Financial Services Regulation 2025 Comparisons

A significant portion of Dutch financial regulation legislation originates from European Union (EU) directives and regulations. EU regulations have direct effect in the Netherlands without requiring domestic implementation measures, but EU directives typically necessitate transposition into national law. Since directives often establish only baseline or ceiling standards and frequently include optional provisions that member states may implement at their discretion, the domestic legislation enacting a given directive can differ between EU member states.

The establishment of the Dutch functional supervisory model in 2002 initiated a comprehensive restructuring of the Netherlands’ financial regulatory framework, ultimately resulting in the enactment of the Dutch Financial Supervision Act (Wet op het financieel toezicht – the Wft) on 1 January 2007. The Wft, together with subordinate regulations and decrees, constitutes the principal source of financial regulation in the Netherlands.

Beyond the Wft, several other statutes contain provisions governing financial regulation, often targeting specific sectors. For instance, pension funds are also subject to requirements established in the Dutch Pension Act (Pensioenwet), and trust offices must adhere to the Dutch Act on the Supervision of Trust Offices 2018 (Wet toezicht trustkantoren 2018).

Furthermore, the Fourth and Fifth Anti-Money Laundering Directives – (EU) 2015/849) and (EU) 2018/843) – have been transposed into the Dutch Act on the Prevention of Money Laundering and Terrorism Financing (Wet ter voorkoming van witwassen en financieren terrorisme – the Wwft). The Wwft establishes customer due diligence requirements and transaction monitoring obligations applicable to the majority of financial institutions operating in the Netherlands.

The Netherlands subjects an extensive array of financial and adjacent activities to regulatory oversight. Numerous entities operating within the financial sector must either obtain a licence or notify the appropriate regulator of their intention to conduct business in the Netherlands. These entities include the following.

• Banks – banks (more precisely, credit institutions) are organisations whose business involves receiving repayable funds from parties other than professional market operators, beyond a restricted circle, and extending credits for their own account. A general prohibition exists against accepting repayable funds (such as deposits) in the Netherlands without holding an appropriate licence or other authorisation.
• Insurers – this category encompasses life insurers, non-life insurers, funeral expense insurers, benefits-in-kind insurers and reinsurers.
• Payment service providers – regulated payment services encompass a broad range of activities, including executing payment transactions, money remittance, issuing and/or acquiring payment instruments, account information services and payment initiation services.
• Trust offices – a trust office is a party that provides one or more trust services on a commercial basis, including the provision of corporate director services, providing an address or correspondence services, acting as a trustee, and similar corporate functions.

• Clearing institutions – clearing institutions settle transactions involving financial instruments through a central counterparty, thereby guaranteeing the commitments of the parties on whose behalf they operate.
• Electronic money institutions – electronic money institutions issue electronic money in exchange for legal tender. Electronic money is a prepaid electronic payment product that may be card-based or account-based, and is represented as a balance in an electronic wallet or on a physical card.
• Pension funds – “ordinary” pension funds must notify the Dutch Central Bank (De Nederlandsche Bank – DNB) of their establishment. “Premium” pension funds (a new category of pension administrators) require a licence from DNB and may operate on a cross-border basis.
• Collective investment schemes and their management companies – collective investment schemes encompass undertakings for collective investment in transferable securities (UCITS) and alternative investment funds (AIFs). Regulations pertaining to AIFs and UCITS are primarily directed at the fund manager, rather than the fund itself.

• Settlement agents – settlement agents provide services designed to relay requests relating to the approval of payment orders, approve such orders on behalf of payment service providers, or provide certain specific netting services.
• Investment firms – these include undertakings offering investment advice, asset management services or execution-only services in relation to financial instruments. Certain firms engaging in own account trading in financial instruments may also qualify as investment firms.
• Financial service providers – this category refers to a diverse range of undertakings and includes undertakings that, for example, offer certain financial products, provide advisory services or act as intermediaries.
• Crypto-asset service providers – these are entities that provide one or more services in relation to crypto-assets, such as custody providers, trading platform operators, crypto-asset exchangers and crypto asset portfolio managers.
• Issuers of crypto-assets – these are entities offering crypto-assets to the public or admitting crypto-assets to a trading platform.

The Wft provides targeted relief from licensing, prudential and conduct requirements for particular activities, entities and circumstances that meet specified thresholds or criteria. The scope and conditions of exemptions are formulated precisely, and an exemption from licensing requirements does not necessarily imply that other ongoing compliance requirements do not apply. The most frequently utilised exemptions in the Netherlands include the following.

• Sub-threshold fund managers – managers of AIFs (AIFMs) may benefit from a registration regime rather than full licensing if:
1. the total assets under management do not exceed EUR500 million (or EUR100 million for leveraged funds); and
2. the fund is either offered to fewer than 150 investors with a minimum subscription of EUR100,000, or offered exclusively to professional investors.
• National Private Placement Regime (NPPR) and designated states regime – non-EU AIFMs may offer units in investment funds to qualified investors in the Netherlands on the basis of the Dutch NPPR. Moreover, non-EU fund managers from certain designated states (eg, the US, Guernsey and Hong Kong) may offer participation rights in the Netherlands, including to retail investors if certain requirements are met, subject to completion of a notification procedure.
• Small payment and electronic money institutions – payment service providers are exempt from a licence requirement where the average total monthly transaction volume in the preceding 12 months does not exceed EUR3 million and electronic money institutions are exempt if the outstanding electronic money liabilities average EUR5 million or less, and a maximum of EUR150 can be stored per instrument or account.
• Exempted payment services – certain payment services are excluded from the scope of payment services regulation. Examples include the commercial agent exemption, which excludes payment transactions via agents acting solely for either the payor or payee, and the limited network exemption, which excludes payment instruments usable only within specific premises or retail chains or for limited goods/services (eg, store cards, fuel cards). Under the future EU payment services regulatory framework (PSD3/PSR), both exemptions will face stricter assessment criteria and clarifications, further narrowing the scope of these exemptions.
• Exempted investment services and activities – certain investment services and activities are exempt from a licence requirement and prudential regulation. These include intra-group services, employee participation schemes, incidental professional activities (such as investment advice provided ancillary to another profession without separate remuneration), or trading on own account in commodities and related derivatives. Moreover, investment firms registered in Australia, the US or Switzerland do not require a licence to offer investment services to professional investors in the Netherlands if they are duly authorised in their jurisdiction and follow a notification procedure.

The European Markets in Crypto Assets Regulation (MiCA) started to apply directly in the Netherlands in 2024. MiCA regulates both crypto-asset service providers (CASPs) and parties offering crypto-assets to the public or admitting crypto-assets to a trading platform (Issuers), with additional requirements for Issuers of asset referenced or e-money tokens (stablecoins).

• CASPs, including exchanges, wallet providers and trading venues, are subject to licensing requirements under MiCA. The licensing conditions and ongoing compliance obligations encompass business operation requirements (including governance design, outsourcing and operational resilience), minimum capital requirements, and suitability assessments for management and qualifying shareholders.
• Issuers are subject to disclosure and transparency requirements under MiCA, including the obligation to publish a comprehensive white paper. Issuers of asset-referenced tokens must obtain a licence under MiCA, while Issuers of e-money tokens must be authorised as credit institutions or electronic money institutions. Both categories of Issuers are subject to safeguarding requirements.

CASPs and Issuers licensed in the EU may passport their licence to the Netherlands. Dutch CASPs are licensed by the Dutch Authority for the Financial Markets (AFM), while Dutch Issuers are licensed by DNB. The AFM and DNB may employ a comprehensive range of formal and informal enforcement measures, including administrative fines. Violations of certain core MiCA provisions (including white paper publication requirements, insider dealing prohibitions and licensing requirements) constitute criminal offences under the Dutch Economic Offences Act (Wet economische delicten).

In addition to MiCA, CASPs providing crypto-asset services in the Netherlands are subject to the Dutch Anti Money Laundering and Counter Terrorism Financing Act (Wwft). The Wwft requires the performance of customer due diligence and ongoing transaction monitoring, with additional requirements regarding transfers of crypto-assets from unhosted wallets.

Financial supervision in the Netherlands operates through a dual regulatory structure comprising two national competent authorities, each with distinct supervisory mandates, whose roles are supplemented and co-ordinated by several EU supervisory authorities.

• DNB serves as the prudential and integrity supervisor. It supervises the financial soundness of all Dutch regulated undertakings subject to capital and liquidity requirements, and acts as the lead supervisor for banks, insurance companies, pension funds, payment institutions and issuers of certain crypto-assets. DNB works closely with the European Central Bank (ECB) in supervising the banking sector, where the ECB directly supervises and licenses significant Dutch banks in accordance with the Single Supervisory Mechanism. DNB also has supervisory powers regarding anti-money laundering and counter-terrorist financing (AML/CFT) compliance under the Wwft.
• The AFM oversees the conduct of financial institutions and market participants, focusing on transparency, investor protection and the fair treatment of clients. It acts as the lead supervisor for investment firms, investment funds, financial services providers and crypto-asset service providers. The AFM supervises compliance with disclosure and market abuse rules, and monitors public offerings and prospectus requirements to promote confidence in the integrity of Dutch financial markets. The AFM also serves as the AML/CFT supervisor for certain investment firms and fund managers.

Supervision of compliance with the General Data Protection Regulation (GDPR) is carried out by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP), while the Netherlands Authority for Consumers and Markets (Autoriteit Consument & Markt – ACM) monitors access to payment systems and payment account services, as well as charges for the use of payment instruments. The AP and ACM co-operate closely with the AFM and DNB under formal agreements and protocols to ensure effective and co-ordinated supervision.

At the European level, the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) (together: the European Supervisory Authorities, or ESAs) complement national supervision. While their direct supervisory powers are limited, the ESAs develop technical standards and guidance to ensure consistent application of EU financial regulation and foster convergence among national regulators.

The primary Dutch financial services supervisory authorities publish and maintain comprehensive rules and guidance through official portals and government legislative resources. These sources are grounded in the Wft and its implementing regulations, as well as directly applicable EU laws.

Official Sources of Rules and Guidance

The AFM and DNB both provide “open book” supervision portals, where current laws, regulations, decrees and supervisory rules can be browsed. These portals include national rules, European regulations and directives, sector guidance, circulars, position papers and non-binding statements.

The Wft is the primary national statute for financial services in the Netherlands, covering licensing, prudential requirements, conduct of business, market integrity and supervision. Implementing regulations from the Wft and important sectoral rules, such as the Besluit prudentiële regels Wft (Decree on prudential rules Wft), supplement the Wft for banks, insurers, payment institutions and investment firms.

Other important statutes include the Wwft (implementing the EU AML Directives), the Dutch Trust Offices Supervision Act and the Dutch Pension Act.

Key Soft Law in Dutch Financial Supervision

The supervisory authorities regularly issue guidance, position papers, circulars and Q&A documents on their websites, which serve as binding or non-binding explanations of applicable law.

Guidelines, recommendations and reports from the ESAs (the EBA, ESMA and EIOPA) increasingly establish standards for Dutch financial undertakings, covering areas such as product governance requirements, outsourcing (including cloud outsourcing), remuneration and risk management.

The use of open norms (ie, principle-based regulation through standards such as “control and integrity of business operations” and the “prudent person” principle) enables Dutch supervisory authorities to adapt supervision to evolving market conditions, which is particularly relevant for risk-based and outcome-focused supervision.

Soft law is also delivered through sector-specific guidelines covering market conduct, scenario analysis, duty of care, remuneration, governance and compliance best practices. Prior to publication, such guidelines are often subject to public consultation rounds.

The Basel III framework has been implemented in the EU through a regulation that is directly applicable in all EU/EEA member states and a directive that requires transposition into national law in each member state. In October 2021, the European Commission published its proposal for a Banking Package containing amendments to the EU Capital Requirements Directive (CRD IV, as amended) and the EU Capital Requirements Regulation (CRR). The Banking Package contained the necessary amendments to implement the final Basel III post-crisis regulatory reforms as agreed by the Basel Committee on Banking Supervision in 2017, while also considering the specific features of the EU’s banking sector.

As a result of the adoption of the Banking Package, a new regulation and directive entered into force. The Third Capital Requirements Regulation (CRR3) entered into force on 9 July 2024, with the main provisions applying to most banks from 1 January 2025; specific parts of CRR3 become effective later, with detailed transitional arrangements. This gradual implementation intends to ensure that EU banks have sufficient time to adjust their capital structures and business models to the new requirements.

In addition to CRR3, a new directive (CRD VI) entered into force on 9 July 2024 and contains the relevant changes to the national laws of member states to implement the Banking Package. The implementation deadline is 10 January 2026. CRD VI will be implemented in Dutch law through the Wft and its relevant implementing orders. At the time of writing, the CRD VI Implementation Act has not yet been submitted to parliament.

The Netherlands currently follows the EU’s T+2 settlement standard, as mandated by the Central Securities Depositories Regulation (CSDR). The EU is revising the CSDR to implement a T+1 settlement cycle, with this change expected to take effect on 11 October 2027. In parallel, Euronext has announced consolidation steps intended to simplify settlement across some of its markets ahead of the T+1 settlement cycle implementation.

Sustainable investment is governed extensively at the EU level and represents a key focus area for Dutch financial and other regulators. EU legislation focuses on creating harmonised transparency requirements on sustainability characteristics and risks for a wide array of undertakings through the Corporate Sustainability Reporting Directive (CSRD), and specifically for financial undertakings offering investment-related products or services through the Sustainable Finance Disclosure Regulation (SFDR). In addition, the Taxonomy Regulation establishes a detailed framework for economic activities qualifying as environmentally sustainable. The SFDR and Taxonomy Regulation apply directly in the Netherlands. Despite the CSRD already applying, it has not yet been formally implemented in the Netherlands.

Both DNB (in its capacity as the prudential regulator) and the AFM (in its capacity as the conduct authority and competent authority with respect to SFDR compliance) have marked the transition to a sustainable economy as key priorities for their supervision. DNB has published comprehensive guidance on the integration of sustainability risks, in line with the EBA’s focus on integrating sustainability risk into banks’ risk management frameworks. The AFM has published several reports on compliance with the SFDR, emphasising the importance of correct, specific, substantiated and clear communication on sustainability claims, and has reported its first informal enforcement actions regarding SFDR non-compliance.

In addition to increased regulation of the financial markets, there is heightened monitoring and scrutiny of prospectus and other financial product disclosures by regulators, supervisory authorities and consumer protection authorities. Climate litigation is furthermore a prominent topic in the Netherlands and the EU generally, as climate action groups in particular pursue litigation against the Dutch government (as in the Urgenda case) and large corporates and banks (eg, Milieudefensie against Shell and ING Bank). Those claims are based primarily on human rights and tort law as they apply to climate and environmental interests. Greenwashing may also result in civil claims, intervention by the Dutch Advertising Code Committee (Reclame Code Commissie) or penalties from the ACM.

The risk that financial market participants may not meet applicable standards for their financial products and disclosures, potentially resulting in greenwashing under the broad interpretation of that concept by EU authorities, has led to a retraction of claims and/or promotion of “green” and “sustainability” characteristics by financial market participants. This phenomenon, known as “greenhushing”, may also adversely affect the integrity of financial markets and the standards of fair disclosure.

Dutch financial institutions have been deploying AI for several years and are actively exploring more sophisticated AI models, indicating that AI adoption will continue to expand across the sector.

DNB’s 2019 Guidance on AI Principles

In 2019, DNB issued guidance establishing the general principles for AI deployment in the financial sector. The document functioned as a discussion paper articulating DNB’s preliminary position on responsible AI use, outlining various considerations and proposals. Of particular significance was a framework of general principles structured around six fundamental aspects of responsible AI deployment: soundness, accountability, fairness, ethics, skills and transparency (SAFEST).

DNB emphasised several critical points in its guidance:

• soundness – AI applications in the financial sector must be reliable and accurate, demonstrate predictable behaviour, and operate within the parameters of applicable rules and regulations;
• accountability – financial undertakings must maintain accountability for AI applications, as malfunctioning systems could result in harm to the institution, its customers and other stakeholders;
• fairness – AI applications must not inadvertently disadvantage particular customer groups;
• skills - all personnel within a financial undertaking (from operational staff to board members) should possess adequate understanding of the capabilities and limitations of the AI-enabled systems they utilise; and
• transparency – financial undertakings must be capable of explaining how and why they deploy AI in their business processes and, where reasonably appropriate, how these applications function.

Joint DNB-AFM Report (April 2024)

In April 2024, DNB and the AFM published a joint report examining the impact of AI deployment in the financial sector and regulatory supervision. Beyond highlighting the potential benefits and risks of AI, the Dutch regulators underscored the importance of maintaining ongoing dialogue with the financial sector (including a symposium scheduled for later that year followed by roundtable events) and the necessity of expanding their regulatory oversight to evaluate AI’s implications.

Clear regulatory expectations

DNB and the AFM have delivered an unambiguous message that financial institutions are expected to deploy AI responsibly. Dutch regulatory objectives and standards remain technology-neutral, meaning that existing regulations apply when AI is employed.

Supervisory development

DNB and the AFM acknowledge the need to enhance their supervisory methodologies and procedures, focusing on risk management, application modalities and the outcomes of AI deployment.

EU-level harmonisation

As AI’s significance in the financial sector increases, necessitating further clarification and specification of regulatory requirements, DNB and the AFM expressed a preference for such requirements to be harmonised at the EU level.

Implementation of the AI Act

Regarding the forthcoming AI Act, which designates certain AI systems (such as those employed for credit scoring) as high-risk, the AFM and DNB will be responsible for supervising AI deployed by Dutch financial institutions in collaboration with other member state regulators and European supervisory authorities.

The introduction of the AI Act will require financial institutions deploying AI to pay particular attention to the adequate protection of fundamental rights.

The Dutch regulators demonstrate a professional and sophisticated approach to emerging technologies, rapidly understanding new developments and their associated risks while maintaining a supportive stance toward innovative business models. This regulatory framework has fostered a vibrant fintech ecosystem in the Netherlands and established the Dutch payments sector as a leader within the EU.

Although the Netherlands does not operate a regulatory sandbox offering licence exemptions or other exemptions from applicable law, the Dutch supervisory authorities (DNB, the AFM and the ACM) have jointly established the “InnovationHub”, which aims to support financial sector innovation within the limits of existing legislation and regulations by offering regulatory guidance. The InnovationHub serves as a central point of contact for companies that have questions about supervision and regulations in relation to innovative financial products and services.

Within the euro area, the ECB is advancing work on a potential digital euro, a retail central bank digital currency (CBDC) designed to complement physical cash. The European Commission proposed a Digital Euro Regulation in 2023, which is currently progressing through the EU legislative process. Key features of the digital euro include strong privacy safeguards, a two-tier distribution model via banks and payment service providers, and strict limits on deposit amounts and programmable functionality.

On 30 October 2025, the ECB decided to move to the next phase of the digital euro project. This decision follows the completion of the preparation phase, which established the foundational framework for issuing a digital euro. The new phase will ensure technical readiness for initial issuance. Should the legislative framework be in place by 2026, a pilot exercise could be launched in 2027, enabling the Eurosystem to prepare for a potential first issuance of the digital euro in 2029. No additional CBDC initiatives are currently underway in the Netherlands.

The Dutch financial services regulators have implemented several initiatives to protect vulnerable customers. These initiatives demonstrate a proactive, data-driven approach that combines preventative outreach, early warning systems and inclusive design to protect financially vulnerable customers across different financial products and services.

• Interest-only mortgage initiative: since 2016, the AFM has urged mortgage providers to develop tailored approaches for customers with interest-only mortgages who are potentially financially vulnerable. Over the past five years, providers have contacted 1.68 million customers about potential risks, resulting in 744,000 customers taking action to improve their financial situation by making additional repayments, converting to repayment mortgages or increasing savings. This initiative employs preventative management tools to help customers make informed choices and take timely action.
• Consumer credit market and payment difficulties: the AFM has conducted extensive research on consumer credit and financial vulnerability, identifying where payment arrears occur, key predictors of arrears and characteristics of vulnerable households. The AFM’s recommendations include identifying risks through detailed data analysis, monitoring broader payment problems, paying particular attention to young borrowers and facilitating customer reporting of life events. The AFM has identified young borrowers (aged 18–25) as being particularly vulnerable, and expects credit providers to pay extra attention to this group during the management phase. The regulator also emphasises the importance of monitoring customers who experience life events, such as relationship breakdowns or job loss. Credit providers can prevent payment arrears by remaining alert to broader payment problems among their customers and utilising BKR Monitoring, which notifies them when customers fall behind on other registered loans, enabling early intervention.
• Digital accessibility: the AFM supervises compliance with the European Accessibility Act’s accessibility requirements for banking and financial e-commerce services, thereby strengthening financial inclusion for vulnerable groups. According to four principles – operability, perceivability, understandability and robustness – providers must ensure that their digital services are accessible to people with disabilities. These principles are designed to enable the approximately 5.5 million people with disabilities in the Netherlands (32% of the population) to independently access financial services.

The Dutch regulators have aligned their approach to shadow banking with broader EU initiatives, focusing on monitoring and addressing systemic risks posed by non-bank financial intermediation. As the prudential supervisor, DNB actively participates in the Financial Stability Board’s global monitoring framework for shadow banking activities and contributes to the European Systemic Risk Board’s assessments of non-bank financial intermediation risks.

In its capacity as the business conduct supervisor, the AFM monitors market-based finance activities and their potential impact on investor protection and market integrity. Both DNB and the AFM support the development of macroprudential tools at the EU level to address systemic risks in the non-bank financial sector, including potential measures for investment funds and other collective investment vehicles.

While the Netherlands has not introduced specific domestic shadow banking regulations beyond EU requirements, DNB and the AFM continue to assess whether additional supervisory measures may be necessary to address risks specific to the Dutch financial system, particularly given the significant role of pension funds and investment funds in the Dutch economy.

The application procedure varies depending on several factors, including the type of licence or authorisation being sought. Nevertheless, most application procedures follow a common structure.

The application procedure commences with the submission of the relevant forms and other requisite documents to the competent regulator (the ECB, DNB or the AFM). Once these have been received in proper order, the relevant supervisor will assess the firm’s compliance with the applicable requirements. Generally, DNB and the AFM have 13 weeks to reach a decision on a licence application. Different assessment periods may apply for specific licences (for instance, the AFM has 26 weeks to decide on an application for a licence as an alternative investment fund manager). However, the actual assessment period depends on numerous factors, and this period may be extended. This is frequently due to an inadequate or incomplete application, or because the submitted documents give rise to further information requests.

In addition to the relevant licence application forms, most undertakings must submit the following forms and documents:

• forms, including supporting documents, concerning the suitability and integrity of managing directors and supervisory board members;
• a business plan that contains, at minimum, the names and titles of employees, the manner in which customers are solicited, potential co-operation agreements with other companies, remuneration policies, turnover projections for each financial product and/or service for the forthcoming three years, and an overview of costs for the forthcoming three years;
• a description of business processes, including governance manuals, compliance manuals, internal controls, anti-money laundering policies, remuneration policies, etc;
• an organisational chart that includes the majority shareholders and the names of all managing directors;
• a recent extract from the trade register; and
• a form confirming that all day-to-day policymakers and supervisory board members (if applicable) who are subject to the aforementioned suitability and integrity requirements have taken a “banker’s oath” or will do so within three months after the licence is granted.

Obtaining a licence from DNB or the AFM typically takes between three and 18 months, depending on the type of licence, the proposed scope of activities, and other relevant circumstances. As a general rule, licences for providing financial services or products with greater potential impact on clients, market integrity or financial stability require longer assessment periods. For example, obtaining a licence as a payment service provider, insurer or investment firm typically takes 12–18 months.

The Dutch regulators impose regulatory levies for the assessment of licence applications and related supervisory screenings (including the screening of shareholders and the integrity and suitability screening of management or supervisory board members of the licence applicant). The amount of these levies depends on the type of licence and typically varies based on the time spent by the regulator on the licence application process.

No regulatory levies are imposed for commonly used notification procedures, such as notifications by non-EU investment fund managers under the Dutch NPPR.

In addition to duties arising under Dutch corporate and employment law, (senior) staff of Dutch regulated financial undertakings are subject to direct and indirect financial regulation.

• Integrity and suitability screening – all daily policy makers (commonly the management or executive board) and supervisory board members of Dutch regulated financial undertakings are subject to prior integrity and suitability screening by the regulator. Among other matters, the integrity screening review the reputation of the proposed board member, their conflicts of interest, and relevant antecedents (including criminal or financial antecedents). The suitability screening assesses the skills, knowledge and experience of a proposed board member, considering both individual suitability and the collective suitability of the board. For banks and insurance companies, the screening requirements also extend to certain key personnel.
• Remuneration regulations – the Dutch Financial Supervision Act (Wet op het financieel toezicht) strictly governs the remuneration of policy makers, identified staff and regular employees. For example, restrictions apply to the payment of variable remuneration (with a typical restriction to 20% of fixed remuneration), the awarding of retention bonuses, the governance of variable remuneration and severance packages.
• Administrative and criminal enforcement – in principle, enforcement action by Dutch regulators for non-compliance with financial regulations is taken against the regulated entity. In some cases, however, board members or other individuals may be personally subject to administrative or criminal enforcement action. This occurs only where a violation of applicable law can be attributed to the individual, and the individual contributed to the violation, or failed to take steps to prevent it.

The Netherlands faces a transformative regulatory landscape in 2026, driven by both EU-level harmonisation initiatives and domestic policy reforms. The key financial services reforms expected in the coming year include the following.

Implementation of CRD VI

CRD VI represents a significant banking reform, with the Dutch Implementation Act entering into force on 11 January 2026. Key changes include harmonised transaction approval requirements replacing DNB’s current declaration of no objection regime, expanded fitness and propriety assessments covering all employees who materially impact risk profiles, and mandatory ESG integration into strategy, risk management and remuneration policies. Banks must develop ESG transition plans with quantifiable objectives and timelines. Third-country banks face substantial operational changes: existing contracts entered into before 11 July 2026 may continue, but amendments, renewals or extensions will trigger branch establishment and authorisation requirements, with limited exceptions for novation and netting arrangements. This represents a phasing-out approach rather than grandfathering, particularly affecting firms currently operating cross-border without Dutch branches.

Implementation of Revised Consumer Credit Directive (CCD2)

The CCD2 provisions will be implemented and apply in the Netherlands from 20 November 2026. The directive introduces enhanced obligations regarding creditworthiness assessments and age verification procedures. The most significant change is that buy-now-pay-later (BNPL) services will no longer benefit from regulatory exemptions. This represents a material shift in Dutch consumer credit regulation, bringing the BNPL sector and major e-commerce platforms under AFM supervision for the first time.

Anti-Money Laundering Supervision

In 2026, the EU Anti-Money Laundering Authority (AMLA) will commence supervision of selected financial institutions, and the EU AML/CFT Legislative Package will be formally launched. The Anti-Money Laundering Regulation (AMLR) will largely replace the Fifth Anti-Money Laundering Directive (AMLD5). Once effective, the AMLR will be directly applicable to Dutch financial institutions, eliminating the need for national transposition legislation. Substantial portions of the Wwft will be replaced by the AMLR. A significant concern for Dutch institutions is that the AMLR adopts a different perspective on the risk-based approach compared to DNB’s current supervisory methodology.

DORA Supervision

Digital operational resilience oversight continues under the Digital Operational Resilience Act (DORA), with the ESAs conducting risk assessments of designated critical third-party ICT service providers throughout 2026. These assessments will result in individual oversight plans that may include recommendations affecting dependent financial institutions. Threat-led penetration testing requirements, which became effective in July 2025, remain ongoing compliance obligations for relevant financial institutions.

Artificial Intelligence Regulation

The EU Artificial Intelligence Act entered into force in 2024, with most substantive requirements becoming applicable from 2 August 2026. Financial institutions deploying AI systems must implement appropriate governance frameworks, risk classification procedures, control mechanisms and staff training programmes. High-risk AI systems, including those used for credit scoring and similar financial decision-making, are subject to enhanced regulatory requirements. In November 2025, the European Commission is expected to unveil the “Digital Omnibus”, a package of reforms that could reshape the GDPR, the AI Act and the ePrivacy rules.