The bunq fine shows why a late answer can outlive a later refund.
A serious fraud complaint rarely arrives in neat office language. It comes as a shaking voice, a forwarded bank message, a screenshot, a chat ticket, or a partner asking whether the money is gone. By the time it reaches the business, the customer already feels late.
The signal has to become readable
On 8 June 2026, the Autoriteit Financiële Markten published its decision to fine bunq B.V. €170,000. The fine, imposed on 2 June, concerned seven complaints from customers who had become victims of online fraud. AFM found that they received a substantive response only weeks after the legal response period had expired.
This matters beyond one bank. It shows a point that is easy to miss when people are trying, in good faith, to solve the loss itself. The answer to the complaint has its own clock.
The clock is separate from the refund
For payment service providers, Article 43a of the Besluit Gedragstoezicht financiële ondernemingen Wft is the anchor. A provider must respond substantively to all points raised in a payment-service complaint within 15 working days after receipt.
In exceptional situations, for reasons not attributable to the provider, the period may reach 35 working days. The customer must then receive the reason, the expected final response date, and the route to the dispute body.
That statutory clock belongs to payment service providers. A restaurant, webshop, adviser, or installer should treat it as a control lesson, not as a copied legal deadline. Once a serious complaint arrives, time, ownership, proof, and the content of the answer all begin to matter.
AFM also drew a line between compensation and response control. bunq fully or largely compensated the customers voluntarily. That helped reduce the fine, but the waiting period remained part of the breach. Later goodwill may repair money. It cannot recreate a timely answer.
Where small businesses recognise the pressure
Imagine a small online merchant selling refurbished phones. A customer says the payment followed a phishing link, the delivery address was changed, and the parcel is already in transit. The owner sees three problems at once: an upset customer, a possible payment hold, and an unclear courier record.
What the signal changes
In that moment, the owner wants to solve the thing. That is human. Yet the company also needs to preserve the chain. When did the message arrive? Who took ownership? Which points did the customer raise? What sits in the order system, payment dashboard, inbox, and courier portal?
For a non-financial small business, other rules, platform terms, insurance terms, or consumer obligations may matter. The practical weakness is often the same. The first mistake may be fraud by someone else. The avoidable mistake is a company that cannot reconstruct its own response.
Digital work can hide silence
Many complaint paths look active from the inside. A chatbot has replied. A ticket number exists. Support has tagged the case. A fraud alert is open. A payment dashboard shows review pending. The customer can still be left without a substantive answer.
That distinction matters. AFM's decision says the response must deal with all complaint points that fall under the relevant payment-service rights and duties. A holding message, queue status, or internal note will not carry the file if the real answer never reaches the customer.
DNB's 1 June 2026 signal widens the point. DNB reported that payment fraud is increasing. Its exploratory review among seven banks, payment institutions, and electronic-money institutions found committed teams, while fraud control often remained close to daily operations. Steering, goals, capacity, and risk choices need sharper control.
Smaller companies should pay attention, even outside the regulated payment sector. A business can be full of effort and still light on evidence. The founder may know everyone tried. The customer, insurer, bank, platform, lawyer, or supervisor will ask for dates, messages, and decisions.
Fraud is now ordinary business weather
CBS gives the wider background. In 2025, 16.8 percent of Dutch residents aged 15 or older said they had been victims of one or more forms of online crime in the previous twelve months. For online fraud and deception, the figure was 10.3 percent.
For payment-traffic fraud, 81.9 percent of victims reported the incident to an authority or organisation, and 16.3 percent reported it to the police. Those figures concern private residents, not business complaint volumes. Even so, the business meaning is plain. Customers arrive with fear, partial records, and several reporting routes already in motion.
Return to the phone merchant. The most useful first response is rarely a grand legal position. It is a calm, recorded answer that shows the company understood the points, secured the evidence, named the next step, and set a realistic moment for further contact.
What founders should check
The owner does not need courtroom language. The owner needs a record that can survive tomorrow's questions.
What changes tomorrow morning
A useful review can stay small. Pick the last serious complaint involving fraud, disputed payment, identity misuse, account access, chargeback, or failed delivery. Try to rebuild the timeline without asking three people to search private inboxes.
If that takes too long, the weakness is visible. A serious complaint needs one receipt date, one owner, one place for evidence, one visible deadline, and one check that the answer covered the customer's actual points. Very small companies can do this without heavy systems.
For regulated payment service providers, the legal floor is stricter. The 15-working-day clock and the limited extension route need to sit inside the workflow, not beside it in a policy PDF. Fraud investigation, liability discussion, and compensation policy may continue, but the complaint response cannot wait for everyone to feel ready.
For advisers, bookkeepers, and accountants, the useful role is often practical memory. Preserve invoices, payment confirmations, bank messages, complaint emails, support notes, insurance exchanges, and police-report references where they exist. The adviser may not decide the legal outcome, but a clean file can stop the evidence from dissolving.
The lesson inside the fine
The bunq amount is not the only measure of the case. For a large financial institution, €170,000 is one number among many. For the market, the sharper lesson is that compensation and compliance are separate events.
A customer who has lost money needs clarity quickly. A company under pressure needs a disciplined record. A supervisor, court, insurer, or payment provider will not be satisfied by warm intention if the timeline is broken and the answer is incomplete.
The better reading is not defensive customer service. It is respect under pressure. When a complaint arrives after fraud, the business should not disappear into its own internal debate. It can investigate, disagree, reimburse, or refuse where the facts and rules allow. It must still answer with care, in time, and on the points that matter.
That is a quiet kind of control. It protects the customer from unnecessary waiting. It protects the business from avoidable confusion. And it tells the founder something plain: the complaint desk is not an afterthought when fraud enters the room. It is where trust is either held together or lost twice.
Sources
- AFM beboet bunq voor te late reactie op fraudeklachten
- Autoriteit Financiële Markten – AFM fine for late response to fraud complaints
- Autoriteit Financiële Markten – AFM decision file and evidence trail
- Wettenbank – Legal complaint-response rule for payment service providers
- De Nederlandsche Bank – Payment fraud control is often operational rather than strategic
- Autoriteit Financiële Markten – AFM 2026 priorities: digital resilience, AI, and financial crime
- De Nederlandsche Bank – DORA and digital operational resilience
- Centraal Bureau voor de Statistiek – Victim pressure and reporting behavior in online crime
Referenced in the article
Column | Compliance
Online Fraud Pushes Trust Back to the Transaction Desk
For small firms, the strongest defence is often a saved check before money.
Column | Human Resources
Dutch Hiring Slows Where Energy Eats the Margin
A cooling labour market still leaves small employers with hard choices on pay, work and risk.
Column | Ledger & Tax
A Quiet Bond Can Still Move Your Box 3 Tax
Belastingdienst has made zero-coupon bonds a yearly value question, not a coupon question.
The Polder is written for readers who need the Dutch business environment translated into practical meaning. Corrections, source policy and editorial accountability are part of the publication record.
