Survey on the amount of covered deposits held on 31 March 2026
Circular CSSF-CPDI 26/50 mandates a recurring annual survey on the amount of **covered deposits** held as of **31 March 2026** by specified Luxembourg credit institutions, to support the Fonds de garantie des dรฉpรดts Luxembourg (FGDL) in meeting Deposit Guarantee Scheme (DGS) requirements under the 2015 Law and DGSD. This matters for compliance as it ensures institutions contribute accurately to the FGDL's buffer (targeting 2% of covered deposits by 2026), with data also feeding into Single Resolution Board (SRB) calculations for resolution funding.
What Changed
This circular introduces no substantive changes to survey content, methodology, or reporting specifications compared to prior issuances (e.g., CSSF-CPDI 25/49 for 31 December 2025). Updates are limited to the reference date (31 March 2026) and associated deadlines, maintaining the risk-based ex-ante contribution method from Circular CSSF-CPDI 20/21 and quarterly reporting under CSSF-CPDI 17/07.
What You Need To Do
- Compile data on covered deposits (eligible deposits up to โฌ100,000 per depositor, per Article 163 of 2015 Law), excluding items per Article 172 (e
- Report detailed breakdowns
- Submit via specified format (per attached specs, unchanged from priors) to CPDI by deadline; quarterly data ongoing per CSSF-CPDI 17/07
- Ensure alignment with FGDL contributions under CSSF-CPDI 25/48
Key Dates
31 March 2026 - Reference date for snapshot of covered deposits.
30 April 2026 (inferred from pattern in prior circulars like 25/49) - Likely submission deadline for survey data to CPDI (exact date in full PDF; aligns with one-month post-reference in predecessors). DEADLINE
26 March 2026 ).
Compliance Impact
Urgency: High โ Immediate action required today (publication date) to prepare for 31 March 2026 snapshot (just 5 days away), with submission likely due early May 2026. Non-compliance risks FGDL penalties, inaccurate contributions (impacting 0.8% extra buffer to 2% DGSD minimum), and SRB reporting failures under Regulation (EU) 2015/63; recurring nature demands robust quarterly data processes.
Bank
Amendment of Circular CSSF 18/703 on the introduction of a semi-annual reporting of borrower related residential real estate indicators
Circular CSSF 26/908 amends Circular CSSF 18/703 to update semi-annual reporting requirements for borrower-related residential real estate indicators, enhancing supervisory oversight of credit risk in Luxembourg's financial sector. Published today (25 March 2026), it matters for credit institutions as it refines data collection to better monitor real estate lending exposures amid potential market vulnerabilities.
What Changed
The circular introduces amendments to the original Circular CSSF 18/703 (itself amended by Circulars CSSF 20/737 and 21/772), focusing on semi-annual reporting of indicators tied to borrowers in residential real estate. Specific changes are not detailed in the provided summary or full content excerpt, but they likely involve refinements to reporting templates, data granularity, or submission processes to align with evolving EU prudential standards on real estate risk monitoring. The updated consolidated version of Circular CSSF 18/703 is now available as a 258.91Kb PDF.
What You Need To Do
- Download and review the full Circular CSSF 26/908 (291
- Conduct a gap analysis of current reporting processes against the amended requirements for borrower-related residential real estate indicators
- Update internal systems, data collection templates, and reporting workflows to ensure accurate semi-annual submissions to the CSSF
- Train relevant compliance, risk, and finance teams on changes; document compliance confirmations for audit trails
Key Dates
17 December 2018 - Original issuance of Circular CSSF 18/703 introducing semi-annual reporting.
25 March 2026 - Publication date of Circular CSSF 26/908 (today).
Compliance Impact
Urgency: Medium - This is a targeted amendment to existing reporting obligations rather than a new regime, reducing immediate disruption, but non-compliance risks supervisory scrutiny, fines, or enhanced monitoring given CSSF's focus on real estate risk. It matters for maintaining accurate credit risk data, especially in a potentially volatile residential property market, supporting broader prudential stability.
Bank
Version of 9 March 2026
The CSSF Technical FAQ on Regulation No 20-08 provides implementation guidance on **loan-to-value (LTV) limits for residential real estate credit in Luxembourg**, establishing borrower-based macroprudential measures designed to limit leverage in the mortgage market. This guidance is critical for lenders operating in Luxembourg as it clarifies how to calculate own funds, determine LTV compliance, and apply temporary portfolio exemptions that have been extended through June 30, 2025.
What Changed
The most recent update (March 9, 2026) to the Technical FAQ reflects the regulatory framework established by CSSF Regulation No 20-08 (as modified by Regulation No 24-10). The core LTV requirements are:
*Primary Residence Loans:
First-time buyers: LTV limit of up to 100%
Other buyers**: LTV limit of 90%, implemented via portfolio allowance
*Buy-to-Let Residential Loans:**
Standard LTV limit of 80%
Temporary exemption (until June 30, 2025): Lenders may apply LTV ratios up to 95% for up to 10% of annual production
*Other Residential Real Estate Loans:**
LTV limit of 80%
*Own Funds...
What You Need To Do
- *For all lenders
- *Implement dual LTV tracking for borrowers financing new property through sale of existing property, ensuring compliance with both interim and final LTV ratios
- *Document own funds sources carefully, particularly when cash collateral or sale proceeds are used, as these are only permitted for loans with initial LTV below 100%
- *Prepare for June 30, 2025 transition by
- Identifying all buy-to-let loans currently benefiting from the 95% LTV exemption
Key Dates
January 1, 2021 - Regulation and LTV limits became effective for residential real estate credit on Luxembourg territory
December 3, 2020 - CSSF Regulation No 20-08 originally published
May 21, 2024 - CSSF Regulation No 24-04 introduced temporary adjustments to LTV limits
December 30, 2024 - CSSF Regulation No 24-10 extended temporary adjustments
June 30, 2025 - **CRITICAL DEADLINE**: Temporary portfolio allowance for buy-to-let loans (95% LTV for 10% of annual production) expires; all buy-to-let loans revert to 80% LTV limit DEADLINE
Compliance Impact
Urgency: HIGH
BankFintech
on the introduction of a semi-annual reporting of borrower-related residential real estate indicators
Circular CSSF 18/703 introduces semi-annual reporting requirements for Luxembourg-based lenders on borrower-related residential real estate (RRE) indicators to monitor macroprudential risks in the RRE lending market, in line with ESRB Recommendation 2016/14 (as amended). It matters for compliance because it mandates data collection via a dedicated CSSF template, with exclusions only for banks below EUR 10 million in outstanding RRE exposures, ensuring supervisory oversight of lending standards. The circular has been iteratively amended (CSSF 20/737, 21/772, 26/908), with the latest update on 25 March 2026 refining reporting processes.
What Changed
Original Scope (CSSF 18/703, 17 Dec 2018): Requires semi-annual reporting of RRE indicators for loans secured by Luxembourg residential real estate (existing dwellings, under construction, owner-occupied, buy-to-let, renovation loans via real estate savings plans like BSH/BHW). Excludes commercial real estate (CRE), unsecured renovation loans, and loans to non-natural person entities for property purchase.
Amendment CSSF 20/737 (19 Feb 2020): Clarified reporting thresholds and processes; banks with total outstanding RRE exposure โค EUR 10 million are exempt from reporting (no zero report...
What You Need To Do
- Download and use the dedicated RRE data template from the CSSF website (https://www
- Assess total outstanding RRE exposure; if > EUR 10 million, collect data on new/outstanding exposures per reference dates (30 Jun/31 Dec)
- Ensure IT systems store/process RRE indicators (e
- Submit reports to CSSF in April/October; review amendments (20/737, 21/772, 26/908) and FAQ for updates
- For exempt banks
Key Dates
17 Dec 2018 Original Circular CSSF 18/703 published; reporting obligation introduced.
19 Feb 2020 Circular CSSF 20/737 and FAQ published; clarified exemptions and scope.
10 May 2021 Circular CSSF 21/772 amendment published.
25 Mar 2026 Circular CSSF 26/908 amendment published (today's date); immediate implementation expected for upcoming cycles.
Ongoing (semi-annual) Reports due in April (ref. 31 Dec) and October (ref. 30 Jun) each year. DEADLINE
Compliance Impact
Urgency: High โ Ongoing semi-annual obligation with latest amendment today (25 Mar 2026, CSSF 26/908) likely affects the next October 2026 cycle (ref. 30 Jun 2026); non-compliance risks supervisory sanctions, as it supports macroprudential monitoring under ESRB framework. Firms must validate systems/data immediately post-amendment to avoid gaps in reporting population.
Bank
Latest update on the AML/CFT standardised data collection
This CSSF circular letter addresses the 2026 AML/CFT standardised data collection exercise, aligning with AMLA's EU-wide initiatives by adopting AMLA-developed templates for most supervised entities while requiring specialised professionals to use CSSF-specific forms. It matters for Luxembourg financial firms as it mandates reporting on ML/TF risks and mitigation measures to support consistent EU supervision, with recent delays emphasizing preparation needs amid evolving templates.
What Changed
CSSF adopts AMLA-developed data collection templates for credit institutions, investment firms, and investment fund managers (excluding specialised professionals), replacing its prior questionnaire to avoid duplication with AMLA's broad exercise and ensure a level playing field ahead of the new EU AML/CFT methodology.
Entities selected for AMLA's mandatory calibration exercise (notified directly by CSSF) must report quantitative and qualitative ML/TF risk data; non-selected entities still report via AMLA templates on 2025 risks.
Launch delayed from 2 March 2026 due to AMLA's consultation...
What You Need To Do
- Monitor CSSF communications for final questionnaire, launch dates, and eDesk access; prepare data on 2025 ML/TF risks and mitigation using current AMLA draft (not for submission)
- Selected AMLA calibration participants
- Non-selected credit/financial institutions
- Specialised professionals
Key Dates
23 February 2026 - Planned launch for specialised professionals' CSSF questionnaire (delayed per 11 March update).
2 March 2026 - Original launch date for AMLA questionnaire and calibration exercise via eDesk platform (delayed).
13 March 2026 - AMLA webinar (10:00-12:00) on reporting framework and clarifications (connection details in CSSF annex).
15 April 2026 - Submission deadline for AMLA calibration exercise participants (maintained despite delays; changes to be communicated). DEADLINE
TBD (post-11 March 2026) - New launch and submission deadlines for all data collections, pending final AMLA questionnaire. DEADLINE
Compliance Impact
Urgency: High - Mandatory reporting supports CSSF's supervisory strategy and EU AMLA calibration, with non-compliance risking enforcement; delays provide preparation time but require immediate data readiness as final deadlines approach shortly (e.g., potential April submissions). This directly feeds into entity-level ML/TF risk assessments, influencing ongoing supervision and resource allocation.
BankAsset ManagerAll Firms
Table listing the professional activities and the mandates performed
This CSSF publication is an updated table (in XLSX format) listing standardized professional activities and mandates for members of the management body/governing body and conducting officers, as required under points 105 and 107 of Circular CSSF 18/698. It matters because it ensures consistent, transparent reporting of senior personnel roles in Luxembourg investment fund managers (IFMs), supporting governance, conflict-of-interest management, and CSSF supervisory oversight. Compliance professionals must use this list to standardize disclosures in authorization files and ongoing reporting.
What Changed
The document was originally published on 14 January 2019 and updated on 12 March 2026, reflecting revisions to the predefined list of professional activities and mandates[Source URL]. Key aspects include:
Alignment with Circular CSSF 18/698 requirements for IFMs (management companies for UCIs and AIFs), specifying reportable roles like those in collective portfolio management, risk management, valuation, compliance, internal audit, and IT operations.
Emphasis on detailed documentation of mandates to demonstrate fitness, properness, and avoidance of conflicts, including for shareholders with...
What You Need To Do
- Download and use the XLSX table
- Update authorization and notification files
- Conduct fit-and-proper assessments
- Annual compliance review
- Policy updates
Key Dates
14 January 2019 - Original publication of the list.
23 August 2018 - Publication of underlying Circular CSSF 18/698, setting baseline requirements.
End of May (post-financial year) - Compliance deadline for Circular 18/698 obligations, including governance reporting (e.g., 5 months after year-end). DEADLINE
12 March 2026 - Latest update to the list, requiring immediate review and integration into reporting processes[Source URL].
Compliance Impact
Urgency: High โ The March 12, 2026 update coincides with today's date, demanding immediate review to avoid supervisory findings during CSSF inspections or authorization processes. Non-compliance risks authorization delays, fines, or reputational damage, as Circular 18/698 emphasizes robust governance in a heightened scrutiny environment for IFMs (e.g., delegate oversight, AML).
Asset ManagerBankAll Firms
Delay in the 2026 AML/CFT standardised data collection
The CSSF circular letter dated 11 March 2026 announces a delay in its planned AML/CFT standardised data collection exercise originally scheduled for 2026, primarily due to overlap with a concurrent broad-scope data collection by the European Anti-Money Laundering Authority (AMLA). This matters for compliance professionals as it reduces immediate reporting burdens on supervised entities, promotes regulatory simplification, and aligns Luxembourg practices with emerging EU AML/CFT methodologies, allowing firms to redirect resources to the mandatory AMLA exercise.
What Changed
Postponement of CSSF-specific questionnaire: The CSSF has decided not to proceed with its own AML/CFT standardised data collection for most supervised entities (credit institutions, investment firms, investment fund managers), opting instead to rely on AMLA's questionnaire to avoid duplication and ensure a level playing field.
Exception for specialised professionals: Specialised professionals of the financial sector (e.g., certain non-credit institutions) remain subject to a CSSF-specific questionnaire, though timelines are affected by the delay announcement.
Rationale tied to AMLA...
What You Need To Do
- Monitor CSSF updates
- Prioritize AMLA obligations
- Specialised professionals
- Internal review
- No immediate submissions
Key Dates
2 March 2026 - Original launch date for AMLA calibration exercise data collection via eDesk (now potentially adjusted or paused per delay circular) .
15 April 2026 - Original reporting deadline to CSSF for AMLA calibration exercise data .
23 February 2026 - Original launch for specialised professionals' CSSF questionnaire .
11 March 2026 - Publication of delay circular, superseding prior timelines; further modalities to be communicated .
TBD 2026 - Potential ad-hoc CSSF questionnaires for essential data points .
Compliance Impact
Urgency: Medium. The delay alleviates short-term pressure by postponing submissions and reducing dual reporting, enabling resource reallocation to higher-priority AMLA efforts amid EU harmonization. It matters for maintaining a risk-based approach (RBA) under FATF standards, avoiding overburden from overlapping exercises, and preparing for the new EU AML/CFT methodologyโnon-compliance risks supervisory scrutiny, but the simplification lowers immediate enforcement exposure.
BankAsset ManagerAll Firms
No description available.
The CSSF published guidance on 2 March 2026 specifying minimum documents and information required for assessing shareholding structures of authorised Investment Fund Managers (IFMs) during initial authorisation and subsequent modifications, covering both qualified and non-qualified shareholders. This matters because incomplete submissions will not be processed, potentially delaying authorisations or amendments amid ongoing CSSF scrutiny of governance and ownership in Luxembourg's fund sector.
What Changed
Minimum Document Requirements: Establishes a mandatory list of documents for each new shareholder candidate, differentiated by type (e.g., natural person, legal person, beneficial owner, direct/indirect qualified/unqualified shareholders, legal arrangements like trusts). Examples include identification documents (ID, CV, DH, CR), beneficial owner details (especially if PEP or CSSF-requested), and templates via Market Entry Form (MEF).
Additional Mandatory Submissions: For changes involving qualified holdings (entry, increase/decrease, removal), requires updated group structure charts, MEF (in...
What You Need To Do
- Review Guidance
- Prepare Complete Packages
- Submit Fully
- Internal Processes
Key Dates
2 March 2026 - Publication and effective date Guidance applies immediately; incomplete applications received on/after this date will not start processing until complete.
Compliance Impact
Urgency: High โ Effective immediately on publication (2 March 2026), with strict non-processing of incomplete files risking significant delays in time-sensitive authorisations/amendments. Matters for maintaining operational timelines in competitive fund markets, where CSSF oversight of IFM ownership ties to broader governance expectations (e.g., board composition, qualifications).
Asset Manager
Version 1.0
This CSSF guidance (Version 1.0, published 2 March 2026) specifies the minimum documents and information required for assessing shareholding structures of authorised Investment Fund Managers (IFMs) during initial authorisation or modifications involving qualified and non-qualified shareholders. It standardises submissions to ensure completeness, with incomplete applications rejected until fully provided, enhancing regulatory efficiency and scrutiny of ownership changes. Compliance professionals must prioritise this to avoid delays in authorisation processes for Luxembourg-domiciled IFMs.
What Changed
Minimum Document Lists: Introduces detailed checklists in an XLSX format covering candidate shareholder documents (e.g., ID, CV, declarations of honour (DH), criminal records (CR) for natural persons; similar for legal persons, beneficial owners, and legal arrangements like trusts).
Differentiation by Shareholder Type: Requirements vary by natural/legal person, beneficial owner, direct/indirect qualified/unqualified shareholders, and involvement in financing (e.g., "Yes, if PEP or if requested by the CSSF" for beneficial owners; full docs for trustees in legal arrangements).
Other Mandatory...
What You Need To Do
- Prepare Complete Packages
- Submit Core Items
- Initial/Modification Filings
Key Dates
2 March 2026 - Publication and immediate applicability New guidance effective; incomplete applications received on/after this date not processed until complete.
Compliance Impact
Urgency: High โ Immediate effect from 2 March 2026 means any ongoing or planned IFM authorisation/modification applications risk delays or rejection if non-compliant, potentially disrupting fund launches or ownership restructurings in Luxembourg's key investment management hub. Matters due to standardised scrutiny on fit-and-proper ownership, aligning with AIFMD governance and reducing administrative back-and-forth.
Asset Manager
Exigences applicables au rรฉviseur dโentreprises agrรฉรฉ spรฉcial auprรจs des รฉtablissements de crรฉdit รฉmetteurs de lettres de gage
Circular CSSF 26/907, published on February 18, 2026, establishes requirements for **approved special statutory auditors (rรฉviseurs d'entreprises agrรฉรฉs spรฉciaux) serving credit institutions that issue mortgage bonds (lettres de gage)**. This circular formalizes the governance and audit standards applicable to a specialized auditor role within Luxembourg's credit institution framework, ensuring enhanced oversight of entities engaged in mortgage bond issuance.
What Changed
The search results provided do not contain the full text of Circular CSSF 26/907, as it is available only in French and the PDF content was not included in the available materials. However, based on the title and regulatory context, this circular addresses:
Statutory auditor qualifications and requirements for the specialized role of approving auditors (rรฉviseurs agrรฉรฉs spรฉciaux) overseeing credit institutions that issue mortgage bonds
Governance standards for auditors in this specialized capacity
Audit and oversight responsibilities specific to mortgage bond issuance activities
The...
What You Need To Do
- *Obtain and review the full French text of Circular CSSF 26/907 from the CSSF website
- *Assess current auditor qualifications against the new requirements for approved special statutory auditors
- *Update audit engagement letters and terms to reflect any new standards or responsibilities
- *Document compliance with the circular's requirements in governance and audit files
- *Communicate with appointed auditors to ensure alignment with the new framework
Key Dates
18 February 2026 - Circular CSSF 26/907 published
No specific implementation deadline provided in available search results; firms should consult the full French text for any transition periods or effective dates
Compliance Impact
Urgency: HIGH
Bank
1) high-risk jurisdictions on which enhanced due diligence and, where appropriate, counter-measures are imposed2) jurisdictions under increased monitoring of the FATFVersion of 17 February 2026
The Annex of Circular CSSF 22/822 (Version of 17 February 2026) is Luxembourg's Commission de Surveillance du Secteur Financier's implementation guidance on FATF (Financial Action Task Force) designations of high-risk jurisdictions requiring enhanced due diligence and counter-measures, as well as jurisdictions under increased monitoring. This document is critical for Luxembourg-regulated financial institutions because it operationalizes international AML/CFT standards into binding compliance obligations, directly impacting customer acceptance, transaction monitoring, and correspondent banking relationships.
What Changed
The current version (17 February 2026) represents the most recent update to the CSSF's FATF-aligned jurisdiction risk framework. Based on the available search results, the document establishes two primary regulatory categories:
*High-Risk Jurisdictions (Category 1): Jurisdictions designated by FATF as having strategic deficiencies in their AML/CFT regimes, requiring enhanced due diligence and, where appropriate, counter-measures.
What You Need To Do
- *For High-Risk Jurisdictions
- Apply enhanced due diligence and monitoring measures to business relationships and transactions with designated jurisdictions
- Increase the frequency and timing of transaction controls
- Select transaction patterns requiring further examination and obtain detailed information on transaction purposes
- Maintain enhanced mechanisms for reporting suspicious activity to the FIU
Key Dates
17 February 2026 - Current version effective (Annex of Circular CSSF 22/822)
27 October 2025 - Previous version superseded
27 October 2022 - Original Circular CSSF 22/822 issued
23 February 2026 - CSSF annual AML/CFT questionnaire launch (related compliance reporting deadline) DEADLINE
Compliance Impact
Urgency: CRITICAL
BankAsset ManagerPayment Provider No description available.
The CSSF has updated its FAQ on portfolio transparency requirements for UCITS ETFs, relaxing disclosure frequency from monthly to quarterly publication of detailed holdings while maintaining daily information sharing with market makers and authorized participants. This change aligns Luxembourg's regulatory framework more closely with Ireland's semi-transparent ETF approach and is designed to attract active asset managers to the Luxembourg domicile by reducing proprietary information exposure.
What Changed
The update modifies two critical FAQ sections:
*Portfolio Transparency Requirements (Question 12.1)
The CSSF has expanded and clarified its guidance to apply to all UCITS ETFs, not just actively managed ones. The key modification establishes a two-tier disclosure framework:
Daily disclosure to market participants: Market makers and authorized participants (APs) continue to receive detailed portfolio information on a daily basis to maintain efficient arbitrage mechanisms and active secondary markets.
Quarterly public disclosure: Investment Fund Managers (IFMs) must now publish detailed...
What You Need To Do
- *For IFMs Managing UCITS ETFs
- *Update disclosure procedures to transition from monthly to quarterly publication schedules for detailed portfolio holdings
- *Maintain daily information sharing with APs and market makers to support arbitrage mechanismsโthis requirement remains unchanged
- *Revise prospectuses to reflect the new quarterly disclosure frequency and confirm compliance with the 30 business-day publication window
- *Document procedures for calculating the 30 business-day deadline from quarter-end
Key Dates
17 February 2026 - CSSF publishes updated FAQ (effective immediately)
No explicit transition period stated - Firms should implement changes promptly to ensure compliance with the new quarterly disclosure requirement DEADLINE
Compliance Impact
Urgency: HIGH
Asset Manager
Version 23
This CSSF FAQ (Version 23, updated 17 February 2026) provides interpretive guidance on the Luxembourg Law of 17 December 2010 relating to undertakings for collective investment (UCIs), covering UCITS, Part II UCIs, SIFs, and SICARs. It matters for compliance professionals as it clarifies authorisation processes, investment rules, and supervisory expectations, ensuring alignment with evolving EU frameworks like AIFMD and MiCAR. The update, effective today, addresses recent regulatory shifts including crypto-asset integration.
What Changed
Authorisation Requirements: UCIs require CSSF approval of constitutive documents (articles, management regulations), depositary selection, and management company/AIFM applications for contractual forms. Corporate UCIs need similar approvals for appointed managers.
Crypto-Asset Updates (aligned with separate but related FAQ Version 7): Replaces "virtual assets" with "crypto-assets" per MiCAR (EU 2023/1114); UCITS and retail AIFs (non-well-informed investors) capped at 10% NAV indirect exposure; AIFs for well-informed/professional investors have no cap but require governance, risk management,...
What You Need To Do
- Review and Update Documents
- Crypto-Specific
- Authorisation/Amendments
- Governance and Reporting
- Ongoing Compliance
Key Dates
17 February 2026 - FAQ Version 23 update effective Applies immediately to UCI operations, authorisations, and compliance.[User-provided content] DEADLINE
04 February 2026 - Crypto FAQ Version 7 update effective MiCAR-aligned changes on crypto exposure, authorisation extensions, and depositary notifications.
16 January 2026 - UCI Authorisation page update Reflects ongoing CSSF expectations for approvals.
20 May 2025 - Related AIFM FAQ Version 24 Introduces changes relevant to UCI managers acting as AIFMs.
Compliance Impact
Urgency: High โ The update coincides with MiCAR implementation and today's release, requiring immediate review for crypto-exposed funds to avoid unauthorised strategies or AML gaps; non-compliance risks supervisory actions, authorisation delays, or investor disputes in Luxembourg's key fund domicile.
Asset ManagerHedge FundAll Firms
AML/CFT standardised data collection taking place in 2026
The CSSF Circular Letter 2026-02-12 announces a standardized data collection exercise on AML/CFT for supervised entities, scheduled for 2026, aimed at enhancing regulatory oversight of money laundering and terrorist financing risks. This matters because it signals intensified CSSF scrutiny on AML/CFT compliance, requiring firms to prepare structured data submissions that could inform future supervisory actions, risk assessments, and enforcement. As part of broader CSSF AML/CFT initiatives, non-compliance risks fines or heightened inspections.
What Changed
Introduction of standardized AML/CFT data collection: CSSF mandates uniform reporting formats for collecting data on AML/CFT risks, controls, and practices across supervised sectors, building on existing risk-based supervision frameworks.
Alignment with ongoing AML/CFT enhancements: Complements recent governance-focused circulars (e.g., Circular 26/906 on central administration and risk management for payment/e-money institutions) by emphasizing data-driven validation of AML/CFT effectiveness, including risk assessments, transaction monitoring, and third-party oversight.
No explicit new...
What You Need To Do
- Assess and document AML/CFT data readiness
- Update governance and controls
- Conduct internal reviews
- Prepare for submission
- Engage auditors
Key Dates
2026 (exact date TBD) - AML/CFT standardised data collection exercise Firms must submit required data during this period; preparation recommended immediately given today's date (12 February 2026). DEADLINE
20 January 2026 - Issuance of related Circular 26/906 Establishes governance baselines (e.g., compliance independence, risk proportionality) informing data collection expectations. DEADLINE
26 January 2026 - CSSF AML/CFT Conference for Specialised PFS Provided updates on sub-sector risks, terrorist financing reviews, and FIU insights relevant to data preparation.
28 January 2026 - Conference materials published Available for download to guide compliance alignment. DEADLINE
Compliance Impact
Urgency: High โ With data collection in 2026 underway today (12 February 2026), firms face immediate preparation needs amid recent enforcement (e.g., EUR 102,000 fine on depositary for AML-related gaps) and conferences signaling sub-sector focus. This elevates AML/CFT as a supervisory priority, potentially triggering on-site inspections, fines, or remediation orders for inadequate data/risks; proactive alignment prevents escalation in a risk-based regime.
BankPayment ProviderAll Firms
Version 3
This CSSF FAQ (Version 2, July 2013, with updates through 24 June 2013 and 11 July 2013) provides guidance on master-feeder structures for UCITS funds under the Luxembourg Law of 12 July 2010 (the "2010 Law"), addressing financial reporting, performance disclosure, and operational requirements. It matters for Luxembourg-domiciled UCITS managers and depositaries as it clarifies compliance with UCITS Directive rules on aggregation of charges, audit irregularities, and past performance in cross-border master-feeder setups, reducing ambiguity in documentation and investor communications.
What Changed
Financial reporting for aggregate charges (Art 82(2) 2010 Law): When master and feeder UCITS have different year-ends, feeder must present master charges for the same period if possible; otherwise, use master's last audited period with strict conditions (e.g., clear audit report disclosure, no undue costs), and agreements must mandate information provision.
Disclosure of irregularities (CSSF Regulation 10-05 Art 27(e)): Present in notes to financial statements or "other information" section of annual report.
Past performance rules (Art 159(3)c) 2010 Law and Commission Regulation (EU)...
What You Need To Do
- Review and amend master-feeder agreements (per Art 79(1) 2010 Law) to require masters provide charge/fee data to feeders
- Ensure financial statements/annual reports disclose irregularities in specified sections and aggregate charges with audit report caveats if periods misalign
- Update KIIDs and marketing materials for past performance compliance, disclosing conversions/material changes per Regulation 583/2010 Articles 17, 19, 35
- Implement processes for ad hoc financial statements when accounting years differ, allocating audit/preparation fees appropriately
- Monitor CSSF website regularly for FAQ updates
Compliance Impact
Urgency: lowโThis 2013 guidance (Version 2) is outdated relative to 2026, with no new enforcement actions noted, but remains relevant for legacy UCITS master-feeder structures under the 2010 Law. It matters for audit/financial close processes and investor disclosures to avoid CSSF scrutiny, particularly in cross-border setups where ESMA UCITS rules apply; non-compliance risks reporting errors or investor complaints.
Asset Manager
This publication is a CSSF FAQ in relation to the use by Luxembourg-domiciled UCITS of the following Securities Financing Transactions: securities lending transactions, reverse repurchase agreement transactions and repurchase agreement transactions. The objective of the FAQ is to bring further clarity concerning the use by UCITS of these SFTs, thereby taking into account the applicable regulatory framework as well as the supervisory experienced gained by the CSSF over the last years.Version 2
This CSSF FAQ (Version 2) provides guidance on the use of securities financing transactions (SFTs)โspecifically securities lending, reverse repurchase agreements, and repurchase agreementsโby Luxembourg-domiciled UCITS, clarifying regulatory requirements based on the applicable framework and CSSF's supervisory experience. It matters because it updates prior guidance to reflect evolved practices, helping UCITS managers ensure compliant SFT usage amid heightened scrutiny on liquidity, risk management, and investor protection in Luxembourg's fund sector.
What Changed
The document is an updated FAQ (Version 2), originally published on 18 December 2020 and revised on 12 February 2026, but the provided content does not detail specific changes from Version 1 beyond incorporating recent supervisory experience and regulatory framework updates. It emphasizes clarity on SFT eligibility, operational controls, and risk mitigation for UCITS, without introducing new prohibitions or mandates visible in the summary; full details require accessing the PDF (201.4Kb).
What You Need To Do
- Review and update policies
- Enhance disclosures
- Conduct gap analysis
- Train staff and delegates
- Monitor ongoing use
Key Dates
18 December 2020 - Original publication date of Version 1 .
12 February 2026 - Update date for Version 2 (effective immediately as non-binding guidance).
Compliance Impact
Urgency: High โ The 12 February 2026 update coincides with today's date, signaling immediate relevance for Luxembourg UCITS engaging in SFTs, which are common for yield enhancement but carry liquidity and counterparty risks. Non-compliance risks supervisory actions, given CSSF's focus on practical experience; firms should prioritize review to avoid findings in upcoming audits or inspections, especially amid parallel 2026 updates on UCI investments.
Asset Manager
Guidance allowing financial entities to identify the National Competent Authority to which their register of information has to be submitted.
This CSSF guidance document, published on 11 February 2026, provides detailed explanations and resolution steps for error messages encountered during the submission of the DORA Register of Information (RoI) via the eDesk portal, specifically for the 2026 submission cycle. It matters because it enables Luxembourg financial entities to ensure compliant submissions amid enhanced validation checks on more data fields, avoiding re-submission delays and supporting timely transmission to the ESAs by CSSF deadlines. Non-compliance risks supervisory scrutiny under DORA's ICT risk management framework.
What Changed
Enhanced validation checks for the 2026 RoI submission: Applies ESA-defined checks (last updated April 2025) to more data fields to improve data quality, compared to prior cycles.
Specific error resolutions detailed, including requirements for LEI code communication to CSSF beforehand, correct reference date ('2025-12-31') in file naming, plain-CSV files in predefined .zip structure, and proper FilingIndicators.csv/parameters.csv content.
Mandatory inclusion of all tables (even empty) in FilingIndicators.csv set to 'true', with matching identification codes across parent-child records.
Builds...
What You Need To Do
- Assign "DORA Reporting" role in eDesk to dedicated employee(s) per user guide
- Communicate LEI code to CSSF line supervisor prior to first submission to enable upload
- Prepare RoI in plain-CSV files within
- Test submissions against listed error codes (e
- Consult ESAs' EBA resources (data point model, validation rules, FAQs) and CSSF guides (e
Key Dates
31 December 2025 - Reference date for 2026 RoI submission (all contractual arrangements up to this date).
11 February 2026 - Publication date of this error guidance (last updated 10/02/2026).
1 April 2025 to 15 April 2025 - Initial 2025 submission window via eDesk (for context; 2026 window likely similar, pending confirmation).
30 April 2025 - CSSF re-submission deadline post-validation for 2025; analogous for 2026 if errors detected. DEADLINE
May 2025 - ESAs' second-round validation for 2025; expect similar for 2026 with potential re-submissions.
Compliance Impact
Urgency: High - Published today (11 February 2026), this equips firms for imminent 2026 RoI submissions (reference date 31 December 2025), with stricter validations on expanded fields risking rejections/re-submissions. Matters for operational resilience compliance under DORA Article 28, as accurate RoI supports supervisory oversight of ICT third-party risks; delays could trigger CSSF/ESA follow-up or fines. Firms with prior 2025 issues (e.g., portal extensions to May 2025) must prioritize to avoid recurrence.
BankFintechPayment Provider
No description available.
This CSSF communiquรฉ announces the availability of updated UCI Reports (SAQ, SR, and ML) under Circular CSSF 21/790 on the eDesk platform's CISERO module for specific 2026 year-ends, with key enhancements focused on valuation, NAV determination, and risk-based streamlining. It matters for Luxembourg UCIs as it reflects evolving supervisory priorities, aligns with EU directives like Directive (EU) 2024/927, and imposes refined self-assessment obligations to bolster resilience in stressed conditions and liquidity management.
What Changed
SAQ Updates (Valuation Section): New questions on valuation policies for stressed market conditions/exceptional circumstances; coverage for new sub-funds/strategies; independent validation of material valuation models; and risk-based backtesting for model-valued investments comprising significant NAV portions.
SAQ Simplifications and Clarifications: Removed questions on sub-funds with significant non-standard OTC derivatives, unquoted assets, or external valuer OTC FDIs (including NAV proportions); refined wording on conflicts of interest; added sub-questions (e.g., stale valuations); updated...
What You Need To Do
- Access updated Reports on eDesk CISERO module immediately and review changes vs
- Update valuation policies/procedures to explicitly cover stressed conditions, new sub-funds/strategies, model validations, and backtesting; document compliance
- Revise NAV processes for LMT alignment with Directive (EU) 2024/927 Annexes and ESMA performance fee guidelines; confirm for open-ended UCIs
- Dirigeants/management
- Train staff on updates; conduct gap analysis on policies (e
Key Dates
9 February 2026 Reports (SAQ, SR, ML) made available on eDesk CISERO for year-ends 31 January, 28 February, 31 March, 30 April 2026.
Financial year-end +5 months (UCITS/Part II UCIs) SAQ/SR submission deadline. DEADLINE
Financial year-end +6 months (SIFs/SICARs) SAQ/SR submission deadline. DEADLINE
Three months before year-end (post-30 April 2026) Future Reports availability.
16 April 2026 Entry into application of AIFM/UCITS Review Directive LMT requirements.
Compliance Impact
Urgency: High โ Immediate access required for imminent submissions (e.g., 31 January 2026 year-end due ~June 2026); new valuation questions demand policy reviews to avoid supervisory findings, especially amid stressed markets; SR simplifications reduce burden but shift focus to SAQ self-assessment, heightening dirigeants' accountability. Non-compliance risks CSSF follow-up on modified audits or weaknesses, per Circular 21/790.
Asset Manager
No description available.
The Commission de Surveillance du Secteur Financier (CSSF) has updated its FAQ on crypto-asset investments by undertakings for collective investment, effective February 4, 2026, to align with the EU's Markets in Crypto-Assets Regulation (MiCAR). This update establishes clear investment limits and licensing requirements for UCITS and AIFs investing in crypto-assets, fundamentally reshaping how Luxembourg-regulated funds can structure crypto exposure.
What Changed
The regulatory framework introduces several material modifications:
*Investment Exposure Limits
UCITS may invest indirectly in crypto-assets for a maximum of 10% of their net asset value (NAV)**. These indirect investments are restricted to transferable securities that do not embed derivatives. AIFs open to retail investors other than well-informed investors face the same 10% NAV ceiling.
*MiCAR Alignment**
The FAQ modifications directly reflect the entry into force of Regulation (EU) 2023/1114 on markets in crypto-assets.
What You Need To Do
- *For UCITS Managers
- by-case assessment of crypto-asset investment impact on fund risk profiles
- specific risks (volatility, liquidity, technological risk)
- asset investments
- *For AIFMs Managing AIFs with Crypto Exposure
Key Dates
4 February 2026 - FAQ Version 7 effective date; MiCAR compliance requirements become operative DEADLINE
1 July 2026 - Deadline for Virtual Asset Service Providers (VASPs) to transition from registration to authorization under MiCAR or cease operations DEADLINE
Compliance Impact
Urgency: HIGH
Asset ManagerHedge FundFintech
Version 7 โ 04/02/2026
The CSSF has released Version 7 of its FAQ on Crypto-Assets for Undertakings for Collective Investment, updated on February 4, 2026, to reflect the entry into force of the Markets in Crypto-Assets Regulation (MiCAR). This guidance establishes binding investment limits, authorization requirements, and risk management standards for UCITS and AIFs investing in crypto-assets, fundamentally reshaping how Luxembourg-regulated collective investment schemes can engage with digital assets.
What Changed
The most significant regulatory modifications in Version 7 include:
*Investment Limits for UCITS
UCITS may invest indirectly in crypto-assets for a maximum of 10% of their net asset value (NAV)**. These indirect investments are limited to transferable securities that do not embed derivatives in accordance with Article 10 of the Grand-ducal Regulation of 8.
*Investment Limits for AIFs**
AIFs open to retail investors other than well-informed investors may invest in crypto-assets for a maximum of 10% of their NAV.
What You Need To Do
- *Immediate Compliance Steps
- *Portfolio Audit
- *Investment Policy Updates
- *Risk Management Assessment
- *Investor Notification
Key Dates
February 4, 2026 - FAQ Version 7 effective date (entry into force of MiCAR alignment)
July 1, 2026 - Deadline for Virtual Asset Service Providers (VASPs) to transition to CASP authorization or cease operations DEADLINE
No specific implementation grace period - The FAQ does not specify a transition period for existing funds exceeding the 10% limit; firms should clarify this with the CSSF immediately
Compliance Impact
Urgency Rating: HIGH
Asset ManagerHedge FundFintech
No description available.
CSSF Circular 26/906, published on 20 January 2026, establishes detailed requirements for central administration, internal governance, and risk management for payment institutions (PIs) and electronic money institutions (EMIs) in Luxembourg, repealing prior circulars IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155. It clarifies application of the amended Law of 10 November 2009 on payment services, emphasizing robust governance amid sector growth to ensure safety, efficiency, and trust. This matters for compliance as it mandates comprehensive reviews and updates to governance frameworks by mid-2026, addressing rising transaction volumes.
What Changed
The circular consolidates and updates governance rules, focusing on:
Management bodies: Responsibilities, composition, qualifications, organization, and functioning, including CSSF authorization of members based on professional experience, standing (e.g., police records), and irreproachable conduct.
Internal control functions: Responsibilities, characteristics, organization, and execution of work for compliance officers and internal auditors, with notifications to CSSF including detailed personal and professional information.
Conflicts of interest: Key requirements for a management policy...
What You Need To Do
- Gap analysis
- Updates and notifications
- Implementation
- Documentation
Key Dates
20 January 2026 - Publication date of Circular CSSF 26/906.
30 June 2026 - Compliance deadline: Institutions must assess/review central administration, internal governance, and risk management frameworks to ensure full compliance. DEADLINE
Compliance Impact
Urgency: High - With ~5 months from publication (20 Jan 2026) to compliance (30 Jun 2026), firms face tight timelines for assessments, policy overhauls, and CSSF notifications, especially given repealed circulars and sector growth pressures. Non-compliance risks supervisory actions, as this fosters "sound and prudent management" in a high-volume industry; proactive reviews are essential to avoid disruptions.
Payment ProviderFintech
Central administration, internal governance and risk management
Circular CSSF 26/906, published on 20 January 2026, consolidates and clarifies Luxembourg's rules on central administration, internal governance, and risk management specifically for payment institutions, electronic money institutions, and account information service providers. It repeals prior circulars (IML 95/120, IML 96/126, IML 98/143, and CSSF 04/155) to address growth in transaction volumes by mandating robust governance, control functions, and risk processes, enhancing safety, efficiency, and trust in these services. This matters for compliance professionals as it strengthens defenses against financial crime, operational risks, and supervisory scrutiny in a high-growth sector.
What Changed
Consolidation and repeal: Replaces outdated circulars with unified requirements under the amended Law of 10 November 2009 on payment services, covering central administration (decision-making must be in Luxembourg), management body responsibilities, internal control functions (compliance, risk management, internal audit as independent second/third lines), conflicts of interest management, new product approval processes, and client funds safeguarding (e.g., segregation, daily/weekly reconciliations based on risk).
Governance enhancements: Board approves strategy, risk appetite, AML/CFT...
What You Need To Do
- Assess and update governance frameworks
- Confirm control functions
- Implement operational safeguards
- Document proportionality
- Retain records and report
Key Dates
20 January 2026 - Publication date of Circular CSSF 26/906 .
30 June 2026 - Compliance deadline Institutions must assess, review, and ensure their central administration, internal governance, and risk management frameworks fully comply with the circular. DEADLINE
Compliance Impact
Urgency: High โ With a 30 June 2026 deadline (five months from publication), firms face immediate pressure to review and remediate governance gaps amid sector growth and heightened AML/CFT scrutiny; non-compliance risks supervisory actions, fines, or license issues, especially as it closes criminal exploitation vectors like weak controls and third-party risks.
Payment Provider
Application of the Guidelines of the European Banking Authority on the management of environmental, social and governance (ESG) risks (EBA/GL/2025/01)
Circular CSSF 26/905 mandates the application of EBA Guidelines (EBA/GL/2025/01) on managing **ESG risks** for Luxembourg-supervised institutions, requiring integration of environmental, social, and governance risk identification, measurement, management, and monitoring into internal processes. This aligns with CRD amendments (Articles 74, 76, 87a) and emphasizes proportionality to institutions' business models, with plans including timelines, targets, and milestones toward EU climate goals like net-zero by 2050. It matters for compliance as it embeds ESG into prudential supervision, potentially impacting capital, risk frameworks, and supervisory reviews.
What Changed
Institutions must establish proportionate strategies, policies, processes, and systems for ESG risk management, covering short-, medium-, and long-term horizons, including transition and physical environmental risks.
Develop plans per Article 76(2) CRD with specific timelines, intermediate quantifiable targets, and milestones to address ESG financial risks, consistent with EU objectives (e.g., 55% GHG reduction by 2030, climate neutrality by 2050).
Incorporate ESG into internal governance, risk appetite, and supervisory review processes (SREP), with scenario analysis requirements (to be...
What You Need To Do
- Map and integrate ESG risks into governance, risk management frameworks, and business strategies, proportionate to scale/risk exposure
- Develop and document ESG risk management plans with quantifiable targets, milestones, timelines, and scenario analyses (broad requirements now; detailed later)
- Conduct assessments of ESG risks in portfolios, including sustainability products, transition finance, and loan origination policies, for SREP submission
- Embed in internal processes per Articles 74, 76, 87a CRD: identify/measure ESG risks (minimum standards), monitor over time horizons, and report to CSSF
- Review and update existing policies/systems for compliance by applicable dates; prepare for CSSF supervisory evaluation of plan robustness
Key Dates
20 January 2026 - Circular published by CSSF.
1 April 2026 - Application date for Less Significant Institutions (other than SNCIs).
11 January 2027 - Application date for SNCIs (dependent on CRD transposition).
Compliance Impact
Urgency: High - With application starting 1 April 2026 (just over 2 months from publication), firms face immediate pressure to gap-analyze current ESG frameworks against EBA standards, especially for SREP integration and long-term risk planning. Non-compliance risks supervisory scrutiny, capital add-ons, or enforcement, as ESG is now a core prudential pillar amid EU sustainability push; smaller institutions get a head-start but must act swiftly given proportionality demands.
BankAll Firms
Electronic transmission of documents to the CSSF
Circular CSSF 19/708 mandates the electronic transmission of specified documents to the CSSF via secure platforms like e-file or SOFiE, effective from February 1, 2019, replacing prior paper or other methods. This updated annex (as amended by Circular CSSF 21/790 and further revisions up to April 1, 2025) standardizes submissions for investment funds and related entities, reducing administrative burdens while ensuring document integrity and CSSF accessibility. Compliance professionals must monitor the dynamic annex list on the CSSF website to avoid nullified submissions.
What Changed
Mandatory Electronic-Only Submission: Documents listed in Annex I must be transmitted exclusively via e-file (http://www.e-file.lu) or SOFiE (http://www.cetrel-securities.lu/wp_static/what-do-we-offer/secured-reporting-channel-sofie-sort/), in PDF format supporting read access, printing, copy/paste, and word search; other methods post-February 1, 2019, are null and void.
Dynamic Annex Updates: The annex, published on the CSSF website, is regularly updated (e.g., latest noted April 1, 2025) and includes prospectuses, management regulations, annual reports, risk management reports, compliance...
What You Need To Do
- Register/access e-file or SOFiE platforms if not already (test/production environments available since February 2019)
- Consult and adhere to the latest Annex I for document list, nomenclatures, and formats (PDF with full functionality)
- Ensure submissions are final/official versions matching hard copies; use specified identifiers for UCIs/SIFs/SICARs
- Implement processes for automatic/manual transmission (e
- Train staff on responsibilities and integrate into reporting workflows; reference CSSF FAQs for closing documents
Key Dates
1 February 2019 - Entry into force Mandatory electronic transmission for listed documents; non-electronic submissions null and void.
28 January 2019 - Publication date of original Circular CSSF 19/708.
22 December 2021 - Amendment by Circular CSSF 21/790.
1 April 2025 - Latest annex update noted.
Ongoing - Regular checks required Entities must monitor CSSF website for annex updates. DEADLINE
Compliance Impact
Urgency: Low (for new implementations post-2019; medium for ongoing monitoring). This matters for operational efficiency and CSSF relations, as non-compliance risks rejected filings, delays (e.g., approvals under SFDR processes), or supervisory scrutiny, but long-standing rule (since 2019) with established platforms reduces immediate pressure. Firms must prioritize annex vigilance to avoid disruptions in routine reporting like annual reports or prospectuses.
Asset ManagerWealth ManagerInsurance Long Form Report โ Practical rules concerning the self-assessment questionnaire to be submitted by investment firms โ Mission and related reports of the rรฉviseurs dโentreprises agrรฉรฉs (approved statutory auditors)
Broker DealerAll Firms
Update of Circular CSSF 24/853 on the Long Form Report (as amended by Circular CSSF 25/870) โ Practical rules concerning the self-assessment questionnaire to be submitted by investment firms Mission and related reports of the rรฉviseurs dโentreprises agrรฉรฉs (approved statutory auditors)
Circular CSSF 26/904 updates Circular CSSF 24/853 (as amended by Circular CSSF 25/870) by introducing a revised Long Form Report (LFR) for investment firms, featuring a digital self-assessment questionnaire (SAQ) and enhanced auditor reports focused on AML/CFT and risk management. This matters because it aligns reporting with CSSF's risk-based supervision under CSSF 4.0, reduces redundancies, applies proportionality based on business models, and mandates digital submission to improve efficiency and data analysis.
What Changed
Revised LFR Structure: Comprises four parts in a single digital document: (1) yearly SAQ completed by investment firms; (2) descriptive elements verified by approved statutory auditors (REAs); (3) AML/CFT report with risk assessments, declarations on audits, and data on incomplete fund transfers; (4) REA's independent assessment of ML/FT risks and organizational aspects.
Digital Format: Completion and submission via CSSF's online portal, supporting CSSF 4.0 digital strategy for efficient processing.
Proportionality and Scope: Applies individually to investment firms (no consolidated LFR if...
What You Need To Do
- Investment Firms
- REAs/Auditors
Key Dates
Financial year ending 31 December 2024 - Applicability of revised LFR to all investment firms; submissions begin for this period onward on a yearly basis.
No specific submission deadline stated - Yearly production required via CSSF portal; firms should align with existing annual reporting cycles for auditors (typically post-year-end). DEADLINE
Compliance Impact
Urgency: High - Applies immediately to FY ending 31 December 2024 reports, requiring swift updates to reporting processes, digital tools, and AML/CFT documentation amid CSSF's risk-based shift; non-compliance risks supervisory actions, as LFR directly informs CSSF oversight on key prudential/AML areas with no transition period specified.
Asset ManagerBroker DealerAll Firms
Survey on the amount of covered deposits held on 31 December 2025
Circular CSSF-CPDI 25/49 is a **mandatory quarterly reporting requirement** for Luxembourg credit institutions and postal financial service providers to submit data on covered deposits as of December 31, 2025. This survey directly feeds into the Single Resolution Fund's annual target level calculation and the Luxembourg deposit guarantee scheme's contribution assessments, making it essential for regulatory compliance and fund management.
What Changed
The circular explicitly states that no substantive changes have been made to the survey process compared to previous quarters. The only modifications are administrative: the reference date (December 31, 2025) and the submission deadline (January 30, 2026). The specifications for data collection, definitions of covered and eligible deposits, and reporting methodologies remain unchanged from prior circulars, particularly Circular CSSF-CPDI 16/02 as amended by Circular CSSF-CPDI 23/35.
What You Need To Do
- *Calculate covered deposits as defined in Article 163 of the 2015 law, including balance and accrued interest (even if not yet due)
- *Report eligible deposits after applying exclusions under Article 172 of the 2015 law, including exclusions for financial institutions and life insurance products
- *Distinguish deposit types by reporting
- Total eligible deposits (field 201)
- Eligible deposits in omnibus accounts, fiduciary accounts, trusts, sub-accounts, and segregated accounts (field 0226)
Key Dates
January 30, 2026 - Deadline for transmitting average covered deposits data to the Single Resolution Board DEADLINE
December 31, 2025 - Reference date for the survey
December 24, 2025 - Circular publication date
Compliance Impact
Urgency: HIGH
BankPayment Provider
Update of Circular CSSF 24/850 on the practical rules concerning the descriptive report and the self-assessment questionnaire to be submitted on an annual basis by support PFS, as well as the engagement of the rรฉviseurs dโentreprises agrรฉรฉs (approved statutory auditors) of support PFS and practical rules concerning the management letter and the separate report to be drawn up on an annual basis.
Circular CSSF 25/903 updates Circular CSSF 24/850, refining practical rules for support Professional of the Financial Sector (support PFS) in Luxembourg regarding their annual descriptive report, self-assessment questionnaire, and the roles of approved statutory auditors (rรฉviseurs dโentreprises agrรฉรฉs). It specifies requirements for auditors' engagement, management letters, and separate annual reports. This matters for support PFS as it enhances supervisory oversight, ensures consistent reporting quality, and strengthens internal controls, directly impacting compliance and audit processes amid CSSF's focus on robust PFS supervision.
What Changed
Updates to Descriptive Report and Self-Assessment Questionnaire: Refines content, format, and submission requirements for support PFS's annual submissions, emphasizing more detailed disclosures on operations, risks, and controls (building on CSSF 24/850).
Auditor Engagement Rules: Introduces specific practical guidelines for approved statutory auditors, including mandatory scope of work, independence confirmations, and standardized procedures for reviewing support PFS reports.
Management Letter and Separate Report: Establishes detailed rules for auditors to issue an annual management letter...
What You Need To Do
- *Review and Update Processes
- *Engage/Confirm Auditors
- *Implement Templates and Testing
- *Training and Governance
- *Submit on Time
Key Dates
1 January 2026 - Effective Date Applies to annual reporting cycles starting for financial year 2025 onwards.
30 April (annually) - Submission Deadline Support PFS must submit descriptive report, self-assessment questionnaire, management letter, and separate auditor report to CSSF by 30 April following the financial year-end (first applicable: 30 April 2026 for FY 2025). DEADLINE
31 December 2025 - Preparation Milestone Auditors must be engaged and initial scoping completed by year-end 2025 for FY 2025 compliance. DEADLINE
Compliance Impact
Urgency: High. This is high urgency for support PFS due to the impending 30 April 2026 deadline for FY 2025 submissions, with non-compliance risking supervisory fines, license reviews, or reputational damage under CSSF's PFS enforcement regime. It matters as it tightens audit accountability, potentially increasing costs (e.g., auditor fees) while reducing reporting errorsโcritical for smaller support entities with limited resources.
All FirmsFintechPayment Provider
Repeal of Circular CSSF 19/731 regarding the documents to be submitted on an annual basis by credit institutions.
Circular CSSF 25/902 repeals Circular CSSF 19/731 (as amended by Circular CSSF 19/710), which previously detailed annual document submission requirements for credit institutions, shifting to a dynamic list published on the CSSF website. This matters because it streamlines compliance by centralizing and updating requirements online, reducing reliance on static circulars while maintaining submission obligations. Credit institutions must transition to the new process to avoid disruptions in prudential reporting.
What Changed
Repeal of prior circulars: Circular CSSF 19/731 and its amendment via Circular CSSF 19/710 are fully repealed, eliminating the fixed list of annual submission documents.
Shift to website-based guidance: The updated list of required documents, affected entity categories, electronic submission channels, and deadlines is now published on the CSSFโs Prudential reporting for credit institutions webpage, including an interactive summary table for determining applicable submissions.
Ongoing obligations: The requirement to submit documents annually remains unchanged; only the reference source and...
What You Need To Do
- Review the CSSF Prudential reporting webpage (https://www
- Update internal reporting processes, templates, and workflows to reference the website instead of the repealed circular
- Confirm ongoing annual submissions via specified electronic channels; test interactive table for applicability to the institution's profile
- Archive references to Circular CSSF 19/731 in policies and train staff on the change
Key Dates
23 December 2025 - Publication and effective date of Circular CSSF 25/902, repealing Circular CSSF 19/731; transition to website-based list begins.
12 December 2019 - Original issuance of repealed Circular CSSF 19/731 (archived on 23 December 2025).
1 January 2025 ).
Compliance Impact
Urgency: Medium โ The repeal does not alter core submission obligations but requires procedural updates to avoid non-compliance with potentially evolving lists under CRR3 alignments. It matters for operational efficiency, as failure to adapt could lead to missed deadlines or incorrect submissions, especially with website updates tied to EU regulations like Regulation (EU) 2024/1623 (CRR3, applicable from 1 January 2025). Institutions should prioritize review before the next annual cycle to ensure seamless reporting.
Bank
Practical rules concerning the descriptive report and the self-assessment questionnaire to be submitted on an annual basis by support PFS.Engagement of the rรฉviseurs dโentreprises agrรฉรฉs (approved statutory auditors) of support PFS and practical rules concerning the management letter and the separate report to be drawn up on an annual basis.
Circular CSSF 24/850, as amended by Circular CSSF 25/903, establishes practical rules for support Professional of the Financial Sector (support PFS) in Luxembourg to submit annual descriptive reports and self-assessment questionnaires, while also defining the roles of approved statutory auditors (rรฉviseurs dโentreprises agrรฉรฉs) in issuing management letters and separate reports. This guidance standardizes supervisory reporting and audit processes to enhance oversight of support PFS, which provide essential back-office services to authorized PFS. It matters because non-compliance risks supervisory sanctions, reputational damage, and operational disruptions for entities reliant on support PFS structures.
What Changed
Standardized Reporting Templates: Introduces detailed formats and content requirements for the annual descriptive report and self-assessment questionnaire, covering governance, risk management, internal controls, and operational metrics specific to support PFS activities (e.g., IT services, administrative support, custody).
Auditor Engagement Rules: Mandates approved statutory auditors to perform specific procedures, issue a management letter highlighting control weaknesses, and prepare a separate report confirming compliance with the circular's requirements.
Amendments via CSSF 25/903:...
What You Need To Do
- Annual Reporting Cycle
- February to review submissions, test controls, and issue management letter (flagging deficiencies) plus separate compliance report
- Governance Updates
- Auditor Coordination
- Record-Keeping
Key Dates
31 March annually - Deadline for submission of descriptive report, self-assessment questionnaire, management letter, and separate auditor report to CSSF (first applicable for FY 2024 reporting due 31 March 2025). DEADLINE
1 January 2025 - Effective date of original Circular CSSF 24/850.
15 December 2025 - Effective date of amendments in Circular CSSF 25/903, applicable to 2025 reporting cycle onwards.
End of February annually - Support PFS must engage auditors and provide necessary data to enable timely report preparation. DEADLINE
Compliance Impact
Urgency: High โ This is a recurring annual obligation with a firm 31 March deadline, where delays trigger automatic CSSF notifications and potential fines (up to โฌ250,000 per Law 1993). It matters for support PFS as it intensifies scrutiny on operational resilience in a post-SFI (2021) landscape, where CSSF prioritizes substance in delegated functions; failure risks de-authorization or client outflows. Early implementation of templates and auditor pipelines is essential to avoid first-year pitfalls.
BankWealth ManagerAll Firms
relating to specialised investment funds, investment companies in risk capital and undertakings for collective investment subject to Part II of the Law of 17 December 2010
Circular CSSF 25/901 consolidates and modernizes the supervisory framework for Luxembourg specialised investment funds (SIFs), investment companies in risk capital (SICARs), and undertakings for collective investment subject to Part II of the Law of 17 December 2010 (Part II UCIs), including their sub-funds. It streamlines investment rules, diversification limits, borrowing, disclosures, and risk management while enhancing flexibility for sophisticated investors and formalizing prior informal guidance, reducing regulatory complexity without compromising investor protection.
What Changed
Diversification and investment limits: Introduces tailored percentage-based thresholds; for funds marketed to unsophisticated retail investors, limits remain at 25% per issuer/UCI/asset, raised to 50% per issuer/UCI/asset or 70% per infrastructure investment for well-informed/professional investor funds, with CSSF derogations possible on justification.
What You Need To Do
- Review and update fund documents (e
- Assess and document compliance with new/relaxed diversification, borrowing, and SICAR investment rules; apply for CSSF derogations where justified
- Ensure risk-spreading in derivatives/collateral and deployment of SICAR cash into eligible assets; confirm look-through for intermediaries
- For retail-marketed funds
- Maintain robust governance/documentation to leverage flexibility; reference CSSF's Compilation for concepts
Key Dates
late 2025 /early 2026 publications, but no explicit dates are provided.
Compliance Impact
Urgency: High โ Formalizes prior informal guidance into binding rules with enhanced flexibility but stricter retail protections and disclosure mandates, requiring immediate document reviews/updates for non-compliant SIFs/SICARs/Part II UCIs to avoid supervisory scrutiny or authorization issues; critical for funds targeting private markets or retail.
Asset ManagerHedge Fund
Revision and remodelling of the rules to which Luxembourg undertakings governed by the Law of 30 March 1988 on undertakings for collective investment (โUCIโ) are subject
Circular IML 91/75, as amended up to CSSF Circular 25/901, consolidates and modernizes the supervisory framework for Luxembourg Part II UCIs, SIFs, and SICARs, refining rules on diversification, borrowing, risk-spreading, and disclosures while tailoring requirements to investor profiles. It matters because it streamlines fragmented regulations, enhances fund competitiveness, and formalizes CSSF expectations without mandating immediate changes for pre-existing funds, reducing compliance burdens while promoting transparency and flexibility. This update aligns administrative practices with market realities, repealing outdated circulars to eliminate ambiguity.
What Changed
Consolidation and Repeals: Repeals CSSF Circulars 02/80, 07/309, 06/241, and Chapters G and I of IML 91/75; renders CSSF 08/356 and Chapter H of IML 91/75 inapplicable to Part II UCIs.
Flexible Diversification Rules: Introduces investor-category-based thresholds (e.g., stricter for retail, looser for sophisticated investors); allows CSSF derogations for SIFs/Part II UCIs with justification; applies look-through for intermediary vehicles; harmonizes ramp-up (up to 12 months for liquid strategies, 4 years for private equity) and wind-down periods.
Borrowing Limits: New limits for SIFs/Part II...
What You Need To Do
- Review and update offering documents/prospectuses for enhanced transparency on risks, limits, borrowing, liquidity tools (e
- Align fund documentation/terminology with CSSF Compilation of key concepts for consistency in filings and communications
- Disclose ramp-up/wind-down periods, potential derogations, and life extensions clearly; seek CSSF approval for exemptions where justified
- Assess portfolio compliance for new funds/compartments; leverage flexibility for sophisticated investors but maintain robust governance
- No immediate changes required for pre-19 Dec 2025 funds, but proactive alignment recommended to avoid future issues
Compliance Impact
Urgency: Medium โ Not critical as existing funds are grandfathered with no retroactive changes required, but high relevance for new launches or material updates post-19 Dec 2025. It matters for operational efficiency (streamlined rules reduce fragmentation) and investor protection (tailored risks/disclosures), potentially lowering long-term costs while mitigating supervisory scrutiny; failure to update docs could delay approvals or trigger CSSF queries.
Asset ManagerHedge FundAll Firms
Rules applicable to undertakings for collective investment when they employ certain techniques and instruments relating to transferable securities and money market instruments
Circular CSSF 08/356, as amended by Circular CSSF 25/901, establishes detailed rules for Luxembourg undertakings for collective investment (UCIs), including UCITS and alternative investment funds (AIFs), on the use of techniques and instruments relating to transferable securities and money market instruments, such as securities lending, repo transactions, and over-the-counter (OTC) derivatives. It matters because it ensures investor protection, risk management, and market stability by imposing strict eligibility, collateral, and operational requirements, aligning Luxembourg funds with EU standards under UCITS and AIFMD directives. Compliance is critical for Luxembourg-domiciled funds engaging in these activities to avoid regulatory sanctions and operational disruptions.
What Changed
The original Circular CSSF 08/356 (2008) transposed UCITS III requirements on eligible techniques like securities lending and repos. The amendment via Circular CSSF 25/901 (issued in 2025) introduces updates to reflect post-Brexit adjustments, enhanced ESG considerations in collateral eligibility, stricter counterparty risk limits for OTC derivatives, and improved transparency in reporting.
What You Need To Do
- *Policy Review & Update
- *Risk Management Systems
- *Counterparty Due Diligence
- *Operational Setup
- *Reporting & Disclosure
Key Dates
23 December 2008 - Original Circular CSSF 08/356 effective date for UCITS III implementation.
21 July 2011 - Partial updates for UCITS IV alignment.
22 July 2013 - Extension to AIFs under AIFMD transposition.
15 October 2025 - Issuance of amending Circular CSSF 25/901.
01 January 2026 - Effective date for amendments (e.g., new collateral rules, reporting formats).
Compliance Impact
Urgency: High - Immediate relevance for funds actively using these techniques (common in fixed-income and equity strategies for yield enhancement). Non-compliance risks CSSF fines (up to 5% of NAV), temporary prohibitions on techniques, or fund suspension. With the 01 January 2026 effective date recently passed (as of current context), firms face heightened scrutiny in 2026 reporting cycles; proactive remediation avoids enforcement actions amid CSSF's focus on operational resilience.
Asset ManagerHedge FundWealth Manager
amending Circular CSSF 22/811.Authorisation and organisation of entities acting as UCI administrators.
Circular CSSF 25/900, issued on 16 December 2025, amends Circular CSSF 22/811 to clarify governance principles, authorisation requirements, and operational standards for UCI (Undertakings for Collective Investment) administrators in Luxembourg, while reforming annual reporting obligations. It matters because it strengthens supervisory oversight, aligns with DORA for ICT outsourcing, and simplifies reporting to enhance efficiency and compliance in the fund administration sector.
What Changed
Repeals Annex B of Circular CSSF 22/811 with immediate effect, replacing it with streamlined annual reporting via a core compliance-focused Self-Assessment Questionnaire (SAQ) that assesses governance, internal controls, operational organization, and risk management; detailed instructions are now on the CSSF website.
Introduces prior CSSF authorisation requirements for entities acting as UCI administrators, including a defined administrative procedure with application details in Annex A; authorisation remains valid unless substantial changes occur, requiring re-application or prior...
What You Need To Do
- Assess eligibility and obtain prior CSSF authorisation via Annex A application (or notify substantial changes); ensure ongoing validity by monitoring operational model and delegations
- Adapt internal processes for revised annual UCIA reporting (SAQ-focused, integrated where applicable); submit using CSSF website instructions starting for FY ending 31 Dec 2025
- Review/update contracts with UCIs/IFMs to define roles, responsibilities, and oversight; implement delegation monitoring, remediation plans, and ICT compliance (DORA/Circular 25/882 or 20/750)
- For DORA-scope entities, align outsourcing arrangements with Circular CSSF 25/882
Key Dates
16 December 2025 - Issuance date; repeal of Annex B of Circular CSSF 22/811 effective immediately.
January 2025 - DORA entry into force, applying to ICT outsourcing for in-scope UCIAs.
31 December 2025 - New reporting framework (SAQ and updated modalities) applies to all financial years ending on or after this date.
Compliance Impact
Urgency: High - Immediate repeal of prior reporting Annex requires prompt process updates; new framework applies to FY 2025 year-ends (just past as of Jan 2026), risking supervisory scrutiny or penalties for non-compliance; DORA alignment adds operational resilience pressure amid ongoing CSSF focus on fund admin governance.
Asset ManagerWealth ManagerBank
Authorisation and organisation of entities acting as UCI administrators
Circular CSSF 22/811, as amended by Circular CSSF 25/900, establishes CSSF requirements for the authorisation, governance, internal organisation, and oversight of entities acting as UCI (Undertakings for Collective Investment) administrators in Luxembourg. It matters because it standardises practices amid regulatory, technological, and market evolutions, ensuring robust controls, risk management, and supervision for fund administration activities critical to Luxembourg's fund industry.
What Changed
Authorisation Requirements: Prior CSSF authorisation is mandatory for appointment as UCI administrator, via full application under sectoral laws or a simplified administrative procedure; application must include details per Annex A, with ongoing updates for substantial changes.
Scope of UCI Administration: Defines three core functionsโregistrar, NAV calculation/accounting, and client communicationโrequiring only one designated service provider per function per UCI (or compartment); UCI/IFM may perform functions internally or delegate with oversight.
Governance and Controls: Mandates sound...
What You Need To Do
- Submit authorisation application to CSSF with Annex A information before commencing UCI administration; notify substantial changes and keep file updated
- Establish/implement governance, controls, escalation processes, resource adequacy, ICT/business continuity per circular; ensure single provider per function
- For delegations
- Conclude written contracts with UCI/IFM; submit annual UCIA activity reports
Compliance Impact
Urgency: High โ Non-compliance risks CSSF sanctions, as authorisation is prior and ongoing; critical for Luxembourg fund ecosystem given evolutions in tech/markets/DORA. Firms must act promptly if unauthorised or misaligned, especially with annual reporting since 2023 and DORA integration; impacts operational models, delegations, and reporting immediately for active administrators.
Asset ManagerBankAll Firms
Application of the Guidelines of the European Banking Authority on Acquisition, Development, and Construction (ADC) exposures to residential property under Article 126a of Regulation (EU) 575/2013 (EBA/GL/2025/03)
Circular CSSF 25/899 mandates the application of EBA Guidelines (EBA/GL/2025/03) on Acquisition, Development, and Construction (ADC) exposures to residential property under Article 126a of Regulation (EU) 575/2013 (CRR), specifying conditions for reducing the risk weight from 150% to 100% on qualifying exposures. This matters for Luxembourg credit institutions as it directly impacts capital requirements for real estate lending, promoting safer lending practices while aligning with Basel III standards via CRR3 implementation.
What Changed
Introduces precise definitions for CRR Article 126a(2) terms, enabling 100% risk weight (instead of 150%) for ADC exposures to residential property if conditions are met: at least 50% of total contracts as pre-sale/pre-lease agreements with substantial cash deposits (e.g., โฅ10% of sale price for sales, โฅ3x monthly lease for leases), or equivalent financing/sale-lease combos; plus obligor equity โฅ25% of completed property value.
Mandates "sound standards for lending and credit monitoring" alongside these criteria.
Accounts for social housing/public not-for-profit lending specificities, with...
What You Need To Do
- Review and classify ADC exposures against EBA-defined criteria (e
- Update internal policies, risk assessment models, and credit approval processes to incorporate "sound lending standards" and EBA specifications, including social housing carve-outs
- Recalculate capital requirements under standardized credit risk approach; report changes via CRR disclosures
- Maintain documentation proving compliance (e
- Institutions must "make every effort to comply" per EBA Regulation Article 16(3)
Key Dates
4 November 2025 - EBA Guidelines (EBA/GL/2025/03) apply across EU (two months post-publication on 27 June 2025 in all official languages).
1 December 2025 - CSSF Circular 25/899 published, requiring immediate compliance preparation for Luxembourg firms. DEADLINE
Compliance Impact
Urgency: High โ Firms with significant ADC portfolios face immediate capital relief opportunities (50bp risk weight reduction) but risk non-compliance penalties if processes aren't updated by early 2026, especially post-CRR3 rollout; misclassification could inflate capital needs amid ongoing Basel implementation.
Bank
Fonds de garantie des dรฉpรดts Luxembourg (FGDL) โ Method for calculating the ex-ante contributions pursuant to Article 182 of the Law of 18 December 2015 on the failure of credit institutions and of certain investment firms
Circular CSSF-CPDI 25/48, published on 13 November 2025, updates the methodology for calculating ex-ante contributions to the Fonds de garantie des dรฉpรดts Luxembourg (FGDL), Luxembourg's deposit guarantee scheme, by aligning risk adjustments with EBA Guidelines and introducing a zero floor for certain calculation components. This matters for Luxembourg credit institutions as it refines risk-sensitive contributions to meet DGSD target levels for two compartments (0.8% and an additional 0.8% of covered deposits), ensuring financial stability while promoting supervisory convergence across the EU.
What Changed
Risk Adjustment Updates (Annex 2): Increases weight of 'Return on assets' (ROA) risk indicator from 7.5% to 10%; decreases 'Deposit-size Risk' from 15% to 12.5%; adjusts sliding scale bounds for indicators like leverage ratio (3%-9%), capital coverage ratio (100%-200%), LCR/NSFR (100%-200%), NPL ratio (0%-3%), and others per Table 2, aligning with minimum EBA Guidelines weights totaling 75% plus national flexibility.
Formula Component Floor (Annex 1): Introduces a zero floor for Component 1 (max(0, A_{j,k})), preventing negative values from offsetting Component 2; retains both components but...
What You Need To Do
- Review and update internal systems/models for contribution calculations to incorporate new risk weights, bounds (Table 2), zero floor for Component 1, and revised formulas in Annexes 1-2
- Validate data reporting for risk indicators (e
- Prepare for FGDL invoices reflecting compartment-specific rates; monitor covered deposits for surveys (e
- Conduct gap analysis against repealed circulars (20/21, 23/34); update policies for mergers, deposit changes, and gap fillings (ฮ_ฮป)
Compliance Impact
Urgency: High โ Institutions must promptly recalibrate risk models ahead of 2026 contributions to avoid miscalculations, penalties, or underfunding risks, as this directly impacts prudential contributions amid ongoing DGSD buildup to 2026; non-alignment with EBA could trigger CSSF scrutiny. Failure to adapt may increase costs for riskier profiles, emphasizing the shift to greater risk sensitivity.
Bank
Fonds de garantie des dรฉpรดts Luxembourg (FGDL) โ Method for calculating the ex-ante contributions pursuant to Article 182 of the Law of 18 December 2015 on the failure of credit institutions and of certain investment firms
Circular CSSF-CPDI 25/48 updates the methodology for calculating ex-ante annual contributions to the Fonds de garantie des dรฉpรดts Luxembourg (FGDL), Luxembourg's deposit guarantee scheme, specifically for the target levels in Articles 179 and 180 of the Law of 18 December 2015 on the failure of credit institutions and certain investment firms. This matters because it introduces a risk-adjusted contribution model aligned with EBA Guidelines, shifting from purely deposit-based calculations to ones incorporating institution-specific risk factors, potentially increasing contributions for higher-risk banks while promoting stability in the scheme's funding.
What Changed
Modified Contribution Formula: Replaces prior methods (e.g., from Circulars CSSF-CPDI 16/01, 17/06, 20/21) with a new structure: Component 1 proportional to covered deposits growth (ฮ_{j,k}) at 0.8% base rate, plus a flat add-on (T_j D_{j-2,k}) for target shortfalls, adjusted by a uniform factor ฮผ per compartment, and multiplied by a new risk adjustment factor (ARW_{j,k}).
Risk Adjustment Introduction: ARW is calculated using a weighted score (minimum 75% on EBA core categories, plus 12.5% deposit-size risk and 10% others) from indicators like leverage ratio (bounds 3-9%), capital coverage...
What You Need To Do
- Data Reporting
- Internal Calculations
- Risk Monitoring
- Systems Update
Key Dates
13 November 2025 - Circular publication date by CSSF.
31 December 2025 - Reference date for covered deposits survey (per related Circular CSSF-CPDI 25/49).
2026 - First application year for new methodology (contributions for year j=2026 based on j-1=2025 data; invoices issued by FGDL).
for 2026 cycle.
Compliance Impact
Urgency: High - Affects 2026 contributions directly, requiring immediate data readiness and modeling by Q1 2026; non-compliance risks penalties, inaccurate payments, or higher costs from poor risk scores. Matters for capital planning as riskier profiles face uplifts, emphasizing proactive risk management amid EU harmonization.
Bank
Update of Circular CSSF 22/821 on the Long Form Report, as amended by Circulars CSSF 23/845 and CSSF 24/865
Circular CSSF 25/897 updates Circular CSSF 22/821 on the Long Form Report (LFR) for credit institutions, further aligning the self-assessment questionnaire (SAQ) with current supervisory priorities such as ML/FT risks and organizational aspects. This matters because it refines reporting to reduce redundancies, enhance transparency in REA assessments, and reflect evolving prudential focuses since prior amendments via Circulars CSSF 23/845 and 24/865, ensuring institutions' reports better support CSSF oversight.
What Changed
Introduces new modules in the revised SAQ to align with supervisory points of focus, building on prior expansions (e.g., credit/counterparty risk, liquidity risk, climate-related risks from CSSF 23/845).
Emphasizes REA's independent assessment in the AML/CFT report, requiring exhaustive, transparent evaluations of ML/FT risks across institutions, branches, majority-owned subsidiaries abroad, and tied agents; prohibits vague language (e.g., no "no serious weaknesses" phrasing) and mandates positive, methodology-detailed assessments.
REA must verify and amend descriptive elements provided by...
What You Need To Do
- Complete and submit revised SAQ annually, incorporating new modules on supervisory focuses like ML/FT risks and providing detailed data to REA
- Authorized management
- Ensure AML/CFT report details methodologies (e
- Review prior LFR submissions against this update to align with suppressed redundancies and new emphases
Key Dates
31 October 2025 - Issuance date of Circular CSSF 25/897.
Three months after financial year-end - Annual submission deadline for SAQ to CSSF (unchanged from prior circulars). DEADLINE
Five months after financial year-end - Submission deadline for REA Reports (Financial Instruments and Funds Report; AML/CFT Report). DEADLINE
Six months after financial year-end - Aligned submission for REA management letter (per amendments in CSSF 23/845 to Circular 22/826).
Compliance Impact
Urgency: High - Institutions face immediate refinement needs for 2025 year-end reporting (e.g., SAQ due ~Q1 2026), with stricter REA scrutiny on AML/CFT transparency risking supervisory findings or enforcement if vague assessments persist; aligns with ongoing CSSF push for risk-focused oversight amid regulatory evolution.
Bank
Long Form ReportPractical rules concerning the self-assessment questionnaire to be submitted by institutionsMission and related reports of the statutory auditors (rรฉviseurs dโentreprises agrรฉรฉs)
**Circular CSSF 22/821** (as amended) fundamentally restructures how Luxembourg credit institutions report to the Commission de Surveillance du Secteur Financier (CSSF) by replacing the traditional Long Form Report with a digital **self-assessment questionnaire (SAQ)**, complemented by auditor-prepared reports. This shift represents a significant operational change that requires institutions to directly participate in prudential self-assessment while maintaining robust external audit oversight, making it essential for compliance and operational teams to understand new submission requirements and digital workflows.
What Changed
The circular introduces a three-component reporting framework that fundamentally alters the compliance landscape:
Self-Assessment Questionnaire (SAQ): A digital, annually-completed questionnaire that institutions must prepare directly, covering domains within CSSF and ECB prudential supervision competence
Agreed Upon Procedures (AUP) Reports: Reports prepared by approved statutory auditors (rรฉviseurs d'entreprises agrรฉรฉs) on specific compliance areas
Separate REA Report on Financial Instruments Protection: A dedicated auditor assessment on safeguarding of client financial instruments
*Scope...
What You Need To Do
- *For Credit Institutions
- *Establish SAQ Governance
- *Data Preparation
- *Digital System Access
- *Module Completion
Key Dates
25 October 2022 - Circular CSSF 22/821 issued
31 December 2022 - Circular enters into application
Three months before financial year closure - SAQ becomes accessible through CSSF digital solution
Three months after financial year closure - Deadline for SAQ submission to CSSF DEADLINE
Five months after financial year closure - Deadline for REA reports submission DEADLINE
Compliance Impact
Urgency: HIGH
Bank
Provisions relating to credit institutions and investment firms of EU origin established in Luxembourg by way of branches or exercising activities in Luxembourg by way of free provision of services
Circular CSSF 07/325, as amended by Circulars CSSF 21/765, CSSF 22/827, and most recently CSSF 25/898, establishes supervisory requirements for EU credit institutions and investment firms operating in Luxembourg via branches or free provision of services (FOPS). It matters for compliance professionals as it defines CSSF's host authority role, notification obligations, reporting, and enforcement powers, ensuring alignment with CRD and MiFID II while adapting to evolving EU rules.
What Changed
CSSF 21/765: Updated provisions following amendments to CSSF Regulation No 12-02, refining notification and operational requirements for branches and FOPS.
CSSF 22/827: Further amendments to align with CRD and MiFID II changes, including enhanced notifications for programme alterations (e.g., one-month prior written notice for changes in operations, services, or activities).
CSSF 25/898: Latest update (noted in CSSF Newsletter No 298, November 2025), incorporating recent legal/regulatory developments, such as refined reporting via eDesk portal, AML/CFT compliance assessments, and supervision...
What You Need To Do
- Notifications
- Supervision cooperation
Key Dates
One month before change effective date - Notify CSSF and home authority in writing of programme changes (e.g., operations, services, additional places of business) per CRD Article 36(3) and MiFID II Article 35(10).
Within 3 months of receipt - Home state authority communicates notification file to CSSF for branch/FOPS establishment.
Six months after financial year-end - Submit electronically signed SAQ (via eDesk), annual AML/CFT and conduct of business report (per Circular CSSF 19/731, to be repealed by CSSF 25/902), reviewed by REA.
Compliance Impact
Urgency: Medium - Matters due to recurring annual reporting (e.g., SAQ, AML/CFT within six months post-year-end) and prior notifications for changes, with CSSF enforcement powers (e.g., measures under LFS Article 46(2)) for non-compliance. Recent CSSF 25/898 update (Nov 2025) requires immediate review of processes for digital submissions, but no retroactive changes or hard deadlines post-2025; grandfathering for pre-existing setups reduces immediate pressure.
BankBroker Dealer
Update of Circular CSSF 07/325 on Provisions relating to credit institutions and investment firms of EU origin established in Luxembourg by way of branches or exercising activities in Luxembourg by way of free provision of services, as amended by Circulars CSSF 21/765 and CSSF 22/827
Circular CSSF 25/898 updates Luxembourg's supervisory framework for EU-origin credit institutions and investment firms operating in Luxembourg through branches or free provision of services. This amendment enhances the self-assessment questionnaire (SAQ) used by the CSSF to align supervisory oversight with current regulatory priorities, particularly adding UCI administration as a new thematic module. The update reflects the CSSF's evolving supervisory focus and requires affected institutions to demonstrate compliance with expanded assessment criteria.
What Changed
The circular introduces the following material modifications to Circular CSSF 07/325:
*New Supervisory Module
UCI administration** has been added as a thematic module to the self-assessment questionnaire, reflecting increased regulatory attention to fund administration practices.
*Enhanced Self-Assessment Framework**
Existing modules have been updated to better align with supervisory objectives and current regulatory priorities.
The revised SAQ now captures a broader range of supervisory points of focus relevant to branch operations and cross-border service provision.
*Scope...
What You Need To Do
- *Update Self-Assessment Processes
- Revise internal SAQ completion procedures to address the new UCI administration module
- Ensure all thematic modules reflect current supervisory expectations
- *Assess UCI Administration Compliance
- If the institution provides or is involved in UCI administration services, conduct a detailed assessment of compliance with CSSF expectations
Key Dates
31 October 2025 - Circular CSSF 25/898 published by the CSSF
19 December 2025 - Related modernization framework (Circular CSSF 25/901) entered into force for Part II UCIs, SIFs, and SICARs
No specific implementation deadline stated - Institutions should align their SAQ responses and compliance documentation with the updated framework immediately upon publication DEADLINE
Compliance Impact
Urgency: HIGH
BankBroker DealerAsset Manager
Survey on the amount of covered deposits held on 30 September 2025
Circular CSSF-CPDI 25/47 mandates a regular survey by Luxembourg credit institutions on the amount of covered deposits as of **30 September 2025**, focusing on eligible and covered deposits under the Law of 18 December 2015 on deposit guarantee schemes. It matters because it ensures accurate reporting to the Conseil de protection des dรฉposants et des investisseurs (CPDI) for FGDL (Fonds de garantie des dรฉpรดts Luxembourg) compliance, with detailed field-by-field instructions for complex accounts like omnibus and trusts.
What Changed
This circular updates prior guidance (notably CSSF-CPDI 16/02 as amended by CSSF-CPDI 23/35) by specifying the survey reference date of 30 September 2025 and providing granular reporting fields for eligible deposits (e.g., exclusions for financial institution-like structures and life insurance products), covered deposits capped at โฌ100,000 per person, and breakdowns by natural/legal persons, including shares in omnibus accounts, fiduciaries, trusts, sub-accounts, and segregated accounts.
What You Need To Do
- For omnibus/trust accounts, obtain and report shares of identifiable entitled persons, apportion by legal status of holder, and ensure fields like 0226 and 0255 reconcile
- Designated management reviews/approves data; transmit accurately to CSSF/CPDI, respecting prior circulars (e
- Exclude non-creditor accounts or those assimilated to financial institutions/life insurance
Key Dates
30 September 2025 - Reference date for snapshot of deposits, eligible deposits, and covered deposits.
6 October 2025 - Publication date of the circular by CSSF.
31 December 2025 ) imply prompt post-reference date filing to CSSF/CPDI; firms should confirm via full PDF.
Compliance Impact
Urgency: Medium โ Past reference date (30 September 2025) as of January 2026 means non-reporting firms risk immediate FGDL non-compliance, fines, or supervisory action from CSSF, but this is a routine quarterly survey (see related Circular CSSF-CPDI 25/49 for December 2025). Matters for prudential reporting accuracy, especially amid EU deposit guarantee harmonization.
Bank
Single Resolution Fund โ Information request by the Single Resolution Board for the calculation of the 2026 contribution according to Articles 4 and 14 of Commission Delegated Regulation (EU) 2015/63
Circular CSSF-CODERES 25/21, issued by the CSSF on 29 September 2025, mandates Luxembourg credit institutions to submit specific data via XBRL-formatted Data Reporting Forms (DRFs) to enable the Single Resolution Board (SRB) to calculate 2026 ex-ante contributions to the Single Resolution Fund (SRF) under Articles 4 and 14 of Commission Delegated Regulation (EU) 2015/63. This matters because non-compliance risks SRB using estimates, applying the highest risk multiplier, or penalties, ensuring the financial sector funds resolution costs without taxpayer burden.
What Changed
Introduces data collection for 2026 SRF contributions, conditional on SRB verifying SRF funds fall below 1% of covered deposits in the Banking Union by early 2026.
Mandates XBRL submission of DRFs (except restatements up to 2022 in Excel); provides templates in Annexes 3a, 4, 5 (User Guide), and 7a/7b for additional assurances.
Additional assurance requirements (e.g., auditor reports or Agreed-Upon Procedures - AUP) apply conditionally to ECB-supervised institutions unless under lump-sum payment; restatements require AUP by 15 January 2026 with exceptions for prior auditor-identified...
What You Need To Do
- Download and complete DRF using Annexes (e
- For ECB-supervised institutions
- Align internal systems with CSSF templates early; validate data to avoid SRB assumptions under Article 17(1) DR
- Review Annex 1 (SRB kick-off letter), Annex 4 (2026 Guidance), and Annex 6 (ECB list)
Key Dates
30 November 2025 - SRB decision deadline on whether to calculate/collect 2026 SRF contributions based on DRFs (triggers full additional assurance application). DEADLINE
15 January 2026 - ECB-supervised institutions submit AUP or auditor reports on restatements to CSSF resolution department.
16 January 2026, 24:00 CET - All institutions submit completed DRF in XBRL to CSSF; late/incomplete submissions lead to SRB estimates or highest risk multiplier.
Compliance Impact
Urgency: High - The 16 January 2026 deadline is imminent (today is 25 January 2026), risking immediate SRB penalties like estimates or maximum risk multipliers if submissions are missed/inaccurate; affects capital planning as contributions directly impact prudential positions.
Bank