On 13th July 2026, the Netherlands’ regulatory body, the De Nederlandsche Bank (DNB), penalized the financial services company CCV Netherlands B.V. (CCV) with €2.65 million (USD $3M) for prolonged gaps in its compliance program. More on what happened below.
What Caused the CCV €2.65M Fine?
During examinations, the DNB found that CCV had inadequate Customer Due Diligence (CDD) and transaction monitoring. In particular, it breached Section 3(2) of the country’s Anti-Money Laundering (AML) and Terrorist Financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme or Wwft for short).
The language used in the DNB’s published enforcement statement was clear. The regulator explicitly pointed out how CCV’s system failed, not just that it failed. Why DNB fined CCV:
- CCV’s transaction monitoring solution failed for over two years, highlighting a broader governance failure.
- The firm failed to fully load over 4200 merchant’s transaction profiles into their monitoring system for 23 months, showing that controls were not consistent.
- CCV has inadequate ongoing monitoring of alerts, with no explanation of why they were closed or handed over to other teams, meaning the company cannot evidence its decision-making.
CCV’s Historic AML and Sanctions Violations
This is not the first time CCV faced enforcement action for similar violations. Back in 2019, the DNB issued a formal instruction (aanwijzing), mandating that the company take specific actions to improve its monitoring policies and procedures. In July 2021, DNB confirmed that CCV complied.
DNB seeks to safeguard financial stability and thus contributes to sustainable prosperity in the Netherlands.
However, just years later, in 2024, the firm was fined €1.1 million for prior AML and sanctions breaches found from 2015 to 2018. Despite its historic failures and remediation, DNB imposed this new fine for controls that were not continuous. What does this mean for regulated businesses?
Regulatory bodies are emphasizing “not continuous” as a regulatory red line, with higher expectations on sustainable and continuous control performance, not just a point in time fix.
Netherlands Customer Due Diligence and Ongoing Monitoring Requirements
In the Netherlands, the Wwft requires regulated businesses to perform robust CDD and ongoing monitoring. This includes documenting when they are triggered and how they enable continuous compliance.
What must CDD achieve under Section 3(2) of the Wwft?
Under AML and CTF laws, businesses must meet four aspects for compliance. These are to perform identity verification on a customer or client, identify the Ultimate Beneficial Owner (UBO), establish the nature and purpose of a relationship or transaction, and, lastly, continuously monitor the said relationship and transactions over time.
What must ongoing monitoring achieve under Section 3(2) of the Wwft?
Section 3(2) explicitly calls businesses to run ongoing monitoring. This is a baseline obligation required by all organizations. These mandates echo leading regulatory frameworks, such as Singapore’s MAS, Australia’s AUSTRAC, and the UK’s MLR2017. Authorities increasingly expect proactive monitoring systems with clear risk-based triggers, escalation, and decision-making.
How to Build a Scalable AML Program in the Netherlands and Beyond?
A key lesson from CCV’s case is that AML and CTF compliance must do more than just pass a point-in-time remediation plan. It must be resilient and continue to operate effectively as business volume, customers, and regulatory obligations evolve.
According to Milosh Caunhye, Solutions Consultant at ComplyCube, “Businesses can face enforcement action despite using the best AML technology. Instead, an effective, end-to-end AML program should go further and be able to demonstrate strong and consistent evidence of outcomes.”
1. Automated monitoring platform
Leverage real-time AML screening, including automated Politically Exposed Persons (PEPs) verification, sanctions check, and adverse media coverage on a unified platform. Use risk-based rules, customer profiles, and behavioral patterns to trigger escalation to senior management for review.
2. Robust case management
Centralize case management to record alert reviews, compliance officer reasoning, approvals, and escalation decisions in real-time. With a clear audit trail, businesses can strengthen accountability and enhance trust with demonstrable evidence to support compliance decisions.
3. Connect customer risk directly to monitoring
Use robust APIs and integrations to feed CDD, UBO, and other related risk data into the controls applied throughout the customer journey. As a result, companies can identify emerging risks earlier, better allocate compliance resources, and enforce more proportionate controls.

Find out more AML news in ComplyCube’s Trust Edition newsletter. We explore the latest in developments across identity verification and AML globally.



