Kingdom of the Netherlands-Netherlands: Financial Sector Assessment Program:
Technical Note-Banking Supervision

This Technical Note discusses the findings and recommendations in the Financial Sector Assessment Program for the Netherlands on banking supervision. The financial resilience of banks in the Netherlands has been strengthened in recent years, and banks are benefiting from continuing economic recovery. Broad-based economic recovery is helping stimulate demand for credit, although credit growth remains slow and unemployment continues to fall. Housing markets have started to recover since 2013 with prices and transaction volumes picking up. There has been an improvement in the financial position of Dutch banks. Cost efficiency has improved, and profitability has recovered. The banks migration to the new Basel III standards is also well underway for capital adequacy and liquidity.


This Technical Note discusses the findings and recommendations in the Financial Sector Assessment Program for the Netherlands on banking supervision. The financial resilience of banks in the Netherlands has been strengthened in recent years, and banks are benefiting from continuing economic recovery. Broad-based economic recovery is helping stimulate demand for credit, although credit growth remains slow and unemployment continues to fall. Housing markets have started to recover since 2013 with prices and transaction volumes picking up. There has been an improvement in the financial position of Dutch banks. Cost efficiency has improved, and profitability has recovered. The banks migration to the new Basel III standards is also well underway for capital adequacy and liquidity.

Executive Summary

The financial resilience of banks has been strengthened in recent years and banks are benefiting from continuing economic recovery. Broad-based economic recovery is helping to stimulate demand for credit, although credit growth remains slow, and unemployment continues to fall. Housing markets have started to recover since 2013 with prices and transaction volumes picking up. There has been an improvement in the financial position of Dutch banks: cost efficiency has improved and profitability has recovered. The banks’ migration to the new Basel III standards is also well under way for capital adequacy and liquidity. Nonetheless, the outlook is challenging with greater competition, a low interest rate environment, and potential pressure on capital buffers from future regulatory changes.

The introduction of the Single Supervisory Mechanism (SSM) has significantly strengthened banking supervision. The banking sector was severely impacted by the previous crisis and underwent profound change. The response by De Nederlandsche Bank (DNB) from 2012 was far reaching and addressed many deficiencies identified by the crisis bolstering its approach to supervision, including: revised strategic vision, greater resources, and stronger regulations. The establishment of the SSM significantly transformed banking supervision in the euro area (EA) and the European Central Bank (ECB) is directly responsible for six of the largest Dutch banks comprising the majority of the banking system. The SSM introduced greater frequency and intensity of engagement with banks, particularly through on-site examinations leveraging thematic exercises to encourage adoption of best practices. Notwithstanding these benefits, two issues affect day-to-day functions of the ECB supervision: the ECB must execute a number of its tasks, in particular relating to licensing and fit-and-proper assessments, according to national legislation transposing the Capital Requirements Directive (CRD IV); and all supervisory decisions need to be approved by ECB’s Governing Council, which creates a time-consuming and cumbersome supervisory decision-making process. That being said, the decision-making process allows for the speedy adoption of decisions in case of an emergency.

The operational independence of the DNB needs to be strengthened. The DNB largely has the powers required to carry out its tasks on a day-to-day basis, but some concerns exist. While there is no evidence of political or commercial intervention on the day-to-day decisions of the supervisors and the accountability mechanisms are extensive, some aspects of the system may raise concerns depending on how they are used in practice. Such features include the ministerial control over the budget; the authority of the Ministry of Finance (MoF) to set aside rules enacted by the supervisors; and the proposed cap on staff salaries (unless the MoF gives exemptions to individual staff) that may limit the supervisors’ ability to hire and retain staff with specialized expertise. This is especially relevant where the DNB is called upon to provide resources to the SSM to participate in the Joint Supervisory Teams (JSTs) and for on-site examinations. Lastly, the authority specified in legislation for the removal of the executive or supervisory boards of the supervisors are open to a wide interpretation and is not based on specific objective cause for removal. Even if these features do not affect the supervisors’ independence in practice, they may create a perception of a lack of independence that may be damaging to the public confidence in the system.

A more active supervisory role in assessing loan classification for Significant Institutions (SIs) is needed to underscore prudent provisioning practices. While recent asset quality reviews (AQRs) and stress testing by the European Banking Authority (EBA) confirm generally low levels of asset impairment of SIs, a more intrusive role of the supervisor is needed when assessing loan classification. The focus of supervision in this regard should be to provide bank management with considerations when setting loan classification parameters, such as conservative valuations of realizable net values. The process of developing the capacity of supervisors to challenge bank management valuation of loans has started and needs to be continued.

The FSAP identified the following priorities for both SIs and Less Significant Institutions (LSIs):

  • The assessment of banks’ business models and strategies will need to be prioritized by supervisors. Banks face a more challenging operating environment, in part because of lower interest rates and potential future regulatory changes. To date, banks have been able to preserve profitability and increase the quality and quantity of capital. However, these challenges may result in banks adjusting their strategies, including by searching for higher-risk assets.

  • In light of the pressure on banks to reduce costs and search for higher yielding assets, supervisors will need to focus on the adequacy of risk management. In a lower interest rate environment, there will be ongoing pressure to reduce costs and economize on the risk management function, e.g., the three lines of defense. Furthermore, risk management will need to be increasingly vigilant if strategies are adjusted in the search for yield.

  • Strengthening corporate governance. The role of the bank Supervisory Board (SB) was a key issue identified following the crisis. Greater engagement with the SB by the supervisor commenced in 2012, and while progress is evident, more progress is needed particularly in areas such as the SB’s oversight of the implementation of risk management frameworks and internal models.

  • Greater attention to ongoing model monitoring is needed. Responsibility for ongoing model monitoring rests with the JSTs; while there is evidence that frequency and intensity of activities has improved, insufficient attention is paid to ongoing model monitoring. The ongoing ECB work (Targeted Review of Internal Models (TRIM) project) will provide longer-term rigor in taking stock of the inventory of models and approaches to achieve consistency. However, more attention is needed in the interim.

  • Data quality and aggregation. Weaknesses in data quality exist across the Dutch banks, impacting not only the accuracy of regulatory reporting but also the reliability of management information. Data issues result in part from aging information technology (IT) infrastructure and legacy systems, often from mergers of multiple legal entities with incompatible IT systems. Supervisors need to work closely with banks to address data quality issues.

Table 1.

Netherlands: Key Recommendations

article image

I (immediate): within one year; NT (near term): one–three years.


A. Scope and Approach

1. This technical note (TN) covers the banking sector supervised and regulated by the SSM (comprising the ECB and Divisions of the DNB involved in Banking Supervision) and analyzes the key aspects of the regulatory and supervisory regime. The analysis was part of the 2016 Financial Sector Assessment Program (FSAP) of the Kingdom of The Netherlands (Netherlands) and was based on the regulatory framework in place, the supervisory practices employed, and other conditions as they existed in September-October 2016. The work benefited from authorities’ input and joint self-assessment. The analysis was conducted by Christopher Wilson, Senior Financial Sector Expert of the IMF. The TN refers to the 2012 Basel Core Principles (BCPs) for Effective Banking Supervision issued by the Basel Committee on Banking Supervision (BCBS).2 A separate TN records the results of stress testing carried out on the banking sector.

2. The BCPs analyzed were selected in terms of macrofinancial relevance and previously identified deficiencies in the Dutch supervisory and regulatory framework. They include organization and resources of the supervisory authorities; independence and governance; supervisory approach and risk identification; corrective and sanctioning powers; capital adequacy; problem assets, provisioning, and reserves; credit risk; liquidity and funding risk; and operational risk. Therefore, the TN is not an assessment of the observance of BCPs. The most recent such assessment was carried out in 2011 on the basis of the 2006 version of the BCPs. The main focus of this TN is the effectiveness of the most relevant aspects of prudential supervision and regulation in the Netherlands, based on the corresponding BCPs.

3. The selected BCPs are analyzed in detail, but without scoring the level of observance. In preparation for the current FSAP, the DNB prepared a self-assessment against the current version of the BCPs.3 The TN provides a set of recommendations to the authorities with the view to strengthening the supervisory and regulatory regimes in the Netherlands, based on analysis of the self-assessment, responses to detailed questionnaires completed by the authorities, and a review of supervisory documentation and meetings with authorities (DNB and ECB). The more detailed analysis, including comments, is set out in Appendix I to this note.

4. The authors are grateful to the authorities and private sector participants for their excellent cooperation. The authors benefitted greatly from the inputs and views expressed in meetings with banking regulators, supervisors, banks, and professional organizations.

B. Institutional Setting

5. The SSM is the banking supervision mechanism comprising the ECB and participating Member States. The decision to establish the SSM as one pillar of the Banking Union in the EA and to entrust the ECB with supervisory tasks was made by European legislators to address decisively and credibly the weaknesses in the banking system that became apparent during the crisis. In addition to the SSM, a second pillar underpins the Banking Union: a single resolution mechanism (SRM), which aims at establishing uniform powers and arrangements for the resolution of credit institutions.4 These pillars, and an increasingly harmonized set of national deposit insurance schemes, are the core elements of the European Banking Union.

6. The SSM established the institutional conditions for overcoming fragmentation in supervisory practices by assigning the ECB the overall mandate of ensuring the effective and consistent functioning of the mechanism and by distributing primary supervisory responsibilities between the ECB and the National Competent Authority (NCA). The degree to which individual credit institutions are supervised by the ECB depends on their categorization as “significant” or “less significant” based on the criteria contained in the SSM Regulation and the SSM Framework Regulation. The ECB directly supervises the significant and cross-border institutions (127 banking groups in 19 countries, which include 1,108 banks representing €21.4 trillion of aggregated assets), whereas the NCAs supervise the less significant ones, under the general oversight of the ECB, (more than 3,400 banks, representing €4.9 trillion of aggregated assets).

7. The day-to-day supervision of significant groups is conducted by JSTs, supported by the ECB’s and NCA’s horizontal and specialized divisions (e.g., Internal Models, On-site Inspections, Authorizations, Crisis Management, etc.). The size, overall composition and organization of a JST vary depending on the nature, complexity, scale, business model and risk profile of the supervised credit institution. Each JST is led by a Coordinator at the ECB (generally not from the country in which the supervised institution is headquartered), who is responsible for the implementation of the supervisory tasks and activities.

8. The DNB is the prudential supervisor in the Netherlands and the NCA. The banking system comprises 55 banks and 43 branches of credit institutions established in EU countries. The ECB supervises directly seven SIs and the DNB has responsibility for the direct supervision of LSIs, comprising 28 banks.

The framework for financial stability policy formulation

9. In recent years, Dutch legislation has been changed to make clear the responsibilities for promoting financial stability and setting macroprudential instruments. Since 2014, promoting financial stability has been included as a DNB task in the Bank Act. In addition, the Act on Financial Supervision refers to financial stability as one of the main goals of microprudential supervision, while conduct of business supervision has to contribute to financial stability. The main authorities involved are the MoF (legislation), the DNB (setting macroprudential tools, prudential supervision), and the Autoriteit Financiële Markten/Dutch Authority for the Financial Markets (AFM) (conduct and markets supervision). These institutions are represented in the Financial Stability Committee (FSC) (in which the MoF is a nonvoting member), which meets at least every six months and is chaired by the president of the DNB. The role of the FSC is to discuss and identify potential risks to the stability of the financial system and discuss ways of mitigating these risks. The FSC may issue macroprudential warnings and recommendations, but it cannot exercise the statutory powers assigned to the DNB and MoF.

10. The DNB fulfils its financial stability tasks through regular surveillance and analysis of the main financial stability risks and the use of prudential measures to address systemic risks and strengthen the stability of the financial system. The DNB has the following instruments at its disposal to strengthen the stability of the financial system:

  • Macroprudential tools, most of which apply to banks and are included in Dutch and European legislation. The main examples are the systemic risk buffer and the countercyclical capital buffer. For these instruments, the DNB is the competent and designated authority for the Netherlands.

  • Prudential supervision, which is aimed at financial stability as well as individual institutions’ resilience.

  • Powers to collect information specifically for its financial stability task, which have been included in the Bank Act since 2015.

  • An advisory role, as a member of the FSC, regarding various issues that are relevant for financial stability. This includes, for instance, recommendations regarding loan-to-value (LTV) and loan-to-income ratio (LTI) limits (which are set by the government) and recommendations on ad hoc issues such as the impact of tax incentives.

A well-developed public infrastructure

11. The Netherlands has a well-developed business climate with sound legal safeguards including corporate, bankruptcy, and private property laws. Credit institutions must apply either International Financial Reporting Standards (IFRS) accounting principles or the provisions as laid down in Title 9 Book 2 of the Dutch Civil Code (which in itself is largely in line with the IFRS standards). Their accounts are legally required to be validated by independent auditors to ensure that financial statements are correct and provide a true and fair view of the financial position of the company. There is an independent legal system, with a separate entity for financial disputes. Auditors are legally protected professions and specified activities may only be exercised by those persons who are registered in a publicly available register. The DNB participates in ‘TARGET2’, the real-time gross settlement (RTGS) of the Eurosystem and operates “TARGET2.NL.”

12. The DNB can provide Emergency Liquidity Assistance (ELA) for temporary short-term liquidity needs against sufficient collateral and under the premise that the institution is solvent. Moreover, any decision on ELA must of course be consistent with the framework set by the European System of Central Banks (ESCB). Work is ongoing, both at the FSB and Banking Union level, on the question of funding in resolution and ways in which the resolution fund could be used to catalyze such temporary liquidity provision.

Effective market discipline

13. The AFM is responsible for the conduct of business of financial undertakings and for securities market supervision. The supervision of market conduct focuses on fair and equitable behavior between market participants and towards customers (consumers) and clients, and on transparency and accuracy of information on financial products and services. The AFM supervises the market conduct of trading systems, collective investment schemes, investment firms, market intermediaries, issuers of securities, auditors and financial service providers (and pension administrators). The AFM licenses investment managers of investment institutions, financial service providers, asset managers, and other investment undertakings. Banks are, alongside other financial service providers, supervised by the AFM in this context. Within the national supervisory landscape, cooperation and coordination between the DNB and the AFM is robust, with clear leadership and veto roles. A covenant between the DNB and the AFM facilitates the legal framework for supervisory cooperation. The covenant also facilitates the designation of a lead supervisor under the Act of Financial Supervision (Wft), that is, the DNB generally leads the supervision of banks, insurers, and pension funds, while the AFM leads for securities firms.

Financial reporting

14. The Netherlands has implemented a corporate governance code (Dutch Corporate Governance Code, DCGC), which is a form of self-regulation that applies to all exchange-listed companies. The DCGC contains principles and best practice provisions that regulate relations between the management board, the supervisory board, and the shareholders. The DCGC has specific principles related to the composition and remuneration of the management board and supervisory board. The DCGC also sets standards for annual shareholder’s meetings including the hiring and removal of members of the management board and supervisory board. Listed entities have to state in their annual report whether they are compliant with the provisions in the DCGC. In the case of noncompliance, they are required to give an explanation (comply or explain).

15. The AFM supervises the compliance of the annual financial reporting of listed companies with a number of regulations and financial reporting standards. The financial reporting of listed companies must comply with the regulations of Title 9 of Book 2 of the Dutch Civil Code, Act on Financial Supervision, and with the IFRS which are developed by the International Accounting Standards Board (IASB). In accordance with the Act on the Supervision of Financial Reporting, the AFM supervises the financial statements of listed companies after their adoption by the shareholders.

Market Structure

16. The Dutch banking sector is large in size, highly concentrated, and dominated by a few domestic banks. The banking sector has contracted in size since the global crisis, but remains large relative to the economy as a whole, both in historical terms and from an international perspective. Total banks assets are €2.585 trillion, down about a quarter since 2008. As a percentage of GDP, the banking system is approximately four times the value of gross domestic product, down from over 540 percent in 2008 (Figure 1). The banking system is one of the most concentrated in Europe, with the three largest banks representing over 72 percent of total banking system assets.5 The dominance of the three biggest banks is demonstrated by their domestic market shares, with Rabobank, ING and ABN Amro controlling 60 to 80 percent of the banking markets for mortgages, business loans, and savings.

Dutch Banks: Key Financial Indicators 1/

(In percent)

article image
Sources: DNB; and IMF staff calculations.

All figures as at December 31. Ratios calculated as weighted averages for ING, Rabo and ABN Amro.

CET1-ratio-transitional: 2010–2013 Core Tier 1-ratio.

Total exposure only available for 2014 and 2015 weighted average.

Problem loans as a percentage of gross loans.

Figure 1.
Figure 1.

Netherlands: Banking Sector Indicators, 2015Q4

(In percent)

Citation: IMF Staff Country Reports 2017, 096; 10.5089/9781475594010.002.A001

Sources: DNB; and IMF staff estimates.

17. Mortgages form the largest asset category as a proportion of the sector’s balance sheet total. Mortgages account for 36 percent of total balance sheet assets. By comparison, loans to large enterprises account for just 16 percent of the balance sheet total and loans to small businesses for just 9 percent. Together, derivatives and the investment portfolio account for 16 percent. The liability structure of Dutch banks is composed of customer deposits (55 percent) and wholesale funding (45 percent). Dutch banks’ cross-border activities have reduced significantly after peaking in 2007 and represent approximately 40 percent of the consolidated banking system assets.6

18. The financial resilience of banks has been strengthened in recent years. There has been a marked improvement in the financial position of Dutch banks: cost efficiency has improved and profitability has recovered. The banks’ migration to the new Basel III standards is also well under way: their average T1 ratio stood at over 16 percent at the end of 2015. The deposit funding gap of Dutch banks has been on a downward path since 2009, reducing the sector’s dependence on market funding. Banks have lengthened the term structure of the wholesale funding and reduced reliance on short-term funding. Asset quality has improved and problem loans for the system averages 3.08 percent of gross loans for 2015.

19. Banks are benefiting from a recovering domestic economy, which is helping to stimulate demand for credit. GDP growth reached 2 percent in 2015, up from 2 percent in 2014 underpinned by exports, business investment, and stronger domestic demand. Unemployment continues to fall, inflation is low and the policy stance set by the ECB is forecast to remain ‘low for longer.’ Housing markets have started to recover since 2013 with transaction volumes picking up. Corporate bankruptcies are also falling, and firms have been able to preserve their profitability and strengthen their equity position in the aftermath of the crisis. Against this backdrop, bank profitability has recovered in 2015 (text figure) driven in part by lower interest expense, lower impairment charges and aggressive cost management. Average return on equity for the three largest Dutch banks of 7.4 percent as at 2015Q4 is considerably higher than the EA average of 4.8 percent.

Key Financial Ratios 1/

(In percent)

article image

All figures average and as at 2015Q4.

20. While bank profitability has improved, operating conditions will likely be more challenging in the near term. First, competition in the mortgage market is intensifying, placing pressure on interest income and fees in the mortgage market, which is the largest asset category of the domestic lenders and a key source of revenue.7 In addition, competition from nonbank lenders in the mortgage market has also increased significantly, with over 50 percent of new mortgage loans underwritten by nonbanks in 2015. All Dutch banks have seen their share of the domestic mortgage market decline in 2015 in the face of intense competition from nonbanks. Second, the outlook for interest rates are lower for longer, which will have an impact on pricing of both the front and back book. Third, banks’ profitability has benefited from materially lower loan-loss provisions in 2015 with the cost of risk reducing to below long-term averages.

21. Banks are heavily exposed to the residential mortgage market characterized by high LTVs, nonamortizing loans and pockets of negative equity. The housing boom-bust cycle has left households with debt overhang, and about 21 percent of residential mortgages are underwater, especially among young households.8 Following a decline of 21 percent over five years (2008–2013), housing prices have risen by 7 percent since mid-2013. Yet, despite the recent recovery, prices remain far below their 2008 peak levels (by about 17½ percent). Banks have taken steps to renegotiate mortgages with distressed borrowers, but progress on re-profiling debt to date has been slow. In 2011, the government introduced an LTV limit of 106 percent to gradually reduce by 1 percentage point each year with a target of 100 percent by 2018.

22. The ratio of nonperforming loans (NPL) is low. Dutch banks have a strong domestic focus, and as the economy has recovered, loan performance has improved. The NPL ratio to total gross loans has remained at about the 3 percent level since 2013Q2. As at 2015Q4, the NPL ratio for the Dutch SI banks of 2.7 percent was significantly lower than the average for SSM SIs at 7 percent. Loan impairment charges peaked most recently in 2013Q4 and have fallen each quarter to 2015, with the largest improvements in domestic mortgage and small-to-medium-sized enterprise (SME) portfolios. Dutch banks have some of the lowest coverage ratios in the SSM cohort, at approximately 37.7 percent, compared with 45.4 percent at 2015Q4. This reflects the strong foreclosure and insolvency regime in the Netherlands, which causes actual losses to be low and therefore the need for provisioning.


New Loan Loss Provisions

(In percent of average customer loans)

Citation: IMF Staff Country Reports 2017, 096; 10.5089/9781475594010.002.A001

Source: Public filings; and IMF staff estimates.

23. Funding profiles have improved, yet Dutch banks still rely heavily on market funding. The majority of bank balance sheets are funded by customer deposits. Nonetheless, the fact that a significant part of household savings is channeled through local pension schemes, remaining household savings at banks are lower compared to other countries with different pension systems. Local pension companies capture more than 70 percent of Dutch household wealth. This translates into a high loan-to-deposit ratio at banks and a funding gap financed by wholesale markets making the Dutch banks sensitive to adverse changes in financing conditions and investor sentiment. Mitigating this, Dutch banks have proven to have relatively strong access to wholesale markets (and able to attract subordinated funding) and have a relatively diversified investor base. Banks have implemented a number of strategies to mitigate liquidity funding risk, including: increasing deposits, lengthening the maturity of wholesale funding and building up stock of high-quality liquid assets (HQLA).9 The DNB reports show that Dutch banks have met the 100 percent Liquidity Coverage Ratio (LCR) threshold since monitoring commenced in June 2012, and the average for SI banks is 125.4 percent as at 2015Q4. Data for the net stable funding ratio (NSFR) for SIs is above the 100 percent threshold. The DNB is relatively pro-active in liquidity supervision.

24. Recovering profitability together with balance sheet optimization enabled Dutch banks to maximize internal capital generating capacity. Low dividend pay-out ratios have helped to build the Common Equity Tier 1 (CET1) and banks are taking steps to transition to the higher minimum capital adequacy requirements under the CRD IV (Table 2). While Dutch banks are steadily improving their capital positions, building capital buffers will continue to be a main priority for banks, especially as there are a number of regulatory developments. Leverage of Dutch banks is high (capital-to-asset ratio of 5.3 percent as at 2015Q3) and likely to remain high reflecting, in part, large mortgage portfolios (with relatively low RWAs). Stress testing conducted by the FSAP team showed that, in the adverse scenario, the leverage ratio in the system (six largest banks) would decline from 3.8 percent to 3.2 percent, and the ratio for one of the largest banks would fall below the minimum 3 percent hurdle. This outcome reflects the relatively low RWA density (RWAs to total assets) in the Dutch banking system.

Table 2.

Netherlands: Banks’ Financial Soundness Indicators, 2013–15

article image
Source: IMF Financial Soundness Indicators Database.

Main Findings and Recommendations

A. Organization, Adequacy of Resources, and Governance-Related Issues (CP 1 and 2)10

25. The DNB largely has the power and authority to carry out its tasks, but aspects of operational independence are of concern. While accountability mechanisms are extensive, the influential role of the MoF may be problematic for a number of reasons. First, the need to negotiate for ministerial approval of the supervisory budget, and the proposed legislation on salary cap could limit the supervisors’ ability to attract and retain staff essential for effective supervision and to deliver fully on all their supervisory responsibilities. Second, the limited ability of the supervisor to introduce technical regulations for LSIs—which in any case cannot prejudice the ECB’s policy and regulatory framework for SIs and LSIs—has the potential to reduce supervisory effectiveness11 as does the authority of the MoF to set aside rules enacted by the supervisors (even if not formally used). Lastly, the authority specified in legislation for the removal of the executive or supervisory board of the DNB is open to interpretation. International standards require budgetary processes that do not undermine autonomy and adequacy of resources. Furthermore, the same standards require that the removal criteria should be based on specific objective cause for removal. Even if each of these features individually do not affect the supervisors’ independence, collectively they create the perception of a lack of independence, which could undermine supervisory effectiveness.


26. The FSAP recommends the DNB be given greater autonomy when deciding its budget and the DNB be excluded from the proposed salary cap. Adequate resourcing is a key element of securing effective supervision outcomes. The SSM continues to rely on the DNB (and NCA’s more broadly) to supply experienced and expert staff for a range of on-site tasks and thematic exercises. Without these staff from the DNB, the fulfillment of these tasks will be impacted, e.g., TRIM will require a dedicated number of DNB staff familiar with the practices of local banks and with expertise in internal models.

27. The FSAP recommends the DNB be given greater flexibility to develop technical standards where there is a need. While rule making is increasingly determined by directly applicable EU regulations and binding standards (for which the DNB is co-decision maker), nonetheless, there are areas where the DNB needs to have the capacity to issue rules (e.g., fit-and-proper, corrective measures and sanctions).

B. Supervisory Approach and Corrective and Sanctioning Powers (CP 8, 9, 11 and 12)

Significant institutions

28. The supervisory process adopted by the ECB is robust and conducive to a more structured, intense, and intrusive supervision. The methodology is maturing and while standardization to establish a common approach (top down) remains a key objective, the framework is adapting to allow for greater discretion at the JST (bottom-up). Examples include the risk analyses (deep dives) that JSTs are able to integrate into the Minimum Engagement Levels (MEL) where they are singularly responsible for selecting the topic. The supervisory process relies extensively on quantitative and qualitative analysis, combining data (from Financial Reporting (FINREP), Common Reporting Framework (COREP) and other standard reports) and expert judgment. It takes into account the risks that banks or banking groups present to the safety and soundness of the banking system. There is a direct link between the supervisory assessment, the necessary supervisory measures, and the supervisory examination program (SEP). Emphasis on business model analysis as a driver of supervisory activities was also evident for the Dutch SIs.

29. The frequency and intensity of on-site activities for Dutch SIs has increased since the establishment of the SSM. A more frequent and intensive approach to supervision is evident, especially with an on-site presence, e.g., monthly meetings with senior management and members of the board, thematic reviews, etc. The SSM deploys an appropriate range of supervisory tools and techniques, and the approach is adjusted to suit the risk profile and systemic importance of the institution.

30. The standardization of supervisory methods and techniques sometimes might end up undermining a more risk-focused attitude. To ensure comparability across banks and consistency and accountability across the SSM—but also as a way to foster a convergence in approaches and styles between supervisors with completely different backgrounds—the methodology rests on a high degree of standardization and formalism (e.g., in the checklists that inspectors are required to use). While a certain degree of standardization is essential to establish a common language in such a new, vast, and multicultural organization, the risk of a drift towards an excess of compliance-based techniques and of a distraction of energy, time, and resources from more risk-focused tasks should be avoided.

31. The feedback received from the industry points to an overall improvement in the level of supervision. The supervised entities observe that the supervisory approach of the SSM is more intense and intrusive, that supervisors are more in search of hard evidence and detailed information, and that they have higher expectation about the banks’ initiatives to mitigate their risks. The focus on business models was called out as a common theme. At the same time, they observe that communication from the supervisors is not always satisfactory: for example, a better explanation of the results of on-site examinations is needed, as are clarity around future priorities and the key drivers of Pillar 2 add-ons. Whenever feedback has been given (e.g., in the case of the benchmarking exercise), banks always found it helpful.

Less Significant Institutions

32. LSI supervision has also largely benefited from the DNB participation in the SSM. The DNB’s approach to prudential supervision has been transformed since the last FSAP in response to the crisis. Supervision techniques have become more forward looking and data driven, and the link between macroprudential and microprudential supervision has improved (e.g., the interaction between the micro and macro risk registers). Risk specialist divisions have also been established and the DNB has leveraged its exposure to SSM processes for on-site examinations. Many of the SSM processes have been aligned to the DNB’s approach to LSIs such as the ratings methodology.

33. More forward-looking methods of supervision have gained importance in the DNB’s supervisory approach. One important lesson learned from the crisis has been that sound and ethical operational management is the cornerstone of a healthy and stable financial sector. Examples include the supervision of behavior and culture, governance and integrity, and financial institutions’ business models and strategies. Fit-and-proper tests of executive and supervisory board members constitute a key part of this type of supervision. There is greater clarity in procedures and enhanced visibility of the role of the DNB’s senior management.

Enforcement and sanctioning

34. Dutch law and the Single Resolution Mechanism Regulation (SRMR) provide a broad range of actions that can be taken by supervisors in their respective responsibilities. Direct enforcement powers and sanctions of the ECB are limited; however, the ECB can make use of the enforcement and sanction powers available to the DNB. The FSAP team had access to evidence of such indirect actions; however, the complex legal framework may make it operationally difficult and time consuming for ECB to impose enforcement actions. While the 2011 FSAP recommended an improvement in the use of powers to impose administrative fines and/or other measures, the practice was not intensive. The DNB introduced a new area within the supervision department to detect early problem banks and apply measures by specialists. In this way, problem banks receive heightened attention from supervisors with the assistance of enforcement colleagues, which helps implement appropriate solutions and, if necessary, preparation of remedial measures.

35. The enforcement and sanctioning framework has yet to be tested in light of the complexity of the SSM arrangements. In the case of SIs, the ECB has direct sanctioning powers only for pecuniary sanctions on legal persons for breaches of ECB decisions or regulations or of directly applicable EU law (e.g., Capital Requirements Regulation (CRR)). For breaches of directly applicable EU law, non-pecuniary sanctions and sanctions on natural persons are to be imposed by NCAs, upon ECB request. Similarly, NCAs impose all types of sanctions (to both legal and natural persons) upon ECB’s request in case of breaches of national laws transposing relevant Directives (e.g., CRD IV). For LSIs, the NCA is competent.12

36. The ECB has started to collect information on the powers available in each jurisdiction, with the aim of creating and maintaining a regulatory database; however, this project is not complete yet. Once finalized, it should facilitate the ECB’s task of preparing to use NCA powers indirectly, should the need arise; identify the enforcement or sanctioning tools available to NCAs or in the situations that each national legislation allows to enforce or sanction.

C. Corporate Governance and Risk Management (CP 14 and 15)

Corporate governance

37. In the Netherlands, there is a two-tier structure for the Board, where the Supervisory Board exercises the oversight function and the Management Board the executive function.13 Traditionally in the Netherlands, the supervisory boards have an oversight role with most policy and risk management duties and responsibilities placed on the management board. In the wake of the banking crisis, considerably more emphasis was placed on the role of the board, and there was evidence there had been some evolution of supervisors’ focus on this issue in the lead up to the SSM taking over direct responsibility for SIs. The ECB built on this platform, including through thematic reviews, with recommendations on making the board involvement more robust.

38. The DNB has taken significant steps to enhance corporate governance standards. The DNB has introduced new requirements and processes for the supervision of integrity, behavior, and culture. Fit-and-proper standards have been applied to all supervisory and management board members for all SIs and LSIs (Box 1). Supervisory boards are assessed individually and collectively to ascertain whether there is adequate skills and expertise on the board commensurate with its risk profile and business model.

39. Risk appetite framework (RAF) is relatively well developed across the Dutch SIs and provides a useful tool to articulate risk thresholds and assess whether banks are operating within their risk tolerances. The RAF is a mature process whereby management boards, in conjunction with the Supervisory Boards, agree on the overall risk appetite that is then articulated into specific risk tolerances and cascaded down into business units as a way to set parameters for risk management. Supervisors actively use the RAF when assessing risk management.


40. More progress is needed to strengthen corporate governance. More frequent and intensive engagement with the Board by the supervisor commenced in 2012, and while progress is evident, more time is needed to gain confidence that the board is discharging its responsibilities. Banking supervisors should continue to increase dialogue and discussions with the supervisory board on results of supervisory activities and concerns.

41. SB oversight of internal models needs greater attention. The SIs are relatively heavy users of internal models (among the highest number of internal models within the SSM). Due to the proliferation of models, this necessitates greater involvement by the SB in the oversight of the inputs and outputs of models, their governance, risk management and validation within the bank; and most importantly checking that model outputs are reasonable and checks and balances exist within the organization. One of the lessons from the crisis was that greater attention to internal models is needed to ensure accurate measurement of risk-weighted assets. The board plays a vital role in this regard to oversee the challenges. Where banks use models to measure components of risk, the supervisor determines that:

  • Banks comply with supervisory standards on their use;

  • The banks’ Boards and senior management understand the limitations and uncertainties relating to the output of the models and the risk inherent in their use; and

  • Banks perform regular and independent validation and testing of the models.

42. Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP) are well developed. Dutch SIs have well-developed processes for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile, mainly via the ICAAP and ILAAP processes. The JSTs review and evaluate banks’ internal capital and liquidity adequacy assessments and strategies routinely as part of the Supervisory Review and Evaluation Process (SREP).

Assessment of Suitability for Board and Management

The 2012 Policy rule on suitability (following the 2011 Policy rule on expertise) introduced a more stringent assessment of suitability and integrity. Under this policy rule, suitability is assessed on the basis of knowledge, skills and professional conduct. This is established on the basis of education, work experience and competences. An assessment of integrity establishes whether the integrity of a person is beyond doubt. The scope of the policy rule includes directors and was extended to include supervisory board members with effect from July 2012. Since then, all new and existing supervisory board members in banks and insurance companies have undergone a suitability screening. This project started with the members of the four big banks and insurance companies, which is referred to as the 4+4 project.

Suitability is assessed on the basis of four categories:

  • Governance, organization and communication;

  • Products, services and markets in which the institution operates;

  • Sound and ethical operational management; and

  • Balanced and consistent decision-making.

The policy rule is based on the approach that suitability is more than just knowledge; skills and professional conduct are crucial aspects of an individual’s suitability. For banks and insurance companies, the DNB and the AFM cooperate and jointly assess the suitability. The framework is applied consistently by the DNB and the AFM, making due allowance for their specific supervisory roles (prudential supervision and market conduct supervision, respectively).

A suitability screening takes place in the case of a proposed new appointment or a change of position within the same institution. In addition, if specific facts and circumstances provide reasonable grounds, the supervisory authority has the possibility to perform a rescreening of a previously approved person, which, where appropriate, may result in an instruction to dismiss the policymaker in question. The DNB publishes the results of the suitability screenings for the financial institutions under its supervision. In the period 2011–2015, a total of 5,469 people have been screened, of whom 614 (11.2 percent) were found to be unsuitable or their integrity was not considered to be beyond doubt.

Competencies to be assessed:

article image

Risk management

43. Data aggregation needs attention. Weaknesses in data quality exist across the Dutch banks impacting not only the accuracy of regulatory reporting but also the reliability of management information. Data issues result in part from aging IT infrastructure and legacy systems, often from mergers of multiple legal entities with incompatible IT systems. For example, the recent EBA stress testing exercise highlighted one Dutch SI as having the highest number of data flags in the exercise. Standards for data aggregation and the need for a bank-wide view of risk is essential. While the recently published Basel guidelines (BCBS 239) will be transposed into EBA guidelines in the future, regulatory requirements for data aggregation is absent. The absence of data requirements may have led to this area being neglected by banks. Supervisors are working closely with banks to address data aggregation issues, yet solutions will require time and large complex projects to remediate bringing together data warehouses and downstream reporting systems.


44. Greater effort to ensure independence of the risk function is needed. Separation of the Chief Risk Officer (CRO) and Chief Financial Officer (CFO) function has been slow and instigated relatively recently (2015 in some cases). As a result, some banks are still working through the process of effectively separating risk (second line of defense) from business units (first line of defense) and in other cases from finance. A further process is to ensure that the separation is effective and risk management has the right type of prescience, risk culture. Part of this is the independent reporting to the board via the board risk committee. Prior to the SSM, the local Dutch rules were not prescriptive on the separation between the CFO and CRO functions.

D. Capital Adequacy, Credit Risk and Problem Assets, Provisioning and Reserves (CP 16, 17 and 18)


45. Over the last five years, banks have significantly increased the quality and amount of regulatory capital. Through a mix of capital raisings, stronger internal revenue generation, and lower dividend payout, capital adequacy ratios for the larger banks have increased (Figure 2). Further regulatory changes may, however, result in additional regulatory capital being required (e.g., total loss absorbing capital (TLAC), CRDIV, and amendments to the standardized approaches for credit, market, and operational risk, including changes to treatment of internal models). The RWA density for Dutch banks is low, particularly those using IRB models (text figure). Stronger capital buffers would further strengthen the resilience of banks and the banking system and will enable banks to support demand for credit by the private sector.


RWA Density

Citation: IMF Staff Country Reports 2017, 096; 10.5089/9781475594010.002.A001

Source: Public filings; and IMF staff estimates.
Figure 2.
Figure 2.

Netherlands: Movement in Capital Adequacy from 2008 to 2015

The three largest Dutch banks have increased their quality and quantity of capital measured by CET1 from 2008 to 2015. ING had make the largest progress in building CET1 compared with Rabo and ABN AMRO, which started from a much higher ratio.

Citation: IMF Staff Country Reports 2017, 096; 10.5089/9781475594010.002.A001

Source: IMF staff estimates.

46. In the Netherlands, CRDIV has been transposed into the Wft and related administrative orders of the law on financial supervision (Bpr). The Dutch legislation is in line with the Directive and does not materially differ. The Options and National Discretions (OND) project by the SSM has evaluated the impact of full implementation of CRDIV on capital and the majority of Dutch banks are in line with the five-year phase-out schedule (mainly insurance deductions for LSIs as SIs have divested their insurance subsidiaries). The DNB has imposed additional buffer requirements on the larger Dutch banks (see below).

Additional Buffer Requirements for Dutch Banks

(In percent)

article image
Source: DNB.

47. The SREP is applied to all banks at least annually, which results in a capital and liquidity decision and including notably, if warranted, a Pillar 2 add-on. The SREP is an established process in the Netherlands, where the ICAAP plays an integral role. For SIs, the EBA SREP guideline is being implemented for the 2016 capital decision. For LSIs, the ICAAP has traditionally been used in the bottom-up assessment of capital and concepts of economic capital central to the assessment of the adequacy of the ICCAP and board involvement in the process. Included in the assessment of the ICAAP is an assessment of expected loss and adequacy of provisions.

48. The majority of SIs use internal models to calculate risk-weighted assets. SIs are approved to estimate risk-weighted assets for credit, market, and operational risk. JSTs are responsible for ongoing model monitoring (e.g., model validations, etc.) while individual model approvals fall within the remit of the project manager designated by the JST coordinator among the JST. In general, internal model investigations are carried out on the basis of a coordinated approach, with an effective and close liaison between JSTs and the assessment team of model experts (typically staffed from the national competent authority). The Internal Model Division (INM) within the ECB is responsible (among others) for performing the consistency check of model assessment reports and the co-signing the JSTs’ proposal for the draft decision. The upcoming TRIM project is designed to clarify supervisory expectations.


49. Continued focus on capital management planning to retain healthy buffers is needed. While SIs have built healthy capital buffers over the last several years, evidence suggests stronger capitalized banks are better placed to support private sector credit demand.

Credit risk

50. The household sector (HH) remains highly indebted, although the overall net wealth position of the sector is strong. Household debt is high at approximately 112 percent of GDP, and households have a relatively high debt-to-income ratio of 275 percent. However, household indebtedness in part reflects tax incentives that previously encouraged borrowers to take out large interest-only (IO) mortgage loans where the interest expense is tax deductible. However, households have large pension assets and their net financial assets are equivalent to 209 percent of GDP as at end-2015.

51. Housing markets are recovering following a decline in prices of 21 percent over five years from 2008–2013. Housing boom-bust cycle has left approximately 21 percent of households with negative equity, notably for younger households as at June 2016. Mortgage arrears have been low at 1.6 percent at 2015Q4 despite the fact that banks traditionally extend high LTV loans where the amount lent is greater than the value of the collateral. However, new macroprudential rules aim to reduce the maximum LTV ratio over a transition period, and the FSAP recommends that they are reduced further. As part of the 2013 Housing Market Reform Agenda, new IO mortgages are no longer eligible for mortgage interest deductibility from January 2014. This reform removed the tax incentive for new IO loans and led the share of IO loans to decline by 6 percentage points (from 61 percent) since 2012.14

52. A substantial share of the total value of mortgage loans (55 percent) are IO, which are vulnerable to house price shocks and roll-over risks. This is mitigated by the fact that only 21 percent of borrowers have a full IO loan, and this group of borrowers tends to be older and financially sound, compared to starting households. Most of the borrowers combine IO loans with loans in which they amortize. Full IO borrowers are not obliged to amortize the principal over the life of the mortgage. Depending on the LTV ratio, total debt will likely be higher than that of other borrowers, and therefore more likely to be underwater when house price shocks occur. With the current low interest rates, voluntary repayments have increased, and borrowers use their savings to reduce their mortgage debt. This, in turn, reduces the LTVs on current mortgages. Currently, of the 21 percent full IO loans the majority has an LTV of below 80 percent which mitigates the risk of these mortgages for the banks. Furthermore, new legislation has banned beneficial tax treatment of mortgage interest payments (the beneficial treatment now only applies to amortizing mortgages) in an attempt to discourage new production of IO mortgages.

53. Commercial real estate (CRE) markets have been stabilizing after plummeting from the pre-crisis boom. Based on the MSCI Investment Property Databank, capital values had declined for 26 consecutive quarters from 2008Q4, and the accumulated drop amounted to 20 percent by the end of 2014. While capital growth in the industrial market still records -4 percent in 2016Q1, the growth in the office and retail market is getting close to zero percent. Investors have been encouraged by low interest rates and the improvement in domestic economic performance. However, momentum is still weak in the CRE markets and the office sector is the weakest with excess supply. The vacancy rates have been increasing since 2009, due to the increase in online shopping and continued supply in the CRE market. Also, banks have reduced their exposure in the CRE market through the deleveraging process that occurred during the post-crisis period.

54. The debt burden is high and negative equity among young borrowers is prevalent. Approximately 44 percent of younger households (aged between 30-39) are facing negative housing equity owing to a sharp fall in house prices from 2008 to 2013. Banks have taken steps to renegotiate mortgages with distressed borrowers, but progress on re-profiling debt to date has been slow. Recent macroprudential measures to lower maximum LTV will likely help over time. A continued focus on sound credit risk underwriting is needed by banks to ensure borrowers are able to demonstrate repayment capacity under a debt amortization schedule.

55. Results from the targeted review of residential mortgages are being followed up. A targeted review of residential mortgages was performed with the results integrated into the risk assessment system (RAS) for each of the banks. The thematic review helped inform credit risk underwriting standards and valuation practices. Limits on LTVs and debt service-to-income (DSTI) ratios have been implemented and tightened in recent years and mortgage lenders are required to apply a “stressed” interest rate (5 percent) when calculating DSTI ratios for mortgage loans with interest rates fixed for a period less than 10 years. Credit risk has been a focus for both SIs and LSIs through a mix of routine (off-site) and on-site examinations. Thematic reviews and stress testing exercises have contributed to the supervisor’s assessment of credit risks in the Dutch banks’ portfolios.

56. Mortgages investments have been rising rapidly in the insurance sector. Mortgages have gained attractiveness as investments to match long-term insurance liabilities with instruments that are providing returns that are around 2 to 2.5 percentage points above swaps and with historically low default and loss rates. Banks remain the main issuers of mortgages but have reduced their share of originated mortgages particularly for mortgages with longer fixed rates.15 The share of the insurers in mortgage investment has rapidly grown, from 3 percent in 2009 to 8 percent in 2016. For some insurance groups their mortgage investments make up to 40 percent of their portfolios (excluding unit-linked business).16


57. Given the risk of potential regulatory arbitrage, the authorities are recommended to undertake a cross-sectoral review (including sampling loan files) of credit underwriting standards of mortgages originated for the banking, insurance, and pension sectors.


58. CRDIV/CRR and EBA guidelines on SREP and supervisory reporting provide the general framework to determine that banks have adequate policies and processes for the classification of assets, and maintenance of adequate provisions and reserves. In the Netherlands, prudential standards for provisioning are not issued by the DNB, and banks are required to follow standards set by IFRS. However, this general framework does not fully cover requirements in relation to assessing whether the classification of the assets and the provisioning is adequate for prudential purposes. The SSM and DNB do not have the power to adjust classification of individual assets, nor to increase their levels of provisions and reserves. However, the SSM and DNB are able to apply a capital add-on under Pillar 2 if they form the view that provisioning is inadequate.

59. The focus of the supervisor should be to provide bank management with prudential considerations when setting loan classification parameters. Traditionally, in the Netherlands, supervisors have viewed loan valuation as an accounting function. The supervisor must introduce prudential considerations to narrow bank management’s judgment. The focus of the supervisory input is to provide bank management with prudential considerations when setting loan classification parameters and provisioning, such as items to consider for residential mortgages, CRE triggers. Collateral valuation considerations, such as conservative valuations of realizable net values, are also important.

60. Supervisors make an assessment of portfolio quality using EBA’s guidelines on common procedures and methodologies for the SREP. As part of this assessment, the supervisor assesses the overall credit quality at portfolio level and the different quality grades within the exposure categories of “performing,” “nonperforming,” and “forborne” to determine the institution’s overall credit risk. Their aim is to act as harmonized asset quality indexes for classification of exposure as forborne or as nonperforming, by putting forward common elements in terms of scope and identification criteria that will provide supervisors with a harmonized understanding of these concepts and strengthen the supervisory tools available for asset quality assessment.


61. A more active supervisory role in assessing loan classification is needed to underscore prudent provisioning practices. While recent asset quality reviews and stress testing by the EBA confirm generally low levels of asset impairment of Dutch banks, a more intrusive role of the supervisor is needed when assessing loan classification. The role of the supervisors in loan classification and supervision in the Netherlands primarily involves a review of policy and procedures. The focus of supervision should be to provide bank management with considerations when setting loan classification parameters and provisioning, such as items to consider for residential mortgages and CRE classification triggers. Collateral valuation considerations, such as conservative valuations of realizable net values, are also important. The process of developing the capacity of supervisors to challenge bank management valuation of loans has started.

62. It is important for the supervisory pillar to become more robust. In strengthening the supervisory role, there should be:

  • Consultation with banks and accounting firms on proposed prudential guidelines;

  • Training for supervisors on valuing loans and challenging assumptions on collateral values; and

  • Development of market data to be able to gauge the reasonableness of collateral valuations by the bank. Not to set a value but to question significant variances from market values or trends.

E. Liquidity Risk (CP 24)

63. The LCR and NSFR have strengthened the liquidity requirements, encouraging banks to rely on more stable sources of funding and minimize maturity mismatches. In general, the DNB has been pro-active in liquidity supervision and had already introduced several monitoring rules on liquidity before the CRR regulation came into force. The introduction of the new liquidity requirements (LCR and NSFR) under the CRR have strengthened the liquidity regime and created incentives to reduce exposure to short-term market financing, encouraging a greater proportion of the liability structure to be derived from stable sources of funding and reduce mismatch of assets and liabilities. Migration plans for compliance with the LCR and NSFR were implemented early, facilitating an orderly transition to the new requirements and the DNB has introduced a survival period requirement with a minimum requirement of one month, based on the profile of the bank. In addition to the LCR and NSFR, the DNB has introduced requirements to limit liquidity risk from excessive cross-border liabilities. The policy rule is designed to constrain the investment of deposit funds in non-Member States. It introduces an upper limit to the extent to which banks licensed in the Netherlands may, under the protection of the Dutch deposit guarantee scheme (DGS), serve as intermediaries for deposits raised in the Netherlands and other EU Member States to be invested outside the Member States. The rule prescribes that a prudent and acceptable ratio will exist if the product of the proportion of guaranteed liabilities in the balance sheet on the one hand and the proportion of loans and investment in non-Member States in the balance sheet total does not exceed 0.25 percent.

64. The ILAAP is an established process for the Dutch SIs and JSTs made good use of the framework to make a comprehensive assessment of liquidity risk. Supervisors conduct close monitoring of bank liquidity risks through a number of activities: meetings with treasury staff; observing the Asset and Liability Committee (ALCO) meetings; verifying risk management policies; conducting analysis of prudential ratios and additional liquidity ratios (e.g., self-funding ratios); and, importantly, confirming board engagement in setting liquidity risk appetite and subsequent oversight of implementing risk management standards. The SREP framework was enhanced during 2016 to support the work of the JSTs by developing more robust stress testing tools and proxies to effectively challenge banks’ estimates and assumptions.

65. While Dutch banks are well placed to meet the full implementation of the LCR and NSFR, continued monitoring is needed. Liquidity risk ranks lower in the overall priorities of Dutch banks and is driven in part by three factors: (i) lower inherent risk profile due to higher liquidity buffers; (ii) strengthened risk management; and (iii) current environment of excess liquidity and negative interest rates. Dutch SIs and LSIs are well placed to adhere to new liquidity standards and prudential ratios and have a much lower inherent liquidity risk profile than before the crisis. Nonetheless, they remain vulnerable to liquidity risk: to fill the deposit funding gap, banks make use of wholesale funding; approximately a third of the system is funded by market financing. This reliance exposes the Dutch banking system to changes in market sentiment, although this is somewhat mitigated by the fact that this funding is well diversified over type of holders and geography of holders. While banks have worked hard to manage this risk (e.g., extending the maturity profile of wholesale funding, etc.) continued monitoring is needed.


66. Given the extent of market-based funding, ongoing scrutiny of liquidity risk is needed, including through rigorous stress testing. Interrogating the assumptions behind the group/aggregate LCR is needed to ensure assets are freely available within and across the group to meet stressed outflows. Equally, accurate classification of liability buckets is needed to ensure run-off assumptions are calibrated properly. This is particularly needed when banks have large portfolios of liabilities that are treated as retail under the LCR framework yet are, in practice, professionally managed. Validating assumptions for the treatment of nonmaturity portfolios to ensure assumptions are conservative and ongoing analysis of composition of the liquidity buffer to understand where liquidity needs within a group are most needed.

F. Operational Risk (CP 25)

67. The regulatory and supervisory framework for operational risk is generally comprehensive. Banks are required to adhere to general risk management standards complemented with tailored guidelines (e.g., cloud computing, Information Security Control Framework, etc.).17 The risk management requirements are based on the standards set by the BCBS for operational risk. Banks report a mix of qualitative and quantitative information on a regular basis which is used to shape the nature, frequency and intensity of supervisory activities, e.g., thematic reviews, on-site examinations and meetings with senior bank management.

68. Dutch SIs are large, integrated, and operate in many cross-border markets shaping their inherent operational risk profile. The product base is diverse and sophisticated, and like many internationally active banks in mature markets, technology is a key component of the business model. Typically, expansive business models such as these are linked to active risk taking via more active marketing, aggressive incentive plans, the number of new products introduced, and attractive terms for investors. All these elements increase the level of operational risk, therefore requiring vigilance by the supervisor. Loss data indicates that SIs are exposed to a moderate level of operational risk mainly in legal risks. Furthermore, large cost-cutting programs at the large banks may result in a higher inherent operational risk profile.

69. Dutch SIs are heavily reliant on IT outsourcing arrangements and technology. The largest banks use outsourcing as a way to leverage external expertise but also to take advantage of potential cost efficiencies. As an example, one of the larger banks outsources all of its IT. Outsourced activities have been mapped for SIs as a way to identify potential sources of operational risk and the results of this work showed that Dutch SIs are exposed to off-shore service providers/cloud providers.

70. Supervisory focus on operational risk is being stepped up for both SIs and LSIs. Supervision examination plans for each of the SIs are incorporating additional on-site work on operational risk to address issues like IT infrastructure, AMA model reviews, outsourcing, data quality and legal issues. Supervisors also hold regular meetings with key control functions within banks as a way to monitor emerging issues.


71. Greater attention to ongoing model monitoring for AMA banks is needed to ensure adequate estimation of operational risk capital. The DNB assesses the usage of different risk identification and assessment tools by banks during on-site visits. The instruments in scope are Risk and Control Self Assessments (RCSAs), Business Process Modeling, Scenario Analysis, Internal Loss Data (ILD), External Loss Data (ELD), Key Risk Indicators (KRIs)/Key Performance Indicators (KPIs) and scorecards. In particular, for AMA banks, minimum requirements on the business environment and internal control factors are specified through the CRR Art. 322 paragraph 6.

72. More verification and testing is needed to make an accurate assessment of banks’ processes to manage and monitor the risks associated with outsourcing arrangements, including prior notification. As part of the risk assessment system, supervisors make regular assessments of the risks associated to outsourcing; for example, via meetings with senior bank management, on-site inspections, etc. Outsourced activities have also been mapped for SIs as a way to identify potential sources for operational risk. This process showed that Dutch SIs are exposed to off-shore service providers/cloud providers. Prior notification has been introduced for ‘cloud computing’ but this requirement needs to be applied across all material outsourcing arrangements to allow supervisors to assess whether outsourced arrangements are suitable (e.g., permit supervisors’ access, etc.). Guidelines for banks and supervisors are needed to ensure prudent practices, and it is understood that guidance will soon be issued.

Cyber Risk and Financial Stability in the Netherlands

New technologies are reshaping the financial services industry. The most recent example is the announcement by several of the largest global banks to jointly develop clearing and settling technology over blockchain. In the Dutch context, ING is currently partnering with more than 40 fintechs to develop and improve their product offering; improve their technology agility; and transform their product offering, how they deliver products as well as being part of the R3 project to explore the applications of distributed ledger technology in delivering financial services.

The benefits from technology (and fintech) might be forfeited if cyber resiliency is not adequately managed. The financial industry is one of the industry sectors that are highly vulnerable to cyber threats, and cybercrime has become the second most-reported economic crime this year; consequently, the average damage to organizations has grown by 14 percent from last year. A greater reliance on technology combined with faster technological development has resulted in more frequent and forceful cyber threats that go beyond the capture of protected information, and now entail disruptions in the accessibility of financial platforms and the integrity of financial information.

In the Netherlands, risk management standards for IT-related operational risk are established by Wft. Banks are required to have in place an effective operational risk management framework across the entire enterprise, subject to ongoing testing and enhancements to keep pace with the scale, complexity and risk profile of the business. In addition, banks are required to adhere to established industry standards for IT security, such as ISO/IEC 27 of the International Standards Organization. Prior notification is also required before banks enter into material outsourcing arrangements involving cloud computing.

More broadly, the Dutch government has marked the financial sector as one of the 12 sectors vital to the critical infrastructure. The critical infrastructure consists of 12 vital sectors being identified by the Dutch government. Among those sectors are the Energy, ICT/Telecom and Financial sectors. Within the Financial sector several financial institutions have been designated as the financial core infrastructure. To keep these sectors vital, law and regulations have been defined as well as national and international standards stimulated for specific topics. For example, regarding cyber and information security, the Dutch National Cyber Security Center (NCSC) communicates best practices.1

Strengthening IT resilience and cyber security is a key strategic priority for bank supervisors. Several initiatives have been implemented. Since 2009, the information security is assessed, monitored, benchmarked and followed-up periodically to assure a minimum maturity level. In that regard, cyber security has been identified as a central theme and communicated as such, leading to specific investigations like the quality of penetration testing (2013), Mobile Banking apps (2014), and IT complexity (2015).

During 2015, the SSM undertook a cyber thematic review consisting of a self-assessment across a range of areas. Results of the self-assessment were followed-up during 2016 and integrated into supervisory action plans where issues identified. The DNB extended this to the financial market infrastructure. Next to the thematic investigations, cyber and information security are a standard topic included in IT on-site visits. To enhance awareness several seminars and round tables were organized. Additionally, IT resilience is strengthened through performing periodic BCM/DR inspections and running DR-scenarios especially for the Financial Key Infrastructure.

Further work is planned in 2016 and 2017. For the coming period the IT resilience and cyber security level of banks will be further challenged by performing ethical penetration tests using intelligence-based scenarios (Threat Intelligence-Based Ethical Red Teaming (TIBER)). Furthermore, the IT on-sites and information security assessments including monitoring and follow-up will be continued in 2016/2017. Also the SSM intends to do a follow-up on the 2015 SSM cyber thematic review.

Robust detection techniques are needed to keep pace with evolving cyber threats. Regular board and management engagement and intrusive inspection are key planks in the supervisory approach. Supervisors need to verify that banks are appropriately incentivized (a) to increase security and IT resilience by raising risk management standards; and (b) to leverage collective strengths through greater global coordination. Achieving consistent industry standards at each layer of the service point will be necessary.

To foster system-wide resilience, data-sharing among all participants is vital. In that regard, the Dutch government has taken the initiative to set-up the NCSC. The NCSC has a role to share cyber security information, monitor, and perform incident and response activities in collaboration with other CERT organization. Additionally, the Dutch financial industry has built up a history of trust in information sharing through platforms such as the so-called Financial Industry Information Sharing Analysis Centre (FI-ISAC) that was started as an informal community in 2003 and was formalized in 2006. A number of banks and financial market infrastructures actively participate in this platform. Furthermore, in 2011, the financial industry engaged with law enforcement in an initiative called the Electronic Crimes Task Force in which representatives from banks, the Dutch police’s team high-tech crime, and the prosecutor are jointly working at an operational level on cybercrime cases.

1 In June 2016 the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commission (IOSCO) have published guidance for cyber resilience, in addition to the Principles for Financial Market Infrastructures that have been published in April 2012. See

Appendix I. Summary Analysis of Selected Core Principles

The table below offers a summary analysis of the selected core principles, based on the 2012 BCPs.18 It provides an overview of the legal and regulatory framework and comments on main strengths and vulnerabilities on each topic.

Supervisory Powers, Responsibilities and Functions

article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image
article image

This TN was prepared by Christopher Wilson.


The revised 2012 BCPs reflect market and regulatory developments since the last revision, taking account of the lessons learnt from the financial crisis in 2008/2009. These have also been informed by the experiences gained from FSAP assessments as well as recommendations issued by the G-20 and FSB, and take into account the importance now attached to: (i) greater supervisory intensity and allocation of adequate resources to deal effectively with systemically important banks; (ii) application of a system-wide, macro perspective to the microprudential supervision of banks to assist in identifying, analyzing and taking pre-emptive action to address systemic risk; (iii) the increasing focus on effective crisis preparation and management, recovery and resolution measures for reducing both the probability and impact of a bank failure; and (iv) fostering robust market discipline through sound supervisory practices in the areas of corporate governance, disclosure and transparency.


See Appendix I for more details regarding analysis of the regulatory framework and supervisory practices undertaken during this FSAP.


The SRM was established by the SRM Regulation (Regulation 806/2014). National deposit insurance schemes are maximum harmonized under the recast Deposit Guarantee Schemes Directive (2014/49/EU). In addition, the European Commission has proposed a European deposit insurance schemes which is intended to form the third pillar of the European banking union and would apply to deposit insurance schemes in Member States participating in the SSM. The ECB was given supervisory powers by the SSM Regulation (Regulation 1024/2013) which was supplemented by the SSM Framework Regulation (Regulation 468/2014).


Herfindahl Index of 21.16 for 2015Q3.


Calculated as debt claims of Dutch banks against nonresidents.


For further details, see


The outstanding balance of household debt amounts to €740 billion at end-2014, about 275 percent of disposable income and 111 percent of GDP, which is the second highest after Denmark. The DNB (2015) notes that 61 percent of homeowners between the age of 30–40 were in negative equity at end-2015Q1.


ING, Rabo and ABN-AMRO have the following ratings respectively: S&P (A-, A+ and a); Moody’s (Baa1, Aa2 and A1).


Analysis of CP 1 and 2 was conducted for the DNB and did not include the ECB.


There are areas where national regulations are needed by the ECB in direct supervision of SIs (e.g., fit-and-proper, and corrective actions and sanctions).


As a rule, NCAs are themselves directly competent to impose sanctions. Moreover, the ECB can impose a sanction on a LSI for breaches of relevant ECB regulations or decisions, which impose an obligation vi-à-vis the ECB.


For purposes of the assessment therefore, “Board” will mean the oversight function, i.e., the Supervisory Board, and “senior management” will mean the executive function, i.e., the Management Board. In a one-tier Board of Directors, both senior managers and directors, representing shareholders and independent directors, are present.


See also the TN on the Macroprudential Policy Framework.


Mortgages are partly originated by so-called ‘regiepartijen,’ which are rapidly growing nonbank lending platforms that use brokers or websites to sell home loans on behalf of institutional investors.


The exposure of pension funds to Dutch home loans is also growing reaching €15 billion at the end of 2015, but significantly lower than the total mortgage loan portfolio of Dutch insurers of €46 billion.


See Box 2 for a description of activities conducted by the DNB and SSM on cyber risk.


In this document, “banking group” includes the holding company; the bank and its offices; subsidiaries; affiliates; and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for example nonbank (including nonfinancial) entities, may also be relevant. This group-wide approach to supervision goes beyond accounting consolidation.


For a full description of the distribution of supervision responsibilities between the ECB and NCAs, see


Please refer to footnote 19 under Principle 1.


For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure, encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or members of the banking group through other entities in the wider group.


To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25), as reflected by the underlying reference documents.


It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk management policies and processes are being adhered, the responsibility for ensuring adherence remains with a bank’s Board and senior management.


The CP does not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for compliance with the CP, and compliance with one of the regimes is only required of those jurisdictions that have declared that they have voluntarily implemented it.


Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.


Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities.


Counterparty credit risk includes credit risk exposures arising from over-the-counter (OTC) derivative and other financial instruments.


Reserves for the purposes of this Principle are “below the line” nondistributable appropriations of profit required by a supervisor in addition to provisions (“above the line” charges to profit).


The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk.

Kingdom of the Netherlands-Netherlands: Financial Sector Assessment Program:: Technical Note-Banking Supervision
Author: International Monetary Fund. Monetary and Capital Markets Department
  • View in gallery

    Netherlands: Banking Sector Indicators, 2015Q4

    (In percent)

  • View in gallery

    New Loan Loss Provisions

    (In percent of average customer loans)

  • View in gallery

    RWA Density

  • View in gallery

    Netherlands: Movement in Capital Adequacy from 2008 to 2015

    The three largest Dutch banks have increased their quality and quantity of capital measured by CET1 from 2008 to 2015. ING had make the largest progress in building CET1 compared with Rabo and ABN AMRO, which started from a much higher ratio.