The latest developments across the P&C insurance industry regarding fraud, risk and compliance.
08 April 2016

Insurers lack compliance with Sanction Law

Research by the Dutch National Bank (DNB) has indicated that insurers are not taking enough precautions to avoid infringement of the Sanction Law (SL). With European legislation on the rise, this is an issue that many insurers in Europe may be facing on the short term.

In November 2015, DNB already found that insurers and other financial institutions are experiencing difficulties in connecting their specific risk profile to the measures required to comply with the Sanction Law. From the study was concluded that the compliance level at some firms was too low due to a lack of actions that were taken to thoroughly assess customers with a high risk profile. At the same time, DNB recognized an excess of compliancy measures at some other institutions.

Based on the current studies, DNB concludes that a number of insurers have improved on complying with the SL. There are even several ‘good practices’: these are organizations that have no shortcomings with regards to the law, and from which DNB recognizes that the taken measures have been implemented adequately.

No risk analysis
Nevertheless, apart from a few exceptions, DNB announces that most insurance companies that were part of the research do not have the required level of compliance with the SL yet. This is something that applies to insurance companies across Europe. Usually, insurers do not have a risk analysis in which the customer type and activities are linked to control measures with regards to the SL.

Own responsibility
Regulations are barely included in education and trainings. This may partly explain the lack of awareness among insurers in relation to the sanction legislation. Insurers are mainly relying on suppliers of sanction lists and on periodical screenings of the portfolio. A screening of new relations is not always taking place.

Most important bottle-necks
The most important bottle-necks are the following:

  • Most non-life insurers have not registered Ultimate Beneficial Owners (UBOs). This means that these relations cannot be screened against a sanction list, which conflicts with the SL.
  • Few or no screenings are taking place after updates of the sanction lists.
  • Insurers update lists only periodically, and not when actual changes are made to the lists. This leads to periods in time where customers are accepted who are on a sanction list.
  • Insurers often assume that other parties in the chain are taking the required measures, without checking and controlling if these parties are in fact doing so.
  • Knowledge about the sanction legislation is insufficient in a large part of the industry.

The primary condition in complying with sanction legislation is that an organization has a clear overview of all relations, including structure, Ultimate Beneficial Owners (UBOs), directors and intermediaries. It is important that companies realize it is not only important to screen their relations to sanction lists, but to also proactively monitor all the activities of these relations and check if people are trying to get around the sanction lists.

CEO at FRISS Jeroen Morrenhof recognizes these findings, and indicates: “With an adequate risk assessment and screening it is possible to avoid an excess as well as a lack of compliance measures. Besides that, it is important to screen your entire portfolio on a regular basis.”

Source: DNB

Contact us

Cookie and Privacy Policy

1. Introduction

When you use this website, FRISS may collect information about your use of the website and the content offered. We believe it is important to handle your (personal) data with due care and confidentiality. When processing your personal data, we comply with the General Data Protection Regulation (Algemene Verordening Gegevensbescherming) and Article 11.7a of the Telecommunications Act (Telecommunicatiewet).

1.1.  Controller

The controller of the processing of personal data is:

FRISS Fraudebestrijding B.V.
Orteliuslaan 15
3528 BA

This processing of personal data is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague under reporting number m00004997.

1.2.  Purposes of data processing

There are several places on our website where you can fill in your (personal) data. We will explain the purposes of the various instances of data processing below.

Filling in the contact form or sending an e-mail

If you fill in the contact form on our website or send us an e-mail, we will only use the (personal) data you provide for the purpose or purposes for which you filled in the contact form or sent the e-mail.

Download form

If you download files on our website (such as e-books, whitepapers or reports), we will use the (personal) data you provide for one or more of the following purposes:

  • for the execution of an agreement, for example to send you the e-book, whitepaper or report you have chosen;
  • for the formation of an agreement, for example by contacting you by telephone or in writing.


If you fill in the application form for the newsletter on our website, your (personal) data will be used to send you the newsletter. Each newsletter contains a hyperlink at the bottom of the message that you can use to unsubscribe.

In addition to the personal data you provide to FRISS yourself, FRISS may collect, record and process additional (personal) data if you use the (web) services of FRISS. This concerns the following personal data:

  • data from the used equipment, such as a unique device ID, version of the operating system and settings of the device you use to access a service;
  • information about the use of a service, such as the time at which you use the service and the type of service that is used;
  • location details from your device or derived from your IP address that is provided to us when you use a particular service;
  • data available from external sources. We may receive information about you from public or commercially available sources.

1.3.  Provision of (personal) data to third parties

Your (personal) data will never be provided to third parties without your permission, unless we have an obligation to do so pursuant to legislation or regulations or you have given permission for this.

1.4.  Security of data

FRISS respects your privacy and ensures that personal data are handled confidentially and with the utmost care. All processed (personal) data is stored exclusively in secure databases. These databases are only accessible to employees of FRISS, to the extent that this access is required by virtue of their position. FRISS makes every effort to secure these systems against loss and/or any form of unlawful use or processing.

1.5.  Inspection, correction and deletion of data and the right to object

You can view your data that is processed by FRISS at any time and free of charge and, if you so wish, modify this data or have it deleted. You can also object to receiving information about products, services or content of FRISS. If you wish to make use of one of these options, you can send an e-mail to the Data Protection Officer of FRISS via privacy@friss.eu or write to the following address:

FRISS | fraud, risk & compliance
Attn. Data Protection Officer
Orteliuslaan 15
3528 BA Utrecht.

2. Cookies

When using this website, information about your use of these services and other websites may be collected by or on behalf of FRISS, for example by means of cookies.

A cookie is a small file that is sent along with pages of a website and stored by your browser on the hard disk of your computer. We use cookies to remember settings and preferences. You can disable these cookies via your browser.

2.1.  The purposes for which FRISS uses cookies

On our website we use cookies for the following purposes:

  • for statistical purposes, in order to analyse the use of FRISS websites. This allows us to keep track of the number of visitors and see which parts of our website are popular. We use Google Analytics in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by Google;
  • for what is known as ‘targeting’ purposes, if you have used the download form. By targeting we mean building a profile of you based on your surfing behaviour on our website, after which we may contact you by telephone or e-mail based on the interests you have shown in order to offer you FRISS services that you may be interested in. We use HubSpot in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by HubSpot;

3. Changes to this Cookie and Privacy Statement

FRISS may make changes to this Cookie and Privacy Statement. All modifications will be published on this page. We advise you to consult this Cookie and Privacy Statement regularly, so that you are always aware of the content of the current Cookie and Privacy Statement.