The Netherlands Tightens AML Regime but Virtual Asset Oversight Gaps Persist

The Netherlands has bolstered its anti-money laundering (AML) rules in recent years, yet shortcomings in the supervision of virtual assets continue to present exploitable risks for money launderers.

After the Financial Action Task Force (FATF) placed the country under regular follow-up following its 2022 mutual evaluation, a re-assessment in 2025 upgraded the Netherlands to “largely compliant” on Recommendation 15—the FATF’s benchmark for managing financial crime risks tied to new technologies and virtual assets. While this marks meaningful progress, the re-rating also underscores that the Netherlands still faces unfinished business in reinforcing its defenses against illicit finance.

A Financial Hub Exposed to Laundering Threats

Money laundering is far from hypothetical in the Dutch context. As a major global financial center with an internationalized banking sector and a vital role as a trade gateway for Europe, the Netherlands attracts the attention of organized crime groups. Proceeds from activities such as drug trafficking, tax evasion, corruption, and cybercrime regularly flow through Dutch financial channels. Traditional banking and real estate remain prime conduits, but increasingly, virtual assets provide criminals with additional avenues. The rapid digitalization of financial services—through crypto exchanges, decentralized finance platforms, and peer-to-peer mechanisms—has compounded these risks, requiring bespoke regulatory responses.

According to the FATF follow-up report, the Netherlands has made substantial strides in addressing prior weaknesses by extending AML rules to cover the full range of virtual asset service providers (VASPs). This expansion brings Dutch regulation in line with the European Union’s Markets in Crypto-Assets Regulation (MiCAR). Regulatory responsibilities now rest jointly with De Nederlandsche Bank and the Authority for the Financial Markets (AFM), both of which have been empowered to license operators, conduct inspections, and impose sanctions. These reforms have strengthened oversight considerably.

Nonetheless, vulnerabilities remain. The FATF highlighted that the Caribbean Netherlands still lacks a binding AML regime for virtual assets, leaving a potential loophole. Additionally, the threshold for mandatory customer due diligence on occasional transactions continues to sit at €15,000—well above the FATF’s €1,000 standard. While these deficiencies may appear minor, the report stresses that “they are exactly the kinds of weaknesses that sophisticated laundering networks exploit.”

Expanding Oversight of Virtual Asset Providers

The transformation of Dutch oversight for virtual assets represents a significant milestone. Until 2023, the Netherlands had regulatory requirements for only two of the five categories of VASPs defined by the FATF. This meant custodians, token issuers, and transfer facilitators operated largely beyond the scope of AML obligations—creating a semi-regulated environment ripe for abuse.

With the 2025 reforms, this gap was closed. Now, nine categories of crypto-asset services fall within the scope of the Dutch Money Laundering and Terrorist Financing (Prevention) Act. Providers are required to register, undergo fit-and-proper assessments for leadership teams, and adhere to strict customer due diligence and suspicious transaction reporting obligations. Regulators can revoke licenses, issue penalties, and shut down unregistered operators. These changes send a clear message: the Netherlands is committed to cracking down on money laundering in the virtual asset space.

For illicit actors, the new framework significantly narrows the available options. Exchanges and custodians must now apply “know-your-customer” standards and monitor transactions for suspicious activity, complicating attempts to disguise illicit funds. Stablecoin issuers and wallet providers are subject to the same compliance requirements, limiting anonymous transfers. Moreover, the explicit prohibition on natural persons serving as providers ensures only entities under regulatory scrutiny may operate legally.

Yet challenges remain. The FATF emphasized that “regulation without enforcement leaves vulnerabilities intact.” Comprehensive laws must be paired with proactive supervision, including targeted inspections and timely sanctions. Criminal groups are adept at exploiting weak enforcement by creating shell companies, using lightly regulated jurisdictions, or deploying advanced technological tools to obscure financial trails. The FATF stressed that unless enforcement is both aggressive and internationally coordinated, these strategies will continue to undermine AML frameworks.

The absence of binding regulation in the BES Islands (Bonaire, St. Eustatius, and Saba) illustrates another ongoing gap. Even though no VASPs currently operate there, the lack of regulation represents a dormant risk. Launderers often exploit small or overlooked jurisdictions to gain lightly monitored access to larger financial systems. Draft legislation is underway to address this, but until it is enacted, the vulnerability remains.

Structural Weaknesses in Thresholds and Supervision

One of the most striking deficiencies flagged in the FATF review concerns the threshold for customer due diligence on occasional transactions. While international standards require checks for transactions exceeding €1,000, the Dutch requirement still only applies above €15,000 for non-commercial customers. This tenfold gap creates a structural weakness that criminals can exploit.

Smurfing—splitting large illicit sums into smaller amounts to evade AML checks—remains one of the oldest laundering strategies. In a virtual asset ecosystem, where transactions occur instantly across multiple platforms, the €15,000 threshold is particularly problematic.

By structuring transfers below the threshold, criminal organizations can move millions of euros’ worth of crypto undetected. This overwhelms compliance systems with a flood of low-value transfers that appear legitimate, making suspicious patterns harder to spot.

The FATF report acknowledged that Dutch law does contain interim safeguards. Customer due diligence must still be conducted when there is suspicion of laundering, when clients are classified as high-risk, or when customer data is in doubt. However, as the report noted, these measures “depend heavily on the vigilance of compliance teams and the robustness of monitoring systems.” Without a strict threshold, many questionable transfers may never be flagged.

Authorities plan to harmonize the Dutch threshold with the €1,000 requirement once the EU’s new AML Regulation takes effect in July 2027. Until then, however, the gap remains open. For organized networks—particularly those engaged in narcotics and cybercrime—this window offers a valuable opportunity. Criminals can strategically route illicit funds through Dutch VASPs while circumventing stricter controls elsewhere in Europe.

Supervisory practices also raise concerns. While the AFM and Dutch Central Bank now wield greater authority, their effectiveness will hinge on resources, staffing, and technical expertise. The complexity of the virtual asset sector and the sophistication of financial crime demand constant innovation. As the FATF observed, “effective supervision requires more than formal authority; it demands proactive, risk-based action to identify non-compliant actors and impose meaningful sanctions.”

Lessons for Global AML Regulation

The FATF’s follow-up report on the Netherlands offers valuable insights for other countries grappling with virtual asset oversight. Its alignment with MiCAR illustrates the advantages of supranational frameworks in harmonizing rules and closing gaps. By extending its scope to nine categories of crypto services, the Netherlands has reduced the risk of regulatory arbitrage across the EU.

At the same time, the Dutch experience highlights the dangers of partial or delayed compliance. Leaving the BES Islands outside the regulatory framework may appear minor in the short term, but history shows that criminals target precisely such overlooked jurisdictions. Likewise, maintaining the €15,000 threshold until 2027 gives laundering networks a two-year window to exploit the system. These shortcomings underscore the need for swift implementation and consistent application of international standards.

For AML professionals globally, several lessons emerge. First, regulation must keep pace with technological innovation; frameworks must adapt in real time as virtual assets evolve.

Second, strong laws are insufficient without rigorous enforcement capacity. Supervisors must act quickly and decisively against violators. Third, even peripheral vulnerabilities—in small jurisdictions or narrow thresholds—can undermine entire compliance regimes. As the FATF warns, “criminal networks will always look for the path of least resistance, and even small loopholes can undermine broader frameworks.”

Looking forward, the FATF will continue to subject the Netherlands to regular follow-up, with its fifth-round mutual evaluation examining not just technical compliance but also the effectiveness of implementation. To make further progress, Dutch authorities must accelerate the reduction of thresholds, finalize legislation for the BES Islands, and ensure enforcement keeps pace with reforms. Until these measures are in place, the Netherlands will remain a country that has strengthened its defenses but continues to carry lingering vulnerabilities in its fight against financial crime. 

By fLEXI tEAM