October 2018: Regulatory Update | Asset Management


Share on facebook
Share on twitter
Share on linkedin


Luxembourg is emerging as a key investment jurisdiction for asset managers, especially with the possibility of a hard Brexit looming. As it jostles with Ireland for poll position as the fund domicile jurisdiction of choice in the EU, reports suggest that the number of people working in the Luxembourg investment industry grew by 10 percent in 2017. It is therefore paramount that we stay up to date with the latest updates to local regulation and compliance.


New rules have been issued by Luxembourg’s regulator the Commission de Surveillance du Secteur Financier (CSSF), setting out the authorisation and organisation of fund managers in the country. The changes signify and reinforce Luxembourg’s clear intention to establish itself as a transparent jurisdiction with good governance and controls.


Take a look at each of the latest changes impacting the regulatory landscape in Luxembourg, covering the following:


  • Overview of Luxembourg Laws & Circulars
  • Governance Obligations & Framework
  • Delegation of Duties & Oversight
  • Three Lines of Defense
  • AML/CTF Obligations – New Business and Products
  • Conditions for Approval
  • Other Highlights


Overview of Luxembourg Laws & Circulars




On 06 June 2018, the CSSF issued a new Law, commonly referred to as the SFT law.

It focuses on implementing the European Securities Financing Transactions Regulation 2015/2365 (“SFT Regulation”) and amends existing UCI, AIFM and insurance sector law’s – entering in to force on 12 June 2018 .


CSSF Circulars:


—18/695 (only in French) – Update of table B 4.6 “Persons responsible for certain functions and activities“.


—18/694, 5 July, pertains to the FATF statements concerning jurisdictions whose AML/ CTF regime present either (i) strategic deficiencies or (ii) requires the application of enhanced due diligence measures or (iii) is not satisfactory


—18/693 – Adoption of the Guidelines of the European Banking Authority on connected clients under Article 4(1)(39) of Regulation (EU) No 575/2013 (EBA/GL/2017/15) was published by the CSSF.


—18/688 – Guidelines issued by the European Securities and Markets Authority (ESMA) on the process for the calculation of indicators used to determine the most relevant currencies in which settlement takes place.


—18/690 – Guidelines of the European Securities and Markets Authority (ESMA) on the management body of market operators and data reporting services providers.


The Background Surrounding the New Circular 18/698


The new CSSF Circular replaces the existing CSSF Circular 12/546. It includes the compliance and internal control requirements previously outlined in CSSF Circular 04/156 and IML Circular 98/143, both no longer applicable.


It also extends the initial scope the “Investment Fund Managers” (“IFMs” or “gestionnaires de fonds d’investssement”), including UCITS management companies and AIFMs.


Best Practices” have been formalized into regulatory requirements and add specific new expectations to the following areas:


  • Governance, including internal administration and procedures
  • Central administration
  • Internal controls and organizational requirements
  • Delegation and Oversight
  • Marketing
  • Valuation


In summary, this CSSF circular delivers further clarity around scope by defining key function and key responsibilities.


Entities in Scope of the Circular


  • Luxembourg Management Companies (“ManCos”) subject to Chapter 15 of the Law 17 December 2010;
  • ManCo’s incorporated under Luxembourg law subject to Article 125-1 or Article 125-2 of Chapter 16 of the 2010 Law;
  • Luxembourg branches of IFMs subject to Chapter 17 of the 2010 Law;
  • Luxembourg Investment company which has not designated a ManCo, or “SIAG” (i.e. self managed investment company);
  • Authorised AIFMs under Chapter 2 of the 2013 Law;
  • Internally managed AIFs within the meaning of Article 4(1)(b) of the 2013 Law (“fonds d’investissement alternatifs gérés de manière interne” or “FIAAG”).


Definitions & Abbreviations


The circular comes with comprehensive definitions expanding the standard legal and regulatory references, such as:


  • Delegates (1.9)
  • Key-functions (1.15)
  • Own funds requirements (1.16)
  • Senior management (1.18)
  • Managing Body (1.26)
  • Governing Body (1.28)
  • Qualifying Holdings (1.31)


Governance Obligations & Framework


Board of Directors:

  • Have defined roles and responsibilities, avoiding overlap between board membership and executive management
  • Have a threshold → maximum of 20 mandates and 1,920 professional hours/year (depending on company size – principle of proportionality).
  • Must adhere to the fit and proper principles → i.e. they must have sufficient experience and be competent, proving professional integrity and honorability.

Senior Managers:


  • There must a minimum of two Senior Managers (“SM”) permanently located in Luxembourg.


  • Flexibility is allowed if the manager’s AuM is below €1.5bn  – in this instance, one of the two SM can be resident abroad.
  • SM can be non-resident’s of Luxembourg providing they are able to reach the country everyday.
  • If the IFM has more than two SM, additional SM can be located abroad if they have qualified staff in Luxembourg to support them in their areas of responsibility.


New requirement: The IFM Governing Body must be composed of at least 3 FTE resident’s in Luxembourg, including Senior Management (Conducting Officers) and other staff members.


Delegation of Duties & Oversight


The Circular confirmed that the below activities can be delegated by the IFM:


  • Portfolio Management*
  • Risk management*
  • Valuations
  • Complaints
  • Compliance
  • Internal Audit
  • IT
  • Finance
  • MiFID Services
  • Delegation to TA, Investment Advisors, Fund Promoters and Distributors covering AML/CTF of investors, portfolio managers, etc.


*These two activities can only be delegated separately, otherwise there is a conflict of interests.


Delegation of Duties & Oversight


Delegation of functions from IFM to TA (registration services) supports the following:


  • —Information sharing between the two parties, allowing for due diligence.
  • —Any risk assessment and mitigation arising from delegation to third parties and prime brokers.
  • —Authorisation to delegate to third parties (scope of delegation to be clear).
  • —Sub-charter 6.2: compliance with the general framework of delegation. *Limits of the scope of delegation are related to substance and teams.
  • —A risk based approach to ongoing monitoring of delegates.
  • —Definition of KPIs.
  • —Testing and sound BCP.

The Three Lines of Defense


Three key points relating to the three lines of defense are found in the Circular Part II, (points 131 to 133) :


  • —The organisational chart of the IFM details the various (operational and control) functions of the structure and the hierarchical and functional links between them, and with the senior management and the managing body/governing body of the IFM.
  • —Need for job descriptions, including principles and segregation of duties.
  • —Org Charts with assigned staff to the functions.

Other key references in Part II (points from 155 to 158):

  • —Definitions of the first, second and third line of defense duties.
  • Extract: “the three lines of defense are complementary, each line of defense assuming its control responsibilities independently of the other lines.”


Reporting Requirements of the Second Line of Defense


Risk management:

Adequacy and effectiveness of risk management is to be submitted once a year, at the latest 5 months following the end of the financial year of the IFM.




Compliance is to cover recommendations, problems, deficiencies and irregularities identified. The report shall specify the degree of severity and propose the corrective actions. Amongst other things the report needs to list the results if EDD, presence of PEPs, blocked accounts, etc. (subsection, point 318).


This report is also to be submitted to the CSSF once a year, at the latest 5 months following the end of the financial year of the IFM.


Reporting Requirements of the Third Line of Defense


The internal audit must cover all recommendations, problems, deficiencies and irregularities identified. It must also specify the degree of severity and propose corrective actions to the management and the governing bodies of the IFM as required.


The report must cover a multi-year period (3 years) and address the following items (amongst others):


  • —Portfolio management
  • —Discretionary management
  • —Compliance and risk management
  • —Accounting functions
  • —IT functions
  • —Remuneration policy, etc.
  • —AML/CTF


AML/CTF Obligations – New Business & Products


AML/CTF obligations are not only applicable to the IFM but also to the entity carrying out the registrar function (TA).


The IFM is subject to Regulation 12-02:


  • —Art. 33 (1) – ongoing due diligence subject to prohibitions or restricted measures in financial matters.
  • —Art. 39 (1) – procedures and identification mechanism for client acceptance and monitoring of existing relationships (e.g. Source of funds, transaction monitoring).


—The new Circular also encourage the IFMs to monitor FATF publications.


AML obligations required by the AML Law and October 2010 law must be effectively implemented (and also applied to any UCIs managed) by the IFM. They must also be monitored and verified on regular basis.


In the instances where the AML/CTF is delegated to a third party (registrar agent), the IFM is still considered liable.


Conditions of IFM Approval


An IFM will be entitled to obtain or maintain authorisation from the CSSF in the following instances:


  • They have provided exhaustive information on the shareholder and board members who have a qualifying holding .
  • The shareholding structure is easily accessible to the CSSF for adequate supervision.
  • The concept of sound and prudent management is respected.
  • Additional information is provided i.e. detailed org chartdeclaration of honor of the shareholders, constitutional documentations, etc.
  • The shareholder funds the IFM with its own funds and on its own behalf (Chapter 3)
  • There are no conflicts of interest when the depositary has direct or indirect qualifying holding in a IFM.


Any change in the structure must be promptly notified to the CSSF.


Other Highlights of the Circular


It provides an alignment of the risk management requirements for AIFs and UCITS and also addresses specific sections around the application of the European Market Infrastructure Regulation (EMIR) and Money Market Fund Regulation (MMFR).


The exchange of information between the IFM and the depositary:


  • —The IFM must ensure that the depositary receives all the necessary information to enable fulfil of its obligations with the UCI.
  • —Specific provisions are applicable to Chapter 15 ManCos (CSSF Circular 16/644, Par. 33) and the AIFM (CSSF Circular 18/697, par. 65).


Never miss an update – Click Here to sign up to receive the latest Apex Regulatory Updates in your inbox as soon as they are released.


Contact our compliance department: Sonja Maria Hilkhuijsen, Global Head of Compliance and Data Protection | Francesca Nasini, Global Compliance and Data Protection Officer: [email protected]


Click Here for more about Apex Luxembourg.


Share on facebook
Share on twitter
Share on linkedin

Get in touch with our team

Submit your query

Cookie control
This website uses cookies so that we can make your experience better. If you wish to change your cookie settings please refer to our Privacy Policy. Otherwise we will assume you’re OK to continue. Privacy Policy