🇱🇺 CSSF Guidance high

Circular letter

Published 12 February 2026 | Luxembourg

AI Analysis

Executive Summary

The CSSF Circular Letter 2026-02-12 announces a standardized data collection exercise on AML/CFT for supervised entities, scheduled for 2026, aimed at enhancing regulatory oversight of money laundering and terrorist financing risks. This matters because it signals intensified CSSF scrutiny on AML/CFT compliance, requiring firms to prepare structured data submissions that could inform future supervisory actions, risk assessments, and enforcement. As part of broader CSSF AML/CFT initiatives, non-compliance risks fines or heightened inspections. #

What Changed

- Introduction of standardized AML/CFT data collection: CSSF mandates uniform reporting formats for collecting data on AML/CFT risks, controls, and practices across supervised sectors, building on existing risk-based supervision frameworks. - Alignment with ongoing AML/CFT enhancements: Complements recent governance-focused circulars (e.g., Circular 26/906 on central administration and risk management for payment/e-money institutions) by emphasizing data-driven validation of AML/CFT effectiveness, including risk assessments, transaction monitoring, and third-party oversight. - No explicit new obligations beyond preparation for data submission, but implies deeper integration of tax-related AML indicators and sub-sector risk updates, as seen in related CSSF activities. #

What You Need To Do

Assess and document AML/CFT data readiness
Update governance and controls
Conduct internal reviews
Prepare for submission
Engage auditors

Key Dates

2026 (exact date TBD) - AML/CFT standardised data collection exercise Firms must submit required data during this period; preparation recommended immediately given today's date (12 February 2026). DEADLINE

20 January 2026 - Issuance of related Circular 26/906 Establishes governance baselines (e.g., compliance independence, risk proportionality) informing data collection expectations. DEADLINE

26 January 2026 - CSSF AML/CFT Conference for Specialised PFS Provided updates on sub-sector risks, terrorist financing reviews, and FIU insights relevant to data preparation.

28 January 2026 - Conference materials published Available for download to guide compliance alignment. DEADLINE

Compliance Impact

Urgency: High – With data collection in 2026 underway today (12 February 2026), firms face immediate preparation needs amid recent enforcement (e.g., EUR 102,000 fine on depositary for AML-related gaps) and conferences signaling sub-sector focus. This elevates AML/CFT as a supervisory priority, potentially triggering on-site inspections, fines, or remediation orders for inadequate data/risks; proa

Who is Affected

Primarysupervised financial professionals, including banks, payment institutions, electronic money institutions, account information service providers, specialised Professional of the Financial Sector (PFS), investment firms, and insurers subject to AML/CFT obligations.Secondaryparty providers involved in outsourcing AML/CFT functions.Broad applicabilitybased AML/CFT measures and cooperate with CSSF/FIU.

References

Summary

AML/CFT standardised data collection taking place in 2026

Sectors

Banking & Credit Payments & E-Money Investment Management

Topics

AML / Financial Crime Reporting & Disclosure Senior Managers / Governance

Relevant Firm Types

BankPayment ProviderAll Firms

View Original on CSSF Back to Feed