Circular CSSF 26/909
Executive Summary
Circular CSSF 26/909 specifies how the CSSF applies ESMA's Guidelines (ESMA35-24871704-2922) for assessing **knowledge and competence** criteria under MiCA, targeting staff involved in crypto-asset services. It matters because it enforces MiCA's staff certification requirements, ensuring Luxembourg CASPs meet EU-wide standards for consumer protection and operational integrity amid the full MiCA rollout on 30 December 2024. #
What Changed
- - Adoption of ESMA Guidelines: CSSF mandates application of ESMA's criteria for evaluating staff knowledge and competence in crypto-asset services, including roles in custody, trading, portfolio management, and issuance/redemption of ART/EMT.
- Assessment Framework: Firms must implement standardized tests and processes to verify staff qualifications, aligning with MiCA Article 62 on CASP authorization, focusing on technical crypto knowledge, regulatory awareness, and ethical standards.
- No New Standalone Rules: This circular builds on prior CSSF MiCA circulars (e.g., 25/890 on crypto-asset classification), integrating competence checks into licensing dossiers and ongoing supervision.
Suggested Considerations
- Assess Staff Competence: Implement ESMA-guided evaluations (e.g., exams, certifications) for all relevant personnel handling crypto services; document results in governance frameworks.
- Update Policies and Training: Integrate competence criteria into HR, onboarding, and annual reviews; roll out MiCA-specific training on reporting, breaches, and governance.
- Licensing Dossier Enhancement: Include competence attestations in CSSF applications; appoint dedicated compliance/risk officers with verified qualifications.
- Ongoing Monitoring: Conduct regular audits, penetration tests, and incident planning; confirm compliance annually via management body statements.
- Early CSSF Engagement: Schedule dialogues and info sessions; create MiCA readiness scorecards for board and regulator discussions.
Key Dates
Compliance Impact
Urgency: High โ With publication today (1 April 2026) and MiCA's CASP regime live since 30 December 2024, firms face immediate supervisory scrutiny during licensing and VASP transitions ending 1 July 2026. Non-compliance risks authorization denial, enforcement, or operational halts, especially as CSSF audits dossiers for competence gaps amid Luxembourg's role as MiCA hub.
Who is Affected
References
AI-generated analysis. May contain errors or omissions โ verify with the original CSSF source before acting. Full disclaimer.
Summary
Application of the Guidelines of the European Securities and Markets Authority for the criteria on the assessment of knowledge and competence under the Markets in Crypto Assets Regulation (MiCA) (ESMA35-24871704-2922)