CSSF amends CSSF Regulation n°12-02 of 14 December 2012 on the fight against money laundering and terrorist financing


CSSF amends CSSF Regulation n°12-02 of 14 December 2012 on the fight against money laundering and terrorist financing

1 September 2020

Regulatory News Alert

Context and objectives

On 20 August 2020, CSSF Regulation n°20-05 of 14 August 2020 amending CSSF Regulation n°12-02 of 14 December 2012 relating to the fight against money laundering and the financing of terrorism was published in the Official Journal.

Initially introduced to respond to remarks made in the third FATF Luxembourg mutual evaluation report of February 2010, CSSF Regulation n°12-02 aims to strengthen and complete the Luxembourg regulatory framework by specifying the key concepts of a risk-based approach, customer due diligence, adequate internal organization, and cooperation with the authorities.

PDF - 147kb

Following the transposition of the Fifth Anti-Money Laundering Directive into Luxembourg legislation, the CSSF has updated its regulation to incorporate the changes introduced in the law of 12 November 2004, as amended (the “AML Law”).

The amended version includes the following changes:

1. Simplified due diligence:

  • When entering into a business relationship with a new client that represents a low money laundering (ML) and/or terrorist financing (TF) risk, the acceptance may be carried out in an automated way that does not require the intervention of a natural person.
  • The amended version also includes concrete examples of simplified due diligence measures that professionals may apply to the business relationship in the case of a justified low risk. As an example, verifying customers subject to a compulsory authorization or registration regime for anti-money laundering (AML) and/or combating the financing of terrorism (CFT) purposes can be performed by searching the regulator’s official website and documenting the search results.

2. Enhanced due diligence:

  • Despite the AML Law no longer providing for the automatic application of enhanced due diligence measures regarding non-face-to-face business relationships, the CSSF requires professionals to take additional measures considering the potential higher risk of these relationships where the professional did not take the necessary guarantees into account.
  • Regarding the enhanced due diligence measures applied to politically exposed persons (PEPs), the amended version imposes a detection frequency of six months.

3. Due diligence on transfers of funds: prior to the transfer of funds, the payer’s payment service provider is now obliged to verify the accuracy of the information on the payer when transferring funds within the European Union (EU) that exceed EUR1,000. Furthermore, for any transfer above EUR1,000 within the EU, and before crediting the funds, the payee’s payment service provider must now verify that no information is missing for the payee.

4. Outsourcing: the obligations of a professional relying on a service provider or agent are detailed further. The monitoring obligation should allow the professional to verify and control compliance with the obligations of the service provider.

5. Governance: the amended regulation specifies the functions of the person responsible for the compliance with AML-CTF matters (the “person responsible for compliance”) and of the person responsible for the control of this compliance (the “person responsible for control”).

  • The person responsible for control should be designated at the level of the authorized management and should be responsible for the fight against ML/TF. This role requires the person to act as a second line of defense and, therefore, to verify compliance with AML/CFT obligations.
  • The person responsible for control must prepare an AML/CFT summary report, which is communicated to the person responsible for compliance and authorized management. This report is to be submitted to the CSSF annually.

What is in it for my institution?

This regulation is designed to provide a complete guide for all regulated entities, with concrete measures to further strengthen their AML/CFT policies.

Since several cases have been identified across the EU over the last few years, the EU and local authorities are increasingly reviewing the application of procedures and compliance with AML/CFT regulations. Now more than ever, financial institutions must complete and document their approach to these matters as a priority.  

Accordingly, financial institutions should check, document and potentially remedy the application of the different requirements presented in this regulation.

How can Deloitte help?

Deloitte’s advisory specialists and dedicated services can help you design and implement your business strategy in light of the evolution of regulatory frameworks and market trends.

Deloitte’s AML and CTF advisory specialists and dedicated services can also help you design and implement your renewed business strategy in light of the future evolution of the AML/CFT framework.

Key Deloitte AML services include:

  • AML/know your customer (KYC) remediation plan
  • AML/CTF training
  • AML/CTF policy, procedure, and process design or review
  • Assistance in risk assessment drafting regarding ML/TF
  • DKYC: externalizing KYC processes

Deloitte’s Regulatory Watch Kaleidoscope service helps you stay ahead of the regulatory curve to better manage and plan upcoming regulations.


Subject matter specialists

Pascal Eber
Partner – Consulting Banking, Insurance and Non FSI Leader
Tel : +352 45145 2649

Eric Collard
Partner – Forensic & AML, Restructuring
Tel : +352 45145 4985

Bastien Collette
Director – Advisory & Consulting (AML/CTF)
Tel : +352 45145 3372

Maxime Heckel
Director – Forensic & AML, Restructuring 
Tel : +352 45145 2837

Alice Lehnert
Director – Advisory & Consulting 
Tel : +352 45145 2605

Regulatory Watch Kaleidoscope service

Simon Ramos
Partner – IM Advisory & Consulting Leader
Tel : +352 45145 2702

Jean-Philippe Peters
Partner – Risk Advisory
Tel : +352 45145 2276

Benoit Sauvage
Director – RegWatch, Risk Advisory
Tel : +352 45145 4220

Marijana Vuksic
Manager – RegWatch, Risk Advisory
Tel : +352 45145 2311

Insert CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.

Did you find this useful?