Free trial
cover van BSN nummers artikel
Back to hub

How BSN numbers are holding a billion-euro industry hostage

Banks and other financial institutions are increasingly caught between the Wwft (the Dutch anti-money laundering legislation), which requires them to carry out extensive Know-Your-Customer screening, and the GDPR, which requires them to store only the absolute minimum of sensitive customer data. The result: banks must sift through hundreds of thousands of files to ensure that all personal data is stored in accordance with the rules.

A recent ruling appeared to give the banks some respite, but those hopes were soon dashed. The culprit is the Burgerservicenummer (Citizen Service Number, or BSN). This issue has long held the financial sector hostage and is the subject of heated debate. To store data or not – that is the issue. Earlier this year, Kifid, Dutch Institute for Financial Disputes, has issued a binding judgment on the matter. Banks may indeed request, record and store the BSN, but a copy of the ID may not be stored unprocessed. Such muddled legislation is characteristic of the friction between a tightening of the gatekeeper role of financial institutions on the one hand and the increasing privacy protection of consumers on the other. 

Jump for joy 

Compliance officers who might have jumped for joy after reading the ruling soon had their feet back on the ground. Although banks may continue to process the BSN, the photo on the ID must always be blurred. Likewise, the ID document must always be watermarked. The only ground on which banks are allowed to process the BSN is because they are legally obliged to state the BSN when providing information to the tax authorities. In addition, due to the deposit guarantee scheme, they must share the BSN of their account holders with the Dutch Central Bank. 

In many other cases, financial service providers are not allowed to process the BSN at all. Mortgage lenders, for example, are only allowed to process a BSN if the mortgage has been definitively approved. So as long as the mortgage offer has not been accepted by the new customer, the lender is not allowed to process the BSN of that possible future customer under any circumstances. Not even if the customer gives permission to do so. In practice, this means that consumers actually have to scratch out the BSN themselves before sharing documents with mortgage lenders. Industry organizations have therefore called on payroll services providers to make documentation available with and without BSN. UWV (the Employee Insurance Agency) and Stichting Pensioenregister (a platform of the joint pension providers) have started doing this. 

Legacy data 

But that’s only part of the problem. Another part is: what to do with legacy data that is already in a digital archive? Decades of privacy-sensitive customer data are stored in digital archives of financial institutions. But these institutions are no longer allowed to store this data, so it must be made illegible. To manually search all this data would require an average effort of about ten minutes per customer file. If you extrapolate this to the total of just under five million mortgage holders in the Netherlands, manual processing does not seem an option. However, due to the limited availability of the required technology, this is seen by many banks as the only solution. As a result, the Dutch Central Bank estimates that more than 20% of all bank staff is active in the field of compliance. 

The solution: Blurrify 

Manual processing looks like an unworkable solution. Not only because of the time it takes, but also because of the limited reliability of the routine work and the fraud risks that banks expose customers to when manually going through their most sensitive financial data. For this reason, the financial sector is increasingly looking for automated solutions to comply with laws and regulations. The market for these solutions is now so large that it has a separate name: regulatory technology (regtech). 

One of the players in this market is the Dutch fintech Hyarchis. After the introduction of the General Data Protection Regulation (GDPR) in 2018, Hyarchis developed an application that meets the requirements of the recent Kifid ruling. Adriaan Hoogduijn, CEO of Hyarchis, who masterminded the application, says: “Since the introduction of the GDPR, we have closely followed the somewhat surreal discussion about the citizen service number. About 85% of all Dutch mortgages are in our systems. Despite mortgage lenders being very different, we decided, based on our interpretation of the GDPR, to develop a solution for compliance – Hyarchis Blurrify. The European Union has supported this with a substantial subsidy with which we have developed an AI-driven application in collaboration with several European universities that is now being used in the Netherlands, Belgium and Germany to comply with European privacy legislation.”

Similar Posts
<strong>Classify: Create a fully organized document repository</strong>

Are you struggling with customer files that are burdened with unstructured data, missing documents, or incorrectly categorized documents? Classify will help you restore chaos into order,...

Read more
<strong>Search-it: Google your digital archive</strong> 

Technology is evolving rapidly, so it can be difficult to keep up with the ever-changing landscape. Fortunately, the remediation process helps to alleviate some of these problems by ensuring...

Read more
Cloud accounting in 2023 – Where to start?   

Are you still relying on desktop accounting software in your office? If your answer is yes, this blog is for you! Completing forms by hand to keep track of your business bookings can take...

Read more
Compliance - Why is it so important for accountants?

The accounting industry is under pressure, in part because of laws and regulations, which are constantly changing. So how do you ensure you are compliant and avoid reputational damage as...

Read more
How BSN numbers are holding a billion-euro industry hostage

Banks and other financial institutions are increasingly caught between the Wwft (the Dutch anti-money laundering legislation), which requires them to carry out extensive Know-Your-Customer...

Read more
Rising costs of supervision endanger continuity of accountancy firms

Eindhoven, 24 March– Since the beginning of the year, AFM, the regulatory authority, is fully responsible for the supervision of accountancy firms. As a result, supervisory costs for the...

Read more
Tomorrow’s mortgage market – fewer branch visits, more website visits

Millennials make up a quarter of the world’s population and are unique in many ways. They are the first generation to grow up in the digital age, spending equal time on- and offline. If...

Read more
Regulatory reporting: what is it and why is it crucial?

Regulatory reporting refers to the analysis, recording and submission of data to demonstrate compliance with laws and regulations....

Read more
How does Regtech optimise complex risk management processes?

Globally, the value of payment fraud in 2019 was $28.65 billion. In the EU/SEPA region, the total value of fraudulent card transactions was estimated at €1.87 billion in the same year....

Read more

This website uses cookies in order to offer you the most relevant information.

Please accept cookies for optimal performance. You can read our privacy policy here.