As the name suggests, the ‘Prevention of Money Laundering and Financing of Terrorism Act’ (Wwft) aims to prevent people and companies from laundering money or spending money on terrorist activities. On this glossary page, we explain what the Wwft entails and how to apply the law within your organisation.

Wwft outline

The Fourth Anti-Money Laundering Directive was implemented 25 July 2018 in the Prevention of Money Laundering and Financing of Terrorism Act (Wwft) and its underlying regulations. A key aspect of the Wwft is that it is risk-based: institutions covered by the Wwft are required to prepare a risk assessment of their ML and TF risks. Since 2018, the definition of PEP and of UBO has been tightened. Specific requirements also apply to an institution’s Wwft governance.

Since 21 May 2020, the amended Fourth Anti-Money Laundering Directive has been implemented in the Wwft.

The scope of the Wwft has been expanded: more industries are subject to Wwft obligations, including crypto service providers. Managers of real estate investment institutions have also since faced obligations in relation to tenants of real estate in the investment institutions they manage. The Wwft also applies to natural persons, legal entities or companies that mediate professionally or commercially in the creation and conclusion of agreements to rent as referred to in Section 7:201 of the Civil Code, to the extent that the monthly rent amounts to an amount of €10,000 or more. From this amount, the obligations of the Wwft start to apply, such as conducting customer due diligence, monitoring transactions and reporting unusual transactions to FIU-the Netherlands. Finally, the UBO register was introduced and came into force on 27 September 2020.

Who is in scope of the Wwft

Article 1 of the Wwft lists and defines the institutions that have to comply with the Wwft. Essentially, Wwft applies to:

  • Banks
  • Investment firms
  • Investment fund managers and UCITS
  • Financial service providers, insofar as they mediate in the formation of life insurance contracts
  • Life insurers with the exception of life insurers that exclusively offer in-kind funeral insurances
  • Exchange institutions
  • Providers of credit (including mortgage credit, consumer credit and factoring)
  • Providers of leasing products
  • Trust offices
  • Payment service providers and agents
  • Electronic money institutions
  • Issuers and managers of means of payment (e.g. credit cards, travellers’ cheques and letters of credit)
  • Companies that advise companies on capital structure, business strategy and related matters, as well as advice and services relating to mergers and acquisitions of companies
  • Companies that manage and/or hold securities
  • Intermediation in interbank markets
  • Companies providing guarantees and sureties
  • Crypto service providers
  • Lawyers and notaries
  • Brokers
  • Tax advisers
  • Accountants
  • Key elements for an appropriate internal control framework

The Wwft sets out specific requirements for an appropriate internal control framework. Three elements are relevant for adequate design. These are the compliance function, the audit function and the governance of the organisation. The Wwft imposes specific requirements on these functions.

Below, we explain these elements in more detail.

Compliance function and Wwft

The Wwft requires your institution to set up an independent compliance function, to the extent appropriate to the nature and size of your institution. If it is unreasonable for your institution to set up an independent compliance function, you can also choose to outsource the compliance function. You can do this in whole or in part by an external compliance officer from Projective Group.

Duties of compliance officer with regards to the Wwft:

  • Monitoring compliance with Wwft obligations and the rules set by your institution itself;
  • Reporting and effectively addressing shortcomings in procedures;
  • Reporting unusual transactions to FIU-the Netherlands, including providing the necessary information;
  • Reviewing and updating risk assessment and CDD policies also often lies with the compliance function.

Wwft audit function

The Wwft requires your institution to set up an independent audit function. This obligation only applies if your company is a legal entity or company that qualifies as an institution. As for the interpretation given to the degree of independence of this, it depends on the nature and size of your institution.

Duties auditor with regards to the Wwft:

  • Check compliance with Wwft; and
  • Check operation of the policies, procedures and measures.

The intensity of the audit function within your institution depends on your risk profile.

Board and the Wwft

Under the Wwft, you must appoint a board member within the management board who is responsible for compliance of the requirements arising from the Wwft. However, the relevant board member must have the knowledge and experience to take on the responsibility and, in addition, your institution must demonstrate how the responsible director will perform his or her role.

Wwft risk assessment

The Wwft requires your institution to identify, analyse and assess the money laundering and terrorist financing risks associated with the nature and size of your institution and your services.

When identifying and assessing the risks, you will at least take into account the risk factors related to:

  • Type of client
  • Product
  • Service
  • Transaction and delivery channel
  • Countries and geographical areas

Some institutions are required to conduct a systematic integrity risk assessment (SIRA). This is a different risk assessment from the one required by the Wwft. The risk assessment in the Wwft is limited to your institution’s exposure to money laundering and terrorist financing risks, while the SIRA has a broader scope.

When you start analysing money laundering and terrorist financing risks, you have taken the first steps in developing policies, procedures and management measures. Incidentally, this is not a one-off exercise. Your institution is expected to audit itself on an ongoing basis. Only in this way you can assess in which cases and within which business units there are money laundering and terrorist financing risks.

Control measures

The Wwft provides room and freedom for your institution to take control measures as it sees fit. Here, it is important that your institution records and documents everything well so that you can account to the regulator for the procedures followed, considerations made or decisions taken. We see that institutions are still uncertain whether they can demonstrate in a dialogue with the regulator (usually DNB and the Dutch AFM) that they comply with the obligations arising from the Wwft.

Wwft training courses

If you want to learn more about the Wwft, you can follow our Wwft e-learning through our training institute, The Ministry of Compliance.

Want to know more?

We are happy to support you with advice on how to fulfil the Wwft requirements and combat financial-economic crime.