Banks have a crucial role to play in preventing money laundering and terrorist financing. To achieve this, they are required to examine the transactions of their customers and report any suspicious activity to the authorities. In this context, banks also have the responsibility to assess the reliability of their customers based on their transaction history. This can result in the account being blocked or the customer being asked to leave. However, there are certain limitations on how far a bank can go in this regard, particularly when it comes to private customers.
If approved by cabinet, a new bill will allow banks to collectively scrutinize the transactions of all their clients, in order to detect potential cases of money laundering. While each bank currently monitors its own customers on an individual basis, the proposed legislation would permit the sharing of transaction and customer data among banks. Some critics are concerned that this could lead to a “banking dragnet,” making it harder for individuals to open accounts. This is due to the risk of false accusations or misunderstandings, which can have serious consequences for those falsely accused.
A “banking dragnet” refers to a situation where banks jointly examine the transactions of all their customers in order to detect potential cases of money laundering or other financial crimes. This practice involves the exchange of transaction and customer data among banks, and some critics have expressed concerns that it could lead to false accusations or misunderstandings, making it harder for individuals to open accounts. The term “dragnet” comes from the idea that this approach can result in a broad, indiscriminate surveillance of all banking customers, rather than a targeted, specific investigation of suspicious individuals or transactions.
On 21 October 2022, the money laundering bill was presented to the House of Representatives by the Minister of Finance, Sigrid Kaag, and the Minister of Security and Justice, Dilan Yeşilgöz-Zegerius. The bill aims to improve the fight against money laundering and terrorist financing.
The proposed changes to the Wet ter voorkoming van witwassen en financieren van terrorisme (WWFT) include a ban on cash payments for goods above €3000, joint transaction monitoring by banks, and the exchange of risk information between institutions. Kaag and Yeşilgöz–Zegerius believe these measures will enhance the effectiveness of anti-money laundering efforts, but concerns have been raised about potential drawbacks.
To prevent money laundering and terrorist financing, every bank is required to examine the transactions of their customers. If a bank identifies a transaction as unusual, they may request an explanation from the customer.
The bank is responsible for reporting any transactions deemed as unusual to the Financial Intelligence Unit (FIU), a department under the Ministry of Justice. The FIU determines whether a transaction is suspicious enough to be forwarded to the police. Meanwhile, the bank has the discretion to assess whether the customer with the unusual transaction can still be deemed trustworthy. If not, the account may be blocked or the customer may be asked to leave entirely. However, private customers cannot be turned away completely as they are entitled to a basic transactional account.
Joint monitoring is a practice the government seeks to expand, which involves banks collectively monitoring their customers’ transactions to identify criminal activity across multiple accounts. This is a key aspect of the proposed bill “wetsvoorstel plan van aanpak witwassen”, which provides banks the option to carry out joint checks. To facilitate this, the five largest banks in The Netherlands have established a dedicated entity called Transactie Monitoring Nederland (TMNL), which is responsible for monitoring all transactions over 100 euros and detecting unusual patterns.
If TMNL identifies suspicious activity involving multiple banks, both banks are alerted to investigate the customer further. If they cannot provide a satisfactory explanation, the case is forwarded to the FIU. The Dutch Banking Association (Nederlandse Vereniging van Banken “NVB”) supports the bill, citing TMNL’s ability to distinguish false alarms from actual illicit activity, which in turn reduces the need for banks to question their bona fide customers about certain transactions. Furthermore, the NVB highlights that TMNL only receives encrypted customer data, meaning that employees cannot see any personal identifying information.
The bill has faced criticism, particularly over concerns of mass surveillance. The Dutch Data Protection Authority (Dutch DPA) has strongly opposed the bill, warning of potential exclusion and discrimination risks. Similarly, the Privacy First foundation has raised serious objections, with director Godaya Komen emphasizing that the benefits of catching criminals should not come at the expense of the wider population being monitored. The Dutch DPA and Privacy First foundation have also expressed concerns about the bill’s requirement for banks to inquire among themselves about customers they consider unreliable, in addition to joint transaction monitoring.
The duty of inquiry for banks involves creating a risk profile for new customers, such as ABN Amro, to determine the likelihood of money laundering. Under the proposed bill, if the bank classifies a customer as ‘high risk,’ it must ask other banks if they have had any dealings with that individual. If ING, for example, has previously rejected a customer deemed ‘high risk,’ it is obligated to inform ABN Amro. This process increases the likelihood of being refused by other banks.
However, there are multiple scenarios where inquiries can be made about a customer, such as regular profile checks or unusual transactions. Furthermore, ING may be required to disclose whether they have blocked a customer’s account or sent a warning message relating to money laundering checks, in addition to customer rejections. Experts warn that the obligation to inquire could make it more difficult for customers to switch banks, as their previous vetting may be disclosed by their bank.
The legal standards for labeling customers as high risk are open to multiple interpretations, leaving them uncertain about the exact reasons for such classification, warns Fleur le Roy, a lawyer at van Ardenne & Crince le Roy Advocaten who specializes in anti-money laundering legislation. “Customers have no clear understanding of when they are classified as high risk,” says Le Roy. “This ambiguity can result in unintentional misjudgments by institutions, leading to catastrophic outcomes for (potential) customers, including discrimination and unwarranted exclusion, potentially causing irreversible financial and reputational damage, which is already occurring in practice.”
Le Roy raises concerns about the possibility of banks creating a blacklist to check for money laundering as efficiently as possible under the obligation to inquire. Simon Lelieveldt, a former head of supervision at the NVB, shares these concerns and fears that the obligation to inquire will lead to a de facto blacklist that could exclude people. “Many fear surveillance similar to that in China or by the Stasi in Germany,” he says. “We must not end up in that situation.”
The ministers aim to limit the use of large cash payments with the first measure, citing scientific studies that show cash is a major facilitator of money laundering. Due to the difficulty in tracing cash, criminals use it to hide their assets, and the €3000 ‘cash limit’ used by neighboring countries has contributed to this issue. The proposal intends to harmonize cash limits to prevent criminals from moving their activities to countries with less strict regulations. However, the ministers acknowledge that this may only shift money laundering activities to other EU member states with different cash limits. The increased cash limit may also have an impact on entrepreneurs, especially those who rely on cash payments in various sectors. The Minister of Finance is responsible for supervising the ban on transactions above €3000 in cash, but the Toezicht Wwft van de Belastingdienst (BTWwft) carries out this supervision in practice. The BTWwft has assessed the feasibility of the bill, including the cash limit, and anticipates needing 26 full-time employees on a structural basis for supervision and enforcement, with expected costs of €4.2 million in the short-term and over €2.5 million in the long-term.
The first measure aims to reduce the use of large sums of cash, as it plays a significant role in facilitating money laundering, according to scientific studies cited by the ministers. Criminals prefer cash due to its difficulty to trace, and comparable cash limits with neighboring countries will prevent them from moving their illicit activities elsewhere. However, the proposal may further fuel money laundering in other EU member states with different cash limits, and entrepreneurs who heavily rely on cash payments may face difficulties switching to digital payment services.
The ministers highlight the gatekeeper role of banks in preventing terrorism financing and money laundering, which requires knowledge and investment. The amendment to the law expands the package of tasks for compliance officers. While data protection legislation and the WWFT allow institutions to exchange information with each other based on the client’s consent, the ministers argue that banks run a high risk if such information is not exchanged. Thus, banks must inquire with other institutions immediately upon encountering a high-risk customer, and relevant information must be exchanged. However, this proposal has faced criticism for privacy concerns and undermining the fundamental principle of innocent until proven guilty. The effectiveness of joint monitoring of transactions by banks included in the bill is yet to be established in practice.
Assuming that the bill passes, it is clear that it will have a significant impact. The proposed measures will not only affect the risk policies of financial institutions, but also their communication, responsibility, and knowledge requirements. However, there is a question of whether these responsibilities and tasks can be fulfilled, given that banks are already struggling with staff shortages, particularly in CDD/KYC departments. This shortage means that institutions have less capacity for additional tasks, let alone estimating privacy risks, which the amendment does not seem to address. This staffing problem also applies to the Tax and Customs Administration, which requires 26 FTEs for structural supervision but has had difficulty finding staff. Instead of focusing solely on the amendment, it may be wise to explore ways to improve the organization of CDD/KYC research, such as enhancing technology, policy design, and risk behavior of analysts. Additionally, little attention is paid to research that disproves the usefulness of cash limits, which may force criminals to use alternative methods to evade the tax authorities, making it more challenging to monitor and investigate illegal activities. It is therefore advisable for compliance officers, privacy officers, and data protection officers to monitor any developments closely, given the potential impact of the legislative amendment on their profession.
There are concerns among certain House of Representatives members that the bill may be excessive. Specifically, there are worries that it could lead to individuals being completely barred from the financial system, making it impossible for them to open a bank account. Eelco Heinen, a member of the Volkspartij voor Vrijheid en Democratie (VVD); observed that there can be varying interpretations of the facts, which makes it challenging for lawmakers to make a judgement on the matter. The stricter proposal submitted last autumn has raised concerns about infringement of fundamental rights, as announced by the Dutch Data Protection Authority. During a hearing in the House of Representatives, President Aleid Wolfsen stated that the proposed law leads to an unlawful interference with citizens’ fundamental rights and is therefore unacceptable in its current form. He also warned of the possibility of going to court if necessary.
There was some disagreement between Wolfsen and Medy van der Laan, chairman of the NVB, during the hearing. Van der Laan argued that there are persistent misunderstandings about the proposal and that banks need to monitor all payment transactions to combat money laundering. Wolfsen, however, believed that the proposal gives banks too much freedom, saying that “you have no idea what you will say yes to.”
Despite this, the “wetsvoorstel plan van aanpak witwassen” received support from some experts, who examined it at the request of the House of Representatives. According to Prof Jacco Wielhouwer, a Professor of economics of accounting and tax at the Vrije Universiteit Amsterdam since 2013, the proposal is “an important improvement in the fight against money laundering.”
The proposed bill allowing banks to collectively scrutinize transactions of all their clients has the potential to enhance the fight against money laundering, which is a critical issue globally. However, the concerns raised by critics are valid, and any sharing of customer data must be accompanied by robust data protection measures. It is crucial to strike a balance between the need to combat financial crime and the right to privacy of individuals. The legislation must include safeguards to prevent false accusations and misunderstandings that could harm innocent individuals.
The proposed bill could represent a significant shift in the way banks combat money laundering. By allowing them to share transaction and customer data, it may be possible to detect patterns and anomalies that individual banks may miss. However, it is important to ensure that this is done in a way that respects individual privacy and rights. False accusations can have serious consequences, and safeguards must be in place to prevent this from happening.
While the proposed legislation allowing banks to collectively scrutinize transactions may be well-intentioned, it is important to consider the potential negative consequences. The risk of false accusations and misunderstandings must be taken seriously, and safeguards put in place to prevent innocent individuals from being harmed. Additionally, it is essential to ensure that any sharing of customer data is done in compliance with relevant data protection laws, and that individuals are fully informed of how their data will be used.