Circular CSSF 25/896
Executive Summary
Circular CSSF 25/896 adopts the EBA Guidelines EBA/GL/2024/14 and EBA/GL/2024/15, mandating Luxembourg financial institutions to establish robust internal policies, procedures, and controls for complying with EU and national restrictive measures (sanctions). This matters because it sets binding EU-wide standards to prevent sanctions violations and circumvention, with absolute obligations for immediate asset freezing and reporting, amid escalating geopolitical tensions. #
What Changed
- Institutions must develop, implement, and maintain up-to-date policies, procedures, and controls for identifying, investigating, and applying restrictive measures without delay, including risk management for violations and circumvention. - Management body responsibilities expanded: approve sanctions compliance strategy, oversee implementation, conduct at least annual assessments of exposure and controls, ensure remedial actions, and report deficiencies. - Screening and monitoring requirements: Maintain updated sanctions lists with immediate integration of changes; screen customer base, transactions, and datasets accurately; enable immediate suspension/freezing of assets and reporting to authorities (e.g., Luxembourg Ministry of Finance, CSSF, FIU). - Training and testing: Deliver regular
What You Need To Do
- Conduct annual exposure assessments to sanctions risks and circumvention; update policies accordingly
- Appoint senior management/board-level responsibility for approving and overseeing sanctions strategy, including annual reviews and deficiency reporting
- Implement reliable screening systems for customers, transactions, and lists; define screenable datasets; test systems regularly for effectiveness (e
- Provide documented training to relevant staff on sanctions, institutional exposure, and internal processes
- Establish processes for immediate action on matches
- Document all compliance measures, violations, and remedial actions; cooperate with authorities
Compliance Impact
Urgency: High – With less than 12 months until the 30 December 2025 deadline (as of January 2026), firms face binding requirements for absolute compliance, including personal accountability for management bodies; non-compliance risks enforcement by CSSF, reputational damage, and fines amid frequent EU sanctions updates (e.g., Regulations 2025/1469, 2025/1476). This elevates sanctions from operatio
Who is Affected
Summary
Adoption of the EBA Guidelines on internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures (sanctions)