🇱🇺 CSSF Guidance high

Circular CSSF 25/900

Published 16 December 2025 | Luxembourg

AI Analysis

Executive Summary

Circular CSSF 25/900, issued on 16 December 2025, amends Circular CSSF 22/811 to clarify governance principles, authorisation requirements, and operational standards for UCI (Undertakings for Collective Investment) administrators in Luxembourg, while reforming annual reporting obligations. It matters because it strengthens supervisory oversight, aligns with DORA for ICT outsourcing, and simplifies reporting to enhance efficiency and compliance in the fund administration sector. #

What Changed

- Repeals Annex B of Circular CSSF 22/811 with immediate effect, replacing it with streamlined annual reporting via a core compliance-focused Self-Assessment Questionnaire (SAQ) that assesses governance, internal controls, operational organization, and risk management; detailed instructions are now on the CSSF website. - Introduces prior CSSF authorisation requirements for entities acting as UCI administrators, including a defined administrative procedure with application details in Annex A; authorisation remains valid unless substantial changes occur, requiring re-application or prior notification. - Clarifies scope for eligible entities (e.g., UCIs, IFMs, management companies under Luxembourg law) performing one or more of three UCI administration functions (defined in point 10); mandate

What You Need To Do

Assess eligibility and obtain prior CSSF authorisation via Annex A application (or notify substantial changes); ensure ongoing validity by monitoring operational model and delegations
Adapt internal processes for revised annual UCIA reporting (SAQ-focused, integrated where applicable); submit using CSSF website instructions starting for FY ending 31 Dec 2025
Review/update contracts with UCIs/IFMs to define roles, responsibilities, and oversight; implement delegation monitoring, remediation plans, and ICT compliance (DORA/Circular 25/882 or 20/750)
For DORA-scope entities, align outsourcing arrangements with Circular CSSF 25/882

Key Dates

16 December 2025 - Issuance date; repeal of Annex B of Circular CSSF 22/811 effective immediately.

January 2025 - DORA entry into force, applying to ICT outsourcing for in-scope UCIAs.

31 December 2025 - New reporting framework (SAQ and updated modalities) applies to all financial years ending on or after this date.

Compliance Impact

Urgency: High - Immediate repeal of prior reporting Annex requires prompt process updates; new framework applies to FY 2025 year-ends (just past as of Jan 2026), risking supervisory scrutiny or penalties for non-compliance; DORA alignment adds operational resilience pressure amid ongoing CSSF focus on fund admin governance.

Who is Affected

All entities performing UCI administration activities (wholly or partially), including UCIs, Investment Fund Managers (IFMs), Luxembourg-law management companies (Chapter 15 of 2010 Law), credit institutions, investment firms, and support professionals.UCI administrators delegating tasks, especially ICT outsourcing under DORA scope.Firms integrating UCIA reporting into existing annual long-form reports/SAQs (e.g., credit institutions, IFMs).

References

Summary

amending Circular CSSF 22/811.Authorisation and organisation of entities acting as UCI administrators.

Sectors

Investment Management Wealth & Private Banking

Topics

Authorisation & Licensing Reporting & Disclosure Operational Resilience / Outsourcing

Relevant Firm Types

Asset ManagerWealth ManagerBank

View Original on CSSF Back to Feed