The CSSF updated on 4 October 2022 its Frequently Asked Questions regarding the AML/CFT market entry form for investment funds and investment fund managers (the “IFMs”) (the “FAQ”). A market entry form shall be completed by supervised funds (UCITS, UCI Part II, SIF, SICAR, or when asking authorization of a label (ELTIF, EUSEF, EUVECA or MMF) in relation to the set-up but also in case of approval of new sub-fund. It shall also be completed for the set-up of an authorized IFM or the registration of an IFM and adapted by such IFM in case of (i) approval of an additional license, a license extension including the request to manage an ELTIF, (ii) entry of a qualified shareholder in the shareholding structure of the IFM and/or (iii) merger (only if the merger leads to a change to the information provided in the Market Entry Form for the absorbing IFM). 

The FAQ aims to assist with the proper completion of the AML/CFT market entry form on eDesk.  

The updated FAQ clarifies the situation of the reporting of indirect shareholders, each holding less than 10% of the shareholdings of an IFM. In such a situation, it is not required to report such shareholders to the CSSF, but the CSSF requests to be provided with the following:  

• A written confirmation (from the IFM, the shareholder, the proposed acquirer or its representative) that each non-reported indirect shareholder is individually and, on an aggregate basis, holding less than 10% of the indirect shareholding of the IFM; 
• The maximum percentage that the most non-reported shareholder(s) is/are holding in the IFM;  
• A written confirmation that there is no shareholder agreement in place at the level of non-reported shareholders;  
• A written confirmation (from the IFM, the shareholder, the proposed acquirer or its representative) that there has been no AML/CFT sanction over the last five years for the indirect non-reported shareholders; and 
• Any other document requested by the CSSF. 

Feel free to contact our investment funds team regarding the completion of the AML/CFT market entry form. 

The law of 29 July 2022, which entered into force on 12 August 2022, amended the Law of 12 November 2004 on the fight against money laundering and terrorist financing, transposing Directive 2001/97/EC of the European Parliament and of the Council of 4 December 2001 amending Council Directive 91/308/EEC on prevention of the use of the financial system for the purpose of money laundering (the AML Law).

Following such amendments, professionals in the scope of such legislation will need to update their AML policies and procedures, in particular regarding customer due diligence, to provide, amongst other things, for the following obligations :

• To determine the extent of the customer due diligence requirements according to the assessment of risks relating to types of customers, countries or geographical areas and particular products, services, transactions or delivery channels;
• To compare the information collected with that in the registers (i.e. register of beneficial owners, if available) in order to detect any erroneous data or the absence of all or part of the data or the lack of registration, amendment or deletion. Professionals shall proceed in the same way in the context of the exercise of constant vigilance of the business relationship;
• To retain copies of the documents, data and information collected as part of the due diligence process;
• To apply enhanced due diligence requirements where a customer or a person purporting to act on behalf of or for the customer or beneficial owner is a PEP, i.e., to:

(a) have appropriate risk management systems, including risk-based procedures, to determine if the customer, the person purporting to act on behalf of or for the customer or beneficial owner is a politically exposed person;

(b) obtain senior management approval for establishing or continuing, for existing customers, business relationships with such persons;

(c) take reasonable measures to establish the source of wealth and source of funds that are involved in the business relationship or transaction with such persons;

(d) conduct enhanced ongoing monitoring of the business relationship.

Please get in touch with our investment management team if you wish assistance.

At a conference on December 3, 2019, Luxembourg’s Financial Sector Supervisory Authority (CSSF) has underlined to members of the country’s investment fund industry the need for improvement in aspects of controls designed to curb money laundering and the financing of terrorism.

Noting that Luxembourg is Europe’s largest fund centre in terms of assets under management, the CSSF notes that the country’s National Risk Assessment on Money Laundering and Terrorist Financing risks in December 2018 indicated that the investment fund sector carried a high risk because of the variety of entities involved, the high volume of retail and institutional investors and of the international scope of its business.

As the responsible authority designated by Luxembourg’s Anti-Money Laundering legislation of 12 November 2004 (the “AML Law”) for the oversight of money laundering and financing of terrorism controls on the part of registered alternative investment fund managers and self-managed non-alternative investment funds, the CSSF conducted in 2019 a survey designed to collect Anti-Money Laundering / Counter Financing Terrorism (AML/CFT) relevant data, and perform AML/CFT scoring of supervised entities

It concluded from the results that while most of the managers and funds surveyed possessed a sound framework for AML/CFT controls, there were some outliers, and discussions with industry members had identified areas for improvement or where further guidance was required.

Beneficial owner

The CSSF emphasises that there is always at least one beneficial owner and it is always an individual. In the case of corporate entities, senior executives should be treated as the beneficial owners if no other individuals meet the description or if there is any doubt regarding the identified persons as to the accuracy of their identification (see Article 1(7) of the AML Law).

Procedures

The regulator says procedures are the crucial building blocks of an efficient AML/CFT control framework, to ensure coherent and homogeneous controls commensurate with the entity’s risks. Therefore, there is no one-size-fits-all procedure; they should be customised and continuously updated in the light of changes to the regulatory framework and to the circumstances of entities themselves (see Article 4(1) of the AML Law).

Risk-based approach

A risk-based approach should be employed to optimise the use of resources and ensure that controls are commensurate with the inherent risks faced by the entity – the higher the risk, the more stringent the controls required. The CSSF notes that at the end of 2018 some registered AIFMs and self-managed non-AIFs did not have a risk-based approach in place, although it is mandatory, not optional (see Article 2-2 of the AML Law).

AML/CFT training

On its own, the mere implementation of AML/CFT training is not sufficient – it must be tailored to the services offered by the entities and adapted to the characteristics and requirements of the fund industry. Given the sector’s inherent high risk, the CSSF regards annual training as mandatory, and says it expects to see a significant improvement in terms of training curriculums over the coming year (see Article 4 of the AML Law).

Name screening on targeted financial sanctions

The CSSF says analysis of the questionnaire results revealed that the frequency of screening of names in connection with the targeted financial sanctions list, including for example those of the European Union and United Nations, needs to be improved to ensure that confirmed matches are notified by the professionals immediately to the competent authorities.

(See https://mfin.gouvernement.lu/en/dossiers/2018/sanctions-financiaires-internationales.html)

Transaction monitoring

The regulator underlines that transaction monitoring is vital to identify unusual transactions raising potential suspicion of money laundering or financing of terrorism that require investigation, and must be performed on all investors, not just those considered at highest risk. If monitoring is delegated to a third party, usually the Registrar Transfer Agent, the professional retains legal responsibility and must conduct oversight of the delegated provider.

Cooperation with the Financial Intelligence Unit

Under Article 5 of the AML Law, professionals must communicate any suspicion of money laundering or financing of terrorism to Luxembourg’s Financial Intelligence Unit without delay. To do so, they must be registered on the GoAML platform, which requires a LuxTrust token.

(See the Financial Intelligence Unit’s website, https://justice.public.lu/fr/organisation-justice/crf.html)

The CSSF launched a fresh online survey collecting standardised key information concerning ML/TF risks to which the professionals under supervision are exposed and the implementation of related risk mitigation and targeted financial sanctions measures, on February 3, 2020. Responses for fund sector entities must be submitted through the CSSF eDesk portal, by 15 March 2020, by a member of the management body of the entity, preferably the AML/CFT Compliance Officer who is responsible for AML/CFT compliance.

(See http://www.cssf.lu/fileadmin/files/Publications/Communiques/Communiques_2019/PR1957_Survey_AML_TF_281119.pdf)

In a frequently-asked questions document issued on November 25, 2019, Luxembourg’s Financial Sector Supervisory Authority (CSSF) has clarified the roles and responsibilities of the two individuals in charge of compliance with Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) controls for Luxembourg investment funds and managers according to the requirements of Article 4(1) of the law of November 12, 2004.

The legislation requires funds and management entities to appoint a member of their management body responsible for compliance with measures to curb money laundering and financing of terrorism, known as the responsible for compliance (responsable du respect des obligations in the French text of the law or RR for short). Depending on the size and activity of the business, the legislation also requires appointment of a AML/CFT compliance officer, described as a responsable du contrôle du respect des obligations (RC).

Given the high level of risk of money laundering and financing of terrorism in the investment fund sector identified by Luxembourg’s National Risk Assessment, the CSSF underlines that in practice this means all Luxembourg funds and managers subject to AML/CFT supervision are legally required to appoint both a RR and a RC.

Who can be the RR and RC?

For investment funds supervised by the CSSF, the RR can be the board of directors or other governing body acting as a collegial body, or the board of directors may nominate one of its members, as long as the RR has sufficient AML/CFT knowledge with regard to the applicable Luxembourg legislation and regulation as well as with regard to the investments and distribution strategies of the fund. The RR shall be able to demonstrate this knowledge upon request of the CSSF and shall be reachable without delay upon contact by the Luxembourg AML/CFT competent authorities. The RC, who must be mandated personally by the board or other governing body of the fund, may be a member of the board with demonstrable appropriate expertise and experience of money laundering and financing of terrorism controls under Luxembourg’s legislation and regulations as well as being knowledgeable about the fund’s investment and distribution strategies.

For investment fund managers supervised by the CSSF, the RR can be the board of directors or other governing body, or one of its members, and their AML/CFT knowledge with regard to the applicable Luxembourg legislation and regulation should cover the services provided by the investment fund manager. The RC shall be the compliance officer at appropriate hierarchical level in charge of AML/CFT aspects for the investment fund manager and shall have AML/CFT knowledge and expertise related to the applicable Luxembourg legislation and to the investment fund managers’ services.

Can the RC be a third-party employee?

If the RC is a third party, the fund must conclude a contractual relationship with the RC personally or, where the contract is with the RC’s employer, it must name the individual, whose replacement must be subject to the fund’s approval, and the individual designated as the RC must acknowledge its appointment in writing. If the fund has designated an investment fund manager, the RC may be a member of the staff of such investment fund manager.

In principle the RC must be based in Luxembourg to carry out their duties, but the CSSF may exceptionally permit it to be located abroad if the fund manager and the employee designated as RC are not domiciled in Luxembourg, provided it fulfils the expertise and knowledge criteria.

Conditions applicable to RC

The RC of a fund manager should be the compliance officer in charge of AML/CFT controls. The CSSF stipulates that the RC, whether of a fund or manager, must be available to the regulator on request without delay, and that they must have access to all internal documents and systems required to perform their duties, especially if they are not based in Luxembourg.

For further details of requirements regarding the skills and duties of AML/CFT compliance officers, please refer to articles 40(3) to 43 of CSSF Regulation n°12-02 of December 14, 2012. This CSSF regulation is available here.