Regtech Landscape in the Netherlands

Customer Due Diligence

Financial service providers are legally required to identify new customers in according with Customer Identification Programs (CIP), in order to prevent financial crime. In the Netherlands, this legal obligation is defined in the Financial Supervision Act (Wft), the Money Laundering and Terrorist Financing Prevention Act (Wwft) and the Sanctions Act (Sw). If financial institutions do not comply, they risk sky-high fines or even the loss of their licenses.

ID verification is an important part of the Customer Due Diligence (CDD) and Know-Your-Customer (KYC) process. In The Netherlands, thousands of well-trained compliance employees identify, screen, analyze and calculate the risks that customers potentially pose to their business. New customers are classified, profiled and onboarded or rejected, based on legally established risk criteria.

In most cases, the outcome of this CDD/KYC process results in customer acceptance or ‘onboarding’. However, a B2C or B2B relationship can also be rejected, based on the underwriter’s risk assessment. For example, there may be a positive hit along a national or international sanctions list or the identity provided by the customer cannot be confirmed. The customer presents a suspicious transaction history, where large amounts are sent and/or received from high-risk countries. There may also be a suspicious connection with criminals or with companies that are on PEP, OFAC or other sanctions lists.

Manual identification, screening and risk assessment is a complex process that can take days or even weeks. Especially now that laws and regulations are changing, financial institutions are forced to scale up and hire even more underwriters, compliance officers and risk analysts. Manual risk profiling is not very efficient and results in very high percentage of so-called false positives. False positives are the result of false alerts triggered by an incorrect set of parameters, incorrect presumptions based on rules-based criteria that result in non-boarding, based on false suspicions. A negative risk assessment has to be carefully analyzed and re-investigated and this takes a lot of time. This process can be so frustrating for the potential customer that he/she might choose to open an account with a digital  neobank that has accelerated this entire process through Regtech.

Thanks to innovative technologies, these procedures can be optimized. Blockchain and Data Analysis, powered by Artificial Intelligence  and Machine Learning, rapidly screen new customers or business relationships, identify and calculate a risk score based on preset configurable parameters that reduce false positives considerably.

This puts the pressure of overworked Compliance departments and allows financial institutions to focus on their core business; provide customer-friendly financial services. Speeding up the customer acceptance process gives the company a competitive advantage in a digital age.

Risk Management

Transaction Laundering, Skimming, Phishing, ID theft and increasingly sophisticated new forms of internal and external fraud threaten the reputation and financial stability of banks, insurers, payment processors and other financial services providers. Risk Management departments identify, quantify and prevent risks and their staff must be trained on a regular basis to recognize new fraud scenarios and other suspicious activities. Management boards have to improve mitigation processes that minimize risks through a proactive risk management strategy.

Risk Types:

• Financial risk


• Reputational damage


• Money laundering risk


• Internal and external fraud


• Non-compliance risk


• Cyber ​​attacks


• Chargeback fraud


• Other types of risk

Banks, insurance companies and mortgage lenders were the first corporates, forced to heavily invest in risk management and hire experienced detectives and analysts to detect and prevent fraud in an early stage. As payment methods digitized, online payment processors (PSPs, Merchant Acquirers) were also forced to invest in compliance and risk management, required by the card schemes and by legislators.

Risk Management is based on several pillars: risk must be identified, weighed, managed, monitored and reported. This process includes detection, scoring, analysis and ongoing monitoring.

Regtech offers companies a multitude of innovative cloud-based solutions that, based on blockchain and enriched with Artificial Intelligence  and Machine Learning, detect financial crime in time. Data mining and automated link analysis recognizes unusual (suspicious) patterns and relationships that are very hard to detect manually.

Technologies that empower Risk Management include:

• Biometrics: unique fingerprints, voice recognition, iris scans for the purpose of ID verification;


• Link Analysis maps hidden relationships between people, addresses, phone numbers, bank accounts and companies, which helps to detect insurance fraud or fraud by a fraudulent employee and an external partner-in-crime;


• Device Fingerprinting and IP Localization reveal discrepancies between the data a customer provides and his/her actual location. Devices (PCs, mobile phones and tablets) leave a trail of unique digital ‘fingerprints’;


• User-friendly reporting tools that are fully integrated with the data analytic solutions ensure that the results of the risk assessment are immediately visible in intuitive tables, graphs and models, which can be shared with regulators and the boardroom, enabling C-Level to take preventive measure to mitigate risk.

Financial institutions increasingly partner with regulatory technology providers that offer cloud-based platforms or scalable modular solutions that can be integrated as part of a holistic approach to a solid risk management program.

Transaction Monitoring

Risk Monitoring is the ongoing phase in a Risk Management process.

After the risks have been identified, calculated, weighed and carefully classified and the customer has been accepted, the financial transactions of customers have to be monitored depending on the outcome of the risk assessment in order to prevent financial and reputational damage. Periodic checks and reviews follow, as part of the integral risk management process. This is also known as Enhanced Due Diligence (EDD).

The frequency of these periodic checks depends on the (low, medium, high) risk profile of the customer or company with which the financial institution has entered into a relationship. An extensive risk calculation results in a risk score on the basis of which a risk profile is created, depending on the so-called ‘risk appetite’ of the financial service provider. One company may classify a potential risk as high risk with a high impact, while this same risk may be classified by another company as medium risk.

Criteria differ per financial institution and depend on local compliance legislation, which differs per jurisdiction. Even in the EU, where member states have to comply with constantly updated and new directives imposed by Brussels, countries interpret and implement these directives according to their national regulations. As a result, there are also subtle differences in the interpretation of EU directives within the EU, such as the 5th EU AML Directive for the prevention of money laundering and terrorist financing. Notwithstanding these subtle difference, Risk Monitoring shares the same objectives:

• Ensuring controls are effective and efficient;


• Identifying new potential risk indicators;


• Analyzing the available data again on the basis of changed legislation, fraud and money laundering trends, etc.;


• Detecting contextual changes, requiring the risk profile to be adjusted;


• Identifying and weighing up new risks.


• Evaluating the impact of potential risks


• Adjusting and improving risk strategy

A customer or company with an elevated risk profile requires more periodic checks than a low-risk profile. The results must be recorded and, where necessary, reported externally and internally.

This time-consuming process is still too often performed manually and costs financial institutions a lot of time and personnel. The Netherlands has approximately 8,000 compliance employees who work full-time on compliance procedures. This is twice the number of community police officers in the Netherlands.

Regtech offers a multitude of solutions to make Risk Monitoring and Enhanced Due Diligence more accurate and efficient. This saves overhead and saves a financial institution a lot of costs and risks in the long term.

Regulatory Reporting

Researchers and analysts of Compliance and Risk Management departments at banks, insurance companies, payment processors, mortgage lenders and accountancy have to detect, analyze and investigate unusual activities, after which they have to report the results of their investigations. Case Management and Reporting tools are used to enter the data, collected during their investigations and this data has to be sent to decision makers, to internal and external auditors, local authorities and financial regulators.

Relevant data must be filtered from unstructured data and processed correctly. Financial institutions often have stored and archived documents for decades. It is of crucial importance that sensitive data is stored and classified. Privacy rules define who has access to which data. Manual searches for specific documents to extract relevant information for reporting purposes takes a lot of time and personnel.

Data must be collected, interpreted correctly and transformed into statistics, graphs and tables. Major financial institutions have stored millions of paper and digital records for decades. These documents are often difficult to read, are archived at different locations and they concern incorrect, incomplete legacy data. This data consists of elements that should only be accessible to authorized employees. Digitization is a first step, but there is much more to efficient and accurate DMS. In an ideal situation, a DMS integrates with a reporting tool to transform smart data intoinsightful graphs, which can be exported in the required format.

A lot of time can be saved with the help of the latest technologies. Relevant data is automatically extracted and processed in clear graphs. Reporting tools can be configured to the needs of the company and its compliance department.

If the data is stored correctly, in compliance with the latest privacy regulations and is easily searchable, AI and ML powered Regtech solutions accurately analyze the document sources. Unusual or suspicious patterns that escape the attention of a manual investigation are uncovered thanks to artificial intelligence and processed in intuitive, user-friendly reporting tools. Reports can be exported as Word Doc, PDF, XBRL or iXBRL and in any other format used by authorities and regulators.

Regtech-powered Reporting Tools make the job of compliance officers much easier and provide a huge benefit for financial services companies who don’t want to worry about non-compliance.