The impact of the new NVB baselines on the financial crime modelling landscape

June 01, 2023 General

Plaatje blog FC

Recently, there has been a lot of debate surrounding the costs associated with anti-money laundering (AML) efforts. This discussion has been fuelled by concerns that these costs might be disproportionately large, potentially burdening financial institutions and hindering their ability to operate efficiently, as also illustrated by the court case between bunq and the DNB in relation to the use of AI in AML. In response, DNB last year issued the report ‘Van herstel naar balans’[1] wherein a risk-based approach is emphasized. Against this backdrop, the NVB has also released a first set of new standards[2], so-called baselines, on the same topic. In this blog a high-level overview is provided of these new baselines.

Yesterday, the NVB has published the following standards standards:

  1. NVB Baseline - UBO identification and verification
  2. NVB Baseline - Pseudo UBO
  3. NVB Baseline - EDD measures for EC high risk third countries
  4. NVB Baseline - Expected Transaction Profile (ETP)
  5. NVB Baseline - Client data actualisation

What stresses the importance of these standards, is that these have been drafted in consultation with the DNB as well as with the ministry of finance. In fact, in Het Financieel Dagblad the DNB has already expressed that they support these guidelines and that later this year they will publish revised guidelines aligning with these standards. The NVB has indicated that they expect to publish a total of 17 standards. Next to the five already issued, there are five additional standards in preparation on the following topics:

  • Politically Exposed Persons (PEPs);
  • Source of funds;
  • Methods for alert handling;
  • Models for generating alerts and alert handling;
  • Ongoing Due Diligence.

But what does this mean in practice? From a modelling perspective, the most interesting standard will obviously be on models itself. Unfortunately, that one is still in preparation. Of the already published ones, standards 4 and 5 on the Expected Transaction profile and Client Data Actualisation, respectively, are the most relevant.

Standard 4 is related to the Expected Transaction Profiles (ETP). This is an approach where banks try to identify for customers what their expected behaviour is, and then continuously monitor transaction behaviour to see if noteworthy patters or deviations occur. The conclusions from the standards are:

  • ETP can be used as one of the methods to detect unusual transactions but is not a goal in itself.
  • An individual bank determines its risk-based approach to effectively detect deviations from expected transaction patterns and unusual transactions based on its defined risk appetite and AML/CFT control framework.
  • The use of specific client groups for rule-based transaction monitoring is not equal to ETP, although overlap may occur.
  • A client profile is not the same as an ETP.
  • Banks can, but are not obliged to request information from the client to establish the ETP at onboarding.
  • The DNB guidances[3] are to be used as a good practice and does not represent minimum requirements.

Although banks currently use ETP in various degrees and a risk-based approach is promoted in the standards, it is clear that ETP is a key component of a sound TM / CDD landscape

Standard 5 discusses client data, as important foundations for effective financial crime control. It focuses on completeness of data, correctness of data and which sources are to be used. Also, it mentions again the importance of making the approach to fighting financial crime risk-based.

In two follow-up blogs, we will provide deep-dives into the contents and impact of those two relevant standards. After all, it is clear that these standards will be incorporated in DNB guidance and therefore, this may be the moment that the market practice which was still missing in the financial crime domain, is about to settle.



[3] Guideline on the Anti-Money Laundering and Anti-Terrorist Financing Act and the Sanctions Act (DNB; December 2020 version), Post-event transaction monitoring process for banks (DNB; 30 August 2017).