The AMLR and its impact on Dutch AML legislation

The AMLR introduces several new obligations and standards that will (largely) replace the Dutch Act on the Prevention of Money Laundering and Terrorist Financing (Wet ter voorkoming van witwassen en terrorismefinanciering; the Dutch AML Act). Before we elaborate on several obligations set out in the AMLR, we discuss the scope of the AMLR compared to the Dutch AML Act as this scope will be significantly expanded.

Scope of the AMLR

Several ‘obliged entities’ – as defined in Article 3 AMLR – are included in the scope of the AMLR, while these entities are currently not subject to the Dutch AML Act. As a result, a wider group of obliged entities will have to comply with the obligations under the AMLR. Below we provide you with some examples thereof.

Firstly, several holding companies (including financial holding companies, mixed financial holding companies, financial mixed activity holding companies, non-financial mixed holding companies, insurance holding companies and mixed insurance holding companies) fall within the scope of the AMLR. More specifically this includes holding companies that are not themselves subsidiaries and have at least one institution as a subsidiary. These holding companies are currently not subject to the Dutch AML Act.

An undertaking other than a credit institution or an investment firm, which carries out one or more banking activities, such as lending or financial leasing (as provided for in the Annex to Directive 2013/36/EU) currently only falls within scope of the Dutch AML Act where it principally makes its business of such activity (in hoofdzaak bedrijf maken van). Relevant is that the AMLR does not contain the criterion that the relevant entity principally makes its business of such activity. However, Article 6 AMLR does contain a Member State option to exempt certain parties from the requirements of the AMLR. This exemption can be applied in case those parties only occasionally or to a very limited extent engage in such banking activity and where the risk of money laundering or terrorist financing is low, provided that certain criteria are met as set out in Article 6 AMLR.

Furthermore, the AMLR will directly apply to credit intermediaries when holding funds in connection with a credit agreement, with the exception of credit intermediaries carrying out such activities under the responsibility of one or more creditors or credit intermediaries. The idea is that credit intermediaries who do not qualify as credit institution or another type of financial institution have not been subject to any AML requirements (as opposed to for instance credit institutions taking such role). Although, currently Dutch credit intermediaries are not holding funds of borrowers, this may be the case for credit servicers due to the implementation of the Non-Performing Loans Directive (2021/2167/EU).

Unlike in the Dutch AML Act, account information service providers under PSD2 are exempted from the scope of the AMLR. The AMLR itself does not address this explicit carve out, but it is reasonable to assume that this is due to the fact that an account information service provider is not actively involved in any payment flow, and therefore has very minimal exposure to ML/TF risks. Whether or not the scope of the Dutch AML Act will be the same as the AMLR is to be confirmed on the basis of the draft Act implementing the new AML framework, as applies to the following point as well.

The Dutch AML Act currently has an exemption for electronic money institutions insofar they solely carry out transactions related to payment instruments which can be used within a limited network only. This exemption is expected to lapse, as it is not included in the AMLR. 

Furthermore, it is relevant to note that insurance intermediaries only fall in scope of the AMLR where it acts with respect to life insurance and other investment-related insurance services, with the exception of insurance intermediaries that do not collect premiums or amounts intended for the customer and which act under the responsibility of one or more insurance undertakings or intermediaries for those products. As is currently the case under the Dutch AML Act, intermediaries in non-life insurance products fall outside the scope of the AMLR.

Should you wish to learn more on whether foreign entities are in scope of the AMLR, please be referred to the news update of our Luxembourg office.

Obligations under the AMLR 

The AMLR introduces (partly) new obligations that obliged entities must comply with to enhance the effectiveness of their AML/CFT measures. For example, obliged entities are required to:

  1. have a comprehensive AML/CFT framework in place that includes internal policies, procedures and controls to ensure compliance with the AMLR and to be able to mitigate and manage AML risks. This AML/CFT framework must be kept up-to-date and enhanced if weaknesses are identified. New in the AMLR is that an institution must start adopting policies that address compliance with ‘targeted financial sanctions’. In short, these are sanction measures adopted by the European Council that involve the freezing of assets or the prohibition to make funds directly or indirectly available to a sanctioned person or entity;
  2. take appropriate measures to identify and assess the AML risks to which they are exposed, as well as the risks of non-implementation and evasion of targeted financial sanctions (i.e. the firm-wide risk assessment). The firm-wide risk assessment must be updated prior to the launch of new products, services or business practices, and when an internal or external event significantly affects the AML risks associated with the activities performed by the obliged entity. New is that the AMLR identifies a number of additional risks that an institution must start including in the firm-wide risk assessment. These include risks related to evasion or non-compliance with financial sanctions, but the AMLR also introduces a list of (non-exhaustive) general risk factors that an institution must start including in its assessment;
  3. appoint a member of the management body as ‘compliance manager’, who is responsible for (amongst others) ensuring that (i) the institution's AML/CFT framework is aligned with applicable ML/TF risks and applied in practice, and (ii) sufficient human and material resources are available to implement the policy; and
  4. appoint a ‘compliance officer’, who is responsible for the policies, procedures and controls in the day-to-day operation of the obliged entity’s AML/CFT requirements, including in relation to the implementation of targeted sanctions. Additionally, the compliance officer is the contact person for competent authorities and the person who reports suspicious transactions to the relevant Financial Intelligence Unit (FIU). The AMLR does not leave room for a proportional application of this requirement, contrary to the Dutch AML Act which currently provides for a proportional application of the compliance officer within the organisation.

With regard to several obligations as laid down in the AMLR, the newly established Authority for Anti-Money Laundering and Countering the Financing of Terrorism (the AMLA) will publish guidelines ultimately on 10 July 2026. The AMLA is based in Frankfurt and will start its supervision on 1 January 2028. AMLA will have two main areas of activity: AML/CFT supervision, acting as the centre of an integrated system of national AML/CFT supervisory authorities, and supporting EU Financial Intelligence Units (FIUs) with the exchange of information and identification of best practices.

The AMLD6 and its impact on Dutch AML legislation

AMLD6 is a new directive that will update the current directives at EU level and contains many relevant aspects in the field of AML legislation, such as (i) the further elaboration of the tasks and powers of FIUs, (ii) the amendments to the (accessibility of) central ultimate beneficial ownership registers (UBO registers), and (iii) the further elaboration on the powers of administrators of the UBO registers. In the Netherlands, this is the Dutch Chamber of Commerce (Kamer van Koophandel).

Under AMLD6, the FIUs will play a central role in the EU’s efforts to combat money laundering and terrorist financing. The tasks and powers of the FIUs are extended by AMLD6. For example, the FIUs will be granted direct access to all information they require for fulfilling their tasks, such as administrative, financial, and tax information and relevant central registers. Furthermore, if FIUs have a suspicion that a transaction relates to money laundering or terrorist financing, FIUs are empowered to take action, or to suspend or withhold consent to that transaction. In this regard, FIUs may also trace, seize, freeze or confiscate criminal assets. It should be assessed how this will work in practice, due to the current practice that the FIU is often notified after a transaction is already performed.

Additionally, AMLD6 implements a judgment of the European Court of Justice relating to the accessibility of UBO registers. The accessibility will be slightly limited under AMLD6, namely that the information in the UBO registers will be accessible in all cases to (i) competent authorities and FIUs, (ii) obliged entities, and (iii) any (natural or legal) person or organisation that can demonstrate a legitimate interest. This amendment, which is a change compared to AMLD4, must be implemented into national law by 10 July 2026.

Finally, AMLD6 aims to ensure that information submitted to the UBO registers is more adequate, accurate and up-to-date. Therefore, the Dutch Chamber of Commerce will be authorised to verify the data in the UBO registers and to conduct on-site inspections in case of doubts relating to the accuracy of an entity’s information submitted to the UBO register.

Conclusion

In conclusion, the AMLR and AMLD6 will significantly change the Dutch AML landscape. The scope of the AMLR compared to that of the Dutch AML Act is broader and the AMLR introduces obligations that will significantly change the (internal) governance and business operations of obliged entities. Furthermore, the AMLD6 brings about several changes to the tasks and powers of FIUs, the accessibility of UBO registers and the powers of entities in charge of UBO registers.

Want to know more about these topics? Reach out to one of our colleagues mentioned below.