CSSF ¦ Circular CSSF 26/914 Identification of Obliged Entities Eligible for Direct Supervision by AMLA

CSSF ¦ Circular CSSF 26/914 Identification of Obliged Entities Eligible for Direct Supervision by AMLA

AMLA starts mapping entities for direct EU supervision

On 25 June 2026, the Luxembourg financial supervisor, the CSSF, issued Circular 26/914 to alert a broad range of regulated firms that the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism, AMLA, is collecting data to identify obliged entities that may fall within its direct supervision perimeter.

The exercise is not just about supervision. AMLA will also use the data to determine which entities will be subject to fees under Article 77(1) of Regulation (EU) 2024/1620. In practical terms, this means that firms now need to review their structure, assess their reporting responsibilities, and complete the required template within a short deadline.

Who is in scope

The circular is addressed to credit institutions, investment firms, investment fund managers (IFMs), including registered AIFMs, Luxembourg branches of investment fund managers, SIAG, FIAAG and investment funds that did not appoint an investment fund manager, as well as payment institutions (PIs), electronic money institutions (EMIs), and crypto-asset service providers (CASPs).

It applies to entities incorporated under Luxembourg law that are either the ultimate parent undertaking in the EU with branches, subsidiaries or freedom to provide services, or solo entities that are not part of a group. It also covers Luxembourg establishments that have been designated as the reporting entity for all EU establishments of a group where there is no parent undertaking in the EU.

This is a wide net, and firms should not assume that only the largest groups are affected. The wording captures both group structures and standalone firms, which means many regulated entities will need to check whether they are expected to report.

Bastian Schwind-Wagner
Bastian Schwind-Wagner

"CSSF Circular 26/914 confirms that AMLA is now gathering data to identify obliged entities that may fall within its future direct supervision perimeter. A wide range of Luxembourg-regulated firms, including credit institutions, investment firms, fund managers, payment institutions, e-money institutions, and crypto-asset service providers, must review whether they are in scope and prepare the required template.

The completed template must be submitted through the CSSF eDesk platform by 22 July 2026, with the dedicated campaign opening on 20 July 2026. Responsibility remains with the RC or RR, even if the work is delegated, and firms should also expect that AMLA may request further information after the deadline."

Why AMLA is collecting the data

AMLA is preparing for the selection process scheduled for 2027, when certain obliged entities will be chosen for direct supervision at EU level. To support that process, it needs a consistent set of data to assess whether an entity meets the eligibility criteria under Article 12(1) of Regulation (EU) 2024/1620.

The same data set will also support the calculation of fees for entities that fall within the scope of AMLA’s fee regime. So the exercise is both supervisory and financial in nature, and the quality of the submission matters.

What firms must do now

AMLA has published a data collection package on its website. The package contains two essential items: the template that firms must complete and submit, and an interpretative note that explains how the template should be filled in. The CSSF makes clear that the interpretative note should be reviewed before any completion begins.

The completed template must be submitted to the CSSF no later than 22 July 2026. The CSSF will open a dedicated eDesk campaign on 20 July 2026, and registered compliance officers will receive notification. Submissions must be made through the CSSF eDesk platform.

Who is responsible for the submission

The questionnaire must be submitted by the compliance officer responsible for monitoring compliance with professional obligations, referred to in the circular as the RC, or by the person responsible for compliance with professional obligations, the RR.

The work can be delegated to another employee or even a third party inside the eDesk platform, but the responsibility for correct completion remains with the RC or RR. That means firms should not treat delegation as a transfer of accountability. The designated responsible person, and any delegate, must have an eDesk account with LuxTrust authentication.

Practical implications for compliance teams

For compliance teams, the key point is that this is a time-sensitive information request tied to an emerging EU supervisory framework. Firms should make sure they identify the correct reporting entity, confirm whether they fall within the scope of the circular, and gather the required data early enough to avoid last-minute issues.

The fact that AMLA may request additional information after the deadline also suggests that this is only the first stage of a broader supervisory assessment. Firms should therefore keep supporting records aligned with the data submitted and be ready to explain any figures or structural details if challenged later.

AMLA has already started outreach

The CSSF notes that AMLA hosted a webinar on 10 June 2026, offering a practical walkthrough of the template and answering previously submitted questions. The webinar materials, slide deck, and sample pre-filled templates are now available on AMLA’s website. For firms preparing their submissions, these materials may be useful in reducing interpretation errors and improving consistency.

The bigger picture

Circular 26/914 is another sign that the EU anti-money laundering framework is moving from legislative design to operational implementation. AMLA is not yet directly supervising entities, but the groundwork is already being laid. Firms that are likely to fall within the future perimeter should treat this as a signal to strengthen data governance, clarify ownership of reporting duties, and test whether their group structures can support centralised supervisory reporting.

For many institutions, the immediate task is straightforward but important: complete the template accurately, submit it on time, and ensure the information is defensible. In a developing EU AML framework, that may prove to be a useful test of preparedness.

Talk copyright holder(s): Anti-Money Laundering Authority (AMLA)
The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.
Did you find any mistakes? Would you like to provide feedback? If so, please contact us!
Dive deeper
  • CSSF ¦ Circular CSSF 26/914 Identification of Obliged Entities Eligible for Direct Supervision by AMLA ¦ Link
  • AMLA ¦ AMLA takes next step toward 2027 selection of entities for direct supervision ¦ Link
  • EUR-Lex ¦ Regulation (EU) 2024/1620 ¦ Link
Bastian Schwind-Wagner
Bastian Schwind-Wagner Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.