DNB’s Guidance on the Anti-Money Laundering and Counter-Terrorist Financing Act and the Sanctions Act states the following:
“To determine the customer's risk profile, institutions should prepare a transaction profile based on expected transactions or expected use of the customer's (or customer group's) account. By preparing a transaction profile in this way institutions can sufficiently monitor transactions conducted throughout the duration of the relationship to ensure these are consistent with the knowledge they have of the customer and their risk profile. By identifying the expected transaction behaviour, institutions can assess whether the transactions carried out are consistent with their knowledge of the customer. This may for example be the case with deviating amounts, moments or volumes and the use of non-standard technical devices and resources. The crypto service provider must report such unusual transactions to FIU-NL.
For the duration of the relationship it is important that the institution checks periodically whether the customer still fits his/her risk profile and whether the transaction pattern is in line with expectations. The institution may tailor the frequency and intensity of the reviews to the customer’s risk classification.”