Live Updates
๐Ÿ‡ฑ๐Ÿ‡บ CSSF Enforcement high

Circular CSSF 25/896

| Luxembourg
AI Analysis

Executive Summary

Circular CSSF 25/896 adopts the EBA Guidelines EBA/GL/2024/14 and EBA/GL/2024/15, mandating Luxembourg financial institutions to establish robust internal policies, procedures, and controls for complying with EU and national restrictive measures (sanctions). This matters because it sets binding EU-wide standards to prevent sanctions violations and circumvention, with absolute obligations for immediate asset freezing and reporting, amid escalating geopolitical tensions. #

What Changed

  • - Institutions must develop, implement, and maintain up-to-date policies, procedures, and controls for identifying, investigating, and applying restrictive measures without delay, including risk management for violations and circumvention.
  • Management body responsibilities expanded: approve sanctions compliance strategy, oversee implementation, conduct at least annual assessments of exposure and controls, ensure remedial actions, and report deficiencies.
  • Screening and monitoring requirements: Maintain updated sanctions lists with immediate integration of changes; screen customer base, transactions, and datasets accurately; enable immediate suspension/freezing of assets and reporting to authorities (e
  • Training and testing: Deliver regular, documented role-specific training; perform ongoing system testing for screening calibration, list accuracy, transaction monitoring effectiveness, and reporting.
  • Proportionality applies based on institution's size, activities, and exposure; PSPs and CASPs explicitly addressed with tailored controls.
  • Annexes include full EBA Guidelines, available at EBA website.

Suggested Considerations

  • Conduct annual exposure assessments to sanctions risks and circumvention; update policies accordingly.
  • Appoint senior management/board-level responsibility for approving and overseeing sanctions strategy, including annual reviews and deficiency reporting.
  • Implement reliable screening systems for customers, transactions, and lists; define screenable datasets; test systems regularly for effectiveness (e.g., immediate freezing, accurate hits).
  • Provide documented training to relevant staff on sanctions, institutional exposure, and internal processes.
  • Establish processes for immediate action on matches: suspend transfers, freeze assets, report to Ministry of Finance/CSSF/FIU without delay; maintain whitelists only under strict conditions.
  • Document all compliance measures, violations, and remedial actions; cooperate with authorities.

Compliance Impact

Urgency: High โ€“ With less than 12 months until the 30 December 2025 deadline (as of January 2026), firms face binding requirements for absolute compliance, including personal accountability for management bodies; non-compliance risks enforcement by CSSF, reputational damage, and fines amid frequent EU sanctions updates (e.g., Regulations 2025/1469, 2025/1476). This elevates sanctions from operatio

Who is Affected

All credit institutions, investment firms, payment service providers (PSPs), and crypto-asset service providers (CASPs) under CSSF supervision in Luxembourg.Broader application to financial institutions exposed to restrictive measures, with management bodies and senior compliance staff bearing direct oversight duties.

References

AI-generated analysis. May contain errors or omissions โ€” verify with the original CSSF source before acting. Full disclaimer.

Summary

Adoption of the EBA Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures (sanctions)

Sectors

Banking & CreditPayments & E-MoneyCrypto & Digital Assets

Topics

AML / Financial CrimeSenior Managers / GovernanceReporting & Disclosure

Relevant Firm Types

BankPayment ProviderCrypto Exchange
View Original on CSSF Back to Feed

Share this update