CSSF Regulation 20-05: A deeper insight into the key aspects of the Luxembourg Anti Money Laundering (“AML”) provisions. (2024)

Background

This new Regulation (the “New Regulation”), of 14 August 2020, amends Commission de Surveillance du Secteur Financier (“CSSF”) Regulation 12‑02 of 14 December 2012 ( “12-02”) on the fight against money laundering and terrorism financing. This is the first amendment of 12-02. It provides further details on certain provisions of the amended Law of 12 November 2004 (the “AML Law”) which implemented European Directive 2018/843 (the “Fifth EU Directive”) on 25 March 2020. The changes set out in the New Regulation are effective immediately.

Primary Change

While a number of amendments only reflect the update of references to the AML Law (see our article on the AML Laws of 25 March 2020), other changes are more substantial and include, inter alia:

· the introduction of Simplified Customer Due Diligence (“SDD”);

· reinforced internal management requirements, based on the frequently asked questions (“FAQ”) of 25 November 2019 on Persons involved in Anti Money Laundering and Counter Financing of Terrorism (“AML/CFT”) for a Luxembourg Investment Fund or Investment Fund Manager supervised by the CSSF for AML/CFT purposes;

· guidance on the risk-based approach to be taken in relation to investment business operations;

· further details on the use of AML systems (internal or via a third party provider);

· clarifications on the acceptance process;

· the definition of ‘customer’, encompassing the notion of investor registered in the investment fund register;

· further guidance on the outsourcing process.

Key points for Investment Fund Managers (“IFMs”) and Undertakings for Collective Investment (“UCIs”)

1. Customer due diligence measures

· Customer acceptance process:

In case of new clients with a low ML/TF risk profile, the acceptance process can be simplified. The CSSF allows professionals to use an automated process which does not require human intervention if it can be demonstrated that this process is a reliable and efficient alternative to manual approval by the professional. The process should be tested and regularly reviewed to ensure its robustness.

· SDD:

The New Regulation introduces SDD measures that professionals may apply to the business relationship in case of a justified low risk assessment (the professional should monitor the risk at all times to ensure that the conditions for the application of low risk still apply), for example:

  • the exceptional acceptance of other types of ID documents which meet the
  • criteria of reliable and independent sources (e.g. a letter addressed to the customer by a governmental body or other reliable public body). This is only possible where the customer cannot provide the usual identification documents and, insofar as there are no grounds for suspicion
  • due diligence can be updated only upon certain trigger events (e.g. riskier product, relocated to different country, changes in the transaction behaviour or profile or any other trigger event which seems to indicate that the risk is no longer low), instead of being updated on a regular basis
  • for persons purporting to act on behalf of a customer, initiator, promoter who launched an investment fund, obtaining information on the country of residence of these persons instead of asking for the full postal address
  • for persons purporting to act on behalf of a customer where a customer is a regulated credit or financial institution, instead of requesting the complete identification of these persons, obtaining a letter confirming that the institution applied due diligence measures to these persons and that it carried out regular controls of these persons with respect to the applicable lists of restrictive measures in financial matters
  • for customers subject to a compulsory authorisation or registration regime for AML/CFT purposes, the verification that the customer is subject to this regime by performing, for example, a search on the official website of the regulator and documenting the results of the search.

2. Risk-based approach

The New Regulation added a paragraph on Know Your Assets (“KYA”) in the context of investment businesses. The paragraph obliges professionals to analyze, based on a risk-based approach, the Money Laundering/ Terrorism Financing Risk (“ML/TF”) posed by the investment. Further due diligence measures should be taken commensurate with the outcome of the risk-based approach. The regulation stipulates that such risk-based approaches should be formalised and reviewed at least annually or based on a trigger event which would require a re-evaluation of the risk.

The professional also has the obligation to identify the States, persons, entities and groups subject to restrictive measures in financial matters with respect to the assets it manages and to ensure that funds will not be made available to these groups.

3. AML Systems

The professional must ensure that the internal system or system made available by an external service provider, used for the detection of persons, entities or groups involved in a transaction or business relationship subject to restrictive measures in financial matters is adapted without delay to the latest lists.

The identification of politically exposed persons during the business relationship should be carried out at least every six months.

4. Outsourcing arrangements and agency relationships

It is re-iterated that the responsibility with regards to compliance with the provisions of the AML Law, the Grand-Ducal Regulation of 1 February 2010 as amended by Grand-ducal Regulation of 14 August 2020 and the New Regulation remains with the board of directors of the UCI and/or the IFM. Hence, further clarification is provided regarding the minimum content to be included in the contract for outsourcing arrangements to be used by the board of directors of the UCI and/or the IFM. The board of directors of the UCI and the IFM should ensure that the relevant contracts include (i) detailed clauses specifying the roles and responsibilities of each party as well as (ii) the conditions relating to the transmission of information to the professional, notably to make available immediately, regardless of confidentiality or professional secrecy rules or any other obstacle, the information gathered while fulfilling the customer due diligence obligations. In addition, a process should be put in place to transmit, upon request and without delay, of a copy of the original supporting evidence received.

The New Regulation mentions that the policies and internal procedures relating to outsourcing and agency relationships should include detailed provisions (Due Diligence requirements) on the process for the selection and evaluation of third-party delegates and sub-delegates.

The Regulation also specifies the monitoring obligations for third party delegates (most notably transfer agents, portfolio managers to which it outsources the management and investment advisors) which should occur on a regular and ad hoc basis (for example through on-site visits), in accordance with the risk-based approach, where the professional should verify (for example, through sampling) the compliance obligations incumbent upon the third-party delegate.

5. Non-face-to-face business relationships

Even though the AML Law does not foresee that non-face-to-face relationships automatically result in high risk, some additional measures have to be taken when there are no certain safeguards such as electronic identification means, relevant trust services as defined in Regulation (EU) No 910/2014 or any other secure, remote or electronic, identification process which is regulated, recognised, approved or accepted by the relevant national authorities. If such safeguards are not available, additional measures have to be taken, most notably:

· measures ensuring that the customer's identity is established by additional identification documents, data or information;

· additional measures ensuring the verification or certification by a public authority of the provided documents;

· confirmatory certification by a credit institution or a financial institution subject to the AML Law or subject to equivalent professional obligations as regards the fight against money laundering and terrorist financing;

· measures ensuring that the first payment of the transactions is carried out via an account opened in the customer’s name with a credit institution or a financial institution subject to the AML Law or subject to equivalent professional obligations as regards the fight against money laundering and terrorism financing.

6. Internal Management

In its FAQ from 25 November 2019, the CSSF provided an introduction to the functions of ‘person responsible for compliance’(the “RR”[1]) and those of the ‘compliance officer’ (the “RC”[2]).

The RR should be a member of the board of directors or the board of directors as a collective body (or, where applicable, the authorised management responsible for the fight against ML/TF).

The RC is the person who must implement AML/CFT procedures, for example, the compliance officer, where applicable. The RC may delegate the exercise of his function to one or more employees connected to the professional provided that they have sufficient experience and knowledge of the Luxembourg legal and regulatory framework relating to AML/CFT and are of a sufficient level and authority within the entity.

The table below provides information on the RR’s and RC’s respective responsibilities:

Link to the CSSF Regulation 20-05

Link to the CSSF Regulation 12-02, as amended

[1] Responsable du respect des obligations

[2] Responsable du contrôle du respect des obligations

CSSF Regulation 20-05: A deeper insight into the key aspects of the Luxembourg Anti Money Laundering (“AML”) provisions. (2024)

FAQs

What is anti money laundering law in Luxembourg called? ›

In Luxembourg, the main legal framework related to AML/CTF is the law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended in 2020 (AML Law), the Grand Ducal Regulation of February 2010, as amended in 2020, and the law of 13 January 2019 related to the “registre des ...

Who is the beneficial owner according to the definition given in the Luxembourg AML regulations? ›

Definition of Beneficial Ownership:

The concept remains largely unchanged, beneficial owners are the natural persons who: have, directly or indirectly, an ownership interest in the corporate entity; or. control, directly or indirectly, the corporate or other legal entity, through ownership interest or via other means.

Is Luxembourg FATF compliant? ›

Anti Money Laundering

According to that Evaluation, Luxembourg was deemed Compliant for 28 and Largely Compliant for 11 of the FATF 40 Recommendations. It was rated Highly Effective for 3 and Substantially Effective for 6 of the Effectiveness Compliance ratings.

What is the primary regulation to prevent money laundering and terrorism financing in the banking sector in Singapore? ›

The main AML regulation in Singapore is the Corruption, Drug Trafficking, and Other Serious Crimes Act 1992 (CDSA). The Act defines the roles of government authorities and imposes rules for money laundering prevention, including reporting procedures and penalties for criminals.

What are the responsibilities of the CSSF? ›

The CSSF is in charge of ensuring compliance with the professional obligations regarding the fight against money laundering and terrorist financing by all the persons supervised, authorised or registered by it.

What are the three types of Anti-Money Laundering? ›

The three stages of money laundering
  • Placement. Money laundering begins by moving the criminal proceeds into a legitimate source of income. ...
  • Layering. Once the money has been put in place, the second stage is called layering or structuring. ...
  • Integration.

What is an ultimate beneficial owner in Luxembourg? ›

The Financial Action Task Force (“FATF”) expands the Luxembourg legal definition of the UBO by stating that a UBO a natural person who ultimately owns or who exercises ultimate effective control over the customer, in particular over a legal arrangement, or on whose behalf a transaction or activity is being conducted.

Who is the ultimate beneficial owner in AML? ›

According to international AML standards, a UBO is typically defined as an individual who owns more than 25% of the company's shares or voting rights, or who otherwise exercises control over the management and operations of the entity.

Who is the beneficial owner in money laundering regulations? ›

The definition of a beneficial owner covers any individual who ultimately owns or controls the entity or on whose behalf a transaction is being conducted by the entity, and includes any individual who exercises ultimate effective control over the entity, in each case whether directly or indirectly.

What is the financial regulatory body of Luxembourg? ›

Financial Sector Supervisory Commission (CSSF)

Which country has been blacklisted by FATF? ›

The Significance of FATF Blacklists and Grey Lists Check

When a country is placed on the FATF Blacklist, it is subject to economic sanctions by member countries. Currently, North Korea and Iran are the only countries on the FATF Blacklist.

What are the three lines of Defence against money laundering? ›

The three lines of defence, viz., Employees, Compliance Officer, and Independent AML Audit, serve as a safeguard for the business to fight against money laundering and terrorist financing risks. In this infographic, we will discuss the three lines of defence.

What is the maximum penalty for non compliance of AML? ›

AML penalties and fines can reach $20 million, depending on the type of offense, and imprisonment can be as long as 30 years.

What is the second line of defense in money laundering? ›

The Second Line of Defense refers to an organization's specialized risk management and regulatory compliance functions. Its job is to guide and oversee controls on an organization's front line operations, in order to ensure they adhere to any applicable regulations and effectively minimize risk.

What is the AML CFT policy in Luxembourg? ›

Key Luxembourg AML Regulations

In practice, this means that firms must conduct risk assessments to gauge the level of criminal risk that their customers present, and then deploy proportionate compliance measures, with higher risk customers subject to a greater degree of AML/CFT scrutiny.

What is the banking secrecy law in Luxembourg? ›

The banking secrecy gives the banker both an obligation and a right to keep information secret. The obligation means that the banker cannot under any circumstance, except where the law gives it permission, disclose such information which has been confided to the banker.

What is the Anti-Money Laundering Act called? ›

The Prevention of Money Laundering Act, 2002 (PMLA) forms the core of the legal framework put in place by India to combat money laundering. PMLA and the Rules notified there under came into force with effect from July 1, 2005 .

What is the Anti-Money Laundering Act in Europe? ›

What is the Anti-Money Laundering Directive? Anti-Money Laundering Directive (AMLD) is a set of regulatory requirements issued by the European Union (EU) containing rules to combat money laundering and terrorist financing by EU member states. Every country issues its own AML laws, often based closely on FATF guidance.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Catherine Tremblay

Last Updated:

Views: 5239

Rating: 4.7 / 5 (47 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Catherine Tremblay

Birthday: 1999-09-23

Address: Suite 461 73643 Sherril Loaf, Dickinsonland, AZ 47941-2379

Phone: +2678139151039

Job: International Administration Supervisor

Hobby: Dowsing, Snowboarding, Rowing, Beekeeping, Calligraphy, Shooting, Air sports

Introduction: My name is Catherine Tremblay, I am a precious, perfect, tasty, enthusiastic, inexpensive, vast, kind person who loves writing and wants to share my knowledge and understanding with you.