The neobank has lodged an objection, arguing it uses advanced technology and has strengthened systems since.
De Nederlandsche Bank has fined bunq $3 million (€2.6 million) for what it calls “serious deficiencies” in anti-money laundering controls across four high-risk customer files between January 2021 and May 2022.
The decision was taken on May 6, 2025 and published on Aug 25. bunq has formally objected to the decision.
The Dutch central bank says bunq did not sufficiently follow up on transaction-monitoring alerts in the tested high-risk cases, leading to missed or delayed detection of potential illicit activity.
It also points to inconsistent decisions on whether to report similar transaction patterns to the Dutch Financial Intelligence Unit (FIU-NL), concluding bunq’s ongoing monitoring was inadequate and that the bank lacked sufficient insight into the relevant customers and their flows.
The supervisor frames the outcome as a gatekeeper issue under the Netherlands’ Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft), which requires a risk-based approach to customer due diligence, continuous monitoring and timely reporting of unusual transactions to FIU-NL.
The DNB notes it conducted several examinations at bunq between 2018 and 2023 and had already taken enforcement actions, including a previous fine, but says these did not yield “sustained compliance”.
In setting the current penalty, the authority says it considered bunq’s size and ability to pay, and credits the bank for completing a remedial programme after the most recent examination.
bunq’s response
bunq says it “takes its gatekeeper role very seriously” and disagrees with the decision, citing ongoing upgrades to systems since the 2021–2022 period and “advanced technology” used to strengthen monitoring.
The bank has lodged a formal objection, according to reports from Reuters.
The dispute arrives against the backdrop of bunq’s 2022 court victory over DNB on the use of machine learning in AML controls, a ruling the neobank heralded as enabling technology-led supervision provided outcomes are effective. That earlier case does not preclude penalties where a supervisor finds control failings in practice.
What Wwft requires, in brief
The Anti-Money Laundering and Anti-Terrorist Financing Act entered into force on 1 August 2008 and provides a comprehensive set of measures to prevent the use of the financial system for money laundering or terrorist financing.
The Wwft was changed in 2020 in order to implement the EU’s changed Fourth Anti-Money Laundering Directive. The Wwft follows a risk-based approach.
Under Wwft, banks must identify and verify customers and beneficial owners, understand source of funds and intended use, monitor relationships on a risk-sensitive basis, and report unusual transactions to FIU-NL “immediately” once their unusual nature becomes known.
Institutions must be able to demonstrate why they did or did not report, and ensure systems enable prompt reporting
Why this matters for payments and fintech
For fast-growing fintechs, the message is that documentation, consistency and timely FIU reporting weigh as much as model sophistication.
Supervisors will test whether alert handling and case-by-case reporting pass muster, particularly for elevated-risk segments, and whether improvements are sustained over time rather than concentrated in remediation sprints.
The decision also sits within a longer Dutch crackdown on AML controls that has produced headline-making outcomes. ING paid €775 million in 2018 and ABN AMRO €480 million in 2021.
This year Rabobank said it will face a court case after failing to reach a settlement with prosecutors.