Supervision Outlook - Dnb

 
Supervision Outlook - Dnb
Supervision
Outlook       2018
Supervision Outlook - Dnb
Supervision Outlook for 2018

Contents
     Introduction	                                                  4

     About this publication                                         5

1    Main risks and challenges in the dutch financial sector        6

2    Cross-sectoral                                                 9

3    Banks                                                         18

4    Insurers                                                      21

5    Pension funds                                                 24

6    Investment Firms and Investment fund managers                 29

7    Payment and e-money institutions                              31

8    Money Transfer organisations                                  32

9    Trust Offices                                                 33

10 Supervision in the Caribbean Netherlands                        35

     Annex 1 Our Supervision: Mission, ambitions and core values   36
     Annex 2 Schedule for 2018 supervisory examinations            38
     Annex 3 Key Performance Indicators for 2018                   40
Supervision Outlook - Dnb
Introduction
4   Our Supervision Outlook outlines the priorities we        We observe and listen to get to know the issues at
    have set and examinations we plan to conduct as           play for our national and international stakeholders.
    part of our supervisory remit in 2018. It describes the   This is why we discussed a draft version of this
    subjects to which we will devote extra attention in       Supervision Outlook with representatives from
    2018, both in specific sectors and across sectors.        different segments of the financial sector on 22
                                                              September 2017 as part of our budget preparations
    Financial institutions must be never cease to be alert    for 2018. They informed us that they share our
    and adaptable, as risks and challenges are abundant.      views of current developments and areas meriting
    This calls for strong and sound financial institutions    attention. We have incorporated their suggestions
    that are capable of meeting their obligations and         where possible.
    commitments, now and in the future. We are
    committed to fostering a solid and reliable financial     This Supervision Outlook is not an exhaustive
    system and preventing that financial institutions         timetable of all our work scheduled for 2018. It is
    become involved in financial and economic crime.          supplementary to our ongoing supervision activities,
    The Dutch economy has been recovering in recent           describing our key focus areas and what we call our
    years, and the financial crisis is now well and truly     thematic examinations. Obviously, we will remain
    behind us. The single most important takeaway             on the lookout for newly emerging issues. After all,
    from the crisis is that we should all be alert to         effective supervisors are always alert to new
    newly emerging risks – financial institutions and         developments.
    supervisory authorities alike.

    We work closely with other supervisory authorities
    to achieve our supervision objectives. We perform
    our prudential supervision tasks as a partner in the
    single supervisory mechanism (SSM), under the final
    responsibility of the European Central Bank (ECB).
    Domestically, we set great store by our partnerships
    with the Netherlands Authority for the Financial
    Markets (AFM), the Financial Expertise Centre (FEC)
    and other supervisory authorities.
Supervision Outlook - Dnb
Supervision Outlook for 2018

About this publication
This edition of Supervision Outlook describes           To provide insight into the supervision results,   5
the subjects to which we will specifically devote       Annex 3 presents the key performance indicators
attention in 2018 and the impact this will have on      (KPIs) and target values for 2018.
the Dutch financial sector. We will address these
subjects both in our ongoing supervision activities     Please consult the 2018 Independent Public Body
and in the thematic examinations that we will           Budget scheduled for release in January 2018 for
describe here.                                          the financial substantiation of our supervision
                                                        programme. The activities described in this
Section 2 describes the main risks and challenges       Supervision Outlook form its basis.
that we have identified for the Dutch financial
sector. They are the basis for our supervisory
agenda, and will be the focus of our regular
supervision in the year ahead. Section 3 describes
priorities and examinations of a cross-sectoral
nature. The remaining sections address the
implementation of the supervisory agenda in the
different sectors.

Our goal is to communicate the schedule for our
supervisory examinations as early as possible.
In addition to the general schedule in Annex 2, which
is as detailed as possible, we will also regularly
inform the sector about the timing and progress
of examinations, also by means of newsletters.
We will of course promptly inform institutions
on an individual basis about the examinations for
which they have been selected. Meanwhile, we are
committed to coordinating our examinations even
better than before.
Supervision Outlook - Dnb
1 Main risks and challenges in
    the dutch financial sector
6   We have identified the following six risks and challenges
    for the financial sector:

     Insufficient capacity               Interest rate trends:               Increasing digitisation and
     for change                          low rates and sudden                cyberattacks
                                         increase

     Financial institutions that are     The financial sector is exposed     Increasing digitisation places
     unable to adapt to changing         to the risks of both persistently   significant demands on the
     circumstances could in due          low rates and a sudden increase     administration of IT systems
     course face erosion of their        in interest rates.                  and the control of data-related
     earnings potential and, hence,                                          operational risks. Within the
     their financial soundness.                                              abundance of IT-related risks,
                                                                             cyber risk is considered a fast-
                                                                             growing threat. Cyber risk differs
                                                                             from other IT risks in that external
                                                                             parties with malicious intent
                                                                             seek to steal, disrupt or change
                                                                             customer-related and other data
                                                                             stored in IT systems.

     Financial and economic              Political and geopolitical          Regulation: implementation
     crime                               uncertainties                       and unintended effects

     The management of                   At the global level, there are      Since the financial crisis, the
     integrity risks in the financial    still considerable uncertainties,   regulatory burden has grown in
     sector could be improved            witness the developments            terms of requirements, intensity
     and therefore requires              in the Middle East and              and scope. New requirements
     undiminished attention. This        North Korea. In Europe,             have made the financial sector
     should prevent Dutch financial      the implications of Brexit are      more resilient, but institutions
     institutions from facilitating,     still uncertain, and political      may find it a daunting task to
     unintentionally or otherwise,       shifts have occurred. These         comply with these new rules
     money laundering, terrorist         uncertainties pose risks to the     in time. The risks attendant on
     financing or the violation of       global economy and, hence,          expanding regulation are that
     sanction rules. Such facilitation   to the financial sector.            rules may conflict or future
     may damage confidence in the                                            implementation may increases
     sector and harm its reputation.                                         uncertainty.
     Also, financial institutions
     that act in violation of the
     rules could face high fines and
     claims for compensation, which
     exposes them to significant
     prudential risks.
Supervision Outlook for 2018

Overview of examinations scheduled for 2018                                                                                           7

  Cross-Sectoral                                                    Pension funds

 Responding to technological innovation                             ▪   	
                                                                         Well-balanced financial commitments and
 ▪	
   Scope for opportunities: innovationhub and                         transparency                                    risks 1 and 2
   regulatory sandbox                               risk 1          ▪ Future orientation                              risks 1 and 2
 ▪ Controlling risks: information security          risk 3          ▪	
                                                                      Sound pension administration amid
                                                                      increasing digitisation                         risk 3
 Future orientation and sustainability                              ▪ IORP II-readiness                               risks 1 and 6
 ▪ Capacity for change                              risk 1
 ▪ Climate-related risks                            risk 1
 ▪ Tail risks
 ▪	
   Unintended effects of legislation and
                                                                    Investment firms and investment fund
   regulations                                      risk 6
                                                                    managers
 A hard stance against financial and
 economic crime                                                     ▪   	
                                                                         Future orientation of pension asset
 ▪	Anticipating changes in legislation and                              managers                                     risk 1
    regulations                                     risks 4 and 6
 ▪	Systematic integrity risk analysis (SIRA)       risks 4 and 5
 ▪	Terrorist financing and violation of sanction
    rules                                           risks 4 and 5

  Banks

 ▪   Review of internal models (trim)
 ▪   Credit risk
 ▪   Stress test for banks                          risks 2 and 5
 ▪    reventing bank involvement in financial
     P                                                                              Risks
     and economic crime                             risk 4                          Risk 1    Insufficient capacity for change
                                                                                    Risk 2 	Interest rate trends: low rates and
                                                                                              sudden increase
                                                                                    Risk 3 	Increasing digitisation and
  Insurers
                                                                                              cyberattacks
                                                                                    Risk 4    Financial and economic crime
 ▪ Opportunities and risks of insurtech             risks 1 and 3
 ▪	                                                risks 1 and 2                   Risk 5 	Political and geopolitical
   Insight into how to determine net capital
   generation                                                                                 uncertainties
 ▪	
   Insight into technical provisions and            risks 2 and 6
   experience mortality                             risk 4                          Risk 6 	Regulation: implementation and
 ▪ Set-up of compliance function                                                              unintended effects
Supervision Outlook for 2018

  2 Cross-sector
  examinations
  Simultaneously with this Supervision           2.1 Responding to technological                            9
  Outlook, we will also publish the              innovation
  Supervisory Strategy for 2018-2022, which      Innovative technologies impact the entire financial
  charts the course for supervision in the       sector. Our role is to provide scope for technological
  years ahead and includes the following         innovation to ensure that the financial sector
  three focus areas:                             remains diverse and competitive and services can be
                                                 further improved. At the same time, technological
  1. responding
     	           to technological innovation;   innovation can shake up institutions' business
  2. 	emphasising future orientation and        models, which is why we are pressing for future-
     sustainability;                             proof and sustainable business models. Increasing
  3. 	a hard stance against financial and       digitisation also gives rise to new risks: vulnerability
     economic crime.                             to cybercrime is growing, new players are changing
                                                 the financial landscape, and the service chain is
  Our supervisory divisions will place           becoming increasingly fragmented.
  additional emphasis on these focus areas,
  both in our cross-sectoral examinations
  and in our sector-specific priorities and

pelen op
  examinations. This section discusses our
  cross-sectoral activities in these focus

hnologische
  areas for the year ahead in more detail.

nieuwing
10   We keep reshaping our supervisory approach             Controlling risks: information security
     to match the new playing field, by leveraging          Technological innovation and increasing digitisation
     the appropriate means, expertise and skills.           make the operational management in the financial
     Our Supervisory Strategy 2018-2022 discusses the       sector more vulnerable due to cybercrime. Growing
     impact of technological change on the financial        digitisation and interdependencies throughout
     sector and how we translate this to our supervision.   the financial chain mean that cyber risks can
     Below, we will set out how we want to provide          affect financial stability. A potential attack on
     scope for new opportunities and emphasise              confidentiality, integrity or availability of payment
     enhanced risk control.                                 services will therefore have a big impact – data
                                                            could be disclosed and confidential information
     Scope for opportunities                                may fall into the wrong hands. At the same time,
     A joint initiative of the AFM and DNB, the             cyberattackers are refining their techniques, meaning
     Innovation­Hub has since 2016 provided support         that their attacks are becoming increasingly complex.
     in queries market participants may have about          Whereas they used to concentrate on direct
     supervision and regulations relating to innovative     customer fraud, advanced attackers increasingly
     financial products and services. Together with         single out financial institutions and chains of
     the AFM, we also launched a regulatory sandbox.        institutions, rather than specific products or channels.
     This means that if financial institutions want to      If one institution's operations or services are
     launch innovative concepts, but cannot reasonably      interrupted, this may impact other institutions in the
     be required to comply with specific policies, laws     chain, and the aggregate impact will grow. Within
     or regulations, we explore the leeway that the         the range of IT-related risks, cyber risk is considered
     law offers in terms of compliance. We also revisit     a fast-growing threat. This is due for example to
     existing policies, amending them where needed.         concerns about the adequacy of the institutions'
     We will continue developing the InnovationHub and      own technological systems and the impact of
     the regulatory sandbox in keeping with the latest      cyberattacks. This is why we identified increasing
     developments.                                          digitisation and cyberattacks as a main risk for 2018.
                                                            This subject is also increasingly in the spotlight
                                                            internationally.
INANCIËLE
             INSTELLINGEN
   Supervision Outlook for 2018

   We urge institutions in all segments of the            2.2 Future orientation and                               11
   financial sector to raise the level of their cyber     sustainability
   risk controls. We have been examining for several      The pace of changes in the financial sector is
   years how financial institutions control information   accelerating. It is important, however, that they do
   security risks, and will continue to do so in 2018.    not occur abruptly and uncontrolled, in order to
   We will inform you in due course about the detailed    safeguard the stability of the financial system.
   timetable for our examinations.
                                                          Future-oriented financial institutions take
   Besides performing examinations, we increase           their strategic decisions in time and are able to
   awareness among financial institutions of the          respond quickly to economic, technological and
   importance of controlling cyber risks by hosting       political developments. Financial institutions that
   seminars and round table sessions, and by providing    are incapable of adapting in time may run into
   information and issuing guidance documents.            difficulties.
   For example, a seminar for insurers and pension
   funds is scheduled for 18 January 2018.                Capacity for change
                                                          Financial institutions that want to look to the future
                                                          must develop a deep understanding of how new
                                                          trends will affect them. This understanding will
                                                          enable them to make realistic strategic decisions
                                                          that contribute towards their sustainability, both in
                                                          terms of financial performance and risks, and from the

                                                                                                                        3
                                                          perspective of ethical operational management.

 uren op
oekomstgerichtheid
 duurzaamheid
12   Often, institutions experience a sense of urgency                Climate-related risks
     and have the willingness to change but, crucially,               Financial institutions must increasingly factor in the
     they must also have the skills to identify the                   consequences of climate change and the transition
     changes that are needed and to successfully                      to a carbon-neutral economy. This is the conclusion
     embed these changes in their business models,                    of our recent research into the impact of climate-
     organisation and corporate culture. Insufficient                 related risks on the Dutch financial sector.
     capacity for change could be due to an unclear                   There are two categories of climate-related risks:
     change vision, a lack of visibility on the part of               (1)	physical risks arising from climate-related damage
     the organisation's executive leadership that                         such as wind and hail storms, and flooding; and
     owns the change, or ambiguity in how the vision                  (2)	transition risks resulting from the transition to a
     is reflected in visible actions. The attitude of an                  carbon-neutral economy.
     institution's board members may also play a role,
     for instance if they focus too much on the short                 The impact of these risks is diverse and is being felt
     term. As a consequence, institutions may not                     increasingly strongly in a growing number of areas,
     implement the necessary changes, or will be too                  including in the financial sector. As the supervisory
     late in implementing them, which will affect their               authority, we therefore intend to embed climate-
     financial soundness or integrity in the longer run.              related risks more firmly in our supervision with the
                                                                      ultimate aim of ensuring long-term financial stability.
     We want to stimulate financial institutions¹ ability             We intend to take the following steps in 2018 to embed
     to identify in time the changes that are needed                  climate-related risks more firmly into our approach to
     and to implement them successfully. In 2018,                     supervision. We will incorporate climate-related risks
     we will investigate change capacity among eight                  in our assessment frameworks and address them in
     different types of financial institutions, using a               our interviews with supervised institutions. We will
     methodology jointly developed with the AFM.                      continue working on the implementation and further
     We will be zooming in on financial institutions                  development of climate stress tests. For example,
     that face an important change or have started a                  we are currently conducting a climate-related stress
     major transformation. We will inform the relevant                test at non-life insurance firms and we are working
     institutions of our findings and may share them                  on developing a stress test for transition risks, which
     with the sector as a whole.                                      focuses on the impact of an energy transition on the
                                                                      sector as a whole.

     1	DNB report "Waterproof? An inquiry into climate-related risks for the Dutch financial sector", October 2017
           https://www.dnb.nl/en/news/news-and-archive/dnbulletin-2017/dnb363837.jsp
Supervision Outlook for 2018

Tail risks                                                 We launched an examination into unintended               13
A financial crisis often comes from an unlikely            effects of regulation in 2017. We assessed whether
corner, relevant signals are picked up insufficiently,     regulation has the unwanted side effect of
too late or not at all. These risks, whose likelihood is   increasing the prudential risks to which financial
considered comparatively small and which may even          institutions are exposed. Specifically, we are looking
go undetected, have a potentially large impact on          for answers to the following questions.
financial institutions or the system as a whole. They      ▪	
                                                              To what extent do changes in capital
are also referred to as tail risks.                           requirements cause institutions to modify their
                                                              operations?
We aim to improve our understanding of the                 ▪
                                                            	
                                                              To what extent does the regulatory burden
capabilities that financial institutions have to detect       result in a loss of focus on strategy and risk
tail risks accurately and in time. This is why we will        management?
inventorise and analyse the methodologies that             ▪
                                                            	
                                                              To what extent does regulation affect market
institutions use to detect these risks, in consultation       access and organisation?
with sector participants and experts. Over the course      ▪
                                                            	
                                                              To what extent can supervision be made more
of 2018, we will inform the sector about the project's        proportional?
progress and produce a results report.
                                                           We expect to publish the outcome of this
Unintended effects of regulation                           examination, as well as recommendations for
The regulatory burden has grown sharply in terms of        optimisation of laws and regulations, in early 2018.
requirements, intensity and scope since the financial
crisis. Stricter requirements have the immediate
effect of making the financial sector more resilient,
but they also raise the likelihood of unintended
indirect effects, which increase the prudential risks
for financial institutions or the system as a whole.
14   2.3 Taking a hard stance against                         We emphasise that financial institutions themselves
          financial and economic crime                             are responsible for ensuring they can safeguard
          The third focus area in our Supervisory Strategy for     ethical operational management and prevent
          2018-2022 is financial and economic crime. Financial     involvement in financial and economic crime.
          institutions play a key role in preventing money         We have noted improvements in this regard,
          laundering, corruption, terrorist financing, insider     but more effort must be made across the financial
          trading, violations of sanction rules, tax evasion and   sector. Only too often does our supervisory practice
          other crimes.                                            show that statutory requirements are seen as a box-
                                                                   ticking exercise and complied with while keeping to
                                                                   the bare minimum. We expect institutions to place
                                                                   the ultimate responsibility for regulatory compliance
                                                                   more clearly with the management board and to
                                                                   ensure that risk controls are more firmly embedded
                                                                   in the organisation.

he
                                                                   Our supervision focuses on strengthening the
                                                                   lines of defence, and uses a risk-based approach.
                                                                   Data analysis plays an increasingly important role,

t
                                                                   for example in updating the risk profiles of sectors
                                                                   and institutions. We plan to explore and expand our
                                                                   use of innovative technologies in the years ahead
                                                                   and to encourage the sector to use innovation as
                                                                   a means to achieving more effective and efficient
                                                                   ethical operational management. Equally important
                                                                   is that financial institutions must be alert to the risks
                                                                   of financial and economic crime inherent in the use of
                                                                   virtual currencies.

                                                                   Investigative authorities are increasingly encountering
                                                                   the use of virtual currencies in money laundering and
                                                                   terrorist financing.
Supervision Outlook for 2018

Below, we will describe the topics to which we plan               Financial institutions are deemed to comply with         15
to devote specific attention in 2018.                             amended legislation and regulations from their
                                                                  effective date onwards, and we intend to examine
Anticipating changes in legislation and                           compliance. We will inform the sector participants
regulations                                                       of the exact timing and scope of our examinations in
In the period ahead we will see a string of legislative           due course.
changes in the area of financial and economic crime
and ethical operational management of financial                   Systematic integrity risk analysis (SIRA) in
institutions. Examples of major changes include                   practice
the implementation of the European Fourth Anti-                   A SIRA as performed by a financial institution forms
Money Laundering Directive² into Dutch law and                    the basis for safeguarding its ethical operational
the introduction of a revised statutory framework                 management and preventing its involvement in
for trust offices. The amendments demand a great                  financial and economic crime. Institutions are
deal of adaptability from the financial sector,                   expected to identify risks and to prepare policies and
as well a proactive stance where implementation                   take adequate measures to control these risks.
and compliance are concerned. We urge financial
institutions to anticipate impending legislative                  Over the past years, we have devoted special
changes and take adequate action to ensure that                   attention to the SIRAs of financial institutions
they comply with the new requirements in time.                    across sectors. We examined their quality and
                                                                  provided guidance about their design and about
We will keep institutions updated on new                          drawing up an integrity risk appetite. Our 2016 and
developments and the envisaged effective dates                    2017 examinations revealed that there is room for
of relevant legislation through sector letters and                improvement, and we took enforcement measures
news releases. Where needed, we will host sector-                 against several institutions. Too often, we see
specific and general information sessions. We will                discrepancies between paper SIRAs and institutions'
also organise meetings with the financial sector to               day-to-day ethical operational management and their
discuss the key changes facing the sector and our                 enactment of the gatekeeper role.
expectations with regard to implementation.

2	Directive 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of
      the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No
      648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European
      Parliament and of the Council and Commission Directive 2006/70/EC (OJ 2015 L 141/73).
16   Hence, we will in 2018 closely scrutinise how                    We urge financial institutions continue developing
     institutions put the outcome of their SIRA into                  and to make a significant contribution to preventing
     practice in terms of the risk assessments that they              terrorist financing and evasion of financial sanctions.
     make and the risk controls that they implement.
                                                                      In 2018, we will examine the following questions
     We intend to focus on the principal risks inherent in            across the sector.
     the specific profiles of the institutions that we select,        ▪
                                                                       	
                                                                        How do financial institutions respond to the risk
     and will work together with our FEC partners.                        of becoming involved in terrorist financing?
                                                                      ▪
                                                                       	
                                                                        Do they make adequate use of indicators to
     Our examination will cover all supervised sectors.                   identify terrorist financing and reporting this
     Based on risk profiles, we will, for each sector,                    where relevant?³
     establish which risks and which financial institutions           ▪
                                                                       	
                                                                        Are the risk controls aimed at ensuring
     will be included in the examination. We will review                  compliance with the Sanctions Act 1977 and
     documentation, such as the most recent SIRAs,                        related laws and regulations adequate?
     and perform on-site research to assess the actual
     effectiveness of the control framework.                          We will base our examinations on conclusions
                                                                      drawn on previous occasions.
     Terrorist financing and violation of sanction rules
     The current geopolitical conflicts and real threats of
     terrorism demand that the financial sector puts in a
     maximum effort to prevent involvement in terrorist
     financing and violations of the Sanctions Act 1977
     (Sanctiewet 1977). Financial institutions are required
     to have an adequate transaction monitoring
     system in place that detects unusual transactions
     at an early stage and reports them where relevant.
     The examinations we performed over the past few
     years revealed significant shortcomings regarding
     the measures institutions take to control these risks
     and to ensure that they comply with the notification
     requirement.

     3     We also refer you to our recently issued guidance document on effective transaction monitoring.
3 Banks
18   Exceptional monetary policy, low interest                 The impact of low interest rates
     rates and technological innovation all have               Our supervision will continue to devote attention
     an impact the profitability of banks and                  to the low level of interest rates. In recent years,
     the sustainability of their business models.              large Dutch banks have been coping well with
     Banks therefore need to be alert in order                 pressure on profits from low interest rates.
     to anticipate changes at an early stage.                  One of our examinations has shown that the
     In addition, the banking environment is                   scope for maintaining profitability is narrowing,
     changing, due to geopolitical developments,               however, for example when mortgage loans with
     Brexit being a case in point. Although the                comparatively high margins are being replaced by
     exact impact of Brexit on the banking                     new ones with lower margins.
     sector is still uncertain, the issue casts a
     long shadow: banks residing in the UK                     Introduction of PSD2 will impact the
     are already moving their operations to                    banking sector
     mainland Europe.                                          The revised European Payment Services Directive
                                                               (PSD2) aims to foster market innovation. It offers
                                                               banks and other businesses the opportunity to
     European banking supervision                              implement technological innovations and to
     Within the SSM, the ECB has since 4 November 2014         market new products and services, such as account
     borne the ultimate responsibility for prudential          information. The PSD2 will provide opportunities,
     supervision of all banks operating within the euro        but also place stricter demands on businesses in
     area. The ECB and DNB jointly conduct supervision         terms of security and authentication and regarding
     of significant institutions (SIs), whereas we conduct     notifications of incidents in the payments system.
     our supervision of less significant institutions (LSIs)
     under the aegis of the ECB. The SSM's agenda              Banks will therefore need to make operational
     determines prudential supervision of banks,               changes before the PSD2 takes effect. We will
     including LSIs. The 2018 agenda is expected to be         consider these new requirements as part of our
     published in December 2017, and we will notify the        supervision of sound operational management and
     Dutch banking sector of its contents. Its focus areas     business continuity management.
     will include sustainable profitability of business
     models, credit risks in concentrated portfolios and
     non-performing loans, risk management based
     on internal models, the SSM-wide stress test,
     and operational preparations for Brexit.
Supervision Outlook for 2018

Review of internal models                                 Financial and economic crime                           19
The SSM in 2017 launched a project named Targeted         One of DNB's national tasks is to supervise the
Review of Internal Models (TRIM), with the aim            prevention of financial and economic crime and
of harmonising supervision of internal models and         to monitor ethical operational management on
raising their quality. The projects involves on-site      the part of banks. This specific remit is not part
examinations at the selected institutions. Retail         of our SSM responsibilities. We compile dedicated
models are being reviewed, and the examination            supervision programmes for each SI to enable
will run into 2018. Corporate SME models will be          them to comply with relevant laws and regulations.
reviewed in the first half of 2018, and wholesale         The programmes are tailored to the specific risk
models will follow in the second half of 2018. We will    profile of the SI. We plan to communicate the
report the results to the individual institutions.        supervision programmes to the SIs in early 2018.
The TRIM project is expected to be completed in           The main objectives of these programmes are
late 2019.                                                to hold management boards accountable for
                                                          safeguarding sound operational management
Credit risk                                               and to urge them to strengthen their compliance
Besides the TRIM project, the SSM also conducts           function to control risks related to financial and
credit risk assessments. Its 2017 assessment of the       economic crime. Our supervision of LSIs in this area
quality of SME loans extended by Dutch banks based        will remain risk-based and intensive, both sector-
on an Asset Quality Review (AQR) will continue into       wide and institution-specific.
2018. The results will be announced in mid-2018.
In addition, the SSM is expected to launch an
examination into credit risks in shipping portfolios in
late 2017.

Stress tests for banks
In 2018, the European Banking Authority (EBA) will
again be conducting its two-yearly banking stress
test for significant institutions. This exercise aims
to tests the banks' resilience against adverse market
conditions and to reveal potential problem areas and
vulnerabilities. The outcome will be addressed in the
Supervisory Review and Evaluation Process (SREP).
20
Supervision Outlook for 2018

4 Insurers
Business models in the insurance sector in                  Many insurance firms have started future-proofing          21
the Netherlands have been under pressure                    their business models. Further and accelerated
in recent years, reflecting the low interest                strengthening of the capacity for change remains a
rate environment, declining premium                         necessity to respond to new developments promptly.
volumes, technological developments and                     As in other sectors, insurance firms are expected
fierce competition in a partly saturated                    to make sure that their business models reflect the
market. Fundamental choices must be                         impact of societal trends. Political, legal, social and
made to safeguard a financially solid                       cultural trends, as well as the ageing population,
insurance sector that continues to serve                    present new risks, change already insured risks,
society. In December 2016, we issued a                      further the development of new products and
report highlighting the key trends and                      services and can influence the way insurance firms
main challenges facing the insurance                        work. Another issue meriting attention is climate
sector, entitled "Vision for the future of                  change, which impacts both insurable risks and
the Dutch insurance sector”.⁴ The report's                  investments made by insurers.
analyses are still valid today.
                                                            Accordingly, our insurance supervision will in 2018
                                                            focus on the importance of a robust financial
                                                            position of the insurance sector, and consider
                                                            whether insurers are sufficiently preparing
                                                            themselves for the future. This will be part of our
                                                            ongoing supervision and the specific examinations
                                                            described below. In addition, due to potential claim
                                                            risks related to unit-linked insurance policies, we will
                                                            also continue monitoring that insurers carrying
                                                            such insurance products are able to meet their
                                                            commitments.

4	The report can be downloaded from our website: https://www.dnb.nl/en/binaries/Vision%20for%20the%20
      future%20of%20the%20Dutch%20insurance%20sector_tcm47-350191.pdf?2017103114
22   The health insurance sector is also up against various   We will continue our examination in 2018, homing
     challenges, such as demographic and political            in on risk-mitigating actions that are needed to
     developments and medical innovations. We will issue      safeguard that the sector will continue to respond
     a report outlining our vision of the health insurance    appropriately to insurtech developments in the
     sector in late 2017. The report will address these       medium and long term. We will urge insurers to set
     trends in more detail and present recommendations        up their strategy, operations and organisation so as
     to health insurers, supervisory authorities and          to deal responsibly with the opportunities and risks
     policymakers that help mitigate financial risks at       that arise from insurtech, with a particular emphasis
     health care insurers. We will follow up on these         on their capacity for change. We will inform the
     policy recommendations in 2018.                          insurance sector about the practical details of
                                                              follow-up actions and time frames in our Dutch-
     Opportunities and risks of insurtech                     only insurance newsletter (Nieuwsbrief Verzekeren).
     Technological innovation in insurance, known as
     insurtech, is having a significant impact on the         Insight into how to determine Net
     insurance sector. Future proofing business models        Capital Generation
     fundamentally requires that insurers leverage the        Net Capital Generation (NCG) is a key concept both
     opportunities that new technologies present. They        for insurers and for market analysts. Insurers use
     could for example improve ease of use and customer       it to describe movements in their capital position.
     focus, and initiate a transition towards more data-      NCG can play a major role in an insurer's capital and
     driven organisations and more flexible and cost-         dividend policy and in mergers and acquisitions.
     efficient operations.
                                                              Understanding how NCG is determined and which
     We seeks to achieve that insurers deal responsibly       uncertainties are at play can help both the insurance
     with the opportunities and risks that arise from         firm and DNB get a clear picture of the former's
     insurtech. We launched an examination in 2017            future financial position.
     to develop a deeper understanding of the impact
     that technology has on insurers' strategies and          We have found that insurance firms use different
     the future sustainability of their business models.      definitions of NCG. In 2018, we will ask individual
     Our provisional findings suggest that insurtech          insurance firms to submit data, in as far as we
     developments primarily complement current                do not have this information yet, to improve our
     business models in the short term, whereas their         understanding of the exact calculation methods
     impact could be more disruptive in the longer run.       that they use. Based on this information, we will
Supervision Outlook for 2018

investigate whether prudential risks may arise from      For selected life and funeral services insurers, we will   23
the way in which insurers address NCG in their           examine whether experience mortality is estimated
policies. We will study how exactly each company         consistently and based on realistic assumptions,
calculates NCG, which role it plays in each insurer's    whether actual outcomes are reviewed, and how
policy, how expectations and actual outcomes are         significant uncertainties are. We will of course
reconciled, and how uncertainties about the level        inform the selected firms of our findings and will
of NCG are addressed. We will inform the sector of       also report back to the sector.
our findings.
                                                         The compliance function
Insight into technical provisions and                    Compliance is a key function subject to statutory
experience mortality                                     requirements. An effective compliance function is
With solvency levels of life and funeral services        vital in controlling risks, such as those regarding
insurers under pressure, it is more important than       financial and economic crime and financial product
ever to estimate technical provisions accurately.        miss-selling. We performed an examination in
After all, a deficit masked by technical provisions      2015 into the set-up of key functions, including
may erode an insurer's solvency. Key elements in         compliance. This revealed that positioning the
technical provisions are the mortality table used and    compliance function in relation to the management
experience mortality.                                    board, and formalising the compliance charter are
                                                         key areas for attention.
We intend to assess technical provisions more
closely, and will place particular emphasis in 2018 on   In 2018, we will be looking into the effectiveness of
estimates of experience mortality. Our envisaged         insurers' compliance functions and verify whether
effect is that insurance firms correctly estimate        they adequately addressed the concerns that
experience mortality within the boundaries of            emerged from our 2015 examination. To this end,
inherent uncertainties, to the extent they do            we will perform on-site examinations at five or six
not already do so, and that they make sufficient         selected insurance firms to verify whether they have
allowance for such uncertainties. This will reduce       embedded the compliance function in line with
uncertainty as a proportion of technical provisions      the statutory requirements and have implemented
and, hence, any uncertainty surrounding the              improvements. The AFM will be asked for input
insurer's financial solidity.                            to draft the assessment framework and select the
                                                         companies for examination. We will inform the
                                                         sector of our findings.
5 Pension Funds
24   The financial position of many pension                             Pension funds are under great pressure to adapt
     funds remains vulnerable. While some                               to far-reaching changes and to address structural
     pension funds⁵ have seen their finances                            problems. The ambitions pension funds set
     improve, many cannot rule out the                                  themselves and communicate to their members
     possibility of future benefit curtailments.                        must be sufficiently feasible and realistic. This
     This means expectations raised among                               requires from pension funds that their financial
     pension fund members may not be met.                               structure is sustainable in the long term.
     It is therefore vital that finances are put
     in order and expectations on the part of                           Pension funds are expected to be prepared for
     members are managed better.                                        the future in terms of finances, operations and
                                                                        governance. Preparations are of the essence if a
                                                                        transition to a new pension system is to proceed
                                                                        smoothly. After all, that transition will be no less
                                                                        than a watershed in the pensions sector. Although
                                                                        it has not yet fully taken shape, the transition
                                                                        seems unavoidable, if only because the need for
                                                                        regeneration is increasingly felt. In their current
                                                                        form, pension contracts have major vulnerabilities,
                                                                        as they do insufficient justice to the differences in risk
                                                                        tolerance between generations and are incompatible
                                                                        with the increasingly flexible labour market.

                                                                        The examinations we have scheduled for 2018 place
                                                                        particular emphasis on bolstering the financial
                                                                        position of pension funds and anticipating future
                                                                        changes. We will also perform supervision activities
                                                                        aimed at identifying, describing and, where needed,
                                                                        mitigating specific risks, both sector-wide and for
                                                                        individual pension funds.

     5	The same holds true for pension premium institutions. The text below is tailored specifically to pension funds.
Supervision Outlook for 2018

To provide clear information about our supervisory                We will therefore examine decision-making and          25
activities, we send all pension funds their own                   documentation related to recovery plans, feasibility
supervision schedule.⁶ This gives them an                         tests and possible benefit curtailments at selected
individualised overview of the examinations and                   pension funds. Together with the AFM, we will review
surveys they can expect from us in 2018.                          pension funds' communications with members and
                                                                  other stakeholders. We will inform them about the
Well-balanced financial commitments                               exact time frames in early 2018.
contribute to trust
We want members' expectations to be met and                       Future orientation
confidence to be maintained. Therefore it is                      The sweeping changes seen in the operating
important for a pension fund's financial structure to             environment of pension funds increase the urgency
be well-balanced and sustainable in the long run.                 of long-term orientation. Moreover, Dutch law
A vulnerable financial position presents an elevated              requires that pension funds have a documented
risk of curtailment of pension benefits and a reduced             vision and strategy and that they identify and
likelihood of indexation. This is why we will stress              mitigate risks. One of the step changes ahead is
two issues: pension funds must be critical of their               the transition to a new pension system. Pension
own financial structure, and they should ensure                   funds that fail to adapt to changing circumstances
that their investment policies are well-balanced                  or do so insufficiently or belatedly could end up
and sustainable in the long term, for both defined                unable to meet their members' expectations and
benefit and defined contribution schemes.                         losing their rationale.

In doing so, we will follow up in 2018, jointly with the          We therefore urge pension funds to make sure
AFM, to the "clear expectations" theme we adopted                 their operations, organisation and governance are
in 2017. Specifically, we will examine pension funds'             agile and resilient to potential changes in their
decision-making processes relating to their financial             environment. They should focus on the long term
structure. Examples include the choices they make                 and manage their strategic risks. This will allow
in respect of sustainable and other investment                    them to create the conditions to keep serving their
policies and the assumptions that underlie their                  members adequately, also in the future.
recovery plans and feasibility tests in the event that
contributions prove not recover costs.

6     With the exception of pension funds in the process of wind-up.
26   In 2016 and 2017 we examined whether pension              Our aim is to achieve that pension funds and
     funds had a vision and strategy in place, whether         pension administration organisations are adequately
     they implemented their strategy and whether they          equipped to keep their pension accounts in a
     mitigated vulnerabilities and strategic risks. We will    sound manner. Next year, we will complete
     follow up on these examinations in 2018, monitoring       the survey launched in 2017 into outsourced
     how pension funds implement their strategies and          accounting services among pension administration
     how they address vulnerabilities and risks. Where         organisations. In addition, we will examine the
     needed, we will urge individual pension funds to          quality of administration records and monitor
     take specific steps, by imposing a formal measure as      improvements that individual pension funds make to
     the case may be.                                          their information security. Marking the completion
                                                               of both examinations into this subject, we will issue a
     Sound pension administration amid                         guidance document that provides pension funds with
     increasing digitisation                                   practical tools for controlling operational and IT risks
     Having a robust digital administration system in          in pension accounting.
     place is essential for pension funds. Using deficient
     or legacy systems carries the risk of information
     not being available to members in digital format or
     being insufficiently protected against IT risks such
     as identity fraud and cybercrime. We discussed this
     risk in the cross-sectoral section on technological
     innovation.

     Administration systems must also be sufficiently
     flexible to incorporate newly required functionalities.
     This is necessary as part of preparations for the
     transition to a new pension system, which will
     require adjustments to systems and the introduction
     of new applications. Examinations have shown,
     however, that many administration systems fail to
     meet today's demands.
Supervision Outlook for 2018

Ready for IORP II                                                                                                27
In 2019, the revised European Directive on Institutions
for Occupational Retirement Provisions (IORP II)⁷ will
be implemented in Dutch law. The Directive contains
more specific requirements as to the set-up of a
risk management function and other key functions.
For example, pension funds will be obliged to have
an actuarial function and an internal audit function
in place. Likewise, it also obliges institutions that
pursue a sustainable investment policy to consider
environmental, social and governance factors in their
investment decisions.

We aim to achieve that pension funds anticipate
the requirements under impending legislative
amendments and ensure compliance within the set
deadline. We educate pension funds about the IORP
II requirements and make enquiries from pension
funds as to the current set-up and effectiveness of
their key functions, notably their risk management
function. We also consider the role that newly
emerging climate-related risks play in their
investment policies. We use the results from our
enquiries to select pension funds for more in-depth
on-site examinations and inform the sector about
the results.

7	Directive 2016/2341/EC of the European Parliament and the Council of 14 December 2016 on the activities and
      supervision of institutions for occupational retirement provision (IORPs) (OJ L 354/37);
28
Supervision Outlook for 2018

6 Investment Firms and
Investment fund managers
In 2018 our supervision of investment                      We are aware of the opportunities and risks              29
firms and investment fund managers will                    presented by consolidation in this sector.
continue to focus on capital buffers and                   Consolidation may be driven by pressure on asset
sound operational management. Although                     managers' business models, as well as by a wish to
we have seen improvements, many firms                      benefit from economies of scale in small or medium-
and funds still need to shore up their                     sized funds.
capital buffers. Our ongoing supervision
activities will concentrate in particular on               We launched an examination in 2017 into the
the Internal Capital Adequacy Assessment                   sustainability of business models of investment firms
Process (ICAAP) in 2018. We will again                     and investment fund managers and also studied
impose enforcement measures where we                       liquidity risks in open-ended investment funds and
find capital deficits.                                     risks inherent in outsourcing and IT. The various
                                                           findings will be fleshed out and may result in
                                                           additional examinations and measures in 2018.

                                                           Developments in legislation and
                                                           regulations
                                                           We expect the European Commission to introduce
                                                           legislative proposals for a new capital framework
                                                           for investment firms in 2018. The proposed rules
                                                           will be based on an opinion⁸ that the EBA issued on
                                                           29 September 2017. We have pressed for a suitable
                                                           prudential capital framework, both within the EBA
                                                           and in our consultations with the Ministry of Finance,
                                                           one that does more justice to the specific risks
                                                           faced by investment firms. Through our seminars,
                                                           newsletters and dialogue with sector organisations,
                                                           we will continue to keep in touch with the sector
                                                           about the design of the new capital framework.

8	http://www.eba.europa.eu/-/eba-issues-opinion-on-the-design-of-a-new-prudential-framework-for-
      investment-firms
30   The revised Markets in Financial Instruments                 We aim to get a clearer view of whether pension
     Directive (MIFID II) is also scheduled to take effect        asset managers are sufficiently future-proof to face
     in 2018. As a consequence, a number of firms will            the developments ahead. To do so, we will chart
     require a licence as investment firms and become             the impact that the current developments have on
     subject to AFM and DNB supervision⁹, such as                 pension asset managers, using findings from previous
     proprietary traders, which used to be exempt. We set         examinations we conducted into the robustness and
     up a project organisation in 2017 to assess MiFID II         change capacity of pension funds. We will address
     licence applications and related DNO requests and            findings and further research questions in our regular
     to ensure a smooth application process. We expect            management discussions with the boards of pension
     to remain engaged in activities relating to MiFID II         asset managers and will inform the sector about the
     through the first half of 2018.                              results or our examination.

     Future orientation of pension asset
     managers
     The structure of the pensions sector is set to change
     within the next few years, as old-age provisioning
     will shift from collective pension provisions towards
     more individualised plans. This will affect pension
     funds and pension asset managers. The latter
     manage various types of schemes, and even
     more types are expected to be added in the
     future. Pension asset managers also operate in a
     competitive market, putting further pressure on
     their business models, and they should prepare for
     the impending changes.

     9     https://www.afm.nl/en/professionals/onderwerpen/mifid-2/vergunningen-nieuw
Supervision Outlook for 2018

7 Payment and e-money
institutions
The market for payment services is                              need to apply for a licence. We are therefore             31
changing rapidly, which is one of the                           devoting a considerable amount of time and
reasons why the European Payment                                effort to optimising the market access process
Services Directive was revised in 2016                          and incorporating new requirements into our
and its successor, the PSD 2¹⁰, will come                       supervision. We will be proactive in informing the
into force in 2018. This should help create                     existing payment institutions about the further
an integrated European internal market                          requirements governing operational management
for payment services and facilitate                             that ensue from the PSD2 and related national and
open banking.                                                   European laws and regulations.

                                                                Competition remains fierce in the payment
The PSD2 will create two new categories of                      services market, weighing down on profit margins,
payment services providers. Account information                 especially in the market for payment institutions.
service providers will be able to access information            We have recalibrated our supervision in response
about a customer's current account, subject to the              to the changes and expansion in the payment
latter's consent. Payment initiation service providers          services market, expanding our capacity over the
will be allowed to initiate transactions involving a            course of 2017 to make our supervision of payment
current account, again subject to the customer's                institutions more forward looking. More than
consent.                                                        before, our supervision emphasises a systematic
                                                                assessment of risks that payment institutions face
The PSD2 will potentially have a significant impact             and their practical control of these risks, for example
on the Dutch financial sector and payment                       by means of their audit functions or IT-wise.
system, and the supervision of both. Payment                    We started this effort in the second half of 2017 and
service providers that currently hold a licence                 will finalise it in 2018. Similar to our supervision in
must meet the PSD2's new requirements, while                    other sectors, our activities will feature more regular
providers looking to offer the new services will                consultations with the large payment institutions.

10	Directive 2015/2366 of the European Parliament and the Council of 25 November 2015 on payment services in
      the internal market amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No
      1093/2010 and repealing Directive 2007/64/EC (OJ 2015 L337/35)
8 Money Transfer
     organisations
32   Money transfer organisations – essentially              In 2018, we will concentrate on examining
     money transaction offices – have a                      unusual transaction patterns in money transfer
     high inherent risk profile where money                  organisations. Analysing the transaction data
     laundering and terrorist financing                      that money transfer organisations submit on a
     are concerned. These risks are also                     quarterly basis allows us to develop deeper insights
     acknowledged internationally: the                       into trends and unusual transaction patterns.
     European Commission qualifies                           We combine our analysis with other information
     money remittances as a high risk in its                 provided by the organisations, and the results
     supranational risk assessment. Money                    will serve as key input for more in-depth on-site
     transfer organisations need to make a                   examinations and interventions where needed.
     greater effort to prevent financial and
     economic crime.

     In the Netherlands, DNB supervises money transfer
     organisations, which include both offices licensed
     in the Netherlands and agents of foreign providers
     that offer their services in the Netherlands under
     European passporting rules. We also supervise these
     agents' compliance with legislation such as the
     Dutch Anti-Money Laundering and Anti-Terrorist
     Financing Act (Wet ter voorkoming van witwassen en
     financiering van terrorisme – Wwft). These activities
     are performed as part of our cross-sectoral
     priorities, notably examinations into prevention
     of financial and economic crime. In addition,
     we conduct ongoing supervision of this sector.
Supervision Outlook for 2018

9 Trust Offices
We plan to step up our risk-based                   debated in the Lower House of Dutch Parliament            33
supervisory approach for the trust                  in 2018. Laws and supervision do not suffice, as it
sector, which will be noticeable for                will be up to the trust sector itself to take action.
all trust offices. They will need to                If trust offices believe they have a future in the
prepare for the introduction of a new               Netherlands, they will need to step up their efforts
statutory framework, which is the Act               both individually and collectively.
on the Supervision of Trust Offices 2018
(Wet toezicht trustkantoren 2018 – Wtt              Besides our institution-specific supervision efforts,
2018). Similarly, revamped international            we perform our activities relating to trust offices
tax rules and regimes could have a                  in line with our cross-sectoral priorities, notably
significant impact on the structures that           examinations into prevention of financial and
trust offices create for their customers.           economic crime. We will in 2018 devote particular
Trust offices that fail to meet the stricter        attention to terrorist financing and violations of the
requirements because they are unable or             Sanctions Act 1977.
unwilling to boost their professionalism
will gradually disappear, either of their           In 2017, we added questions about the risk control
own accord of as a result of enforcement            framework to our recurring requests for information
measures.                                           to fine-tune our understanding of trust offices'
                                                    risk profiles. We will use the obtained information
                                                    in our examination themed "Systematic integrity
In 2017, the trust sector came under even closer    risk analysis in practice". We will also decidedly talk
scrutiny than before. Prompted directly by          to the sector in 2018 about prompt and adequate
the Panama Papers, the Parliamentary Inquiry        implementation of the Wtt 2018 requirements in
Committee for Tax Structures (POFC) heard           their organistations.
experts and witnesses, including DNB. We voiced
our concern to the POFC because we feel too         We will again work closely with our partners in
many issues remain unaddressed in spite of our      the FEC in 2018. Likewise, we will maintain an
considerable supervisory efforts. We advocated      open dialogue with sector representatives. Sector
wider powers with respect to withdrawing licences   association Holland Quaestor has informed us that
and other supervisory interventions. The Wtt 2018   it is engaged in a fundamental overhaul of its quality
proposes to bolster the statutory framework         hallmark system, which we welcome.
governing trust offices and is expected to be
34
Supervision Outlook for 2018

10 Supervision in the
Caribbean Netherlands
DNB is responsible for supervising                               insurers, money transaction offices and trust offices,    35
financial institutions in the Caribbean                          homing in on risks related to money laundering,
Netherlands.¹¹ For our supervision to be                         financing of terrorism, violation of sanctions
of high quality, notably our prudential                          legislation and corruption (bribery and conflicts of
supervision of branch offices, we depend                         interests). A second focal point in our supervision
on the proper functioning and ethical                            will be these institutions' adequate transaction
operations of Centrale Bank van Curaçao                          monitoring, and we will stress their notification duty
en Sint Maarten. This is an area of                              in this respect.
ongoing concern. Meanwhile, we perform
our supervisory tasks in the Caribbean                           Collaboration with Financial
Netherlands as well as possible, given our                       Intelligence Units (FIUs)
practical and statutory constraints.                             To be able to meet their notification duty,
We remain alert to pointers of potential                         financial institutions need an effective transaction
prudential problems at financial                                 monitoring process. Examples of major risk areas
institutions operating in the Caribbean                          in the Caribbean Netherlands are the laundering
Netherlands and ensure that their                                of money originating from Venezuela, investing
operational management is ethical and                            funds of unclear origin in Bonaire-based real
they make an effort to prevent becoming                          estate, and evading taxes through the services
involved in financial and economic crime.                        of companies and trust offices based in Panama.
                                                                 We will continue our close collaboration with
                                                                 FIU NL and FIUs in the other countries within
Ethical operational management                                   the Kingdom of the Netherlands in 2018, focusing
As part of our supervision of ethical operational                mainly on the financial institutions' notification
management, we emphasise that financial                          duty. This collaboration will produce joint structural
institutions must identify and analyse risks and                 analyses of relevant integrity risks, joint information
subsequently implement adequate risk controls.                   provision to the sectors and, where possible, joint
We will stress this in our examinations of banks,                enforcement measures.

11	The Caribbean Netherlands consist of Bonaire, St Eustatius and Saba, also commonly referred to as the BES
      islands. More information about our supervision in the Caribbean Netherlands can be found on http://www.
      cn.dnb.nl/en.
You can also read
NEXT SLIDES ... Cancel