Registration with DNB – crypto service providers
Category: Administrative law
Registration with DNB – crypto service providers
Registration requirement: crypto service providers
Under the fifth anti-money laundering directive (AMLD5), crypto service providers are put under the supervision of the national authorities. In the Netherlands DNB is the authorized authority. The Act implementing AMLD5 should have entered into force on 10 January 2020, but has been delayed until further notice. It seems that parliamentary debate takes more time than anticipated.
The moment this Act enters into force, certain crypto service providers will be obligated to register with DNB and have to be compliant with the (general) requirements of the Dutch Anti-Money Laundering and anti-Terrorist Financing Act (Wwft). This means that also certain crypto service providers will be obliged, among other things, to investigate their clients and report unusual transactions to the Financial Intelligence Unit-Netherlands (FIU-Netherlands).
The rules apply to any party (individuals or legal entities) providing one or more of the following two services in a professional capacity or on a commercial basis in or from the Netherlands:
- Services for the exchange between virtual currency and fiduciary currency; and (or)
- Custodial wallets. More specifically, entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies.
- What is meant by virtual currency? The following definition is included in the Implementation Act:
- “a digital representation of value that is not issued or guaranteed by a central bank or public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.”
- And a provider of a custodial wallet is understood to mean:
- “‘custodial wallet provider: means an entity that provides services to secure private cryptographic keys on behalf of its clients in order to hold, store and transfer virtual currency.”
- Examples of entities that need to register with DNB are companies that have a website where other companies and individuals can buy or sell crypto currency for fiduciary currency, or a company that offers custodial wallets.
- The crypto providers will not only have to submit all kinds of documents for the registration process (please find more information below), but they also need to submit evidence of a good fit and proper assessment as a precondition for registration.
What is the purpose of registering with the DNB for crypto providers?
The aim is for the DNB to be able to assess the service provider’s risks of money laundering and terrorist financing and to determine whether the provider is able to comply with the legal obligations as required by the Wwft to control those risks.
What information needs to be submitted for registration as a crypto service provider?
The exact list of documents to be submitted for this kind of registration with DNB has not yet been finalised. DNB does, however, consider it important to offer parties the opportunity to prepare for the Act’s ultimate entry into force, and has provided a draft explanation of the registration application. The draft explanation has been based on what is currently known about the new regulations. It follows from the draft explanation that the following five elements are considered:
1. General company data:
Among other things, DNB checks whether the service provider falls within the legal definition of a crypto provider. DNB also asks to submit a number of documents, such as a certified copy of the notarial deed including the company’s articles of association;
2. The business plan:
DNB not only looks at the strategy (including the targeted market share, the envisaged origin of the customers, et cetera), but also at a diagram illustrating the activities the service provider is performing (including the transaction flows);
3. The governance:
DNB looks at, among other things, the organisational structure and the control structure. A service provider should provide an organisation chart as well as a description of the company’s control structure;
4. Sound operational management:
DNB looks, among other things, at the way in which compliance, outsourcing, auditing and training are arranged within the company. It is important to demonstrate that the company can comply with the relevant provisions of the Wwft;
5. Ethical business operations:
DNB examines, among other things, whether the company is able to manage its integrity risks. Integrity risks include money laundering and terrorist financing. The company must have a policy in which certain subjects must be discussed, among them being an analysis of integrity risks, avoiding conflicts of interest, customer due diligence, transaction monitoring, reporting obligation, and so on.
Fitness and propriety
In addition to providing the necessary information for the registration process, the service provider must have its policymakers and co-policymakers assessed for fitness and propriety. Only in the case of a favourable decision, may the person take up the position. According to the explanatory notes, DNB determines whether the candidate has sufficient relevant knowledge, skills and professional conduct to fill the position. This must be evident from the candidate’s work experience, education and competencies. In addition, the propriety of a candidate must be beyond doubt. This concerns their intentions, actions and, in particular, antecedents that stand in the way of filling the position.