No description available.
All Firms
No description available.
All Firms
amending Regulation (EU) 2023/1529 concerning restrictive measures in view of Iran’s military support to Russia’s war of aggression against Ukraine and to armed groups and entities in the Middle East and the Red Sea region as well as Iran’s actions undermining freedom of navigation in the Middle East
All Firms
No description available.
All Firms
1° amending:(a) the Law of 5 April 1993 on the financial sector, as amended;(b) the Law of 17 December 2010 relating to undertakings for collective investment, as amended;(c) the Law of 18 December 2015 on the failure of credit institutions and certain investment firms, as amended;(d) the Law of 15 March 2016 on OTC derivatives, central counterparties and trade repositories and amending different laws relating to financial services, as amended;2° transposing:(a) Directive (EU) 2024/1619 of th...
Bank
This report has been prepared by the SSM Network of Enforcement and Sanctions Experts to present comprehensive statistics on sanctioning activities carried out in 2025 by the ECB and the national competent authorities (NCAs) of European Union (EU) Member States participating in the Single Supervisory Mechanism (SSM) in relation to breaches of prudential requirements.
All Firms
No description available.
All Firms
No description available.
All Firms
No description available.
All Firms
No description available.
The CSSF publication highlights AMLA's public consultation on draft Regulatory Technical Standards (RTS) under Articles 16(4) and 17(3) of Regulation (EU) 2024/1624, specifying minimum group-wide AML/CFT requirements and additional measures for subsidiaries and branches in third countries. This matters because it aims to harmonize cross-border AML frameworks, ensuring groups maintain consolidated ML/TF risk views and robust controls, particularly in high-risk third-country operations, impacting EU financial groups' compliance structures. Private sector input is encouraged to align standards with practical operations.[https://www.cssf.lu/en/Document/public-consultation-by-amla-on-the-draft-rts-on-group-wide-minimum-requirements-and-additional-measures-for-subsidiaries-and-branches-in-third-countries/][https://www.amla.europa.eu/amla-consults-group-wide-requirements-and-business-wide-risk-assessment_en]
What Changed
- - Group-wide AML/CFT frameworks: Establishes minimum standards for design and implementation across groups, including cross-border structures and third-country operations, to enable consolidated...
- Third-country subsidiaries and branches: Introduces additional measures for entities in non-EU countries, extending requirements beyond traditional groups to other...
- Information sharing and parent identification: Defines provisions for intra-group data sharing and criteria to identify the EU parent undertaking when multiple entities report to a third-country head...
- Interlinked mandates: Cross-references obligations between Articles 16(4) and 17(3) for complementary requirements on organizational...
Suggested Considerations
- Register for 20 May 2026 public hearing to engage directly on practical application across group structures.[https://www.amla.europa.eu/events/public-hearing-draft-rts-group-wide-minimum-requirements-and-additional-measures-subsidiaries-and-2026-05-20_en]
- Assess current group-wide AML/CFT frameworks against proposed minimums, identifying gaps in third-country controls, risk consolidation, and data sharing protocols.
Compliance Impact
Urgency: High – Firms with third-country exposure must act now on consultation (closes 15 July 2026) to influence final RTS, as these will mandate binding minimums for group-wide AML/CFT, potentially requiring significant framework overhauls for risk consolidation and controls. Non-engagement risks misaligned systems post-adoption, increasing supervisory scrutiny under harmonized EU standards; early assessment prevents rushed...
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankAsset ManagerPayment Provider
No description available.
AMLA has launched a public consultation on draft Guidelines for business-wide risk assessments (BWRA) under the new Anti-Money Laundering Regulation (EU 2024/1624), with submissions open until 15 July 2026. These guidelines establish minimum requirements for all obliged entities across financial and non-financial sectors to systematically identify and manage money laundering and terrorist financing risks inherent to their operations.
What Changed
- The draft Guidelines introduce four minimum requirements for conducting adequate business-wide risk assessments applicable to all obliged entities. The framework mandates that entities:
- Identify risk exposure across their business model, customers, products, services, transactions, delivery channels, and geographical exposure
- Maintain consolidated risk views across group structures, eliminating silos between branches and subsidiaries
- Utilize internal and external data sources to build comprehensive risk landscapes, including monitoring customer behavior changes and tracking international typologies
- Apply proportionality based on entity size, business model, and risk profile, while ensuring consistent application of policies across the organization
The guidelines specifically address evaluation...
Suggested Considerations
- *Immediate (by 15 July 2026):
- Review draft Guidelines and assess alignment with current BWRA practices
- Identify gaps between existing risk assessment frameworks and proposed minimum requirements
- Prepare formal consultation responses, particularly if your organization operates in non-financial sectors
- Register for relevant public hearings (28 May for BWRA Guidelines; 20 May for group-wide RTS) to engage directly with AMLA
Key Dates
- Final adoption of guidelines and technical standards
- Consultation launched
- Public hearing on draft RTS on group-wide requirements
- Public hearing on draft Guidelines on business-wide risk assessment
- Consultation deadline for submissions
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
All Firms
No description available.
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerFintech
No description available.
Crypto ExchangeFintechPayment Provider
No description available.
BankWealth ManagerFintech
No description available.
BankWealth ManagerFintech
on the operationalisation of European regulations in the area of financial services
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerAsset Manager
Situation as at 28 February 2026
BankAsset ManagerWealth Manager
No description available.
BankAsset ManagerWealth Manager
(first publication: 30 October 2024)
BankWealth ManagerAll Firms
Out-of-court consumer complaint resolution
BankWealth ManagerFintech
No description available.
Asset ManagerBankWealth Manager
Latest update on the AML/CFT standardised data collection
This CSSF circular letter addresses the 2026 AML/CFT standardised data collection exercise, aligning with AMLA's EU-wide initiatives by adopting AMLA-developed templates for most supervised entities while requiring specialised professionals to use CSSF-specific forms. It matters for Luxembourg financial firms as it mandates reporting on ML/TF risks and mitigation measures to support consistent EU supervision, with recent delays emphasizing preparation needs amid evolving templates.
What Changed
- - CSSF adopts AMLA-developed data collection templates for credit institutions, investment firms, and investment fund managers (excluding specialised professionals), replacing its prior questionnaire...
- Entities selected for AMLA's mandatory calibration exercise (notified directly by CSSF) must report quantitative and qualitative ML/TF risk data; non-selected entities still report via AMLA templates...
- Launch delayed from 2 March 2026 due to AMLA's consultation feedback on templates and guidance; new timelines and final questionnaire to be announced, but AMLA maintains 15 April 2026 submission for...
- Specialised professionals of the financial sector complete a separate CSSF questionnaire, launching earlier on 23 February 2026 (subject to delay).
Suggested Considerations
- Monitor CSSF communications for final questionnaire, launch dates, and eDesk access; prepare data on 2025 ML/TF risks and mitigation using current AMLA draft (not for submission).
- Selected AMLA calibration participants: Compile and submit quantitative/qualitative data via eDesk by 15 April 2026; attend 13 March webinar.
- Non-selected credit/financial institutions: Complete AMLA templates on ML/TF risks/mitigation for 2025 via eDesk upon launch.
- Specialised professionals: Prepare CSSF-specific questionnaire ahead of (delayed) 23 February launch.
- All: Ensure resources for timely reporting; review internal AML/CFT risk assessments for consistency with EU standards.
Key Dates
- Planned launch for specialised professionals' CSSF questionnaire (delayed per 11 March update)
- Original launch date for AMLA questionnaire and calibration exercise via eDesk platform (delayed)
- AMLA webinar (10:00-12:00) on reporting framework and clarifications (connection details in CSSF annex)
- Submission deadline for AMLA calibration exercise participants (maintained despite delays; changes to be communicated)
11 March 2026); - New launch and submission deadlines for all data collections, pending final AMLA questionnaire
Compliance Impact
Urgency: High - Mandatory reporting supports CSSF's supervisory strategy and EU AMLA calibration, with non-compliance risking enforcement; delays provide preparation time but require immediate data readiness as final deadlines approach shortly (e.g., potential April submissions). This directly feeds into entity-level ML/TF risk assessments, influencing ongoing supervision and resource allocation.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankAsset ManagerAll Firms
No description available.
BankWealth Manager
implementing Regulation (EU) No 269/2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine
BankWealth ManagerAsset Manager
implementing Regulation (EU) No 269/2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine
BankWealth ManagerAsset Manager
No description available.
FintechPayment Provider
Delay in the 2026 AML/CFT standardised data collection
BankAsset ManagerWealth Manager
Delay in the 2026 AML/CFT standardised data collection
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerAll Firms
Delay in the 2026 AML/CFT standardised data collection
The CSSF circular letter dated 11 March 2026 announces a delay in its planned AML/CFT standardised data collection exercise originally scheduled for 2026, primarily due to overlap with a concurrent broad-scope data collection by the European Anti-Money Laundering Authority (AMLA). This matters for compliance professionals as it reduces immediate reporting burdens on supervised entities, promotes regulatory simplification, and aligns Luxembourg practices with emerging EU AML/CFT methodologies, allowing firms to redirect resources to the mandatory AMLA exercise.
What Changed
- - Postponement of CSSF-specific questionnaire: The CSSF has decided not to proceed with its own AML/CFT standardised data collection for most supervised entities (credit institutions, investment...
- Exception for specialised professionals: Specialised professionals of the financial sector (e.g., certain non-credit institutions) remain subject to a CSSF-specific questionnaire, though timelines...
- Rationale tied to AMLA calibration exercise: Entities selected for AMLA's 2026 calibration exercise (notified directly by CSSF) must complete it regardless; non-selected entities were to use AMLA...
- Potential for ad-hoc requests: CSSF reserves the right to issue targeted questionnaires later in 2026 for essential data points not covered by AMLA.
These changes supersede the 12 February 2026...
Suggested Considerations
- Monitor CSSF updates: Await forthcoming communications on revised modalities, new timelines, and any ad-hoc requests via eDesk platform.
- Prioritize AMLA obligations: Selected entities must prepare quantitative/qualitative ML/TF risk data per draft RTS on risk assessments (Article 40(2) of Directive (EU) 2024/1640); non-selected entities focus on AMLA templates for 2025 risks/mitigation.
- Specialised professionals: Continue preparations for CSSF-specific questionnaire, confirming any shifts post-delay.
- Internal review: Assess ML/TF risk profiles, mitigation measures, and reporting readiness in light of EU alignment; update compliance calendars to reflect simplification.
- No immediate submissions: Stand down from original 2 March/15 April deadlines unless individually notified otherwise.
Key Dates
Potential ad-hoc CSSF questionnaires for essential data points
Original launch for specialised professionals' CSSF questionnaire
Original launch date for AMLA calibration exercise data collection via eDesk (now potentially adjusted or paused per delay circular)
Publication of delay circular, superseding prior timelines; further modalities to be communicated
Original reporting deadline to CSSF for AMLA calibration exercise data
Compliance Impact
Urgency: Medium. The delay alleviates short-term pressure by postponing submissions and reducing dual reporting, enabling resource reallocation to higher-priority AMLA efforts amid EU harmonization. It matters for maintaining a risk-based approach (RBA) under FATF standards, avoiding overburden from overlapping exercises, and preparing for the new EU AML/CFT methodology—non-compliance risks supervisory scrutiny, but the simplification lowers immediate enforcement exposure.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankAsset ManagerAll Firms
Situation as at 31 January 2026
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerFintech
No description available.
BankWealth ManagerFintech
Administrative sanction imposed on an investment firm
The CSSF imposed an administrative sanction on 8 October 2025 against an unnamed investment firm, as detailed in a publication released on 4 March 2026. This enforcement action underscores CSSF's rigorous oversight of investment firms, particularly in areas like AML/CFT compliance, conduct rules, and organizational requirements, serving as a warning for similar entities to strengthen cooperation and internal controls. It matters because it highlights escalating fines for repeated or material breaches, potentially influencing supervisory expectations across Luxembourg's financial sector.
What Changed
- No new regulatory changes or requirements are introduced; this is an enforcement action applying existing rules.
- Failure to cooperate with CSSF requests, e.g., not submitting required AML/CFT questionnaires by deadlines, violating Article 5(1) of the amended Law of 12 November 2004 on AML/CFT.
- Non-compliance with investment policies, organizational requirements, or conduct rules under the UCI Law (e.g., Articles 41, 43, 109), including improper broker exposures or valuation failures.
- These reflect ongoing enforcement of established frameworks like the AIFM Law, UCI Law, and AML/CFT Law, with fines calibrated by factors like breach duration, firm size, cooperation level, and prior...
Suggested Considerations
- Enhance cooperation protocols: Implement automated tracking for CSSF requests (e.g., questionnaires) with escalations for reminders; document all responses.
- Review investment compliance: Audit broker exposures, valuation processes, and subscription/redemption controls against UCI Law Articles 41-43, 109; suspend dealings if uncertainties arise.
- Strengthen governance: Conduct gap analyses on internal controls, risk assessments, and reporting for depositary/oversight functions per AIFM Law Article 19(9) and CDR 231/2013.
- Training and monitoring: Roll out firm-wide training on AML/CFT obligations (Article 5(1)) and perform reconciliations of assets/records; prepare for on-site/off-site CSSF inspections.
- Self-reporting: Proactively disclose prior breaches to mitigate fine severity.
Key Dates
- Date of prior depositary oversight fine
- Deadline for submitting CSSF AML/CFT Questionnaire (breach example from similar case)
- Date of fine imposition for UCITS investment policy breaches
- Date of fine imposition in comparable AIFM non-cooperation case
- Date of the sanction in question
Compliance Impact
Urgency: High - This matters due to CSSF's pattern of publicizing nominative sanctions (e.g., Max Gain Capital, Zeus Asset Management), signaling increased scrutiny on investment firms amid AML/CFT and conduct risks. Fines (EUR 10,000–127,500) represent material hits (up to 10% of turnover), with factors like poor cooperation amplifying penalties; firms with similar exposures face elevated inspection risk, especially post-2025 enforcement wave.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerBroker DealerWealth Manager
implementing Regulation (EU) No 208/2014 concerning restrictive measures directed against certain persons, entities and bodies in view of the situation in Ukraine
BankWealth ManagerAsset Manager
implementing Article 8a of Regulation (EC) No 765/2006 concerning restrictive measures in view of the situation in Belarus and the involvement of Belarus in the Russian aggression against Ukraine
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth Manager
No description available.
BankWealth ManagerAll Firms
No description available.
BankWealth ManagerFintech
No description available.
Asset ManagerWealth ManagerBank
implementing Regulation (EU) 2024/1485 concerning restrictive measures in view of the situation in Russia
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerFintech
No description available.
BankAsset ManagerWealth Manager
1) high-risk jurisdictions on which enhanced due diligence and, where appropriate, counter-measures are imposed2) jurisdictions under increased monitoring of the FATFVersion of 17 February 2026
The Annex of Circular CSSF 22/822 (Version of 17 February 2026) is Luxembourg's Commission de Surveillance du Secteur Financier's implementation guidance on FATF (Financial Action Task Force) designations of high-risk jurisdictions requiring enhanced due diligence and counter-measures, as well as jurisdictions under increased monitoring. This document is critical for Luxembourg-regulated financial institutions because it operationalizes international AML/CFT standards into binding compliance obligations, directly impacting customer acceptance, transaction monitoring, and correspondent banking relationships.
What Changed
The current version (17 February 2026) represents the most recent update to the CSSF's FATF-aligned jurisdiction risk framework. Based on the available search results, the document establishes two primary regulatory categories:
High-Risk Jurisdictions (Category 1): Jurisdictions designated by FATF as having strategic deficiencies in their AML/CFT regimes, requiring enhanced due diligence and, where appropriate, counter-measures.
Suggested Considerations
- *For High-Risk Jurisdictions:
- Apply enhanced due diligence and monitoring measures to business relationships and transactions with designated jurisdictions
- Increase the frequency and timing of transaction controls
- Select transaction patterns requiring further examination and obtain detailed information on transaction purposes
- Maintain enhanced mechanisms for reporting suspicious activity to the FIU
Key Dates
- Original Circular CSSF 22/822 issued
- Previous version superseded
- Current version effective (Annex of Circular CSSF 22/822)
- CSSF annual AML/CFT questionnaire launch (related compliance reporting deadline)
Compliance Impact
Urgency: CRITICAL
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankAsset ManagerPayment Provider Version 23
This CSSF FAQ (Version 23, updated 17 February 2026) provides interpretive guidance on the Luxembourg Law of 17 December 2010 relating to undertakings for collective investment (UCIs), covering UCITS, Part II UCIs, SIFs, and SICARs. It matters for compliance professionals as it clarifies authorisation processes, investment rules, and supervisory expectations, ensuring alignment with evolving EU frameworks like AIFMD and MiCAR. The update, effective today, addresses recent regulatory shifts including crypto-asset integration.
What Changed
- - Authorisation Requirements: UCIs require CSSF approval of constitutive documents (articles, management regulations), depositary selection, and management company/AIFM applications for contractual...
- Crypto-Asset Updates (aligned with separate but related FAQ Version 7): Replaces "virtual assets" with "crypto-assets" per MiCAR (EU 2023/1114); UCITS and retail AIFs (non-well-informed investors)...
- Investment Policies and Liquidity Management: Funds must detail objectives, strategies, asset classes, restrictions, borrowing, and conflicts; look-through for intermediary vehicles per ESMA/AIFMD...
- Risk Spreading Exemptions: Limits do not apply to OECD/EU-guaranteed securities or UCIs with comparable risk-spreading.
- Depositary Role in Crypto: Luxembourg depositaries can custody crypto-assets with safeguards and CSSF notification; responsibility varies by model (depositary or MiCAR provider).
Suggested Considerations
- Review and Update Documents: Align UCI constitutive documents, investment policies, and sales documents with clarified rules on strategies, LMTs, conflicts, and risk-spreading; apply look-through for intermediaries.
- Crypto-Specific: For >10% NAV exposure, apply for "Other-Other Fund-Crypto-assets" extension (custody, valuation, AML/CFT plans, expertise); notify CSSF for depositary crypto custody; implement heightened AML/CFT due diligence per FATF/Luxembourg assessments.
- Authorisation/Amendments: Submit for CSSF approval on new setups, manager changes, or sub-funds (esp. SICAV multi-sub-funds with EU cross-border services).
- Governance and Reporting: Ensure RC/RR demonstrate crypto risk understanding; update disclosures for investors on risks, LMTs, and fair treatment.
- Ongoing Compliance: Use FAQ/Compilation for RAIFs/SIFs/SICARs/Part II UCIs; auditors/managers confirm tax-exempt status for SICARs.
Key Dates
Related AIFM FAQ Version 24; Introduces changes relevant to UCI managers acting as AIFMs
UCI Authorisation page update; Reflects ongoing CSSF expectations for approvals
Crypto FAQ Version 7 update effective; MiCAR-aligned changes on crypto exposure, authorisation extensions, and depositary notifications
FAQ Version 23 update effective; Applies immediately to UCI operations, authorisations, and compliance.[User-provided content]
Compliance Impact
Urgency: High – The update coincides with MiCAR implementation and today's release, requiring immediate review for crypto-exposed funds to avoid unauthorised strategies or AML gaps; non-compliance risks supervisory actions, authorisation delays, or investor disputes in Luxembourg's key fund domicile.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge FundAll Firms
Version 3.1
Asset ManagerWealth Manager
No description available.
BankWealth ManagerFintech
No description available.
BankFintechCrypto Exchange
AML/CFT standardised data collection taking place in 2026
The CSSF Circular Letter 2026-02-12 announces a standardized data collection exercise on AML/CFT for supervised entities, scheduled for 2026, aimed at enhancing regulatory oversight of money laundering and terrorist financing risks. This matters because it signals intensified CSSF scrutiny on AML/CFT compliance, requiring firms to prepare structured data submissions that could inform future supervisory actions, risk assessments, and enforcement. As part of broader CSSF AML/CFT initiatives, non-compliance risks fines or heightened inspections.
What Changed
- - Introduction of standardized AML/CFT data collection: CSSF mandates uniform reporting formats for collecting data on AML/CFT risks, controls, and practices across supervised sectors, building on...
- Alignment with ongoing AML/CFT enhancements: Complements recent governance-focused circulars (e.g., Circular 26/906 on central administration and risk management for payment/e-money institutions) by...
- No explicit new obligations beyond preparation for data submission, but implies deeper integration of tax-related AML indicators and sub-sector risk updates, as seen in related CSSF activities.
Suggested Considerations
- Assess and document AML/CFT data readiness: Inventory current risk assessments, transaction monitoring logs, KYC processes, SAR filings, and third-party oversight records in standardized formats; map to proportionality factors (e.g., transaction volumes, outsourcing).
- Update governance and controls: Ensure compliance functions have independence, direct board reporting, and audit coverage of AML/CFT; test ICT resilience for monitoring continuity.
- Conduct internal reviews: Perform gap analyses against Circular 26/906 (e.g., fund safeguarding, escalation protocols) and recent conference topics (e.g., terrorist financing, tax indicators); remediate deficiencies with board-approved plans.
- Prepare for submission: Designate resources for data compilation; cooperate fully with CSSF/FIU requests, including transfer-of-funds information under EU 2015/847.
- Engage auditors: Leverage approved auditors for validation of AML/CFT effectiveness ahead of collection.
Key Dates
AML/CFT standardised data collection exercise; Firms must submit required data during this period; preparation recommended immediately given today's date (12 February 2026)
Issuance of related Circular 26/906; Establishes governance baselines (e.g., compliance independence, risk proportionality) informing data collection expectations
CSSF AML/CFT Conference for Specialised PFS; Provided updates on sub-sector risks, terrorist financing reviews, and FIU insights relevant to data preparation
Conference materials published; Available for download to guide compliance alignment
Compliance Impact
Urgency: High – With data collection in 2026 underway today (12 February 2026), firms face immediate preparation needs amid recent enforcement (e.g., EUR 102,000 fine on depositary for AML-related gaps) and conferences signaling sub-sector focus. This elevates AML/CFT as a supervisory priority, potentially triggering on-site inspections, fines, or remediation orders for inadequate data/risks; proactive alignment prevents escalation in a risk-based regime.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankPayment ProviderAll Firms
No description available.
BankWealth ManagerFintech
No description available.
BankWealth ManagerFintech No description available.
Crypto ExchangeAll Firms
No description available.
The Commission de Surveillance du Secteur Financier (CSSF) has updated its FAQ on crypto-asset investments by undertakings for collective investment, effective February 4, 2026, to align with the EU's Markets in Crypto-Assets Regulation (MiCAR). This update establishes clear investment limits and licensing requirements for UCITS and AIFs investing in crypto-assets, fundamentally reshaping how Luxembourg-regulated funds can structure crypto exposure.
What Changed
The regulatory framework introduces several material modifications:
Investment Exposure Limits
UCITS may invest indirectly in crypto-assets for a maximum of 10% of their net asset value (NAV). These indirect investments are restricted to transferable securities that do not embed derivatives. AIFs open to retail investors other than well-informed investors face the same 10% NAV ceiling.
MiCAR Alignment
The FAQ modifications directly reflect the entry into force of Regulation (EU) 2023/1114 on markets in crypto-assets.
Suggested Considerations
- *For UCITS Managers:
- by-case assessment of crypto-asset investment impact on fund risk profiles
- specific risks (volatility, liquidity, technological risk)
- asset investments
- *For AIFMs Managing AIFs with Crypto Exposure:
Key Dates
- FAQ Version 7 effective date; MiCAR compliance requirements become operative
- Deadline for Virtual Asset Service Providers (VASPs) to transition from registration to authorization under MiCAR or cease operations
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge FundFintech
No description available.
Wealth Manager
No description available.
BankWealth ManagerAsset Manager
implementing Regulation (EU) 2024/2642 concerning restrictive measures in view of Russia’s destabilising activities
BankAsset ManagerWealth Manager
implementing Regulation (EU) 2024/2642 concerning restrictive measures in view of Russia’s destabilising activities
BankWealth ManagerAsset Manager
Administrative sanction imposed on a registered alternative investment fund manager (“AIFM”)
The CSSF imposed an administrative fine of EUR 10,000 on registered alternative investment fund manager (AIFM) C5 S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties and serves as a warning to supervised entities on the consequences of non-compliance with supervisory requests. It matters because it demonstrates the CSSF's willingness to publish names and impose fines for procedural lapses, potentially signaling increased scrutiny on AIFMs' AML/CFT obligations amid broader regulatory focus on financial crime risks.
What Changed
- This is not a regulatory change or new requirement but an enforcement precedent highlighting existing obligations under the AML/CFT Law:
- Mandatory annual submission of the CSSF financial crime questionnaire by supervised entities, including registered AIFMs, as part of the cooperation duty in Article 5(1).
- Fines determined per Article 8-4(1), (2)(f), and (3)(a), considering circumstances under Article 8-5(1), with publication assessed for proportionality under Article 8-6(1).
No new rules introduced;...
Suggested Considerations
- Immediate verification: Confirm timely submission of 2025 financial crime questionnaire (likely due April 2026 for 2025 data); review internal processes for CSSF reminders and automate alerts.
- Procedural enhancements: Implement robust tracking systems for supervisory questionnaires, designate a responsible senior manager for AML cooperation, and document all responses or justifications for delays.
- Training and testing: Conduct firm-wide training on AML/CFT Law Article 5(1) obligations; perform mock audits of reporting workflows, especially for registered AIFMs managing non-CSSF authorized funds.
- Engagement protocol: Respond promptly to CSSF reminders; request in-person meetings if needed before fines escalate; review cooperation history to mitigate fine severity.
- Policy updates: Align with CSSF Circular 25/894 for expanded AIFM reporting on unauthorized funds (notification within 10 working days for registered AIFMs).
Key Dates
- Deadline for submission of the annual financial crime questionnaire covering the year ending 31 December 2024
- Date CSSF imposed the EUR 10,000 administrative fine on the AIFM for non-submission
- Publication date of the sanction decision
- Publication of the queried sanction notice (noting minor title discrepancy possibly referencing a separate but analogous case).[user provided]
Compliance Impact
Urgency: High – This sanction, though modest at EUR 10,000, exemplifies CSSF's proactive use of fines and public naming for AML reporting failures, with potential for higher penalties up to EUR 500,000 or 0.5% of turnover. It heightens risks for registered AIFMs amid CSSF's 2025-2026 priorities on financial crime, sanctions, and expanded reporting (e.g., Circular 25/894), where procedural lapses can trigger investigations, reputational damage, and barriers to remediation. Firms must prioritize to avoid escalation, especially post-publication on 30 January 2026.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
No description available.
Asset ManagerWealth ManagerBank
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
Asset ManagerWealth Manager
No description available.
Asset ManagerWealth Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerPayment Provider
Central administration, internal governance and risk management
Circular CSSF 26/906, published on 20 January 2026, consolidates and clarifies Luxembourg's rules on central administration, internal governance, and risk management specifically for payment institutions, electronic money institutions, and account information service providers. It repeals prior circulars (IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155) to address growth in transaction volumes by mandating robust governance, control functions, and risk processes, enhancing safety, efficiency, and trust in these services. This matters for compliance professionals as it strengthens defenses against financial crime, operational risks, and supervisory scrutiny in a high-growth sector.
What Changed
- - Consolidation and repeal: Replaces outdated circulars with unified requirements under the amended Law of 10 November 2009 on payment services, covering central administration (decision-making must...
- Governance enhancements: Board approves strategy, risk appetite, AML/CFT policies, outsourcing, and information security; management implements via procedures; proportionality based on business...
- Operational controls: Strict access to systems (need-to-know, least-privilege, 4-eyes validation); counterparty due diligence for custodians/insurers; full responsibility for agents, distributors,...
- AML/CFT focus: Elevates compliance function independence, direct board reporting, risk-based resourcing, and oversight of third parties/opaque structures to close gaps exploited by criminals.
Suggested Considerations
- Assess and update governance frameworks: Review central administration location, board/management responsibilities, risk strategy, AML/CFT policies, compliance charter, and funds safeguarding principles to align with the circular.
- Confirm control functions: Ensure compliance function (CCO) has independence, resources, direct board access, and authority for investigations; justify/secure CSSF approval for part-time/dual roles.
- Implement operational safeguards: Establish daily reconciliations (or justified weekly), segregation/insurance for client funds, system access controls (4-eyes, board validation for significant movements), and third-party due diligence/monitoring.
- Document proportionality: Tailor governance to business risks (staff, volumes, products, outsourcing); update new product approval, conflicts policies, and business continuity/incident reporting.
- Retain records and report: Board-approve all key policies; prepare for CSSF inspections on outsourcing (per Circular CSSF 22/806) and ICT risks.
Key Dates
Publication date of Circular CSSF 26/906
Compliance deadline; Institutions must assess, review, and ensure their central administration, internal governance, and risk management frameworks fully comply with the circular
Compliance Impact
Urgency: High – With a 30 June 2026 deadline (five months from publication), firms face immediate pressure to review and remediate governance gaps amid sector growth and heightened AML/CFT scrutiny; non-compliance risks supervisory actions, fines, or license issues, especially as it closes criminal exploitation vectors like weak controls and third-party risks.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Payment Provider
2026 update
BankWealth ManagerFamily Office
amending Council Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
This CSSF publication, dated January 12, 2026, identifies the specific population (likely a firm or individual) subject to an enforcement action, such as an administrative sanction, as part of the CSSF's transparency in supervisory measures. It matters because it signals CSSF's active enforcement priorities, potentially in areas like AML or reporting failures, enabling firms to assess similar risks in their operations and strengthen compliance to avoid parallel actions. Published amid rising focus on financial crime typologies like sexual extortion, it underscores the regulator's commitment to public accountability.
What Changed
No new regulatory changes or requirements are introduced in this publication, as it is an enforcement notice rather than a circular or guideline. It serves as a disclosure of an ongoing or concluded enforcement case, aligning with CSSF's practice of publishing sanction details to deter non-compliance and inform the market, without altering existing rules.
Suggested Considerations
- For the named population: Comply with any sanction terms (e.g., pay fines, implement remediation plans, or cease certain activities), and report to CSSF as required; appeal if applicable under Luxembourg administrative law.
- Update internal policies, train staff on enforcement precedents, and ensure robust reporting under Circular CSSF 19/726 or Transparency Law obligations.
Compliance Impact
Urgency: High – Immediate relevance for the named party facing direct consequences; medium-to-high for peers due to CSSF's pattern of public enforcements signaling heightened scrutiny on financial crime, especially amid rising OCSE/FSEC cases noted in recent CSSF guidance. It matters as it could preview broader supervisory sweeps, impacting reputation, operations, and costs if similar vulnerabilities exist.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankPayment ProviderAll Firms
amending Delegated Regulation (EU) 2016/1675 to add Russia to the list of high-risk third countries with strategic deficiencies
BankAsset ManagerWealth Manager
Administrative sanction imposed on the alternative investment fund manager Premium Capital Management (“AIFM”)
The CSSF imposed a €10,000 administrative fine on 11 September 2025 against alternative investment fund manager (AIFM) Premium Capital Management for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties, signaling heightened scrutiny on timely supervisory cooperation amid ongoing AML risks in Luxembourg. Compliance teams should view this as a reminder of the low tolerance for even administrative lapses, with potential for escalated fines in repeat cases.
What Changed
This is not a regulatory change but an enforcement precedent under existing rules: non-compliance with Article 5(1) of the AML/CFT Law, which mandates annual submission of a financial crime questionnaire ("Questionnaire") to the CSSF. The fine was calculated per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), considering circumstances under Article 8-5(1). Publication followed Article 8-6(1) after a proportionality assessment, confirming no market stability risks.
Suggested Considerations
- Immediately review internal processes for annual Questionnaire submission, ensuring calendar invites and automated reminders for the 4 April deadline (covering prior year-end data).
- Conduct a gap analysis on AML/CFT cooperation obligations under Article 5(1), including response protocols to CSSF reminders or queries.
- Update compliance calendars and train staff on escalation procedures; document all submissions with proof (e.g., timestamps, acknowledgments).
- For AIFMs: Verify CSSF registration status under Article 3(2) of the 12 July 2013 AIFM Law and align with broader AML duties.
- If late, proactively submit overdue items and request meetings if needed, as non-response forfeits mitigation opportunities.
Key Dates
- Reference year-end for the financial crime Questionnaire
- Statutory deadline for Questionnaire submission to CSSF
- Date CSSF imposed the €10,000 administrative fine after non-submission despite reminders
- Publication date of the sanction decision
Compliance Impact
Urgency: Medium – This €10,000 fine for a straightforward reporting failure demonstrates CSSF's willingness to penalize non-cooperation swiftly, even without aggravating factors, but the amount is modest and targeted at administrative breaches. It matters as a warning shot in Luxembourg's AML landscape, where repeated failures could trigger higher fines (up to proportionality limits under Article 8-5), reputational damage via public naming, or supervisory escalations; firms should audit 2025/2026 reporting now to preempt similar actions, especially post-NRA updates.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager Sunbricks GP S.à r.l. (“AIFM”)
The CSSF imposed a **€10,000 administrative fine on Sunbricks GP S.à r.l.**, an alternative investment fund manager, for failing to submit a mandatory annual financial crime questionnaire by the April 4, 2025 deadline, despite two formal reminders. This enforcement action demonstrates the CSSF's strict approach to cooperation obligations under Luxembourg's anti-money laundering and counter-terrorist financing (AML/CFT) framework and signals that non-submission of required compliance documentation—even without evidence of underlying financial crime—triggers regulatory penalties.
What Changed
- This is not a regulatory change but rather an enforcement action clarifying existing obligations:
- Mandatory Annual Questionnaire Requirement: All professionals supervised, authorized, or registered by the CSSF must submit an annual questionnaire on financial crime by April 4 each year, covering...
- Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, which includes timely submission of requested...
- Administrative Fine Framework: The CSSF applies Article 8-4 of the AML/CFT Law to impose fines for non-compliance, with amounts determined under Article 8-5 based on all relevant circumstances.
Suggested Considerations
- regulated entities must:
- *Establish Calendar Controls: Implement internal compliance calendars flagging the April 4 annual questionnaire submission deadline with sufficient lead time (minimum 4-6 weeks before deadline)
- *Designate Responsible Parties: Assign clear ownership for questionnaire completion and submission, with backup contacts
- *Prepare Documentation: Maintain contemporaneous records of financial crime controls, suspicious activity reporting, and compliance activities throughout the year to support accurate questionnaire responses
- *Monitor Communications: Ensure all CSSF correspondence is tracked and escalated immediately; do not ignore reminder notices
Key Dates
– Annual financial crime questionnaire submission deadline (for year ending December 31, 2024)
– Two reminder notices issued by CSSF to Sunbricks GP
– Administrative fine decision date; questionnaire still not submitted
– Publication date of enforcement decision
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerAll Firms
Administrative sanction imposed on the alternative investment fund manager Capitalis Premiere Group (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) Capitalis Premiere Group on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties, signaling heightened scrutiny on timely supervisory cooperation for Luxembourg-regulated entities. Compliance teams should note this as a low-value but public reminder of potential fines for administrative lapses in AML processes.
What Changed
This is not a regulatory change or new requirement but an enforcement precedent under existing rules: non-compliance with the annual financial crime questionnaire submission, mandated by Article 5(1) of the AML/CFT Law, triggers fines per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a). The CSSF considered all relevant circumstances under Article 8-5(1) to set the €10,000 fine amount and published the sanction nominatively after proportionality assessment per Article 8-6(1), confirming no market stability risks.
Suggested Considerations
- Ensure timely submission of annual financial crime questionnaires by 4 April each year (for prior calendar year data); implement calendar reminders and escalation processes for CSSF requests.
- Respond promptly to CSSF reminders or queries on AML/CFT compliance to avoid escalation to fines; document any delays with justification evidence.
- Review internal AML cooperation protocols, including governance for questionnaire completion, and train staff on Article 5(1) obligations; consider requesting in-person meetings if disputing CSSF demands.
- No retroactive actions needed for this case, but conduct gap analysis on reporting workflows to prevent similar breaches.
Key Dates
- Deadline for submitting the annual financial crime questionnaire covering the year ending 31 December 2024
- Date CSSF imposed the €10,000 administrative fine on Capitalis Premiere Group for non-submission
- Date of CSSF publication of the sanction decision
Compliance Impact
Urgency: Medium - This €10,000 fine is modest but publicly names the firm, amplifying reputational risk in Luxembourg's competitive fund domicile; it matters as a clear CSSF signal of zero tolerance for basic cooperation failures in AML, potentially foreshadowing stricter enforcement amid EU AML harmonization pressures. AIFMs face ongoing annual risk, with non-response despite reminders treated as willful breach; firms with weak reporting controls should prioritize fixes to avoid cumulative fines or escalations.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager Lion Management (“AIFM”)
The CSSF imposed a €10,000 administrative fine on Lion Management, an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the 4 April 2025 deadline. This enforcement action demonstrates the CSSF's commitment to enforcing cooperation obligations under Luxembourg's anti-money laundering and terrorist financing framework, with direct implications for all AIFMs regarding timely compliance with supervisory reporting requirements.
What Changed
- This is not a regulatory change but rather an enforcement action clarifying existing obligations. However, it reinforces critical compliance requirements:
- Mandatory Annual Questionnaire Submission: All CSSF-supervised professionals, including AIFMs, must submit an annual questionnaire on financial crime by the specified deadline (in this case, 4 April...
- Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing establishes a non-negotiable obligation to cooperate with the...
- Enforcement Escalation: The CSSF will issue reminders before imposing sanctions, but failure to respond to reminders results in administrative fines determined under Article 8-4 of the AML/CFT Law.
Suggested Considerations
- *Establish Calendar Controls: Implement firm-wide systems to track the annual financial crime questionnaire deadline (typically 4 April for the prior calendar year)
- *Designate Responsible Parties: Assign clear ownership for questionnaire completion and submission to the CSSF, with escalation procedures
- *Monitor CSSF Communications: Establish protocols to immediately flag and respond to any CSSF correspondence, including reminders or requests for information
- *Document Submission: Maintain evidence of timely submission (timestamps, confirmation receipts) to demonstrate compliance
- *Escalate Non-Compliance Immediately: If submission cannot be met by deadline, proactively contact the CSSF to explain delays and request extensions rather than ignoring reminders
Key Dates
- Deadline for submission of annual financial crime questionnaire for year ending 31 December 2024
- Date CSSF imposed administrative fine after two reminders went unheeded
- Publication date of the administrative sanction decision
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager Max Gain Capital S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on Max Gain Capital S.à r.l., an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the April 2025 deadline. This enforcement action demonstrates the CSSF's active monitoring of AML/CFT compliance obligations and its willingness to sanction non-cooperation, even for procedural failures unrelated to substantive money laundering violations.
What Changed
- This is not a regulatory change but rather an enforcement action clarifying existing obligations:
- Mandatory Annual Questionnaire Requirement: All CSSF-supervised professionals must submit an annual questionnaire on financial crime covering the preceding calendar year.
- Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT imposes a non-negotiable duty to cooperate with CSSF supervisory requests.
- Enforcement Escalation: The CSSF will issue reminders before imposing sanctions, but continued non-compliance triggers administrative fines under Article 8-4 of the AML/CFT Law.
Suggested Considerations
- regulated entities must:
- *Identify Reporting Obligations: Confirm whether your firm is subject to the annual financial crime questionnaire requirement under Article 5(1) of the AML/CFT Law
- *Calendar Management: Establish internal processes to ensure questionnaires are submitted by 4 April each year for the preceding calendar year
- *Documentation: Maintain records demonstrating timely submission and preserve evidence of compliance
- *Escalation Protocol: If unable to meet deadlines, proactively contact the CSSF to request extensions or clarification rather than ignoring reminders
Key Dates
- Deadline for submission of financial crime questionnaire for the year ending 31 December 2024
- CSSF issued two reminders to Max Gain Capital after the missed deadline
- CSSF imposed the €10,000 administrative fine
- CSSF published the administrative sanction decision
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerAll Firms
Administrative sanction imposed on the alternative investment fund manager Agriland Management S.A. (“AIFM”)
The Commission de Surveillance du Secteur Financier (CSSF), Luxembourg's financial regulator, imposed a **EUR 10,000 administrative fine on Agriland Management S.A.**, an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the April 2025 deadline. This enforcement action demonstrates the CSSF's commitment to enforcing cooperation obligations under Luxembourg's anti-money laundering and terrorist financing (AML/CFT) framework and signals heightened scrutiny of compliance with supervisory reporting requirements.
What Changed
- This is not a regulatory change but rather an enforcement action that clarifies existing obligations:
- Mandatory Annual Reporting: All CSSF-supervised professionals must submit an annual questionnaire on financial crime by 4 April each year, covering the preceding calendar year.
- Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, including timely submission of requested...
- Enforcement Escalation: The CSSF will issue reminders for non-compliance, but continued failure to respond triggers administrative sanctions without requiring evidence of intentional misconduct.
Suggested Considerations
- *Establish Reporting Calendars: Implement systems to track the 4 April annual deadline for financial crime questionnaire submissions
- *Designate Responsible Personnel: Assign clear accountability for completing and submitting the questionnaire to the CSSF
- *Respond to Regulatory Requests: Do not ignore CSSF reminders; engage proactively, including requesting in-person meetings if clarification is needed
- *Document Justifications: If unable to meet deadlines, provide written evidence explaining the delay and proposed remediation timeline
- *Monitor Supervisory Communications: Establish procedures to ensure regulatory correspondence is tracked and escalated appropriately
Key Dates
– Deadline for submission of financial crime questionnaire for year ending 31 December 2024
– Two reminder notices issued by CSSF to Agriland Management S.A
– Administrative fine imposed
– Sanction published by CSSF
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset Manager
Administrative sanction imposed on the alternative investment fund manager Bedrock I GP S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) Bedrock I GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of AML reporting duties and serves as a public warning to supervised entities on timely supervisory compliance. It matters because it demonstrates that even modest fines are pursued for basic reporting lapses, potentially signaling heightened scrutiny on AIFMs' AML processes amid ongoing regulatory focus on financial crime risks.
What Changed
This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing (AML/CFT Law). Specifically, it reaffirms the mandatory annual submission of the CSSF's financial crime questionnaire ("Questionnaire") by supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, as part of the cooperation duty in Article 5(1).
Suggested Considerations
- Immediately verify submission status of the 2024 Questionnaire (or any outstanding); if overdue, submit promptly with justification to mitigate further escalation.
- Implement automated calendar alerts and internal workflows for all CSSF reporting deadlines, including annual AML/CFT Questionnaire.
- Conduct a compliance gap analysis on cooperation obligations under Article 5(1) AML/CFT Law, documenting reminder responses and evidence retention.
- Train senior managers and compliance teams on supervisory interactions, including rights to request in-person meetings before fines.
- Review governance for timely escalation of CSSF reminders to decision-makers.
Key Dates
- Reference period end for the Questionnaire covering financial crime compliance
- Statutory deadline for Questionnaire submission to CSSF
- Date of administrative fine imposition (€10,000) after non-submission despite reminders
- Publication date of the sanction decision by CSSF
Compliance Impact
Urgency: Medium - This is a post-facto enforcement on a past breach (2024 reporting cycle), with the €10,000 fine relatively low, indicating proportionality for a first-time or isolated lapse. It matters as a leading indicator of CSSF's 2025-2026 focus on AML cooperation, with multiple similar AIFM sanctions published simultaneously, risking escalated fines or reputational harm for repeat offenders; firms should prioritize reporting hygiene to avoid public naming, which CSSF deems non-disruptive to markets here.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager C5 Haven Cyber GP S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) C5 Haven Cyber GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of AML reporting duties and serves as a public warning to supervised entities on the consequences of non-cooperation. It matters because it demonstrates that even modest fines will be levied for procedural lapses, potentially signaling increased scrutiny on timely AML compliance submissions amid broader regulatory focus on financial crime risks.
What Changed
- This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended AML/CFT Law:
- Annual Questionnaire Submission: Supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, must submit an annual financial crime questionnaire...
- Fine Provisions: Fines are imposed per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), with amounts determined by relevant circumstances under Article 8-5(1); publication follows Article 8-6(1) after...
Suggested Considerations
- Immediate Review: AIFMs and similar entities must verify their internal processes for annual Questionnaire submission, ensuring calendar reminders and automated tracking for 4 April deadlines.
- Remediation if Late: Submit overdue Questionnaires promptly with explanations; request in-person meetings if needed, as the sanctioned AIFM failed to do so.
- Process Enhancements: Implement escalation protocols for CSSF reminders, designate a senior compliance officer for oversight, and document all submissions/acknowledgments to demonstrate cooperation under Article 5(1).
- Training: Conduct firm-wide training on AML/CFT cooperation duties, emphasizing that non-response leads to fines without need for justification.
Key Dates
- Reference year-end for the financial crime Questionnaire
- Statutory deadline for submitting the Questionnaire for the year ending 31 December 2024
- Date CSSF imposed the €10,000 administrative fine after noting non-submission despite reminders
- Date of CSSF publication of the sanction decision
Compliance Impact
Urgency: Medium - This is a low-value fine (€10,000) for a procedural breach, not involving substantive AML failures like suspicious transactions or sanctions screening delays seen in higher fines (e.g., €185,000 on Rakuten Bank). It matters as a precedent for CSSF's willingness to publicly name-and-shame for basic non-cooperation, potentially escalating to higher penalties for repeats; with publication on 9 January 2026, firms should prioritize 2025/2026 reporting to avoid similar exposure amid CSSF's active enforcement (3192+ sanctions published).
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager C5 S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager C5 Haven Cyber GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of reporting duties in AML/CFT compliance, serving as a warning to supervised entities on the consequences of administrative delays. It matters because it highlights low-tolerance for even minor procedural lapses, potentially signaling increased scrutiny on annual reporting amid broader AML/CFT priorities.
What Changed
- This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended AML/CFT Law:
- Article 5(1) mandates supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, to cooperate fully with CSSF, including submitting the annual financial crime...
- Breach occurred due to non-submission of the 2024 year-end Questionnaire, with fine determined per Articles 8-4(1), 8-4(2)(f), 8-4(3)(a), and 8-5(1).
- Publication of the sanction follows Article 8-6(1), after proportionality assessment to avoid market stability risks.
No new rules introduced; reinforces ongoing duty to meet CSSF reporting timelines...
Suggested Considerations
- Review and confirm timely submission of all pending or future CSSF financial crime questionnaires; establish automated calendar reminders for annual deadlines (e.g., 4 April for prior year-end data).
- Implement escalation protocols for CSSF reminders, ensuring immediate response and submission within days, not weeks.
- Conduct internal audit of AML/CFT cooperation obligations, documenting justifications for any delays and preparing evidence for potential CSSF hearings or meetings.
- Update compliance policies to prioritize Article 5(1) duties, including training for responsible persons on fine risks under Article 8-4.
- For AIFMs: Verify alignment with Article 3(2) of AIFM Law and integrate questionnaire processes into governance frameworks.
Key Dates
- Deadline for submission of financial crime Questionnaire covering year ending 31 December 2024
- Date CSSF imposed €10,000 administrative fine on C5 Haven Cyber GP S.à r.l. for non-submission despite reminders
- Date of CSSF publication announcing the sanction
Compliance Impact
Urgency: Medium - Matters due to CSSF's demonstrated willingness to impose and publicize fines for straightforward reporting failures, even at €10,000, which could escalate for repeat or severe cases; acts as a precedent amid rising AML/CFT enforcement (e.g., larger fines like €214,000 in similar contexts). Firms delaying submissions risk reputational damage from nominative publications under Article 8-6(1), market confidence erosion, and cumulative penalties; proactive remediation now prevents higher scrutiny in upcoming inspections.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerHedge Fund
Long Form Report – Practical rules concerning the self-assessment questionnaire to be submitted by investment firms – Mission and related reports of the réviseurs d’entreprises agréés (approved statutory auditors)
Broker DealerAll Firms
Update of Circular CSSF 24/853 on the Long Form Report (as amended by Circular CSSF 25/870) – Practical rules concerning the self-assessment questionnaire to be submitted by investment firms Mission and related reports of the réviseurs d’entreprises agréés (approved statutory auditors)
Circular CSSF 26/904 updates Circular CSSF 24/853 (as amended by Circular CSSF 25/870) by introducing a revised Long Form Report (LFR) for investment firms, featuring a digital self-assessment questionnaire (SAQ) and enhanced auditor reports focused on AML/CFT and risk management. This matters because it aligns reporting with CSSF's risk-based supervision under CSSF 4.0, reduces redundancies, applies proportionality based on business models, and mandates digital submission to improve efficiency and data analysis.
What Changed
- - Revised LFR Structure: Comprises four parts in a single digital document: (1) yearly SAQ completed by investment firms; (2) descriptive elements verified by approved statutory auditors (REAs); (3)...
- Digital Format: Completion and submission via CSSF's online portal, supporting CSSF 4.0 digital strategy for efficient processing.
- Proportionality and Scope: Applies individually to investment firms (no consolidated LFR if under CSSF consolidated supervision); focuses on incremental, relevant information tied to business models,...
- Enhanced AML/CFT Focus: Requires descriptions of commercial policy, ML/FT risk management, roles/responsibilities, branch/subsidiary/tied agent compliance; REA must assess adequacy of...
- REA Responsibilities: Verify/ensure adequacy of SAQ elements, assess descriptions, perform control procedures, and provide assessments on AML/CFT policy implementation across entities.
Suggested Considerations
- Investment Firms: Complete and submit the digital SAQ yearly via CSSF portal, providing descriptions of business model, ML/FT risks, commercial policy, monitoring, AML/CFT roles, and entity-level compliance; ensure data on fund transfers (e.g., missing payer/payee info) is included.
- REAs/Auditors: Verify SAQ adequacy, assess descriptions, perform corroborative controls, supplement with findings (e.g., AML/CFT audit declarations), independently assess ML/FT risks/organization, and integrate into single LFR document.
- General: Review existing processes for proportionality (focus on incremental info); update AML/CFT policies/documentation for branches/subsidiaries/tied agents; prepare for digital submission; document risk assessments thoroughly.
- Ongoing: Monitor compliance with related regs like Regulation (EU) 2023/1113 (effective 30 December 2024, per draft bill 8387).
Key Dates
- Applicability of revised LFR to all investment firms; submissions begin for this period onward on a yearly basis
- Yearly production required via CSSF portal; firms should align with existing annual reporting cycles for auditors (typically post-year-end)
Compliance Impact
Urgency: High - Applies immediately to FY ending 31 December 2024 reports, requiring swift updates to reporting processes, digital tools, and AML/CFT documentation amid CSSF's risk-based shift; non-compliance risks supervisory actions, as LFR directly informs CSSF oversight on key prudential/AML areas with no transition period specified.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Asset ManagerBroker DealerAll Firms
Update of Circular CSSF 22/821 on the Long Form Report, as amended by Circulars CSSF 23/845 and CSSF 24/865
Circular CSSF 25/897 updates Circular CSSF 22/821 on the Long Form Report (LFR) for credit institutions, further aligning the self-assessment questionnaire (SAQ) with current supervisory priorities such as ML/FT risks and organizational aspects. This matters because it refines reporting to reduce redundancies, enhance transparency in REA assessments, and reflect evolving prudential focuses since prior amendments via Circulars CSSF 23/845 and 24/865, ensuring institutions' reports better support CSSF oversight.
What Changed
- - Introduces new modules in the revised SAQ to align with supervisory points of focus, building on prior expansions (e.g., credit/counterparty risk, liquidity risk, climate-related risks from CSSF...
- Emphasizes REA's independent assessment in the AML/CFT report, requiring exhaustive, transparent evaluations of ML/FT risks across institutions, branches, majority-owned subsidiaries abroad, and tied...
- REA must verify and amend descriptive elements provided by management for the Financial Instruments and Funds Report and AML/CFT report, including quantitative metrics like pending file ratios.
- Confirms the three-part LFR framework: institution-completed SAQ, REA's client assets protection report (per Article 7 of Grand-ducal Regulation of 30 May 2018), and REA's AML/CFT report; no Agreed...
- Enhances REA responsibilities for collateral arrangements and client fund protections under relevant laws.
Suggested Considerations
- Complete and submit revised SAQ annually, incorporating new modules on supervisory focuses like ML/FT risks and providing detailed data to REA.
- Authorized management: Supply accurate descriptive information to REA for reports, covering client protections, collateral, and AML/CFT procedures across group entities.
- REA: Independently assess and report on ML/FT risks and client assets with transparency, quantitative details, and verified management inputs; avoid imprecise language.
- Ensure AML/CFT report details methodologies (e.g., sampling techniques) and covers branches/subsidiaries/tied agents.
- Review prior LFR submissions against this update to align with suppressed redundancies and new emphases.
Key Dates
- Issuance date of Circular CSSF 25/897
end; - Annual submission deadline for SAQ to CSSF (unchanged from prior circulars)
end; - Submission deadline for REA Reports (Financial Instruments and Funds Report; AML/CFT Report)
end; - Aligned submission for REA management letter (per amendments in CSSF 23/845 to Circular 22/826)
Compliance Impact
Urgency: High - Institutions face immediate refinement needs for 2025 year-end reporting (e.g., SAQ due ~Q1 2026), with stricter REA scrutiny on AML/CFT transparency risking supervisory findings or enforcement if vague assessments persist; aligns with ongoing CSSF push for risk-focused oversight amid regulatory evolution.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Bank
Long Form ReportPractical rules concerning the self-assessment questionnaire to be submitted by institutionsMission and related reports of the statutory auditors (réviseurs d’entreprises agréés)
**Circular CSSF 22/821** (as amended) fundamentally restructures how Luxembourg credit institutions report to the Commission de Surveillance du Secteur Financier (CSSF) by replacing the traditional Long Form Report with a digital **self-assessment questionnaire (SAQ)**, complemented by auditor-prepared reports. This shift represents a significant operational change that requires institutions to directly participate in prudential self-assessment while maintaining robust external audit oversight, making it essential for compliance and operational teams to understand new submission requirements and digital workflows.
What Changed
- The circular introduces a three-component reporting framework that fundamentally alters the compliance landscape:
- Self-Assessment Questionnaire (SAQ): A digital, annually-completed questionnaire that institutions must prepare directly, covering domains within CSSF and ECB prudential supervision competence
- Agreed Upon Procedures (AUP) Reports: Reports prepared by approved statutory auditors (réviseurs d'entreprises agréés) on specific compliance areas
- Separate REA Report on Financial Instruments Protection: A dedicated auditor assessment on safeguarding of client financial instruments
Scope of SAQ Coverage: The questionnaire addresses prudential...
Suggested Considerations
- *For Credit Institutions:
- *Establish SAQ Governance: Designate authorized management responsible for reviewing and electronically signing the SAQ before submission; ensure accuracy and true-and-fair representation of information
- *Data Preparation: Align SAQ responses with prudential reporting figures (FINREP/COREP/LAREX) under IFRS as of financial year closure
- *Digital System Access: Obtain access credentials to the CSSF digital solution and familiarize compliance teams with the platform interface and submission workflow
- *Module Completion: Complete all applicable SAQ modules as configured in the CSSF digital solution; note that module applicability and exemptions are institution-specific and recorded directly in the system
Key Dates
- Circular CSSF 22/821 issued
- Initial publication date (updated 15 November 2023)
- Circular enters into application
- SAQ becomes accessible through CSSF digital solution
- Deadline for SAQ submission to CSSF
Compliance Impact
Urgency: HIGH
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
Bank
Adoption of the EBA Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures (sanctions)
Circular CSSF 25/896 adopts the EBA Guidelines EBA/GL/2024/14 and EBA/GL/2024/15, mandating Luxembourg financial institutions to establish robust internal policies, procedures, and controls for complying with EU and national restrictive measures (sanctions). This matters because it sets binding EU-wide standards to prevent sanctions violations and circumvention, with absolute obligations for immediate asset freezing and reporting, amid escalating geopolitical tensions.
What Changed
- - Institutions must develop, implement, and maintain up-to-date policies, procedures, and controls for identifying, investigating, and applying restrictive measures without delay, including risk...
- Management body responsibilities expanded: approve sanctions compliance strategy, oversee implementation, conduct at least annual assessments of exposure and controls, ensure remedial actions, and...
- Screening and monitoring requirements: Maintain updated sanctions lists with immediate integration of changes; screen customer base, transactions, and datasets accurately; enable immediate...
- Training and testing: Deliver regular, documented role-specific training; perform ongoing system testing for screening calibration, list accuracy, transaction monitoring effectiveness, and reporting.
- Proportionality applies based on institution's size, activities, and exposure; PSPs and CASPs explicitly addressed with tailored controls.
Suggested Considerations
- Conduct annual exposure assessments to sanctions risks and circumvention; update policies accordingly.
- Appoint senior management/board-level responsibility for approving and overseeing sanctions strategy, including annual reviews and deficiency reporting.
- Implement reliable screening systems for customers, transactions, and lists; define screenable datasets; test systems regularly for effectiveness (e.g., immediate freezing, accurate hits).
- Provide documented training to relevant staff on sanctions, institutional exposure, and internal processes.
- Establish processes for immediate action on matches: suspend transfers, freeze assets, report to Ministry of Finance/CSSF/FIU without delay; maintain whitelists only under strict conditions.
Compliance Impact
Urgency: High – With less than 12 months until the 30 December 2025 deadline (as of January 2026), firms face binding requirements for absolute compliance, including personal accountability for management bodies; non-compliance risks enforcement by CSSF, reputational damage, and fines amid frequent EU sanctions updates (e.g., Regulations 2025/1469, 2025/1476). This elevates sanctions from operational task to strategic board priority.
AI-generated analysis. May contain errors or omissions — verify with the
original CSSF source
before acting. Full disclaimer.
BankPayment ProviderCrypto Exchange
Press release 25/04
BankFintechAll Firms
No description available.
BankWealth ManagerAsset Manager