New! In addition to the Quote 500, now also the Dutch Top 500.000 of the richest shareholders. Facilitated by the State! Does the end justify the means?

New! In addition to the Quote 500, now also the Dutch Top 500.000 of the richest shareholders. Facilitated by the State! Does the end justify the means?

Reading time: 6 min

Since September 27 you’re able to request Dutch UBOs at the Chamber of Commerce. You will receive a name, month and year of birth, nationality and country of residence of the UBO, including an insight (range) into the size of the share. This new service has been facilitated by Europe and the affiliated countries with which all UBO information is exchanged.

The State does nothing about data protection. Everything is public; you only need to request a code from the Chamber of Commerce and pay.

Determining the value of a natural person is easy (shares * company balance sheet value). An address is easy to find because most holdings, for example, are on a private address and otherwise Google will help!

Risky for those involved? That the State thinks so is evident from the following. The State offers the possibility to make UBO’s, that are mentioned on a specific protection list, invisible. As a layman, this seems to me to be contrary to the principle in the constitution that all Dutch citizens should be treated equally in an equal situation. A lawyer is allowed break their teeth on this.

All in all, a gross violation of the privacy of approximately 500.000 UBOs under the motto “preventing money laundering and combating terrorism”. This substantiation and justification has virtually no value because money laundering in the Netherlands is mainly done by drug criminals, according to research by the University of Utrecht. It would surprise the undersigned if drug criminals can be found in a UBO register.

Then the statement about a hidden agenda of the State remains. Certainly not fancy but has happened before (see SyRI story below). Below an elaboration.

The introduction  

“More than 1.5 million organizations will have to deal with the UBO register by 2020. From 27 September, many organizations have to register UBOs in this new register. UBOs (Ultimate Beneficial Owners) are persons who have more than 25% of the economic interest in an organization ”. The above quote comes from the website of the Chamber of Commerce (KvK). Immediately a new source of income for the Chamber of Commerce. Companies have to pay for a UBO request. The State does not pay for the use of the Chamber of Commerce database! Also bizarre.

The UBO register provides insight into shareholders who have an economic interest of more than 25% or who have a say in companies, foundations and associations, among other things.

The consequences

The UBO register has consequences:

  1. The UBO register is in violation of the (European) GDPR, which must guarantee the privacy of natural persons. The State will argue that it is a more important interest, but the State is not always right and cannot properly assess such matters. In the case of System Risk Inventory (SyRI), the State has had to back down for the time being.
  2. It concerns many people. There are approximately 800,000 BVs in the Netherlands. Most BVs have several UBOs and a number of UBOs have several BVs, such as an operating company and a holding. The number of UBOs in the Netherlands remains a guess, but according to good marketing practice, we estimate that there are 500,000 +/- 100,000 UBOs in the Netherlands.
  3. The UBO register has (possibly) far-reaching consequences for the personal safety of shareholders and their families. The State also endorses this position, as appears from the exceptional rule that has been drawn up that will protect the privacy of certain UBOs (?). de privacy van bepaalde UBO’s (?) gaat beschermen.

The UBO Register will make the following information publicly available for approximately 500,000 shareholders and directors:

  1. First and last name
  2. Month and year of birth
  3. Nationality
  4. Country of residence
  5. The nature and size of the equity interest in a range

Violation of the privacy

Het bovenstaande is een flagrante schending van de AVG/GDPR. Punt 5 bijvoorbeeld, de aard en de omvang van het aandelenbelang is ook in een bandbreedte een zeer gevoelig financieel gegeven in de GDPR. The above is a blatant violation of the GDPR. Point 5, for example, the nature and size of the equity interest, even if it’s only a range, is a very sensitive financial data in the GDPR.

"Financial data are sensitive personal data that can say a lot about someone. It is therefore important that organizations such as banks and the tax authorities handle this carefully." This can be read on the website of the Dutch Data Protection Authority. Seems like the above does not apply to the State?

Risks for those involved?

The fact that there are risks associated with the dissemination of this information is known to the State. This is evident from the following in the supplementary regulations. “The UBO may submit a request to the Chamber of Commerce to block certain data”. This will be honored if one of the following situations is demonstrably involved:

  1. Exposure to a
  2. Disproportionate risk,
  3. A risk of fraud,
  4. Kidnapping,
  5. Blackmailing etcetera.

This is also possible if the UBO is a minor, is under guardianship or administration or has police security.

State protection is a sham

“The additional UBO data - the day of birth, the place of birth, the country of birth, the residential address, BSN and / or TIN and the underlying documentation showing the identity of the UBO and the exact nature and scope of the economic interest held by the UBO - are only accessible to competent authorities and FIU-the Netherlands ”. This text comes from a briefing of the Senate by the Ministry of Finance. Naturally, the State and about twenty government services, including the Tax and Customs Administration, have unlimited free access to the information.

This claim that “the additional UBO data” is protected by the State is an outlandish and pointless.

The opposite is true: anyone with access to the internet and common sense can make a reasonable estimate of the value of the shares on the basis of the company's balance sheet value (annual report available from the Chamber of Commerce).

The value of the shareholder and his family is equal to the share range * value of the company (s) found in the UBO register. The protected residential addresses are also not very difficult to find on the internet with a first and a last name in combination with a country of residence and a nationality.

Entrepreneurs are often known on the internet and the information is easy to find. The State could just as well have placed a target on the head of enterprising Netherlands with an additional amount.

The conclusion; the medicine is worse than the disease

Any sane person will ask himself whether the importance of “preventing money laundering and financing terrorism”, which is done by a very limited group of Dutch people, who probably cannot be found in a UBO register, outweighs the means and that is a massive privacy violation of the shareholders (often entrepreneurs). The alternative is a hidden agenda at the State. This behavior is unworthy of the State.

A parallel can be drawn with SyRI; this is a system of the State in which the privacy rights of the citizens were massively violated under the motto “anti-fraud”.

For more information click here

Lawsuit in the making
Source: Privacy Web

Privacy First will start a lawsuit against the UBO register with its lawyer Otto Volgant (Boekx Advocaten) for violation of European privacy law. Dutch law and the overlying European directive are in conflict with the European Charter for Fundamental Rights and the GDPR. Privacy First often conducts its strategic procedures on privacy with a coalition of stakeholders. Privacy First is currently identifying which parties can contribute to the case against the UBO register.


Yes-co partners with SCOPE FinTech Solutions


Yes-co partners with SCOPE FinTech Solutions

Reading time: 2 min.

As of September 1st, 2020, Yes-co and SCOPE FinTech Solutions teamed up to integrate the CDD On Demand platform in Yes-co's software for brokers. With this, Yes-co becomes the first supplier to offer brokers an integrated solution for compliance with AMLD and Sanctions Act.


Easily comply with the AMLD and Sanctions Act

Like the other so-called gatekeepers, estate agents also have obligations to follow the guidelines the AMLD and Sanctions Act. By entering into the partnership and realizing an integrated solution, Yes-co can expand its software with a new module that helps customers comply with the obligations of the AMLD and Sanctions Act. This offers customers the advantage that they can use their trusted Yes-co software in a very user-friendly way:

  • Being able to enter and / or update relationship data based on current Chamber of Commerce data
  • Being able to screen and check clients in the context of the AMLD and Sanctions Act and archive the result in the form of a certified PDF document in the client administration
  • Be able to conduct UBO research for business clients including underlying Chamber of Commerce extracts, resulting in a certified UBO research report in which the results are presented.

Based on its focus and specialism, SCOPE Fintech Solutions ensures continuous improvement of the delivered product, the development of new product components and features, the monitoring of laws and regulations and the implementation of necessary adjustments, so that Yes-co can focus on the core of its own software for brokers.

Broad collaboration

In addition to integrating software components, Yes-co and SCOPE Fintech Solutions will also work closely together to inform and support customers in the implementation and use of the software. Various offices in the market have indicated that they are very interested in the new module, but a lot of awareness and explanation will still have to be done within the entire market segment regarding compliance with the Wwft and Sanctions Act and what this entails. Yes-co and SCOPE will start a campaign for this after the technical integration of the software is ready and the module is available for customers via the Yes-co Appstore.

Are you a broker and are you interested in this new solution or would you like to use it, stay informed by placing yourself on the Wwft watchlist, then Yes-co will contact you when the product is available.


Customer Due Diligence (CDD) in ten steps - step 6


CDD in 10 steps

Step 6: Risk Assessment

Reading time: 2 min.

After you have taken the previous steps, which include identifying and verifying client credentials, finding out the UBO, and checking the client risks, you are obliged to make an overall risk assessment. Based on this risk assessment you will then determine whether you want (and may) enter a business relationship with this client, or if additional client research is needed.

The risk assessment

To arrive at the right risk assessment, it is important to check whether the ultimate goals of the client make sense with their profile. To assess the risk associated with a client, there are several points to keep in mind:

  • Country of origin and residence
  • Clients and delivery channels
  • Products, services and transactions
  • Employees and the internal culture
  • Third parties

Next, you should make a risk analysis in which you determine the likelihood of a risk, and its potential impact in terms of potential cost or damages.

Risk categories

Risk is commonly distinguished with four categories: low risk, normal risk, high risk In case of unacceptable risks, you may not enter a business relationship with this client, and you will be required to end the business relationship at the next opportunity.

Some examples of low risk transactions are standard services for individuals, pension products, and standard services for small-scale commercial relationships.

Examples of normal risk levels are bank accounts, routine international payments for medium and large enterprises, and routine services and products related to private banking. In these cases, the frequency for review can be as low as two to three years.

The high-risk category includes banking products and services which involve an increased risk (such as large cash deposits), or when your client is politically exposed.

In conclusion

Once you have assessed the risk of a client, you should decide whether you want to enter a business relationship with this client. When you are in a business relationship, you will need to monitor your clients against active Sanction Lists on a daily basis. More on this in the following blog: monitor the risk profile of the client!

The ease of use of CDD On Demand according to RE/MAX


The ease of use of CDD On Demand according to RE/MAX Haarlemmermeer

Reading time: 2 min.

RE/MAX "the Makelaars van de Haarlemmermeer" have been using CDD On Demand for several months to their satisfaction for screening, checking and monitoring their customers in the context of the AMLD and Sanctions Act. 

RE/MAX had been looking for a solution for checking their customers for some time and given the irregular influx of customers within the brokerage, CDD On Demand was the perfect solution. By means of the simple credit system and no additional subscription costs, they are only obliged to use credits in case of a new customer. This saves a lot of monthly costs and offers the flexibility they were looking for. 

Dennis de Haan: “As brokers we are obliged to check all parties with which we do business according to the AMLD. After we tested a number of providers, we eventually started doing business with SCOPE FinTech Solutions. The CDD On Demand tool works quickly, simply and efficiently. The report that the system generates is professional, clear, well-organized and meets the requirements set for us as brokers; In addition, we are not bound by contracts and it is an accessible way to generate the correct information. We are very satisfied! 

Try it yourself and request here for your own AMLD client research 


Customer Due Diligence (CDD) in ten steps - step 5


CDD in 10 steps

Step 5: Determine client-related risks

Reading time: 2 min.


After you have determined that the Wwft applies to you, you have identified your client and verified these credentials, and in the case of a legal entity the possible UBO has been determined , you should assess any potential risks associated with a business relation with the client. In this step you need to check, among other things, whether your client is a Politically Exposed Person (PEP).


One of the ways to estimate a client's risk is to see if a client is a PEP. (Politically Exposed Person)


Politically Exposed Person (PEP)

One of the first steps you take to assess client risk is to check whether your client, or a member of his immediate family, is considered as being politically exposed. A politically exposed person is someone who currently is employed in a political function or has held such a position up to one year ago

Investigating whether your client is considered as a PEP is important because a PEP carries a higher risk of corruption due to his, or her, profession. Even if your client is related to a PEP, this risk is considered to be increased as the client is in the direct social circles of the PEP. In the event that the client is a PEP, you are obliged to conduct an enhanced client research, the requirements for the enhanced client research vary depending on the field of work of the provided service.

Additional checkups

In addition to investigating whether your client is on a PEP list, it is also wise to check if your client has had negative media coverage or is under the supervision of a financial regulatory body. The Sanctions Act also requires you to check whether there are active, or historical, sanctions enacted against the client. It is also necessary to check whether the client appears in the insolvency register. If any of these conditions is the case, a business relationship with this client can cause reputational damage.

In conclusion

Once you have determined the client-related risks, you should draw up a risk assessment of your business relationship with this client. More on this in the following blog – Determine the risk assessment.

Risk policy under the AMLD


Risk policy under the AMLD

Reading time: 4 min


Institutions which are covered under the AMLD (Anti Money Laundering Directive) are obliged to implement a risk policy. Depending on the level of risk which is identified during the client investigation a more thorough investigation may be required. Risk factors may be related to multiple origins: the client, the product, the nature of the service, transactional risk, supply channel-related risk factors, and geographic risk factors. Some of these risk factors are deemed to be unacceptable, meaning that you may not engage in a business relationship with this client.

Risk policy consists of risk factors: client-related risk factors, product, service, transaction or delivery channel-related risk factors and geographic risk factors. 

Client-related risk factors

Client-related risk factors are, as the name implies, risks associated with the client. Some examples are:

  • Certain companies such as catering companies, call shops, painting companies and construction companies and companies dealing in products related to drugs;
  • Clients with a lot of cash on hand;
  • Clients who provide incorrect or incomplete information, or who provide a reason to doubt the accuracy and completeness of the provided information;
  • Clients with an unclear or variable location address without an explanation;
  • Clients who are part of an opaque, or complex, ownerships- structure or control structure.


Product, service, transactional, and supply channel risk factors

Product, service, transactional, and delivery channel risk factors are risks associated with the delivery of your product or service, OR with the work of your client. Certain transactions or supply channels may entail additional risks, elevating the risk assessment and requiring a more extensive investigation.

Some examples of product, service, transactional or supply channel-related risk factors are:

  • Opening bank accounts in the name of an accountant or tax advisor with the intention of transferring or funneling funds to third parties, thereby concealing the link between the (illegal) origin and the destination of the money.
  • Products or transactions that promote anonymity, for example, clients using cryptocurrencies (such as Bitcoins).
  • Services setting up international structures to disguise the ultimate stakeholder.
  • Drawing up private loan agreements or admissions of debt in which it is unclear what the origin of the financing is.
  • Stock transactions where the value of the shares is difficult to determine.

Geographic risk factors

There are multiple sources that define geographic risk factors, such as the FATF lists, the European Sanctions Countries and the CPI. 

The FATF publishes a list of countries with high risk of financial abuse regarding money laundering or the financing of terrorism multiple times a year. The EU sanctions map provides an overview of countries with the corresponding sanctions. 

The CPI scores and ranks countries/territories based on how corrupt a country's public sector is deemed to be by experts and business leaders. It is a composite index, combining 13 separate investigations and reviews into corruption by various reputable institutions. The CPI is the most widely used indicator of corruption worldwide. Some examples of geographical risk factors are:

  • Countries or geographical areas subject to sanctions, embargoes, and similar measures, adopted by, for example, the United Nations, the European Union or the United States.
  • Countries or geographical areas identified by reliable sources (e.g. FATF, CPI, European Sanctions Countries) as countries or territories that have not adequately established a system for the prevention of money laundering and/or terrorist financing.
  • Countries or geographical areas identified by reliable sources as funders of terrorist activities, or which otherwise support terrorism.
  • Countries or geographical areas identified by reliable sources as having a high level of corruption or other criminal activity.
  • Countries or geographical areas where there is political instability.
  • Countries or geographical areas known as offshore financial havens.

In the event of unacceptable risks, it is prohibited to do business with a party.

Unacceptable risks

If the client investigation shows that the client poses too high a risk, the institution may not enter a business relationship with this client. Even existing business relationships need to be terminated at the next possibility if intermediate assessments deem the risk beyond this level. If the WWFT-liable institution suspects money laundering or the financing of terrorism, the institution is obliged to report it to the Financial Intelligence Unit (FIU-NL). The institution must establish a client-exit policy to ensure that the business relationship is no longer retained in such a case. This policy should include, among other things, the circumstances, and procedures through which the business relationship with the client will be terminated. Some unacceptable risks may be:

  • Clients who provide incorrect or no identifiable information.
  • Clients who are on a sanction list.
  • Clients who provide no or inexplicable information about the origin of funds.
  • When the organizational structure is too complex or not transparent, so that the UBO (Ultimate Beneficial Owner) cannot be identified.

CDD On Demand

CDD On Demand makes it easy to carry out part of the client research by allowing you to quickly identify risk factors of your clients, to identify the UBO, and identify geographical risks. Request your free credits today to experience the time-savings of CDD On Demand firsthand! Better safe than sorry

Customer Due Diligence (CDD) in ten steps - step 4


CDD in 10 steps

Stap 4: Achterhaal de UBO

Reading time: 3 min.


Na het bepalen of u Wwft-plichtig bent, de identificatie en verificatie van uw client, dient u in het geval van een rechtspersoon de UBO, oftewel de uiteindelijk belanghebbende te bepalen. Deze stap hoeft uiteraard niet uitgevoerd te worden wanneer u zakendoet met een natuurlijk persoon.

Wat is een UBO?

UBO staat voor Ultimate Beneficial Owner, oftewel de persoon die 25% of meer van de aandelen in bezit heeft of de uiteindelijke zeggenschap binnen een onderneming heeft. Volgens de Europese wetgeving is de UBO:

‘’De natuurlijke perso(o)n(en) die de uiteindelijke eigenaar is (zijn) van of zeggenschap heeft (hebben) over de cliënt en/of de natuurlijke persoon of de natuurlijke personen voor wiens/wier rekening een transactie of activiteit wordt verricht.’’

Een UBO-verklaring is een schriftelijk ondertekend document met daarop de UBO. In  specifieke gevallen kan een persoon of personen behorend tot het hoger leidinggevend personeel  worden vastgesteld als zogenaamde “Pseudo-UBO”

Een UBO-verklaring is een schriftelijk ondertekend document waarop is aangegeven wie de UBO’s van een onderneming zijn. Een dergelijke verklaring is nodig om ervoor te zorgen dat natuurlijke personen die kwaadwillende bedoelingen hebben met betrekking tot het witwassen van geld of terrorismefinanciering zich kunnen verschuilen achter juridische entiteiten.


In bepaalde specifieke gevallen kan een persoon of personen behorend tot het hoger leidinggevend personeel (bijvoorbeeld de bestuurders) worden vastgesteld als UBO’s (zogenaamde “Pseudo-UBO”). Dit is bijvoorbeeld mogelijk als er op grond van aandelen, stemrecht of eigendom geen echte UBO te achterhalen is. Deze regeling zorgt ervoor dat voor iedere rechtspersoon een UBO kan worden geregistreerd. Echter mag pas een pseudo-UBO worden aangewezen wanneer er alles aan is gedaan om de echte UBO te achterhalen.

Vanaf 27 september 2020 komt het UBO register online. In het UBO-register moeten bepaalde ondernemingen zich verplicht inschrijven en aangeven die de UBO’s zijn

UBO register

Vanaf 27 september 2020 komt het UBO-register online. In het UBO-register moeten bepaalde ondernemingen zich verplicht inschrijven en aangeven die de UBO’s zijn. Het UBO-register is voor iedereen toegankelijk, alleen is bepaalde informatie alleen toegankelijk voor bevoegde autoriteiten.

Als er aan de hand van de gehouden belangen geen UBO aanwijsbaar is, worden de bestuurders van de onderneming of rechtspersoon als UBO geregistreerd. Bij registratie moeten niet alleen de persoonsgegevens en het belang van de UBO worden opgegeven, maar moeten ook documenten worden overgelegd ter onderbouwing van de aard en herkomst van het uiteindelijke belang in een organisatie.

The UBO register in almost online


The UBO register is almost online

Reading time: 4 min


On 23 June 2020, the Senate of The Netherlands approved the bill for the introduction of the UBO register. From 27 September, organisations are obligated to register the UBOs in the new UBO register. Vanaf 27 september moeten organisaties de UBO’s gaan inschrijven in het nieuwe UBO-register.


UBO means Ultimate Beneficial Owner



An UBO is the 'ultimate beneficial owner' of an organisation. A UBO is the person who owns the organisation or has control within the organisation. These are, for example, natural persons who own more than 25% of the shares or persons who directly or indirectly have more than 25% of the ownership interest.


The purpose of the UBO register is to further combat money laundering or terrorist financing within the European Union


UBO register

All Member States of the European Union are obligated to keep a UBO register. The purpose of the UBO register is to further combat money laundering or terrorist financing within the European Union. The UBO register is designed to improve the transparency of who is ultimately in control within an organisation. This should make it more difficult for persons who commit financial and economic crimes to hide behind legal entities.

Who should register?

Registration for the UBO register will open on 27 September 2020. Organisations then have eighteen months to register in the UBO register. The following legal forms must register in the UBO register:

  • Unlisted private and public limited companies
  • Foundations
  • Associations:
    • With full legal capacity
    • With limited legal capacity but with company
  • Mutual guarantee companies
  • Cooperatives
  • Partnerships: partnerships, general partnerships and limited partnerships
  • Shipping companies
  • European public limited companies (SE)
  • European cooperative societies (SCE)
  • European economic partnerships that, according to their statutes, have their registered office in the Netherlands (EEIG)

Who has access to the data?

The UBO register will be public from 27 September 2020. The data of an organisation and its UBOs can be consulted by purchasing a Chamber of Commerce extract from the UBO register for €2.50. However, some authorities will have access to more information than others for investigating suspicious cash flows.

Data that is visible to everyone include the name, month of birth, year of birth, state of residence, nationality and the 'nature and size' of the interest that the UBO has:

  • 25%-50%;
  • 50%-75%;
  • 75%-100%.

Data that is only visible to competent authorities, such as the tax authorities, include the date of birth, place of birth, country of birth, address, social security number, foreign tax identification number, documentation confirming identity and documentation substantiating the share interest.

Guarantees with the register

There are several basic principles associated with the UBO register. For example, everyone who wants to request data must pay a fee for this. To guarantee the reliability of the register, UBOs must substantiate the UBO statement with necessary documents. This should ensure that the registry information is correct. The register does not allow for searches by personal name but only by organisation name. It is also not possible to request large datasets in one go, and UBOs have insight into how often their data has been requested. However, UBOs cannot see who has requested the data.

Duty to report back

With the UBO register going live, the obligation to report back also comes into effect. This obligation applies to all companies subject to the AML and means that if the compliance investigation by the AML service provider reveals other information than is apparent from the UBO register, the AML service provider must report this to the Chamber of Commerce. This notification must be substantiated with documents. The Chamber of Commerce will start working on this report and inform the relevant organisation and give it the opportunity to check the information in the UBO register. This information is only requested from the legal entity and not from the UBOs. Please note: the obligation to report back has no consequences for the obligation to report unusual transactions. This transaction must still be reported to FIU-the Netherlands.

Consequences of Non-Compliance

If a legal entity has not registered the UBOs before 22 March 2022, there will be consequences. Failure to comply with the obligations is regarded as an economic offence and can be punished with imprisonment for a maximum of six months (offence) or two years (offence), a community service order or a fine of up to €21.750.

CDD On Demand & UBO register

CDD On Demand already offers the option of performing a UBO checkChamber of Commerce registrations of the client are requested, and the company structure is made transparent. Based on this, (possible) UBOs are listed and you can immediately perform the compliance checks. This UBO check is only available for Dutch legal entities. If the search leads to an organisation outside the Netherlands, an attempt is made to indicate a so-called “UBO connection”. This is the person who most likely knows who the UBO is.


Customer Due Diligence (CDD) in ten steps - step 3


CDD in 10 steps

Step 3 - Verify your client

Reading time: 4 min


In the previous blogs, we covered the first two steps of the Customer Due Diligence (CDD) obligation under the AML. The first step was to check whether you need to comply with the AML at all, i.e. whether you are subject to the AML. The second step involved identifying your client. Once those steps are completed, it is time for step 3: verify your client.

Verifying your client means that you must verify the specified identity from step 2 with the actual identity. This step must also be completed before the service is provided. The AML does not prescribe exactly how the identity of a client must be verified, but a number of documents have been listed that at least meet the legal standard. To verify your client, a distinction must first be made between the different types of clients.


The AML does not prescribe exactly how the identity of a client must be verified


Verifying your client means that you must verify the specified identity from step 2 with the actual identity. This step must also be completed before the service is provided. The AML does not prescribe exactly how the identity of a client must be verified, but a number of documents have been listed that at least meet the legal standard. To verify your client, a distinction must first be made between the different types of clients.


Natural persons

The identity of natural persons can be verified by the following documents:

  • A valid passport;
  • A valid Dutch driving license or EU/EEA driving license with a passport photo and name of the holder;
  • A valid identity card issued by a Dutch municipality or by the competent authority in another EU/EEA member state and provided with a passport photo and name of the holder; 
  • In some cases, the identity can also be verified based on a valid residence or travel document.



Dutch legal entities and foreign legal entities with an establishment in the Netherlands

For legal entities established in the Netherlands, their identity can be verified using:

  • An (online) extract from the Trade Register of the Chamber of Commerce or a deed; 
  • A statement drawn up or issued by a lawyer, civil-law notary or junior civil-law notary established in the Netherlands or in another EU/EEA member state or a comparable independent practitioner of a legal profession.

A certified extract from the Chamber of Commerce is no longer necessary. An online extract is now also sufficient, provided the application has been made by the institution.

Foreign legal entities with no establishment in the Netherlands

For foreign legal persons without an establishment in the Netherlands, the identity is verified using reliable documents, data or information commonly used in international trade or documents, data or information that are recognised by law as a valid means of identification in the state of origin.

Once you have verified the identity of your client, it is time for the next step. This step only applies if your client is a legal entity as the Ultimate Beneficial Owner (UBO) must be determined. More about this in the next blog!


Customer Due Diligence (CDD) in ten steps - step 2


CDD in 10 steps

Step 2 - Identify your client

Reading time: 4 min


Compliance with the AML in 10 steps; it seems simple, but what needs to be done? We discussed the first step in our previous blog, "Does the AML apply to you?". Whether you are subject to the AML depends on whether you qualify as an institution as defined by the AML. Please note that the AML is regularly supplemented with additional guidelines. The fact that you are currently not subject to the AML does not mean that this legislation will not apply to you in the future.

This second blog discusses the second step: identifying your client. This step must be performed before you provide services. Identification is defined in the AML as "statement of identity".


Om uw client te identificeren dienen er een aantal gegevens te worden opgevraagd en tevens dienen deze te worden vastgelegd in bijvoorbeeld het cliëntendossier, de centrale administratie of een combinatie daarvan.


Identifying your client requires requesting various details and recording these in, for example, the client file, the central administration or a combination thereof. The recording of the identity and verification data of your client should be accessible so that a report can be made and a check can be carried out easily if necessary. The recording must be done in accordance with the GDPR.

Natural person

The following must be recorded for a client/natural person and if applicable, their representative:

  • Last name
  • First name(s)
  • Date of birth
  • Address, place of residence/business
  • Transcript/copy of the document with a personal identification number with which the identification took place

Dutch legal entities

For legal persons incorporated under Dutch law, the following must be recorded:

The legal entity:

  • Legal form 
  • Statutory name 
  • Trade name (if available) 
  • Address with house number and postal code 
  • Place of business 
  • Country of registered office 
  • Chamber of Commerce registration number and registered office of the Chamber of Commerce 
  • Methods used to verify identity

Representative of the legal entity

  • First name(s) 
  • Last name 
  • Date of birth

Foreign legal entities

The following must be recorded for foreign legal entities:

The legal entity:

  • The documents, data or information used to verify their identity

Representative of the legal entity

  • First name(s) 
  • Last name
  • Date of birth

In the third step of CDD, the client information must be verified. More about this can be read in our next blog: "CDD in 10 steps: Step 3 - Verify your client"