Survey on the amount of covered deposits held on 31 March 2026
Circular CSSF-CPDI 26/50 mandates a recurring annual survey on the amount of **covered deposits** held as of **31 March 2026** by specified Luxembourg credit institutions, to support the Fonds de garantie des dépôts Luxembourg (FGDL) in meeting Deposit Guarantee Scheme (DGS) requirements under the 2015 Law and DGSD. This matters for compliance as it ensures institutions contribute accurately to the FGDL's buffer (targeting 2% of covered deposits by 2026), with data also feeding into Single Resolution Board (SRB) calculations for resolution funding.
What Changed
This circular introduces no substantive changes to survey content, methodology, or reporting specifications compared to prior issuances (e.g., CSSF-CPDI 25/49 for 31 December 2025). Updates are limited to the reference date (31 March 2026) and associated deadlines, maintaining the risk-based ex-ante contribution method from Circular CSSF-CPDI 20/21 and quarterly reporting under CSSF-CPDI 17/07.
What You Need To Do
- Compile data on covered deposits (eligible deposits up to €100,000 per depositor, per Article 163 of 2015 Law), excluding items per Article 172 (e
- Report detailed breakdowns
- Submit via specified format (per attached specs, unchanged from priors) to CPDI by deadline; quarterly data ongoing per CSSF-CPDI 17/07
- Ensure alignment with FGDL contributions under CSSF-CPDI 25/48
Key Dates
31 March 2026 - Reference date for snapshot of covered deposits.
30 April 2026 (inferred from pattern in prior circulars like 25/49) - Likely submission deadline for survey data to CPDI (exact date in full PDF; aligns with one-month post-reference in predecessors). DEADLINE
26 March 2026 ).
Compliance Impact
Urgency: High – Immediate action required today (publication date) to prepare for 31 March 2026 snapshot (just 5 days away), with submission likely due early May 2026. Non-compliance risks FGDL penalties, inaccurate contributions (impacting 0.8% extra buffer to 2% DGSD minimum), and SRB reporting failures under Regulation (EU) 2015/63; recurring nature demands robust quarterly data processes.
Bank
No description available.
BankWealth ManagerFintech
Amendment of Circular CSSF 18/703 on the introduction of a semi-annual reporting of borrower related residential real estate indicators
Circular CSSF 26/908 amends Circular CSSF 18/703 to update semi-annual reporting requirements for borrower-related residential real estate indicators, enhancing supervisory oversight of credit risk in Luxembourg's financial sector. Published today (25 March 2026), it matters for credit institutions as it refines data collection to better monitor real estate lending exposures amid potential market vulnerabilities.
What Changed
The circular introduces amendments to the original Circular CSSF 18/703 (itself amended by Circulars CSSF 20/737 and 21/772), focusing on semi-annual reporting of indicators tied to borrowers in residential real estate. Specific changes are not detailed in the provided summary or full content excerpt, but they likely involve refinements to reporting templates, data granularity, or submission processes to align with evolving EU prudential standards on real estate risk monitoring. The updated consolidated version of Circular CSSF 18/703 is now available as a 258.91Kb PDF.
What You Need To Do
- Download and review the full Circular CSSF 26/908 (291
- Conduct a gap analysis of current reporting processes against the amended requirements for borrower-related residential real estate indicators
- Update internal systems, data collection templates, and reporting workflows to ensure accurate semi-annual submissions to the CSSF
- Train relevant compliance, risk, and finance teams on changes; document compliance confirmations for audit trails
Key Dates
17 December 2018 - Original issuance of Circular CSSF 18/703 introducing semi-annual reporting.
25 March 2026 - Publication date of Circular CSSF 26/908 (today).
Compliance Impact
Urgency: Medium - This is a targeted amendment to existing reporting obligations rather than a new regime, reducing immediate disruption, but non-compliance risks supervisory scrutiny, fines, or enhanced monitoring given CSSF's focus on real estate risk. It matters for maintaining accurate credit risk data, especially in a potentially volatile residential property market, supporting broader prudential stability.
Bank
Version of 9 March 2026
The CSSF Technical FAQ on Regulation No 20-08 provides implementation guidance on **loan-to-value (LTV) limits for residential real estate credit in Luxembourg**, establishing borrower-based macroprudential measures designed to limit leverage in the mortgage market. This guidance is critical for lenders operating in Luxembourg as it clarifies how to calculate own funds, determine LTV compliance, and apply temporary portfolio exemptions that have been extended through June 30, 2025.
What Changed
The most recent update (March 9, 2026) to the Technical FAQ reflects the regulatory framework established by CSSF Regulation No 20-08 (as modified by Regulation No 24-10). The core LTV requirements are:
*Primary Residence Loans:
First-time buyers: LTV limit of up to 100%
Other buyers**: LTV limit of 90%, implemented via portfolio allowance
*Buy-to-Let Residential Loans:**
Standard LTV limit of 80%
Temporary exemption (until June 30, 2025): Lenders may apply LTV ratios up to 95% for up to 10% of annual production
*Other Residential Real Estate Loans:**
LTV limit of 80%
*Own Funds...
What You Need To Do
- *For all lenders
- *Implement dual LTV tracking for borrowers financing new property through sale of existing property, ensuring compliance with both interim and final LTV ratios
- *Document own funds sources carefully, particularly when cash collateral or sale proceeds are used, as these are only permitted for loans with initial LTV below 100%
- *Prepare for June 30, 2025 transition by
- Identifying all buy-to-let loans currently benefiting from the 95% LTV exemption
Key Dates
January 1, 2021 - Regulation and LTV limits became effective for residential real estate credit on Luxembourg territory
December 3, 2020 - CSSF Regulation No 20-08 originally published
May 21, 2024 - CSSF Regulation No 24-04 introduced temporary adjustments to LTV limits
December 30, 2024 - CSSF Regulation No 24-10 extended temporary adjustments
June 30, 2025 - **CRITICAL DEADLINE**: Temporary portfolio allowance for buy-to-let loans (95% LTV for 10% of annual production) expires; all buy-to-let loans revert to 80% LTV limit DEADLINE
Compliance Impact
Urgency: HIGH
BankFintech
on the introduction of a semi-annual reporting of borrower-related residential real estate indicators
Circular CSSF 18/703 introduces semi-annual reporting requirements for Luxembourg-based lenders on borrower-related residential real estate (RRE) indicators to monitor macroprudential risks in the RRE lending market, in line with ESRB Recommendation 2016/14 (as amended). It matters for compliance because it mandates data collection via a dedicated CSSF template, with exclusions only for banks below EUR 10 million in outstanding RRE exposures, ensuring supervisory oversight of lending standards. The circular has been iteratively amended (CSSF 20/737, 21/772, 26/908), with the latest update on 25 March 2026 refining reporting processes.
What Changed
Original Scope (CSSF 18/703, 17 Dec 2018): Requires semi-annual reporting of RRE indicators for loans secured by Luxembourg residential real estate (existing dwellings, under construction, owner-occupied, buy-to-let, renovation loans via real estate savings plans like BSH/BHW). Excludes commercial real estate (CRE), unsecured renovation loans, and loans to non-natural person entities for property purchase.
Amendment CSSF 20/737 (19 Feb 2020): Clarified reporting thresholds and processes; banks with total outstanding RRE exposure ≤ EUR 10 million are exempt from reporting (no zero report...
What You Need To Do
- Download and use the dedicated RRE data template from the CSSF website (https://www
- Assess total outstanding RRE exposure; if > EUR 10 million, collect data on new/outstanding exposures per reference dates (30 Jun/31 Dec)
- Ensure IT systems store/process RRE indicators (e
- Submit reports to CSSF in April/October; review amendments (20/737, 21/772, 26/908) and FAQ for updates
- For exempt banks
Key Dates
17 Dec 2018 Original Circular CSSF 18/703 published; reporting obligation introduced.
19 Feb 2020 Circular CSSF 20/737 and FAQ published; clarified exemptions and scope.
10 May 2021 Circular CSSF 21/772 amendment published.
25 Mar 2026 Circular CSSF 26/908 amendment published (today's date); immediate implementation expected for upcoming cycles.
Ongoing (semi-annual) Reports due in April (ref. 31 Dec) and October (ref. 30 Jun) each year. DEADLINE
Compliance Impact
Urgency: High – Ongoing semi-annual obligation with latest amendment today (25 Mar 2026, CSSF 26/908) likely affects the next October 2026 cycle (ref. 30 Jun 2026); non-compliance risks supervisory sanctions, as it supports macroprudential monitoring under ESRB framework. Firms must validate systems/data immediately post-amendment to avoid gaps in reporting population.
Bank
No description available.
BankAsset ManagerWealth Manager
Press release 26/07
Bank
Situation as at 31 December 2025
BankWealth ManagerAll Firms
(first publication: 30 October 2024)
BankWealth ManagerAll Firms
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
No description available.
Asset ManagerWealth ManagerBank
No description available.
Asset Manager
No description available.
Payment Provider
Out-of-court consumer complaint resolution
BankWealth ManagerFintech
No description available.
Asset ManagerBankWealth Manager
in relation to additional liquidity management requirements for Luxembourg-domiciled UCITS, or where applicable their management company, and Luxembourg-authorised AIFMs that manage open-ended AIFs, introduced by the Law of 3 March 2026, transposing Directive (EU) 2024/927 of the European Parliament and of the Council of 13 March 2024
Asset ManagerBank
Latest update on the AML/CFT standardised data collection
This CSSF circular letter addresses the 2026 AML/CFT standardised data collection exercise, aligning with AMLA's EU-wide initiatives by adopting AMLA-developed templates for most supervised entities while requiring specialised professionals to use CSSF-specific forms. It matters for Luxembourg financial firms as it mandates reporting on ML/TF risks and mitigation measures to support consistent EU supervision, with recent delays emphasizing preparation needs amid evolving templates.
What Changed
CSSF adopts AMLA-developed data collection templates for credit institutions, investment firms, and investment fund managers (excluding specialised professionals), replacing its prior questionnaire to avoid duplication with AMLA's broad exercise and ensure a level playing field ahead of the new EU AML/CFT methodology.
Entities selected for AMLA's mandatory calibration exercise (notified directly by CSSF) must report quantitative and qualitative ML/TF risk data; non-selected entities still report via AMLA templates on 2025 risks.
Launch delayed from 2 March 2026 due to AMLA's consultation...
What You Need To Do
- Monitor CSSF communications for final questionnaire, launch dates, and eDesk access; prepare data on 2025 ML/TF risks and mitigation using current AMLA draft (not for submission)
- Selected AMLA calibration participants
- Non-selected credit/financial institutions
- Specialised professionals
Key Dates
23 February 2026 - Planned launch for specialised professionals' CSSF questionnaire (delayed per 11 March update).
2 March 2026 - Original launch date for AMLA questionnaire and calibration exercise via eDesk platform (delayed).
13 March 2026 - AMLA webinar (10:00-12:00) on reporting framework and clarifications (connection details in CSSF annex).
15 April 2026 - Submission deadline for AMLA calibration exercise participants (maintained despite delays; changes to be communicated). DEADLINE
TBD (post-11 March 2026) - New launch and submission deadlines for all data collections, pending final AMLA questionnaire. DEADLINE
Compliance Impact
Urgency: High - Mandatory reporting supports CSSF's supervisory strategy and EU AMLA calibration, with non-compliance risking enforcement; delays provide preparation time but require immediate data readiness as final deadlines approach shortly (e.g., potential April submissions). This directly feeds into entity-level ML/TF risk assessments, influencing ongoing supervision and resource allocation.
BankAsset ManagerAll Firms
No description available.
BankWealth ManagerAll Firms
No description available.
BankWealth Manager
implementing Regulation (EU) No 269/2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine
BankWealth ManagerAsset Manager
Situation as at 31 January 2026
BankAsset ManagerWealth Manager
Situation as at 31 January 2026
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerFintech
implementing Regulation (EU) No 269/2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
Asset ManagerWealth Manager
No description available.
FintechPayment Provider
Delay in the 2026 AML/CFT standardised data collection
BankAsset ManagerWealth Manager
Delay in the 2026 AML/CFT standardised data collection
BankAsset ManagerWealth Manager
Press release 26/06
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerAll Firms
Table listing the professional activities and the mandates performed
This CSSF publication is an updated table (in XLSX format) listing standardized professional activities and mandates for members of the management body/governing body and conducting officers, as required under points 105 and 107 of Circular CSSF 18/698. It matters because it ensures consistent, transparent reporting of senior personnel roles in Luxembourg investment fund managers (IFMs), supporting governance, conflict-of-interest management, and CSSF supervisory oversight. Compliance professionals must use this list to standardize disclosures in authorization files and ongoing reporting.
What Changed
The document was originally published on 14 January 2019 and updated on 12 March 2026, reflecting revisions to the predefined list of professional activities and mandates[Source URL]. Key aspects include:
Alignment with Circular CSSF 18/698 requirements for IFMs (management companies for UCIs and AIFs), specifying reportable roles like those in collective portfolio management, risk management, valuation, compliance, internal audit, and IT operations.
Emphasis on detailed documentation of mandates to demonstrate fitness, properness, and avoidance of conflicts, including for shareholders with...
What You Need To Do
- Download and use the XLSX table
- Update authorization and notification files
- Conduct fit-and-proper assessments
- Annual compliance review
- Policy updates
Key Dates
14 January 2019 - Original publication of the list.
23 August 2018 - Publication of underlying Circular CSSF 18/698, setting baseline requirements.
End of May (post-financial year) - Compliance deadline for Circular 18/698 obligations, including governance reporting (e.g., 5 months after year-end). DEADLINE
12 March 2026 - Latest update to the list, requiring immediate review and integration into reporting processes[Source URL].
Compliance Impact
Urgency: High – The March 12, 2026 update coincides with today's date, demanding immediate review to avoid supervisory findings during CSSF inspections or authorization processes. Non-compliance risks authorization delays, fines, or reputational damage, as Circular 18/698 emphasizes robust governance in a heightened scrutiny environment for IFMs (e.g., delegate oversight, AML).
Asset ManagerBankAll Firms
Press release 26/05
Asset ManagerWealth Manager
Delay in the 2026 AML/CFT standardised data collection
The CSSF circular letter dated 11 March 2026 announces a delay in its planned AML/CFT standardised data collection exercise originally scheduled for 2026, primarily due to overlap with a concurrent broad-scope data collection by the European Anti-Money Laundering Authority (AMLA). This matters for compliance professionals as it reduces immediate reporting burdens on supervised entities, promotes regulatory simplification, and aligns Luxembourg practices with emerging EU AML/CFT methodologies, allowing firms to redirect resources to the mandatory AMLA exercise.
What Changed
Postponement of CSSF-specific questionnaire: The CSSF has decided not to proceed with its own AML/CFT standardised data collection for most supervised entities (credit institutions, investment firms, investment fund managers), opting instead to rely on AMLA's questionnaire to avoid duplication and ensure a level playing field.
Exception for specialised professionals: Specialised professionals of the financial sector (e.g., certain non-credit institutions) remain subject to a CSSF-specific questionnaire, though timelines are affected by the delay announcement.
Rationale tied to AMLA...
What You Need To Do
- Monitor CSSF updates
- Prioritize AMLA obligations
- Specialised professionals
- Internal review
- No immediate submissions
Key Dates
2 March 2026 - Original launch date for AMLA calibration exercise data collection via eDesk (now potentially adjusted or paused per delay circular) .
15 April 2026 - Original reporting deadline to CSSF for AMLA calibration exercise data .
23 February 2026 - Original launch for specialised professionals' CSSF questionnaire .
11 March 2026 - Publication of delay circular, superseding prior timelines; further modalities to be communicated .
TBD 2026 - Potential ad-hoc CSSF questionnaires for essential data points .
Compliance Impact
Urgency: Medium. The delay alleviates short-term pressure by postponing submissions and reducing dual reporting, enabling resource reallocation to higher-priority AMLA efforts amid EU harmonization. It matters for maintaining a risk-based approach (RBA) under FATF standards, avoiding overburden from overlapping exercises, and preparing for the new EU AML/CFT methodology—non-compliance risks supervisory scrutiny, but the simplification lowers immediate enforcement exposure.
BankAsset ManagerAll Firms
No description available.
Asset ManagerWealth Manager
Situation as at 31 January 2026
Asset ManagerWealth Manager
Situation as at 28 February 2026
BankAsset ManagerBroker Dealer
Situation as at 31 January 2026
Asset ManagerBankWealth Manager
Situation as at 31 January 2026
Asset ManagerWealth Manager
Situation as at 31 January 2026
BankAsset ManagerWealth Manager
Situation as at 31 January 2026
Asset ManagerBankWealth Manager
Administrative sanction imposed on a réviseur d’entreprises agréé
The CSSF imposed an administrative sanction on 2 December 2025 against an approved statutory auditor (*réviseur d’entreprises agréé*) for breaches of professional obligations, likely related to continuing education requirements under Luxembourg's Audit Law, mirroring patterns in recent similar cases. This enforcement action underscores the CSSF's rigorous oversight of audit professionals, emphasizing compliance with ongoing training mandates to maintain audit quality and market integrity. Compliance professionals should note it as evidence of heightened scrutiny on non-delegable professional duties.
What Changed
This is not a regulatory change or new requirement but an enforcement action applying existing rules under point f) of Article 43(1) read with point a) of Article 43(2) and Article 44 of the Law of 23 July 2016 on the audit profession (Audit Law), alongside CSSF Regulation N°16-10 on continuing education.
What You Need To Do
- Immediate self-audit
- Remediation plan
- Internal training programs
- Fit-and-proper reviews
- Record retention
Key Dates
2 December 2025 - Date of administrative sanction imposition by CSSF.
6 March 2026 - Publication date of the sanction notice (today's date, aligning with CSSF practice for transparency under Article 48(2) of the Audit Law).
31 December 2024 - Likely reference period end for continuing education non-compliance (inferred from identical prior case). DEADLINE
Compliance Impact
Urgency: Medium. This matters as a signal of CSSF's proactive controls on auditor CPE, with fines starting at EUR 1,500 for initial breaches but scaling with severity/duration; repeated actions (e.g., multiple 2025 sanctions) indicate rising enforcement tempo, risking broader audit ecosystem scrutiny. Affected parties face direct fines and reputational harm, while others must prioritize CPE to avoid chain-reaction liabilities in financial reporting.
All Firms
Administrative sanction imposed on a réviseur d’entreprises agréé
The CSSF imposed an administrative sanction on 2 December 2025 against an approved statutory auditor (*réviseur d’entreprises agréé*) for breaches of professional obligations, likely related to continuing education requirements under Luxembourg's Audit Law, mirroring patterns in recent similar cases. This enforcement action underscores the CSSF's rigorous oversight of audit professionals, emphasizing compliance with ongoing training mandates to maintain audit quality and market integrity. Compliance professionals should note it as evidence of heightened scrutiny on non-compliance with minimum continuing education hours.
What Changed
No new regulatory changes are introduced; this is an enforcement action applying existing rules under point f) of Article 43(1) read with point a) of Article 43(2) and Article 44 of the Law of 23 July 2016 concerning the audit profession (Audit Law), alongside CSSF Regulation N°16-10 on continuing education for statutory auditors. Breaches typically involve failing to meet the minimum total hours of continuing education by the reference period end (e.g., December 31, 2024, as in a comparable August 2025 case).
What You Need To Do
- Statutory auditors must immediately verify compliance with Article 3(1) of CSSF Regulation N°16-10, ensuring minimum continuing education hours are met for relevant periods
- Audit firms should conduct internal audits of training logs and implement remediation plans, including supplementary training if deficits exist
- All affected parties must report any identified breaches to CSSF proactively and retain evidence of corrective actions, as CSSF controls under Article 10 of the Audit Law can trigger fines
Key Dates
2 December 2025 - Date of administrative sanction imposition by CSSF.
6 March 2026 - Publication date of the sanction notice.
31 December 2024 - Reference period end for continuing education compliance (inferred from similar case). DEADLINE
Compliance Impact
Urgency: Medium. This matters due to the pattern of CSSF enforcement on audit continuing education (e.g., EUR 1,500 fine in August 2025 case for similar breaches), signaling ongoing supervisory controls that could expand to on-site inspections. Non-compliance risks fines, public naming (or anonymous publication per Article 48(2) Audit Law), and reputational damage, but lacks immediate firm-wide deadlines, reducing to medium urgency for proactive reviews.
All Firms
No description available.
BankWealth ManagerFintech
No description available.
BankWealth ManagerFintech
No description available.
BankWealth ManagerAll Firms
Administrative sanction imposed on an investment firm
The CSSF imposed an administrative sanction on 8 October 2025 against an unnamed investment firm, as detailed in a publication released on 4 March 2026. This enforcement action underscores CSSF's rigorous oversight of investment firms, particularly in areas like AML/CFT compliance, conduct rules, and organizational requirements, serving as a warning for similar entities to strengthen cooperation and internal controls. It matters because it highlights escalating fines for repeated or material breaches, potentially influencing supervisory expectations across Luxembourg's financial sector.
What Changed
No new regulatory changes or requirements are introduced; this is an enforcement action applying existing rules. Based on patterns in the provided CSSF sanction documents, the sanction likely addresses breaches such as:
Failure to cooperate with CSSF requests, e.g., not submitting required AML/CFT questionnaires by deadlines, violating Article 5(1) of the amended Law of 12 November 2004 on AML/CFT.
Non-compliance with investment policies, organizational requirements, or conduct rules under the UCI Law (e.g., Articles 41, 43, 109), including improper broker exposures or valuation...
What You Need To Do
- Enhance cooperation protocols
- Review investment compliance
- Strengthen governance
- Training and monitoring
- Self-reporting
Key Dates
4 April 2025 - Deadline for submitting CSSF AML/CFT Questionnaire (breach example from similar case). DEADLINE
11 September 2025 - Date of fine imposition in comparable AIFM non-cooperation case.
16 July 2025 - Date of fine imposition for UCITS investment policy breaches.
8 October 2025 - Date of the sanction in question.
10 January 2025 - Date of prior depositary oversight fine.
Compliance Impact
Urgency: High - This matters due to CSSF's pattern of publicizing nominative sanctions (e.g., Max Gain Capital, Zeus Asset Management), signaling increased scrutiny on investment firms amid AML/CFT and conduct risks. Fines (EUR 10,000–127,500) represent material hits (up to 10% of turnover), with factors like poor cooperation amplifying penalties; firms with similar exposures face elevated inspection risk, especially post-2025 enforcement wave.
Asset ManagerBroker DealerWealth Manager
implementing Regulation (EU) No 208/2014 concerning restrictive measures directed against certain persons, entities and bodies in view of the situation in Ukraine
BankWealth ManagerAsset Manager
implementing Article 8a of Regulation (EC) No 765/2006 concerning restrictive measures in view of the situation in Belarus and the involvement of Belarus in the Russian aggression against Ukraine
BankWealth ManagerAsset Manager
Situation from February 2025 to February 2026
BankAsset ManagerBroker Dealer
Situation from February 2025 to February 2026
BankAsset ManagerBroker Dealer
Situation from February 2025 to February 2026
Asset ManagerBankBroker Dealer
No description available.
BankAsset ManagerWealth Manager
No description available.
The CSSF published guidance on 2 March 2026 specifying minimum documents and information required for assessing shareholding structures of authorised Investment Fund Managers (IFMs) during initial authorisation and subsequent modifications, covering both qualified and non-qualified shareholders. This matters because incomplete submissions will not be processed, potentially delaying authorisations or amendments amid ongoing CSSF scrutiny of governance and ownership in Luxembourg's fund sector.
What Changed
Minimum Document Requirements: Establishes a mandatory list of documents for each new shareholder candidate, differentiated by type (e.g., natural person, legal person, beneficial owner, direct/indirect qualified/unqualified shareholders, legal arrangements like trusts). Examples include identification documents (ID, CV, DH, CR), beneficial owner details (especially if PEP or CSSF-requested), and templates via Market Entry Form (MEF).
Additional Mandatory Submissions: For changes involving qualified holdings (entry, increase/decrease, removal), requires updated group structure charts, MEF (in...
What You Need To Do
- Review Guidance
- Prepare Complete Packages
- Submit Fully
- Internal Processes
Key Dates
2 March 2026 - Publication and effective date Guidance applies immediately; incomplete applications received on/after this date will not start processing until complete.
Compliance Impact
Urgency: High – Effective immediately on publication (2 March 2026), with strict non-processing of incomplete files risking significant delays in time-sensitive authorisations/amendments. Matters for maintaining operational timelines in competitive fund markets, where CSSF oversight of IFM ownership ties to broader governance expectations (e.g., board composition, qualifications).
Asset Manager
Version 1.0
This CSSF guidance (Version 1.0, published 2 March 2026) specifies the minimum documents and information required for assessing shareholding structures of authorised Investment Fund Managers (IFMs) during initial authorisation or modifications involving qualified and non-qualified shareholders. It standardises submissions to ensure completeness, with incomplete applications rejected until fully provided, enhancing regulatory efficiency and scrutiny of ownership changes. Compliance professionals must prioritise this to avoid delays in authorisation processes for Luxembourg-domiciled IFMs.
What Changed
Minimum Document Lists: Introduces detailed checklists in an XLSX format covering candidate shareholder documents (e.g., ID, CV, declarations of honour (DH), criminal records (CR) for natural persons; similar for legal persons, beneficial owners, and legal arrangements like trusts).
Differentiation by Shareholder Type: Requirements vary by natural/legal person, beneficial owner, direct/indirect qualified/unqualified shareholders, and involvement in financing (e.g., "Yes, if PEP or if requested by the CSSF" for beneficial owners; full docs for trustees in legal arrangements).
Other Mandatory...
What You Need To Do
- Prepare Complete Packages
- Submit Core Items
- Initial/Modification Filings
Key Dates
2 March 2026 - Publication and immediate applicability New guidance effective; incomplete applications received on/after this date not processed until complete.
Compliance Impact
Urgency: High – Immediate effect from 2 March 2026 means any ongoing or planned IFM authorisation/modification applications risk delays or rejection if non-compliant, potentially disrupting fund launches or ownership restructurings in Luxembourg's key investment management hub. Matters due to standardised scrutiny on fit-and-proper ownership, aligning with AIFMD governance and reducing administrative back-and-forth.
Asset Manager
Situation as of 31 December 2025
Asset ManagerBank
Update March 2026
Asset ManagerBankWealth Manager
No description available.
BankWealth ManagerAsset Manager
amending Directives 2006/43/EC, 2013/34/EU, (EU) 2022/2464 and (EU) 2024/1760 as regards certain corporate sustainability reporting requirements and certain corporate sustainability due diligence requirements
Asset ManagerBankWealth Manager
No description available.
BankWealth Manager
No description available.
BankWealth ManagerAll Firms
No description available.
BankWealth ManagerFintech
No description available.
Asset ManagerBank
No description available.
Asset ManagerWealth ManagerBank
implementing Regulation (EU) 2024/1485 concerning restrictive measures in view of the situation in Russia
BankWealth ManagerAsset Manager
Conditions relating to the organisation of the credit institution issuing covered bonds
Bank
Conditions specific to each covered bond issue programme
Bank
No description available.
BankWealth Manager
Press release 26/04
Asset ManagerBankWealth Manager
Exigences applicables au réviseur d’entreprises agréé spécial auprès des établissements de crédit émetteurs de lettres de gage
Circular CSSF 26/907, published on February 18, 2026, establishes requirements for **approved special statutory auditors (réviseurs d'entreprises agréés spéciaux) serving credit institutions that issue mortgage bonds (lettres de gage)**. This circular formalizes the governance and audit standards applicable to a specialized auditor role within Luxembourg's credit institution framework, ensuring enhanced oversight of entities engaged in mortgage bond issuance.
What Changed
The search results provided do not contain the full text of Circular CSSF 26/907, as it is available only in French and the PDF content was not included in the available materials. However, based on the title and regulatory context, this circular addresses:
Statutory auditor qualifications and requirements for the specialized role of approving auditors (réviseurs agréés spéciaux) overseeing credit institutions that issue mortgage bonds
Governance standards for auditors in this specialized capacity
Audit and oversight responsibilities specific to mortgage bond issuance activities
The...
What You Need To Do
- *Obtain and review the full French text of Circular CSSF 26/907 from the CSSF website
- *Assess current auditor qualifications against the new requirements for approved special statutory auditors
- *Update audit engagement letters and terms to reflect any new standards or responsibilities
- *Document compliance with the circular's requirements in governance and audit files
- *Communicate with appointed auditors to ensure alignment with the new framework
Key Dates
18 February 2026 - Circular CSSF 26/907 published
No specific implementation deadline provided in available search results; firms should consult the full French text for any transition periods or effective dates
Compliance Impact
Urgency: HIGH
Bank
No description available.
BankWealth ManagerFintech
No description available.
BankAsset ManagerWealth Manager
No description available.
BankAsset ManagerWealth Manager
1) high-risk jurisdictions on which enhanced due diligence and, where appropriate, counter-measures are imposed2) jurisdictions under increased monitoring of the FATFVersion of 17 February 2026
The Annex of Circular CSSF 22/822 (Version of 17 February 2026) is Luxembourg's Commission de Surveillance du Secteur Financier's implementation guidance on FATF (Financial Action Task Force) designations of high-risk jurisdictions requiring enhanced due diligence and counter-measures, as well as jurisdictions under increased monitoring. This document is critical for Luxembourg-regulated financial institutions because it operationalizes international AML/CFT standards into binding compliance obligations, directly impacting customer acceptance, transaction monitoring, and correspondent banking relationships.
What Changed
The current version (17 February 2026) represents the most recent update to the CSSF's FATF-aligned jurisdiction risk framework. Based on the available search results, the document establishes two primary regulatory categories:
*High-Risk Jurisdictions (Category 1): Jurisdictions designated by FATF as having strategic deficiencies in their AML/CFT regimes, requiring enhanced due diligence and, where appropriate, counter-measures.
What You Need To Do
- *For High-Risk Jurisdictions
- Apply enhanced due diligence and monitoring measures to business relationships and transactions with designated jurisdictions
- Increase the frequency and timing of transaction controls
- Select transaction patterns requiring further examination and obtain detailed information on transaction purposes
- Maintain enhanced mechanisms for reporting suspicious activity to the FIU
Key Dates
17 February 2026 - Current version effective (Annex of Circular CSSF 22/822)
27 October 2025 - Previous version superseded
27 October 2022 - Original Circular CSSF 22/822 issued
23 February 2026 - CSSF annual AML/CFT questionnaire launch (related compliance reporting deadline) DEADLINE
Compliance Impact
Urgency: CRITICAL
BankAsset ManagerPayment Provider No description available.
The CSSF has updated its FAQ on portfolio transparency requirements for UCITS ETFs, relaxing disclosure frequency from monthly to quarterly publication of detailed holdings while maintaining daily information sharing with market makers and authorized participants. This change aligns Luxembourg's regulatory framework more closely with Ireland's semi-transparent ETF approach and is designed to attract active asset managers to the Luxembourg domicile by reducing proprietary information exposure.
What Changed
The update modifies two critical FAQ sections:
*Portfolio Transparency Requirements (Question 12.1)
The CSSF has expanded and clarified its guidance to apply to all UCITS ETFs, not just actively managed ones. The key modification establishes a two-tier disclosure framework:
Daily disclosure to market participants: Market makers and authorized participants (APs) continue to receive detailed portfolio information on a daily basis to maintain efficient arbitrage mechanisms and active secondary markets.
Quarterly public disclosure: Investment Fund Managers (IFMs) must now publish detailed...
What You Need To Do
- *For IFMs Managing UCITS ETFs
- *Update disclosure procedures to transition from monthly to quarterly publication schedules for detailed portfolio holdings
- *Maintain daily information sharing with APs and market makers to support arbitrage mechanisms—this requirement remains unchanged
- *Revise prospectuses to reflect the new quarterly disclosure frequency and confirm compliance with the 30 business-day publication window
- *Document procedures for calculating the 30 business-day deadline from quarter-end
Key Dates
17 February 2026 - CSSF publishes updated FAQ (effective immediately)
No explicit transition period stated - Firms should implement changes promptly to ensure compliance with the new quarterly disclosure requirement DEADLINE
Compliance Impact
Urgency: HIGH
Asset Manager
No description available.
BankPayment Provider
Version 23
This CSSF FAQ (Version 23, updated 17 February 2026) provides interpretive guidance on the Luxembourg Law of 17 December 2010 relating to undertakings for collective investment (UCIs), covering UCITS, Part II UCIs, SIFs, and SICARs. It matters for compliance professionals as it clarifies authorisation processes, investment rules, and supervisory expectations, ensuring alignment with evolving EU frameworks like AIFMD and MiCAR. The update, effective today, addresses recent regulatory shifts including crypto-asset integration.
What Changed
Authorisation Requirements: UCIs require CSSF approval of constitutive documents (articles, management regulations), depositary selection, and management company/AIFM applications for contractual forms. Corporate UCIs need similar approvals for appointed managers.
Crypto-Asset Updates (aligned with separate but related FAQ Version 7): Replaces "virtual assets" with "crypto-assets" per MiCAR (EU 2023/1114); UCITS and retail AIFs (non-well-informed investors) capped at 10% NAV indirect exposure; AIFs for well-informed/professional investors have no cap but require governance, risk management,...
What You Need To Do
- Review and Update Documents
- Crypto-Specific
- Authorisation/Amendments
- Governance and Reporting
- Ongoing Compliance
Key Dates
17 February 2026 - FAQ Version 23 update effective Applies immediately to UCI operations, authorisations, and compliance.[User-provided content] DEADLINE
04 February 2026 - Crypto FAQ Version 7 update effective MiCAR-aligned changes on crypto exposure, authorisation extensions, and depositary notifications.
16 January 2026 - UCI Authorisation page update Reflects ongoing CSSF expectations for approvals.
20 May 2025 - Related AIFM FAQ Version 24 Introduces changes relevant to UCI managers acting as AIFMs.
Compliance Impact
Urgency: High – The update coincides with MiCAR implementation and today's release, requiring immediate review for crypto-exposed funds to avoid unauthorised strategies or AML gaps; non-compliance risks supervisory actions, authorisation delays, or investor disputes in Luxembourg's key fund domicile.
Asset ManagerHedge FundAll Firms
For which the CSSF is the relevant competent authority under Regulation (EU) No 236/2012 of the European Parliament and of the Council of 14 March 2012 on short selling and certain aspects of credit default swaps
BankBroker DealerAsset Manager
Version 1
Asset ManagerBank
Version 1
Asset ManagerBank
Version 3.1
Asset ManagerBank
Version 3.1
Asset ManagerWealth Manager
No description available.
BankWealth ManagerFintech
No description available.
Asset ManagerWealth Manager
Situation as at 31 December 2025
Asset ManagerBankWealth Manager
Situation as at 31 December 2025
Asset ManagerBankWealth Manager
Situation as at 31 December 2025
Asset ManagerWealth Manager
Situation as at 31 December 2025
Asset ManagerWealth Manager
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
Situation as at 31 December 2025
Asset ManagerWealth Manager
No description available.
Asset ManagerWealth Manager
Situation as at 31 December 2025
Asset ManagerWealth Manager
No description available.
BankFintechCrypto Exchange
AML/CFT standardised data collection taking place in 2026
The CSSF Circular Letter 2026-02-12 announces a standardized data collection exercise on AML/CFT for supervised entities, scheduled for 2026, aimed at enhancing regulatory oversight of money laundering and terrorist financing risks. This matters because it signals intensified CSSF scrutiny on AML/CFT compliance, requiring firms to prepare structured data submissions that could inform future supervisory actions, risk assessments, and enforcement. As part of broader CSSF AML/CFT initiatives, non-compliance risks fines or heightened inspections.
What Changed
Introduction of standardized AML/CFT data collection: CSSF mandates uniform reporting formats for collecting data on AML/CFT risks, controls, and practices across supervised sectors, building on existing risk-based supervision frameworks.
Alignment with ongoing AML/CFT enhancements: Complements recent governance-focused circulars (e.g., Circular 26/906 on central administration and risk management for payment/e-money institutions) by emphasizing data-driven validation of AML/CFT effectiveness, including risk assessments, transaction monitoring, and third-party oversight.
No explicit new...
What You Need To Do
- Assess and document AML/CFT data readiness
- Update governance and controls
- Conduct internal reviews
- Prepare for submission
- Engage auditors
Key Dates
2026 (exact date TBD) - AML/CFT standardised data collection exercise Firms must submit required data during this period; preparation recommended immediately given today's date (12 February 2026). DEADLINE
20 January 2026 - Issuance of related Circular 26/906 Establishes governance baselines (e.g., compliance independence, risk proportionality) informing data collection expectations. DEADLINE
26 January 2026 - CSSF AML/CFT Conference for Specialised PFS Provided updates on sub-sector risks, terrorist financing reviews, and FIU insights relevant to data preparation.
28 January 2026 - Conference materials published Available for download to guide compliance alignment. DEADLINE
Compliance Impact
Urgency: High – With data collection in 2026 underway today (12 February 2026), firms face immediate preparation needs amid recent enforcement (e.g., EUR 102,000 fine on depositary for AML-related gaps) and conferences signaling sub-sector focus. This elevates AML/CFT as a supervisory priority, potentially triggering on-site inspections, fines, or remediation orders for inadequate data/risks; proactive alignment prevents escalation in a risk-based regime.
BankPayment ProviderAll Firms
Version 3
This CSSF FAQ (Version 2, July 2013, with updates through 24 June 2013 and 11 July 2013) provides guidance on master-feeder structures for UCITS funds under the Luxembourg Law of 12 July 2010 (the "2010 Law"), addressing financial reporting, performance disclosure, and operational requirements. It matters for Luxembourg-domiciled UCITS managers and depositaries as it clarifies compliance with UCITS Directive rules on aggregation of charges, audit irregularities, and past performance in cross-border master-feeder setups, reducing ambiguity in documentation and investor communications.
What Changed
Financial reporting for aggregate charges (Art 82(2) 2010 Law): When master and feeder UCITS have different year-ends, feeder must present master charges for the same period if possible; otherwise, use master's last audited period with strict conditions (e.g., clear audit report disclosure, no undue costs), and agreements must mandate information provision.
Disclosure of irregularities (CSSF Regulation 10-05 Art 27(e)): Present in notes to financial statements or "other information" section of annual report.
Past performance rules (Art 159(3)c) 2010 Law and Commission Regulation (EU)...
What You Need To Do
- Review and amend master-feeder agreements (per Art 79(1) 2010 Law) to require masters provide charge/fee data to feeders
- Ensure financial statements/annual reports disclose irregularities in specified sections and aggregate charges with audit report caveats if periods misalign
- Update KIIDs and marketing materials for past performance compliance, disclosing conversions/material changes per Regulation 583/2010 Articles 17, 19, 35
- Implement processes for ad hoc financial statements when accounting years differ, allocating audit/preparation fees appropriately
- Monitor CSSF website regularly for FAQ updates
Compliance Impact
Urgency: low—This 2013 guidance (Version 2) is outdated relative to 2026, with no new enforcement actions noted, but remains relevant for legacy UCITS master-feeder structures under the 2010 Law. It matters for audit/financial close processes and investor disclosures to avoid CSSF scrutiny, particularly in cross-border setups where ESMA UCITS rules apply; non-compliance risks reporting errors or investor complaints.
Asset Manager
This publication is a CSSF FAQ in relation to the use by Luxembourg-domiciled UCITS of the following Securities Financing Transactions: securities lending transactions, reverse repurchase agreement transactions and repurchase agreement transactions. The objective of the FAQ is to bring further clarity concerning the use by UCITS of these SFTs, thereby taking into account the applicable regulatory framework as well as the supervisory experienced gained by the CSSF over the last years.Version 2
This CSSF FAQ (Version 2) provides guidance on the use of securities financing transactions (SFTs)—specifically securities lending, reverse repurchase agreements, and repurchase agreements—by Luxembourg-domiciled UCITS, clarifying regulatory requirements based on the applicable framework and CSSF's supervisory experience. It matters because it updates prior guidance to reflect evolved practices, helping UCITS managers ensure compliant SFT usage amid heightened scrutiny on liquidity, risk management, and investor protection in Luxembourg's fund sector.
What Changed
The document is an updated FAQ (Version 2), originally published on 18 December 2020 and revised on 12 February 2026, but the provided content does not detail specific changes from Version 1 beyond incorporating recent supervisory experience and regulatory framework updates. It emphasizes clarity on SFT eligibility, operational controls, and risk mitigation for UCITS, without introducing new prohibitions or mandates visible in the summary; full details require accessing the PDF (201.4Kb).
What You Need To Do
- Review and update policies
- Enhance disclosures
- Conduct gap analysis
- Train staff and delegates
- Monitor ongoing use
Key Dates
18 December 2020 - Original publication date of Version 1 .
12 February 2026 - Update date for Version 2 (effective immediately as non-binding guidance).
Compliance Impact
Urgency: High – The 12 February 2026 update coincides with today's date, signaling immediate relevance for Luxembourg UCITS engaging in SFTs, which are common for yield enhancement but carry liquidity and counterparty risks. Non-compliance risks supervisory actions, given CSSF's focus on practical experience; firms should prioritize review to avoid findings in upcoming audits or inspections, especially amid parallel 2026 updates on UCI investments.
Asset Manager
Submission of the register of information at individual or consolidated level to the CSSF (excluding entities under the direct supervision of the ECB)
BankAsset ManagerWealth Manager
Guidance allowing financial entities to identify the National Competent Authority to which their register of information has to be submitted.
This CSSF guidance document, published on 11 February 2026, provides detailed explanations and resolution steps for error messages encountered during the submission of the DORA Register of Information (RoI) via the eDesk portal, specifically for the 2026 submission cycle. It matters because it enables Luxembourg financial entities to ensure compliant submissions amid enhanced validation checks on more data fields, avoiding re-submission delays and supporting timely transmission to the ESAs by CSSF deadlines. Non-compliance risks supervisory scrutiny under DORA's ICT risk management framework.
What Changed
Enhanced validation checks for the 2026 RoI submission: Applies ESA-defined checks (last updated April 2025) to more data fields to improve data quality, compared to prior cycles.
Specific error resolutions detailed, including requirements for LEI code communication to CSSF beforehand, correct reference date ('2025-12-31') in file naming, plain-CSV files in predefined .zip structure, and proper FilingIndicators.csv/parameters.csv content.
Mandatory inclusion of all tables (even empty) in FilingIndicators.csv set to 'true', with matching identification codes across parent-child records.
Builds...
What You Need To Do
- Assign "DORA Reporting" role in eDesk to dedicated employee(s) per user guide
- Communicate LEI code to CSSF line supervisor prior to first submission to enable upload
- Prepare RoI in plain-CSV files within
- Test submissions against listed error codes (e
- Consult ESAs' EBA resources (data point model, validation rules, FAQs) and CSSF guides (e
Key Dates
31 December 2025 - Reference date for 2026 RoI submission (all contractual arrangements up to this date).
11 February 2026 - Publication date of this error guidance (last updated 10/02/2026).
1 April 2025 to 15 April 2025 - Initial 2025 submission window via eDesk (for context; 2026 window likely similar, pending confirmation).
30 April 2025 - CSSF re-submission deadline post-validation for 2025; analogous for 2026 if errors detected. DEADLINE
May 2025 - ESAs' second-round validation for 2025; expect similar for 2026 with potential re-submissions.
Compliance Impact
Urgency: High - Published today (11 February 2026), this equips firms for imminent 2026 RoI submissions (reference date 31 December 2025), with stricter validations on expanded fields risking rejections/re-submissions. Matters for operational resilience compliance under DORA Article 28, as accurate RoI supports supervisory oversight of ICT third-party risks; delays could trigger CSSF/ESA follow-up or fines. Firms with prior 2025 issues (e.g., portal extensions to May 2025) must prioritize to avoid recurrence.
BankFintechPayment Provider
Situation as at 31 January 2026
BankAsset ManagerBroker Dealer
Situation from January 2025 to January 2026
BankAsset ManagerBroker Dealer
Situation from January 2025 to January 2026
BankAsset ManagerBroker Dealer
Situation from January 2025 to January 2026
Asset ManagerBankBroker Dealer
No description available.
This CSSF communiqué announces the availability of updated UCI Reports (SAQ, SR, and ML) under Circular CSSF 21/790 on the eDesk platform's CISERO module for specific 2026 year-ends, with key enhancements focused on valuation, NAV determination, and risk-based streamlining. It matters for Luxembourg UCIs as it reflects evolving supervisory priorities, aligns with EU directives like Directive (EU) 2024/927, and imposes refined self-assessment obligations to bolster resilience in stressed conditions and liquidity management.
What Changed
SAQ Updates (Valuation Section): New questions on valuation policies for stressed market conditions/exceptional circumstances; coverage for new sub-funds/strategies; independent validation of material valuation models; and risk-based backtesting for model-valued investments comprising significant NAV portions.
SAQ Simplifications and Clarifications: Removed questions on sub-funds with significant non-standard OTC derivatives, unquoted assets, or external valuer OTC FDIs (including NAV proportions); refined wording on conflicts of interest; added sub-questions (e.g., stale valuations); updated...
What You Need To Do
- Access updated Reports on eDesk CISERO module immediately and review changes vs
- Update valuation policies/procedures to explicitly cover stressed conditions, new sub-funds/strategies, model validations, and backtesting; document compliance
- Revise NAV processes for LMT alignment with Directive (EU) 2024/927 Annexes and ESMA performance fee guidelines; confirm for open-ended UCIs
- Dirigeants/management
- Train staff on updates; conduct gap analysis on policies (e
Key Dates
9 February 2026 Reports (SAQ, SR, ML) made available on eDesk CISERO for year-ends 31 January, 28 February, 31 March, 30 April 2026.
Financial year-end +5 months (UCITS/Part II UCIs) SAQ/SR submission deadline. DEADLINE
Financial year-end +6 months (SIFs/SICARs) SAQ/SR submission deadline. DEADLINE
Three months before year-end (post-30 April 2026) Future Reports availability.
16 April 2026 Entry into application of AIFM/UCITS Review Directive LMT requirements.
Compliance Impact
Urgency: High – Immediate access required for imminent submissions (e.g., 31 January 2026 year-end due ~June 2026); new valuation questions demand policy reviews to avoid supervisory findings, especially amid stressed markets; SR simplifications reduce burden but shift focus to SAQ self-assessment, heightening dirigeants' accountability. Non-compliance risks CSSF follow-up on modified audits or weaknesses, per Circular 21/790.
Asset Manager
CVE-2026-1281 & CVE-2026-1340
BankWealth ManagerFintech
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
Situation as at 31 December 2025
BankWealth ManagerAsset Manager
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
Situation as at 31 December 2025
BankAsset ManagerWealth Manager
No description available.
Payment Provider
No description available.
BankWealth ManagerFintech
Administrative sanction imposed on Corestate Capital Holding S.A.
The CSSF published an administrative sanction on 6 February 2026 against Corestate Capital Holding S.A., likely for breaches in regulatory compliance such as depositary duties, oversight, or governance under Luxembourg financial laws, marking a repeat enforcement action following a prior sanction in June 2025. This matters for compliance professionals as it underscores CSSF's aggressive enforcement on alternative investment fund managers (AIFMs) and depositaries, signaling heightened scrutiny on safekeeping, oversight, and internal controls to prevent systemic risks in Luxembourg's fund sector. It highlights the regulator's willingness to impose public nominative sanctions, amplifying reputational damage alongside fines.
What Changed
No new regulatory changes or requirements are introduced; this is an enforcement action enforcing existing obligations under laws like the AIFM Law of 12 July 2013 (e.g., Articles 19(8), 19(9), 19(11) on safekeeping and oversight duties), the Law of 5 April 1993 on the financial sector, and Commission Delegated Regulation (EU) No 231/2013 (CDR 231/2013, e.g., Articles 92, 94, 96 on risk assessment, valuation verification, and cash flow monitoring).
What You Need To Do
- Conduct immediate gap analysis
- Enhance oversight duties
- Strengthen governance
- Firm-wide audit
- Training and reporting
Key Dates
20 June 2025 - Prior administrative sanction imposed on Corestate Capital Holding S.A., indicating ongoing non-compliance issues. DEADLINE
6 February 2026 - Publication date of the current administrative sanction on Corestate Capital Holding S.A., effective immediately as a public enforcement notice.
February 2023 –January 2024 for similar cases).
Compliance Impact
Urgency: High – This represents CSSF's pattern of public nominative fines (e.g., EUR 102,000 on JTC for depositary breaches, EUR 10,000 on Capitalis for AML non-cooperation), with escalation risks for repeat violations like Corestate's back-to-back sanctions. It matters due to Luxembourg's dominance in European fund assets (over EUR 5 trillion), where governance lapses can trigger outflows, license revocation, or cross-border ESMA scrutiny; firms must act preemptively to mitigate fines (typically EUR 10,000–102,000) and reputational harm from nominative publication.
Asset ManagerAll Firms
Administrative sanction imposed on Corestate Capital Holding S.A.
The CSSF published an administrative sanction on 6 February 2026 against Corestate Capital Holding S.A., likely imposing a fine for regulatory breaches, marking a repeat enforcement action following a prior sanction on the same entity dated 20 June 2025. This matters as it underscores CSSF's intensified supervisory scrutiny on Luxembourg-based investment managers, particularly regarding governance, asset safekeeping, and oversight duties under AIFM Law, signaling heightened enforcement risks for similar firms. Compliance teams should review it for patterns in depositary and transparency violations evident in recent CSSF cases.
What Changed
No new regulatory changes or requirements are introduced; this is an enforcement action highlighting non-compliance with existing obligations under Luxembourg's AIFM Law (notably Articles 19(8), 19(9), 19(11), and 51) and related delegated regulations like CDR 231/2013. Key breaches from analogous recent CSSF sanctions include inadequate safekeeping of assets (e.g., missing ownership verification and records), failure to oversee AIFM valuation policies and cash remittance timelines, improper delegation to custodians without due diligence, and weak internal governance such as conflicts of...
What You Need To Do
- Enhance oversight processes
- Strengthen governance
- For issuers like Corestate
Key Dates
20 June 2025 - Prior administrative sanction imposed on Corestate Capital Holding S.A..
6 February 2026 - Publication date of the current administrative sanction on Corestate Capital Holding S.A..
Compliance Impact
Urgency: High – This represents repeat enforcement on Corestate (second sanction in under a year), aligning with CSSF's pattern of nominative publications for severe, ongoing breaches in depositary and governance areas, as seen in JTC (EUR 102,000 fine for similar safekeeping/oversight failures) and BigRep SE (EUR 10,000 for reporting lapses). It elevates risks of fines, reputational damage, and market jeopardy assessments under AIFM Law Article 51, urging preemptive remediation amid CSSF's active 2023-2026 inspection cycle.
Asset ManagerAll Firms
No description available.
Asset ManagerWealth Manager
No description available.
Asset ManagerHedge Fund
No description available.
Asset ManagerWealth Manager
Version 2.1
Asset ManagerWealth Manager
Press release 26/03
BankWealth Manager
No description available.
BankWealth ManagerFintech No description available.
Crypto ExchangeAll Firms
No description available.
The Commission de Surveillance du Secteur Financier (CSSF) has updated its FAQ on crypto-asset investments by undertakings for collective investment, effective February 4, 2026, to align with the EU's Markets in Crypto-Assets Regulation (MiCAR). This update establishes clear investment limits and licensing requirements for UCITS and AIFs investing in crypto-assets, fundamentally reshaping how Luxembourg-regulated funds can structure crypto exposure.
What Changed
The regulatory framework introduces several material modifications:
*Investment Exposure Limits
UCITS may invest indirectly in crypto-assets for a maximum of 10% of their net asset value (NAV)**. These indirect investments are restricted to transferable securities that do not embed derivatives. AIFs open to retail investors other than well-informed investors face the same 10% NAV ceiling.
*MiCAR Alignment**
The FAQ modifications directly reflect the entry into force of Regulation (EU) 2023/1114 on markets in crypto-assets.
What You Need To Do
- *For UCITS Managers
- by-case assessment of crypto-asset investment impact on fund risk profiles
- specific risks (volatility, liquidity, technological risk)
- asset investments
- *For AIFMs Managing AIFs with Crypto Exposure
Key Dates
4 February 2026 - FAQ Version 7 effective date; MiCAR compliance requirements become operative DEADLINE
1 July 2026 - Deadline for Virtual Asset Service Providers (VASPs) to transition from registration to authorization under MiCAR or cease operations DEADLINE
Compliance Impact
Urgency: HIGH
Asset ManagerHedge FundFintech
No description available.
Wealth Manager
Administrative sanction imposed on Genève Invest (Europe) S.A.
The CSSF imposed an administrative sanction on 23 July 2025 against Genève Invest (Europe) S.A., a Luxembourg-regulated entity, for breaches of professional obligations, as detailed in a publication released on 4 February 2026. This enforcement action underscores the CSSF's focus on robust internal controls and compliance with investment rules, serving as a warning to investment firms on the consequences of organizational and conduct failures. Compliance professionals should note it as evidence of heightened CSSF scrutiny on fund managers handling client assets and counterparties.
What Changed
This is not a regulatory change or new requirement but an enforcement action highlighting existing obligations under Luxembourg law. Key breaches likely mirror patterns in recent CSSF sanctions, such as non-compliance with UCI Law provisions on investment policies (e.g., Articles 41, 43), sound accounting procedures (Article 109), and rules of conduct (Articles 111, CSSF Regulation 10-04), including improper cash deposits with unauthorized brokers and inaccurate asset valuation.
What You Need To Do
- Immediate review of counterparty due diligence
- Enhance valuation and accounting controls
- Conduct internal audits
- Update governance and reporting
Key Dates
23 July 2025 - Date of administrative sanction imposition on Genève Invest (Europe) S.A.
4 February 2026 - Publication date of the sanction document by CSSF.
Compliance Impact
Urgency: High – This sanction, published today (4 February 2026), signals ongoing CSSF off-site and on-site probes into fund operations, similar to fines imposed in July 2025 on Zeus Asset Management (€18,136 for UCI breaches) and a bank (reprimand for AML gaps). It matters due to escalating enforcement—fines calibrated to turnover (e.g., 10% in Zeus case)—and risks of reputational damage, especially for wealth managers with broker exposures. Non-compliance could trigger investigations, as CSSF considers infringement duration, cooperation, and history.
Asset ManagerWealth ManagerAll Firms
No description available.
BankWealth ManagerAsset Manager
Version 7 – 04/02/2026
The CSSF has released Version 7 of its FAQ on Crypto-Assets for Undertakings for Collective Investment, updated on February 4, 2026, to reflect the entry into force of the Markets in Crypto-Assets Regulation (MiCAR). This guidance establishes binding investment limits, authorization requirements, and risk management standards for UCITS and AIFs investing in crypto-assets, fundamentally reshaping how Luxembourg-regulated collective investment schemes can engage with digital assets.
What Changed
The most significant regulatory modifications in Version 7 include:
*Investment Limits for UCITS
UCITS may invest indirectly in crypto-assets for a maximum of 10% of their net asset value (NAV)**. These indirect investments are limited to transferable securities that do not embed derivatives in accordance with Article 10 of the Grand-ducal Regulation of 8.
*Investment Limits for AIFs**
AIFs open to retail investors other than well-informed investors may invest in crypto-assets for a maximum of 10% of their NAV.
What You Need To Do
- *Immediate Compliance Steps
- *Portfolio Audit
- *Investment Policy Updates
- *Risk Management Assessment
- *Investor Notification
Key Dates
February 4, 2026 - FAQ Version 7 effective date (entry into force of MiCAR alignment)
July 1, 2026 - Deadline for Virtual Asset Service Providers (VASPs) to transition to CASP authorization or cease operations DEADLINE
No specific implementation grace period - The FAQ does not specify a transition period for existing funds exceeding the 10% limit; firms should clarify this with the CSSF immediately
Compliance Impact
Urgency Rating: HIGH
Asset ManagerHedge FundFintech
on alternative investment fund managers
Asset ManagerWealth Manager
implementing Regulation (EU) 2024/2642 concerning restrictive measures in view of Russia’s destabilising activities
BankAsset ManagerWealth Manager
The CSSF informs the market regarding the outcomes of the SFTR Data Quality indicators review performed in 2025
BankBroker DealerPayment Provider
No description available.
Asset ManagerWealth Manager
implementing Regulation (EU) 2024/2642 concerning restrictive measures in view of Russia’s destabilising activities
BankWealth ManagerAsset Manager
Administrative sanction imposed on a registered alternative investment fund manager (“AIFM”)
The CSSF imposed an administrative fine of EUR 10,000 on registered alternative investment fund manager (AIFM) C5 S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties and serves as a warning to supervised entities on the consequences of non-compliance with supervisory requests. It matters because it demonstrates the CSSF's willingness to publish names and impose fines for procedural lapses, potentially signaling increased scrutiny on AIFMs' AML/CFT obligations amid broader regulatory focus on financial crime risks.
What Changed
This is not a regulatory change or new requirement but an enforcement precedent highlighting existing obligations under the AML/CFT Law:
Mandatory annual submission of the CSSF financial crime questionnaire by supervised entities, including registered AIFMs, as part of the cooperation duty in Article 5(1).
Fines determined per Article 8-4(1), (2)(f), and (3)(a), considering circumstances under Article 8-5(1), with publication assessed for proportionality under Article 8-6(1).
No new rules introduced; reinforces that failure to respond to reminders constitutes a breach.
What You Need To Do
- Immediate verification
- Procedural enhancements
- Training and testing
- Engagement protocol
- Policy updates
Key Dates
4 April 2025 - Deadline for submission of the annual financial crime questionnaire covering the year ending 31 December 2024. DEADLINE
11 September 2025 - Date CSSF imposed the EUR 10,000 administrative fine on the AIFM for non-submission.
9 January 2026 - Publication date of the sanction decision.
30 January 2026 - Publication of the queried sanction notice (noting minor title discrepancy possibly referencing a separate but analogous case).[user provided]
Compliance Impact
Urgency: High – This sanction, though modest at EUR 10,000, exemplifies CSSF's proactive use of fines and public naming for AML reporting failures, with potential for higher penalties up to EUR 500,000 or 0.5% of turnover. It heightens risks for registered AIFMs amid CSSF's 2025-2026 priorities on financial crime, sanctions, and expanded reporting (e.g., Circular 25/894), where procedural lapses can trigger investigations, reputational damage, and barriers to remediation. Firms must prioritize to avoid escalation, especially post-publication on 30 January 2026.
Asset ManagerHedge Fund
No description available.
Asset ManagerWealth Manager
No description available.
Asset ManagerWealth ManagerBank
No description available.
Asset ManagerWealth Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
Asset ManagerWealth Manager
No description available.
Asset ManagerWealth Manager
No description available.
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankBroker Dealer
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
Press release 26/02
BankBroker Dealer
No description available.
BankAsset ManagerWealth Manager
No description available.
BankWealth ManagerPayment Provider
No description available.
BankAsset ManagerWealth Manager
No description available.
BankBroker DealerAsset Manager
No description available.
CSSF Circular 26/906, published on 20 January 2026, establishes detailed requirements for central administration, internal governance, and risk management for payment institutions (PIs) and electronic money institutions (EMIs) in Luxembourg, repealing prior circulars IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155. It clarifies application of the amended Law of 10 November 2009 on payment services, emphasizing robust governance amid sector growth to ensure safety, efficiency, and trust. This matters for compliance as it mandates comprehensive reviews and updates to governance frameworks by mid-2026, addressing rising transaction volumes.
What Changed
The circular consolidates and updates governance rules, focusing on:
Management bodies: Responsibilities, composition, qualifications, organization, and functioning, including CSSF authorization of members based on professional experience, standing (e.g., police records), and irreproachable conduct.
Internal control functions: Responsibilities, characteristics, organization, and execution of work for compliance officers and internal auditors, with notifications to CSSF including detailed personal and professional information.
Conflicts of interest: Key requirements for a management policy...
What You Need To Do
- Gap analysis
- Updates and notifications
- Implementation
- Documentation
Key Dates
20 January 2026 - Publication date of Circular CSSF 26/906.
30 June 2026 - Compliance deadline: Institutions must assess/review central administration, internal governance, and risk management frameworks to ensure full compliance. DEADLINE
Compliance Impact
Urgency: High - With ~5 months from publication (20 Jan 2026) to compliance (30 Jun 2026), firms face tight timelines for assessments, policy overhauls, and CSSF notifications, especially given repealed circulars and sector growth pressures. Non-compliance risks supervisory actions, as this fosters "sound and prudent management" in a high-volume industry; proactive reviews are essential to avoid disruptions.
Payment ProviderFintech
Central administration, internal governance and risk management
Circular CSSF 26/906, published on 20 January 2026, consolidates and clarifies Luxembourg's rules on central administration, internal governance, and risk management specifically for payment institutions, electronic money institutions, and account information service providers. It repeals prior circulars (IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155) to address growth in transaction volumes by mandating robust governance, control functions, and risk processes, enhancing safety, efficiency, and trust in these services. This matters for compliance professionals as it strengthens defenses against financial crime, operational risks, and supervisory scrutiny in a high-growth sector.
What Changed
Consolidation and repeal: Replaces outdated circulars with unified requirements under the amended Law of 10 November 2009 on payment services, covering central administration (decision-making must be in Luxembourg), management body responsibilities, internal control functions (compliance, risk management, internal audit as independent second/third lines), conflicts of interest management, new product approval processes, and client funds safeguarding (e.g., segregation, daily/weekly reconciliations based on risk).
Governance enhancements: Board approves strategy, risk appetite, AML/CFT...
What You Need To Do
- Assess and update governance frameworks
- Confirm control functions
- Implement operational safeguards
- Document proportionality
- Retain records and report
Key Dates
20 January 2026 - Publication date of Circular CSSF 26/906 .
30 June 2026 - Compliance deadline Institutions must assess, review, and ensure their central administration, internal governance, and risk management frameworks fully comply with the circular. DEADLINE
Compliance Impact
Urgency: High – With a 30 June 2026 deadline (five months from publication), firms face immediate pressure to review and remediate governance gaps amid sector growth and heightened AML/CFT scrutiny; non-compliance risks supervisory actions, fines, or license issues, especially as it closes criminal exploitation vectors like weak controls and third-party risks.
Payment Provider
Application of the Guidelines of the European Banking Authority on the management of environmental, social and governance (ESG) risks (EBA/GL/2025/01)
Circular CSSF 26/905 mandates the application of EBA Guidelines (EBA/GL/2025/01) on managing **ESG risks** for Luxembourg-supervised institutions, requiring integration of environmental, social, and governance risk identification, measurement, management, and monitoring into internal processes. This aligns with CRD amendments (Articles 74, 76, 87a) and emphasizes proportionality to institutions' business models, with plans including timelines, targets, and milestones toward EU climate goals like net-zero by 2050. It matters for compliance as it embeds ESG into prudential supervision, potentially impacting capital, risk frameworks, and supervisory reviews.
What Changed
Institutions must establish proportionate strategies, policies, processes, and systems for ESG risk management, covering short-, medium-, and long-term horizons, including transition and physical environmental risks.
Develop plans per Article 76(2) CRD with specific timelines, intermediate quantifiable targets, and milestones to address ESG financial risks, consistent with EU objectives (e.g., 55% GHG reduction by 2030, climate neutrality by 2050).
Incorporate ESG into internal governance, risk appetite, and supervisory review processes (SREP), with scenario analysis requirements (to be...
What You Need To Do
- Map and integrate ESG risks into governance, risk management frameworks, and business strategies, proportionate to scale/risk exposure
- Develop and document ESG risk management plans with quantifiable targets, milestones, timelines, and scenario analyses (broad requirements now; detailed later)
- Conduct assessments of ESG risks in portfolios, including sustainability products, transition finance, and loan origination policies, for SREP submission
- Embed in internal processes per Articles 74, 76, 87a CRD: identify/measure ESG risks (minimum standards), monitor over time horizons, and report to CSSF
- Review and update existing policies/systems for compliance by applicable dates; prepare for CSSF supervisory evaluation of plan robustness
Key Dates
20 January 2026 - Circular published by CSSF.
1 April 2026 - Application date for Less Significant Institutions (other than SNCIs).
11 January 2027 - Application date for SNCIs (dependent on CRD transposition).
Compliance Impact
Urgency: High - With application starting 1 April 2026 (just over 2 months from publication), firms face immediate pressure to gap-analyze current ESG frameworks against EBA standards, especially for SREP integration and long-term risk planning. Non-compliance risks supervisory scrutiny, capital add-ons, or enforcement, as ESG is now a core prudential pillar amid EU sustainability push; smaller institutions get a head-start but must act swiftly given proportionality demands.
BankAll Firms
2026 update
BankWealth ManagerFamily Office
No description available.
BankAsset ManagerWealth Manager
No description available.
BankAsset ManagerWealth Manager
Communiqué
The CSSF's January 2026 enforcement report documents the results of its 2025 examination campaign on 2024 financial and non-financial disclosures by issuers under Luxembourg's Transparency Law. This publication is critical for compliance professionals because it reveals systematic compliance gaps across financial reporting (IFRS), sustainability reporting (ESRS), and Alternative Performance Measures (APMs), with 27% of enforcement decisions resulting in injunctions for non-compliance.
What Changed
The regulatory landscape has evolved significantly with the introduction of new sustainability reporting requirements:
ESRS Implementation (First Year): 2024 marked the first full reporting year under the European Sustainability Reporting Standards (ESRS), with the CSSF conducting a fact-finding exercise to assess reporting quality.
What You Need To Do
- *Financial Information (IFRS)
- *Enhanced Note Disclosures
- *Cash Flow Statement Presentation
- *Segment Reporting Completeness
- *Going Concern Assessment
Key Dates
4 July 2025 - European Commission adopted Delegated Act amending Taxonomy Disclosures (Omnibus package)
18 August 2025 - CSSF published full results of fact-finding exercise on ESRS reporting
5 December 2024 - CSSF published enforcement priorities press release for FY2024 reporting
January 2026 - CSSF published enforcement results report (current publication)
Compliance Impact
Urgency: HIGH
All Firms
relating to the fees to be levied by the Commission de Surveillance du Secteur Financier
BankAsset ManagerWealth Manager
amending Council Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine
BankWealth ManagerAsset Manager
No description available.
BankWealth ManagerAsset Manager
Electronic transmission of documents to the CSSF
Circular CSSF 19/708 mandates the electronic transmission of specified documents to the CSSF via secure platforms like e-file or SOFiE, effective from February 1, 2019, replacing prior paper or other methods. This updated annex (as amended by Circular CSSF 21/790 and further revisions up to April 1, 2025) standardizes submissions for investment funds and related entities, reducing administrative burdens while ensuring document integrity and CSSF accessibility. Compliance professionals must monitor the dynamic annex list on the CSSF website to avoid nullified submissions.
What Changed
Mandatory Electronic-Only Submission: Documents listed in Annex I must be transmitted exclusively via e-file (http://www.e-file.lu) or SOFiE (http://www.cetrel-securities.lu/wp_static/what-do-we-offer/secured-reporting-channel-sofie-sort/), in PDF format supporting read access, printing, copy/paste, and word search; other methods post-February 1, 2019, are null and void.
Dynamic Annex Updates: The annex, published on the CSSF website, is regularly updated (e.g., latest noted April 1, 2025) and includes prospectuses, management regulations, annual reports, risk management reports, compliance...
What You Need To Do
- Register/access e-file or SOFiE platforms if not already (test/production environments available since February 2019)
- Consult and adhere to the latest Annex I for document list, nomenclatures, and formats (PDF with full functionality)
- Ensure submissions are final/official versions matching hard copies; use specified identifiers for UCIs/SIFs/SICARs
- Implement processes for automatic/manual transmission (e
- Train staff on responsibilities and integrate into reporting workflows; reference CSSF FAQs for closing documents
Key Dates
1 February 2019 - Entry into force Mandatory electronic transmission for listed documents; non-electronic submissions null and void.
28 January 2019 - Publication date of original Circular CSSF 19/708.
22 December 2021 - Amendment by Circular CSSF 21/790.
1 April 2025 - Latest annex update noted.
Ongoing - Regular checks required Entities must monitor CSSF website for annex updates. DEADLINE
Compliance Impact
Urgency: Low (for new implementations post-2019; medium for ongoing monitoring). This matters for operational efficiency and CSSF relations, as non-compliance risks rejected filings, delays (e.g., approvals under SFDR processes), or supervisory scrutiny, but long-standing rule (since 2019) with established platforms reduces immediate pressure. Firms must prioritize annex vigilance to avoid disruptions in routine reporting like annual reports or prospectuses.
Asset ManagerWealth ManagerInsurance No description available.
Bank
Administrative sanction imposed on BigRep SE
The CSSF imposed a €10,000 administrative fine on BigRep SE on 12 January 2026 for failing to publish its half-yearly financial report as of 30 June 2025, as required under Article 4 of Luxembourg's Transparency Law of 11 January 2008 (as amended). This enforcement action underscores the CSSF's rigorous supervision of periodic disclosure obligations for issuers with Luxembourg as their home Member State, serving as a reminder of the consequences for non-compliance with transparency requirements. Compliance professionals should note this as evidence of ongoing CSSF scrutiny on timely reporting, with potential fines scaled based on circumstances per Article 26a.
What Changed
This is not a regulatory change or new requirement but an enforcement of existing obligations under the Transparency Law of 11 January 2008 (as amended), specifically Article 4, which mandates issuers to publish half-yearly financial reports, including effective dissemination, storage on the Officially Appointed Mechanism (OAM), and filing with the CSSF. No new rules are introduced; the sanction reinforces the unchanged deadlines and processes for periodic information publication, with the CSSF acting under Article 25(2) as the competent authority.
What You Need To Do
- All affected parties
- BigRep SE specifically
- wide actions are mandated beyond general adherence, but proactive audits are advisable given CSSF's supervisory focus
Key Dates
30 June 2025 - Period-end date for the required half-yearly financial report that BigRep SE failed to publish. DEADLINE
12 January 2026 - Date of administrative sanction imposition by CSSF and publication of the decision.
Within 3 months of 12 January 2026 (i.e., by 12 April 2026) - Deadline for BigRep SE to lodge a court action with the Tribunal administratif against the sanction, per Article 27 of the Transparency Law. DEADLINE
Compliance Impact
Urgency: Medium – This matters as a specific enforcement example in CSSF's ongoing verification of periodic information publication, signaling heightened scrutiny rather than a systemic shift. While the €10,000 fine is modest, it demonstrates fines for even isolated breaches (scaled per Article 26a), potentially escalating for repeats; firms should prioritize reporting calendars to avoid reputational harm and publication of sanctions under Article 26b(1).
All Firms
No description available.
This CSSF publication, dated January 12, 2026, identifies the specific population (likely a firm or individual) subject to an enforcement action, such as an administrative sanction, as part of the CSSF's transparency in supervisory measures. It matters because it signals CSSF's active enforcement priorities, potentially in areas like AML or reporting failures, enabling firms to assess similar risks in their operations and strengthen compliance to avoid parallel actions. Published amid rising focus on financial crime typologies like sexual extortion, it underscores the regulator's commitment to public accountability.
What Changed
No new regulatory changes or requirements are introduced in this publication, as it is an enforcement notice rather than a circular or guideline. It serves as a disclosure of an ongoing or concluded enforcement case, aligning with CSSF's practice of publishing sanction details to deter non-compliance and inform the market, without altering existing rules.
What You Need To Do
- For the named population
- For all supervised firms
- Update internal policies, train staff on enforcement precedents, and ensure robust reporting under Circular CSSF 19/726 or Transparency Law obligations
Compliance Impact
Urgency: High – Immediate relevance for the named party facing direct consequences; medium-to-high for peers due to CSSF's pattern of public enforcements signaling heightened scrutiny on financial crime, especially amid rising OCSE/FSEC cases noted in recent CSSF guidance. It matters as it could preview broader supervisory sweeps, impacting reputation, operations, and costs if similar vulnerabilities exist.
BankPayment ProviderAll Firms
amending Delegated Regulation (EU) 2016/1675 to add Russia to the list of high-risk third countries with strategic deficiencies
BankAsset ManagerWealth Manager
Administrative sanction imposed on the alternative investment fund manager Premium Capital Management (“AIFM”)
The CSSF imposed a €10,000 administrative fine on 11 September 2025 against alternative investment fund manager (AIFM) Premium Capital Management for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties, signaling heightened scrutiny on timely supervisory cooperation amid ongoing AML risks in Luxembourg. Compliance teams should view this as a reminder of the low tolerance for even administrative lapses, with potential for escalated fines in repeat cases.
What Changed
This is not a regulatory change but an enforcement precedent under existing rules: non-compliance with Article 5(1) of the AML/CFT Law, which mandates annual submission of a financial crime questionnaire ("Questionnaire") to the CSSF. The fine was calculated per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), considering circumstances under Article 8-5(1). Publication followed Article 8-6(1) after a proportionality assessment, confirming no market stability risks.
What You Need To Do
- Immediately review internal processes for annual Questionnaire submission, ensuring calendar invites and automated reminders for the 4 April deadline (covering prior year-end data)
- Conduct a gap analysis on AML/CFT cooperation obligations under Article 5(1), including response protocols to CSSF reminders or queries
- Update compliance calendars and train staff on escalation procedures; document all submissions with proof (e
- If late, proactively submit overdue items and request meetings if needed, as non-response forfeits mitigation opportunities
Key Dates
31 December 2024 - Reference year-end for the financial crime Questionnaire.
4 April 2025 - Statutory deadline for Questionnaire submission to CSSF. DEADLINE
11 September 2025 - Date CSSF imposed the €10,000 administrative fine after non-submission despite reminders.
9 January 2026 - Publication date of the sanction decision.
Compliance Impact
Urgency: Medium – This €10,000 fine for a straightforward reporting failure demonstrates CSSF's willingness to penalize non-cooperation swiftly, even without aggravating factors, but the amount is modest and targeted at administrative breaches. It matters as a warning shot in Luxembourg's AML landscape, where repeated failures could trigger higher fines (up to proportionality limits under Article 8-5), reputational damage via public naming, or supervisory escalations; firms should audit 2025/2026 reporting now to preempt similar actions, especially post-NRA updates.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager Sunbricks GP S.à r.l. (“AIFM”)
The CSSF imposed a **€10,000 administrative fine on Sunbricks GP S.à r.l.**, an alternative investment fund manager, for failing to submit a mandatory annual financial crime questionnaire by the April 4, 2025 deadline, despite two formal reminders. This enforcement action demonstrates the CSSF's strict approach to cooperation obligations under Luxembourg's anti-money laundering and counter-terrorist financing (AML/CFT) framework and signals that non-submission of required compliance documentation—even without evidence of underlying financial crime—triggers regulatory penalties.
What Changed
This is not a regulatory change but rather an enforcement action clarifying existing obligations:
Mandatory Annual Questionnaire Requirement: All professionals supervised, authorized, or registered by the CSSF must submit an annual questionnaire on financial crime by April 4 each year, covering the preceding calendar year.
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, which includes timely submission of requested documentation.
Administrative Fine Framework: The CSSF applies Article 8-4...
What You Need To Do
- regulated entities must
- *Establish Calendar Controls
- *Designate Responsible Parties
- *Prepare Documentation
- *Monitor Communications
Key Dates
April 4, 2025 – Annual financial crime questionnaire submission deadline (for year ending December 31, 2024) DEADLINE
Before September 11, 2025 – Two reminder notices issued by CSSF to Sunbricks GP
September 11, 2025 – Administrative fine decision date; questionnaire still not submitted
January 9, 2026 – Publication date of enforcement decision
2026 (for the year ending December 31, 2025).
Compliance Impact
Urgency: HIGH
Asset ManagerAll Firms
Administrative sanction imposed on the alternative investment fund manager Capitalis Premiere Group (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) Capitalis Premiere Group on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties, signaling heightened scrutiny on timely supervisory cooperation for Luxembourg-regulated entities. Compliance teams should note this as a low-value but public reminder of potential fines for administrative lapses in AML processes.
What Changed
This is not a regulatory change or new requirement but an enforcement precedent under existing rules: non-compliance with the annual financial crime questionnaire submission, mandated by Article 5(1) of the AML/CFT Law, triggers fines per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a). The CSSF considered all relevant circumstances under Article 8-5(1) to set the €10,000 fine amount and published the sanction nominatively after proportionality assessment per Article 8-6(1), confirming no market stability risks.
What You Need To Do
- Ensure timely submission of annual financial crime questionnaires by 4 April each year (for prior calendar year data); implement calendar reminders and escalation processes for CSSF requests
- Respond promptly to CSSF reminders or queries on AML/CFT compliance to avoid escalation to fines; document any delays with justification evidence
- No retroactive actions needed for this case, but conduct gap analysis on reporting workflows to prevent similar breaches
Key Dates
4 April 2025 - Deadline for submitting the annual financial crime questionnaire covering the year ending 31 December 2024. DEADLINE
11 September 2025 - Date CSSF imposed the €10,000 administrative fine on Capitalis Premiere Group for non-submission.
9 January 2026 - Date of CSSF publication of the sanction decision.
Compliance Impact
Urgency: Medium - This €10,000 fine is modest but publicly names the firm, amplifying reputational risk in Luxembourg's competitive fund domicile; it matters as a clear CSSF signal of zero tolerance for basic cooperation failures in AML, potentially foreshadowing stricter enforcement amid EU AML harmonization pressures. AIFMs face ongoing annual risk, with non-response despite reminders treated as willful breach; firms with weak reporting controls should prioritize fixes to avoid cumulative fines or escalations.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager Lion Management (“AIFM”)
The CSSF imposed a €10,000 administrative fine on Lion Management, an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the 4 April 2025 deadline. This enforcement action demonstrates the CSSF's commitment to enforcing cooperation obligations under Luxembourg's anti-money laundering and terrorist financing framework, with direct implications for all AIFMs regarding timely compliance with supervisory reporting requirements.
What Changed
This is not a regulatory change but rather an enforcement action clarifying existing obligations. However, it reinforces critical compliance requirements:
Mandatory Annual Questionnaire Submission: All CSSF-supervised professionals, including AIFMs, must submit an annual questionnaire on financial crime by the specified deadline (in this case, 4 April 2025 for the year ending 31 December 2024).
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing establishes a non-negotiable obligation to cooperate with the...
What You Need To Do
- *Establish Calendar Controls
- *Designate Responsible Parties
- *Monitor CSSF Communications
- *Document Submission
- *Escalate Non-Compliance Immediately
Key Dates
4 April 2025 - Deadline for submission of annual financial crime questionnaire for year ending 31 December 2024 DEADLINE
11 September 2025 - Date CSSF imposed administrative fine after two reminders went unheeded
9 January 2026 - Publication date of the administrative sanction decision
Compliance Impact
Urgency: HIGH
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager Max Gain Capital S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on Max Gain Capital S.à r.l., an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the April 2025 deadline. This enforcement action demonstrates the CSSF's active monitoring of AML/CFT compliance obligations and its willingness to sanction non-cooperation, even for procedural failures unrelated to substantive money laundering violations.
What Changed
This is not a regulatory change but rather an enforcement action clarifying existing obligations:
Mandatory Annual Questionnaire Requirement: All CSSF-supervised professionals must submit an annual questionnaire on financial crime covering the preceding calendar year.
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT imposes a non-negotiable duty to cooperate with CSSF supervisory requests.
Enforcement Escalation: The CSSF will issue reminders before imposing sanctions, but continued non-compliance triggers administrative fines under Article 8-4 of the...
What You Need To Do
- regulated entities must
- *Identify Reporting Obligations
- *Calendar Management
- *Documentation
- *Escalation Protocol
Key Dates
4 April 2025 - Deadline for submission of financial crime questionnaire for the year ending 31 December 2024 DEADLINE
Before 11 September 2025 - CSSF issued two reminders to Max Gain Capital after the missed deadline DEADLINE
11 September 2025 - CSSF imposed the €10,000 administrative fine
9 January 2026 - CSSF published the administrative sanction decision
Compliance Impact
Urgency: HIGH
Asset ManagerAll Firms
Administrative sanction imposed on the alternative investment fund manager Agriland Management S.A. (“AIFM”)
The Commission de Surveillance du Secteur Financier (CSSF), Luxembourg's financial regulator, imposed a **EUR 10,000 administrative fine on Agriland Management S.A.**, an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the April 2025 deadline. This enforcement action demonstrates the CSSF's commitment to enforcing cooperation obligations under Luxembourg's anti-money laundering and terrorist financing (AML/CFT) framework and signals heightened scrutiny of compliance with supervisory reporting requirements.
What Changed
This is not a regulatory change but rather an enforcement action that clarifies existing obligations:
Mandatory Annual Reporting: All CSSF-supervised professionals must submit an annual questionnaire on financial crime by 4 April each year, covering the preceding calendar year.
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, including timely submission of requested documentation.
Enforcement Escalation: The CSSF will issue reminders for non-compliance, but continued failure to respond...
What You Need To Do
- *Establish Reporting Calendars
- *Designate Responsible Personnel
- *Respond to Regulatory Requests
- *Document Justifications
- *Monitor Supervisory Communications
Key Dates
4 April 2025 – Deadline for submission of financial crime questionnaire for year ending 31 December 2024 DEADLINE
Before 11 September 2025 – Two reminder notices issued by CSSF to Agriland Management S.A.
11 September 2025 – Administrative fine imposed
9 January 2026 – Sanction published by CSSF
Compliance Impact
Urgency: HIGH
Asset Manager
Administrative sanction imposed on the alternative investment fund manager Bedrock I GP S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) Bedrock I GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of AML reporting duties and serves as a public warning to supervised entities on timely supervisory compliance. It matters because it demonstrates that even modest fines are pursued for basic reporting lapses, potentially signaling heightened scrutiny on AIFMs' AML processes amid ongoing regulatory focus on financial crime risks.
What Changed
This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing (AML/CFT Law). Specifically, it reaffirms the mandatory annual submission of the CSSF's financial crime questionnaire ("Questionnaire") by supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, as part of the cooperation duty in Article 5(1).
What You Need To Do
- Immediately verify submission status of the 2024 Questionnaire (or any outstanding); if overdue, submit promptly with justification to mitigate further escalation
- Implement automated calendar alerts and internal workflows for all CSSF reporting deadlines, including annual AML/CFT Questionnaire
- Conduct a compliance gap analysis on cooperation obligations under Article 5(1) AML/CFT Law, documenting reminder responses and evidence retention
- Train senior managers and compliance teams on supervisory interactions, including rights to request in-person meetings before fines
- Review governance for timely escalation of CSSF reminders to decision-makers
Key Dates
31 December 2024 - Reference period end for the Questionnaire covering financial crime compliance. DEADLINE
4 April 2025 - Statutory deadline for Questionnaire submission to CSSF. DEADLINE
11 September 2025 - Date of administrative fine imposition (€10,000) after non-submission despite reminders.
9 January 2026 - Publication date of the sanction decision by CSSF.
Compliance Impact
Urgency: Medium - This is a post-facto enforcement on a past breach (2024 reporting cycle), with the €10,000 fine relatively low, indicating proportionality for a first-time or isolated lapse. It matters as a leading indicator of CSSF's 2025-2026 focus on AML cooperation, with multiple similar AIFM sanctions published simultaneously, risking escalated fines or reputational harm for repeat offenders; firms should prioritize reporting hygiene to avoid public naming, which CSSF deems non-disruptive to markets here.
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager C5 Haven Cyber GP S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) C5 Haven Cyber GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of AML reporting duties and serves as a public warning to supervised entities on the consequences of non-cooperation. It matters because it demonstrates that even modest fines will be levied for procedural lapses, potentially signaling increased scrutiny on timely AML compliance submissions amid broader regulatory focus on financial crime risks.
What Changed
This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended AML/CFT Law:
Annual Questionnaire Submission: Supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, must submit an annual financial crime questionnaire ("Questionnaire") to CSSF as part of the cooperation duty in Article 5(1).
Fine Provisions: Fines are imposed per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), with amounts determined by relevant circumstances under Article 8-5(1); publication follows Article 8-6(1) after proportionality...
What You Need To Do
- Immediate Review
- Remediation if Late
- Process Enhancements
Key Dates
31 December 2024 - Reference year-end for the financial crime Questionnaire.
4 April 2025 - Statutory deadline for submitting the Questionnaire for the year ending 31 December 2024. DEADLINE
11 September 2025 - Date CSSF imposed the €10,000 administrative fine after noting non-submission despite reminders.
9 January 2026 - Date of CSSF publication of the sanction decision.
Compliance Impact
Urgency: Medium - This is a low-value fine (€10,000) for a procedural breach, not involving substantive AML failures like suspicious transactions or sanctions screening delays seen in higher fines (e.g., €185,000 on Rakuten Bank). It matters as a precedent for CSSF's willingness to publicly name-and-shame for basic non-cooperation, potentially escalating to higher penalties for repeats; with publication on 9 January 2026, firms should prioritize 2025/2026 reporting to avoid similar exposure amid CSSF's active enforcement (3192+ sanctions published).
Asset ManagerHedge Fund
Administrative sanction imposed on the alternative investment fund manager C5 S.à r.l. (“AIFM”)
The CSSF imposed a €10,000 administrative fine on alternative investment fund manager C5 Haven Cyber GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of reporting duties in AML/CFT compliance, serving as a warning to supervised entities on the consequences of administrative delays. It matters because it highlights low-tolerance for even minor procedural lapses, potentially signaling increased scrutiny on annual reporting amid broader AML/CFT priorities.
What Changed
This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended AML/CFT Law:
Article 5(1) mandates supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, to cooperate fully with CSSF, including submitting the annual financial crime questionnaire ("Questionnaire").
Breach occurred due to non-submission of the 2024 year-end Questionnaire, with fine determined per Articles 8-4(1), 8-4(2)(f), 8-4(3)(a), and 8-5(1).
Publication of the sanction follows Article 8-6(1), after proportionality assessment to avoid...
What You Need To Do
- Review and confirm timely submission of all pending or future CSSF financial crime questionnaires; establish automated calendar reminders for annual deadlines (e
- Implement escalation protocols for CSSF reminders, ensuring immediate response and submission within days, not weeks
- Conduct internal audit of AML/CFT cooperation obligations, documenting justifications for any delays and preparing evidence for potential CSSF hearings or meetings
- Update compliance policies to prioritize Article 5(1) duties, including training for responsible persons on fine risks under Article 8-4
Key Dates
4 April 2025 - Deadline for submission of financial crime Questionnaire covering year ending 31 December 2024. DEADLINE
11 September 2025 - Date CSSF imposed €10,000 administrative fine on C5 Haven Cyber GP S.à r.l. for non-submission despite reminders.
9 January 2026 - Date of CSSF publication announcing the sanction.
Compliance Impact
Urgency: Medium - Matters due to CSSF's demonstrated willingness to impose and publicize fines for straightforward reporting failures, even at €10,000, which could escalate for repeat or severe cases; acts as a precedent amid rising AML/CFT enforcement (e.g., larger fines like €214,000 in similar contexts). Firms delaying submissions risk reputational damage from nominative publications under Article 8-6(1), market confidence erosion, and cumulative penalties; proactive remediation now prevents higher scrutiny in upcoming inspections.
Asset ManagerHedge Fund
Administrative sanction imposed on JTC (Luxembourg) S.A.
The CSSF imposed a €102,000 administrative fine on JTC (Luxembourg) S.A. on 23 July 2025 for breaches in its professional obligations as a depositary of non-financial assets under the AIFM Law, identified during an on-site inspection from February 2023 to January 2024 covering activities up to December 2022. This enforcement action highlights CSSF's scrutiny of depositary functions, particularly risk assessment and oversight controls, serving as a warning for similar entities to strengthen compliance amid rising supervisory focus on AIFM depositaries.
What Changed
This is an enforcement action, not a regulatory change; it enforces existing requirements under Article 51(1) (1st and 7th indents) and Article 51(2) (1st sub-paragraph, 3rd indent) of the amended Law of 12 July 2013 on AIFMs (AIFM Law), and related provisions like Article 92(1) of Commission Delegated Regulation (EU) No 231/2013 (CDR 231/2013).
What You Need To Do
- related entities) must
- Conduct immediate gap analyses on risk assessment processes for AIF strategies and AIFM organization per Article 92(1) CDR 231/2013
- Implement robust verification processes for AIFM compliance with asset delegation rules
- Ensure availability of key documentation and evidence of controls for the depositary function, addressing pre-2022 gaps if applicable
- Develop and test oversight processes, leveraging self-identified improvements and action plans as mitigating factors, as JTC did prior to inspection
Key Dates
February 2023 - January 2024 Period of CSSF on-site inspection on depositary obligations, covering activities up to December 2022.
23 July 2025 Date CSSF imposed the €102,000 administrative fine on JTC (Luxembourg) S.A.
9 January 2026 Date of official CSSF publication announcing the sanction.
Compliance Impact
Urgency: High – This matters due to the fine's size (€102,000), reflecting breach accumulation, severity, and duration, despite JTC's partial remediation; it signals intensified CSSF on-site scrutiny of depositary functions post-2023 inspections, with potential for higher penalties absent proactive controls. Depositaries face elevated enforcement risk, especially with unavailability of evidence pre-2022, urging swift remediation to avoid similar outcomes under Article 51 AIFM Law.
Asset Manager
No description available.
Asset ManagerWealth ManagerBank Long Form Report – Practical rules concerning the self-assessment questionnaire to be submitted by investment firms – Mission and related reports of the réviseurs d’entreprises agréés (approved statutory auditors)
Broker DealerAll Firms
Update of Circular CSSF 24/853 on the Long Form Report (as amended by Circular CSSF 25/870) – Practical rules concerning the self-assessment questionnaire to be submitted by investment firms Mission and related reports of the réviseurs d’entreprises agréés (approved statutory auditors)
Circular CSSF 26/904 updates Circular CSSF 24/853 (as amended by Circular CSSF 25/870) by introducing a revised Long Form Report (LFR) for investment firms, featuring a digital self-assessment questionnaire (SAQ) and enhanced auditor reports focused on AML/CFT and risk management. This matters because it aligns reporting with CSSF's risk-based supervision under CSSF 4.0, reduces redundancies, applies proportionality based on business models, and mandates digital submission to improve efficiency and data analysis.
What Changed
Revised LFR Structure: Comprises four parts in a single digital document: (1) yearly SAQ completed by investment firms; (2) descriptive elements verified by approved statutory auditors (REAs); (3) AML/CFT report with risk assessments, declarations on audits, and data on incomplete fund transfers; (4) REA's independent assessment of ML/FT risks and organizational aspects.
Digital Format: Completion and submission via CSSF's online portal, supporting CSSF 4.0 digital strategy for efficient processing.
Proportionality and Scope: Applies individually to investment firms (no consolidated LFR if...
What You Need To Do
- Investment Firms
- REAs/Auditors
Key Dates
Financial year ending 31 December 2024 - Applicability of revised LFR to all investment firms; submissions begin for this period onward on a yearly basis.
No specific submission deadline stated - Yearly production required via CSSF portal; firms should align with existing annual reporting cycles for auditors (typically post-year-end). DEADLINE
Compliance Impact
Urgency: High - Applies immediately to FY ending 31 December 2024 reports, requiring swift updates to reporting processes, digital tools, and AML/CFT documentation amid CSSF's risk-based shift; non-compliance risks supervisory actions, as LFR directly informs CSSF oversight on key prudential/AML areas with no transition period specified.
Asset ManagerBroker DealerAll Firms
Press release 26/01
Asset ManagerWealth Manager