Skip to content
Case studiesPricingSecurityCompareBlog
GlossaryCountry guidesChecklistsROI Calculator

Europe

Americas

Oceania

All guides
🇳🇱

KYC Obligations in the Netherlands — Complete 2026 Guide

Comprehensive guide to KYC and anti-money laundering obligations in the Netherlands: DNB requirements, Wwft, document verification, and best practices for obligated institutions.

Regulators:DNB
Key laws:Wwft (Wet ter voorkoming van witwassen en financieren van terrorisme), AMLD6
Last updated 2026-03-28

Regulatory Framework

The Netherlands ranks among the most advanced European countries in anti-money laundering, driven by the size of its financial sector and its role as an international commercial hub. The legislative framework rests on the Wwft (Wet ter voorkoming van witwassen en financieren van terrorisme — Act on the Prevention of Money Laundering and Terrorist Financing), which entered into force in 2008 and has been regularly revised to incorporate successive European directives. The most recent major revision, in 2020, transposed AMLD5, with additional amendments in 2023 for AMLD6.

DNB (De Nederlandsche Bank — the Dutch Central Bank) is the prudential supervisory authority for credit institutions, insurers, payment institutions, electronic money institutions, and virtual asset service providers. DNB monitors Wwft compliance and has extensive sanctioning powers, including record-breaking fines. AFM (Autoriteit Financiële Markten — the Financial Markets Authority) supervises investment firms and management companies for Wwft obligations.

FIU-Nederland (Financial Intelligence Unit) is the Dutch financial intelligence unit. Attached to the Ministry of Justice and Security, it receives and analyses reports of unusual transactions (meldingen van ongebruikelijke transacties) and decides on their forwarding to criminal prosecution authorities as suspicious transactions.

The Netherlands stands out for its particularly strict supervisory approach, with fines among the highest in Europe for Wwft failures. DNB has imposed multi-million-euro fines on major Dutch banks, sending a strong signal to the entire financial sector. The Bureau Financieel Toezicht (BFT) supervises legal and accounting professions.

Who Must Comply

The Wwft defines a broad scope of obligated institutions (instellingen):

  • Banks and credit institutions: major Dutch banks (ING, Rabobank, ABN AMRO), online banks, branches of foreign institutions
  • Life insurers and insurance intermediaries: for life insurance and capitalisation products
  • Payment institutions and electronic money institutions: fintechs, payment service providers
  • Investment firms and management companies: subject to AFM supervision
  • Virtual asset service providers (crypto-dienstverleners): registered with DNB since 2020
  • Accountants (accountants): registered and certified (RA and AA)
  • Tax advisors (belastingadviseurs): members of recognised professional bodies
  • Notaries (notarissen): for all transactions within their competence
  • Lawyers (advocaten): for certain asset and financial transactions
  • Real estate agents (makelaars in onroerend goed): for real estate transactions
  • High-value goods dealers: for cash payments exceeding EUR 10,000
  • Trust offices (trustkantoren): trust and company service providers, subject to a strict licensing regime (Wtt 2018)

The Dutch system is distinguished by particularly strict supervision of trust offices, reflecting historically identified risks in this sector.

Customer Due Diligence Requirements

Standard Due Diligence (CDD)

Due diligence obligations (cliëntenonderzoek) are detailed in Articles 3 to 8 of the Wwft:

Customer identification and verification: for natural persons, identification relies on a valid official identity document. Accepted documents include the Dutch passport, European identity card, Dutch driving licence (in certain cases), and identity document for foreign nationals. The BSN (Burgerservicenummer — citizen service number) may be collected in cases provided by law. For legal persons, registration with the KvK (Kamer van Koophandel — Chamber of Commerce) and a KvK extract serve as reference documents.

Beneficial owner identification (uiteindelijk belanghebbende — UBO): any natural person who directly or indirectly holds more than 25% of the capital, voting rights, or effective control. The Netherlands established the UBO register in 2020, maintained by the KvK. However, following the EU Court of Justice ruling of November 2022 on public access to UBO registers, access to the Dutch register has been restricted to competent authorities and obligated entities (public access has been closed).

Determining the purpose and nature of the business relationship: understanding the customer's economic profile, activity, source of funds, and purpose of transactions.

Ongoing monitoring (voortdurende controle): transaction monitoring and updating of collected information throughout the relationship.

Enhanced Due Diligence (EDD)

Enhanced measures (verscherpt cliëntenonderzoek) are mandatory in the following situations:

  • Politically Exposed Persons (PEPs — politiek prominente personen): the Wwft covers foreign, international, and since AMLD5, domestic PEPs. Measures include management approval, clarification of source of wealth and funds, and enhanced monitoring.
  • High-risk countries: countries identified by the European Commission or the FATF. DNB publishes specific guidance on applicable measures.
  • Correspondent banking: correspondent relationships with third-country institutions are subject to thorough verifications.
  • Complex or unusual transactions: any transaction presenting atypical characteristics.
  • Complex legal structures: multi-layered companies, trusts, foundations whose structure makes beneficial owner identification difficult.
  • Trust services: trust offices are subject to specific enhanced due diligence obligations under the Wtt 2018.

Required Documents

For natural persons:

  • Valid Dutch passport, European identity card, or identity document for foreign nationals
  • Proof of address (extract from the BRP — Basisregistratie Personen, or utility bill)
  • BSN (Burgerservicenummer) in cases provided by law
  • Where applicable, documentation on source of funds

For legal persons:

  • Recent KvK (Kamer van Koophandel) extract
  • Up-to-date articles of association (statuten), certified by a notary
  • Identity documents of bestuurders (directors) and authorised representatives
  • Consultation of the UBO register at the KvK
  • Capital holding structure (aandeelhoudersstructuur)
  • Most recent annual accounts filed with the KvK

For trusts and legal arrangements:

  • Complete documentation on the trust structure
  • Identification of the settlor, trustees, protectors, and beneficiaries
  • Registration in the UBO register

Retention period: 5 years after the end of the business relationship or execution of the transaction.

Reporting Obligations

Unusual transaction report (melding van ongebruikelijke transactie): obligated entities must report to FIU-Nederland any transaction carried out or planned that is considered unusual. The concept of "unusual transaction" (ongebruikelijke transactie) is specific to Dutch law and differs from "suspicious transaction" (verdachte transactie). The obligated entity reports unusual transactions to the FIU, which analyses and determines whether they become "suspicious" and should be forwarded to prosecution authorities.

Objective and subjective indicators: the Wwft uses an indicator system to determine whether a transaction is unusual. Objective indicators trigger an automatic reporting obligation (e.g., cash transactions exceeding EUR 15,000). Subjective indicators require a case-by-case assessment by the obligated entity.

Non-execution obligation: when a transaction is identified as unusual, the entity must not execute it until the report has been made, unless the delay would risk compromising the investigation.

Non-disclosure obligation (geheimhoudingsplicht): the entity may not inform the customer or third parties that a report has been made.

In 2024, FIU-Nederland received approximately 1.8 million unusual transaction reports, one of the highest volumes in Europe (largely due to objective indicators in the gaming and payments sectors).

Penalties for Non-Compliance

Administrative sanctions (DNB, AFM, BFT):

  • Order subject to penalty payment (last onder dwangsom): daily penalty for non-compliance
  • Administrative financial penalty (bestuurlijke boete): maximum amount is the higher of EUR 5 million, 10% of annual turnover, or double the benefit obtained
  • Appointment of an administrator or placing under curatorship
  • Withdrawal of licence or registration

Notable examples: fines imposed on major Dutch banks have marked the sector. ING accepted a settlement of EUR 775 million in 2018 for systemic failures in its AML/CFT framework. ABN AMRO paid EUR 480 million in 2021. These record amounts illustrate the severity of the Dutch approach.

Criminal sanctions:

  • Money laundering (Article 420bis of the Dutch Penal Code) is punishable by up to 6 years' imprisonment and a 5th category fine (EUR 87,000, increased to 10% of turnover for legal persons)
  • Habitual money laundering (gewoonte-witwassen) is punishable by 8 years' imprisonment
  • Terrorist financing is punishable by 8 years' imprisonment

Publication: sanctions are published on the DNB and AFM websites.

How CheckFile Helps

The Dutch KYC framework, particularly demanding following recent banking scandals, requires a document verification system that meets DNB's heightened expectations. CheckFile offers an AI-powered document verification solution that addresses the specificities of the Dutch market.

The platform analyses and verifies the authenticity of Dutch identity documents (passport, identity card) and more than 6,000 international document types. The AI detects document fraud attempts with an accuracy rate exceeding 99%, including verification of security features specific to Dutch documents. Automatic cross-validation with KvK and UBO register data enables efficient verification of holding structures and beneficial owners.

To meet DNB's audit requirements — reinforced after historic sanctions against major banks — CheckFile generates a complete, timestamped audit trail for each verification. The solution integrates via API with Dutch banking platforms and onboarding systems, automating the verification process while ensuring the required traceability. Processing complies with the GDPR (AVG in Dutch) and the Uitvoeringswet AVG, with European data hosting.

FAQ

What documents are required for KYC in the Netherlands?

For natural persons, a valid Dutch passport, European identity card, or identity document for foreign nationals is required, supplemented by proof of address. For legal persons, a KvK extract, notarised articles of association, directors' identity documents, and consultation of the UBO register are needed. Retention is 5 years after the end of the business relationship.

What are the penalties for KYC non-compliance in the Netherlands?

The Netherlands applies the most severe sanctions in Europe in practice. Administrative fines can reach EUR 5 million or 10% of turnover. ING paid EUR 775 million and ABN AMRO EUR 480 million for AML/CFT failures. Money laundering is punishable by 6 to 8 years' imprisonment. Sanctions are systematically published.

How often must KYC checks be updated in the Netherlands?

The Wwft requires ongoing monitoring and risk-proportionate updates. High-risk customers (PEPs, trust services, high-risk countries) are reviewed annually. Standard-risk customers every 3 years and low-risk customers every 5 years. Following record sanctions, Dutch banks have considerably strengthened their KYC remediation programmes, with accelerated reviews of their entire customer base.

Frequently asked questions

Automate your compliance

CheckFile simplifies document verification compliant with local requirements.