Banking & Credit in Luxembourg

What Changed

Institutions must establish proportionate strategies, policies, processes, and systems for ESG risk management, covering short-, medium-, and long-term horizons, including transition and physical environmental risks. Develop plans per Article 76(2) CRD with specific timelines, intermediate quantifiable targets, and milestones to address ESG financial risks, consistent with EU objectives (e.g., 55% GHG reduction by 2030, climate neutrality by 2050). Incorporate ESG into internal governance, risk

What You Need To Do

• Map and integrate ESG risks into governance, risk management frameworks, and business strategies, proportionate to scale/risk exposure
• Develop and document ESG risk management plans with quantifiable targets, milestones, timelines, and scenario analyses (broad requirements now; detailed later)
• Conduct assessments of ESG risks in portfolios, including sustainability products, transition finance, and loan origination policies, for SREP submission
• Embed in internal processes per Articles 74, 76, 87a CRD: identify/measure ESG risks (minimum standards), monitor over time horizons, and report to CSSF
• Review and update existing policies/systems for compliance by applicable dates; prepare for CSSF supervisory evaluation of plan robustness

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] reporting4066.rssing.com
• [7] cms.law
• [8] lsfi.lu

What Changed

The regulatory landscape has evolved significantly with the introduction of new sustainability reporting requirements: ESRS Implementation (First Year): 2024 marked the first full reporting year under the European Sustainability Reporting Standards (ESRS), with the CSSF conducting a fact-finding exercise to assess reporting quality. The CSSF noted an overall increase in reporting quality with better-structured reports and more relevant disclosures, though key improvement areas remain in compreh

What You Need To Do

• *Financial Information (IFRS)
• *Enhanced Note Disclosures
• *Cash Flow Statement Presentation
• *Segment Reporting Completeness
• *Going Concern Assessment

Key Dates

References

• [1] cssf.lu
• [2] bsp.lu
• [3] cssf.lu
• [4] lexgo.be
• [5] cssf.lu
• [6] lsfi.lu
• [7] cssf.lu
• [8] cssf.lu

What Changed

No new regulatory changes or requirements are introduced in this publication, as it is an enforcement notice rather than a circular or guideline. It serves as a disclosure of an ongoing or concluded enforcement case, aligning with CSSF's practice of publishing sanction details to deter non-compliance and inform the market, without altering existing rules. #

What You Need To Do

• For the named population
• For all supervised firms
• Update internal policies, train staff on enforcement precedents, and ensure robust reporting under Circular CSSF 19/726 or Transparency Law obligations

References

• [1] cssf.lu
• [2] aoshearman.com
• [3] pwc.lu
• [4] bakermckenzie.com
• [5] cssf.lu
• [6] cssf.lu
• [7] elvingerhoss.lu
• [8] ey.com

What Changed

The circular explicitly states that no substantive changes have been made to the survey process compared to previous quarters. The only modifications are administrative: the reference date (December 31, 2025) and the submission deadline (January 30, 2026). The specifications for data collection, definitions of covered and eligible deposits, and reporting methodologies remain unchanged from prior circulars, particularly Circular CSSF-CPDI 16/02 as amended by Circular CSSF-CPDI 23/35.

What You Need To Do

• *Calculate covered deposits as defined in Article 163 of the 2015 law, including balance and accrued interest (even if not yet due)
• *Report eligible deposits after applying exclusions under Article 172 of the 2015 law, including exclusions for financial institutions and life insurance products
• *Distinguish deposit types by reporting
• Total eligible deposits (field 201)
• Eligible deposits in omnibus accounts, fiduciary accounts, trusts, sub-accounts, and segregated accounts (field 0226)

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] fgdl.lu
• [5] cssf.lu
• [6] cssf.lu
• [7] cssf.lu
• [8] cssf.lu

What Changed

Updates to Descriptive Report and Self-Assessment Questionnaire: Refines content, format, and submission requirements for support PFS's annual submissions, emphasizing more detailed disclosures on operations, risks, and controls (building on CSSF 24/850). Auditor Engagement Rules: Introduces specific practical guidelines for approved statutory auditors, including mandatory scope of work, independence confirmations, and standardized procedures for reviewing support PFS reports. Management Letter

What You Need To Do

• *Review and Update Processes
• *Engage/Confirm Auditors
• *Implement Templates and Testing
• *Training and Governance
• *Submit on Time

Key Dates

What Changed

Repeal of prior circulars: Circular CSSF 19/731 and its amendment via Circular CSSF 19/710 are fully repealed, eliminating the fixed list of annual submission documents. Shift to website-based guidance: The updated list of required documents, affected entity categories, electronic submission channels, and deadlines is now published on the CSSF’s Prudential reporting for credit institutions webpage, including an interactive summary table for determining applicable submissions. Ongoing obligations

What You Need To Do

• Review the CSSF Prudential reporting webpage (https://www
• Update internal reporting processes, templates, and workflows to reference the website instead of the repealed circular
• Confirm ongoing annual submissions via specified electronic channels; test interactive table for applicability to the institution's profile
• Archive references to Circular CSSF 19/731 in policies and train staff on the change

Key Dates

References

• [1] cssf.lu
• [2] bakermckenzie.com
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] cssf.lu
• [7] cssf.lu

What Changed

Standardized Reporting Templates: Introduces detailed formats and content requirements for the annual descriptive report and self-assessment questionnaire, covering governance, risk management, internal controls, and operational metrics specific to support PFS activities (e.g., IT services, administrative support, custody). Auditor Engagement Rules: Mandates approved statutory auditors to perform specific procedures, issue a management letter highlighting control weaknesses, and prepare a separa

What You Need To Do

• Annual Reporting Cycle
• February to review submissions, test controls, and issue management letter (flagging deficiencies) plus separate compliance report
• Governance Updates
• Auditor Coordination
• Record-Keeping

Key Dates

What Changed

Introduces precise definitions for CRR Article 126a(2) terms, enabling 100% risk weight (instead of 150%) for ADC exposures to residential property if conditions are met: at least 50% of total contracts as pre-sale/pre-lease agreements with substantial cash deposits (e.g., ≥10% of sale price for sales, ≥3x monthly lease for leases), or equivalent financing/sale-lease combos; plus obligor equity ≥25% of completed property value. Mandates "sound standards for lending and credit monitoring" alongsi

What You Need To Do

• Review and classify ADC exposures against EBA-defined criteria (e
• Update internal policies, risk assessment models, and credit approval processes to incorporate "sound lending standards" and EBA specifications, including social housing carve-outs
• Recalculate capital requirements under standardized credit risk approach; report changes via CRR disclosures
• Maintain documentation proving compliance (e
• Institutions must "make every effort to comply" per EBA Regulation Article 16(3)

Key Dates

References

• [1] banking.vision
• [2] finanssivalvonta.fi
• [3] regulationtomorrow.com
• [4] cssf.lu
• [5] jdsupra.com
• [6] cssf.lu
• [7] cssf.lu
• [8] eba.europa.eu

What Changed

Risk Adjustment Updates (Annex 2): Increases weight of 'Return on assets' (ROA) risk indicator from 7.5% to 10%; decreases 'Deposit-size Risk' from 15% to 12.5%; adjusts sliding scale bounds for indicators like leverage ratio (3%-9%), capital coverage ratio (100%-200%), LCR/NSFR (100%-200%), NPL ratio (0%-3%), and others per Table 2, aligning with minimum EBA Guidelines weights totaling 75% plus national flexibility. Formula Component Floor (Annex 1): Introduces a zero floor for Component 1 (max

What You Need To Do

• Review and update internal systems/models for contribution calculations to incorporate new risk weights, bounds (Table 2), zero floor for Component 1, and revised formulas in Annexes 1-2
• Validate data reporting for risk indicators (e
• Prepare for FGDL invoices reflecting compartment-specific rates; monitor covered deposits for surveys (e
• Conduct gap analysis against repealed circulars (20/21, 23/34); update policies for mergers, deposit changes, and gap fillings (Γ_λ)

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cliffordchance.com
• [6] cssf.lu
• [7] cssf.lu
• [8] cssf.lu

What Changed

Modified Contribution Formula: Replaces prior methods (e.g., from Circulars CSSF-CPDI 16/01, 17/06, 20/21) with a new structure: Component 1 proportional to covered deposits growth (Γ_{j,k}) at 0.8% base rate, plus a flat add-on (T_j D_{j-2,k}) for target shortfalls, adjusted by a uniform factor μ per compartment, and multiplied by a new risk adjustment factor (ARW_{j,k}). Risk Adjustment Introduction: ARW is calculated using a weighted score (minimum 75% on EBA core categories, plus 12.5% depos

What You Need To Do

• Data Reporting
• Internal Calculations
• Risk Monitoring
• Systems Update

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] fgdl.lu
• [7] cssf.lu
• [8] cssf.lu

What Changed

Introduces new modules in the revised SAQ to align with supervisory points of focus, building on prior expansions (e.g., credit/counterparty risk, liquidity risk, climate-related risks from CSSF 23/845). Emphasizes REA's independent assessment in the AML/CFT report, requiring exhaustive, transparent evaluations of ML/FT risks across institutions, branches, majority-owned subsidiaries abroad, and tied agents; prohibits vague language (e.g., no "no serious weaknesses" phrasing) and mandates positi

What You Need To Do

• Complete and submit revised SAQ annually, incorporating new modules on supervisory focuses like ML/FT risks and providing detailed data to REA
• Authorized management
• Ensure AML/CFT report details methodologies (e
• Review prior LFR submissions against this update to align with suppressed redundancies and new emphases

Key Dates

References

• [1] cssf.lu
• [2] dlapiper.com
• [3] cssf.lu
• [4] ogier.com
• [5] cssf.lu
• [6] stradalex.lu
• [7] cssf.lu
• [8] cssf.lu

What Changed

The circular introduces a three-component reporting framework that fundamentally alters the compliance landscape: Self-Assessment Questionnaire (SAQ): A digital, annually-completed questionnaire that institutions must prepare directly, covering domains within CSSF and ECB prudential supervision competence Agreed Upon Procedures (AUP) Reports: Reports prepared by approved statutory auditors (réviseurs d'entreprises agréés) on specific compliance areas Separate REA Report on Financial Instruments

What You Need To Do

• *For Credit Institutions
• *Establish SAQ Governance
• *Data Preparation
• *Digital System Access
• *Module Completion

Key Dates

References

• [1] cssf.lu
• [2] pwc.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] dlapiper.com
• [7] stradalex.lu
• [8] cssf.lu

What Changed

CSSF 21/765: Updated provisions following amendments to CSSF Regulation No 12-02, refining notification and operational requirements for branches and FOPS. CSSF 22/827: Further amendments to align with CRD and MiFID II changes, including enhanced notifications for programme alterations (e.g., one-month prior written notice for changes in operations, services, or activities). CSSF 25/898: Latest update (noted in CSSF Newsletter No 298, November 2025), incorporating recent legal/regulatory develop

What You Need To Do

• Notifications
• Supervision cooperation

Key Dates

References

• [1] bakermckenzie.com
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] cms.law
• [7] loyensloeff.com
• [8] caceis.com

What Changed

The circular introduces the following material modifications to Circular CSSF 07/325: *New Supervisory Module UCI administration** has been added as a thematic module to the self-assessment questionnaire, reflecting increased regulatory attention to fund administration practices. *Enhanced Self-Assessment Framework** Existing modules have been updated to better align with supervisory objectives and current regulatory priorities. The revised SAQ now captures a broader range of supervisory point

What You Need To Do

• *Update Self-Assessment Processes
• Revise internal SAQ completion procedures to address the new UCI administration module
• Ensure all thematic modules reflect current supervisory expectations
• *Assess UCI Administration Compliance
• If the institution provides or is involved in UCI administration services, conduct a detailed assessment of compliance with CSSF expectations

Key Dates

References

• [1] bakermckenzie.com
• [2] debevoise.com
• [3] cssf.lu
• [4] arendt.com
• [5] cssf.lu
• [6] cssf.lu
• [7] stradalex.lu
• [8] cssf.lu

What Changed

This circular updates prior guidance (notably CSSF-CPDI 16/02 as amended by CSSF-CPDI 23/35) by specifying the survey reference date of 30 September 2025 and providing granular reporting fields for eligible deposits (e.g., exclusions for financial institution-like structures and life insurance products), covered deposits capped at €100,000 per person, and breakdowns by natural/legal persons, including shares in omnibus accounts, fiduciaries, trusts, sub-accounts, and segregated accounts. Key fie

What You Need To Do

• For omnibus/trust accounts, obtain and report shares of identifiable entitled persons, apportion by legal status of holder, and ensure fields like 0226 and 0255 reconcile
• Designated management reviews/approves data; transmit accurately to CSSF/CPDI, respecting prior circulars (e
• Exclude non-creditor accounts or those assimilated to financial institutions/life insurance

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] fgdl.lu
• [7] cssf.lu
• [8] cliffordchance.com

What Changed

Introduces data collection for 2026 SRF contributions, conditional on SRB verifying SRF funds fall below 1% of covered deposits in the Banking Union by early 2026. Mandates XBRL submission of DRFs (except restatements up to 2022 in Excel); provides templates in Annexes 3a, 4, 5 (User Guide), and 7a/7b for additional assurances. Additional assurance requirements (e.g., auditor reports or Agreed-Upon Procedures - AUP) apply conditionally to ECB-supervised institutions unless under lump-sum payment

What You Need To Do

• Download and complete DRF using Annexes (e
• For ECB-supervised institutions
• Align internal systems with CSSF templates early; validate data to avoid SRB assumptions under Article 17(1) DR
• Review Annex 1 (SRB kick-off letter), Annex 4 (2026 Guidance), and Annex 6 (ECB list)

Key Dates

References

• [1] cssf.lu
• [2] blog.uit.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] cssf.lu

What Changed

Institutions must develop, implement, and maintain up-to-date policies, procedures, and controls for identifying, investigating, and applying restrictive measures without delay, including risk management for violations and circumvention. Management body responsibilities expanded: approve sanctions compliance strategy, oversee implementation, conduct at least annual assessments of exposure and controls, ensure remedial actions, and report deficiencies. Screening and monitoring requirements: Maint

What You Need To Do

• Conduct annual exposure assessments to sanctions risks and circumvention; update policies accordingly
• Appoint senior management/board-level responsibility for approving and overseeing sanctions strategy, including annual reviews and deficiency reporting
• Implement reliable screening systems for customers, transactions, and lists; define screenable datasets; test systems regularly for effectiveness (e
• Provide documented training to relevant staff on sanctions, institutional exposure, and internal processes
• Establish processes for immediate action on matches: suspend transfers, freeze assets, report to Ministry of Finance/CSSF/FIU without delay; maintain whitelists only under strict conditions

References

• [1] cssf.lu
• [2] cssf.lu
• [3] stradalex.lu
• [4] cliffordchance.com
• [5] cssf.lu
• [6] elvingerhoss.lu
• [7] mondaq.com
• [8] forbes.lu