CSSF Updates 2026

🇱🇺 CSSF News

May 26th 2026

Net assets of UCIs

Situation as at 30 April 2026

Sectors:

Topics:

Asset Manager

🇱🇺 CSSF News

May 26th 2026

Breakdown according to currency

Situation as at 30 April 2026

Sectors:

Topics:

Asset Manager

🇱🇺 CSSF News

May 26th 2026

Origin of UCI initiators in Luxembourg

Situation as at 30 April 2026

Sectors:

Topics:

Asset Manager

🇱🇺 CSSF News

May 26th 2026

Number of UCIs

Situation as at 30 April 2026

Sectors:

Reporting & Disclosure Authorisation & Licensing

Topics:

All Firms

🇱🇺 CSSF News

May 26th 2026

Investment policy of UCIs

Situation as at 30 April 2026

Sectors:

Topics:

Asset Manager

🇱🇺 CSSF Guidance medium

May 22nd 2026

Repeal of Circular IML 91/75

No description available.

AI Analysis

The CSSF has formally repealed Circular IML 91/75 with immediate effect through the publication of Circular CSSF 26/912 on 22 May 2026. Compliance teams for Luxembourg UCIs and related structures must now ensure that no policies, procedures or prospectus provisions continue to rely on or reference IML 91/75, and instead rely on the current UCI, SIF, SICAR and EU fund law framework and subsequent CSSF circulars and administrative practice.

What Changed

- Circular IML 91/75, which set out rules for Luxembourg undertakings governed by the Law of 30 March 1988 on undertakings for collective investment, is repealed in full with effect from 22 May 2026...
All amendments to Circular IML 91/75 introduced by Circulars CSSF 05/177, 18/697, 21/790, 22/811 and 25/901 are implicitly repealed as part of the repeal of IML 91/75 itself.
The regulatory expectations previously contained in IML 91/75 are now either superseded by later Luxembourg fund laws (including post‑1988 UCI legislation and regimes for SICARs and SIFs), later CSSF...
The historical link to the Law of 30 March 1988 on undertakings for collective investment is effectively severed at circular level, confirming that the operative framework is now the modern suite of...
IML 91/75 is flagged as archived by the CSSF as of 22 May 2026, clarifying that it has no continuing normative or interpretative value as a live supervisory instrument.

Suggested Considerations

Identify and inventory all internal and external documents (including policies, procedures, compliance manuals, prospectuses, offering documents, service agreements and SLAs) that reference Circular IML 91/75 or its amending Circulars CSSF 05/177, 18/697, 21/790, 22/811 and 25/901.
Remove or replace all references to Circular IML 91/75 and its amending circulars in compliance frameworks, manuals, registers of applicable rules and control libraries, ensuring they are mapped instead to the current applicable UCI, SIF, SICAR, AIFM and relevant CSSF circulars.
Perform a gap analysis to confirm that all substantive topics previously governed by IML 91/75 in your framework are now fully covered by current Luxembourg laws, EU fund regulations and up‑to‑date CSSF circulars and FAQs.
Update training materials and onboarding content for compliance, portfolio management, risk and operations staff to reflect that IML 91/75 has been repealed and to direct staff to the current legal and regulatory sources governing UCIs and alternative funds.
Adjust internal audit and compliance monitoring programs so that any test steps or key controls referencing IML 91/75 are updated to reference the applicable current provisions and CSSF administrative practice.

Key Dates

21 January 1991

- Original Circular IML 91/75 entered into force, setting rules for undertakings governed by the Law of 30 March 1988 on undertakings for collective investment

22 May 2026

- Circular CSSF 26/912 is published and takes effect, repealing Circular IML 91/75 (as amended) with immediate effect and archiving it from the same date

Compliance Impact

The immediate compliance risk is moderate: there are no new obligations, but relying on a repealed circular can create legal uncertainty, documentation inconsistencies and supervisory challenges during CSSF inspections. Failure to update frameworks may weaken control design, lead to outdated disclosures and reduce credibility with the CSSF in the event of reviews or thematic inspections.

References

[1] cssf.lu/en/2026/05/repeal-of-circular-iml-91-75/

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Authorisation & Licensing Reporting & Disclosure

Topics:

Asset ManagerHedge FundBank

🇱🇺 CSSF Guidance medium

May 22nd 2026

Circular CSSF 26/912

Repeal of Circular IML 91/75 related to the revision and remodelling of the rules to which Luxembourg undertakings governed by the Law of 30 March 1988 on undertakings for collective investment (“UCI”) are subject

AI Analysis

The CSSF has issued Circular CSSF 26/912, formally repealing Circular IML 91/75 (and its amendments) governing Luxembourg UCIs under the (now repealed) Law of 30 March 1988 on undertakings for collective investment. This is a technical clean‑up measure that removes an obsolete circular from the rulebook and confirms that the 1991 governance, organisational and investment rules under IML 91/75 no longer apply.

What Changed

- Circular IML 91/75, including its amendments by Circulars CSSF 05/177, 18/697, 21/790, 22/811 and 25/901, is formally repealed by Circular CSSF 26/912.
The rules on “revision and remodelling of the rules to which Luxembourg undertakings governed by the Law of 30 March 1988 on undertakings for collective investment are subject” no longer form part of...
Supervisory expectations for Luxembourg UCIs are now to be derived exclusively from the current UCI regime (notably the Law of 17 December 2010 relating to undertakings for collective investment and...
Any internal compliance mappings, policy references, or control frameworks that still cite Circular IML 91/75 or its amending circulars must be treated as referencing repealed guidance and should be...

Suggested Considerations

Update your regulatory inventory and obligation registers to reflect that Circular IML 91/75 and its amending circulars (CSSF 05/177, 18/697, 21/790, 22/811 and 25/901) have been repealed by Circular CSSF 26/912 as of 22 May 2026.
Verify that your compliance monitoring programmes and internal audit test plans do not rely on requirements sourced from Circular IML 91/75, and re-align any such tests to the currently applicable legal and regulatory standards.
Communicate the repeal of Circular IML 91/75 internally to legal, compliance, risk, product, and fund administration teams to prevent continued reliance on obsolete rules in ongoing or future projects.
For any ongoing remediation, authorisation or approval processes that previously cited IML 91/75 as justification for a control design, reassess and document those controls against the current CSSF requirements that have effectively replaced or superseded the 1991 framework.
Maintain an audit trail evidencing the update of documentation and registers in response to Circular CSSF 26/912, including board or senior management notification where your governance framework requires it for changes in regulatory obligations.

Key Dates

21 January 1991

- Original Circular IML 91/75 on revision and remodelling of rules applicable to UCIs under the Law of 30 March 1988 is issued (subsequently amended by later circulars)

22 May 2026

- Circular CSSF 26/912 is published and Circular IML 91/75 (as amended by Circulars CSSF 05/177, 18/697, 21/790, 22/811 and 25/901) is repealed and archived

Compliance Impact

The immediate compliance risk is low, as the circular repeals an already outdated framework; however, continuing to reference or rely on Circular IML 91/75 could create documentation inconsistencies, misalignment with current CSSF expectations and weaknesses in regulatory audits or inspections.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Reporting & Disclosure Senior Managers / Governance

Topics:

Asset ManagerHedge FundBank

🇱🇺 CSSF News

May 22nd 2026

Questionnaire for the approval of a new sub-fund (Updated)

No description available.

Sectors:

Authorisation & Licensing

Topics:

Asset Manager

Banking & Credit Investment Management Insurance & Pensions

🇱🇺 CSSF News

May 21st 2026

CSSF Newsletter No 304 – May 2026

No description available.

Sectors:

Topics:

All Firms

Banking & Credit Investment Management Payments & E-Money

🇱🇺 CSSF Guidance high

May 19th 2026

Circular CSSF 26/911

ESMA Guidelines on stress test scenarios under Article 28 of the Money Market Fund Regulation – Update 2025 (ESMA50-481369926-30585)

AI Analysis

Circular CSSF 26/911 informs Luxembourg money market fund (MMF) managers that the CSSF is integrating ESMA’s 2025 update of the stress test scenarios under Article 28 of the Money Market Fund Regulation (MMFR), and that these new ESMA Guidelines now form part of the Luxembourg supervisory expectations. The circular repeals and replaces Circular CSSF 25/877 as of 26 May 2026 and requires MMFs and their managers to apply the 2025 stress test parameters for MMF reporting from the reporting date 30 June 2026 onwards, driving immediate model, data, and reporting changes.

What Changed

- Circular CSSF 26/911 replaces Circular CSSF 25/877 and integrates ESMA’s 2025 Guidelines on stress test scenarios under Article 28 of Regulation (EU) 2017/1131 (MMFR), making the updated scenarios...
The 2025 ESMA Guidelines (Ref. ESMA50-481369926-30585) update the common reference stress test parameters for MMFs, reflecting more recent market conditions and liquidity risk drivers than the 2024...
The circular clarifies that MMFs and MMF managers must use the updated 2025 ESMA stress test scenarios when preparing the MMF reporting required under the MMFR and the related Commission Implementing...
Circular CSSF 26/911 confirms that the 2025 Guidelines and their translations, published by ESMA on 26 March 2026, are now integrated into CSSF supervisory practice, following the ESMA process...
The circular reiterates that MMFs and their managers must tailor the ESMA reference scenarios to the specificities of each MMF, adding additional risk factors or requirements where needed to ensure...

Suggested Considerations

Identify all MMFs and MMF mandates in scope of Regulation (EU) 2017/1131 for which the CSSF is the competent authority and confirm that they are currently using the 2024 ESMA stress test framework under Circular CSSF 25/877.
Obtain and review in detail the ESMA 2025 Guidelines on stress test scenarios (ESMA50-481369926-30585) and the annexed parameters as integrated by Circular CSSF 26/911, comparing them line‑by‑line to the 2024 version to map all methodological and parameter changes.
Update the MMF stress testing policy and procedures to reference Circular CSSF 26/911 and the 2025 ESMA Guidelines, including explicit descriptions of the scenarios, calibration choices, modelling techniques, and governance for scenario approval.
Recalibrate stress testing models and tools used for MMFs to reflect the 2025 common reference parameters, ensuring that interest rate shocks, credit spread moves, liquidity shocks, redemption scenarios, and concentration risks are aligned with the new ESMA specifications.
Perform impact analyses on representative MMFs using both 2024 and 2025 parameters to quantify changes in stress outcomes, and prepare internal briefing materials for senior management and boards explaining the impacts on liquidity and risk profiles.

Key Dates

AI Analysis

The CSSF publication highlights AMLA's public consultation on draft Regulatory Technical Standards (RTS) under Articles 16(4) and 17(3) of Regulation (EU) 2024/1624, specifying minimum group-wide AML/CFT requirements and additional measures for subsidiaries and branches in third countries. This matters because it aims to harmonize cross-border AML frameworks, ensuring groups maintain consolidated ML/TF risk views and robust controls, particularly in high-risk third-country operations, impacting EU financial groups' compliance structures. Private sector input is encouraged to align standards with practical operations.[https://www.cssf.lu/en/Document/public-consultation-by-amla-on-the-draft-rts-on-group-wide-minimum-requirements-and-additional-measures-for-subsidiaries-and-branches-in-third-countries/][https://www.amla.europa.eu/amla-consults-group-wide-requirements-and-business-wide-risk-assessment_en]

What Changed

- Group-wide AML/CFT frameworks: Establishes minimum standards for design and implementation across groups, including cross-border structures and third-country operations, to enable consolidated...
Third-country subsidiaries and branches: Introduces additional measures for entities in non-EU countries, extending requirements beyond traditional groups to other...
Information sharing and parent identification: Defines provisions for intra-group data sharing and criteria to identify the EU parent undertaking when multiple entities report to a third-country head...
Interlinked mandates: Cross-references obligations between Articles 16(4) and 17(3) for complementary requirements on organizational...

Suggested Considerations

Register for 20 May 2026 public hearing to engage directly on practical application across group structures.[https://www.amla.europa.eu/events/public-hearing-draft-rts-group-wide-minimum-requirements-and-additional-measures-subsidiaries-and-2026-05-20_en]
Assess current group-wide AML/CFT frameworks against proposed minimums, identifying gaps in third-country controls, risk consolidation, and data sharing protocols.

Compliance Impact

Urgency: High – Firms with third-country exposure must act now on consultation (closes 15 July 2026) to influence final RTS, as these will mandate binding minimums for group-wide AML/CFT, potentially requiring significant framework overhauls for risk consolidation and controls. Non-engagement risks misaligned systems post-adoption, increasing supervisory scrutiny under harmonized EU standards; early assessment prevents rushed...

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

AML / Financial Crime Reporting & Disclosure Senior Managers / Governance

BankAsset ManagerPayment Provider

🇱🇺 CSSF Consultation high

April 17th 2026

Public consultation by AMLA on the draft Guidelines on business-wide risk assessment

No description available.

AI Analysis

AMLA has launched a public consultation on draft Guidelines for business-wide risk assessments (BWRA) under the new Anti-Money Laundering Regulation (EU 2024/1624), with submissions open until 15 July 2026. These guidelines establish minimum requirements for all obliged entities across financial and non-financial sectors to systematically identify and manage money laundering and terrorist financing risks inherent to their operations.

What Changed

The draft Guidelines introduce four minimum requirements for conducting adequate business-wide risk assessments applicable to all obliged entities. The framework mandates that entities:
Identify risk exposure across their business model, customers, products, services, transactions, delivery channels, and geographical exposure
Maintain consolidated risk views across group structures, eliminating silos between branches and subsidiaries
Utilize internal and external data sources to build comprehensive risk landscapes, including monitoring customer behavior changes and tracking international typologies
Apply proportionality based on entity size, business model, and risk profile, while ensuring consistent application of policies across the organization The guidelines specifically address evaluation...

Suggested Considerations

*Immediate (by 15 July 2026):
Review draft Guidelines and assess alignment with current BWRA practices
Identify gaps between existing risk assessment frameworks and proposed minimum requirements
Prepare formal consultation responses, particularly if your organization operates in non-financial sectors
Register for relevant public hearings (28 May for BWRA Guidelines; 20 May for group-wide RTS) to engage directly with AMLA

Key Dates

Later in 2026

- Final adoption of guidelines and technical standards

16 April 2026

ESMA Guidelines on Liquidity Management Tools (LMTs) of UCITS and open-ended AIFs (ESMA34-671404336-1364)

AI Analysis

Circular CSSF 26/910 announces the CSSF's application of ESMA Guidelines on Liquidity Management Tools (LMTs) for UCITS and open-ended AIFs, establishing standards for selecting, calibrating, and using LMTs to manage liquidity risks and mitigate financial stability threats. This matters for Luxembourg investment fund managers (IFMs) as it enforces uniform EU-wide supervisory practices under UCITS Directive Article 18a(2) and AIFMD Articles 16(2b)/(2c), holding IFMs primarily accountable for liquidity risk oversight.

What Changed

- Adoption of ESMA Guidelines: CSSF formally applies ESMA's guidelines (ESMA34-671404336-1364), focusing on LMT selection (e.g., redemption gates, suspension of redemptions/dealings, side pockets),...
Calibration Requirements: IFMs must demonstrate fair and reasonable ADT calibration for normal and stressed conditions, including explicit transaction costs and, where appropriate, estimated implicit...
LMT Recommendations: IFMs should select at least one quantitative-based LMT, one ADT, one for normal conditions, and one for stressed conditions; consider additional measures.
Scope Expansion Recommendation: Open-ended SIFs (not under Part II of the 2010 Law) should consider the circular alongside Commission Delegated Regulation (EU) 2026/465.

Suggested Considerations

Review and Update Policies: IFMs must select, calibrate, activate/deactivate LMTs per ESMA guidelines, documenting fair/reasonable ADT calibration (e.g., transaction costs, market impact analysis).
Demonstrate Compliance: Be prepared to show regulators liquidity risk management, including at least one quantitative LMT, one ADT, and condition-specific tools; integrate with UCITS/AIFMD requirements.
Risk Management Integration: Ensure primary responsibility for LMTs, with consistent supervisory application; open-ended SIFs to cross-reference with (EU) 2026/465.
Supervisory Preparedness: Maintain records of previous transactions for market impact estimation and overall LMT rationale.

Key Dates

Asset ManagerWealth Manager

Crypto & Digital Assets Capital Markets & Trading Payments & E-Money

🇱🇺 CSSF Guidance high

April 1st 2026

Circular CSSF 26/909

Application of the Guidelines of the European Securities and Markets Authority for the criteria on the assessment of knowledge and competence under the Markets in Crypto Assets Regulation (MiCA) (ESMA35-24871704-2922)

AI Analysis

Circular CSSF 26/909 specifies how the CSSF applies ESMA's Guidelines (ESMA35-24871704-2922) for assessing **knowledge and competence** criteria under MiCA, targeting staff involved in crypto-asset services. It matters because it enforces MiCA's staff certification requirements, ensuring Luxembourg CASPs meet EU-wide standards for consumer protection and operational integrity amid the full MiCA rollout on 30 December 2024.

What Changed

- Adoption of ESMA Guidelines: CSSF mandates application of ESMA's criteria for evaluating staff knowledge and competence in crypto-asset services, including roles in custody, trading, portfolio...
Assessment Framework: Firms must implement standardized tests and processes to verify staff qualifications, aligning with MiCA Article 62 on CASP authorization, focusing on technical crypto...
No New Standalone Rules: This circular builds on prior CSSF MiCA circulars (e.g., 25/890 on crypto-asset classification), integrating competence checks into licensing dossiers and ongoing supervision.

Suggested Considerations

Assess Staff Competence: Implement ESMA-guided evaluations (e.g., exams, certifications) for all relevant personnel handling crypto services; document results in governance frameworks.
Update Policies and Training: Integrate competence criteria into HR, onboarding, and annual reviews; roll out MiCA-specific training on reporting, breaches, and governance.
Licensing Dossier Enhancement: Include competence attestations in CSSF applications; appoint dedicated compliance/risk officers with verified qualifications.
Ongoing Monitoring: Conduct regular audits, penetration tests, and incident planning; confirm compliance annually via management body statements.
Early CSSF Engagement: Schedule dialogues and info sessions; create MiCA readiness scorecards for board and regulator discussions.

Key Dates

1 April 2026

Circular CSSF 26/909 published; immediate application of ESMA competence guidelines.; [User-provided content]

Compliance Impact

Urgency: High – With publication today (1 April 2026) and MiCA's CASP regime live since 30 December 2024, firms face immediate supervisory scrutiny during licensing and VASP transitions ending 1 July 2026. Non-compliance risks authorization denial, enforcement, or operational halts, especially as CSSF audits dossiers for competence gaps amid Luxembourg's role as MiCA hub.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Authorisation & Licensing Senior Managers / Governance Consumer Protection / Conduct

Crypto ExchangeBankFintech

Prudential / Capital Requirements Reporting & Disclosure

🇱🇺 CSSF Enforcement medium

April 1st 2026

Administrative sanction of 1 April 2026

Administrative sanction imposed on BigRep SE

AI Analysis

The CSSF imposed a €20,000 administrative fine on BigRep SE on 1 April 2026 for failing to comply with a CSSF order to publish, disseminate, store on the Officially Appointed Mechanism (OAM), and file its half-yearly financial report as of 30 June 2025, under the Luxembourg Transparency Law of 11 January 2008. This sanction underscores CSSF's strict enforcement of periodic disclosure obligations for issuers with Luxembourg as their home Member State, signaling heightened supervisory scrutiny on timely reporting.

What Changed

This is not a regulatory change but an enforcement action under the existing amended Law of 11 January 2008 on transparency requirements for issuers (Transparency Law). Key requirements reiterated include Article 4 (obligation to publish half-yearly financial reports), effective dissemination, storage on the OAM, and filing with CSSF, with CSSF empowered under Article 25(1) to impose fines for non-compliance, considering circumstances per Article 26a. This follows a prior €10,000 fine on the same issuer on 12 January 2026 for initial failure to publish the same report.

Suggested Considerations

Issuers must ensure timely publication of periodic financial reports (half-yearly per Article 4, annual per Article 3) via effective dissemination, OAM storage (e.g., Luxembourg Stock Exchange systems), and CSSF filing.
Respond promptly to any CSSF orders or injunctions to avoid escalated fines.
Implement robust internal controls for reporting calendars, including automated reminders and pre-verification processes.
Review and file any overdue reports immediately upon CSSF notification.

Key Dates

30 June 2025

Survey on the amount of covered deposits held on 31 March 2026

AI Analysis

Circular CSSF-CPDI 26/50 mandates a recurring annual survey on the amount of **covered deposits** held as of **31 March 2026** by specified Luxembourg credit institutions, to support the Fonds de garantie des dépôts Luxembourg (FGDL) in meeting Deposit Guarantee Scheme (DGS) requirements under the 2015 Law and DGSD. This matters for compliance as it ensures institutions contribute accurately to the FGDL's buffer (targeting 2% of covered deposits by 2026), with data also feeding into Single Resolution Board (SRB) calculations for resolution funding.

What Changed

This circular introduces no substantive changes to survey content, methodology, or reporting specifications compared to prior issuances (e.g., CSSF-CPDI 25/49 for 31 December 2025). Updates are limited to the reference date (31 March 2026) and associated deadlines, maintaining the risk-based ex-ante contribution method from Circular CSSF-CPDI 20/21 and quarterly reporting under CSSF-CPDI 17/07.

Suggested Considerations

Compile data on covered deposits (eligible deposits up to €100,000 per depositor, per Article 163 of 2015 Law), excluding items per Article 172 (e.g., financial institutions, life insurance).
Report detailed breakdowns: total eligible/covered deposits, omnibus/fiduciary accounts (with beneficiary counts), natural vs. legal persons, branch-level data.
Submit via specified format (per attached specs, unchanged from priors) to CPDI by deadline; quarterly data ongoing per CSSF-CPDI 17/07.
Ensure alignment with FGDL contributions under CSSF-CPDI 25/48.

Key Dates

31 March 2026

- Reference date for snapshot of covered deposits

30 April 2026 DEADLINE

(inferred from pattern in prior circulars like 25/49) - Likely submission deadline for survey data to CPDI (exact date in full PDF; aligns with one-month post-reference in predecessors)

Compliance Impact

Urgency: High – Immediate action required today (publication date) to prepare for 31 March 2026 snapshot (just 5 days away), with submission likely due early May 2026. Non-compliance risks FGDL penalties, inaccurate contributions (impacting 0.8% extra buffer to 2% DGSD minimum), and SRB reporting failures under Regulation (EU) 2015/63; recurring nature demands robust quarterly data processes.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Banking & Credit

Topics:

Bank

Banking & Credit Wealth & Private Banking Consumer Credit

🇱🇺 CSSF News

March 26th 2026

Take control of your finances, one step at a time

No description available.

Sectors:

Topics:

Consumer Protection / Conduct ESG Technology & Cyber

BankWealth ManagerFintech

Banking & Credit Mortgage & Lending

🇱🇺 CSSF Guidance medium

March 25th 2026

Circular CSSF 26/908

Amendment of Circular CSSF 18/703 on the introduction of a semi-annual reporting of borrower related residential real estate indicators

AI Analysis

Circular CSSF 26/908 amends Circular CSSF 18/703 to update semi-annual reporting requirements for borrower-related residential real estate indicators, enhancing supervisory oversight of credit risk in Luxembourg's financial sector. Published today (25 March 2026), it matters for credit institutions as it refines data collection to better monitor real estate lending exposures amid potential market vulnerabilities.

What Changed

The circular introduces amendments to the original Circular CSSF 18/703 (itself amended by Circulars CSSF 20/737 and 21/772), focusing on semi-annual reporting of indicators tied to borrowers in residential real estate. Specific changes are not detailed in the provided summary or full content excerpt, but they likely involve refinements to reporting templates, data granularity, or submission processes to align with evolving EU prudential standards on real estate risk monitoring. The updated consolidated version of Circular CSSF 18/703 is now available as a 258.91Kb PDF.

Suggested Considerations

Download and review the full Circular CSSF 26/908 (291.96Kb PDF) and the updated consolidated Circular CSSF 18/703 (258.91Kb PDF) from the CSSF website: https://www.cssf.lu/en/Document/circular-cssf-26-908/.
Conduct a gap analysis of current reporting processes against the amended requirements for borrower-related residential real estate indicators.
Update internal systems, data collection templates, and reporting workflows to ensure accurate semi-annual submissions to the CSSF.
Train relevant compliance, risk, and finance teams on changes; document compliance confirmations for audit trails.

Key Dates

17 December 2018

- Original issuance of Circular CSSF 18/703 introducing semi-annual reporting

25 March 2026

- Publication date of Circular CSSF 26/908 (today)

Compliance Impact

Urgency: Medium - This is a targeted amendment to existing reporting obligations rather than a new regime, reducing immediate disruption, but non-compliance risks supervisory scrutiny, fines, or enhanced monitoring given CSSF's focus on real estate risk. It matters for maintaining accurate credit risk data, especially in a potentially volatile residential property market, supporting broader prudential stability.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Prudential / Capital Requirements Reporting & Disclosure

Bank

Mortgage & Lending Banking & Credit Consumer Credit

🇱🇺 CSSF Guidance high

March 25th 2026

Technical FAQ on CSSF Regulation No 20-08 on borrower-based measures for residential real estate credit (track changes) (Updated)

Version of 9 March 2026

AI Analysis

The CSSF Technical FAQ on Regulation No 20-08 provides implementation guidance on **loan-to-value (LTV) limits for residential real estate credit in Luxembourg**, establishing borrower-based macroprudential measures designed to limit leverage in the mortgage market. This guidance is critical for lenders operating in Luxembourg as it clarifies how to calculate own funds, determine LTV compliance, and apply temporary portfolio exemptions that have been extended through June 30, 2025.

What Changed

The most recent update (March 9, 2026) to the Technical FAQ reflects the regulatory framework established by CSSF Regulation No 20-08 (as modified by Regulation No 24-10).
First-time buyers: LTV limit of up to 100%
Other buyers: LTV limit of 90%, implemented via portfolio allowance Buy-to-Let Residential Loans:
Standard LTV limit of 80%
Temporary exemption (until June 30, 2025): Lenders may apply LTV ratios up to 95% for up to 10% of annual production Other Residential Real Estate Loans:

Suggested Considerations

*For all lenders:
*Verify LTV compliance calculations for all new residential mortgage originations using the framework specified in the FAQ, ensuring own funds are calculated as actual equity contributions from borrowers
*Implement dual LTV tracking for borrowers financing new property through sale of existing property, ensuring compliance with both interim and final LTV ratios
*Document own funds sources carefully, particularly when cash collateral or sale proceeds are used, as these are only permitted for loans with initial LTV below 100%
*Prepare for June 30, 2025 transition by:

Key Dates

December 3, 2020

- CSSF Regulation No 20-08 originally published

January 1, 2021

- Regulation and LTV limits became effective for residential real estate credit on Luxembourg territory

May 21, 2024

- CSSF Regulation No 24-04 introduced temporary adjustments to LTV limits

December 30, 2024

- CSSF Regulation No 24-10 extended temporary adjustments

January 7, 2025

- Most recent Technical FAQ version published (prior to March 9, 2026 update)

Compliance Impact

Urgency: HIGH

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Prudential / Capital Requirements Consumer Protection / Conduct Reporting & Disclosure

BankFintech

Investment Management Wealth & Private Banking Capital Markets & Trading

🇱🇺 CSSF Guidance high

March 25th 2026

Circular CSSF 18/703 (as amended by Circulars CSSF 20/737, 21/772 and 26/908) (Updated)

on the introduction of a semi-annual reporting of borrower-related residential real estate indicators

AI Analysis

Circular CSSF 18/703 introduces semi-annual reporting requirements for Luxembourg-based lenders on borrower-related residential real estate (RRE) indicators to monitor macroprudential risks in the RRE lending market, in line with ESRB Recommendation 2016/14 (as amended). It matters for compliance because it mandates data collection via a dedicated CSSF template, with exclusions only for banks below EUR 10 million in outstanding RRE exposures, ensuring supervisory oversight of lending standards. The circular has been iteratively amended (CSSF 20/737, 21/772, 26/908), with the latest update on 25 March 2026 refining reporting processes.

What Changed

- Original Scope (CSSF 18/703, 17 Dec 2018): Requires semi-annual reporting of RRE indicators for loans secured by Luxembourg residential real estate (existing dwellings, under construction,...
Amendment CSSF 20/737 (19 Feb 2020): Clarified reporting thresholds and processes; banks with total outstanding RRE exposure ≤ EUR 10 million are exempt from reporting (no zero report needed if no...
FAQ (19 Feb 2020): Specifies reporting for new exposures (Jan-Jun or Jul-Dec) and outstanding exposures as of 30 June/31 Dec; exemption applies only if exposure < EUR 10 million.
Amendment CSSF 21/772 (10 May 2021): Further refinements to data template and indicators.
Amendment CSSF 26/908 (25 Mar 2026): Latest update to reporting template and processes, effective immediately given publication date. Data is collected via a CSSF template on the website, focusing on...

Suggested Considerations

Download and use the dedicated RRE data template from the CSSF website (https://www.cssf.lu/en/Document/circular-cssf-18-703/).
Assess total outstanding RRE exposure; if > EUR 10 million, collect data on new/outstanding exposures per reference dates (30 Jun/31 Dec).
Ensure IT systems store/process RRE indicators (e.g., borrower debt metrics, collateral details) for semi-annual extraction.
Submit reports to CSSF in April/October; review amendments (20/737, 21/772, 26/908) and FAQ for updates.
For exempt banks: Confirm eligibility annually; no zero report required.

Key Dates

17 Dec 2018

Original Circular CSSF 18/703 published; reporting obligation introduced

19 Feb 2020

Latest update on the AML/CFT standardised data collection

AI Analysis

This CSSF circular letter addresses the 2026 AML/CFT standardised data collection exercise, aligning with AMLA's EU-wide initiatives by adopting AMLA-developed templates for most supervised entities while requiring specialised professionals to use CSSF-specific forms. It matters for Luxembourg financial firms as it mandates reporting on ML/TF risks and mitigation measures to support consistent EU supervision, with recent delays emphasizing preparation needs amid evolving templates.

What Changed

- CSSF adopts AMLA-developed data collection templates for credit institutions, investment firms, and investment fund managers (excluding specialised professionals), replacing its prior questionnaire...
Entities selected for AMLA's mandatory calibration exercise (notified directly by CSSF) must report quantitative and qualitative ML/TF risk data; non-selected entities still report via AMLA templates...
Launch delayed from 2 March 2026 due to AMLA's consultation feedback on templates and guidance; new timelines and final questionnaire to be announced, but AMLA maintains 15 April 2026 submission for...
Specialised professionals of the financial sector complete a separate CSSF questionnaire, launching earlier on 23 February 2026 (subject to delay).

Suggested Considerations

Monitor CSSF communications for final questionnaire, launch dates, and eDesk access; prepare data on 2025 ML/TF risks and mitigation using current AMLA draft (not for submission).
Selected AMLA calibration participants: Compile and submit quantitative/qualitative data via eDesk by 15 April 2026; attend 13 March webinar.
Non-selected credit/financial institutions: Complete AMLA templates on ML/TF risks/mitigation for 2025 via eDesk upon launch.
Specialised professionals: Prepare CSSF-specific questionnaire ahead of (delayed) 23 February launch.
All: Ensure resources for timely reporting; review internal AML/CFT risk assessments for consistency with EU standards.

Key Dates

23 February 2026

- Planned launch for specialised professionals' CSSF questionnaire (delayed per 11 March update)

2 March 2026

Table listing the professional activities and the mandates performed

AI Analysis

This CSSF publication is an updated table (in XLSX format) listing standardized professional activities and mandates for members of the management body/governing body and conducting officers, as required under points 105 and 107 of Circular CSSF 18/698. It matters because it ensures consistent, transparent reporting of senior personnel roles in Luxembourg investment fund managers (IFMs), supporting governance, conflict-of-interest management, and CSSF supervisory oversight. Compliance professionals must use this list to standardize disclosures in authorization files and ongoing reporting.

What Changed

The document was originally published on 14 January 2019 and updated on 12 March 2026, reflecting revisions to the predefined list of professional activities and mandates[Source URL].
Alignment with Circular CSSF 18/698 requirements for IFMs (management companies for UCIs and AIFs), specifying reportable roles like those in collective portfolio management, risk management,...
Emphasis on detailed documentation of mandates to demonstrate fitness, properness, and avoidance of conflicts, including for shareholders with qualifying holdings.
No entirely new requirements introduced, but the update likely incorporates evolving governance expectations, such as enhanced delegate oversight and AML/CFT compliance officer designations.

Suggested Considerations

Download and use the XLSX table: Incorporate the exact list of activities/mandates into internal templates for reporting management body and conducting officer roles[Source URL].
Update authorization and notification files: Include detailed CVs, criminal record extracts, wealth declarations, and organization charts for relevant personnel/shareholders; notify CSSF of changes (e.g., qualifying holdings, guarantees).
Conduct fit-and-proper assessments: Ensure declarations cover all listed mandates, demonstrating no conflicts and adequate resources; perform initial/ongoing due diligence on delegates.
Annual compliance review: Document roles in compliance monitoring plans, training, and reporting to senior management/CSSF; align with delegate oversight (e.g., risk-based monitoring of compliance, audit functions).
Policy updates: Revise governance policies to reflect the updated list, including AML/CFT officer designations and own funds proofs.

Key Dates

23 August 2018

- Publication of underlying Circular CSSF 18/698, setting baseline requirements

14 January 2019

- Original publication of the list

12 March 2026

- Latest update to the list, requiring immediate review and integration into reporting processes[Source URL]

End of May (post DEADLINE

financial year); - Compliance deadline for Circular 18/698 obligations, including governance reporting (e.g., 5 months after year-end)

Compliance Impact

Urgency: High – The March 12, 2026 update coincides with today's date, demanding immediate review to avoid supervisory findings during CSSF inspections or authorization processes. Non-compliance risks authorization delays, fines, or reputational damage, as Circular 18/698 emphasizes robust governance in a heightened scrutiny environment for IFMs (e.g., delegate oversight, AML).

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Senior Managers / Governance Reporting & Disclosure Authorisation & Licensing

Asset ManagerBankAll Firms

Investment Management Wealth & Private Banking

🇱🇺 CSSF News

March 11th 2026

Global situation of undertakings for collective investment at the end of January 2026

Press release 26/05

Sectors:

Topics:

Reporting & Disclosure Authorisation & Licensing

Asset ManagerWealth Manager

🇱🇺 CSSF Guidance medium

March 11th 2026

Circular letter

Delay in the 2026 AML/CFT standardised data collection

AI Analysis

The CSSF circular letter dated 11 March 2026 announces a delay in its planned AML/CFT standardised data collection exercise originally scheduled for 2026, primarily due to overlap with a concurrent broad-scope data collection by the European Anti-Money Laundering Authority (AMLA). This matters for compliance professionals as it reduces immediate reporting burdens on supervised entities, promotes regulatory simplification, and aligns Luxembourg practices with emerging EU AML/CFT methodologies, allowing firms to redirect resources to the mandatory AMLA exercise.

What Changed

- Postponement of CSSF-specific questionnaire: The CSSF has decided not to proceed with its own AML/CFT standardised data collection for most supervised entities (credit institutions, investment...
Exception for specialised professionals: Specialised professionals of the financial sector (e.g., certain non-credit institutions) remain subject to a CSSF-specific questionnaire, though timelines...
Rationale tied to AMLA calibration exercise: Entities selected for AMLA's 2026 calibration exercise (notified directly by CSSF) must complete it regardless; non-selected entities were to use AMLA...
Potential for ad-hoc requests: CSSF reserves the right to issue targeted questionnaires later in 2026 for essential data points not covered by AMLA. These changes supersede the 12 February 2026...

Suggested Considerations

Monitor CSSF updates: Await forthcoming communications on revised modalities, new timelines, and any ad-hoc requests via eDesk platform.
Prioritize AMLA obligations: Selected entities must prepare quantitative/qualitative ML/TF risk data per draft RTS on risk assessments (Article 40(2) of Directive (EU) 2024/1640); non-selected entities focus on AMLA templates for 2025 risks/mitigation.
Specialised professionals: Continue preparations for CSSF-specific questionnaire, confirming any shifts post-delay.
Internal review: Assess ML/TF risk profiles, mitigation measures, and reporting readiness in light of EU alignment; update compliance calendars to reflect simplification.
No immediate submissions: Stand down from original 2 March/15 April deadlines unless individually notified otherwise.

Key Dates

TBD 2026

Potential ad-hoc CSSF questionnaires for essential data points

23 February 2026

Administrative sanction imposed on a réviseur d’entreprises agréé

AI Analysis

The CSSF imposed an administrative sanction on 2 December 2025 against an approved statutory auditor (*réviseur d’entreprises agréé*) for breaches of professional obligations, likely related to continuing education requirements under Luxembourg's Audit Law, mirroring patterns in recent similar cases. This enforcement action underscores the CSSF's rigorous oversight of audit professionals, emphasizing compliance with ongoing training mandates to maintain audit quality and market integrity. Compliance professionals should note it as evidence of heightened scrutiny on non-delegable professional duties.

What Changed

This is not a regulatory change or new requirement but an enforcement action applying existing rules under point f) of Article 43(1) read with point a) of Article 43(2) and Article 44 of the Law of 23 July 2016 on the audit profession (Audit Law), alongside CSSF Regulation N°16-10 on continuing education.

Suggested Considerations

Immediate self-audit: Statutory auditors must verify personal compliance with continuing education hours under CSSF Regulation N°16-10, documenting hours against Article 3(1) requirements and submitting evidence if requested.
Remediation plan: If shortfalls identified, complete deficit training promptly and notify CSSF of corrective measures, as seen in related governance cases where entities implemented remediation.
Internal training programs: Audit firms should enhance monitoring of auditor CPE (continuing professional education) logs, integrating CSSF controls akin to Article 10 of the Audit Law.
Fit-and-proper reviews: Boards and compliance officers assess auditor qualifications, escalating any gaps to CSSF per professional obligations.
Record retention: Maintain verifiable CPE records for at least the reference period plus CSSF inspection windows (typically 3-5 years).

Key Dates

31 December 2024 DEADLINE

- Likely reference period end for continuing education non-compliance (inferred from identical prior case)

2 December 2025

- Date of administrative sanction imposition by CSSF

6 March 2026

- Publication date of the sanction notice (today's date, aligning with CSSF practice for transparency under Article 48(2) of the Audit Law)

Compliance Impact

Urgency: Medium. This matters as a signal of CSSF's proactive controls on auditor CPE, with fines starting at EUR 1,500 for initial breaches but scaling with severity/duration; repeated actions (e.g., multiple 2025 sanctions) indicate rising enforcement tempo, risking broader audit ecosystem scrutiny. Affected parties face direct fines and reputational harm, while others must prioritize CPE to avoid chain-reaction liabilities in financial reporting.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Authorisation & Licensing Senior Managers / Governance Reporting & Disclosure

Topics:

All Firms

🇱🇺 CSSF Enforcement medium

March 6th 2026

Administrative sanction of 2 December 2025

Administrative sanction imposed on a réviseur d’entreprises agréé

AI Analysis

The CSSF imposed an administrative sanction on 2 December 2025 against an approved statutory auditor (*réviseur d’entreprises agréé*) for breaches of professional obligations, likely related to continuing education requirements under Luxembourg's Audit Law, mirroring patterns in recent similar cases. This enforcement action underscores the CSSF's rigorous oversight of audit professionals, emphasizing compliance with ongoing training mandates to maintain audit quality and market integrity. Compliance professionals should note it as evidence of heightened scrutiny on non-compliance with minimum continuing education hours.

What Changed

No new regulatory changes are introduced; this is an enforcement action applying existing rules under point f) of Article 43(1) read with point a) of Article 43(2) and Article 44 of the Law of 23 July 2016 concerning the audit profession (Audit Law), alongside CSSF Regulation N°16-10 on continuing education for statutory auditors. Breaches typically involve failing to meet the minimum total hours of continuing education by the reference period end (e.g., December 31, 2024, as in a comparable August 2025 case).

Suggested Considerations

Statutory auditors must immediately verify compliance with Article 3(1) of CSSF Regulation N°16-10, ensuring minimum continuing education hours are met for relevant periods.
Audit firms should conduct internal audits of training logs and implement remediation plans, including supplementary training if deficits exist.
All affected parties must report any identified breaches to CSSF proactively and retain evidence of corrective actions, as CSSF controls under Article 10 of the Audit Law can trigger fines.

Key Dates

AI Analysis

The CSSF imposed an administrative sanction on 8 October 2025 against an unnamed investment firm, as detailed in a publication released on 4 March 2026. This enforcement action underscores CSSF's rigorous oversight of investment firms, particularly in areas like AML/CFT compliance, conduct rules, and organizational requirements, serving as a warning for similar entities to strengthen cooperation and internal controls. It matters because it highlights escalating fines for repeated or material breaches, potentially influencing supervisory expectations across Luxembourg's financial sector.

What Changed

No new regulatory changes or requirements are introduced; this is an enforcement action applying existing rules.
Failure to cooperate with CSSF requests, e.g., not submitting required AML/CFT questionnaires by deadlines, violating Article 5(1) of the amended Law of 12 November 2004 on AML/CFT.
Non-compliance with investment policies, organizational requirements, or conduct rules under the UCI Law (e.g., Articles 41, 43, 109), including improper broker exposures or valuation failures.
These reflect ongoing enforcement of established frameworks like the AIFM Law, UCI Law, and AML/CFT Law, with fines calibrated by factors like breach duration, firm size, cooperation level, and prior...

Suggested Considerations

Enhance cooperation protocols: Implement automated tracking for CSSF requests (e.g., questionnaires) with escalations for reminders; document all responses.
Review investment compliance: Audit broker exposures, valuation processes, and subscription/redemption controls against UCI Law Articles 41-43, 109; suspend dealings if uncertainties arise.
Strengthen governance: Conduct gap analyses on internal controls, risk assessments, and reporting for depositary/oversight functions per AIFM Law Article 19(9) and CDR 231/2013.
Training and monitoring: Roll out firm-wide training on AML/CFT obligations (Article 5(1)) and perform reconciliations of assets/records; prepare for on-site/off-site CSSF inspections.
Self-reporting: Proactively disclose prior breaches to mitigate fine severity.

Key Dates

10 January 2025

- Date of prior depositary oversight fine

4 April 2025 DEADLINE

No description available.

AI Analysis

The CSSF published guidance on 2 March 2026 specifying minimum documents and information required for assessing shareholding structures of authorised Investment Fund Managers (IFMs) during initial authorisation and subsequent modifications, covering both qualified and non-qualified shareholders. This matters because incomplete submissions will not be processed, potentially delaying authorisations or amendments amid ongoing CSSF scrutiny of governance and ownership in Luxembourg's fund sector.

What Changed

- Minimum Document Requirements: Establishes a mandatory list of documents for each new shareholder candidate, differentiated by type (e.g., natural person, legal person, beneficial owner,...
Additional Mandatory Submissions: For changes involving qualified holdings (entry, increase/decrease, removal), requires updated group structure charts, MEF (in some cases), financing information,...
Enforcement Mechanism: From 2 March 2026, applications lacking these minimums are deemed incomplete, halting analysis until fully submitted.
No prior formalised list existed in this detail for IFMs, shifting from case-by-case to standardised requirements.

Suggested Considerations

Review Guidance: Download and study the XLSX document (Version 1.0) detailing per-shareholder/per-change requirements.
Prepare Complete Packages: For initial authorisation or amendments, compile minimum docs (e.g., IDs for beneficial owners/PEPs, group charts, financing details, MEF, fees); use *MEF templates where noted.
Submit Fully: Ensure all minimums included in future filings to avoid delays; anticipate CSSF requests for extras.
Internal Processes: Update compliance checklists, train teams on shareholder due diligence, and integrate into authorisation workflows.

Key Dates

2 March 2026

Publication and effective date; Guidance applies immediately; incomplete applications received on/after this date will not start processing until complete

Compliance Impact

Urgency: High – Effective immediately on publication (2 March 2026), with strict non-processing of incomplete files risking significant delays in time-sensitive authorisations/amendments. Matters for maintaining operational timelines in competitive fund markets, where CSSF oversight of IFM ownership ties to broader governance expectations (e.g., board composition, qualifications).

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Authorisation & Licensing Senior Managers / Governance Reporting & Disclosure

Topics:

Asset Manager

Senior Managers / Governance Reporting & Disclosure

🇱🇺 CSSF Guidance high

March 2nd 2026

Guidance on the documents and information to be submitted for the assessment of the shareholding structure of authorised IFMs – initial authorisation and modification of an authorised IFM (qualified and non-qualified shareholders)

Version 1.0

AI Analysis

This CSSF guidance (Version 1.0, published 2 March 2026) specifies the minimum documents and information required for assessing shareholding structures of authorised Investment Fund Managers (IFMs) during initial authorisation or modifications involving qualified and non-qualified shareholders. It standardises submissions to ensure completeness, with incomplete applications rejected until fully provided, enhancing regulatory efficiency and scrutiny of ownership changes. Compliance professionals must prioritise this to avoid delays in authorisation processes for Luxembourg-domiciled IFMs.

What Changed

- Minimum Document Lists: Introduces detailed checklists in an XLSX format covering candidate shareholder documents (e.g., ID, CV, declarations of honour (DH), criminal records (CR) for natural...
Differentiation by Shareholder Type: Requirements vary by natural/legal person, beneficial owner, direct/indirect qualified/unqualified shareholders, and involvement in financing (e.g., "Yes, if PEP...
Other Mandatory Submissions: For qualified holding changes (entry, increase/decrease, removal), requires updated group structure charts, Market Entry Forms (MEF), financing details, and fee forms;...
Enforcement Mechanism: From 2 March 2026, incomplete submissions halt analysis until remedied; CSSF may request additional info.

Suggested Considerations

Prepare Complete Packages: For each new shareholder candidate, compile type-specific docs (e.g., ID/CV/DH/CR for direct unqualified shareholders; financing proof if indirect qualified lacks resources).
Submit Core Items: Always include updated group structure chart, MEF (template available), acquisition financing details, fee form; classify request type (e.g., prior authorisation for qualified changes).
Initial/Modification Filings: Use XLSX guidance as checklist; ensure beneficial owner verification per Circular CSSF 19/732.
Ongoing: Notify CSSF of changes; anticipate ad-hoc requests for extras like PEP declarations.

Key Dates

Banking & Credit

Topics:

Bank

Banking & Credit Investment Management Wealth & Private Banking

🇱🇺 CSSF Warning high

February 18th 2026

Warning concerning the website www.qatari.xyz

No description available.

Sectors:

Topics:

AML / Financial Crime Consumer Protection / Conduct Authorisation & Licensing

BankWealth ManagerFintech

Banking & Credit Investment Management Wealth & Private Banking

🇱🇺 CSSF News low

February 18th 2026

CSSF Newsletter No 301 – February 2026

No description available.

Sectors:

Topics:

AML / Financial Crime Prudential / Capital Requirements Reporting & Disclosure

BankAsset ManagerWealth Manager

Banking & Credit Payments & E-Money

No description available.

Sectors:

Topics:

Reporting & Disclosure Operational Resilience / Outsourcing

BankPayment Provider

Banking & Credit Payments & E-Money Investment Management

🇱🇺 CSSF Guidance high

February 17th 2026

FAQ concerning the Luxembourg Law of 17 December 2010 relating to undertakings for collective investment (Updated)

Version 23

AI Analysis

This CSSF FAQ (Version 23, updated 17 February 2026) provides interpretive guidance on the Luxembourg Law of 17 December 2010 relating to undertakings for collective investment (UCIs), covering UCITS, Part II UCIs, SIFs, and SICARs. It matters for compliance professionals as it clarifies authorisation processes, investment rules, and supervisory expectations, ensuring alignment with evolving EU frameworks like AIFMD and MiCAR. The update, effective today, addresses recent regulatory shifts including crypto-asset integration.

What Changed

- Authorisation Requirements: UCIs require CSSF approval of constitutive documents (articles, management regulations), depositary selection, and management company/AIFM applications for contractual...
Crypto-Asset Updates (aligned with separate but related FAQ Version 7): Replaces "virtual assets" with "crypto-assets" per MiCAR (EU 2023/1114); UCITS and retail AIFs (non-well-informed investors)...
Investment Policies and Liquidity Management: Funds must detail objectives, strategies, asset classes, restrictions, borrowing, and conflicts; look-through for intermediary vehicles per ESMA/AIFMD...
Risk Spreading Exemptions: Limits do not apply to OECD/EU-guaranteed securities or UCIs with comparable risk-spreading.
Depositary Role in Crypto: Luxembourg depositaries can custody crypto-assets with safeguards and CSSF notification; responsibility varies by model (depositary or MiCAR provider).

Suggested Considerations

Review and Update Documents: Align UCI constitutive documents, investment policies, and sales documents with clarified rules on strategies, LMTs, conflicts, and risk-spreading; apply look-through for intermediaries.
Crypto-Specific: For >10% NAV exposure, apply for "Other-Other Fund-Crypto-assets" extension (custody, valuation, AML/CFT plans, expertise); notify CSSF for depositary crypto custody; implement heightened AML/CFT due diligence per FATF/Luxembourg assessments.
Authorisation/Amendments: Submit for CSSF approval on new setups, manager changes, or sub-funds (esp. SICAV multi-sub-funds with EU cross-border services).
Governance and Reporting: Ensure RC/RR demonstrate crypto risk understanding; update disclosures for investors on risks, LMTs, and fair treatment.
Ongoing Compliance: Use FAQ/Compilation for RAIFs/SIFs/SICARs/Part II UCIs; auditors/managers confirm tax-exempt status for SICARs.

Key Dates

20 May 2025

AML/CFT standardised data collection taking place in 2026

AI Analysis

The CSSF Circular Letter 2026-02-12 announces a standardized data collection exercise on AML/CFT for supervised entities, scheduled for 2026, aimed at enhancing regulatory oversight of money laundering and terrorist financing risks. This matters because it signals intensified CSSF scrutiny on AML/CFT compliance, requiring firms to prepare structured data submissions that could inform future supervisory actions, risk assessments, and enforcement. As part of broader CSSF AML/CFT initiatives, non-compliance risks fines or heightened inspections.

What Changed

- Introduction of standardized AML/CFT data collection: CSSF mandates uniform reporting formats for collecting data on AML/CFT risks, controls, and practices across supervised sectors, building on...
Alignment with ongoing AML/CFT enhancements: Complements recent governance-focused circulars (e.g., Circular 26/906 on central administration and risk management for payment/e-money institutions) by...
No explicit new obligations beyond preparation for data submission, but implies deeper integration of tax-related AML indicators and sub-sector risk updates, as seen in related CSSF activities.

Suggested Considerations

Assess and document AML/CFT data readiness: Inventory current risk assessments, transaction monitoring logs, KYC processes, SAR filings, and third-party oversight records in standardized formats; map to proportionality factors (e.g., transaction volumes, outsourcing).
Update governance and controls: Ensure compliance functions have independence, direct board reporting, and audit coverage of AML/CFT; test ICT resilience for monitoring continuity.
Conduct internal reviews: Perform gap analyses against Circular 26/906 (e.g., fund safeguarding, escalation protocols) and recent conference topics (e.g., terrorist financing, tax indicators); remediate deficiencies with board-approved plans.
Prepare for submission: Designate resources for data compilation; cooperate fully with CSSF/FIU requests, including transfer-of-funds information under EU 2015/847.
Engage auditors: Leverage approved auditors for validation of AML/CFT effectiveness ahead of collection.

Key Dates

2026 (exact date TBD) DEADLINE

AML/CFT standardised data collection exercise; Firms must submit required data during this period; preparation recommended immediately given today's date (12 February 2026)

20 January 2026 DEADLINE

Issuance of related Circular 26/906; Establishes governance baselines (e.g., compliance independence, risk proportionality) informing data collection expectations

26 January 2026

CSSF AML/CFT Conference for Specialised PFS; Provided updates on sub-sector risks, terrorist financing reviews, and FIU insights relevant to data preparation

28 January 2026 DEADLINE

Conference materials published; Available for download to guide compliance alignment

Compliance Impact

Urgency: High – With data collection in 2026 underway today (12 February 2026), firms face immediate preparation needs amid recent enforcement (e.g., EUR 102,000 fine on depositary for AML-related gaps) and conferences signaling sub-sector focus. This elevates AML/CFT as a supervisory priority, potentially triggering on-site inspections, fines, or remediation orders for inadequate data/risks; proactive alignment prevents escalation in a risk-based regime.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

AML / Financial Crime Reporting & Disclosure Senior Managers / Governance

BankPayment ProviderAll Firms

🇱🇺 CSSF Guidance low

February 12th 2026

FAQ concerning Master/Feeder Structures (Updated)

Version 3

AI Analysis

This CSSF FAQ (Version 2, July 2013, with updates through 24 June 2013 and 11 July 2013) provides guidance on master-feeder structures for UCITS funds under the Luxembourg Law of 12 July 2010 (the "2010 Law"), addressing financial reporting, performance disclosure, and operational requirements. It matters for Luxembourg-domiciled UCITS managers and depositaries as it clarifies compliance with UCITS Directive rules on aggregation of charges, audit irregularities, and past performance in cross-border master-feeder setups, reducing ambiguity in documentation and investor communications.

What Changed

- Financial reporting for aggregate charges (Art 82(2) 2010 Law): When master and feeder UCITS have different year-ends, feeder must present master charges for the same period if possible; otherwise,...
Disclosure of irregularities (CSSF Regulation 10-05 Art 27(e)): Present in notes to financial statements or "other information" section of annual report.
Past performance rules (Art 159(3)c) 2010 Law and Commission Regulation (EU) 583/2010): Feeders converting to new masters cannot refer to pre-conversion past performance; masters converting from...
Document is periodically updated; CSSF reserves right to alter positions—firms must monitor website.

Suggested Considerations

Review and amend master-feeder agreements (per Art 79(1) 2010 Law) to require masters provide charge/fee data to feeders.
Ensure financial statements/annual reports disclose irregularities in specified sections and aggregate charges with audit report caveats if periods misalign.
Update KIIDs and marketing materials for past performance compliance, disclosing conversions/material changes per Regulation 583/2010 Articles 17, 19, 35.
Implement processes for ad hoc financial statements when accounting years differ, allocating audit/preparation fees appropriately.
Monitor CSSF website regularly for FAQ updates.

Compliance Impact

Urgency: low—This 2013 guidance (Version 2) is outdated relative to 2026, with no new enforcement actions noted, but remains relevant for legacy UCITS master-feeder structures under the 2010 Law. It matters for audit/financial close processes and investor disclosures to avoid CSSF scrutiny, particularly in cross-border setups where ESMA UCITS rules apply; non-compliance risks reporting errors or investor complaints.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Reporting & Disclosure Authorisation & Licensing

Topics:

Asset Manager

🇱🇺 CSSF Guidance high

February 12th 2026

CSSF FAQ – Use of Securities Financing Transactions by UCITS (Updated)

This publication is a CSSF FAQ in relation to the use by Luxembourg-domiciled UCITS of the following Securities Financing Transactions: securities lending transactions, reverse repurchase agreement transactions and repurchase agreement transactions. The objective of the FAQ is to bring further clarity concerning the use by UCITS of these SFTs, thereby taking into account the applicable regulatory framework as well as the supervisory experienced gained by the CSSF over the last years.Version 2

AI Analysis

This CSSF FAQ (Version 2) provides guidance on the use of securities financing transactions (SFTs)—specifically securities lending, reverse repurchase agreements, and repurchase agreements—by Luxembourg-domiciled UCITS, clarifying regulatory requirements based on the applicable framework and CSSF's supervisory experience. It matters because it updates prior guidance to reflect evolved practices, helping UCITS managers ensure compliant SFT usage amid heightened scrutiny on liquidity, risk management, and investor protection in Luxembourg's fund sector.

What Changed

The document is an updated FAQ (Version 2), originally published on 18 December 2020 and revised on 12 February 2026, but the provided content does not detail specific changes from Version 1 beyond incorporating recent supervisory experience and regulatory framework updates. It emphasizes clarity on SFT eligibility, operational controls, and risk mitigation for UCITS, without introducing new prohibitions or mandates visible in the summary; full details require accessing the PDF (201.4Kb).

Suggested Considerations

Review and update policies: UCITS managers must assess current SFT programs against the FAQ's clarifications, ensuring alignment with regulatory framework (e.g., UCITS Directive) and CSSF supervisory expectations on risk, collateral, and transparency.
Enhance disclosures: Update fund prospectuses, KIIDs, and annual reports to reflect SFT usage, risks, and revenues, per CSSF emphasis on investor clarity.
Conduct gap analysis: Audit SFT counterparties, collateral management, and liquidity tools for compliance; remediate any deviations based on gained supervisory experience.
Train staff and delegates: Implement training on updated FAQ to cover securities lending, repos, and reverse repos specifics.
Monitor ongoing use: Maintain records of SFT volumes, counterparties, and performance for CSSF inspections; integrate with broader UCI regulatory updates like risk-spreading.

Key Dates

18 December 2020

Original publication date of Version 1

12 February 2026

Update date for Version 2; (effective immediately as non-binding guidance)

Compliance Impact

Urgency: High – The 12 February 2026 update coincides with today's date, signaling immediate relevance for Luxembourg UCITS engaging in SFTs, which are common for yield enhancement but carry liquidity and counterparty risks. Non-compliance risks supervisory actions, given CSSF's focus on practical experience; firms should prioritize review to avoid findings in upcoming audits or inspections, especially amid parallel 2026 updates on UCI investments.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Prudential / Capital Requirements Reporting & Disclosure

Topics:

Asset Manager

Banking & Credit Investment Management Wealth & Private Banking

🇱🇺 CSSF News medium

February 11th 2026

DORA – Submission timeframe for register of information – eDesk Portal open as of 11 February 2026

Submission of the register of information at individual or consolidated level to the CSSF (excluding entities under the direct supervision of the ECB)

Sectors:

Topics:

Operational Resilience / Outsourcing Reporting & Disclosure Technology & Cyber

BankAsset ManagerWealth Manager

🇱🇺 CSSF Guidance high

February 11th 2026

Guidance for interpretation and resolution of CSSF error messages related to the submission of the DORA register

Guidance allowing financial entities to identify the National Competent Authority to which their register of information has to be submitted.

AI Analysis

This CSSF guidance document, published on 11 February 2026, provides detailed explanations and resolution steps for error messages encountered during the submission of the DORA Register of Information (RoI) via the eDesk portal, specifically for the 2026 submission cycle. It matters because it enables Luxembourg financial entities to ensure compliant submissions amid enhanced validation checks on more data fields, avoiding re-submission delays and supporting timely transmission to the ESAs by CSSF deadlines. Non-compliance risks supervisory scrutiny under DORA's ICT risk management framework.

What Changed

- Enhanced validation checks for the 2026 RoI submission: Applies ESA-defined checks (last updated April 2025) to more data fields to improve data quality, compared to prior cycles.
Specific error resolutions detailed, including requirements for LEI code communication to CSSF beforehand, correct reference date ('2025-12-31') in file naming, plain-CSV files in predefined .zip...
Mandatory inclusion of all tables (even empty) in FilingIndicators.csv set to 'true', with matching identification codes across parent-child records.
Builds on prior CSSF guides, emphasizing eDesk role "DORA Reporting" assignment and ESAs' technical standards. No new regulatory requirements under DORA itself; this refines technical submission...

Suggested Considerations

Assign "DORA Reporting" role in eDesk to dedicated employee(s) per user guide.
Communicate LEI code to CSSF line supervisor prior to first submission to enable upload.
Prepare RoI in plain-CSV files within .zip following ESAs' folder structure/file naming (reference date '2025-12-31'); include all tables in FilingIndicators.csv (even empty, set to 'true').
Test submissions against listed error codes (e.g., ICTO007 for LEI, identification mismatches); resolve per guidance sections (e.g., Sections 3.2.2, 5.1.2, 6).
Consult ESAs' EBA resources (data point model, validation rules, FAQs) and CSSF guides (e.g., submission guide, guidance tables).

Key Dates

30 April 2025 DEADLINE

- CSSF re-submission deadline post-validation for 2025; analogous for 2026 if errors detected

May 2025

No description available.

AI Analysis

This CSSF communiqué announces the availability of updated UCI Reports (SAQ, SR, and ML) under Circular CSSF 21/790 on the eDesk platform's CISERO module for specific 2026 year-ends, with key enhancements focused on valuation, NAV determination, and risk-based streamlining. It matters for Luxembourg UCIs as it reflects evolving supervisory priorities, aligns with EU directives like Directive (EU) 2024/927, and imposes refined self-assessment obligations to bolster resilience in stressed conditions and liquidity management.

What Changed

- SAQ Updates (Valuation Section): New questions on valuation policies for stressed market conditions/exceptional circumstances; coverage for new sub-funds/strategies; independent validation of...
SAQ Simplifications and Clarifications: Removed questions on sub-funds with significant non-standard OTC derivatives, unquoted assets, or external valuer OTC FDIs (including NAV proportions); refined...
SAQ NAV Determination: Updated Liquidity Management Tools (LMTs) sub-section to align with Annexes of AIFM/UCITS Review Directive (Directive (EU) 2024/927); added question on compliance with ESMA...
SR Streamlining: Removed procedures in investment compliance (e.g., eligibility assessments for closed-ended funds, structured instruments, non-plain vanilla OTC derivatives; credit quality for money...
Reports for year-ends after 30 April 2026 available three months prior.

Suggested Considerations

Access updated Reports on eDesk CISERO module immediately and review changes vs. 31 December 2025 versions.
Update valuation policies/procedures to explicitly cover stressed conditions, new sub-funds/strategies, model validations, and backtesting; document compliance.
Revise NAV processes for LMT alignment with Directive (EU) 2024/927 Annexes and ESMA performance fee guidelines; confirm for open-ended UCIs.
Dirigeants/management: Complete/validate SAQ addressing new/clarified questions; prepare for REA SR/ML review.
REAs: Perform streamlined SR procedures; issue ML on prior weaknesses with remediation timelines.

Key Dates

9 February 2026

Reports (SAQ, SR, ML) made available on eDesk CISERO for year-ends 31 January, 28 February, 31 March, 30 April 2026

16 April 2026

Administrative sanction imposed on Corestate Capital Holding S.A.

AI Analysis

The CSSF published an administrative sanction on 6 February 2026 against Corestate Capital Holding S.A., likely for breaches in regulatory compliance such as depositary duties, oversight, or governance under Luxembourg financial laws, marking a repeat enforcement action following a prior sanction in June 2025. This matters for compliance professionals as it underscores CSSF's aggressive enforcement on alternative investment fund managers (AIFMs) and depositaries, signaling heightened scrutiny on safekeeping, oversight, and internal controls to prevent systemic risks in Luxembourg's fund sector. It highlights the regulator's willingness to impose public nominative sanctions, amplifying reputational damage alongside fines.

What Changed

No new regulatory changes or requirements are introduced; this is an enforcement action enforcing existing obligations under laws like the AIFM Law of 12 July 2013 (e.g., Articles 19(8), 19(9), 19(11) on safekeeping and oversight duties), the Law of 5 April 1993 on the financial sector, and Commission Delegated Regulation (EU) No 231/2013 (CDR 231/2013, e.g., Articles 92, 94, 96 on risk assessment, valuation verification, and cash flow monitoring).

Suggested Considerations

Conduct immediate gap analysis: Review safekeeping processes for ownership verification (Article 19(8)(b) AIFM Law), ensuring transaction documentation, segregated account proofs, and full holding chain records are available at transaction points.
Enhance oversight duties: Implement risk assessments per Article 92(1) CDR 231/2013, valuation compliance checks (Article 94), and cash remittance monitoring (Article 96); appoint delegates with due diligence.
Strengthen governance: Update internal controls, procedures, and conflict-of-interest policies (e.g., director overlaps); ensure key documentation availability and evidence of controls.
Firm-wide audit: For repeat offenders like Corestate, perform root-cause analysis on prior sanctions and submit remediation plans to CSSF if inspected.
Training and reporting: Train staff on CSSF expectations; improve cooperation mechanisms to avoid AML/CFT fines for non-submission of requests.

Key Dates

20 June 2025 DEADLINE

- Prior administrative sanction imposed on Corestate Capital Holding S.A., indicating ongoing non-compliance issues

6 February 2026

- Publication date of the current administrative sanction on Corestate Capital Holding S.A., effective immediately as a public enforcement notice

Compliance Impact

Urgency: High – This represents CSSF's pattern of public nominative fines (e.g., EUR 102,000 on JTC for depositary breaches, EUR 10,000 on Capitalis for AML non-cooperation), with escalation risks for repeat violations like Corestate's back-to-back sanctions. It matters due to Luxembourg's dominance in European fund assets (over EUR 5 trillion), where governance lapses can trigger outflows, license revocation, or cross-border ESMA scrutiny; firms must act preemptively to mitigate fines (typically EUR 10,000–102,000) and reputational harm from nominative publication.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Authorisation & Licensing Senior Managers / Governance Reporting & Disclosure

Topics:

Asset ManagerAll Firms

Investment Management Crypto & Digital Assets Capital Markets & Trading

🇱🇺 CSSF Enforcement high

February 6th 2026

Administrative sanction of 6 February 2026

Administrative sanction imposed on Corestate Capital Holding S.A.

AI Analysis

The CSSF published an administrative sanction on 6 February 2026 against Corestate Capital Holding S.A., likely imposing a fine for regulatory breaches, marking a repeat enforcement action following a prior sanction on the same entity dated 20 June 2025. This matters as it underscores CSSF's intensified supervisory scrutiny on Luxembourg-based investment managers, particularly regarding governance, asset safekeeping, and oversight duties under AIFM Law, signaling heightened enforcement risks for similar firms. Compliance teams should review it for patterns in depositary and transparency violations evident in recent CSSF cases.

What Changed

No new regulatory changes or requirements are introduced; this is an enforcement action highlighting non-compliance with existing obligations under Luxembourg's AIFM Law (notably Articles 19(8), 19(9), 19(11), and 51) and related delegated regulations like CDR 231/2013. Key breaches from analogous recent CSSF sanctions include inadequate safekeeping of assets (e.g., missing ownership verification and records), failure to oversee AIFM valuation policies and cash remittance timelines, improper delegation to custodians without due diligence, and weak internal governance such as conflicts of...

Suggested Considerations

Conduct immediate gap analysis on depositary functions: Verify ownership chains, transaction documentation, segregated account reconciliations, and custodian delegations per AIFM Law Articles 19(8) and 19(11).
Enhance oversight processes: Implement risk assessments for AIF strategies, valuation policy checks, and cashflow monitoring per CDR 231/2013 Articles 92, 94, and 96.
Strengthen governance: Review internal controls, procedures, and conflicts (e.g., director overlaps with affiliates); ensure availability of control evidence.
For issuers like Corestate: Confirm compliance with half-yearly financial reporting and dissemination under Transparency Law Article 4.
Firm-wide: Perform mock CSSF on-site inspections focusing on 2022-2025 periods, given inspection timelines in recent cases.

Key Dates

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Authorisation & Licensing Prudential / Capital Requirements AML / Financial Crime

Asset ManagerHedge FundFintech

Investment Management Wealth & Private Banking

🇱🇺 CSSF Warning high

February 4th 2026

Warning concerning the website www.castleforbeswealth.com

No description available.

Sectors:

Topics:

AML / Financial Crime Consumer Protection / Conduct Authorisation & Licensing

Wealth Manager

Investment Management Wealth & Private Banking

🇱🇺 CSSF Enforcement high

February 4th 2026

Administrative sanction of 23 July 2025

Administrative sanction imposed on Genève Invest (Europe) S.A.

AI Analysis

The CSSF imposed an administrative sanction on 23 July 2025 against Genève Invest (Europe) S.A., a Luxembourg-regulated entity, for breaches of professional obligations, as detailed in a publication released on 4 February 2026. This enforcement action underscores the CSSF's focus on robust internal controls and compliance with investment rules, serving as a warning to investment firms on the consequences of organizational and conduct failures. Compliance professionals should note it as evidence of heightened CSSF scrutiny on fund managers handling client assets and counterparties.

What Changed

This is not a regulatory change or new requirement but an enforcement action highlighting existing obligations under Luxembourg law. Key breaches likely mirror patterns in recent CSSF sanctions, such as non-compliance with UCI Law provisions on investment policies (e.g., Articles 41, 43), sound accounting procedures (Article 109), and rules of conduct (Articles 111, CSSF Regulation 10-04), including improper cash deposits with unauthorized brokers and inaccurate asset valuation.

Suggested Considerations

Immediate review of counterparty due diligence: Verify licenses and financial stability of brokers/prime brokers; cease deposits with unauthorized or suspended entities per UCI Law Article 41.
Enhance valuation and accounting controls: Ensure assets (e.g., cash deposits) are valued at probable realization value per Article 28(4) UCI Law and prospectus terms; implement automated monitoring for ongoing compliance.
Conduct internal audits: Assess organizational requirements, investment policies, and conduct rules (CSSF Regulation 10-04); remediate gaps proactively, as seen in mitigated sanctions for cooperative firms.
Update governance and reporting: Document risk assessments and report prior breaches to CSSF to demonstrate cooperation, potentially reducing fine severity.

Key Dates

23 July 2025

- Date of administrative sanction imposition on Genève Invest (Europe) S.A

4 February 2026

- Publication date of the sanction document by CSSF

Compliance Impact

Urgency: High – This sanction, published today (4 February 2026), signals ongoing CSSF off-site and on-site probes into fund operations, similar to fines imposed in July 2025 on Zeus Asset Management (€18,136 for UCI breaches) and a bank (reprimand for AML gaps). It matters due to escalating enforcement—fines calibrated to turnover (e.g., 10% in Zeus case)—and risks of reputational damage, especially for wealth managers with broker exposures. Non-compliance could trigger investigations, as CSSF considers infringement duration, cooperation, and history.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Authorisation & Licensing Reporting & Disclosure Senior Managers / Governance

Asset ManagerWealth ManagerAll Firms

Banking & Credit Investment Management Wealth & Private Banking

🇱🇺 CSSF News low

February 4th 2026

Registration form for meetings with UCI Departments of the CSSF (Updated)

No description available.

Sectors:

Topics:

AML / Financial Crime Consumer Protection / Conduct Reporting & Disclosure

BankWealth ManagerAsset Manager

Senior Managers / Governance Operational Resilience / Outsourcing

🇱🇺 CSSF Guidance high

February 4th 2026

FAQ Crypto-Assets – Undertakings for collective investment (Updated)

Version 7 – 04/02/2026

AI Analysis

The CSSF has released Version 7 of its FAQ on Crypto-Assets for Undertakings for Collective Investment, updated on February 4, 2026, to reflect the entry into force of the Markets in Crypto-Assets Regulation (MiCAR). This guidance establishes binding investment limits, authorization requirements, and risk management standards for UCITS and AIFs investing in crypto-assets, fundamentally reshaping how Luxembourg-regulated collective investment schemes can engage with digital assets.

What Changed

The most significant regulatory modifications in Version 7 include: Investment Limits for UCITS UCITS may invest indirectly in crypto-assets for a maximum of 10% of their net asset value (NAV). These indirect investments are limited to transferable securities that do not embed derivatives in accordance with Article 10 of the Grand-ducal Regulation of 8. Investment Limits for AIFs AIFs open to retail investors other than well-informed investors may invest in crypto-assets for a maximum of 10% of their NAV.

Suggested Considerations

*Immediate Compliance Steps:
*Portfolio Audit: Conduct a comprehensive review of all UCITS and AIF holdings to identify current and potential crypto-asset exposures, both direct and indirect (including derivatives with crypto underlyings).
*Investment Policy Updates: Revise fund documentation, prospectuses, and investment policies to reflect the 10% NAV limits and MiCAR compliance requirements.
*Risk Management Assessment: Update risk management policies to address crypto-asset volatility, liquidity, and technological risks, with case-by-case impact assessments on fund risk profiles.
*Investor Notification: Ensure transparent and timely communication with investors regarding any crypto-asset investments or policy changes.

Key Dates

AI Analysis

The CSSF imposed an administrative fine of EUR 10,000 on registered alternative investment fund manager (AIFM) C5 S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties and serves as a warning to supervised entities on the consequences of non-compliance with supervisory requests. It matters because it demonstrates the CSSF's willingness to publish names and impose fines for procedural lapses, potentially signaling increased scrutiny on AIFMs' AML/CFT obligations amid broader regulatory focus on financial crime risks.

What Changed

This is not a regulatory change or new requirement but an enforcement precedent highlighting existing obligations under the AML/CFT Law:
Mandatory annual submission of the CSSF financial crime questionnaire by supervised entities, including registered AIFMs, as part of the cooperation duty in Article 5(1).
Fines determined per Article 8-4(1), (2)(f), and (3)(a), considering circumstances under Article 8-5(1), with publication assessed for proportionality under Article 8-6(1). No new rules introduced;...

Suggested Considerations

Immediate verification: Confirm timely submission of 2025 financial crime questionnaire (likely due April 2026 for 2025 data); review internal processes for CSSF reminders and automate alerts.
Procedural enhancements: Implement robust tracking systems for supervisory questionnaires, designate a responsible senior manager for AML cooperation, and document all responses or justifications for delays.
Training and testing: Conduct firm-wide training on AML/CFT Law Article 5(1) obligations; perform mock audits of reporting workflows, especially for registered AIFMs managing non-CSSF authorized funds.
Engagement protocol: Respond promptly to CSSF reminders; request in-person meetings if needed before fines escalate; review cooperation history to mitigate fine severity.
Policy updates: Align with CSSF Circular 25/894 for expanded AIFM reporting on unauthorized funds (notification within 10 working days for registered AIFMs).

Key Dates

4 April 2025 DEADLINE

No description available.

AI Analysis

CSSF Circular 26/906, published on 20 January 2026, establishes detailed requirements for central administration, internal governance, and risk management for payment institutions (PIs) and electronic money institutions (EMIs) in Luxembourg, repealing prior circulars IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155. It clarifies application of the amended Law of 10 November 2009 on payment services, emphasizing robust governance amid sector growth to ensure safety, efficiency, and trust. This matters for compliance as it mandates comprehensive reviews and updates to governance frameworks by mid-2026, addressing rising transaction volumes.

What Changed

The circular consolidates and updates governance rules, focusing on:
Management bodies: Responsibilities, composition, qualifications, organization, and functioning, including CSSF authorization of members based on professional experience, standing (e.g., police...
Internal control functions: Responsibilities, characteristics, organization, and execution of work for compliance officers and internal auditors, with notifications to CSSF including detailed...
Conflicts of interest: Key requirements for a management policy applicable to all staff and management body members.
New product approval: Defined key steps in the process.

Suggested Considerations

Gap analysis: Assess current frameworks against circular requirements on management bodies, internal controls, conflicts of interest, product approval, and fund safeguarding.
Updates and notifications: Review/revise governance arrangements (e.g., policies, structures); notify CSSF of management body members, compliance officers, and internal auditors with required documentation (professional experience, police records, etc.).
Implementation: Establish robust risk identification/management/monitoring/reporting processes, internal controls, and proportional arrangements (e.g., IT, outsourcing).
Documentation: Develop conflicts policy, new product approval procedures, and safeguarding rules; ensure management body authorization.
Ongoing: Maintain sound/prudent management amid growth; integrate with Law of 10 November 2009 requirements.

Key Dates

20 January 2026

- Publication date of Circular CSSF 26/906

30 June 2026 DEADLINE

- Compliance deadline: Institutions must assess/review central administration, internal governance, and risk management frameworks to ensure full compliance

Compliance Impact

Urgency: High - With ~5 months from publication (20 Jan 2026) to compliance (30 Jun 2026), firms face tight timelines for assessments, policy overhauls, and CSSF notifications, especially given repealed circulars and sector growth pressures. Non-compliance risks supervisory actions, as this fosters "sound and prudent management" in a high-volume industry; proactive reviews are essential to avoid disruptions.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Payments & E-Money

Topics:

Payment ProviderFintech

Senior Managers / Governance AML / Financial Crime Operational Resilience / Outsourcing

🇱🇺 CSSF Guidance high

January 20th 2026

Circular CSSF 26/906

Central administration, internal governance and risk management

AI Analysis

Circular CSSF 26/906, published on 20 January 2026, consolidates and clarifies Luxembourg's rules on central administration, internal governance, and risk management specifically for payment institutions, electronic money institutions, and account information service providers. It repeals prior circulars (IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155) to address growth in transaction volumes by mandating robust governance, control functions, and risk processes, enhancing safety, efficiency, and trust in these services. This matters for compliance professionals as it strengthens defenses against financial crime, operational risks, and supervisory scrutiny in a high-growth sector.

What Changed

- Consolidation and repeal: Replaces outdated circulars with unified requirements under the amended Law of 10 November 2009 on payment services, covering central administration (decision-making must...
Governance enhancements: Board approves strategy, risk appetite, AML/CFT policies, outsourcing, and information security; management implements via procedures; proportionality based on business...
Operational controls: Strict access to systems (need-to-know, least-privilege, 4-eyes validation); counterparty due diligence for custodians/insurers; full responsibility for agents, distributors,...
AML/CFT focus: Elevates compliance function independence, direct board reporting, risk-based resourcing, and oversight of third parties/opaque structures to close gaps exploited by criminals.

Suggested Considerations

Assess and update governance frameworks: Review central administration location, board/management responsibilities, risk strategy, AML/CFT policies, compliance charter, and funds safeguarding principles to align with the circular.
Confirm control functions: Ensure compliance function (CCO) has independence, resources, direct board access, and authority for investigations; justify/secure CSSF approval for part-time/dual roles.
Implement operational safeguards: Establish daily reconciliations (or justified weekly), segregation/insurance for client funds, system access controls (4-eyes, board validation for significant movements), and third-party due diligence/monitoring.
Document proportionality: Tailor governance to business risks (staff, volumes, products, outsourcing); update new product approval, conflicts policies, and business continuity/incident reporting.
Retain records and report: Board-approve all key policies; prepare for CSSF inspections on outsourcing (per Circular CSSF 22/806) and ICT risks.

Key Dates

20 January 2026

Publication date of Circular CSSF 26/906

30 June 2026 DEADLINE

Compliance deadline; Institutions must assess, review, and ensure their central administration, internal governance, and risk management frameworks fully comply with the circular

Compliance Impact

Urgency: High – With a 30 June 2026 deadline (five months from publication), firms face immediate pressure to review and remediate governance gaps amid sector growth and heightened AML/CFT scrutiny; non-compliance risks supervisory actions, fines, or license issues, especially as it closes criminal exploitation vectors like weak controls and third-party risks.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Payments & E-Money

Topics:

Payment Provider

Investment Management Wealth & Private Banking Insurance & Pensions

🇱🇺 CSSF Guidance high

January 20th 2026

Circular CSSF 26/905

Application of the Guidelines of the European Banking Authority on the management of environmental, social and governance (ESG) risks (EBA/GL/2025/01)

AI Analysis

Circular CSSF 26/905 mandates the application of EBA Guidelines (EBA/GL/2025/01) on managing **ESG risks** for Luxembourg-supervised institutions, requiring integration of environmental, social, and governance risk identification, measurement, management, and monitoring into internal processes. This aligns with CRD amendments (Articles 74, 76, 87a) and emphasizes proportionality to institutions' business models, with plans including timelines, targets, and milestones toward EU climate goals like net-zero by 2050. It matters for compliance as it embeds ESG into prudential supervision, potentially impacting capital, risk frameworks, and supervisory reviews.

What Changed

- Institutions must establish proportionate strategies, policies, processes, and systems for ESG risk management, covering short-, medium-, and long-term horizons, including transition and physical...
Develop plans per Article 76(2) CRD with specific timelines, intermediate quantifiable targets, and milestones to address ESG financial risks, consistent with EU objectives (e.g., 55% GHG reduction...
Incorporate ESG into internal governance, risk appetite, and supervisory review processes (SREP), with scenario analysis requirements (to be detailed in future EBA guidelines).
Applies minimum standards and methodologies for ESG risk identification, measurement, monitoring, and impact assessment on institutions' exposures.
No requirement for full alignment with specific sustainability trajectories, but plans must consider transition risks and institutions' ESG product offerings, loan policies, and targets.

Suggested Considerations

Map and integrate ESG risks into governance, risk management frameworks, and business strategies, proportionate to scale/risk exposure.
Develop and document ESG risk management plans with quantifiable targets, milestones, timelines, and scenario analyses (broad requirements now; detailed later).
Conduct assessments of ESG risks in portfolios, including sustainability products, transition finance, and loan origination policies, for SREP submission.
Embed in internal processes per Articles 74, 76, 87a CRD: identify/measure ESG risks (minimum standards), monitor over time horizons, and report to CSSF.
Review and update existing policies/systems for compliance by applicable dates; prepare for CSSF supervisory evaluation of plan robustness.

Key Dates

AI Analysis

The CSSF's January 2026 enforcement report documents the results of its 2025 examination campaign on 2024 financial and non-financial disclosures by issuers under Luxembourg's Transparency Law. This publication is critical for compliance professionals because it reveals systematic compliance gaps across financial reporting (IFRS), sustainability reporting (ESRS), and Alternative Performance Measures (APMs), with 27% of enforcement decisions resulting in injunctions for non-compliance.

What Changed

The regulatory landscape has evolved significantly with the introduction of new sustainability reporting requirements:
ESRS Implementation (First Year): 2024 marked the first full reporting year under the European Sustainability Reporting Standards (ESRS), with the CSSF conducting a fact-finding exercise to assess...
Taxonomy Disclosures Amendment: On 4 July 2025, the European Commission adopted a Delegated Act amending the Taxonomy Disclosures as part of the Omnibus package, affecting Article 8 of the Taxonomy...
Double Materiality Assessment (DMA) Focus: The CSSF emphasized the importance of issuers not only disclosing the results of their DMA but also explaining the process itself, including granular...

Suggested Considerations

*Financial Information (IFRS):
*Enhanced Note Disclosures: Provide sufficient disaggregation and additional information in financial statement notes for material amounts and variances, particularly where information is not presented on the face of primary statements. The CSSF emphasizes compliance with paragraph 112(c) of IAS 1.
*Cash Flow Statement Presentation: Ensure cash flows are presented on a gross basis (not net), exclude non-cash transactions, and disclose restricted cash balances with accompanying management commentary as required by paragraph 48 of IAS 7.
*Segment Reporting Completeness: Clearly disclose all income and expense items in segment reporting, even when not separately provided to or reviewed by the Chief Operating Decision Maker (CODM), if they are included in reported segment results.
*Going Concern Assessment: Maintain high transparency regarding accounting policies and judgments applied when classifying going concern assumptions.

Key Dates

5 December 2024

Electronic transmission of documents to the CSSF

AI Analysis

Circular CSSF 19/708 mandates the electronic transmission of specified documents to the CSSF via secure platforms like e-file or SOFiE, effective from February 1, 2019, replacing prior paper or other methods. This updated annex (as amended by Circular CSSF 21/790 and further revisions up to April 1, 2025) standardizes submissions for investment funds and related entities, reducing administrative burdens while ensuring document integrity and CSSF accessibility. Compliance professionals must monitor the dynamic annex list on the CSSF website to avoid nullified submissions.

What Changed

- Mandatory Electronic-Only Submission: Documents listed in Annex I must be transmitted exclusively via e-file (http://www.e-file.lu) or SOFiE...
Dynamic Annex Updates: The annex, published on the CSSF website, is regularly updated (e.g., latest noted April 1, 2025) and includes prospectuses, management regulations, annual reports, risk...
Scope Expansion: Extends beyond UCIs to securitisation undertakings (2004 Law), pension funds (2005 Law), SICARs, and Luxembourg IFMs; repeals prior Circulars CSSF 09/423 and 08/371.
Filer Responsibilities: Entities ensure documents match official final hard copies, handle content/format accuracy, and check annex updates regularly.

Suggested Considerations

Register/access e-file or SOFiE platforms if not already (test/production environments available since February 2019).
Consult and adhere to the latest Annex I for document list, nomenclatures, and formats (PDF with full functionality).
Ensure submissions are final/official versions matching hard copies; use specified identifiers for UCIs/SIFs/SICARs.
Implement processes for automatic/manual transmission (e.g., via updated sending services v4.9.0 or transmission module 6.6.0).
Train staff on responsibilities and integrate into reporting workflows; reference CSSF FAQs for closing documents.

Key Dates

28 January 2019

Publication date; of original Circular CSSF 19/708

1 February 2019

Entry into force; Mandatory electronic transmission for listed documents; non-electronic submissions null and void

22 December 2021

Amendment; by Circular CSSF 21/790

1 April 2025

Latest annex update; noted

Ongoing DEADLINE

Regular checks required; Entities must monitor CSSF website for annex updates

Compliance Impact

Urgency: Low (for new implementations post-2019; medium for ongoing monitoring). This matters for operational efficiency and CSSF relations, as non-compliance risks rejected filings, delays (e.g., approvals under SFDR processes), or supervisory scrutiny, but long-standing rule (since 2019) with established platforms reduces immediate pressure. Firms must prioritize annex vigilance to avoid disruptions in routine reporting like annual reports or prospectuses.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

Reporting & Disclosure Operational Resilience / Outsourcing Authorisation & Licensing

Asset ManagerWealth ManagerInsurance

Banking & Credit Mortgage & Lending

🇱🇺 CSSF News low

January 13th 2026

Register of EU/EEA Mortgage Credit Intermediaries operating in Luxembourg under the freedom to provide services in accordance with the Mortgage Credit Directive 2014/17/EU (Updated)

No description available.

Sectors:

Topics:

Authorisation & Licensing Consumer Protection / Conduct

Bank

Capital Markets & Trading

🇱🇺 CSSF Enforcement medium

January 12th 2026

Administrative sanction of 12 January 2026

Administrative sanction imposed on BigRep SE

AI Analysis

The CSSF imposed a €10,000 administrative fine on BigRep SE on 12 January 2026 for failing to publish its half-yearly financial report as of 30 June 2025, as required under Article 4 of Luxembourg's Transparency Law of 11 January 2008 (as amended). This enforcement action underscores the CSSF's rigorous supervision of periodic disclosure obligations for issuers with Luxembourg as their home Member State, serving as a reminder of the consequences for non-compliance with transparency requirements. Compliance professionals should note this as evidence of ongoing CSSF scrutiny on timely reporting, with potential fines scaled based on circumstances per Article 26a.

What Changed

This is not a regulatory change or new requirement but an enforcement of existing obligations under the Transparency Law of 11 January 2008 (as amended), specifically Article 4, which mandates issuers to publish half-yearly financial reports, including effective dissemination, storage on the Officially Appointed Mechanism (OAM), and filing with the CSSF. No new rules are introduced; the sanction reinforces the unchanged deadlines and processes for periodic information publication, with the CSSF acting under Article 25(2) as the competent authority.

Suggested Considerations

Issuers: Immediately review internal processes for half-yearly financial reporting to ensure compliance with Article 4, including timely publication, OAM storage, and CSSF filing; conduct gap analyses against Transparency Law deadlines.
All affected parties: Implement or enhance monitoring calendars for periodic disclosures, with automated alerts for period-ends like 30 June; perform mock filings to test dissemination and storage mechanisms.
BigRep SE specifically: Consider appeal to Tribunal administratif within 3 months if contesting the fine; remediate the specific non-compliance by publishing the overdue report if not already done.
wide actions are mandated beyond general adherence, but proactive audits are advisable given CSSF's supervisory focus.

Key Dates

30 June 2025 DEADLINE

- Period-end date for the required half-yearly financial report that BigRep SE failed to publish

12 January 2026

- Date of administrative sanction imposition by CSSF and publication of the decision

Within 3 months of 12 January 2026 DEADLINE

(i.e., by 12 April 2026) - Deadline for BigRep SE to lodge a court action with the Tribunal administratif against the sanction, per Article 27 of the Transparency Law

Compliance Impact

Urgency: Medium – This matters as a specific enforcement example in CSSF's ongoing verification of periodic information publication, signaling heightened scrutiny rather than a systemic shift. While the €10,000 fine is modest, it demonstrates fines for even isolated breaches (scaled per Article 26a), potentially escalating for repeats; firms should prioritize reporting calendars to avoid reputational harm and publication of sanctions under Article 26b(1).

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

All Firms

Banking & Credit Payments & E-Money

🇱🇺 CSSF Enforcement high

January 12th 2026

Population concerned by the enforcement

No description available.

AI Analysis

This CSSF publication, dated January 12, 2026, identifies the specific population (likely a firm or individual) subject to an enforcement action, such as an administrative sanction, as part of the CSSF's transparency in supervisory measures. It matters because it signals CSSF's active enforcement priorities, potentially in areas like AML or reporting failures, enabling firms to assess similar risks in their operations and strengthen compliance to avoid parallel actions. Published amid rising focus on financial crime typologies like sexual extortion, it underscores the regulator's commitment to public accountability.

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Topics:

AML / Financial Crime Reporting & Disclosure Authorisation & Licensing

BankPayment ProviderAll Firms

Banking & Credit Investment Management Wealth & Private Banking

🇱🇺 CSSF News high

January 12th 2026

Commission Delegated Regulation (EU) 2026/46 of 3 December 2025

amending Delegated Regulation (EU) 2016/1675 to add Russia to the list of high-risk third countries with strategic deficiencies

Sectors:

Topics:

AML / Financial Crime Prudential / Capital Requirements Authorisation & Licensing

BankAsset ManagerWealth Manager

🇱🇺 CSSF Enforcement medium

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Premium Capital Management (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on 11 September 2025 against alternative investment fund manager (AIFM) Premium Capital Management for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties, signaling heightened scrutiny on timely supervisory cooperation amid ongoing AML risks in Luxembourg. Compliance teams should view this as a reminder of the low tolerance for even administrative lapses, with potential for escalated fines in repeat cases.

What Changed

This is not a regulatory change but an enforcement precedent under existing rules: non-compliance with Article 5(1) of the AML/CFT Law, which mandates annual submission of a financial crime questionnaire ("Questionnaire") to the CSSF. The fine was calculated per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), considering circumstances under Article 8-5(1). Publication followed Article 8-6(1) after a proportionality assessment, confirming no market stability risks.

Suggested Considerations

Immediately review internal processes for annual Questionnaire submission, ensuring calendar invites and automated reminders for the 4 April deadline (covering prior year-end data).
Conduct a gap analysis on AML/CFT cooperation obligations under Article 5(1), including response protocols to CSSF reminders or queries.
Update compliance calendars and train staff on escalation procedures; document all submissions with proof (e.g., timestamps, acknowledgments).
For AIFMs: Verify CSSF registration status under Article 3(2) of the 12 July 2013 AIFM Law and align with broader AML duties.
If late, proactively submit overdue items and request meetings if needed, as non-response forfeits mitigation opportunities.

Key Dates

31 December 2024

- Reference year-end for the financial crime Questionnaire

4 April 2025 DEADLINE

- Statutory deadline for Questionnaire submission to CSSF

11 September 2025

- Date CSSF imposed the €10,000 administrative fine after non-submission despite reminders

9 January 2026

- Publication date of the sanction decision

Compliance Impact

Urgency: Medium – This €10,000 fine for a straightforward reporting failure demonstrates CSSF's willingness to penalize non-cooperation swiftly, even without aggravating factors, but the amount is modest and targeted at administrative breaches. It matters as a warning shot in Luxembourg's AML landscape, where repeated failures could trigger higher fines (up to proportionality limits under Article 8-5), reputational damage via public naming, or supervisory escalations; firms should audit 2025/2026 reporting now to preempt similar actions, especially post-NRA updates.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Authorisation & Licensing Reporting & Disclosure

Topics:

Asset ManagerHedge Fund

🇱🇺 CSSF Enforcement high

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Sunbricks GP S.à r.l. (“AIFM”)

AI Analysis

The CSSF imposed a **€10,000 administrative fine on Sunbricks GP S.à r.l.**, an alternative investment fund manager, for failing to submit a mandatory annual financial crime questionnaire by the April 4, 2025 deadline, despite two formal reminders. This enforcement action demonstrates the CSSF's strict approach to cooperation obligations under Luxembourg's anti-money laundering and counter-terrorist financing (AML/CFT) framework and signals that non-submission of required compliance documentation—even without evidence of underlying financial crime—triggers regulatory penalties.

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations:
Mandatory Annual Questionnaire Requirement: All professionals supervised, authorized, or registered by the CSSF must submit an annual questionnaire on financial crime by April 4 each year, covering...
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, which includes timely submission of requested...
Administrative Fine Framework: The CSSF applies Article 8-4 of the AML/CFT Law to impose fines for non-compliance, with amounts determined under Article 8-5 based on all relevant circumstances.

Suggested Considerations

regulated entities must:
*Establish Calendar Controls: Implement internal compliance calendars flagging the April 4 annual questionnaire submission deadline with sufficient lead time (minimum 4-6 weeks before deadline)
*Designate Responsible Parties: Assign clear ownership for questionnaire completion and submission, with backup contacts
*Prepare Documentation: Maintain contemporaneous records of financial crime controls, suspicious activity reporting, and compliance activities throughout the year to support accurate questionnaire responses
*Monitor Communications: Ensure all CSSF correspondence is tracked and escalated immediately; do not ignore reminder notices

Key Dates

April 4, 2025 DEADLINE

– Annual financial crime questionnaire submission deadline (for year ending December 31, 2024)

Before September 11, 2025

– Two reminder notices issued by CSSF to Sunbricks GP

September 11, 2025

– Administrative fine decision date; questionnaire still not submitted

January 9, 2026

– Publication date of enforcement decision

Compliance Impact

Urgency: HIGH

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Authorisation & Licensing Reporting & Disclosure

Topics:

Asset ManagerAll Firms

🇱🇺 CSSF Enforcement medium

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Capitalis Premiere Group (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) Capitalis Premiere Group on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores the CSSF's strict enforcement of AML reporting duties, signaling heightened scrutiny on timely supervisory cooperation for Luxembourg-regulated entities. Compliance teams should note this as a low-value but public reminder of potential fines for administrative lapses in AML processes.

What Changed

This is not a regulatory change or new requirement but an enforcement precedent under existing rules: non-compliance with the annual financial crime questionnaire submission, mandated by Article 5(1) of the AML/CFT Law, triggers fines per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a). The CSSF considered all relevant circumstances under Article 8-5(1) to set the €10,000 fine amount and published the sanction nominatively after proportionality assessment per Article 8-6(1), confirming no market stability risks.

Suggested Considerations

Ensure timely submission of annual financial crime questionnaires by 4 April each year (for prior calendar year data); implement calendar reminders and escalation processes for CSSF requests.
Respond promptly to CSSF reminders or queries on AML/CFT compliance to avoid escalation to fines; document any delays with justification evidence.
Review internal AML cooperation protocols, including governance for questionnaire completion, and train staff on Article 5(1) obligations; consider requesting in-person meetings if disputing CSSF demands.
No retroactive actions needed for this case, but conduct gap analysis on reporting workflows to prevent similar breaches.

Key Dates

4 April 2025 DEADLINE

- Deadline for submitting the annual financial crime questionnaire covering the year ending 31 December 2024

11 September 2025

- Date CSSF imposed the €10,000 administrative fine on Capitalis Premiere Group for non-submission

9 January 2026

- Date of CSSF publication of the sanction decision

Compliance Impact

Urgency: Medium - This €10,000 fine is modest but publicly names the firm, amplifying reputational risk in Luxembourg's competitive fund domicile; it matters as a clear CSSF signal of zero tolerance for basic cooperation failures in AML, potentially foreshadowing stricter enforcement amid EU AML harmonization pressures. AIFMs face ongoing annual risk, with non-response despite reminders treated as willful breach; firms with weak reporting controls should prioritize fixes to avoid cumulative fines or escalations.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Reporting & Disclosure Authorisation & Licensing

Topics:

Asset ManagerHedge Fund

🇱🇺 CSSF Enforcement high

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Lion Management (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on Lion Management, an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the 4 April 2025 deadline. This enforcement action demonstrates the CSSF's commitment to enforcing cooperation obligations under Luxembourg's anti-money laundering and terrorist financing framework, with direct implications for all AIFMs regarding timely compliance with supervisory reporting requirements.

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations. However, it reinforces critical compliance requirements:
Mandatory Annual Questionnaire Submission: All CSSF-supervised professionals, including AIFMs, must submit an annual questionnaire on financial crime by the specified deadline (in this case, 4 April...
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing establishes a non-negotiable obligation to cooperate with the...
Enforcement Escalation: The CSSF will issue reminders before imposing sanctions, but failure to respond to reminders results in administrative fines determined under Article 8-4 of the AML/CFT Law.

Suggested Considerations

*Establish Calendar Controls: Implement firm-wide systems to track the annual financial crime questionnaire deadline (typically 4 April for the prior calendar year)
*Designate Responsible Parties: Assign clear ownership for questionnaire completion and submission to the CSSF, with escalation procedures
*Monitor CSSF Communications: Establish protocols to immediately flag and respond to any CSSF correspondence, including reminders or requests for information
*Document Submission: Maintain evidence of timely submission (timestamps, confirmation receipts) to demonstrate compliance
*Escalate Non-Compliance Immediately: If submission cannot be met by deadline, proactively contact the CSSF to explain delays and request extensions rather than ignoring reminders

Key Dates

4 April 2025 DEADLINE

- Deadline for submission of annual financial crime questionnaire for year ending 31 December 2024

11 September 2025

- Date CSSF imposed administrative fine after two reminders went unheeded

9 January 2026

- Publication date of the administrative sanction decision

Compliance Impact

Urgency: HIGH

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Reporting & Disclosure Authorisation & Licensing

Topics:

Asset ManagerHedge Fund

🇱🇺 CSSF Enforcement high

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Max Gain Capital S.à r.l. (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on Max Gain Capital S.à r.l., an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the April 2025 deadline. This enforcement action demonstrates the CSSF's active monitoring of AML/CFT compliance obligations and its willingness to sanction non-cooperation, even for procedural failures unrelated to substantive money laundering violations.

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations:
Mandatory Annual Questionnaire Requirement: All CSSF-supervised professionals must submit an annual questionnaire on financial crime covering the preceding calendar year.
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT imposes a non-negotiable duty to cooperate with CSSF supervisory requests.
Enforcement Escalation: The CSSF will issue reminders before imposing sanctions, but continued non-compliance triggers administrative fines under Article 8-4 of the AML/CFT Law.

Suggested Considerations

regulated entities must:
*Identify Reporting Obligations: Confirm whether your firm is subject to the annual financial crime questionnaire requirement under Article 5(1) of the AML/CFT Law
*Calendar Management: Establish internal processes to ensure questionnaires are submitted by 4 April each year for the preceding calendar year
*Documentation: Maintain records demonstrating timely submission and preserve evidence of compliance
*Escalation Protocol: If unable to meet deadlines, proactively contact the CSSF to request extensions or clarification rather than ignoring reminders

Key Dates

4 April 2025 DEADLINE

- Deadline for submission of financial crime questionnaire for the year ending 31 December 2024

Before 11 September 2025 DEADLINE

- CSSF issued two reminders to Max Gain Capital after the missed deadline

11 September 2025

- CSSF imposed the €10,000 administrative fine

9 January 2026

- CSSF published the administrative sanction decision

Compliance Impact

Urgency: HIGH

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Authorisation & Licensing Senior Managers / Governance

Topics:

Asset ManagerAll Firms

🇱🇺 CSSF Enforcement high

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Agriland Management S.A. (“AIFM”)

AI Analysis

The Commission de Surveillance du Secteur Financier (CSSF), Luxembourg's financial regulator, imposed a **EUR 10,000 administrative fine on Agriland Management S.A.**, an alternative investment fund manager, on 11 September 2025 for failing to submit a mandatory annual financial crime questionnaire by the April 2025 deadline. This enforcement action demonstrates the CSSF's commitment to enforcing cooperation obligations under Luxembourg's anti-money laundering and terrorist financing (AML/CFT) framework and signals heightened scrutiny of compliance with supervisory reporting requirements.

What Changed

This is not a regulatory change but rather an enforcement action that clarifies existing obligations:
Mandatory Annual Reporting: All CSSF-supervised professionals must submit an annual questionnaire on financial crime by 4 April each year, covering the preceding calendar year.
Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT establishes a non-negotiable duty to cooperate with the CSSF, including timely submission of requested...
Enforcement Escalation: The CSSF will issue reminders for non-compliance, but continued failure to respond triggers administrative sanctions without requiring evidence of intentional misconduct.

Suggested Considerations

*Establish Reporting Calendars: Implement systems to track the 4 April annual deadline for financial crime questionnaire submissions
*Designate Responsible Personnel: Assign clear accountability for completing and submitting the questionnaire to the CSSF
*Respond to Regulatory Requests: Do not ignore CSSF reminders; engage proactively, including requesting in-person meetings if clarification is needed
*Document Justifications: If unable to meet deadlines, provide written evidence explaining the delay and proposed remediation timeline
*Monitor Supervisory Communications: Establish procedures to ensure regulatory correspondence is tracked and escalated appropriately

Key Dates

4 April 2025 DEADLINE

– Deadline for submission of financial crime questionnaire for year ending 31 December 2024

Before 11 September 2025

– Two reminder notices issued by CSSF to Agriland Management S.A

11 September 2025

– Administrative fine imposed

9 January 2026

– Sanction published by CSSF

Compliance Impact

Urgency: HIGH

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Reporting & Disclosure Authorisation & Licensing

Topics:

Asset Manager

🇱🇺 CSSF Enforcement medium

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager Bedrock I GP S.à r.l. (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) Bedrock I GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of AML reporting duties and serves as a public warning to supervised entities on timely supervisory compliance. It matters because it demonstrates that even modest fines are pursued for basic reporting lapses, potentially signaling heightened scrutiny on AIFMs' AML processes amid ongoing regulatory focus on financial crime risks.

What Changed

This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended Law of 12 November 2004 on the fight against money laundering and terrorist financing (AML/CFT Law). Specifically, it reaffirms the mandatory annual submission of the CSSF's financial crime questionnaire ("Questionnaire") by supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, as part of the cooperation duty in Article 5(1).

Suggested Considerations

Immediately verify submission status of the 2024 Questionnaire (or any outstanding); if overdue, submit promptly with justification to mitigate further escalation.
Implement automated calendar alerts and internal workflows for all CSSF reporting deadlines, including annual AML/CFT Questionnaire.
Conduct a compliance gap analysis on cooperation obligations under Article 5(1) AML/CFT Law, documenting reminder responses and evidence retention.
Train senior managers and compliance teams on supervisory interactions, including rights to request in-person meetings before fines.
Review governance for timely escalation of CSSF reminders to decision-makers.

Key Dates

31 December 2024 DEADLINE

- Reference period end for the Questionnaire covering financial crime compliance

4 April 2025 DEADLINE

- Statutory deadline for Questionnaire submission to CSSF

11 September 2025

- Date of administrative fine imposition (€10,000) after non-submission despite reminders

9 January 2026

- Publication date of the sanction decision by CSSF

Compliance Impact

Urgency: Medium - This is a post-facto enforcement on a past breach (2024 reporting cycle), with the €10,000 fine relatively low, indicating proportionality for a first-time or isolated lapse. It matters as a leading indicator of CSSF's 2025-2026 focus on AML cooperation, with multiple similar AIFM sanctions published simultaneously, risking escalated fines or reputational harm for repeat offenders; firms should prioritize reporting hygiene to avoid public naming, which CSSF deems non-disruptive to markets here.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Reporting & Disclosure Authorisation & Licensing

Topics:

Asset ManagerHedge Fund

🇱🇺 CSSF Enforcement medium

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager C5 Haven Cyber GP S.à r.l. (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on alternative investment fund manager (AIFM) C5 Haven Cyber GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite two reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of AML reporting duties and serves as a public warning to supervised entities on the consequences of non-cooperation. It matters because it demonstrates that even modest fines will be levied for procedural lapses, potentially signaling increased scrutiny on timely AML compliance submissions amid broader regulatory focus on financial crime risks.

What Changed

This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended AML/CFT Law:
Annual Questionnaire Submission: Supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, must submit an annual financial crime questionnaire...
Fine Provisions: Fines are imposed per Articles 8-4(1), 8-4(2)(f), and 8-4(3)(a), with amounts determined by relevant circumstances under Article 8-5(1); publication follows Article 8-6(1) after...

Suggested Considerations

Immediate Review: AIFMs and similar entities must verify their internal processes for annual Questionnaire submission, ensuring calendar reminders and automated tracking for 4 April deadlines.
Remediation if Late: Submit overdue Questionnaires promptly with explanations; request in-person meetings if needed, as the sanctioned AIFM failed to do so.
Process Enhancements: Implement escalation protocols for CSSF reminders, designate a senior compliance officer for oversight, and document all submissions/acknowledgments to demonstrate cooperation under Article 5(1).
Training: Conduct firm-wide training on AML/CFT cooperation duties, emphasizing that non-response leads to fines without need for justification.

Key Dates

31 December 2024

- Reference year-end for the financial crime Questionnaire

4 April 2025 DEADLINE

- Statutory deadline for submitting the Questionnaire for the year ending 31 December 2024

11 September 2025

- Date CSSF imposed the €10,000 administrative fine after noting non-submission despite reminders

9 January 2026

- Date of CSSF publication of the sanction decision

Compliance Impact

Urgency: Medium - This is a low-value fine (€10,000) for a procedural breach, not involving substantive AML failures like suspicious transactions or sanctions screening delays seen in higher fines (e.g., €185,000 on Rakuten Bank). It matters as a precedent for CSSF's willingness to publicly name-and-shame for basic non-cooperation, potentially escalating to higher penalties for repeats; with publication on 9 January 2026, firms should prioritize 2025/2026 reporting to avoid similar exposure amid CSSF's active enforcement (3192+ sanctions published).

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Reporting & Disclosure

Topics:

Asset ManagerHedge Fund

🇱🇺 CSSF Enforcement medium

January 9th 2026

Administrative sanction of 11 September 2025

Administrative sanction imposed on the alternative investment fund manager C5 S.à r.l. (“AIFM”)

AI Analysis

The CSSF imposed a €10,000 administrative fine on alternative investment fund manager C5 Haven Cyber GP S.à r.l. on 11 September 2025 for failing to submit its annual financial crime questionnaire by the 4 April 2025 deadline, despite reminders, breaching the cooperation obligation under Article 5(1) of Luxembourg's AML/CFT Law of 12 November 2004. This enforcement action underscores CSSF's strict enforcement of reporting duties in AML/CFT compliance, serving as a warning to supervised entities on the consequences of administrative delays. It matters because it highlights low-tolerance for even minor procedural lapses, potentially signaling increased scrutiny on annual reporting amid broader AML/CFT priorities.

What Changed

This is not a regulatory change or new requirement but an enforcement of existing obligations under the amended AML/CFT Law:
Article 5(1) mandates supervised professionals, including AIFMs under Article 3(2) of the Law of 12 July 2013 on AIFMs, to cooperate fully with CSSF, including submitting the annual financial crime...
Breach occurred due to non-submission of the 2024 year-end Questionnaire, with fine determined per Articles 8-4(1), 8-4(2)(f), 8-4(3)(a), and 8-5(1).
Publication of the sanction follows Article 8-6(1), after proportionality assessment to avoid market stability risks. No new rules introduced; reinforces ongoing duty to meet CSSF reporting timelines...

Suggested Considerations

Review and confirm timely submission of all pending or future CSSF financial crime questionnaires; establish automated calendar reminders for annual deadlines (e.g., 4 April for prior year-end data).
Implement escalation protocols for CSSF reminders, ensuring immediate response and submission within days, not weeks.
Conduct internal audit of AML/CFT cooperation obligations, documenting justifications for any delays and preparing evidence for potential CSSF hearings or meetings.
Update compliance policies to prioritize Article 5(1) duties, including training for responsible persons on fine risks under Article 8-4.
For AIFMs: Verify alignment with Article 3(2) of AIFM Law and integrate questionnaire processes into governance frameworks.

Key Dates

4 April 2025 DEADLINE

- Deadline for submission of financial crime Questionnaire covering year ending 31 December 2024

11 September 2025

- Date CSSF imposed €10,000 administrative fine on C5 Haven Cyber GP S.à r.l. for non-submission despite reminders

9 January 2026

- Date of CSSF publication announcing the sanction

Compliance Impact

Urgency: Medium - Matters due to CSSF's demonstrated willingness to impose and publicize fines for straightforward reporting failures, even at €10,000, which could escalate for repeat or severe cases; acts as a precedent amid rising AML/CFT enforcement (e.g., larger fines like €214,000 in similar contexts). Firms delaying submissions risk reputational damage from nominative publications under Article 8-6(1), market confidence erosion, and cumulative penalties; proactive remediation now prevents higher scrutiny in upcoming inspections.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

AML / Financial Crime Reporting & Disclosure

Topics:

Asset ManagerHedge Fund

🇱🇺 CSSF Enforcement high

January 9th 2026

Administrative sanction of 23 July 2025

Administrative sanction imposed on JTC (Luxembourg) S.A.

AI Analysis

The CSSF imposed a €102,000 administrative fine on JTC (Luxembourg) S.A. on 23 July 2025 for breaches in its professional obligations as a depositary of non-financial assets under the AIFM Law, identified during an on-site inspection from February 2023 to January 2024 covering activities up to December 2022. This enforcement action highlights CSSF's scrutiny of depositary functions, particularly risk assessment and oversight controls, serving as a warning for similar entities to strengthen compliance amid rising supervisory focus on AIFM depositaries.

What Changed

This is an enforcement action, not a regulatory change; it enforces existing requirements under Article 51(1) (1st and 7th indents) and Article 51(2) (1st sub-paragraph, 3rd indent) of the amended Law of 12 July 2013 on AIFMs (AIFM Law), and related provisions like Article 92(1) of Commission Delegated Regulation (EU) No 231/2013 (CDR 231/2013).

Suggested Considerations

related entities) must:
Conduct immediate gap analyses on risk assessment processes for AIF strategies and AIFM organization per Article 92(1) CDR 231/2013.
Implement robust verification processes for AIFM compliance with asset delegation rules.
Ensure availability of key documentation and evidence of controls for the depositary function, addressing pre-2022 gaps if applicable.
Develop and test oversight processes, leveraging self-identified improvements and action plans as mitigating factors, as JTC did prior to inspection.

Key Dates

February 2023

January 2024; Period of CSSF on-site inspection on depositary obligations, covering activities up to December 2022

23 July 2025

Date CSSF imposed the €102,000 administrative fine on JTC (Luxembourg) S.A

9 January 2026

Date of official CSSF publication announcing the sanction

Compliance Impact

Urgency: High – This matters due to the fine's size (€102,000), reflecting breach accumulation, severity, and duration, despite JTC's partial remediation; it signals intensified CSSF on-site scrutiny of depositary functions post-2023 inspections, with potential for higher penalties absent proactive controls. Depositaries face elevated enforcement risk, especially with unavailability of evidence pre-2022, urging swift remediation to avoid similar outcomes under Article 51 AIFM Law.

References

AI-generated analysis. May contain errors or omissions — verify with the original CSSF source before acting. Full disclaimer.

Sectors:

Authorisation & Licensing Senior Managers / Governance Reporting & Disclosure

Topics:

Asset Manager

Banking & Credit Investment Management Wealth & Private Banking

🇱🇺 CSSF News

January 9th 2026

Finfluencers – Tips for responsible promotion

No description available.

Sectors:

Topics:

Consumer Protection / Conduct Technology & Cyber Reporting & Disclosure

Asset ManagerWealth ManagerBank

🇱🇺 CSSF Guidance high

January 9th 2026

Circular CSSF 24/853 (as amended by Circulars CSSF 25/870 and 26/904) (Updated)

Long Form Report – Practical rules concerning the self-assessment questionnaire to be submitted by investment firms – Mission and related reports of the réviseurs d’entreprises agréés (approved statutory auditors)

Sectors:

Reporting & Disclosure AML / Financial Crime Senior Managers / Governance

Topics:

Broker DealerAll Firms