Wwft

As the name suggests, the ‘Prevention of Money Laundering and Financing of Terrorism Act’ (Wwft) aims to prevent people and companies from laundering money or funding terrorist activities. In this glossary, we explain what the Wwft entails and how you can apply the law within your organisation.

Wwft outline

The Fourth Anti-Money Laundering Directive was implemented on 25 July 2018 in the Prevention of Money Laundering and Financing of Terrorism Act (Wwft) and its underlying regulations. A key aspect of the Wwft is that it is risk-based: institutions covered by the Wwft are required to prepare a risk assessment of their Money Laundering and Terrorism Financing risks. Since 2018, the definition of PEP (Politically Exposed Person) and UBO (Ultimate Beneficial Owner) has been tightened. There are also specific requirements for the Wwft governance of an institution.

Since 21 May 2020, the amended Fourth Anti-Money Laundering Directive has been implemented in the Wwft.

The scope of the Wwft has been expanded: more sectors are subject to Wwft obligations, including crypto service providers. Managers of real estate investment institutions also have obligations regarding tenants of real estate in the investment institutions they manage. The Wwft also applies to natural persons, legal entities, or companies that mediate professionally or commercially in the creation and conclusion of rental agreements as referred to in Section 7:201 of the Civil Code, insofar as the monthly rent amounts to €10,000 or more. From this amount, the obligations of the Wwft apply, such as conducting customer due diligence, monitoring transactions, and reporting unusual transactions to FIU-the Netherlands. Finally, the UBO register has been introduced and came into effect on 27 September 2020.

Who is in scope of the Wwft

Article 1 of the Wwft lists and defines the institutions that must comply with the Wwft. Essentially, Wwft applies to:

  • Banks
  • Investment firms
  • Investment fund managers and UCITS
  • Financial service providers, insofar as they mediate in the formation of life insurance contracts
  • Life insurers, with the exception of life insurers that exclusively offer in-kind funeral insurances
  • Exchange institutions
  • Providers of credit (including mortgage credit, consumer credit, and factoring)
  • Providers of leasing products
  • Trust offices
  • Payment service providers and agents
  • Electronic money institutions
  • Issuers and managers of means of payment (e.g., credit cards, travellers’ cheques, and letters of credit)
  • Companies that advise on capital structure, business strategy, and related matters, as well as advice and services relating to mergers and acquisitions of companies
  • Companies that manage and/or hold securities
  • Intermediation in interbank markets
  • Companies providing guarantees and sureties
  • Crypto service providers
  • Lawyers and notaries
  • Brokers
  • Tax advisers
  • Accountants

The Wwft sets out specific requirements for an appropriate internal control framework. Three elements are relevant for adequate design. These are the compliance function, the audit function and the governance of the organisation. The Wwft imposes specific requirements on these functions. 

Below, we explain these elements in more detail. 

Compliance function and Wwft

The Wwft requires your institution to set up an independent compliance function, as far as this is appropriate to the nature and size of your institution. If it is unreasonable for your institution to establish an independent compliance function, you can also choose to outsource the compliance function. This can be fully or partially handled by an external compliance officer from Projective Group. 

Duties of compliance officer with regards to the Wwft: 

  • Monitoring compliance with Wwft obligations and the rules of your institution itself; 
  • Reporting deficiencies in procedures and effectively addressing them; 
  • Reporting unusual transactions to FIU-the Netherlands, including providing the necessary information; 
  • The review and updating of risk assessment and CDD (Customer Due Diligence) policy guidelines are also often the responsibility of the compliance function. 

Wwft audit function

The Wwft requires your institution to set up an independent audit function. This obligation only applies if your company is a legal entity or corporation that qualifies as an institution. The degree of independence granted to the compliance function depends on the nature and size of your institution.  

Duties auditor regarding the Wwft: 

  • Check compliance with Wwft; and 
  • Check operation of the policies, procedures and measures. 

The intensity of the audit function within your institution depends on your risk profile. 

Board and the Wwft

According to the Wwft, you must appoint a board member within the board of directors who is responsible for compliance with the requirements arising from the Wwft. However, this relevant board member must have the necessary knowledge and experience to take on the responsibility and additionally, your institution must demonstrate how the responsible director will perform his or her role. 

Wwft risk assessment

The Wwft requires your institution to identify, analyse and assess the risks of money laundering and terrorist financing associated with the nature and size of your institution and your services. 

When identifying and assessing the risks, you must consider at least the risk factors related to: 

  • Type of client 
  • Product 
  • Service 
  • Transaction and delivery channel 
  • Countries and geographical areas 

Some institutions are required to conduct a systematic integrity risk assessment (SIRA). This is a different risk assessment from the one required by the Wwft. The risk assessment in the Wwft is limited to your institution’s exposure to money laundering and terrorist financing risks, while the SIRA has a broader scope. 

When you begin analysing money laundering and terrorist financing risks, you take the first steps by developing policies, procedures and management measures.This is not a one-off exercise. Your institution is expected to continuously audit itself. This way, you can assess in which cases and within which business units there are risks of money laundering and terrorist financing. 

Control measures

The Wwft provides room and freedom for your institution to implement control measures as it sees fit. It’s important for your institution to thoroughly document everything so that you can be accountable to the regulator for the procedures followed, considerations made, or decisions taken. We observe that institutions are still uncertain whether they can demonstrate to the regulator (usually DNB and the Dutch AFM) in a dialogue that they comply with the obligations arising form the Wwft. 

Wwft training courses

If you want to learn more about the Wwft, you can follow our Wwft e-learning through our training institute, The Ministry of Compliance. 

Want to know more?

We are happy to support you with advice on how to fulfil the Wwft requirements and combat financial-economic crime.