Circular CSSF 25/900

What Changed

• - Repeals Annex B of Circular CSSF 22/811 with immediate effect, replacing it with streamlined annual reporting via a core compliance-focused Self-Assessment Questionnaire (SAQ) that assesses governance, internal controls, operational organization, a
• Introduces prior CSSF authorisation requirements for entities acting as UCI administrators, including a defined administrative procedure with application details in Annex A; authorisation remains valid unless substantial changes occur, requiring re-a
• Clarifies scope for eligible entities (e.g., UCIs, IFMs, management companies under Luxembourg law) performing one or more of three UCI administration functions (defined in point 10); mandates contractual agreements on roles/responsibilities between
• Aligns ICT outsourcing with DORA (effective January 2025) for in-scope UCIAs (credit institutions, investment fund managers, investment firms, certain support professionals), referencing Circular CSSF 25/882; others follow Circular 20/750.
• Strengthens delegation rules (section 3.5): prior CSSF notification for critical/important tasks, ongoing monitoring by UCI/IFM, and remediation plans for shortcomings.

Suggested Considerations

• Assess eligibility and obtain prior CSSF authorisation via Annex A application (or notify substantial changes); ensure ongoing validity by monitoring operational model and delegations.
• Adapt internal processes for revised annual UCIA reporting (SAQ-focused, integrated where applicable); submit using CSSF website instructions starting for FY ending 31 Dec 2025.
• Review/update contracts with UCIs/IFMs to define roles, responsibilities, and oversight; implement delegation monitoring, remediation plans, and ICT compliance (DORA/Circular 25/882 or 20/750).
• For DORA-scope entities, align outsourcing arrangements with Circular CSSF 25/882.

Key Dates

Who is Affected