IT regulatory compliance in financial sector


IT Regulatory Compliance in Financial Sector

Assisting in evaluation and remediation

The Commission de Surveillance du Secteur Financier (CSSF) is responsible for the prudential supervision of professionals of the financial sector.

The requirements issued by the CSSF also deal with the supervision of information systems of financial professionals. In an environment of increased pressure on costs, Luxembourg financial professionals are often required to buy into their parent groups’ information systems consolidation efforts or recourse to business process outsourcing, while maintaining local management’s obligation of results towards robust internal governance arrangements, as well as confidentiality of Client Identification Data, which is mandated by local laws and regulations

How Deloitte can help?

Deloitte helps our clients comply & remediate through:

  • Compliance Assessment – gap analysis of the client’s IT projects compliance against laws and regulations and pragmatic recommendations for improvement
  • Assisting in Communications with the Regulator – preparation (or quality assurance) of introduction files and participation to meetings with the regulator
  • Definition of Target Operating Models – identifying and comparing potential IT architectures, processes and organisations that would enable compliance

Deloitte proposition overview

  • CSSF Circular 17/654 Compliance – Assist financial professionals, including mainly credit institutions, investment firms, specialised PSFs, support PSFs, payment institutions and electronic money institutions, as well as management companies and alternative investment fund managers, in aligning relevant IT outsourcing based on a cloud computing infrastructure to the CSSF’s requirements on cloud computing.
  • CSSF Circular 12/552 Compliance – Assist Banks and Investment Firms PSFs in aligning the Information Technology and Information Security functions, as well as outsourcing initiatives, to the CSSF’s updated requirements on central administration, internal governance, and risk management
  • Information Security Officer (ISO) on demand – Design the security function and provide resources with security and technical expertise to support the function
  • CSSF Circular 05/178 Compliance – Assist Specialised and Support PSFs in aligning the Information Technology function to the CSSF’s requirements on IT outsourcing
  • CSSF Circular 13/554 Compliance – Assist professionals of the financial sector in aligning existing (or projected) global “resources access tools” implementations (e.g. Microsoft Active Directory) to the CSSF’s requirements by in-depth analysis of IT regulatory issues and proposition of technical and organisational solutions
  • CSSF Circular 12/544 Compliance – Assist Support PSFs in the design and deployment or quality assurance of the Risk Based Approach mandated by CSSF

IT regulatory compliance


Roland Bastin

Roland Bastin

Partner | Risk Advisory & Forensic

Roland is a partner within the advisory and consulting department and joined the Risk Advisory practice of Deloitte in 2001. He is responsible for IT audit, IT security, IT regulatory compliance, Data... More

Irina Hedea

Irina Hedea

Partner | Information & Technology Risk

Irina is a Partner in Advisory & Consulting, where she focuses on Information Security Management. With more than 10 years’ experience, she is assisting the clients in the various projects related to ... More