual transactions. This transaction must still be reported to FIU-the Netherlands.

Consequences of Non-Compliance

If a legal entity has not registered the UBOs before 22 March 2022, there will be consequences. Failure to comply with the obligations is regarded as an economic offence and can be punished with imprisonment for a maximum of six months (offence) or two years (offence), a community service order or a fine of up to €21.750.

CDD On Demand & UBO register

CDD On Demand already offers the option of performing a UBO check (Dutch companies only)Chamber of Commerce registrations of the client are requested, and the company structure is made transparent. Based on this, (possible) UBOs are listed and you can immediately perform the compliance checks. This UBO check (Dutch companies only) is only available for Dutch legal entities. If the search leads to an organisation outside the Netherlands, an attempt is made to indicate a so-called “UBO connection”. This is the person who most likely knows who the UBO is.


Customer Due Diligence (CDD) in ten steps - step 3


CDD in 10 steps

Step 3 - Verify your client

Reading time: 4 min

In short

In the previous blogs, we covered the first two steps of the Customer Due Diligence (CDD) obligation under the AML. The first step was to check whether you need to comply with the AML at all, i.e. whether you are subject to the AML. The second step involved identifying your client. Once those steps are completed, it is time for step 3: verify your client.

Verifying your client means that you must verify the specified identity from step 2 with the actual identity. This step must also be completed before the service is provided. The AML does not prescribe exactly how the identity of a client must be verified, but a number of documents have been listed that at least meet the legal standard. To verify your client, a distinction must first be made between the different types of clients.


The AML does not prescribe exactly how the identity of a client must be verified


Verifying your client means that you must verify the specified identity from step 2 with the actual identity. This step must also be completed before the service is provided. The AML does not prescribe exactly how the identity of a client must be verified, but a number of documents have been listed that at least meet the legal standard. To verify your client, a distinction must first be made between the different types of clients.


Natural persons

The identity of natural persons can be verified by the following documents:

  • A valid passport;
  • A valid Dutch driving license or EU/EEA driving license with a passport photo and name of the holder;
  • A valid identity card issued by a Dutch municipality or by the competent authority in another EU/EEA member state and provided with a passport photo and name of the holder; 
  • In some cases, the identity can also be verified based on a valid residence or travel document.



Dutch legal entities and foreign legal entities with an establishment in the Netherlands

For legal entities established in the Netherlands, their identity can be verified using:

  • An (online) extract from the Trade Register of the Chamber of Commerce or a deed; 
  • A statement drawn up or issued by a lawyer, civil-law notary or junior civil-law notary established in the Netherlands or in another EU/EEA member state or a comparable independent practitioner of a legal profession.

A certified extract from the Chamber of Commerce is no longer necessary. An online extract is now also sufficient, provided the application has been made by the institution.

Foreign legal entities with no establishment in the Netherlands

For foreign legal persons without an establishment in the Netherlands, the identity is verified using reliable documents, data or information commonly used in international trade or documents, data or information that are recognised by law as a valid means of identification in the state of origin.

Once you have verified the identity of your client, it is time for the next step. This step only applies if your client is a legal entity as the Ultimate Beneficial Owner (UBO) must be determined. More about this in the next blog!


Customer Due Diligence (CDD) in ten steps - step 2


CDD in 10 steps

Step 2 - Identify your client

Reading time: 4 min

In short

Compliance with the AML in 10 steps; it seems simple, but what needs to be done? We discussed the first step in our previous blog, "Does the AML apply to you?". Whether you are subject to the AML depends on whether you qualify as an institution as defined by the AML. Please note that the AML is regularly supplemented with additional guidelines. The fact that you are currently not subject to the AML does not mean that this legislation will not apply to you in the future.

This second blog discusses the second step: identifying your client. This step must be performed before you provide services. Identification is defined in the AML as "statement of identity".


Om uw client te identificeren dienen er een aantal gegevens te worden opgevraagd en tevens dienen deze te worden vastgelegd in bijvoorbeeld het cliëntendossier, de centrale administratie of een combinatie daarvan.


Identifying your client requires requesting various details and recording these in, for example, the client file, the central administration or a combination thereof. The recording of the identity and verification data of your client should be accessible so that a report can be made and a check can be carried out easily if necessary. The recording must be done in accordance with the GDPR.

Natural person

The following must be recorded for a client/natural person and if applicable, their representative:

  • Last name
  • First name(s)
  • Date of birth
  • Address, place of residence/business
  • Transcript/copy of the document with a personal identification number with which the identification took place

Dutch legal entities

For legal persons incorporated under Dutch law, the following must be recorded:

The legal entity:

  • Legal form 
  • Statutory name 
  • Trade name (if available) 
  • Address with house number and postal code 
  • Place of business 
  • Country of registered office 
  • Chamber of Commerce registration number and registered office of the Chamber of Commerce 
  • Methods used to verify identity

Representative of the legal entity

  • First name(s) 
  • Last name 
  • Date of birth

Foreign legal entities

The following must be recorded for foreign legal entities:

The legal entity:

  • The documents, data or information used to verify their identity

Representative of the legal entity

  • First name(s) 
  • Last name
  • Date of birth

In the third step of CDD, the client information must be verified. More about this can be read in our next blog: "CDD in 10 steps: Step 3 - Verify your client"

Corruption perceptions index


Corruption perceptions index

Reading time: 4 min

In short

Tijdens het cliëntenonderzoek voor de Wwft is het van belang dat ook het landenrisico wordt meegewogen. In de praktijk is gebleken dat bepaalde landen een hoger risico met zich meebrengen op witwassen en financiering van terrorisme. Mocht uw client een nationaliteit hebben of wonen in een land met een verhoogd risico dan kunt u het beste een verscherpt cliëntenonderzoek uitvoeren.

In de Wwft artikel 2b wordt hierover het volgende gemeld:

‘’ 1) Een instelling neemt maatregelen om haar risico’s op witwassen en financieren van terrorisme vast te stellen en te beoordelen, waarbij de maatregelen in verhouding staan tot de aard en de omvang van de instelling.

2) Bij het vaststellen en beoordelen van de risico’s, bedoeld in het eerste lid, houdt de instelling in ieder geval rekening met de risicofactoren die verband houden met het type cliënt, product, dienst, transactie en leveringskanaal en met landen of geografische gebieden.’’

Per client moet dus een duidelijk risicoprofiel zijn opgesteld waarin ook het landenrisico moet worden meegenomen.


Transparency International is verantwoordelijk voor de Corruption perceptions index (CPI). Zij voeren dit onderzoek elk jaar uit


Transparency International

Om het landenrisico te bepalen kunnen meerdere bronnen worden gebruikt. Een hiervan is de Corruption perceptions index (CPI), een onderzoek wat ieder jaar wordt uitgevoerd door Transparency International. Transparency International is een wereldwijde organisatie die in meer dan honderd landen werk om een einde te maken aan het onrecht van corruptie. De missie van Transparency International is om corruptie te stoppen en transparantie, verantwoordingsplicht en integriteit op alle niveaus en in alle sectoren van de samenleving te bevorderen.

Corruptie wordt omschreven als het misbruik van toevertrouwde macht voor persoonlijk gewin. Corruptie tast het vertrouwen aan, verzwakt de democratie, belemmert de economische ontwikkeling en verergert ongelijkheid, armoede, sociale verdeeldheid en de milieucrisis verder. Enkele voorbeelden zijn ambtenaren die geld of gunsten eisen of aannemen in ruil voor diensten, politici die overheidsgeld misbruiken of openbare banen of contracten toekennen aan hun sponsors, vrienden en familie of bedrijven die ambtenaren omkopen om lucratieve deals te sluiten.


De CPI scoort en rangschikt landen/ gebieden op basis van hoe corrupt de publieke sector van een land wordt ervaren door experts en zakenmensen. Het is een samengestelde index, een combinatie van 13 enquêtes en beoordelingen van corruptie, verzameld door verschillende gerenommeerde instellingen. De CPI is wereldwijd de meest gebruikte indicator voor corruptie. Een aantal hoogtepunten van het onderzoek uit 2019:

  • In 2019 zijn 180 landen/gebieden gerangschikt
  • Er wordt een schaal van nul tot honderd gebruikt waarbij honderd staat voor volledige transparantie en nul voor zeer corrupt.
  • Meer dan twee derde van de landen heeft in 2019 een score onder de vijftig
  • De gemiddelde score in 2019 is 43
  • De gemiddelde score in 2019 West-Europa en de Europese Unie is 66 punten

De landen die in 2019 het beste hebben gescoord zijn:

  1. Denemarken (87)/Nieuw-Zeeland (87)
  2. Finland (86)
  3. Singapore (85)
  4. Zweden (85)
  5. Zwitserland (85)

Nederland (82) valt met haar achtste plek nog net in de top tien. De landen die het laagst scoorden zijn: Somalië (9), Zuid-Soedan (12), Sirie (13), Yemen (15) en Venezuela (16).

In de afgelopen acht jaar hebben slechts 22 landen hun CPI-scores aanzienlijk verbeterd, waaronder Griekenland, Guyana en Estland. In dezelfde periode hebben 21 landen hun scores aanzienlijk verlaagd, waaronder Canada, Australië en Nicaragua. In de overige 137 landen verandert de mate van corruptie niet of nauwelijks.


In CDD On Demand worden de CPI, FATF landenlijst en de EU hoog risicolanden-lijst geraadpleegd. 


Landenrisico & CDD On Demand

In de meest recente update van CDD On Demand heeft SCOPE FinTech Solutions de component van het landenrisico uitgebreid met extra bronnen en een vertaling naar risicoclassificatie. Hierdoor krijgt u een betrouwbaarder beeld van het landenrisico van uw client en ziet u bovendien in een oogopslag wat dit landenrisico van uw client is. Naast de CPI worden ook de FATF landenlijst en de EU hoog risicolanden-lijst geraadpleegd.

Tijdens het uitvoeren van een compliance check binnen CDD On Demand kunt u een land invoeren, wat zowel een nationaliteit kan zijn als het land waarin uw client woonachtig is. Als er meerdere landen zijn, is de ervaring dat nationaliteit vaker bekend is bij de compliance bronnen en kunt u dus het beste dit land invoeren. Daarnaast wordt Benieuwd hoe dit werkt? Vraag vandaag nog uw demo-account aan en probeer het zelf.

Customer Due Diligence (CDD) in ten steps - step 1


CDD in 10 steps

Step 1 - Does the AML apply to you?

Reading time: 4 min

In short

The first step of the Customer Due Diligence (CDD) policy is to check whether you are subject to the AML. If you are subject to the AML, you are also obligated to comply with the AML. There is no need to comply with this legislation if the AML does not apply.

The AML uses the term "institution" to determine who is subject to the AML. Article 1a lists institutions such as banks, investment firms and institutions, exchange institutions, life insurers, financial service providers and payment service agents. In addition, natural persons, legal entities or companies practising a specific professional activity may also be subject to the AML.


There are three main categories that fall under the guidelines of the Wwft: banks, financial institutions and designated natural persons, legal persons or companies acting in the context of their professional activities


Three main categories

The term "institution" is divided into three main categories:





Other financial companies

Designated natural persons, legal persons or companies acting in the context of their professional activities.

Other financial companies

  • Investment institution
  • Investment firm
  • Mediator in life insurance
  • Payment service agent
  • Payment service provider acting on behalf of a payment service provider licensed in another EU Member State
  • Payment service provider
  • Electronic money institution
  • Undertaking for Collective Investment in Transferable Securities (UCITS)
  • Institution not being a bank that nevertheless carries out banking activities
  • Life insurance company
  • Lessor of safes
  • Changeover institute


Professional activities designated as natural persons, legal entities or companies acting in the context of their professional activities include:

  • Accountant
  • Lawyer
  • Tax advisor
  • Domiciliary provider
  • Buyer or seller of goods (with the exception of works of art)
  • Buyer or seller of works of art
  • Mediator in the purchase/sale of goods of great value
  • Real estate agent
  • Notary
  • Pawnshop
  • Casino 
  • Appraiser 
  • Trust office 
  • Professional or commercial provider of services for switching between virtual currencies and fiat currencies
  • Professional or commercial provider of custodial wallets

This list has been compiled based on data from FIU-the Netherlands. If you pass step 1, it is time to move on to the next step. Read more about this in our next blog - Identify your client.