Frequently asked questions

Frequently asked questions

Does the Wwft apply to me?

This depends on your organization. Various parties are listed under the ‘WWFT’ tab together with a link to Article 1a Wwft.

Should I include all procedures in a procedure manual?

Yes. A procedure manual should ensure unambiguity and clarity in the workplace with regard to how to work in order to prevent integrity risks. In addition, the supervisor, but also the compliance officer and possibly the compliance auditor, can assess whether your organization is operating in accordance with the established rules.

Am I obliged to employ a compliance officer?

You are required to have an independent and effective compliance function, depending on the nature and size of the organization. This may be internally, but could also be outsourced. You can therefore hire an external compliance officer who carries out the work for you on an hourly basis. The amount of time required for this depends on your organization. Please note that the compliance officer only carries out second-line activities.

It follows from the law (and the supervisors’ guidelines) that not every company needs to set up a compliance and/or audit function. However, your organization does have to comply with all (other) requirements of the Wwft. So regardless of whether you appoint a compliance officer, some form of guidance is highly recommended.

What is the meaning of second line and third-line of defense?

In the world of compliance, the so-called “three lines of defense” system is used. The first line is the normal daily work and contact with the client. The second line (the compliance officer) monitors and reports whether and to what extent the established procedures are being complied with. In addition, he/she advises the board on improving policy and procedures. The compliance officer does not perform any first-line tasks, including the preparation of client investigation research files. The third line is formed by the compliance auditor who monitors the compliance officer (is he/she effective and independent?) and the organization. In general, the auditor will also make recommendations about possible improvements in the organization.

Who can I ask to be my auditor?

The compliance auditor checks whether the organization complies with laws and regulations. From this point of view, it is logical to choose a legally trained auditor, the so-called operational auditor. Accountants believe that auditing traditionally belongs to them and that the audit function should be performed by an accountant (financial auditor). However, the question is whether your own accountant can take on the role of compliance auditor, because then the independence is not automatically established. A third party is therefore preferable in any case.

Am I obliged to create a compliance file for all my clients?
In principle you are. There are exceptions (e.g. for lawyers when they assist their client in a lawsuit before, during and after), but in principle a file should to be created for everyone. The law lists the exceptions.
Can my compliance file also be digital?

Yes, that is allowed. In the case of digital files, make sure that it is clearly visible when research has been carried out in a verifiable manner. It would be a shame if you carried out the investigation properly, but it is not clearly visible when, and therefore you receive a fine.

Are there also systems to implement compliance activities?

There are several systems in circulation. It is fair to say that many of them are still being developed, although some may be further than the others.

What is a risk analysis of the institution?

In order to be able to properly estimate which risks exist within an organization, it is necessary to make an inventory of those risks and then analyze them. This is a Systematic Integrity Risk Analysis (SIRA). Depending on your organization, this is either limited or extensive in size. It should, in any case not be underestimated in terms of time and investment, and it is advisable to call in a consultant to at least build the framework. Some advisors may have a standard format that you can purchase. You can also build a good analysis yourself in Excel.

Should I monitor everyone for international sanctions?

No. This obligation only applies to financial institutions, such as banks, payment institutions, trust offices and insurers on the basis of the Sanctions Act 1977. It is, of course, sensible to check whether potential counterparties or countries are sanctioned when you operate internationally. Violation of the Sanctions Act 1977 can lead to unpleasant fines.

Wwft Partners

Raymond van Wegberg,
Frans-Willem van der Ven &
Robert-Jan van Aken


Koninginnegracht 15
2514 AB, The Hague