Authorisation & Licensing in Luxembourg

What Changed

The regulatory landscape has evolved significantly with the introduction of new sustainability reporting requirements: ESRS Implementation (First Year): 2024 marked the first full reporting year under the European Sustainability Reporting Standards (ESRS), with the CSSF conducting a fact-finding exercise to assess reporting quality. The CSSF noted an overall increase in reporting quality with better-structured reports and more relevant disclosures, though key improvement areas remain in compreh

What You Need To Do

• *Financial Information (IFRS)
• *Enhanced Note Disclosures
• *Cash Flow Statement Presentation
• *Segment Reporting Completeness
• *Going Concern Assessment

Key Dates

References

• [1] cssf.lu
• [2] bsp.lu
• [3] cssf.lu
• [4] lexgo.be
• [5] cssf.lu
• [6] lsfi.lu
• [7] cssf.lu
• [8] cssf.lu

What Changed

Mandatory Electronic-Only Submission: Documents listed in Annex I must be transmitted exclusively via e-file (http://www.e-file.lu) or SOFiE (http://www.cetrel-securities.lu/wp_static/what-do-we-offer/secured-reporting-channel-sofie-sort/), in PDF format supporting read access, printing, copy/paste, and word search; other methods post-February 1, 2019, are null and void. Dynamic Annex Updates: The annex, published on the CSSF website, is regularly updated (e.g., latest noted April 1, 2025) and i

What You Need To Do

• Register/access e-file or SOFiE platforms if not already (test/production environments available since February 2019)
• Consult and adhere to the latest Annex I for document list, nomenclatures, and formats (PDF with full functionality)
• Ensure submissions are final/official versions matching hard copies; use specified identifiers for UCIs/SIFs/SICARs
• Implement processes for automatic/manual transmission (e
• Train staff on responsibilities and integrate into reporting workflows; reference CSSF FAQs for closing documents

Key Dates

References

• [1] bsp.lu
• [2] cssf.lu
• [3] mondaq.com
• [4] cssf.lu
• [5] e-file.lu
• [6] cssf.lu
• [7] cssf.lu
• [8] dechert.com

What Changed

No new regulatory changes or requirements are introduced in this publication, as it is an enforcement notice rather than a circular or guideline. It serves as a disclosure of an ongoing or concluded enforcement case, aligning with CSSF's practice of publishing sanction details to deter non-compliance and inform the market, without altering existing rules. #

What You Need To Do

• For the named population
• For all supervised firms
• Update internal policies, train staff on enforcement precedents, and ensure robust reporting under Circular CSSF 19/726 or Transparency Law obligations

References

• [1] cssf.lu
• [2] aoshearman.com
• [3] pwc.lu
• [4] bakermckenzie.com
• [5] cssf.lu
• [6] cssf.lu
• [7] elvingerhoss.lu
• [8] ey.com

What Changed

This is not a regulatory change but an enforcement precedent under existing rules: non-compliance with Article 5(1) of the AML/CFT Law, which mandates annual submission of a financial crime questionnaire ("Questionnaire") to the CSSF. The fine was calculated per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), considering circumstances under Article 8-5(1). Publication followed Article 8-6(1) after a proportionality assessment, confirming no market stability risks. No new requirements were introduced;

What You Need To Do

• Immediately review internal processes for annual Questionnaire submission, ensuring calendar invites and automated reminders for the 4 April deadline (covering prior year-end data)
• Conduct a gap analysis on AML/CFT cooperation obligations under Article 5(1), including response protocols to CSSF reminders or queries
• Update compliance calendars and train staff on escalation procedures; document all submissions with proof (e
• If late, proactively submit overdue items and request meetings if needed, as non-response forfeits mitigation opportunities

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] seqlense.com
• [5] bsp.lu
• [6] cvc.com
• [7] gouvernement.lu
• [8] caceis.com

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations: Mandatory Annual Questionnaire Requirement: All professionals supervised, authorized, or registered by the CSSF must submit an annual questionnaire on financial crime by April 4 each year, covering the preceding calendar year. Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, which includes timely su

What You Need To Do

• regulated entities must
• *Establish Calendar Controls
• *Designate Responsible Parties
• *Prepare Documentation
• *Monitor Communications

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] seqlense.com
• [4] cssf.lu
• [5] cssf.lu
• [6] blogs.duanemorris.com
• [7] cssf.lu
• [8] cssf.lu

What Changed

This is not a regulatory change or new requirement but an enforcement precedent under existing rules: non-compliance with the annual financial crime questionnaire submission, mandated by Article 5(1) of the AML/CFT Law, triggers fines per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a). The CSSF considered all relevant circumstances under Article 8-5(1) to set the €10,000 fine amount and published the sanction nominatively after proportionality assessment per Article 8-6(1), confirming no market stabi

What You Need To Do

• Ensure timely submission of annual financial crime questionnaires by 4 April each year (for prior calendar year data); implement calendar reminders and escalation processes for CSSF requests
• Respond promptly to CSSF reminders or queries on AML/CFT compliance to avoid escalation to fines; document any delays with justification evidence
• No retroactive actions needed for this case, but conduct gap analysis on reporting workflows to prevent similar breaches

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] regulatoryandcompliance.com
• [6] cssf.lu
• [7] sec.gov
• [8] pinsentmasons.com

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations. However, it reinforces critical compliance requirements: Mandatory Annual Questionnaire Submission: All CSSF-supervised professionals, including AIFMs, must submit an annual questionnaire on financial crime by the specified deadline (in this case, 4 April 2025 for the year ending 31 December 2024). Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on the fight against mon

What You Need To Do

• *Establish Calendar Controls
• *Designate Responsible Parties
• *Monitor CSSF Communications
• *Document Submission
• *Escalate Non-Compliance Immediately

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] opensanctions.org
• [5] boldergroup.com
• [6] bsp.lu
• [7] efama.org
• [8] pwc.lu

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations: Mandatory Annual Questionnaire Requirement: All CSSF-supervised professionals must submit an annual questionnaire on financial crime covering the preceding calendar year. Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT imposes a non-negotiable duty to cooperate with CSSF supervisory requests. Enforcement Escalation: The CSSF will issue reminders before imposin

What You Need To Do

• regulated entities must
• *Identify Reporting Obligations
• *Calendar Management
• *Documentation
• *Escalation Protocol

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] opensanctions.org
• [5] cliffordchance.com
• [6] elvingerhoss.lu
• [7] imf.org

What Changed

This is not a regulatory change but rather an enforcement action that clarifies existing obligations: Mandatory Annual Reporting: All CSSF-supervised professionals must submit an annual questionnaire on financial crime by 4 April each year, covering the preceding calendar year. Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, including timely submission of requested documentation. Enforcement Esc

What You Need To Do

• *Establish Reporting Calendars
• *Designate Responsible Personnel
• *Respond to Regulatory Requests
• *Document Justifications
• *Monitor Supervisory Communications

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] opensanctions.org
• [6] sorainen.com
• [7] ubp.com
• [8] adaptation-fund.org

What Changed

This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing (AML/CFT Law). Specifically, it reaffirms the mandatory annual submission of the CSSF's financial crime questionnaire ("Questionnaire") by supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, as part of the cooperation duty in Article 5(1). The fine was cal

What You Need To Do

• Immediately verify submission status of the 2024 Questionnaire (or any outstanding); if overdue, submit promptly with justification to mitigate further escalation
• Implement automated calendar alerts and internal workflows for all CSSF reporting deadlines, including annual AML/CFT Questionnaire
• Conduct a compliance gap analysis on cooperation obligations under Article 5(1) AML/CFT Law, documenting reminder responses and evidence retention
• Train senior managers and compliance teams on supervisory interactions, including rights to request in-person meetings before fines
• Review governance for timely escalation of CSSF reminders to decision-makers

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] fi.se
• [6] cssf.lu
• [7] africagrowthfund.org
• [8] funds-europe.com

What Changed

This is an enforcement action, not a regulatory change; it enforces existing requirements under Article 51(1) (1st and 7th indents) and Article 51(2) (1st sub-paragraph, 3rd indent) of the amended Law of 12 July 2013 on AIFMs (AIFM Law), and related provisions like Article 92(1) of Commission Delegated Regulation (EU) No 231/2013 (CDR 231/2013). Key breaches include: failure to properly assess risks tied to AIFs' strategies and AIFMs' organization for oversight processes; lack of processes to ve

What You Need To Do

• related entities) must
• Conduct immediate gap analyses on risk assessment processes for AIF strategies and AIFM organization per Article 92(1) CDR 231/2013
• Implement robust verification processes for AIFM compliance with asset delegation rules
• Ensure availability of key documentation and evidence of controls for the depositary function, addressing pre-2022 gaps if applicable
• Develop and test oversight processes, leveraging self-identified improvements and action plans as mitigating factors, as JTC did prior to inspection

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] media.permira.com

What Changed

Diversification and investment limits: Introduces tailored percentage-based thresholds; for funds marketed to unsophisticated retail investors, limits remain at 25% per issuer/UCI/asset, raised to 50% per issuer/UCI/asset or 70% per infrastructure investment for well-informed/professional investor funds, with CSSF derogations possible on justification. Limits apply on assets/commitments basis with look-through for intermediary vehicles. SICAR-specific rules: Confirms risk capital investments (e.

What You Need To Do

• Review and update fund documents (e
• Assess and document compliance with new/relaxed diversification, borrowing, and SICAR investment rules; apply for CSSF derogations where justified
• Ensure risk-spreading in derivatives/collateral and deployment of SICAR cash into eligible assets; confirm look-through for intermediaries
• For retail-marketed funds
• Maintain robust governance/documentation to leverage flexibility; reference CSSF's Compilation for concepts

Key Dates

References

• [1] cssf.lu
• [2] pwc.lu
• [3] aoshearman.com
• [4] maples.com
• [5] cssf.lu
• [6] debevoise.com
• [7] bakermckenzie.com
• [8] cssf.lu

What Changed

Consolidation and Repeals: Repeals CSSF Circulars 02/80, 07/309, 06/241, and Chapters G and I of IML 91/75; renders CSSF 08/356 and Chapter H of IML 91/75 inapplicable to Part II UCIs. Flexible Diversification Rules: Introduces investor-category-based thresholds (e.g., stricter for retail, looser for sophisticated investors); allows CSSF derogations for SIFs/Part II UCIs with justification; applies look-through for intermediary vehicles; harmonizes ramp-up (up to 12 months for liquid strategies,

What You Need To Do

• Review and update offering documents/prospectuses for enhanced transparency on risks, limits, borrowing, liquidity tools (e
• Align fund documentation/terminology with CSSF Compilation of key concepts for consistency in filings and communications
• Disclose ramp-up/wind-down periods, potential derogations, and life extensions clearly; seek CSSF approval for exemptions where justified
• Assess portfolio compliance for new funds/compartments; leverage flexibility for sophisticated investors but maintain robust governance
• No immediate changes required for pre-19 Dec 2025 funds, but proactive alignment recommended to avoid future issues

References

• [1] pwc.lu
• [2] bakermckenzie.com
• [3] ashurst.com
• [4] ogier.com
• [5] aoshearman.com
• [6] arendt.com
• [7] debevoise.com
• [8] cssf.lu

What Changed

Repeals Annex B of Circular CSSF 22/811 with immediate effect, replacing it with streamlined annual reporting via a core compliance-focused Self-Assessment Questionnaire (SAQ) that assesses governance, internal controls, operational organization, and risk management; detailed instructions are now on the CSSF website. Introduces prior CSSF authorisation requirements for entities acting as UCI administrators, including a defined administrative procedure with application details in Annex A; authori

What You Need To Do

• Assess eligibility and obtain prior CSSF authorisation via Annex A application (or notify substantial changes); ensure ongoing validity by monitoring operational model and delegations
• Adapt internal processes for revised annual UCIA reporting (SAQ-focused, integrated where applicable); submit using CSSF website instructions starting for FY ending 31 Dec 2025
• Review/update contracts with UCIs/IFMs to define roles, responsibilities, and oversight; implement delegation monitoring, remediation plans, and ICT compliance (DORA/Circular 25/882 or 20/750)
• For DORA-scope entities, align outsourcing arrangements with Circular CSSF 25/882

Key Dates

References

• [1] cssf.lu
• [2] blog.uit.lu
• [3] ogier.com
• [4] cssf.lu
• [5] cssf.lu
• [6] cssf.lu
• [7] harneys.com

What Changed

Authorisation Requirements: Prior CSSF authorisation is mandatory for appointment as UCI administrator, via full application under sectoral laws or a simplified administrative procedure; application must include details per Annex A, with ongoing updates for substantial changes. Scope of UCI Administration: Defines three core functions—registrar, NAV calculation/accounting, and client communication—requiring only one designated service provider per function per UCI (or compartment); UCI/IFM may p

What You Need To Do

• Submit authorisation application to CSSF with Annex A information before commencing UCI administration; notify substantial changes and keep file updated
• Establish/implement governance, controls, escalation processes, resource adequacy, ICT/business continuity per circular; ensure single provider per function
• For delegations
• Conclude written contracts with UCI/IFM; submit annual UCIA activity reports

References

• [1] cssf.lu
• [2] lexnow.lu
• [3] cssf.lu
• [4] stibbe.com
• [5] cssf.lu
• [6] cssf.lu
• [7] ey.com
• [8] simmons-simmons.com

What Changed

CSSF 21/765: Updated provisions following amendments to CSSF Regulation No 12-02, refining notification and operational requirements for branches and FOPS. CSSF 22/827: Further amendments to align with CRD and MiFID II changes, including enhanced notifications for programme alterations (e.g., one-month prior written notice for changes in operations, services, or activities). CSSF 25/898: Latest update (noted in CSSF Newsletter No 298, November 2025), incorporating recent legal/regulatory develop

What You Need To Do

• Notifications
• Supervision cooperation

Key Dates

References

• [1] bakermckenzie.com
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] cms.law
• [7] loyensloeff.com
• [8] caceis.com

What Changed

The circular introduces the following material modifications to Circular CSSF 07/325: *New Supervisory Module UCI administration** has been added as a thematic module to the self-assessment questionnaire, reflecting increased regulatory attention to fund administration practices. *Enhanced Self-Assessment Framework** Existing modules have been updated to better align with supervisory objectives and current regulatory priorities. The revised SAQ now captures a broader range of supervisory point

What You Need To Do

• *Update Self-Assessment Processes
• Revise internal SAQ completion procedures to address the new UCI administration module
• Ensure all thematic modules reflect current supervisory expectations
• *Assess UCI Administration Compliance
• If the institution provides or is involved in UCI administration services, conduct a detailed assessment of compliance with CSSF expectations

Key Dates

References

• [1] bakermckenzie.com
• [2] debevoise.com
• [3] cssf.lu
• [4] arendt.com
• [5] cssf.lu
• [6] cssf.lu
• [7] stradalex.lu
• [8] cssf.lu