DNB ·

DNB imposes €2,656,250 administrative fine on CCV Group B.V.

Dutch payment institutions must verify their transaction-monitoring feed is complete and alert closures documented, or face the same fineable Wwft breach

Change
On 2 March 2026 De Nederlandsche Bank (DNB) imposed a €2,656,250 administrative fine on CCV Group B.V. for breaching article 3(2) Wwft — inadequate ongoing customer due diligence from 2021 through at least 10 December 2024 — after finding its transaction-monitoring system was not fully fed with merchant profiles and transactions and that alerts were closed in bulk without documented justification.
Why it matters
DNB's basis for the fine is a transferable control standard: a transaction-monitoring system must be fully and timely fed with every merchant's transaction profile and every executed transaction, and alerts must be investigated on time with bulk closures documented via a defined justification record. CCV's system left profiles unloaded, ran stale profiles during reboarding, omitted Ecom transactions, and closed alerts in bulk without the required form. DNB also treated a prior 2020 fine for the same article as grounds for a 25% culpability uplift, signalling that repeat monitoring gaps at any institution carry escalated exposure.
Implications
  • Dutch payment institutions' financial-crime compliance teams must verify their transaction-monitoring system is fully and timely fed with every merchant or client transaction profile and every executed transaction — DNB fined CCV Group B.V. €2,656,250 precisely because unloaded profiles and omitted transaction streams (Ecom and labelling gaps) meant monitoring ran against incomplete data, and the same feed gap is fineable at any Wwft institution.
  • Transaction-monitoring and alert-handling teams at Wwft-obligated firms must confirm bulk alert closures are supported by a documented, individually-reasoned justification record before closing — DNB treated CCV's undocumented bulk closures, closed without the firm's own required case form, as a distinct ongoing-monitoring failure regardless of the alert volume driving them.
  • Compliance and internal audit functions at institutions with known open monitoring issues must confirm self-identified system defects are remediated durably, not merely logged — DNB applied a 25% culpability uplift because CCV had documented the profile-loading and data-completeness issues internally since 2021 yet left them unresolved, making prior awareness an aggravating factor rather than mitigation.
Who is affected
  • Financial-crime compliance teams at Dutch payment institutions
  • Transaction-monitoring and alert-handling teams at Wwft-obligated firms
  • Compliance and internal audit functions at institutions with open monitoring defects
View on DNB
Clarify this change

Grounded in this brief and its source — your questions stay private.

Clarify with AI — Pro only

You asked:

Clarify turns any brief into answers specific to your role and exposure.

Pro includes

Implications — what this change may force you to review
Who is affected — which people, workflows, or obligations are touched
What to watch — dates, deadlines, and triggers that matter next
Real-time alerts — delivered when a decision-forcing change is published
Clarify with AI — ask what this change means for you

$29/month · Founding rate, locked for life. Cancel anytime.

Create a free account to keep clarifying

You asked:

You've used your free guest questions for now. A free account gives you more every month and saves your history — or start a Pro trial for unlimited Clarify and real-time alerts.

Pro includes

Implications — what this change may force you to review
Who is affected — which people, workflows, or obligations are touched
What to watch — dates, deadlines, and triggers that matter next
Real-time alerts — delivered when a decision-forcing change is published
Clarify with AI — ask what this change means for you

Free account: no card, ever. Pro trial: $29/month after 14 days, no card to start, cancel anytime.