Over the past five years, we have seen a debate unfold in the Netherlands where the Dutch central bank forced the Ministry of Finance to adopt rules that go beyond the AMLD5 directive. And finally, the judge brings clarity: regulators and supervisor overstepped their mandate.
Registration or licensing of crypto players here in Netherlands?
Where the AMLD5 directive says: you must register crypto companies with a check on management capability and UBO reputation, the Dutch central bank went way beyond that. It wrote a letter to the Ministry of Finance that it wanted a license regime and kept on asking for all components of a license regime. And they got it in the end with the Ministry of Finance denying to press and parliament thay they upgraded the law. This was well beyond the advice of the Council of State, which outlined the impossibility of doing this, well in advance.
I wrote a range of articles about that (this one), was the driving force in the law suit on the improper verification requirements asked to be allowed to register and helped out prepare the next law suit on illegal acts of the supervisor, meaning that all the cost borne for those illegal acts cannot be charged to companies.
One and a half year ago I penned the experience down in this blog when I started out a sabbatical. For me, there is no use in doing compliance work if supervisors don't stick to the law themselves. So I wanted to reflect on that and meanwhile the law suit against DNB was being prepared and unfolded.
Now finally after 5 years of banging the drum on the topic, the Rotterdam Court fully agreed and acknowledged that the Dutch supervisor, DNB, has acted illegally by imposing and requiring more information than necessary for the prescribed registration regime under AMLD5. It effectively turned it into a licensing regime and that was not the idea/intention.
Court judgment: Dutch law declared invalid where it turns registration into licensing regime
Their verdict translated (h/t Chat GPT) tells it loud and clear. All parts of the Wwft and lower level rules that are in conflict with the registration regime as defined in AMLD5 are declared invalid as being in violation of higher EU-law.
1. DNB will have to refund the invoices for supervision over 2021 as a result of the fact that a large part of the cost pertained to activities without legal mandate which cannot be recovered. So the Ministry of Finance will have to pay this as it doesn't make sense to charge any private entity for the legal wrongdoings and supervisors overstepping their mandate.
2. DNB will have to revise the registration regime and make it a true registration regime. They can no longer apply the 10step approach (copy paste licensing) and extensive list of questions and must remain with a small list. Effectively the main focus of registrations will have to be on evaluating quality of management and reputation of UBO. Registrations must be done in 2 months instead of the current 6-12 months evaluation period.
3. If DNB wants to add specific demands and requests it will have to send out specific request immediately after registration and should do so on the basis of a prior risk assessment as to nature of company and businss positioning/management (they will have sufficient information on that as a result of the management evaluation procedure in the registration).
4. DNB needs to ask an independent accountant to separate the forbidden registration costs which included checking wallet verification requirements, doing extensive study of documentation from the practical application process prescribed under AMLD5. This will mean that 75% of the costs of crypto supervision in 2021, 2022 and 2023 will have to be dropped.
5. DNB will most likely also appeal against the verdict although ideally they would make excuses for having gone beyond their mandate both as a supervisor and in their role as 'advisor' of the Ministry of Finance. This excuse can be made without cost given that it is DNBs vision that even when they make a fault they are not legally liable for it. This is also in Dutch law (a good from post financial crisis).
A 'told you so' with mixed feelings
Well. I told you so. For 5 years I've been telling regulators and DNB that their policy decision to do more than the EU directive was at odds with our institutional frameworks. But hey, who listens to crypto players: those casino's, those money launderers. It was fairly easy for the central bank and ministry of Finance to frame their way out of the debate. They also misrepresented the facts.
Appeals to higher ethics and the institutional boundaries did not work. Not formally, not informally. And I've really pushed every button I could find. Because you don't want to end up resolving things in court. And if you do, you want to prove that you tried your best to prevent coming there. Which means the stuff had to go to couurt. The powers that be thought they were right and they could ignore the EU rules and the advice/knowledge of State of Council of incompatibility of their plans with those rules.
Usually that works, by the way. Because companies and industry organisation usually aren't that well documented and don't come prepared. But this time was different. DNB and Ministry of Finance had just pulled an identical trick in the payment sector, so this was a second time around for the legal and compliance industry involved. And that made a difference. The supporting legal industry did not fall for the easy crypto-money laundering frame. The legal industry recognised the DNB-overstepping-mandate reality.
Still this is all mixed feelings. Why don't we just respect EU rules, whether in government or in companies. That would have made our life a fair bit more pleasant. Why did we have to go at lenght to do this batlle? Do we really need to go on and start a third law suit now (when DNB doesn't come round to acknowledging their errors of judgment)?
So yes, this is a told you so moment. But I mostly hope this legal verdict is were things will change so that there is no need to write about a third told you so moment in the future.