The Dutch Financial Markets Supervision Act (FMSA) is the primary Dutch statute that governs the entire financial services sector in the Netherlands. As the Netherlands is a part of the EU, the set of rules that regulates the banking sector is mostly derived from EU legislation reflecting the Basel Accords. These rules are implemented in the FMSA and the underlying decrees and regulations. Where regulatory requirements are adopted in the form of EU regulation, these rules need not to be transposed and are enforceable as law. Of particular importance for the banking sector are the Capital Requirements Directive (CRD IV) as amended by CRD V and the Capital Requirements Regulation (CRR) as amended by CRR II. As a result of the EU Commission's initiatives on the Capital Markets Union and the Banking Union and its yearly national revision exercise (to update any inconsistencies in law and to include relevant developments), the FMSA and the underlying decrees and regulations have been amended substantially since the FMSA coming into force in 2007.

Besides substantive rules, the FSMA also contains procedural rules on supervision, co-operation and the role, responsibilities and the purpose of the regulatory authorities, including the "twin peaks" supervision model. In the Dutch twin peaks model, the Dutch Central Bank (DNB) is the system and prudential supervisor safeguarding financial stability in the Netherlands. The Dutch Authority for the Financial Markets (AFM) is responsible for the conduct of business supervision safeguarding orderly, fair, and transparent financial markets. Since Council Regulation (EU) No 1024/2013 (SSM Regulation), the power of prudential supervision of Dutch credit institutions and access to the activity of credit institutions (significant institutions) has mostly been conferred on the ECB. 

The prudential rules are mostly laid out in part 3 FMSA and the Decree on Prudential Rules for Financial Undertakings. Part 4 FMSA and the underlying Decree on Conduct of Business Supervision of Financial Undertakings contains the provisions regarding the conduct of business requirements.

In addition to the FMSA, the Dutch Civil Code and the duty of care principle regulate the conduct of banks. The duty of care principle (which applies mostly towards bank clients) derives from case law. In addition, the AFM (the Dutch Authority for the Financial Markets) supervises the conduct of the entire financial market sector and ensures that banks focus on client interests. 

The Dutch Financial Stability Committee (FSC) was established in 2012. DNB, the AFM and the Dutch Ministry of Finance are members of this Committee. The Committee's purpose is to identify macroeconomic developments that may pose a risk to the stability of the Dutch financial system. In June 2022 the FSC observed and warned about risks of financial stability due to the insecure situation in Ukraine.

FMSA prohibits undertakings established in the Netherlands to carry out the business of a banking activity without an authorisation. A banking licence needs to be applied for at the ECB and the DNB is responsible for the processing of the licence application and presenting a draft decision to the ECB (article 2:11 FMSA). Banking activity is understood as taking deposits or other repayable funds from the public and granting credits for its own account. As a principle under the FMSA, it is in general prohibited to take, acquire or hold repayable funds from the public. This prohibition does not apply to banks that hold a licence, and under specific conditions DNB can issue dispensation from this prohibition. It is important to note that non-compliance with the FMSA can constitute criminal offence under the Economic Offences Act. DNB is responsible for enforcing compliance.

Under a banking licence, banks wishing to carry out investment activities or investment services need to apply for a wider banking licence and are only allowed to do so if they meet the additional conduct of business requirements set out in the FMSA. For the provision of payment services or certain other financial services regulated under the FMSA, such as the offering of consumer credit, providing advice on financial products and acting as an intermediary with respect to such products, no separate licence is needed. When providing these services, the bank is subject to the conduct of business rules. 

Following the implementation of the Investment Firm Directive (IFD) and the application of the Investment Firm Regulation Rules, investment firms qualified as credit institutions must obtain a banking licence. This applies to investment firms that carry out any activities as referred to in points 3 and 6 of Section A of Annex I to MIFID II; that is, dealing on own account and underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis and the undertaking is not a commodity and emission allowance dealer, a collective investment undertaking or an insurance undertaking, and the total value of the consolidated assets is equal to or exceeds EUR30 billion, or on a group level the undertaking is part of a group in which the total value of the consolidated assets of all undertakings in the group that have total assets of less than EUR30 billion individually is equal to or exceeds EUR30 billion.

Passporting Rights

Under the Capital Requirements Directive, banks licensed by a European Economic Area (EEA) country have "passporting" rights. Under the "passporting" rights, banks are permitted to operate in any other member state, either by providing cross-border services or by establishing a branch office. However, in order to do so, the bank must adhere to a passport notification procedure and the licence issued in its home member state must at least include the activities or services to be performed in the host member state. Following the SSM, supervision of banks from other EEA member states in the Netherlands is done by the supervisors of home member states or the ECB for significant banks. DNB remains responsible for the supervision of non-EEA banks that have established a branch or provide cross-border services in the Netherlands. 

Authorisation of Banks

In order to be authorised as a bank in the Netherlands, one submits an application for a licence to DNB. The DNB's application procedure consists of two phases: the preliminary phase and the formal phase. In the preliminary phase, the business plan is discussed, and the draft application is then assessed as to quality and completeness. After the preliminary phase, a formal application can be submitted. Although the ECB issues the final decision, DNB still can reject the application for its not meeting the necessary requirements. The formal consideration period for an application to be authorised as a bank is 26 weeks.

To be able to obtain a licence, a bank must demonstrate that it will comply with the requirements of Article 2:12 FMSA. These requirements include that: the day-to-day policymakers of a bank and its management team members are suitable and their integrity is beyond doubt; the supervisory board should also be suitable for performing its supervisory task and its members' integrity is beyond doubt, and there is a minimum number of members determining the day-to-day business and members of the supervisory body. Furthermore, the bank must have sound and prudent business operations, including procedures and measures for adequate risk management and client acceptance, a transparent control structure, minimum amount of own funds, and meet solvency and liquidity requirements. Once a licence has been granted, a bank must continue to comply with these requirements. Part of sound and prudent business operation entails, for example, having an adequate and effective policy which counters conflict of interest and prevents the financial firm or its employees from committing criminal offences or other violations of law that could damage confidence in the financial firm or financial markets. As these are also the continuing obligations of a bank, more information on governance requirements can be found in part 4 of this practice guide.

When applying, further guidance can be found in the Notes to the application form for authorisation to pursue the business of a credit institution published by DNB. On EU level, EBA has also provided specific guidance on a common assessment methodology for granting authorisation as a credit institution for national authorities which DNB complies to. These documents give further guidance on the information to be provided for an authorisation to be successful. 

Dispensation may be granted from certain specific requirements (prudent and sound business operation and the minimum amount of supervisory board members) for obtaining a banking licence. However, the applicant must demonstrate that it cannot reasonably comply with the requirements and that the objectives of the requirements cannot be achieved through alternative means. As these are cumulative requirements and needs to be demonstrated by the bank, obtaining dispensation is highly exceptional and rarely granted.

The fee charged for considering an application for a banking licence is non-refundable regardless of the outcome. The draft application in the preliminary phase is free of charge. Once licensed, the bank is charged an annual fee to cover the costs of regular supervision.

It is prohibited under Article 3:95 FMSA to hold, acquire or increase a qualifying holding in a bank with a corporate seat in the Netherlands without a declaration of no objection (DNO) from the ECB. Similar to the licence application, the ECB gives the final decision and DNB is responsible for processing the DNO application and presenting the draft decision to the ECB. 

A qualifying holding is the situation in which a natural or legal person acquires a direct or indirect holding of 10% or more of the issued share capital of the bank, exercises directly or indirectly 10% or more of the voting rights or has comparable control. This definition is subject to certain principles of aggregation, for instance voting agreements or voting rights held through subsidiary companies. For the calculation of indirect qualifying holdings, DNB makes use of the revised Joint Guidelines of EBA, EIOPA and ESMA. 

An additional DNO must be obtained for every subsequent increase as a result of which a threshold of 20%, 33%, 50% or 100% is attained or exceeded. However, DNB gives the option of 'bandwidth' DNO. With a bandwidth DNO, the size or the qualifying holding may vary within the specified bandwidth without the need to apply for a new or amended DNO. The statutory consideration period is 62 business days, which can be extended by 30 business days if DNB needs supplementary information to complete the assessment.

A DNO will be granted, unless after the DNB's assessment, DNB decides that:

• the integrity of the proposed acquirer or the persons who, as a result of their qualifying holding, can determine the day-to-day policy of the bank, is not beyond doubt;
• the respective person or acquirer is deemed unfit, the financial soundness of the proposed acquirer in relation to the business activities of the bank cannot be warranted;
• the qualifying holding would constitute an impediment for the compliance with the prudential requirements of the bank;
• there are reasonable grounds to suspect that, in connection with the acquisition of the qualifying holding, money laundering or terrorist financing is being or has been committed or attempted, or that the proposed acquisition could increase the risk thereof; or
• the applicant has provided incorrect or incomplete information.

Regarding the integrity and fitness requirement, it is a continuing requirement, in which DNB can re-assess when triggered by facts and circumstances that arise.

Applicants may also request a group DNO, which extends to all companies within a group collectively, and means no additional DNOs are required for a transfer of qualifying holdings within a group.

Following the financial crisis of 2008, weakness in corporate governance was identified as having contributed to excessive risk-taking in the banking sector which led to the failure of individual institutions and systemic problems. Good governance is seen as essential for sound operational management.

Articles 3:10 and 3:17 FMSA together with the underlying Decree on Prudential Rules for Financial Undertakings, in line with CRD IV, ensures that banks have robust governance arrangements that promote sound and effective risk management. Governance includes the determination of the institution's object, strategies and risk tolerance, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks they are or might be exposed to (eg, conflict of interests), adequate internal control mechanisms, including sound administration and accounting procedures, and remuneration policies and practices that are consistent with and promote sound and effective risk management. 

The management body defines, oversees and is accountable for the implementation of the governance arrangements. In addition, it must devote sufficient time for matters concerning risk and is actively involved in the management of all material risks. Its members must not only be of sufficiently good repute at all times, but must also possess sufficient knowledge, skills and experience to perform their duties. 

In selecting members of the management body, a broad set of qualities and competencies must be considered, including a policy for promoting diversity in the management body. 

DNB emphasises that regarding governance principles, implementation by design is not sufficient. Soundness of operational management in the end depends on the operation of the system. 

Where banks provide investment services or activities, the AFM supervises the governance provisions from a perspective of conduct to ensure they are in line with MIFID rules and the EU Council regulations.

The managing and supervisory boards are furthermore jointly responsible for compliance (on a comply or explain basis) with the Dutch Corporate Governance Code (if applicable) and the Dutch Banking Code. Adherence to the Dutch Corporate Governance Code is mandatory for Dutch listed banks. It includes principles that are held to be generally accepted, as well as detailed best practice provisions relating to both managing and supervisory boards, general meetings, the auditing process and the external auditor. The Banking Code contains principles that are based on the Corporate Governance Code, and focuses on the managing and supervisory board, risk management, auditing and the remuneration policy of banks. 

Banks must maintain a website in which they explain how they comply with the Governance and Remuneration requirements.

As rules alone cannot be a substitute for integrity of culture and behaviour, the DNB's perspective is that a fit and proper (reputable) management body sets the tone for a bank's good governance. Therefore, as part of good governance (article 3:17 FSMA), article 3:8 FSMA requires that daily policymakers of banks established in the Netherlands be fit and suitable for managing the undertaking. Per article 3:9 FSMA, the respective persons' integrity and propriety should also be beyond doubt. 

Fitness must be understood as possessing sufficient knowledge, skills and experience to perform the relevant duties. Propriety/having a good reputation must be understood as acting with integrity and honesty and not having any criminal, financial, tax, supervisory or other types of negative record. (Examples of other types of negative record include disciplinary measures or employment conflict). The decree on prudential rules gives a minimum list of possible records that DNB will take into account when assessing a person's reputation. DNB's guidelines on suitability provide additional clarification for these rules; for example, at the moment of assessment, which is most often on initial appointment. If specific facts or circumstances arise, DNB can in exceptional cases reassess existing management or the supervisory board member under review. Therefore, the management body and supervisory body must at all times remain suitable for the role they are appointed for. 

In July 2022, DNB together with AFM consulted the existing suitability guidelines. The guidelines were mostly adapted for clarification purpose and to account for EU developments. 

The fit and proper assessment applies to the management board, the supervisory board and key function holders (2nd echelon managers). Key function holders refer to natural persons reporting directly to the management board and who are responsible for activities with a potentially material impact on the institution’s risk profile. 

DNB is the supervisor that assesses the incumbent and prospective daily policymakers. For significant banks, ECB is the final decision-maker. The ECB guide to fit and proper assessments is relevant in this respect. 

The assessment process starts by sending a digital application form at a designated portal. DNB sometimes invites candidates for an assessment interview. On a case-by-case basis, DNB decides whether an interview is required. ECB also makes use of interviews as a tool to gather necessary information. The DNB charges a fee upon submission of an assessment application. The average decision time is six to eight weeks or a reasonable period. Per ECB guidelines, the time taken to adopt a decision should not exceed four months from the date on which the application is provided.

To guarantee the appropriate "tone at the top", the Regulation on Oath or Affirmation in the Financial Sector (ROAFS) requires a bank's day-to-day policymakers, supervisory body members, and key function holders to take a bankers' oath within three months after appointment. Non-compliance with this rule can have serious consequences for assessing the board or supervisory member's suitability. In an extreme situation, persons demonstrating non-compliance will not be allowed to perform their role. 

Dutch banks must ensure that any employees carrying out operational activities or essential business support processes also take the bankers' oath. The banker's oath is linked to the banker's code of conduct and a set of disciplinary measures. The Foundation for Banking Ethics Enforcement (FBEE) enforces this ethical code of conduct. 

The FBEE can impose disciplinary measures, including reprimands, fines and a temporary ban from carrying out a role in the banking sector. The legal basis of this arrangement is Article 3:17c FMSA, which requires banks to have procedures and measures in place to guarantee that their employees act with integrity and due care. 

Following the financial crisis of 2008, inappropriate remuneration structures are considered as a contributing factor to excessive and imprudent risk-taking by banks. In the Netherlands, remuneration rules are mostly implemented in Chapter 1.7 FMSA. However, the Dutch government has chosen to impose stricter conditions and rules regarding remuneration, as excessive remuneration is seen as giving perverse incentives to bankers to not act in the best interest of their clients. 

The most important restriction that applies to banks is the 20% bonus cap rule, which entails that the variable remuneration of all persons working under the responsibility of banks established in the Netherlands, and Dutch branches of banks outside the EEA, may not exceed 20% of the fixed remuneration component on a yearly basis. There are several exceptions to this rule, eg, for persons working predominantly in another country or persons working for the EEA top holding of a group whose staff work predominantly in another country or persons falling outside the scope of collective labour agreements. With respect to these exceptions, the maximum variable remuneration is set out in CRD IV. 

Another possible exception to the bonus cap is retention bonuses (being variable remuneration awarded on the condition that staff stay in the institution for a predefined period of time). Retention bonuses are subject to approval by DNB or the ECB. Recently, DNB published a Q&A for consultation regarding when a party needs to apply for approval of retention bonuses.

As of January 2023, new remunerations restrictions will apply in the Netherlands. Directors and employees in the financial sector who receive part of their fixed pay in shares or similar instruments whose value depends on the performance of the company will have to retain these for at least five years. Furthermore, financial undertakings will have to describe in their remuneration policy how the remuneration of their directors and employees is proportional to the firm's role in the financial sector and its position in society. Lastly, the exception from the bonus cap for persons falling outside the compass of collective labour agreements will be restricted. 

As part of the governance and control requirements, banks must also have a sound and effective remuneration policy in place. The requirements are further regulated in the Regulation on Sound Remuneration Policies 2021. This regulation has been updated due to the new prudential framework for investment firms (IFD / IFR). 

The primary legislation governing AML requirements in the Netherlands is the Prevention of Money Laundering and Terrorist Financing Act (Wet ter voorkoming van witwassen en financiering van terrorisme – Wwft). The Act entered into force on 1 August 2008 and was amended in 2020 to implement the EU's changed Fourth Anti-Money Laundering Directive (AML IV as amended by AML V). The comprehensive set of measures obligated by these rules aims to prevent the use of the financial system for money laundering or terrorist financing. 

The two core obligations resulting from the Wwft for banks are the performance of a customer due diligence and the notification of unusual transactions. The Wwft allows for a risk-based approach. 

Business Relationships and Risks

As part of customer due diligence, banks must identify clients with whom they intend to establish a continuing business relationship in the Netherlands, or with whom they enter into an incidental transaction, or a series of related transactions, worth EUR15,000 or more, or if the bank has indications that the customer/client is involved with anti-money laundering activities and terrorist financing. Under specific circumstances and conditions, banks must either intensify their customer due diligence or when a transaction or client is considered as minimum risk to anti-money laundering or terrorist financing, and taking into account the risk factors as set out in the EU AML IV Directive, a simplified customer due diligence can suffice. If a bank suspects that a transaction is related to money laundering and terrorist financing, the Financial Intelligence Unit of the Netherlands (FIU) must be notified. The FIU investigates the information and, if necessary, reports to the Public Prosecution Service to initiate criminal proceedings. 

Since January 2020, companies and legal entities are required to register their direct and indirect owners in the UBO register. Some of this personal information, such as the name and economic interest of the UBO, was intended to become public through this register. However, on 22 November 2022 the European Court has judged in the joined cases C-37/20 that the provision whereby the information on the beneficial ownership of companies is accessible in all cases to any member of the general public is invalid. The Netherlands has followed up on this judgment by closing the register for public access. The judgment does not discharge the responsibility of the companies and legal entities to register their direct and indirect owners in the UBO register. 

Precautionary Measures against Criminality

In the 2022 international evaluation of the Financial Action Task Force (FATF), the Netherlands scored well in tackling money laundering and terrorist financing. The FATF assessed the Dutch approach as a robust system and considers domestic co-operation and co-ordination at both the policy and operational levels as a core strength. However, the FATF also saw some areas for improvement and noted that the Netherlands must make even greater efforts to prevent legal entities being misused for criminal purposes. 

New Law

The Dutch Financial Expertise Centre (FEC) is a partnership between authorities with supervisory, control, prosecution or investigation tasks in the financial sector. DNB, the AFM and the FIU are represented in this partnership. The FEC was established to strengthen the integrity of this sector. This is done in the FEC by exchanging insights, knowledge and skills among the FEC partners and observers. A new law is currently pending in which the structural exchange of information will be anchored in law.

At the EU level, a new law is underway in the form of a new regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. The regulation should bring about a greater level of harmonisation and convergence in the application of AML/CFT rules across the EU. In the Netherlands a new law is also pending to prohibit cash payments from an amount of EUR3000 and the possibility of joint transaction monitoring by banks. Due to much criticism from the privacy aspect, this law is still pending. These initiatives reflect the continued high priority of AML for policymakers, legislators, and supervisors.

Bank runs and failures can lead to huge losses for the economy. Therefore, to prevent such a situation from occurring, Article 3:259 et seq FMSA and the underlying relevant DGS Decrees and DCB regulations and policy rules (including manuals) provide for a comprehensive framework for the realisation of the objectives of the Deposit Guarantee System. This system aims to compensate depositors in the event a bank is unable to meet its obligations arising from claims on deposits. The participating banks bear the cost of the Deposit Guarantee System. 

The current Dutch rules encompass and reflect EU Directive 2014/49/EU on Deposit Guarantee Schemes (DGSD (recast)), which was aimed to fully harmonise the rules on Deposit Guarantee Schemes (DGS) in order to realise a level playing field throughout the EU. The DGSD has since then brought some changes for the Netherlands to give effect to DGSD rules. 

Changes to the System

Currently the system guarantees the deposits of depositors up to a certain amount with the maximum amount being EUR100,000 per depositor per bank. All banks with a Dutch banking licence are required to participate in the Deposit Guarantee System. The scheme is principally funded by ex ante contributions on a quarterly basis until the funds' target size as required by the DGSD is reached. The target size of the deposit guarantee fund is at least 0.8% of the guaranteed deposits of the participating banks. The periodic contributions to be paid by banks are calculated so that, in principle, the target size will be reached on 3 July 2024. In this respect the EBA has provided a guideline on methods for calculating contributions to deposit guarantee schemes. DNB and the Deposit Guarantee Fund (DGF) are jointly responsible for carrying out the Dutch Deposit Guarantee System.

Furthermore, in line with EU rules, the repayment period has been reduced for the Netherlands to seven working days. In order to make this possible, DNB has implemented the Single Customer View Policy Rule (Beleidsregel Individueel Klantbeeld Wft, – SCV 2017). SCV 2017 sets out the requirements for record keeping and the procedures and controls that banks need to have in place to create complete, accurate and timely SCV files. Based on the SCV 2017, Dutch banks must be able to produce and submit deposit-related data per depositor. For each depositor the SCV must at least contain:

• a list of all deposits;
• markings to show whether the deposit and depositor are eligible for the DGS; and
• additional information necessary to enable a payout.

Banks must create an SCV for all its depositors, regardless of whether they are eligible for the DGS. SCV 2017 has on occasion been amended by DNB to clarify certain elements of the scope and application of DGS and its related requirements and procedures. Since the publication of this article, DNB has published a third round of amendments and consultation on these rules. 

The DGS has also an additional function, as part of the resolution of a bank, that under specific circumstances the resolution authority may make available an amount at the expense of the DGS. This is done in order to ensure that depositors continue to have access to their deposits. 

As part of the ambition of a European Banking Union, the EC proposed, in November 2015, setting up a European deposit insurance scheme (EDIS). EDIS has the ambition to provide a stronger and more uniform degree of insurance cover in the EU by weakening the links between banks and their national sovereigns by means of risk-sharing among all the member states in the banking union. EDIS was envisioned for 2024. As EDIS is not without controversy, EDIS is still under deliberation at the EU level.

The Netherlands does not have a statutory requirement of banking secrecy. Confidentiality is required based on the duty of care requirement for banks as part of the contractual relationship between the bank and the client/customer (individuals and legal entities) and following the data privacy rules. Violation of confidentiality therefore may result in civil liability because of a breach of contract or, as the case may be, tort law or violation of data privacy rules. 

Confidentiality encompasses all information about the client held by the bank, the most relevant being data concerning name and address (identifiable data) and, in exceptional cases, data concerning changes in account balances (transfers and withdrawals). 

However, when required, authorities can request information about account holders, the most relevant information being the obligation to provide information for tax authorities on the basis of the General Act on State Taxes (AWR), or the police on the basis of the Code of Criminal Procedure or for purposes of AML. The information requested, however, should be proportional to the goal of the investigation.

Electronic Banking

Since May 2020 the Netherlands has a banking data referral portal. This portal was made possible with the coming into force of the Act on Banking Data Referral Portal. Article 3:267i FMSA requires banks and other payment providers that offer an account with an IBAN identification number (as referred to in the SEPA regulation that contains the country code NL) and banks that offer safe deposit boxes in the Netherlands, to be connected to a central electronic system. The system is managed by the Dutch Minister of Justice and Security. Where in the past requesting or retrieving data from banks by public authorities was done manually and sometimes causing significant delays in the performance of the duties of the requesting authorities, the portal (automated electronic system) was designed and put in place to make such request more efficient and reliable. The portal is a technical link that enables connected banks and payment service providers to automatically fulfil certain claims or requests from government agencies. The Act was mostly a wish of the Dutch legislature, although as it happens it concurs with the implementing obligation for each EU member state to provide a central electronic system for identifying customers of banks and other payment service providers following the EU AML rules. Therefore, the Act can also be considered as an implementation of AML obligations. However, the act is meant to be broader in scope than AML.

Third parties can also request client data from a bank. In a fraud case that was brought before a Dutch court, ING was ordered by the court to provide Toyota with identifying details on the names and addresses of account holders and changes in balances of their accounts. Banks can therefore also under certain circumstances be obligated to provide data on account holders to a third party.

The prudential rules applicable in the Netherlands are derived from CRD IV (as amended by CRD V) and the CRR rules (as amended by CRR II). CRR has direct effect in the Netherlands and is mostly implemented in the FMSA and the Decree on Prudential Rules for Financial Undertakings. To ensure a uniform application of the Basel III accords, the EU has set out a single set of harmonised prudential rules known as the Single Rulebook (including delegated regulations, guidelines, and Q&A) that all institutions throughout the EU must adhere to. 

The 2008 credit crunch has shown the vulnerability of banks on the economic system. As observed by the European Commission, it became quite evident that most institutions entered the crisis with capital of insufficient quality and quantity. The Basel III accords as laid down in CRD IV and CRR provide therefore a set of quantitative and qualitative rules regarding capital that aims to address the 2008 credit crunch vulnerabilities of banks. This set of rules regarding minimum capital, solvency and liquidity requirements applies to banks established in the Netherlands and banks with a registered office in a non-member state that carries out their business from branches and depositaries located in the Netherlands. 

Risk Management

Banks must have a sound and effective risk management system. This means having adequate policies in place aimed at managing relevant risks. The policy must be laid down in procedures and measures to manage the relevant risks and must be integrated in the business processes. The policy must in addition be adequately monitored and evaluated. Relevant risks to be identified, monitored, and managed include at least concentration risk, credit and counterparty risk, liquidity risk, market risk, operational risk, interest rate risk arising from non-trading activities, residual risk, risk of excessive leverage, securitisation risk, insurance risk, and prepayment risk. Other risks that a bank should take into account include risks arising from the macro-economic environment in which a company operates, and which are related to the state of the business cycle or the increased urgency to incorporate climate-related risks into the governance and risk management arrangements. 

The procedures and measures must be recorded and notified to all relevant business units of the financial undertaking or branch. The procedures and measures are tailored to the nature, size, risk profile and complexity of the bank. 

The Decree also requires banks to have an independent risk management function. The risk management function performs in a systematic manner an independent risk management and is aimed at identifying, measuring and evaluating the risks to which the financial undertaking or branch is or may be exposed. Risk management is carried out both with respect to the financial undertaking or branch as a whole and with respect to its distinct business units. The risk management function must identify all material risks, and ensure that the risks are measured and properly reported. The risk management function must be able to deliver a complete view of the whole range of risks of the banking (institution). The management body and, if present, the supervisory body are furthermore actively involved in risk management. 

In assessing the governance of risk management, DNB takes into account the 'tone at the top', the risk strategy and policy, including a company's risk appetite/tolerance; the design of the risk management function, in which the operational independence of the RM function and access to the board of directors and Supervisory Board are important elements. Also, what is important for DNB is whether there is a holistic approach and integrated control of all relevant risks by high-quality risk management processes. 

Capital Requirements

The CRR capital requirements aim to establish a sufficient level of capital that banks must hold to absorb unexpected losses and thereby reducing the likelihood of insolvency. This is mainly reflected in the capital ratio which must cover the risks from the risk-weighted assets from the bank. The CRR has direct effect in the Netherlands. The CRR imposes quantitative and qualitative capital requirements on Dutch banks. 

Based on the qualification of the capital into Common Equity Tier 1 (CET1), Additional Tier 1 and Tier 2 Capital, the capital is considered to be of higher or lower quality. CET1 (eg, retained earnings or share capital instruments) is considered of the highest quality, followed by Additional Tier 1 (Tier 1 is the sum of CET1 and additional Tier 1) and Tier 2. 

Under Article 92 CRR (Pillar 1 minimum requirement) Dutch banks are required to hold a CET1 capital ratio of 4.5%, a Tier 1 capital ratio of 6% and a total capital ratio of 8%. These percentages are calculated as a percentage of the total risk exposure amount of the bank. The risks that are reflected in the total risk exposure comprises credit risk, market risk, operational risk, counterparty risk, credit valuation adjustment risk, and settlement risk.

In addition to Pillar 1, a bank must also maintain a capital conservation buffer of CET1 capital equal to 2.5% of the bank's total risk exposure and a bank-specific countercyclical buffer which also consists of CET1 capital (Article 3:62a FMSA). As of May 2022, DNB according to its own analytical framework for setting Countercyclical Capital Buffers (CCyB) in the Netherlands has set the buffer at 1% (from 0%). DNB allows banks a 12-month period to comply with an increased CCyB requirement. DNB decided in October 2022 that the CCyB of 1% will be maintained. 

Pillar 2 requirement (P2R) is applied to cover for risks which are underestimated or not covered by Pillar 1. The Supervisory Review and Evaluation Process determines the bank-specific Pillar 2 requirement. The ECB applies a Pillar 2 Guidance (P2G), which is a bank-specific recommendation that indicates the level of capital that the ECB expects banks to maintain in addition to the binding capital requirements. As of 2021, the ECB is using a two-step bucketing approach to determine banks' P2G level. Unlike P2R, P2G is not legally binding and additional buffers may apply for global systemically important institutions (G-SII) and other systemically important institutions (O-SII). O-SII buffer applies to five Dutch banks in 2022. DNB evaluates this buffer on a yearly basis. 

The leverage ratio functions as a credible backstop function to the risk of excessive leverage, because it does not depend on risks. The leverage ratio therefore shows the relationship between a bank's capital and its assets, irrespective of how risky those assets are. The binding 3% leverage ratio is a Pillar I requirement. As of June 2021, a leverage ratio of 3% became binding, but because of exceptional macro-economic circumstances due to COVID-19, banks were temporarily allowed by the ECB to exclude central bank exposures from the leverage ratio. As of February 2022, the ECB has decided that banks have to re-include central bank exposures in the leverage ratio from 1 April 2022. 

Liquidity Requirements

To ensure that banks remain liquid, the European liquidity framework applies to banks. The framework consists of a liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR). 

The LCR makes sure that banks hold a minimum stock of high-quality liquid assets (HQLA) as liquidity reserves in order to cover their net cash outflows under a severe 30-day stress scenario. 

To make sure that the long-term obligations of a bank are also adequately met, the NSFR requires banks to maintain a stable funding profile in relation to the composition of their assets and off-balance sheet activities. The NSFR is a ratio of available stable funding over the required stable funding. The NSFR ratio is expected to be at least 100%.

To monitor the liquidity risks that fall outside the scope of the reports on liquidity and stable funding, additional liquidity monitoring metrics reporting (ALMM reporting) for banks applies. Article 18 of the Commission implementing Regulation 2021/451 and its annexes sets out the specificities that banks need to report. Furthermore, intraday liquidity of banks is assessed by DNB/ECB as part of SREP.

The failure of banks can pose great risks to the financial stability. After the financial crisis, the EU created the Bank Recovery and Resolution Directive (BRRD (as amended by BRRD II)). Together with the Single Resolution Mechanism Regulation (SRMR (as amended by SRMR II)), it provides the EU resolution framework. The SRMR applies to banks covered by the Single Supervisory Mechanism (SSM) and established by an EU Single Resolution Board (SRB). The framework is related to the capital requirements framework for banks (CRD IV and CRR), which has put Dutch banks under a heightened and stringent supervision since the financial crisis. 

In the Netherlands, the BRRD is implemented in Chapter 3a FMSA. SRMR, being an EU regulation, and has direct effect in the Netherlands. Resolution is aimed at the restructuring of a bank which is failing or likely to fail in order to safeguard the continuity of a bank's critical function, preserving financial stability and minimising rescue costs to taxpayers. Resolution occurs when a resolution authority applies a resolution tool. The resolution tools available to a resolution authority include the sale of a business tool, the bridge institution tool, the asset separation tool, and the bail-in tool.   

Under the SRMR, the SRB has a leading role in the resolution of banks which fall under the ECB's direct supervision and banks operating in multiple countries. The SRB is the responsible body for drawing up resolution plans regarding those banks and decides whether a failing bank is to be resolved. DNB has a role in the execution of the resolution. Banks established and only operating in the Netherlands fall directly under DNB for resolution. DNB only takes banks into resolution if bankruptcy were to have an unduly negative impact. 

Write-Down and Conversion Powers (AFOMKI) and Resolution Tools

Before a bank fails, DNB, as national resolution authority (DRA), can decide to write down or convert relevant capital instruments. Writing down or converting other capital instruments into common equity can be applied in resolution, although officially not being a resolution tool. But when applied outside the resolution, this tool is only used by the DRA under the condition that the DRA has decided that the bank is no longer viable and that the sole application of this tool will make the bank viable again. If the NRA decides that a mere write-down and conversion will not prevent the bank from failing and the resolution conditions are met, then the NRA resorts to the application of the bail-in tool. In a bail-in, the bank's rescue is paid for by the shareholders and creditors. This tool will be first applied to absorb losses and recapitalise the distressed bank. Liabilities that are excluded from bail-in by law includes covered deposits, secured claims, claims with an original maturity of less than seven days, claims of employees, claims of commercial or trade creditors and claims arising from the provision of goods or services to the Bank that are critical to the daily functioning of its operations. Other resolution tools include sale of business (sell all or part of the bank), bridge bank (transfer all or part of failing bank to a bridge bank) and the transfer of a bank's loss-making assets to an asset and liability management vehicle so that they are no longer on the bank's balance sheet. 

No creditor worse off (Principle of NCWO)

The NCWO is a precondition for applying a resolution instrument or the write-down and conversion instrument by authorities. This principle states that shareholders and creditors may not suffer greater losses than if the bank immediately preceding it were to be liquidated following the regular procedure of the Dutch Bankruptcy Act. This principle aims to protect shareholders and creditors whose claims will be affected by the application of these tools. DRA should deploy the resolution instruments in such a way that this condition is met. An initial valuation NCWO valuation is part of the (preliminary) resolution valuation. Shortly after resolution, a liquidation valuation must be done by an independent third party. The SRB applies this principle as well for banks that fall under their supervision.

MREL and TLAC

Banks in the EU are required to meet a minimum requirement for own funds and eligible liabilities (MREL). MREL is a separate minimum requirement (alongside prudential requirements) that applies to banks and is set by the resolution authority. The objective of MREL under the BRRD is to ensure an effective and credible application of the bail-in tool. Resolution authorities set the MREL target and take the entity's size, business model, funding model, and risk profile into account. MREL consists of equity or eligible liabilities that can be written down or converted into new capital and is calculated as a percentage of the total risk exposure amount or the total measure of the relevant entity. A distinction is made between internal and external MREL. Internal MREL is calculated for non-resolution entities - that is, instruments issued by group entities to the resolution entity - while external MREL is set at the consolidated level of the resolution group and issued externally by the resolution entity. As of June 2022, SRB published a new policy for setting MREL.

Total loss absorbing capacity (TLAC) applies to banks which are deemed "global systemically important banks" (G-SIBs). EU TLAC is based on the "TLAC standard" as determined by the Financial Stability Board. TLAC is defined as a percentage which is calculated as the identified TLAC instruments over risk-weighted assets and the leverage exposure measure. The objective of TLAC is comparable to MREL. 

MPE/SPE

EU recognises a Single Point of Entry (SPE) resolution strategy and a Multiple Point of Entry (MPE) resolution strategy. Under the SPE resolution strategy, only one group entity is resolved (typically the parent undertaking), whereas under an MPE resolution strategy more than one entity of the group may be resolved. However, G-SIBs with an MPE strategy are to calculate their risk-based requirement for their own funds and eligible liabilities on the theoretical assumption that only one entity of the group would be resolved, in which the losses and recapitalisation needs of any subsidiaries of that group is transferred to the resolution entity. New amendments to CRR are on its way (CRR quick fix, expected to enter into force in 2023, apart from several articles which enter into force in 2024) to clarify the treatment of TLAC surpluses located in third countries with a legally enforceable resolution framework that meets the TLAC standards of the Financial Stability Board. 

Recovery and resolution planning

Banks are required to draw up a recovery plan (when part of a group, a group recovery plan) to ensure that they remain viable under circumstances of financial stress. The recovery plan must at least be updated on a yearly basis and contain a description of the procedures and measures in detail. Recovery plans of banks that fall under DNBs' supervision are subject to the DBCs' approval. The Annex of BRRD contains a detailed description of what elements should be included in the recovery plan.

Resolution authorities are obligated to prepare a resolution plan for each bank or group. For entities that fall under the SRM (ie, significant banks) the resolution plan is drawn up by the SRB. In other instances, DNB draws up the plan for Dutch banks. The resolution plan is an essential part of the rules to achieve effective resolution and therefore the rules provide the necessary requirements for the content of the plan, eg, the plan needs to address how the critical functions and core business units on the institution will be continued in case of a failure. For the purpose of preparing the resolution plan for significant banks, a DRA submits to the SRB all information necessary for the preparation and implementation of the resolution plan. 

Single resolution fund

All banks in the EU contribute to the Single Resolution Fund (SRF) as established under the SRMR. The SRF is an emergency fund and is only used to ensure the effective application of resolution tools. The SRF is not used to absorb losses of a bank or to recapitalise a bank. When applied the general principles that govern a resolution, eg, that the shareholders of the institution under resolution bear first losses, apply. The SRB is the owner of the fund.

Banking Union

At the EU level, the Banking Union was created in 2014, but is still considered incomplete. New initiatives are on the way for the banking sector to fully contribute to Europe's economic resilience and sustainability by way of a strong unified single market. The financial sector is considered to be a fundamental conduit for mobilising investment needs for the green and digital transformation and energy transition. As an immediate step, the Eurogroup agreed in 2022 to focus on strengthening the common framework for bank crisis management and national deposit guarantee schemes (CMDI). Specifically, it was agreed to underpin the elements of a clarified and harmonised public interest assessment, a broadened application of resolution tools in crisis management at European and national level, further harmonisation of the use of national deposit guarantee funds in crisis management, and the harmonisation of targeted features of national bank insolvency laws to ensure consistency with the principles of the European CMDI framework. 

Latest Banking Package on its Way

The latest banking package revises the CRD (CRD VI) and amends CRR (CRR III). This latest package aims to further contribute to the financial stability and the steady financing of the economy in the context of the post COVID-19 crisis recovery. With this revised package some limits will be put to the use of the internal model by banks, equipping supervisors with stronger tools to oversee banks and complex banking groups, and minimum standards will be introduced to supervise third country branches of banks in the EU. Furthermore, banks will be required to take Environmental, Social and Governance (ESG) risks into account when managing their business. Lastly, an output floor will be introduced. The output floor is an important element of Basel III reforms and is a measure that sets a lower limit on the capital requirements that banks calculate when using internal models. The output floor aims to reduce unwarranted variability of risk-weighted assets across institutions due to the use of internal models. The ECB is said to welcome these rules on output floor, but at the same time is of the view that the CRR III proposal underestimates the riskiness of certain asset classes (real estate exposure and unrated corporate exposure).   

Capital Markets Union and Open Finance

In 2021 the EC proposed new measures to boost Europe's capital markets. The measures aim to boost Europe's economic recovery from COVID-19 as well as to aid in the digital and green transition. The legislative proposals adopted include:

• The European Single Access Point (ESAP), which will offer a single access point for public financial and sustainability related information about EU companies and EU investment products. This will give companies more visibility towards investors and open up more sources of financing. 
• Reviewing the European Long-Term Investment Funds Regulation to encourage long-term investment by increasing its attractiveness for retail investors.
• Review of the Alternative Investment Managers Fund Directive (AIFMD) in order to better integrate the EU Alternative Investment Funds market, improve investor protection, and better monitor the risks to financial stability posed by AIFs.
• Review of the Markets in Financial Instruments Regulation Rules (MIFIR) to enhance transparency by introducing a "European consolidated tape" for easier access to trading data by all investors.

The EC also proposed the following measures in 2022:

• Simplified rules for, in particular, small to medium-sized enterprises (SME) to raise funds on public markets. 
• An open finance framework aiming to allow data to be shared and re-used by financial institutions for the creation of new services.

Broad Societal Responsibility

The Dutch Minister of Finance in September 2022 formulated some principles and preconditions for the continuation of a vital Dutch banking landscape. Dutch banks have a broad societal responsibility and are expected to take responsibility in the transition to a sustainable economy. The Dutch government welcomes diversity and competition. New entrants on the market like fintech companies are stimulated in a Dutch Fintech Action plan. 

In recent years, attention to Environment, Social and Governance (ESG factors) has greatly increased. ESG is a broad umbrella term covering a wide range of factors, such as climate change and greenhouse gas emissions, biodiversity, human rights, health and safety, corruption, and anti-money laundering. Historically, sustainable reporting was mostly voluntary for banks and the corporate sector, allowing them to rely more on private self-regulation. While voluntary engagement and private self-regulation is still encouraged, banks are now required by law to incorporate ESG factors into their business set-up, strategy and risk model. EU and Dutch regulators expect a proactive stance from banks on ESG and that ESG factors form an integral part of the business model of the bank. Not only do climate change and environmental risks form a prudential risk for banks, but banks need also to act diligently and responsibly when it comes to ESG. Banks must ensure that they are always aware and act integer on ESG and do not violate human rights and contribute to greenhouse gas emissions and, where necessary, mitigate those risks. As the Dutch Shell Climate case has shown, companies can face liability on the basis of article 6:162 of the Dutch Civil Code for not being diligent enough when it comes to integrating ESG into their business practices. 

Transparency

Under the EU Action Plan for financing sustainable growth, a set of rules was introduced with the aim to reorient capital flows towards sustainable investment and to manage financial risks stemming from climate change, resource depletion, environmental degradation, and social issues. The Sustainable Finance Disclosure Regulation applicable since March 2021 (SFDR) aims to have more transparency regarding how financial advisers and financial market participants, like banks that provide portfolio management, integrate sustainability risks into their investment decisions and investment advice. The Taxonomy Regulation also provides financial market participants with a set of criteria to determine which activities qualify as "green" or "sustainable". AFM supervises these rules and expects financial market participants to comply with the requirements on sustainability information; to ensure that the information is up to date and that it is presented to clients in various ways. These include pre-contractual information, information on websites and information in periodic reports. Under the Non-Financial Reporting Directive (NFRD) banks have been required since 2018 to report on sustainability in their financial reporting. The Corporate Sustainability Reporting Directive (CSRD) will amend these rules which will largely broaden the scope of companies to report on sustainability. Also, CSRD will now require from banks an assurance requirement for reported sustainability information. CSRD is expected to be in force as from 2024. 

Supervision

The risks prioritised in the AFM's supervision of sustainability include greenwashing, lack of information, unreliable information that is not standardised and uniform and shocks in the valuation of financial instruments. AFM as the conduct supervisor expects companies (including banks) to provide reliable and accessible information on sustainability factors in their business operations. Banks should integrate sustainability aspects in their business operations, product development, risk management and investment decisions, and must be transparent in this respect. Consumers and other purchasers must be adequately informed and advised regarding sustainability factors to support their financial decisions and obtain a product that is appropriate to their needs.

Within the scope of the prudential framework (CRD and CRR), the ECB has published a guide on climate-related and environmental risks, in which ECB has set out their supervisory expectations relating to risk management and disclosure. This guide is mostly meant for significant banks under the SSM framework; however DNB has declared this guide to be applicable for Dutch non-significant banks as well (on the basis of article 3:17 FSMA). Although the guide is non-binding, banks are expected to use the guide taking into account the materiality of their exposure to climate-related and environmental risks. Following the guide (13 expectations), ECB expects banks to understand the impact of climate-related and environmental risks on the business environment in which they operate, in the short, medium and long term, in order to be able to make informed strategic and business decisions; to include explicitly climate-related and environmental risks in their risk appetite framework and also to incorporate climate-related and environmental risks as drivers of existing risk categories into their existing risk management framework, with a view to managing, monitoring and mitigating these over a sufficiently long-term horizon, and to review their arrangements on a regular basis. Our expectation is that this guide will form part of the supervisory dialogue with banks to identify whether they have divergent practices that fall foul of supervisory expectations.