When Regulators Step Back: What €27 Billion in Dutch Tax Losses and Weakening Oversight Mean for Your Business

What Is Happening: Regulatory Softening Across Major Jurisdictions

Regulatory oversight is weakening simultaneously across the US, the UK, and the EU. Reasons differ by jurisdiction.

In the US, federal regulatory enforcement actions against financial services firms dropped 37% in the first half of 2025 compared to the previous six months. Monetary penalties fell 32%. The Consumer Financial Protection Bureau withdrew 67 guidance documents, creating regulatory voids that state-level authorities are now attempting to fill. The result is a more fragmented and burdensome patchwork for firms operating across jurisdictions.

In the UK, regulatory dilution ties to competitiveness and growth. The Leeds Reforms and the Expansion and Competitiveness Strategy build on earlier deregulatory efforts, seeking to loosen post-2008 safeguards, such as ringfencing, and to give banks greater freedom to take on more risk and broaden their product range.

In the EU, the shift is propelled by a technocratic push to simplify a complex rulebook. The European Commission proposed ten omnibus packages in 2025, reducing recurrent administrative costs by €11.9 billion. The European Council acknowledged in December 2025 that the Union’s financial services regulation had become more complex and extensive than necessary.

Simplification creates supervision gaps. The Commission is de-prioritizing level 2 regulatory provisions in financial services. Detailed implementation rules will not be adopted before October 2027. Broad rules exist, but enforcement is delayed due to the lack of specificity.

Understanding this shift across jurisdictions is essential, as these changes affect your access to payments, banking, and other financial services through institutions now operating under reduced oversight.

Why This Matters: The Detection Problem

When regulatory resources contract or priorities shift, a specific problem worsens: incomplete observability.

Research using the Capture-Recapture methodology on UK financial misconduct between 2004 and 2016 reveals a key insight: we observe only detected wrongdoers, not the total population of offenders. The study found falling numbers of detected offenses after 2010 arose mainly from improved deterrence rather than reduced detection capability.

This methodological finding is important. When regulatory resources contract or priorities shift, the incomplete observability problem worsens. More misconduct goes undetected, leading to a false sense that compliance is improving.

Global AML, KYC, and sanctions penalties totaled €3.8 billion in 2025, down from €4.6 billion in 2024 and €6.6 billion in 2023. A 42% decline over two years.

Enforcement changed significantly by region. North American fines fell 58%, while EMEA penalties rose 767% and APAC rose 44%. The single largest 2025 penalty was €835 million issued by French authorities to a Swiss bank for AML failings, making France the second-largest global enforcer after the US.

In summary, for Dutch businesses, increased EU scrutiny coincides with declining global enforcement numbers. This emphasizes that reduced detection does not mean reduced wrongdoing; it simply decreases your visibility into misconduct.

Key point: Falling penalty numbers don’t signal better compliance. They signal weaker detection. Misconduct you don’t see is most likely to affect you.

How Financial Institutions Decide to Misbehave

Financial institutions rarely set out to behave unethically or illegally. Their choices are determined by incentives.

When faced with ambiguous trading or structuring choices, firms conduct a simple cost-benefit analysis:

• How likely is detection?
• If detected, what is the probability of settlement versus sanction?
• If sanctioned, who bears the cost? The institution, the desk, or the individuals involved?

Research shows rules deter financial misconduct only when enforcement is visible and credible. The existence of laws and regulations matters less than the expectation that violations will be detected and penalized.

When regulators make permissive noises, when their resources are strained, and when countries enforce rules unevenly, the perceived risk of getting caught plummets.

This changes the internal calculus within financial institutions. A practice formerly off-limits starts to look acceptable or rational.

Organizational culture and behavioral biases are equally important. In intense, high-status financial environments, conduct is affected as much by group identity and loyalty as by formal rules. People adapt their moral boundaries to apparent authority structures and become reluctant to challenge superior performers or respected colleagues.

What begins as a clever workaround and a legally ambiguous area gradually becomes how things are done here. Weakening regulatory criteria accelerates this drift.

Key point: Regulatory softening doesn’t change the rules on paper. It changes the perceived likelihood of enforcement. Perception is what drives institutional behavior.

What This Means for Your Business: Fraud Exposure Is Rising

Structural conditions that enable misconduct directly filter into the fraud exposure you face as a business operator.

EU payment fraud reached €4.2 billion in 2024, rising 17% from 2023. Credit transfers accounted for €2.5 billion and card fraud for €1.3 billion.

Fraud is disproportionately cross-border. Cross-border fraud rates are substantially higher than domestic rates across all instruments.

Most concerning for small businesses: Customers bore 85% of fraud losses from credit transfers in 2024, mainly due to Authorized Push Payment (APP) scams, in which victims authorize payments, leaving them without automatic reimbursement rights under current law.

Fraudulent instant payment transactions in the EU jumped 175% over the past few years, far outpacing the 98% growth in overall instant payment volume. By late 2024, about 16% of all SEPA credit transfer volume was real-time.

Real-time rails enable criminals to transfer stolen funds through mule accounts beyond recall, creating immediate, irrevocable loss exposure for businesses.

Mastercard’s research of 1,830 SME founders across 18 European countries (including the Netherlands), conducted in December 2024 to January 2025, found 25% of entrepreneurs have been targeted by fraudsters.

Despite these risks, 47% of business owners remain uncertain about how to protect against cyberattacks, and 67% report needing to improve their understanding of cybersecurity. One in four European SMEs fear a cyberattack could force them to close.

Key point: The knowledge gap creates asymmetric vulnerability. Sophisticated fraud infrastructure is targeting operators with limited defensive capability. Your exposure is rising while institutional oversight falls.

Where the Pressure Lands: Credit Stress and Misconduct Risk

The European Banking Authority’s December 2025 Risk Assessment Report shows that SMEs were the largest contributor to non-performing loan (NPL) inflows, at €32 billion, alongside consumer credit, which exceeded €20 billion.

While both segments showed significant outflows (€31 billion and €19 billion, respectively), indicating that banks are managing these loans through cures, write-offs, or sales, the data shows that SME credit stress remains elevated.

This credit pressure, combined with reduced government supervision, creates conditions in which financially stressed businesses face heightened fraud exposure from external actors and potential internal misconduct driven by survival pressure.

When margins are tight, cash flow is constrained, and regulatory scrutiny is reduced, the temptation to cut corners or the vulnerability to fraud increases.

Key point: Credit stress and regulatory softening are a dangerous combination. Small businesses under financial pressure face a higher fraud risk when institutional oversight is at its weakest.

What You Should Do Now

You don’t control regulatory cycles or institutional behavior. You control your exposure to the consequences.

Review Your Internal Controls

• Who approves payments above €5,000? Above €10,000?
• Do you require dual authorization for bank transfers?
• Are you monitoring unusual payment requests, especially those involving urgency and changes to standard procedures?

Monitor Financial Transactions Closely

• Review bank statements weekly, not monthly.
• Set up automated alerts for transactions above defined thresholds.
• Verify payment requests through a second channel (phone call, not email reply)
• Be especially cautious with instant payment requests. Real-time rails create irrevocable exposure.

Guarantee Compliance with Dutch Regulations

• Confirm your bookkeeping and tax filings are current and accurate.
• Review your VAT administration and ensure invoices comply with the requirements of the Belastingdienst.
• If you employ staff, verify that your payroll administration and UWV reporting are correct.
• If you process personal data, confirm that you meet your obligations under the Autoriteit Persoonsgegevens.

Be Aware of Fraud Patterns

• Authorized Push Payment (APP) scams are on the rise. Verify payment requests independently.
• Cross-border fraud rates are higher than domestic rates. Apply additional scrutiny to international transactions.
• Real-time payment fraud is surging. Decide whether instant payments are necessary for your business model.

Execute Robust Internal Systems

• Document your approval processes.
• Train anyone with payment authority on fraud patterns and verification procedures.
• Create a simple checklist for high-value and atypical transactions.
• Review your business insurance coverage for fraud and cybercrime exposure.

Monitor What Happens Next

• Watch for further EU regulatory simplification announcements and evaluate their impact on financial services oversight.
• Track Dutch enforcement actions and penalties. Rising enforcement in the Netherlands signals increased scrutiny.
• Keep informed about payment fraud patterns and modify your controls accordingly.

Frequently Asked Questions

Why does regulatory softening matter to small businesses in the Netherlands?

Regulatory softening reduces the perceived chance of detection for financial misconduct. When banks and financial institutions operate under reduced oversight, conditions enabling past fraud schemes re-emerge. Your business relies on these institutions for payments, banking, and financial services. Reduced institutional scrutiny increases your fraud exposure.

What are Authorized Push Payment (APP) scams?

APP scams occur when victims are tricked into authorizing payments to fraudsters. Because the victim authorizes the transaction, automatic reimbursement rights do not apply under current law. Customers bore 85% of fraud losses on credit transfers in 2024, mainly due to APP scams. These scams are on the rise across the EU.

How does cross-border fraud affect Dutch businesses?

Cross-border fraud rates are substantially higher than domestic rates across all payment instruments. Criminals exploit jurisdictional gaps and slower information sharing between national authorities. If your business processes international transactions, apply additional examination and verification procedures to cross-border payments.

Why are instant payments riskier than standard transfers?

Real-time rails enable criminals to transfer stolen funds through mule accounts beyond recall. Once an instant payment is executed, the transaction is irrevocable. Fraudulent instant payment transactions in the EU jumped 175%, far outpacing the 98% growth in overall instant payment volume. Decide whether instant payments are necessary for your business model.

What internal controls should a micro business implement?

Start with dual authorization for payments above €5,000 or €10,000. Review bank statements weekly. Set up automated alerts for transactions above defined thresholds. Verify payment requests through a second channel (phone call, not email reply). Document your approval processes and train anyone with payment authority on fraud patterns.

How does credit stress increase fraud risk?

SMEs were the largest contributor to non-performing loan inflows, accounting for €32 billion in the December 2025 EBA Risk Assessment. When margins are tight and cash flow is constrained, businesses face greater vulnerability to fraud and a greater temptation to cut corners. This credit pressure, combined with reduced regulatory supervision, creates conditions where fraud exposure increases.

What should I monitor to stay ahead of fraud trends?

Watch for further EU regulatory simplification announcements and evaluate their impact on financial services oversight. Track Dutch enforcement actions and penalties. Remain aware of payment fraud trends from sources such as the European Banking Authority and Dutch financial regulators. Adjust your controls as fraud patterns evolve.

Are Dutch enforcement actions rising or falling?

While global AML, KYC, and sanctions penalties fell 42% between 2023 and 2025, EMEA penalties rose 767%. France became the second-largest global enforcer after the US, issuing an €835 million penalty to a Swiss bank. Dutch businesses face an environment where EU supervisors intensify scrutiny even as global headline numbers decline.

Key Takeaways

• Regulatory oversight of financial institutions is weakening across the US, the UK, and the EU. Conditions enabling €27 billion in Dutch dividend tax fraud are re-emerging.
• EU payment fraud reached €4.2 billion in 2024, up 17% from 2023. Customers bore 85% of fraud losses on credit transfers, mainly due to Authorized Push Payment scams.
• Fraudulent instant payment transactions in the EU jumped 175%. Real-time rails create irrevocable loss exposure for businesses.
• 25% of European SME founders have been targeted by fraudsters. 47% are unsure how to protect themselves. The knowledge gap creates asymmetric vulnerability.
• SME credit stress stays elevated at €32 billion in non-performing loan inflows. Credit pressure combined with reduced government supervision increases fraud exposure.
• Review your internal controls. Implement dual authorization for payments above €5,000. Review bank statements weekly. Verify payment requests through a second channel.
• The regulatory climate is softening. Your defensive posture shouldn’t.