We fall under Wwft, what does that mean for our IT?
Wwft (the Dutch anti-money-laundering law) requires customer due diligence, transaction monitoring and retention. In IT that lands in identification, file-keeping, monitoring and logging.
Try this first
- 1Implement an ID-and-V process. Verify customer identity from a reliable source, captured in a file traceable per natural person and ultimate beneficial owner.
- 2Set up transaction monitoring. Rules on anomalous patterns, escalation to the compliance officer, and a steady way to report unusual transactions to FIU-Nederland.
- 3Retention. Wwft sets its own retention for client data and transactions; read the live text, not memory, for the exact period.
- 4Logging and authorisation. Not everyone gets at Wwft files, and actions must be logged. Combine with your GDPR requirements.
- 5Run a SIRA (systematic integrity-risk analysis) regularly and update IT controls on the back of it. DNB and BFT expect a living process, not a one-off document.
When to bring us in
Crypto service providers and trust offices have extra regimes. Do not store those guidelines from memory; check with your supervisor or compliance lawyer.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.