Key CSSF regulations and circulars for Professionals of the Financial Sector (PSF)

The CSSF regulations and circulars form the core ‘practical’ dispositions with which PSF must comply. They apply to all or some PSF, meet legal obligations specific to the financial industry (combating money laundering and terrorist financing) or organisational requirements for one of the three categories of PSF, and further specify the systems introduced by the CSSF as part of its financial sector supervision (regular reporting) or impose financial ratios (capital adequacy). They provide guidance in establishing and maintaining the relevant financial or financial sector ancillary activities.

The main regulations and circulars issued by the CSSF are presented below. A fast-reference table of the regulations and circulars specifying their respective scopes of application is included in Appendix 1.

CSSF regulation 13-02 and CSSF circular 14/589 relating to the out-of-court resolution of complaints

These regulation and circular are applicable to all PSF and supersede circular 95/118 on customer complaint handling.

This regulation aims at defining the rules applicable to the requests for the out-of-court resolution of complaints filed with the CSSF and is specifying certain obligations incumbent on professionals in relation to the handling of complaints.

The procedure for handling the requests aims at facilitating the resolution of complaints against PSF without judicial proceedings. It is not a mediation procedure. The CSSF’s intervention shall be subject to the principles of impartiality, independence, transparency, expertise, effectiveness and fairness.

CSSF circular 14/589 provides details concerning the regulation, mentioning namely that the recording of complaints must be computerised and secured, that the respect of the policy must regularly be controlled by the compliance and internal audit functions, and that annual documents (table and report) shall be communicated to the CSSF no later than 1 March of each year and shall cover the previous calendar year.

Learn more about CSSF regulation 13-02 and CSSF circular 14/589

CSSF regulation 12-02 on the fight against money laundering and terrorist financing

While this regulation can be regarded as central to the practical system introduced by the lawmaker to combat money laundering and terrorist financing, it must be taken as part of a broader regulatory fabric based on the modified law of 12 November 2004 and the Law (Art. 39 and 40). Together, these form the cornerstone of the subject, supplemented by other circulars, particularly CSSF circular 06/274 on instructing party information accompanying transfers of funds.

This regulation gives a formal and legally binding nature to existing professional guidance set out previously by CSSF circulars.

CSSF circular 11/529 specifies the requirements for the risk analysis inherent to each PSF’s business activities that must be set down in writing. The management shall first identify the risks of money laundering or terrorist financing. The management shall further set up a methodology in order to categorise these risks and afterwards define and implement measures to mitigate the identified risks.

Learn more about CSSF regulation 12-02

CSSF circular 12/552 as amended by CSSF circulars 13/563, 14/597 and 16/642

Central administration, internal governance and risk management

This circular is applicable to investment firms. Consequently, CSSF circulars 95/120, 96/126, 98/143, 04/155, 05/178 and 10/466 shall be repealed for them.

This circular gathers the regulatory obligations that investment firms PSF will need to satisfy. As regards professionals performing lending operations as defined in Article 28-4 of the modified law of 5 April 1993 relating to the financial sector, only the chapter on credit risk in the risk management section shall apply.

The Commission de Surveillance du Secteur Financier brought together all the key implementing provisions on internal governance in this single circular, reflecting the guidelines of the European Banking Authority on internal governance of 27 September 2011 and those of the Basel Committee on Banking Supervision on internal audit of 28 June 2012, while supplementing them by the additional provisions included in CSSF circulars 96/126, 98/143, 04/155, 05/178 and 10/466.

The implementing procedures on central administration as specified in CSSF circular 95/120 are also integrated, as well as all the provisions on risk management. Thus, while the majority of the provisions in CSSF circular 12/552 as amended by CSSF circular 13/563 are not new per se, there is a strong emphasis on further formalisation needs to document internal governance arrangements and the way internal control activities are conducted.

Learn more about CSSF circular 12/552

CSSF circular 95/120 – central administration

This circular is applicable to specialised and support PSF. It has been replaced by CSSF circular 12/552 for investment firms. However the concepts, the principles are the same.

This circular reflects Article 17 of the Law and stipulates that to obtain a licence for PSF status, the entity must not merely have a legal registered office in Luxembourg, but its central administrative office, thus inferring the existence of its decision-making centre and its administrative centre in Luxembourg.

The circular specifies the meaning of ‘central administration’ which corresponds to managerial and business functions, as well as operational and control functions. It further defines the notion of ‘centre’ to and from which extend all the PSF’s components, implying the existence of sufficient technical and human resources necessary for its operations.

Learn more about CSSF circular 95/120

CSSF circulars 96/126, 05/178 and 06/240

Administrative and accounting organisation and IT subcontracting

These circulars are applicable to specialised and support PSF. They have been replaced by CSSF circular 12/552 for investment firms. However the concepts, the principles are the same.

Reflecting Article 17 (2) of the Law which requires PSF to furnish evidence of good administrative and accounting organisation, these circulars follow on from the previous circular 95/120 and provide guidelines on how such an organisation functions (they should, in fact, be read in conjunction). They further specify the IT security measures that PSF must put in place to meet banking secrecy requirements. The recommendations made in these circulars are to be adapted to each PSF according to operations and size.

Learn more about CSSF circulars 96/126, 05/178 and 06/240

CSSF circular 98/143 – internal control

This circular is applicable to specialised and support PSF. It has been replaced by CSSF circular 12/552 for investment firms. However the concepts, the principles are the same.

This circular presents and develops the principles of adequate internal control applicable to PSF in accordance with Article 17 (2) of the Law.

To satisfy the following aims:

• The objectives set by the undertaking are achieved

• Resources are used efficiently and economically

• Risks are adequately managed and assets are protected

• Financial and management information is complete and reliable

• Laws and regulations as well as in-house policies, plans, rules and procedures are observed
  

The circular specifies the respective responsibilities of the entity’s board of directors and management and the internal control system to be introduced.

Learn more about CSSF circular 98/143

CSSF circular 07/307 as amended by CSSF circulars 13/560, 13/568 and 14/585

Rules of conduct in the financial sector

This circular, which applies solely to investment firms, defines the organisational requirements and rules of conduct in the financial sector (transposing the Directive on Markets in Financial Instruments (MiFID) 2004/39/EC and Directive 2006/73/EC).

Regarding organisational requirements, chapter 3 of this circular includes the board of directors’ responsibility, the authorised management’s responsibility and provides further detail about risk management, compliance and internal audit functions.

In October 2013, the European Securities and Markets Authority (ESMA) published the French version of its guidelines on remuneration policies and practices (MiFID). Circular 14/585 transposes these guidelines into Luxembourg regulation in the form of an annexe V of CSSF circular 07/307.

Learn more about CSSF circular 07/307

CSSF circular 07/290 as amended by CSSF circulars 10/451, 10/483, 10/497 and 13/568

Definition of capital adequacy ratio

Circular 07/290 as amended by CSSF circulars 10/451, 10/483, 10/497 and 13/568 applies solely to investment firms, excluding all entreprises only authorised to provide investment advisory services and/or receive and communicate orders from investors without holding any funds and/or securities of their clients. It defines a capital adequacy ratio, seeking to ensure that investment firms have sufficient capital with regard to credit, dilution, operational and foreign exchange risks, risks of basic product price fluctuations and portfolio risks.

The capital adequacy ratio is the ratio between eligible capital and the global capital required to cover the different types of risks. Investment firms must have sufficient capital at all times to cover their global capital requirement on an individual basis and, as applicable, on a consolidated basis. Eligible capital forming the numerator of the ratio includes tier-1 capital, tier-2 capital and tier-3 capital.

CSSF circulars 01/28, 01/29, 01/4725 and 02/65

Concerning domiciliation

In the context of the modified law of 31 May 1999 governing domiciliation of companies, these four CSSF circulars address various aspects of the domiciliation activity in Luxembourg.

CSSF circular 01/28 stipulates the persons and companies authorised to operate as corporate domiciliation agents.
CSSF circular 01/29 lists the minimum content of a corporate domiciliation agreement.

CSSF circular 01/47 defines the professional duties applying prior to and after entering into a domiciliation agreement for corporate domiciliation agents subject to CSSF supervision. It also provides general guidelines for domiciliation agents encountering conflict of interest situations.

Lastly, CSSF circular 02/65 provides further detail to the modified law of 1999 as regards the notion of registered office.

CSSF circular 10/437

Guidelines concerning compensation policies in the financial sector

This circular aims to improve the way financial institutions take, manage and control risks, by defining guidelines namely on the structure of compensation and the process of preparing and implementing compensation policies.

From this perspective, CSSF circular 10/437 stipulates the scope of application, the exclusions, the structure of the compensation policy, and the disclosure, monitoring and entry into effect of the guidelines.

CSSF circular 12/544

Optimisation of the supervision exercised on the support PSF by a risk-based approach

This circular implements a risk assessment and management process for the provision of services to the financial sector for support PSF, relying on:

1. The application of the principle of proportionality according to the importance of the activity exercised in the financial sector by the support PSF
2. Self-assessment and management taken into account regarding risks the support PSF exposes the financial sector to and which are subject to an annual risk assessment report (RAR) by the support PSF; a description of the activities exercised in the financial sector, the organisation and infrastructure – to be provided annually in a descriptive report (DR) – will facilitate the understanding and analysis of the risks reported in the RAR
   

It is expected that the above would be completed with the issuance of an agreed-upon procedures report of findings by the approved statutory auditors, allowing a precise assessment of the organisation, the internal control system, the financial situation and the risks incurred.

CSSF circular 13/554

Evolution of the usage and control of the tools for managing information technology resources and the management access to these resources

This circular applies to all PSF and concerns the tools allowing the management of access rights to IT resources connected to a network and/or the centralised registration and administration of most of these resources.

The PSF must always have full control over the resources under their responsibility and the corresponding access to these resources, primarily for compliance and governance reasons and secondly in order to protect confidential data subject to professional secrecy.

The technical note annexed to the circular provides the mandatory technical rules and focus on preventive controls implementation since corrective controls are not considered as sufficient and should be performed as a contingency solution in case of preventive control failover.