Luxembourg National Risk Assessment

1 .

E X E CU TI V E SU MMA R Y .......................................................................................4

1.1.

1.2.

1.3.

1.4 .

Approach and methodology ..................................................................................................4

Assessment of inherent risks – threats and vulnerabilities...................................................6

Mitigating factors.................................................................................................................11

Looking ahead......................................................................................................................14

2 .

2.1.

I ntroduction.....................................................................................................1 5

Purpose and objective of the NRA exercise.........................................................................15

Luxembourg’ s demographic, economic, legal and political landscape................................16

Luxembourg’ s economy and demographics ........................................................................17

Luxembourg’ s political and legal system .............................................................................19

2.2.

2.2.1.

2.2.2.

3 .

3.1.

Methodology ...................................................................................................2 1

General approach and process ............................................................................................22

Two-step approach of inherent and residual risk analysis ..................................................24

Granularity and scope of the NRA .......................................................................................25

Scorecard approach .............................................................................................................27

Inputs used...........................................................................................................................27

Methodology for inherent risk.............................................................................................28

Methodology for threat assessment ...................................................................................28

Methodology for vulnerabilities assessment.......................................................................30

Methodology for mitigating factors and residual risk .........................................................32

Methodology for impact of mitigating factors ....................................................................32

Methodology for residual risks ............................................................................................36

National AML/CFT Strategy..................................................................................................38

3.1.1.

3.1.2.

3.1.3.

3.1.4 .

3.2.

3.2.1.

3.2.2.

3.3.

3.3.1.

3.3.2.

3.4 .

4 .

CO V I D -1 9 Crisis: I mpact on threats, vulnerabilities and mitigating factors.........3 9

ML/TF Threats......................................................................................................................39

ML/TF Vulnerabilities...........................................................................................................4 1

Mitigating factors.................................................................................................................4 2

4 .1.

4 .2.

4 .3.

5 .

5.1.

I nherent risk – Threats assessment...................................................................4 3

Summary..............................................................................................................................4 3

Money laundering................................................................................................................4 5

External exposure: Money laundering of proceeds of foreign crimes ................................4 6

Domestic exposure: Money laundering of proceeds of domestic crimes ...........................57

Terrorism and terrorist financing.........................................................................................74

Terrorism threats .................................................................................................................75

Terrorist financing threats ...................................................................................................78

5.2.

5.2.1.

5.2.2.

5.3.

5.3.1.

5.3.2.

6 .

I nherent risk – V ulnerabilities ..........................................................................8 1

6.1.

Summary of findings ............................................................................................................81

1

Luxembourg National Risk Assessment

6.2.

Detailed assessment by sector.............................................................................................83

6.2.1.

6.2.2.

6.2.3.

6.2.4 .

6.2.5.

6.2.6.

6.2.7.

6.3.

CSSF supervised sectors.......................................................................................................84

CAA supervised sectors........................................................................................................99

Legal professions, chartered accountants, auditors, accountants and tax advisors .........106

Gambling............................................................................................................................116

Real estate..........................................................................................................................118

Dealers in goods.................................................................................................................119

Freeport operators.............................................................................................................120

Legal entities and arrangements .......................................................................................122

Legal entities......................................................................................................................123

Legal arrangements............................................................................................................129

Cross cutting vulnerabilities...............................................................................................131

Trust & corporate service providers (TCSPs) .....................................................................131

Cash....................................................................................................................................14 2

Virtual assets......................................................................................................................14 5

6.3.1.

6.3.2.

6.4 .

6.4 .1.

6.4 .2.

6.4 .3.

7 .

7.1.

7.2.

Mitigating factors........................................................................................... 1 4 8

Overview of mitigating factors...........................................................................................14 9

Criminalisation of predicate offences and ML/TF..............................................................157

8 .

8.1.

E merging risks, evolving risks and challenges ................................................. 1 6 4

Emerging and evolving vulnerabilities ...............................................................................164

Virtual assets (VAs) and virtual assets service providers (VASPs)......................................164

Use of new payment methods...........................................................................................165

Brexit: Entities moving from UK to Luxembourg ...............................................................166

Emerging and evolving threats ..........................................................................................167

Cybercrime.........................................................................................................................167

Online extortion.................................................................................................................167

Developments regarding mitigating factors ......................................................................167

8.1.1.

8.1.2.

8.1.3.

8.2.

8.2.1.

8.2.2.

8.3.

9 .

R esidual risk assessment................................................................................ 1 6 9

N ational A ML/CFT Strategy ............................................................................ 1 7 0

1 0 .

A ppendix A .

Methodology.................................................................................... 1 7 2

A.1.

A.2.

A.3.

A.4 .

Sectors and sub-sectors – vulnerabilities assessment.......................................................172

Threats methodology.........................................................................................................174

Vulnerabilities methodology..............................................................................................176

Mitigating factors and residual risk approach ...................................................................178

A ppendix ꢀ .

List of figures and tables ................................................................... 1 8 0

B.1.

B.2.

List of figures......................................................................................................................180

List of tables.......................................................................................................................181

2

Luxembourg National Risk Assessment

B.3.

List of case studies .............................................................................................................183

A ppendix C.

D efinitions and ꢁ lossary ................................................................... 1 8 4

C.1.

C.2.

Glossary of laws .................................................................................................................184

Glossary of key terms and definitions................................................................................190

3

Luxembourg National Risk Assessment

EXECUTIVE SUMMARY

1.

E X E CU TI V E SU MMA R Y

Money laundering (ML) and terrorist financing (TF) are threats to global security as well as to the

integrity of financial systems. The UNODC, IMF and W orld Bank estimate that laundered proceeds of

crime account for 2–5%¹of global GDP and support several criminal activities. It is estimated that less

than 1% of laundered proceeds globally are seized^2,3. In Europe, it is estimated that only around 2.2%

of laundered proceeds are provisionally seized or frozen, and around 1.1% are finally confiscated⁴.

Luxembourg has long been committed to fighting ML/TF activities and ensuring that the risks arising

from and within its j urisdiction are mitigated. For this purpose, it committed itself to developing a

deeper understanding of its specific threats and vulnerabilities through the delivery of a national-level

risk assessment (NRA) in 2018, in the face of growing and evolving ML/TF risks and in line with FATF’ s

recommendations. This report constitutes the latest update of the NRA. It encompasses the latest

understanding of Luxembourg’ s threats, vulnerabilities and the mitigating factors it has taken to

reduce the ML/TF risks it faces, including since 2018. Luxembourg intends to use this risk assessment

to further advance its risk-based approach to supervision.

I n line with a risk-based approach, special consideration is paid to the risks arising from

Luxembourg’ s role as a global financial centre. This role is particularly important in Luxembourg’ s

case, given that the financial sector is the country’ s largest economic sector (with ~50 900 employees⁵

and representing 23% of GDP⁶) with many foreign institutions, foreign-owned assets, and a leading

centre for a variety of international financial services businesses in the Eurozone.

1.1. Approach and methodology

The 2 0 2 0 N R A was led by the E xecutive Secretariat of the National ML/TF Prevention Committee

(N PC), with the input of a wide set of national stakeholders. The exercise was conducted in the first

semester 2020⁷, and compiles an overview of Luxembourg’ s current situation as of year-end 2019,

using a structured and data-driven approach based on international guidance (e.g. FATF’ s guidance,

the EU’ s anti-money laundering directives, ESA guidance) and peer practices, and considering

Luxembourg specificities where needed.

Throughout the exercise, inputs were collated via a combination of desk-level research, data

collection and discussions with the relevant stakeholders for expert input. The research and data

collection were conducted across public/private data sources both at the international and national

levels. Several different stakeholders, were engaged, consulted and actively involved, as required, to

provide input to arrive at an appropriate understanding of risks, including:

•

Ministries

Ministꢀ re de la ꢁ ustice (Moꢁ )

–

¹See for example: UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed

C rimes, 2011.

²UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011.

³The UNODC estimates that of the ꢂ 2.2 trillion in criminal proceeds in 2009, around ꢂ 1.6 trillion were laundered.

⁴See for instance, EUROPOL, ꢄ oes crime still pay ? – C riminal asset recov ery in th e EU , 2016.

⁵STATEC, Emploi salarié inté rieur par branche dꢃ activité - donné es dé saisonnalisé es 1995 – 2019 (4^etrimestre 2019).

⁶STATEC, Valeur ajouté e brute aux prix de base par branche (NaceR2) (prix courants) (en millions EUR) 1995 – 2019.

7

Luxembourg’ s AML/CFT framework is considered as of year-end 2019, and as such all AML/CFT-related data, legislation,

procedures etc. are assessed as of year-end 2019. Nonetheless, some non-AML/CFT-specific data points from first half 2020

are included in this report, as well as some references to draft laws and regulations underway in first half 2020, since this

information was available at time of NRA finalisation.

4

Luxembourg National Risk Assessment

EXECUTIVE SUMMARY

–

Ministꢀ re des Finances (MoF)

Ministꢀ re des Affaires é trangꢀ res et europé ennes (MAEE)

•

Supervisory authorities

–

Commission de Surveillance du Secteur Financier (CSSF)

Commissariat aux Assurances (CAA)

Administration de l’ Enregistrement et des Domaines et de la TVA (AED)

Self-regulated bodies (SRBs)

–

Ordre des Experts-Comptables (OEC)

Institut des Ré viseurs dꢃ Entreprises (IRE)

Chambre des Notaires (CdN)

Ordre des Avocats de Luxembourg (OAL)

Ordre des Avocats de Diekirch (OAD)

Chambre des ꢄ uissiers (Cdꢄ )

•

Investigative authorities

–

Cabinets d’ instruction de Luxembourg et de Diekirch

Service de police judiciaire (SPꢁ )

Prosecution authorities

–

Parquet gé né ral

–

Parquets prꢀ s les tribunaux d’ arrondissement de Luxembourg et de Diekirch

•

FIU

–

Cellule de renseignement financier (CRF)

Customs

Administration des douanes et accises (ADA)

–

ML/TF NPC meetings held throughout this period helped to review and refine the outcomes of the

exercise. The NRA is estimated to have had contributions of more than 15 different agencies, more

than 50 specific contributors, 100-plus bilateral discussions, and thousands of data-points and peer

practice examples; the report shown here reflects the joint effort across all involved.

I n line with FA TF’ s definitions, and as per the first N R A ⁸, the assessment first understands the level

of inherent ML/TF risks in Luxembourg, as a factor of threats⁹and vulnerabilities^{1 0}. Inherent risks

stem from Luxembourg’ s economy, openness, and other structural factors, including its role as a large

financial centre. It reflects in part the economic model that has made Luxembourg an attractive

country for legitimate businesses. The NRA then assesses the effectiveness of mitigating factors in

place, to determine residual risks (i.e. after mitigating factors were considered)¹¹. The final step is to

8

Some methodological refinements were taken to better the assessment since 2018, as described in the methodology

section of the report.

9

A threat is a ꢅ person or group of people, object or activity with the potential to cause harm to, for example, the state,

society, the economy, etc.” , ꢂAꢅ ꢂ G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February

2013.

¹⁰Vulnerabilities are ꢅ those things that can be exploited by the threat or that may support or facilitate its activities” , ꢂ Aꢅ ꢂ

G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February 2013.

¹¹A classification of risk ranging from ꢅ very low” to ꢅ very high” is used, reflecting commonly used practices. These ratings

should be understood as an assessment of relative risk within Luxembourg. That is, a sector with a ꢅ very high” risk is

considered more likely to be abused or misused for ML/TF than one with ꢅ medium” risk, within Luxembourg.

5

Luxembourg National Risk Assessment

EXECUTIVE SUMMARY

determine the strategic implications for improving the AML/CFT regime in place, by prioritising

strategic actions and resource allocations.

1.2. Assessment of inherent risks – threats and

vulnerabilities

Luxembourg’ s threats primarily derive from money laundering of foreign proceeds of crime. The

domestic exposure to money laundering (i.e. proceeds from predicate offences perpetrated in

Luxembourg available to be laundered) is significantly smaller. The threats of terrorism and terrorist

financing are assessed as moderate overall.

The table below summarises Luxembourg’ s exposure to ML/TF threats, at the level of predicate

offences.

Table 1: ML / TF threats^{1 2}assessment (at predicate offence level)

D esignated predicate offence

E xternal

exposure

D omestic

exposure

O verall threat

level^{1 3}

Money laundering (average ML threat)

Fraud and forgery

V ery high

H igh

Medium

H igh

V ery high

H igh

Tax crimes

Medium

Low

Corruption and bribery

Drug trafficking

Participation in an organised criminal group & racketeering

Sexual exploitation, including sexual exploitation of children

Cybercrime

H igh

Counterfeiting and piracy of products

Smuggling

H igh

Low

H igh

Robbery or theft

Medium

Low

H igh

Medium

Low

Trafficking in human beings and migrant smuggling

Illicit arms trafficking

Medium

Low

Insider trading and market manipulation

Illicit trafficking in stolen and other goods

Extortion

Low

Medium

Low

Environmental crimes

Low

Murder, grievous bodily injury

K idnapping, illegal restraint, and hostage taking

Counterfeiting currency

Low

V ery Low

Low

Piracy

Low

¹²The assessment depicted in this table is based on a mix of research and data available, expert judgement, bilateral meetings

and a workshop group discussion with judicial authorities. Exposure to predicate offences constituting the threats was

broadly assessed along a set of criteria, namely the probability of the crime occurring, proceeds of the crime if occurring

(including size and form of proceeds, and complexity/expertise of ML and geography, where available), and the human, social

and reputational impact (the latter for domestic exposure only).

¹³FATF, ꢅ h e ꢊ orld ꢋ ank Risk Assessment ꢈ eth odoloꢀ y , 2017.

6

Luxembourg National Risk Assessment

EXECUTIVE SUMMARY

D esignated predicate offence

E xternal

exposure

D omestic

exposure

O verall threat

level^{1 3}

Terrorism and terrorist financing

Medium

Luxembourg’ s threats primarily derive from money laundering of foreign proceeds of crime (i.e.

proceeds from predicate offences perpetrated outside of Luxembourg). The magnitude, diversity and

openness of financial flows transiting through and managed in Luxembourg contribute to exposure.

Indeed, a significant share of requests for mutual legal assistance (MLA) by foreign countries, asset

seizures executed in Luxembourg and suspicious transaction reports filed to the country’ s financial

intelligence unit (FIU), relate to possible offences committed abroad. Across all crimes, the

prosecution authorities report having received a total of 1 701 MLA requests on aggregate in the past

three years of 2017–19, of which 362 are related to self-laundered (SL) ML¹⁴. Data from Luxembourg

prosecution authorities show seizures following MLA requests across all crimes in the past three years

(2017–2019) of ~€311.5 million, compared to ~€92.1 million for domestic cases.¹⁵Luxembourg’ s FIU

and law enforcement agencies have frequent and ongoing cooperation with their foreign

counterparts, in particular within the European Union. Most of these foreign offences and proceeds

are believed to stem from offences related to fraud and forgery, tax crimes, corruption and bribery

and drug trafficking. In fact, these four crimes represent over 70% of estimated criminal proceeds

generated globally¹⁶, ~4 5% of seizures following MLA in 2017–2019¹⁷, and 57% of MLA received in

2017–2019¹⁸. This is also in line with expert assessment from the country’ s authorities.

The domestic exposure to money laundering (i.e. proceeds from predicate offences perpetrated in

Luxembourg available to be laundered) is significantly smaller. This is due to Luxembourg’ s low crime

rate and limited presence of organised crime. The Organised Crime Portfolio¹⁹estimates that the

aggregate revenue across a set of illicit markets (i.e. drug trafficking, fraud, counterfeiting, theft) in

Luxembourg is ~€161 million (~0.4 % of GDP), which is close to half the estimate for the EU as a whole

(~0.9% of GDP on average). Nonetheless, the country’ s wealth, economy and central location increase

the threat level for certain types of crime, in particular: fraud and forgery, drug trafficking (though

mostly street level crime) and robberies or theft.

The CO V I D -1 9 crisis has led to unprecedented global challenges and economic disruption. Since the

emergence of the virus in December 2019 to the time of writing (ꢁ uly 2020) at least half of the world’ s

population has been impacted by some form of lockdown²⁰. In Luxembourg, restrictions were

implemented on 12 March 2020²¹. As many economies face significant downturn, financial flows are

likely to diminish (indeed, Luxembourg’ s national statistics bureau has stated it will downgrade short-

term prospects for the country)²². ꢄ owever, experience from past crises suggests that in many cases

illicit finance will continue, and new techniques and channels of laundering money are likely to

¹⁴Parquet Gé né ral Statistical Service, data received in March 2020; it is estimated that most ML MLA requests are SL-related,

however there are also MLA requests that arise from third-party or standalone ML.

¹⁵Parquet Gé né ral Statistical Service, data received in March 2020.

16

UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

¹⁷Parquet Gé né ral Statistical Service, data received in April 2020.

18

Parquet Gé né ral Statistical Service, data received in ꢁ uly 2018; note that besides requests for LAR received by the

prosecution authorities, other Luxembourg authorities (e.g. CRF, Asset Recovery Office, Police) also receive other ꢅ foreign

requests” for cooperation and/or information sharing.

¹⁹Organised Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe, 2015

(link).

²⁰See, for instance Euronews (link), Business Insider (link).

²¹See gouvernement.lu for further details (link).

²²STATEC, C oronav irus th reat becomes a reality , 2020.

7

Luxembourg National Risk Assessment

EXECUTIVE SUMMARY

emerge²³. In particular, cybercrime and the risks associated with cyber security have increased since

the outbreak of the pandemic and the imposition of lockdown measures driving demand for

communication, information and supplies through online channels. Fraud and forgery have also been

noted by both domestic and international bodies as a growing threat in the context of the pandemic²⁴.

The primary fraudulent activities have included: the adaptation of existing telephone or email scams;

supply chain fraud, specifically in relation to personal protective equipment (PPE) and other

healthcare products; and fraudulent investment scams²⁵. A more detailed assessment is provided in

the COVID-19 section of the NRA.

The threats of terrorism and terrorist financing are assessed as moderate overall; they are closely

connected though terrorist financing is a more likely threat to Luxembourg given its financial centre.

Despite no terrorism events in the past and no known terrorist groups in Luxembourg, in view of

recent terrorism events in neighbouring countries, Luxembourg raised its level of terrorism threat to

2 (on a scale of 4 ) in 2015, and has kept it there since²⁶.

V ulnerabilities arise from sectors that may be exposed to misuse or abuse for ML/TF purposes. The

table below summarises the inherent risks by sector in Luxembourg (i.e. before any mitigating factors

are applied).

Table 2: I nherent risk assessment (at sector-level)

Category

Sector^{4 2}

I nherent risk level R esidual risk level

Financial sector

Banks

ꢄ igh

Medium

Low

Investment sector

Insurance

Medium

ꢄ igh

MVTS

Medium

Low

Specialised PFSs

ꢄ igh

Market operators

Support PFSs & other specialised PFSs

Legal professions, chartered accountants,

auditors, accountants and tax advisors

Gambling

Low

Very Low

Medium

N on-financial sector

ꢄ igh

Low

ꢄ igh

Low

ꢄ igh

Real estate

Dealers in goods

Medium

ꢄ igh

Medium

ꢄ igh

Freeport operators

Legal entities and arrangements

ꢄ igh

FA TF has set out a range of mitigating actions and A ML/CFT responses to the evolving risks impacted

by CO V I D -1 9 ^{4 3}Those most important for Luxembourg include (but are not limited to): coordinate

domestically and continue to cooperate internationally to assess the ongoing impact of COVID-19 on

AML/CFT risks; strengthen communication and monitoring of the private sector by engaging on the

application of their AML/CFT measures; and continue to encourage a risk-based approach to customer

due diligence (CDD) to address practical issues. In addition, supervised entities should continue to

^{4 2}At the time of writing the NRA, the Ministry of ꢁ ustice is in the process of conducting a vertical risk assessment on VASPs.

These entities became obliged entities only in 2020, with CSSF designated as competent authority for their AML/CFT

supervision, and therefore they are not included in the table.

^{4 3}FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

13

Luxembourg National Risk Assessment

EXECUTIVE SUMMARY

strengthen their understanding of the developing risks by engaging directly with authorities and

reading relevant publications^{4 4}. It is noted that as the COVID-19 pandemic continues to evolve,

additional ML/TF threats and vulnerabilities may emerge – the mitigating actions described above

serve also to prepare the country for these dynamic risks.

1.4. Looking ahead

Looking ahead, Luxembourg has designed a comprehensive A ML/CFT strategy, with the aim of

increasing awareness of, compliance and effectiveness with A ML/CFT controls across the country.

W hile Luxembourg’ s national AML/CFT framework is already mitigating effectively a significant part

of the ML/TF risks the country is exposed to, it can be further strengthened to increase effectiveness.

The NPC has therefore developed a national AML/CFT strategy, based on the findings of the National

Risk Assessment. The national AML/CFT strategy is defined at three levels:

•

Aꢀ ency -lev el action plans: Each relevant agency has developed its own action plan to further

mitigate the ML/TF risks that its regulated sector is exposed to;

ꢇ ational action plan: W e aggregated and articulated these individual action plans into a

comprehensive, national plan; and

ꢇ ational strateꢀ ic priorities: The NPC identified four areas of particular strategic relevance to focus

on; those are the areas that the NPC has identified as likely to have the greatest impact on further

enhancing the effectiveness of the national AML/CFT framework.

The following paragraphs outline the main strategic priorities while the following sections detail the

national and agency-level action plans.

Further enhancing the prosecution of ML/TF: The NPC will establishing a working group consisting of

the Moꢁ , the general state prosecutor and state prosecutors to identify opportunities to further

enhance Luxembourg’ s approach to prosecuting ML/TF. Specifically, we will redefine how the findings

of NRA should feed into the prosecution policy for ML/TF, assess the opportunity to establish two

largely autonomous economic and financial crime sections at the public prosecutor’ s offices in

Luxembourg and Diekirch to deal with these crimes, and increase the level of staffing and expertise.

Further developing the ML/TF investigation capabilities: A working group, consisting of Moꢁ , MSI,

investigative offices and judicial police, will propose an approach to further increase the specialisation

of investigative judges and judicial police officers for the investigation of economic and financial crime.

This may involve setting up separate teams or sections within the investigative offices and judicial

police that are dedicated to these crimes. The working group will also define a recruitment and

development strategy for these teams to source and train employees with the skill-sets required to

investigate complex ML/TF cases.

H armonising the supervision of D N Fꢀ Ps: A dedicated working group consisting of Moꢁ and MoF will

review the options to harmonise and/or centralise the supervisory model for DNFBPs and propose a

new model, with the view to increase the independence of supervision of DNFBPs and further

harmonise the supervisory practices across professions. I mproving market entry controls of TCSPs: A

working group of Moꢁ , MoF, MoE and SRBs will make a proposal to define a harmonised authorisation

process across TCSP activities and sectors and review the fit and proper requirements.

^{4 4}At the time of writing (ꢁ uly 2020), COVID-related guidance has been published and/or distributed by a number of relevant

bodies, including but not limited to: FATF; EBA; CRF; EUROPOL; INTERPOL; CSSF; CAA; and AED.

14

Luxembourg National Risk Assessment

Introduction

2.

I N TR O D U CTI O N

2.1. Purpose and objective of the NRA exercise

Money laundering (ML) and terrorist financing (TF) are threats to global security as well as to the

integrity of financial systems. The UNODC, IMF and W orld Bank estimate that laundered proceeds of

crime account for 2-5%^{4 5}of global GDP and support several criminal activities. The UNODC estimates

that less than 1% of laundered proceeds globally are seized^{4 6}. In Europe, it is estimated that around

2.2% of laundered proceeds are provisionally seized or frozen, and around 1.1% are finally

confiscated^{4 7}. Terrorist financing – which involves the raising and processing of assets to supply

terrorists with resources to pursue their activities – is another threat across many countries globally.

Luxembourg has long been committed to fighting ML/TF crimes and ensuring that the threats arising

from and within its jurisdiction are mitigated. For this purpose, it committed to developing a deeper

understanding of its specific threats and vulnerabilities through the delivery of a national-level risk

assessment (NRA) in 2018.

As per FATF recommendation 1, countries should identify, assess and understand money

laundering/terrorist financing (ML/TF) risks through a national risk assessment (NRA)^{4 8}.The NRA

exercise is ꢅ an essential part of the implementation and development of a national AML/CFT regime,

which includes laws, regulation, enforcement and other measures to mitigate ML/TF risks” ^{4 9}. It seeks

to assess inherent ML/TF risks in a country and the effectiveness of the supervisory regime on reducing

these risks.

This report encompasses the latest understanding of Luxembourg’ s threats, vulnerabilities, and the

mitigating factors it has taken, including those developed since 2018, to reduce its ML/TF risks.

Luxembourg intends to use this risk assessment to further advance its risk-based approach to

supervision, and reduce crime across the economy. The assessment should provide adequate

guidance to public-sector institutions and private-sector entities, enable prioritisation and allocation

of resources in line with risks identified and better equip Luxembourg to engage with international

institutions in combating ML/TF activities. Furthermore, the purpose of this assessment is also to use

the results to inform the national strategy on mitigation of ML/TF risks, addressing any deficiencies in

an appropriate and timely manner.

The structure of this report closely follows the process undertaken to conduct the NRA. The

introductory section is complemented with an overview of Luxembourg and of stakeholders

participating in the exercise. Section 3 describes the methodology applied to the exercise, Sections 4

and 5 provide the outcomes of the inherent risk assessment across threat and vulnerabilities (sectors

and sub-sectors) respectively. Section 6 details the findings of the mitigating factors review and its

impact on current residual risks, Section 7 summarises the residual risks assessment, and Section 8

outlines the emerging and evolving risks for Luxembourg. A brief overview of the EU SNRA against

Luxembourg’ s NRA in section 9, and a collection of appendices at the end of the report, document

additional material that supported the exercise.

4 5

UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢂ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes 2011

(link).

4 6

UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢂ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes 2011

(link); Of the ꢂ 2.2 trillion in criminal proceeds in 2009, around ꢂ 1.6 trillion were laundered.

^{4 7}Europol, ꢄ oes crime still pay ? – C riminal asset recov ery in th e EU , 2016 (link).

^{4 8}FATF, G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February 2013 (link).

^{4 9}FATF, G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February 2013 (link).

15

Luxembourg National Risk Assessment

Introduction

2.2. Luxembourg’ s demographic, economic, legal and

political landscape

The Grand-Duchy of Luxembourg (or ꢅ Luxembourg” ) is a small, landlocked country in W estern Europe

bordered by Belgium, France, and Germany. W ith an area of 2 586 km², it is one of the smallest

sovereign states in Europe.

Figure 1: Luxembourgꢃ s location and geography

L u x e m b o u r g

G e r m a n y

B e l g i u m

F r a n c e

W ith its total population of 613 900 in ꢁ anuary 2019⁵⁰, Luxembourg is one of the least populous

countries in Europe, but also the one with the highest population growth rate, averaging close to 20%

in 2018⁵¹. The country is relatively densely habited with close to 230 people per km². About 4 7.5% of

Luxembourg’ s population are non-nationals, mostly from Portugal (95 500), France (4 6 900), Italy

(22 500), Belgium (20 000) and Germany (13 000)⁵². Moreover, 4 4 % of Luxembourg’ s workforce are

non-residents living in France, Germany or Belgium and commuting to Luxembourg for work (206 000

out of a total workforce of 4 65 000 in 2019)⁵³. The unemployment rate is low, at 5.5% in ꢁ anuary

2020⁵⁴. French, German and Luxembourgish are the three official languages. English is used in certain

professional environments, notably in banking and finance.

Luxembourg has been a sovereign and independent state since the Treaty of London was signed on

19 April 1839. Luxembourg is a founding member of the European Union, OECD, United Nations,

NATO, UNESCO, the W orld Trade Organisation, and Benelux Union, reflecting its political consensus in

favour of economic, political, and military integration. Luxembourg has always been committed to

⁵⁰STATEC, Population by sex and nationality on 1st ꢏanuary ꢐx 1 000) 1981, 1991, ꢌ001 – ꢌ019.

⁵¹Eurostat, C rude rates oꢃ population ch anꢀ es, 2016-18.

⁵²STATEC, P opulation by sex and nationality on 1st ꢏ anuary ꢐ x 1 000) 19 8 1, 19 9 1, ꢌ 001 – ꢌ019.

53

STATEC, ꢉabour market overview ꢐin 1 000 persons) ꢌ000 - ꢌ019; excludes Luxembourg residents working abroad, civil

servants and agents of international institutions.

⁵⁴STATEC, Employ ment, unemploy ment and unemploy ment rate per month ꢐ seasonally adꢑ usted) 19 9 5 – ꢌ0ꢌ0.

16

Luxembourg National Risk Assessment

Introduction

multilateralism and international cooperation and sees itself as a defender of international

agreements and treaties.

Luxembourg City is one of the three ꢅ capitals” of the European Union, along with Brussels and

Strasbourg. Luxembourg City is home to a number of European institutions, including several

departments of the European Commission, the European Court of Auditors, the Court of ꢁ ustice of the

European Union, the European Investment Bank (EIB), the European Investment Fund (EIF), the

European Parliamentꢃ s Secretariat, the European Financial Stability Facility (EFSF), and the European

Financial Stabilisation Mechanism (EFSM). The European Public Prosecutor’ s Office (EPPO) is expected

to be operational at the end of 2020 and will have its central office in Luxembourg.⁵⁵.

2 .2 .1 . Luxembourg’ s economy and demographics

Luxembourg’ s economy is open, dynamic and fast growing with a GDP at market prices of €63.5 billion,

thus contributing to about 0.39% of total EU GDP in 2019^5ꢀ.

Luxembourg has been among the faster-growing economies in the EU with a compounded rate of

growth of 2.1% in 2008–2019, compared with 1% for the EU^5ꢁ. Year-on-year (YoY) growth since 2015

has been broadly positive, above YoY growth of EU countries; negative growth was experienced only

in three years since 2008, reflecting the recessionary period following the financial crisis as in other

European countries.

Table 4: E U 2 8 vs. Luxembourg R eal ꢁ D P growth (change vs. base year), 2 0 0 8 - 2 0 1 9

2008

0.5

2009

-4 .3

-4 .4

2010

2.2

2011

1.8

2012

-0.4

2013

0.3

2014

1.7

2015

2.3

2016

2

2017 2018

2019 0 8 -1 9

EU28

2.6

1.8

2

1.5

2.3

1 .0

2 .1

Luxembourg

-1.3

4 .9

2.5

3.7

4 .3

4 .6

3.1

Luxembourg had the highest real GDP per capita among the EU member states in 2019, with ~€83 64 0

versus an EU average of about €28 650^5ꢂ. It should be noted part of this is linked to the high share of

non-residents in the domestic workforce (contributing to GDP, but not included in total domestic

population figures in GDP per capita)^5ꢃ.

For most of the 20^thcentury, the steel industry and agriculture were the dominant industries in

Luxembourg. The production of raw steel rose from about 14 5 000 tons in 1900 to 2.4 5 million tons

in 1950 to 6.4 5 million tons in 1974 , with steel representing around 30% of the total value added of

the Luxembourg economy and around 16% of the total workforce (with 25 000 people)^ꢀ0. From the

end of the 1950s, industrial diversification policies and efforts to promote Luxembourg abroad

(particularly in the United States) intensified. This was largely the result of the first and second oil

crises between 1973 and 1979, which had a significant impact on the Luxembourg economy, in

particular the steel industry.^ꢀ1The Luxembourg government promoted a policy revolving around three

⁵⁵European Commission, European Public Prosecutorꢃ s Office.

⁵⁶Eurostat, G ꢄ P at mark et prices, 2008-19.

⁵⁷Eurostat, Real G ꢄ P ꢀ row th rate – v olume, P ercentaꢀ e ch anꢀ e on prev ious y ear, 2008-19.

⁵⁸Eurostat, Real G ꢄ P per capita, 2000-19.

⁵⁹Eurostat, P ress Announcement, 14 December 2017; In terms of Gross National Income ꢅ GNI” per capita (ꢂ , 2017 in PPP, as

reported by the W orld Bank), Luxembourg also has the highest GNI per capita in the EU with ꢂ 72 64 0 vs an EU average of

~ꢂ39 000 in 2017 (link).

⁶⁰P. ꢇ ahlen, ꢅ h e ꢉ ux embourꢀ economy . An ev entꢃ ul h istory (link).

⁶¹P. ꢇ ahlen, ꢅ h e ꢉ ux embourꢀ economy . An ev entꢃ ul h istory (link).

17

Luxembourg National Risk Assessment

Introduction

main concepts in the 1960s: a) construction of European and economic cooperation; b) voluntary

policy of economic diversification through the implementation of measures to encourage investment;

and c) development of an international financial centre. The transformation from an industrial

economy dominated by the iron and steel industry to a service economy dominated by financial

services was almost accomplished by the mid-1970s.

Today Luxembourg is a leading financial centre^ꢀ2. As of the fourth quarter 2019, the financial and

insurance sector is Luxembourg’ s largest economic sector with ~50 873 employees^ꢀ3and 25.2% of

GDP^ꢀ4. As of February 2020, 128 banks were established in Luxembourg; 24 are German, 14 French,

14 Chinese and 13 Swiss^ꢀ5. Luxembourg’ s banking sector today is very large, with banking assets of

~€84 5 billion, representing ~1 4 00% of GDP^ꢀꢀ. Moreover, Luxembourg is the leading centre in Europe

for investment funds (with ~€4 .719 billion net assets under management in Luxembourg funds as of

December 2019^ꢀꢁ), the leading centre for private banking in the Eurozone, and the domicile of choice

for reinsurance companies.^ꢀꢂThe banks located in Luxembourg specialise in private banking (wealth

management for private clients), the functions of custodian bank for investment funds and fund

administration, and in the distribution of shares in investment funds. The activities of the financial

centre are also diversifying into the fields of microfinance, philanthropy and Islamic finance.

Luxembourg for Finance (LFF) is the countryꢃ s agency for the development and promotion of the

financial centre^ꢀꢃ.

Besides financial services, Luxembourg has also significantly developed other industries including

transport, trade, tourism, telecommunications, e-commerce, broadcasting and business services.^ꢁ0

Successive Luxembourg governments have pursued pro-active economic development policy, making

it possible for Luxembourg to become an international financial centre and establishing itself as a

prime business location. For instance:

•

I nformation & Communication Technologies (I CT)⁷¹: Luxembourg is a prime business location for

companies from the sector of new technologies and e-commerce, such as Amazon.com, eBay,

Skype, Vodafone and PayPal. Luxembourg also hosts SES, created in 1985 in the Luxembourg, the

worldꢃ s leading provider of broadcast and communication services with a fleet of over 50

satellites.

•

Logistics⁷²: The country has the sixth largest airfreight platform in Europe, a freeport, significant

rail freight, a multimodal terminal in Bettembourg, a logistics park and a high number of lorry

drivers passing through the country each day.

E co-industry: The Luxembourg hosts about 200 eco-industries working in the fields of renewable

sources of energy, waste management, water and eco-construction. They are supported in their

⁶²See for instance: ꢇ /Yen, Global Financial Centres Index 23, March 2018 (link).

⁶³STATEC, Domestic payroll employment by activity - seasonally adjusted data 1995 - 2019 (fourth quarter 2019).

⁶⁴STATEC, Valeur ajouté e brute aux prix de base par branche (NaceR2) (prix courants) (en millions EUR) 1995 – 2019.

65

Banque Centrale du Luxembourg, ꢇ ombre et oriꢀ ine ꢀ éoꢀ raph ique des établissements de crédit établis au ꢉ ux embourꢀ

(link).

⁶⁶Banque Centrale du Luxembourg, Statistiques : Etablissements de crédit ; „tableau 11.01“ and „tableau 11.05“ as of ꢁ anuary

2020 (link).

⁶⁷ALFI and CSSF, Net assets under management in Luxembourg funds, December 2019 (link).

⁶⁸The Official portal of the Grand-Duchy of Luxembourg, ꢅ h e Economy (link).

⁶⁹Luxembourg for Finance website (link).

⁷⁰The Official portal of the Grand-Duchy of Luxembourg, Economic ꢄ iv ersiꢃ ication (link).

⁷¹The Official portal of the Grand-Duchy of Luxembourg, ꢁ C ꢅ (link).

⁷²Luxembourg Trade & Invest, ꢉ oꢀ istics H ub ꢉ ux embourꢀ , 2017 (link).

18

Luxembourg National Risk Assessment

Introduction

work by 28 public-sector agencies and six research institutes. The Luxembourg Eco-innovation

Cluster oversees the whole sector.

The table below provides an overview of the evolution of the Luxembourg economy between 1995

and 2017⁷³. W hile the economy has significantly grown over those 22 years, the composition of many

sectors has remained relatively constant (e.g. financial services and insurance have always contributed

~25% of gross value added). Science and technology, as well as ICT, have experienced significant

growth in both absolute and relative terms since 1995. At the same time, industry/manufacturing has

declined in importance.

Table 5: E volution of Luxembourg economy composition (ꢁ ross value added per industry), 1 9 9 5 –

2 0 1 7

1 9 9 5

24 %

10%

4 %

2 0 1 0

28%

11%

7%

8%

6%

5%

6%

5%

4 %

3%

2%

4 %

2 0 1 7

27%

10%

9%

7%

6%

4 %

2%

4 %

Financial services and insurance

Commerce (incl. reparation of cars and motorcycles)

Science and technology

Real estate

10%

4 %

Information Technology & Communication (ICT)

ꢄ ealth and social welfare

General government

4 %

6%

Industry/Manufacturing

Construction

13%

6%

Transport and logistics

5%

Education

4 %

Administration services and support

ꢄ otels and restaurants

2%

3%

Other sectors

5%

Total gross added value (€ billions)

1 4 2 7 0 (1 0 0 % ) 3 6 1 3 7 (1 0 0 % ) 5 0 2 7 6 (1 0 0 % )

2 .2 .2 . Luxembourg’ s political and legal system

Luxembourg is a parliamentary democracy in the form of a constitutional monarchy, with hereditary

succession in the Nassau-W eilbourg family^ꢁ4; it is the only ꢅ Grand-Duchy” in the world. Together with

the government^ꢁ5, the Grand-Duke forms the executive branch in accordance with the Constitution.

The Grand-Duke formally appoints a “ꢃ ormateur” to form a government that is supported by the

parliamentary majority. The government has overall power to manage public affairs and enjoys the

right to propose legislation (government bills^ꢁꢀ), and manages the stateꢃ s income and expenditure

budget. The government is based in the city of Luxembourg.

⁷³Luxembourg Trade & Invest, ꢉ oꢀ istics H ub ꢉ ux embourꢀ , 2017 (link).

⁷⁴The Official portal of the Grand-Duchy of Luxembourg, P olitical sy stem (link).

⁷⁵The Official portal of the Grand-Duchy of Luxembourg, G ov ernment (link).

⁷⁶The Official portal of the Grand-Duchy of Luxembourg, P olitical sy stem (link).

19

Luxembourg National Risk Assessment

Introduction

The legislative power rests on the parliament and the Council of State^ꢁꢁ. The parliament (called

Chamber of Deputies) is composed of 60 members and is elected every 5 years by proportional

representation in four multi-seat constituencies (south, north, centre, east)^ꢁꢂ. The main function of

the parliament is to vote on government bills and parliamentary bills; the Constitution also reserves

to the parliament certain powers in financial matters, gives it a right to examine the governmentꢃ s

actions, and requires its consent for international treaties to take effect in the country. The Council of

State is an independent institution, tasked by the constitution to perform as a moderating second

legislative assembly in Luxembourg’ s unicameral system.^ꢁꢃThe Council of State is composed of 21 State

councillors, who are formally appointed and dismissed by the Grand-Duke on proposal by the

government, the parliament or the Council of State. The Council of State acts as a consultative organ in

the legislative procedure, to ensure compliance with the constitution, international conventions and the

rule of law; all bills submitted either by the government or parliament require the opinion of the Council

of State.

According to the constitution, the courts and tribunals are responsible for exercising the judicial

power, and are independent from the legislative and executive powers. Luxembourg’ s legal system

has its roots in the civil law (continental) family. Luxembourg has a constitutional court (ruling on the

constitutionality of laws, excluding those that approve treaties^ꢂ0) and three jurisdictions:

administrative jurisdictions^ꢂ1, social security jurisdictions^ꢂ2and ordinary courts of law^ꢂ3. The

administrative jurisdictions are composed of the administrative court and the administrative tribunal,

and deal with administrative and fiscal disputes (linked to government administrations, ministries,

municipalities and state-owned enterprises).^ꢂ4Social security jurisdictions^ꢂ5deal with cases where

social security claimants take legal action. Ordinary courts of law^ꢂꢀdeal with all other civil, commercial,

social and criminal matters and can be divided into:

•

Superior Court of ꢂ ustice⁸⁷with authority over the whole territory of Luxembourg. The General

State Prosecutor⁸⁸represents the General State Prosecutor’ s Office⁸⁹at the Superior Court of

ꢁ ustice with authority over the whole territory of Luxembourg.

•

ꢂ udiciary tribunals⁹⁰in the Luxembourg and Diekirch Districts. A state prosecutor represents the

prosecution authorities (in each of the 2 ꢅ P arquets dꢒ Arrondissement” )

Peace tribunals⁹¹in Luxembourg, Diekirch and Esch-sur-Alzette

⁷⁷The Official portal of the Grand-Duchy of Luxembourg, P olitical sy stem (link).

⁷⁸The Official portal of the Grand-Duchy of Luxembourg, C h amber oꢃ ꢄ eputies (link).

⁷⁹The Official portal of the Grand-Duchy of Luxembourg, C ouncil oꢃ State (link).

⁸⁰ꢁ ustice Portal Luxembourg, C our constitutionnelle (link).

⁸¹ꢏ uridictions administrativ es.

⁸²ꢏ uridictions sociales.

⁸³ꢏ uridictions ꢑ udiciaires.

⁸⁴ꢁ ustice Portal Luxembourg, ꢏ uridictions administrativ es (link).

⁸⁵ꢁ ustice Portal Luxembourg, ꢏ uridictions sociales (link).

⁸⁶ꢁ ustice Portal Luxembourg, ꢏ uridictions ꢑ udiciaires (link).

⁸⁷C our supérieure de ꢑ ustice.

⁸⁸P rocureur G énéral dꢒ Etat.

⁸⁹P arquet G énéral.

⁹⁰ꢅ ribunaux dꢒ Arrondissement.

⁹¹ꢏ ustices de P aix .

20

Luxembourg National Risk Assessment

Methodology

3.

ME TH O D O LO ꢁ Y

This National Risk Assessment (NRA) was conducted by the Ministry of ꢁ ustice using a structured and

rigorous approach. The methodology used in the NRA was developed having regard to the

methodologies developed by other jurisdictions, international guidance (e.g. FATF’ s guidance, the EU’ s

anti-money laundering directives, ESA guidance, EU SNRA), the W orld Bank and IMF approaches, and

extensive consultation with public and private sector stakeholders. The approach combines

qualitative and quantitative information and professional expertise.

The NRA exercise takes a national perspective (i.e. it is based on the macro-level analysis described in

the section ꢅ Granularity and scope of the NRA” further below) to contribute to the understanding of

ML/TF risks at a country and sector level. It is intended to be in line with FATF’ s guidance where it

states that ꢅex pectations sh ould also be set as to h ow th e results relate to th e understandinꢀ oꢃ

national-lev el risk s. G enerally , a ꢈ ꢉ ꢍ ꢅ ꢂ risk assessments is intended to h elp a country to identiꢃ y , assess

and ultimately understand th e ꢈ ꢉ ꢍ ꢅ ꢂ risk s it faces”⁹². As such, the assessment focuses mostly on

supervisory authorities, self-regulatory bodies, the financial intelligence unit, law enforcement

agencies and cross-agency committees, where applicable. The methodology also leverages outputs

and insights from meso-level and micro-level analyses for collecting more granular inputs and data

and enhance the macro-level view.

Ahead of describing the approach in detail, the following definitions are introduced:

Table 6: Methodology – K ey definitions

Term

D efinition

Threat

(as per FATF^{9 ꢎ}

Person or group of people, object or activity with the potential to cause harm to, for example, the

state, society and, economy, etc.

)

In the ML/TF context this includes criminals, terrorist groups and their facilitators, their funds, as

well as past, present and future ML or TF activities.

Vulnerability

(as per FATF)

Those things that can be exploited by the threat or that may support or facilitate its activities. May

also include the features of a particular sector, a financial product or type of service that make

them attractive for ML or TF purposes [ ꢇote “v ulnerabilities” are also reꢃ erred as “sectorial” or

“sector” v ulnerabilities interch anꢀ eably th rouꢀ h out th is documentꢆ.

Consequence

(as per FATF)

Impact or harm that ML or TF may cause and includes the effect of the underlying criminal and

terrorist activity on financial systems and institutions, as well as the economy and society more

generally.

Risk (as per FATF)

Inherent risk

Function of three factors: threat, vulnerability and consequence.

Inherent risk is defined as the risk of ML/TF beꢃ ore mitigating actions are applied.

Mitigating factor

All elements in place in terms of legal, judicial, supervisory and institutional framework that

contributes to combat ML/TF (in one or various sectors).

[note mitiꢀ atinꢀ “ꢃ actor” , “measure” , “action” or “ꢃ ramew ork ” are used interch anꢀ eably

th rouꢀ h out document to reꢃ er to th isꢆ.

Residual risk

Residual risk is defined as the level of ML/TF risk aꢃ ter mitigating measures are applied.

⁹²FATF, G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February 2013.

⁹³FATF, G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February 2013.

21

Luxembourg National Risk Assessment

Methodology

3.1. General approach and process

The NRA exercise is conducted in three steps, from the inherent risk assessment, to the analysis of

mitigating factors and residual risk, and finally to the formulation of an updated AML/CFT strategy( as

illustrated in the Figure 2 below).

As a first step, the inherent risk assessment is performed by analysing threats in Luxembourg (i.e.

relative exposure to predicate offences and assessment of threats level to ML/TF), and vulnerabilities

(i.e. sectors’ inherent vulnerability for abuse for ML/TF). As a second step, mitigating factors and their

effects on inherent risk reduction are assessed, resulting in a residual risk level.

Finally, the findings of the inherent risk and the impact of mitigating factors as well as the outcomes

in residual risks are consolidated and jointly assessed to devise the AML/CFT strategy. The strategy is

defined by identifying improvement opportunities of the current set-up that could further increase

the effectiveness of the AML/CFT framework. These opportunities for improvement are identified

through close collaboration with the different agencies, while taking into consideration guidance from

FATF and other institutions and peer practices. K ey actions for further improvement are defined based

on these opportunities. The AML/CFT Strategy is described in a separate section of the NRA.

Figure 2: Three-step approach of the N R A exercise

The NRA exercise involved defining the scope, granularity and approach up front, collating relevant

national and international data and information, reviewing and refining hypotheses developed using

expert opinion, iterating intermediate outputs with the relevant experts, and agreeing final outputs,

outcomes and improvement measures resulting from the assessment.

At all three steps of the NRA exercise, multiple public and private stakeholders were involved. The

table below summarises the stakeholders involved in the exercise, grouped by the different

dimensions of the mitigating factors framework (further explained in a separate sub-section below).

22

Luxembourg National Risk Assessment

Methodology

Table 7: Luxembourg agencies and committees involved in the N R A exercise

D imension

Stakeholders involved

A

N ational strategy &

coordination

• National AML/CFT Prevention Committee (NPC), sub-committees and the

Executive Secretariat

ꢀ

Prevention & supervision • Supervisory authorities:

– Commission de Surveillance du Secteur Financier (CSSF)

– Commissariat aux Assurances (CAA)

– Administration de l’ Enregistrement et des Domaines (AED)

• Self-regulatory bodies (SRBs):

– Ordre des Experts-Comptables (OEC)

– Institut des Ré viseurs dꢃ Entreprises (IRE)

– Chambre des Notaires (CdN)

– Ordre des Avocats de Luxembourg (OAL)

– Ordre des Avocats de Diekirch (OAD)

– Chambre des ꢄ uissiers (Cdꢄ )

• Agencies performing controls on private sector other than supervisory

controls:

– Ministry of ꢁustice (Moꢁ ), Ministry of Finance (MOF), Ministry of State

(MoS), Ministry of Economy (MoE)

– Luxembourg Business Registers (LBR) with regards to the registration

of legal entities

• Administration des douanes et accises (ADA) as customs administration

C

D etection

• Cellule de Renseignement Financier (CRF)

• Tax authorities on an ad hoc basis, including Administration des

Contributions Directes (ACD)

D

I nvestigation and

prosecution

• General State Prosecutor’ s Office (Parquet Gé né ral)

• Prosecution authorities (including Parquet de Luxembourg, Parquet de

Diekirch, Asset Recovery Office)

• Investigative judges

• ꢁ udicial Police, in particular Service de Police ꢁ udiciaire (SPꢁ )

E

I nternational cooperation • Ministries: Ministry of European and Foreign Affairs (MAEE), MoF, Moꢁ

• Monitoring Committee for International Financial Sanctions

For the inherent risk assessment, different stakeholders were engaged for the threat and the

vulnerabilities assessment. For the threat assessment, the analyses were performed together with the

prosecution authorities and the CRF, with additional inputs from other agencies (e.g. the CSSF and the

ACD). The vulnerabilities assessment primarily involved supervisors and self-regulatory bodies as

stakeholders, with additional information collected from other agencies, such as the LBR and the

Fiducies and Trust Register (under AED).

The threat and vulnerabilities assessments followed similar stakeholder engagement processes. First,

standardised data requests were sent to the supervisors, SRBs and prosecution agencies (including

Parquet General, Parquet de Luxembourg and SPꢁ ) to collect relevant data. Bilateral meetings were

held with all stakeholders to collect expert insights on the threat or vulnerability status in Luxembourg,

identify additional data points to be collected and validate hypotheses on the levels of risk. Following

the data and input collection, findings were summarised in an NRA text narrative and scorecards

23

Luxembourg National Risk Assessment

Methodology

(further detailed in sub-sections below) and reviewed by the stakeholders via written communication

and additional bilateral meetings. This process allowed for increasingly granular analyses, with follow-

up communications typically focusing on higher-risk areas.

To understand impact level of mitigating factors, all stakeholders specified in the table above were

involved. Similar to the inherent risk assessments, standardised data requests were sent to

supervisors, SRBs and prosecution agencies, and customised data requests were sent to multiple

stakeholders. Bilateral meetings were used to collect expert insights from stakeholders, identify areas

for further analyses and additional data collection, and validate the outcomes of the analyses. The

NRA text narratives and scorecards were iterated with the appropriate stakeholders to identify specific

areas for further analyses and validate the final versions of them.

For the AML/CFT strategy formulation, bilateral meetings with relevant stakeholders were held to

collect information on the implementation status of the actions from the previous NRA, current and

future planned internal initiatives, and to validate hypotheses for improvement identified during the

mitigating factors and residual risk discussions. The resulting strategy actions for further improving

mitigating factors were summarised and shared via written communication with relevant stakeholders

to finalise their scope and timelines.

Given the complexity and large number of stakeholders in the exercise, progress along the three

components in Figure 2 above was achieved at a differing pace across agencies and topics. As a result,

some authorities were able to complete their assessment ahead of the completion of the exercise and

start implementation of agreed improvement measures in parallel with the NRA process. In this case,

for the purposes of the NRA, the assessment has been updated to reflect the available data as of the

first half of 2020. Similarly, some additional improvement actions identified as needed throughout the

2020 NRA exercise were drafted to be implemented in early 2020. This was deemed adequate and

indeed desired, considering one of the key objectives of the exercise was to put in motion measures

to address deficiencies as soon as feasible.

The four sub-sections below describe the two-step approach of inherent and residual risk analysis,

define the granularity and scope of the NRA, outline the scorecard approach used and describe data

used.

3 .1 .1 . Two-step approach of inherent and residual risk analysis

At a high-level, the approach of this NRA is to assess current ML/TF risks in Luxembourg both before

and after considering the mitigating framework in place. The aim is to leverage these results to refine

the AML/CFT approach across agencies, and to enable prioritisation of resources across the national

supervisors, SRBs, and different prosecution and detection agencies. As introduced in the previous

section, the national risk assessment is based on two key steps, illustrated in Figure 3 below:

1. Assessment of inherent risk from threats and vulnerabilities; and

2. Assessment of residual risk once mitigating measures in place are considered.

24

Luxembourg National Risk Assessment

Methodology

Figure 3: O verview of inherent and residual risk calculation

Step 1 (inherent risk assessment): ML/TF risks are identified and evaluated for threats (i.e. predicate

offences) and vulnerabilities (i.e. sectors most exposed to ML/TF).

Step 2 (mitigating factors and residual risk):

•

Mitigating factors: Understanding of Luxembourg’ s legal, supervisory and law enforcement

framework with regards to AML/CFT. The key components of the current framework (i.e. national

strategy and coordination, prevention, detection, prosecution and international cooperation) are

assessed across four common dimensions: mandate, model, capabilities and results.

Residual risk: Understanding of how (consolidated) mitigating factors in place reduce the inherent

risk computed above (i.e. resultant high-risk areas once mitigating measures in place and their

impact is considered).

The second step enables the identification of improvement opportunities in the current mitigating

factors framework. The improvement opportunities, identified in close collaboration with the

different agencies, are used to define key actions steps which are then consolidated into the AML/CFT

strategy.

3 .1 .2 . ꢁ ranularity and scope of the N R A

Figure 4 (below) illustrates and explains the different levels of granularity of different risk assessment

types and links them to the ꢅ scope” of the NRA exercise.

25

Luxembourg National Risk Assessment

Methodology

Figure 4: D ifferent levels of granularity of risk assessments

At the top, the macro-level analysis provides a high-level view of the main ML/TF threats and

vulnerabilities and thus supports the strategy determination and resource allocation at the national

level across different supervisory, detection and prosecution agencies. This analysis assesses

Luxembourg’ s ML/TF risk at the level of predicate offences for threats (e.g. drug trafficking, fraud and

counterfeiting) and at the sector-level for vulnerabilities (e.g. banking and insurance). The objective

of this assessment is to compare ML/TF exposure across threats and sectors to inform overall strategy

and enable resource prioritisation.

The meso-level analysis is a mid-level risk assessment which is used as input for the macro-level

analysis by providing more granular data and inputs. It uses aggregated micro-level data where

applicable (e.g. reports on the insurance sector), national surveys/questionnaire findings and agency

expert opinion. The objective is to inform sector-specific strategy and enable resource prioritisation

within supervisors and law enforcement agencies.

Data inputs to the meso-level analyses include quantitative data and qualitative information gathered

from national data sources (some public, some confidential), and from agencies themselves (e.g.

aggregating information from AML/CFT questionnaires) along the dimensions of the assessment

criteria. For instance, size of the retail and business banking sub-sectors use data representing value

of customer deposits by type and assets.

Multiple Luxembourg competent authorities have independently conducted meso-level analyses in

the form of sub-sector risk assessments. The published versions of those risk assessments are used as

inputs for the NRA: for example, the CSSF’ s risk assessments on private banking⁹⁴and collective

investments funds⁹⁵. The sub-sector risk assessments include granular product or segment

taxonomies within an analysed sub-sector, exposure to threats and subsequent vulnerability

assessments. The risk assessments also include high-level descriptions of existing mitigating factors

put in place both by the public and the private sector.

⁹⁴CSSF, Sub-sectoral Risk Assessment P riv ate ꢋ ank inꢀ , 2020.

⁹⁵CSSF, Sub-sectoral Risk Assessment C ollectiv e ꢁ nv estments, 2020.

26

Luxembourg National Risk Assessment

Methodology

The micro-level analysis is a detailed risk assessment wherein sectorial inherent risk is assessed at the

product, service, entity and, technical levels, etc. (e.g. current accounts within retail banking most

commonly used for ML) and threats are analysed at a granular crime level (e.g. different types of fraud

across VAT fraud, online payment fraud, and their usage for ML, detailed analysis of terrorist groups).

The exercise requires very granular and includes mostly classified data. For example, supervisors use

entity-level risk assessments to determine the entities for which on-site inspections will be performed.

The objective of this assessment is to inform supervisory actions and identify specific entities/products

which are higher risk.

This National Risk Assessment focuses primarily on the macro- and meso-analyses insofar as they

contribute to the AML/CFT strategy. The micro-analysis is not a focus of this exercise, as this is

addressed by the routine supervisory and intelligence analyses. Moreover, the micro-analysis is highly

confidential and is for internal use of supervisors, intelligence and/or law enforcement agencies only.

3 .1 .3 . Scorecard approach

The inherent and residual risk assessments leverage a scorecard approach. As such, there is a separate

scorecard for the threat assessment, vulnerabilities assessments and the mitigating factors. All

scorecards, for the sub-sectors and for the threats, are included in the Appendix of the NRA⁹⁶.

The three assessments include the following steps, adjusted for their specificities, which are described

in the respective sections below.

First, the taxonomy and the assessment criteria of the analysis are defined. For example, for the threat

assessment the taxonomy covers the predicate offences in Luxembourg, and for vulnerabilities

assessment it includes the relevant sectors and sub-sectors. The assessment criteria for the threats,

vulnerabilities and mitigating factors are defined, together with a rating scale. For example, for the

vulnerabilities assessment, criteria include exposure to high-risk geographies or risk profiles of clients.

Second, available data and information is collected against each criterion, which is used to form an

understanding of the existing levels of threats, vulnerability or mitigation. The collected data and

information is transformed into a rating against each criterion, which were formalised in the previous

step. During this stage, analyses and findings are drafted into an NRA text narrative.

Third and final, the results of the analyses in the second step are aggregated to form a conclusion

regarding the overall threat level, a sector’ s overall vulnerability or the combined effectiveness of

mitigating factors. The analyses are also finalised in text narratives, which are presented in separate

sections in the NRA below.

3 .1 .4 . I nputs used

This sub-section describes in detail what data and information were used to conduct the NRA. The

sources of data and information leveraged can be broadly categorised into five groups: quantitative

data from agencies, publicly available quantitative data, documents describing mitigating factors,

expert inputs and judgement from agencies, and case studies and typologies.

Q uantitative data from agencies was collected through standardised data requests and through

follow-up requests for specific data points. Standardised data requests were sent to different

supervisory agencies to collect data on vulnerabilities and mitigating factors and to prosecution

authorities to collect data on threats and mitigating factors. Each data point in the data request could

⁹⁶Part of the confidential report, not included in this public version.

27

Luxembourg National Risk Assessment

Methodology

be mapped against a scorecard criterion for threats, vulnerabilities or mitigating factors. In some

cases, additional data was requested from agencies, for example, to further develop the

understanding of particular higher-risk factors.

Publicly available ꢃ uantitative data included both international and domestically available data sets.

For example, international datasets from various sources were used, such as international institutions

(UNODC, OECD, European Commission, European Central Bank), associations (for instance: BSA Global

Software Survey, Global Slavery Index) and academia (including Organised Crime Portfolio). Domestic

data sources were used to complete international data sets (e.g. data provided by Parquet Gé né ral

Statistical Service; CRF Annual Reports; Grand-Ducal Police Annual Reports; STATEC datasets; Banque

centrale du Luxembourg datasets; data from LBRs).

D ocuments describing mitigating factors were provided by agencies for the mitigating factors section

in the NRA. Those documents included internal memoranda, describing AML/CFT supervisory

frameworks, risk assessment policies, enforcement policies and other internal processes. Agencies

also provided information on published circulars, guidance, FAQ s and other published materials.

E xpert inputs and j udgement of agencies were used to enhance the analyses of threats, vulnerabilities

and mitigating factors. For the threats assessment, interviews were used to receive expert inputs on

high-risk predicate offences, understand any developments and determine where additional data was

needed. Similarly, for the vulnerability assessments, interviews were used to receive inputs on high-

risk dimensions of different sub-sectors, understand the sub-sectoral developments over the past two

years and identify additional data points to be collected. For the mitigating factors, interviews were

used to collect additional information on mitigating factors in place, identify key changes in the

mitigating factors over the past two years and key future development areas.

Case studies and typologies were collected from different agencies and public sources to enhance the

vulnerability assessment of sub-sectors further. Agencies provided anonymised case studies on

previously observed suspicious behaviour by supervised entities or their clients. Typologies from

public sources (e.g. MONEYVAL and FATF) were used to illustrate the ML/TF drivers of sub-sectors.

The inclusion of case studies and typologies in the NRA is an addition to the previous NRA.

From the data limitations perspective, note that for cases where information was missing, the

assessed level of risk has been increased, in line with a conservative approach recommended by the

FATF. Note also that in some cases, which represent a minor part of the collected data, the latest

available data points were collected for 2018. For example, the number of enforcement measures

following on-site visits for 2019 was not final, because some on-site inspections were still being

finalised as of ꢁ une 2020, which could increase the number of enforcement measures for 2019.

3.2. Methodology for inherent risk

3 .2 .1 . Methodology for threat assessment

The first step of the NRA involves assessing the inherent ML/TF risk (i.e. in the absence of mitigating

factors). The approach taken for threats and sectorial vulnerabilities is described below. It should be

noted that under threats, ML and TF are assessed separately, given the differing nature of criminal

activity. For vulnerabilities, although the purpose and nature of ML and TF may be different, criminals

often use similar techniques to move illicit money. Due to the commonality of the methods used, the

sectorial vulnerabilities assessment addresses both the exposure to ML and TF without differentiation

under its analysis.

28

Luxembourg National Risk Assessment

Methodology

The objective of the analysis of threats is to understand the environment in which predicate offences

are committed to identify their nature and to assess the exposure to them. The threats assessment is

conducted by following the three-step scorecard approach illustrated in Figure 5 (below) by defining

the relevant threat taxonomy and agreeing assessment criteria, collecting data and expert input to

form an understanding on threat levels, and summarising the final outcomes in a text narrative,

iterated and aligned with the relevant experts.

Figure 5: Scorecard approach for threat assessment

In terms of granularity for analysis, threats are assessed along a list of predicate offences in line with

FATF crime categories⁹⁷; these map to granular predicate offences (“inꢃ raction primaires” ) under

Luxembourg law. Minor adaptations are made to better reflect Luxembourg’ s reality (for instance,

merging ꢅ fraud” and ꢅ forgery” ). The list of predicate offences to ML analysed is provided in Appendix

A.2, together with a full mapping table to Luxembourg detailed offences. The exposure to these

threats is considered separately for domestic and foreign offences. It should be noted that terrorism

and terrorist financing are also predicate offences to ML.

Compared to the previous NRA in 2018, the taxonomy has been expanded to include cybercrime,

following its assessment in the 2018 NRA as an emerging and evolving threat. The 2018 NRA assessed

cybercrime to be especially important to Luxembourg given its increasing digital economy and

prevalence of ICT and fintech companies.

To assess the exposure to these different threats, a scorecard approach was taken. This defined three

main criteria (the scorecard is also illustrated in Figure 6, below):

•

The ꢅ likelihood” criterion assesses the level of criminality (e.g. crime rate, terrorist events,

presence of terrorist groups, number of offences and convictions).

•

The ꢅ size” criterion assesses an estimate of the proceeds generated (e.g. amounts seized, value

generated, number of STRs… ) and of the complexity and characteristics of the laundering, i.e. form

⁹⁷FATF, ꢇ RA G uidance, February 2013, Annex I (link).

29

Luxembourg National Risk Assessment

Methodology

of proceeds (e.g. cash versus non-cash), ML expertise of criminals and geography (origin /

destination).

•

The ꢅ conseꢃ uences” criterion helps to distinguish the extent of different threats on financial

systems and institutions, as well as the economy and society more generally (i.e. human, social

and reputational impact). This is used for domestic, but not foreign offences.

Figure 6: O verview of threat assessment criteria

Criteria

Sub-criteria

E xample of indicators that can be used

E valuation

Probability of

crime

(ꢅ likelihood” )

Level of

criminality

•

Crime rate/number of crimes (domestic)

Terrorist events (incidents, attempts, casualties, etc.)

Presence and activities of known terroristgroups

Number of offences, open notices, prosecutions,

convictions and sanctions (with and without ML)

•

Data will becollected to support

assessmentas much as possible

– Availability and granularity will differ per

crime and criteria (e.g. reputation

impacts vs. number of domestic crimes)

– Often the relative order of magnitude

matters most (e.g. corruption index

showing Lux as more/less corrupt than

others)

•

MLA & extradiction requests sent and received

Proceeds of

crime (ꢅ size” )

Proceeds

generated

•

Number of seizures and amounts seized

Estimated value generated per crime committed

Estimate of trade and financial flows with foreign countries

(in particular with high risk countries)

Estimated valueof proceeds from international crimes

Number of STRs and SARs filed

•

Flexibiltiy in assessment is needed given

crimes’ differing nature and materiality

– Not all will havethe same level and

•

granularity of data

– Not all criteria will beequally relevantto

all crimes

Form of

proceeds

•

Cash proceeds vs. Non-cash physical

Use of innovative forms (e.g. virtual currencies)

ML expertise

•

Sophistication (knowledge, skills, expertise)

Capability (network, resources, etc.)

– Some crimes will meritmore

time/data/judgement for assessment vs.

Others based on materiality, in linewith

risk-based approach (e.g. Maritimepiracy

in lux likely immaterial)

Geography

•

Origin/source

Destination

H uman,

Economic

and social

cost

•

Foregone revenues

Financial systemstability and its perceived integrity

Attractiveness of the country for business, ability to attract

FDI, broad ꢅ reputation” of country

social and

reputational

impact

(ꢅ consequen-

ces” )

•

Assigning a threat level (lowto high) to

each crimewill thus be based on a mix of

information thatwas possibleto collect

(data, rankings, indices, surveys, etc.) and

expert judgement

ꢄ uman harm

•

Direct harm to people (injuries, fatalities)

Social harm(e.g. fear of terror, reduced social cohesion)

Threats are assessed on a scale of 1 to 5 (very low, low, medium, high and very high), against the

scorecard of criteria using a combination of national and international data available and expert

judgement, as well as a workshop with all judicial authorities to validate outcomes.

Threat assessments are done separately for domestic and foreign offences. For instance, a given threat

with three scores of ꢅ medium” for domestic offences would yield an overall level for the threat

domestically of ꢅ medium” . Following that, the exposure to each threat across domestic and foreign

offences is combined for an overall exposure level. It is based on a weighted average between

domestic and foreign exposure, with 25% and 75% weights respectively⁹⁸. Given Luxembourg’ s open

economy and large financial sector, the country is more exposed to ML from criminals abroad than

domestically. For simplicity, the weighting is assumed to be constant across predicate offences.

The resulting assessment is described in the threats assessment section of this NRA.

3 .2 .2 . Methodology for vulnerabilities assessment

For the sector/subsector vulnerabilities a similar three-step approach is utilised as for the threat

assessment (Figure 7, below). First, an overview of sectors and sub-sectors is defined per agency and

98

The domestic/foreign weighting was agreed to reflect an average perceived split across offences and sectors, based on

expert judgement and data, where available (for instance, share of assets under management outside of Luxembourg in the

financial sector).

30

Luxembourg National Risk Assessment

Methodology

aligned with each agency. This represents the taxonomy of the sectors and sub-sectors for which the

vulnerability will be assessed. In addition, risk assessment criteria are defined for sectorial

vulnerabilities, assessing the contribution of each criterion as a potential driver of ML/TF risk. Second,

data and inputs are collected from public sources and private sources through data requests and

interviews with agencies, which are then matched against the criteria and transformed into ratings,

and are used to form an understanding of ML/TF risk drivers for specific sub-sectors. Third and final,

ratings are aggregated into a sub-sectoral rating to determine overall inherent risk level, and the

analyses are summarised in text narratives, which are presented in the sections below.

Figure 7: Scorecard approach for vulnerability assessment

The methodology used to map the sub-sectors to the sectors is driven by how the supervision of these

sectors is organised under the various public-sector supervisory authorities. Therefore, this

assessment involves sectors not mapped based on activity but based on supervisory set-up⁹⁹. For

instance, the market operators sector in the vulnerabilities assessment only includes the Luxembourg

Stock Exchange. Traditional sectors such as fund and asset managers, securities brokers and others

are included under the investment sector. The detailed mapping tables for the analysed sectors are

included in Appendix A.1.

As described in the three-step scorecard approach to the vulnerability assessment, as part of the first

step of the overall approach, the dimension criteria for the risk assessments are specified. The criteria

used in the scorecard for sectorial vulnerabilities include six dimensions and nine sub-dimensions:

•

Structure (consisting of size and fragmentation/complexity)

Ownership and legal structure

Products and activities

Geography (consisting of international business and flows with weak AML/CFT measures

geographies)

⁹⁹This is based on the legal framework of the supervisory set-up within the authorities.

31

Luxembourg National Risk Assessment

Methodology

•

Client and transactions (consisting of volume and risk)

Channels

Q uantitative data and qualitative information are gathered from national data sources (some public,

some confidential) along the dimensions of the assessment criteria. The data and information

gathered are then translated into an informed vulnerability rating on a scale of 1 to 5 against each

criterion (5 representing highest impact of vulnerability to ML/TF). W here data was missing, expert

opinion was used to enrich the analysis. The criteria scorecard for the inherent risk scores, together

with examples of indicators and data used can be found in Appendix A.3.

The aggregate inherent risk score across each sub-sector/crime is calculated by averaging the scores

against each criterion. Equal weighting was given to each criterion. The aggregate inherent risk score

is then mapped to one of the five outcome levels, ranging from ꢅ very low” to ꢅ very high” . The risk

level outcomes are specified in the Appendix A.3. A separate vulnerability inherent risk outcome is

been assigned to each sub-sector following the scorecard approach described above. The outcomes

of the sub-sector analyses are then aggregated into sectoral outcomes by consolidating them

together.

As seen in the sectorial vulnerabilities section below, each sub-sector has a risk level associated with

it, which may be different from that of the aggregate sector. Aggregation of scores allows

determination of relative risk of sub-sectors within a sector (e.g. life insurance is riskier than non-life

insurance in the insurance sector).

3.3. Methodology for mitigating factors and residual risk

3 .3 .1 . Methodology for impact of mitigating factors

Following the inherent risk assessment, impact of mitigating factors is assessed. An effective system

is one that ꢅ correctly identifies, assesses and understands its money laundering and terrorist financing

risks, and co-ordinates domestically to put in place actions to mitigate these risks” ¹⁰⁰. The aim of this

part of the NRA is to establish an accurate, factual picture of the current AML/CFT framework and set

up of relevant institutions, and identify improvement measures.

The approach to assess the impact of mitigating factors is structured around three key steps,

illustrated in Figure 8, below. First, criteria to assess impact of mitigating factors in place are defined:

Those include prevention, supervision, detection and other appropriate mitigating factors levers. As a

second step, data and information are collected against each criterion to form an understanding of

the effectiveness of the mitigating factors, and each criterion is assigned a score. Finally, the mitigating

factors put in place are described in separate NRA sections, and the mitigating factors scores are

aggregated for each sub-sector. The aggregated scores are then used to evaluate residual risk.

¹⁰⁰FATF, ꢈ eth odoloꢀ y ꢃ or Assessinꢀ ꢅ ech nical C ompliance w ith th e ꢂ Aꢅ ꢂ Recommendations and th e Eꢃ ꢃ ectiv eness oꢃ Aꢈ ꢉ ꢍ C ꢂ ꢅ

Sy stems, February 2013.

32

Luxembourg National Risk Assessment

Methodology

Figure 8: Scorecard approach to assess impact of mitigating factors

The framework to structure this part of the exercise was agreed as per Figure 9 (below); this includes

five key components, considered to cover all relevant aspects of the AML/CFT institutional set-up in

place. National strategy and coordination is required to ensure robustness of national institutional

design, coordinate national actions and coordinate cooperation with international bodies and groups.

For beginning-to-end control of ML/TF, component parts must cover prevention, detection and

prosecution/law enforcement. Prevention/supervision entities facilitate and promote compliance

with professional AML/CFT obligations. Detection entities gather intelligence and analyse it to

determine if evidence suggests predicate offenses are likely to have occurred. Prosecution/law

enforcement entities pursue predicate offenders in the judicial system. Finally, international

cooperation provides a solid foundation for national AML/CFT work by promoting best practice

exchange, exchange of information, and international coordination.

33

Luxembourg National Risk Assessment

Methodology

Figure 9: Mitigating factors framework

Note that compared to the previous NRA, the prevention and supervision sections have been split into

separate framework dimensions, with the articulation of the private-sector controls scored under the

prevention dimension.

The main institutions, agencies and committees are mapped against each component of the

framework to be engaged in the exercise and jointly developed the in-depth assessment to ensure

accuracy and completeness. This assessment is then compared against best practice guidelines and

peer practices to identify potential gaps and areas for improvement in the current setup.

To assess the impact of mitigating factors, current practices are discussed with concerned entities

along a common set of four dimensions: mandate, model, capabilities, and results. This intended to

cover the full lifecycle of supervision, detection and enforcement: authorisation to act by relevant

governmental bodies (mandate), set-up (model), resource inputs (capabilities) and outputs (results).

It is outlined below and in the following figure:

•

Mandate: When considering a component part’ s mandate, the legal mandates, powers to source

information, powers to sanction, international cooperation, harmonisation of sanctions across

similar authorities and whistle-blowing procedures are considered. In addition,

comprehensiveness of sectorial coverage by the supervisors and the ability (via data-sharing

protocols) to share data with other agencies is also reviewed.

•

Model: Under the heading of model, the governance framework, organisational design, key

functions, operational design, strategic analysis and external cooperation mechanisms are

34

Luxembourg National Risk Assessment

Methodology

assessed. The existence and maturity of a risk-based approach to supervision and adequacy of

sector-specific regulation are also considered to gauge the appropriateness of the model.

•

Capabilities: For capabilities, human capital along the dimensions of adequacy of resources and

specialist skills are assessed. Furthermore, the database, technology and tools available are also

considered.

R esults: For results, statistical analyses are chosen based on available data with a view to

determine the number and quality of authorisations, sector awareness, inspections (on-site and

desk level), sanctions and STRs submissions

Using common dimensions (Figure 10, below) enabled the structuring of the exercise in a coherent

way across the many stakeholders involved; it should be noted however some elements of each

dimension above are naturally more applicable to some agencies than others.

Figure 1 0 : D imensions used to assess impact of mitigating factors

The results / effectiveness dimensions are then used to inform the scorecard criteria, which include

five different criteria:

•

Market entry controls

Understanding of ML/TF risks and AML/CFT obligations

Prevention/private-sector controls

Supervision and enforcement

Detection, prosecution and asset recovery

The different criteria together with data and information inputs examples for them are described in

Appendix A.4 . Compared to the NRA 2018, the prevention criteria and private-sector controls criteria

were retrieved out of the supervision dimensions and added as a separate dimension. The regulation

35

Luxembourg National Risk Assessment

Methodology

and information criteria together with understanding of ML/TF risks and AML/CFT obligations were

grouped into a single dimension.

3 .3 .2 . Methodology for residual risks

The residual risk assessment considers the level of ML/TF risk after mitigating measures are

considered. The residual risk outcomes are used to identify sectors where Luxembourg remains most

exposed to ML/TF risks. It thus serves as a basis to develop and prioritise strategic actions that can be

undertaken to further strengthen Luxembourg’ s AML/CFT regime and reduce ML/TF risks. Similar to

the assessment of the sectorial inherent risk, the residual risk is developed in conjunction with the

concerned authorities. It also includes findings gathered in interviews with the private sector.

The sectorial impact on residual risk depends on the starting level of sectorial inherent risk and the

mitigating actions applied to manage these risks. The mitigating actions arise from: the prevention

regime (such as supervisors), the detection and prosecution regime (for example CRF, prosecution

authorities, investigative judges, judicial police) or the private-sector entities. W ith regards to the

private-sector entities, the supervisory regime sets the rules and regulations but the private sector’ s

level of effectiveness of implementing and complying with these regulations is for instance reflected

indirectly in statistics available at the supervisory level (under ꢅ Results” ). Furthermore, the private

sector may also have implemented additional group policies that impact residual risk. It should be

noted some mitigating factors affect sectors transversally (e.g. activities by the CRF or the prosecution

authorities).

The implications of such a set-up are that deficiencies identified in any of the players impact the

sectorial residual risk outcomes. Even if controls and effectiveness of a given regime are best practice,

that does not guarantee low levels of sectorial residual risk unless similar standards are observed

across the board. This being said, it should be noted that if the sectorial inherent risk is very high, even

with strong mitigating actions, the residual risk outcome is unlikely to be very low as it is not possible

to completely eliminate risks, especially for the most vulnerable sectors.

The calculation of the residual risk per sub-sector (e.g. private banking under the ꢅBanks” sector) is

illustrated in Figure 11 (below).

36

Luxembourg National Risk Assessment

Methodology

Figure 1 1 : R esidual risk calculation

The inherent risk scores are determined using the scorecard approach described in the sub-section

above on a scale from 1 to 5, ranging from very low risk to very high risk. The scorecard dimensions

for sectorial vulnerabilities included size of the sub-sector, fragmentation of the market,

ownership/legal structure of the entities, products/activities, client volumes, client risks and

interactions channels.

The mitigating factors impact scores are calculated using the fact-base obtained under the four

dimensions mandate, model, capabilities and results. To enable a more granular assessment of the

mitigating factors in place, a scorecard of residual risk criteria is devised, consistent with the four

dimensions referred. It includes licensing, understanding of ML/TF risks in the sector, rules setting and

rules enforcement by the supervisors and detection and prosecution statistics.

As with the inherent risk assessment, a combination of research, data, expert judgement and bilateral

discussions with concerned entities is used to assess the impact of the mitigating factors in place along

each of the criteria in the scorecard, on a scale from 1 to 5. Luxembourg-specific data is collected from

a wide range of sources such as annual reports (e.g. CSSF, CRF, CAA), statistics (e.g. STATEC) and non-

publicly available data from agencies. W hen data is missing, the assessment is based on expert

judgment which is formed through agency interactions. As with inherent risk, a lack of detailed

statistics increases the risk assessment in line with a conservative approach.

An overall score on the mitigating factors in place is obtained by averaging the scores across the

criteria and ꢅ bucketing” these in 5 possible outcomes: an average score of 1 stands for an outcome of

limited or no mitigating factors in place; an average score of 2 stands for some mitigating factors in

place” ; 3 stands for significant mitigating factors in place; 4 for ꢅ high mitigating factors in place and 5

for very high mitigating factors in place. The aggregated outcomes for mitigating factors correspond

37

Luxembourg National Risk Assessment

Methodology

to a reduction in inherent risk of 0, -0.5, -1, -1.5 and -2, respectively. Note that compared to the

previous NRA in 2018, the maximum score was extended from a 4 , to a 5. Similarly, the aggregated

outcomes were also extended to include an interim level of -1.5 to reflect that some agencies made

significant progress.

Finally, the residual risk score is assessed by taking the inherent risk score (1 to 5) and subtracting the

mitigating factors outcome (i.e. reducing the score by 0, 0.5, 1, 1.5 or 2 points). This results in a residual

risk score per sub-sector. The aggregate residual risk level for the sector is then determined by

aggregating the residual risk scores across subsectors. An illustration of the residual risk calculation,

together with an illustrative example, is provided in Appendix A.4 .

3.4. National AML/CFT Strategy

The results of the inherent and residual risk assessment were used to identify improvement

opportunities for the current institutional setup to further enhance the AML/CFT measures. These

opportunities formed the basis for defining actions for different agencies. Overall, the key outputs of

this exercise included detailed action plans with timelines for different agencies, a national action plan

and four national strategic priorities, which together form the national AML/CFT strategy. The results

of the agency action plans were compiled into a separate document as appendix to the NRA.

Actions were identified, discussed and iterated with each individual agency in bilateral meetings and

written correspondence. This included agencies providing an update on the progress against the

AML/CFT actions from the previous NRA and sharing their internal ongoing and upcoming initiatives.

Those inputs, together with the improvement opportunities identified while assessing the mitigating

factors, formed the basis for the creation of actions plans for each agency. Additional consideration

was also given to guidance from FATF and other institutions and peer practices. The lists of actions

and their timelines were then reviewed and validated by each agency in bilateral meetings. These

actions were aggregated and articulated into a comprehensive, national action plan.

Separately, the National AML/CFT Prevention Committee (NPC) identified four areas of particular

strategic relevance to focus on. These are the four areas that the NPC has identified as likely to have

the greatest impact on further enhancing the effectiveness of the national AML/CFT framework.

The NPC played a key role in articulating the AML/CFT strategy, by formulating and iterating it with

agencies for additional feedback and inputs. Going forward, it will support in coordinating the

implementation of the strategy in the next years.

38

Luxembourg National Risk Assessment

COVID-19 Crisis: Impact on threats, vulnerabilities and mitigating

factors

4.

CO V I D -19 CRISIS: IMPA CT O N TH R E A TS,

VU LN E R A ꢀ I LI TI E S A N D MI TI ꢁ A TI N ꢁ FA CTO R S

The COVID-19 crisis has led to unprecedented global challenges and economic disruption. Since the

emergence of the virus in December 2019 to the time of writing (ꢁ uly 2020) at least half of the world’ s

population has been impacted by some form of lockdown (including, but not limited to: closing of

schools; closing of non-essential shops and production; closing of non-essential office spaces; closing

of public spaces; curfews; social distancing measures; border closures; and travel restrictions).¹⁰¹In

Luxembourg, restriction measures were implemented on 12^thMarch 2020.¹⁰²

As many economies face significant downturn, financial flows are likely to diminish (indeed,

Luxembourg’ s national statistics office has stated it will downgrade short-term prospects for the

country).¹⁰³ꢄ owever, experience from past crises suggests that in many cases illicit finance continues,

and new techniques and channels of laundering money are likely to emerge.¹⁰⁴An overview of these

emerging and evolving ML/TF threats (including predicate offences that generate illicit proceeds which

could give rise in particular to ML) and vulnerabilities is provided below.

4.1. ML/TF Threats

Cybercrime and the risks associated with cybersecurity have increased since the outbreak of the

pandemic and the imposition of ꢅ lockdown” measures driving demand for communication,

information and supplies through online channels. Criminals use phishing and ransomware campaigns

(such as those included in the case studies below) to exploit the current crisis and capitalise on the

anxieties and fears of their victims¹⁰⁵. CRF’ s COVID-19 typologies report highlights that working from

home creates new risks, as criminals can exploit security loopholes to gain confidential documents,

which are then used in sophisticated frauds¹⁰⁶. Cybercrime threats are likely to continue to be

dominant threats as social-distancing measures enhance the reliance on digital services, but the

current focus on the distribution of malware and ransomware on targeting particularly affected

sectors such as healthcare and education may shift back to attempts to exploit regular businesses as

they reopen (either physically or by expanding their business online)¹⁰⁷

.

Case Study 1: Phishing scams in Luxembourg using the World H ealth O rganisation (WH O ) name^{1 0 8}

Phishing and email scam campaigns are typically designed to obtain personal information, which

can then be used by criminals to steal funds. There has been a significant increase in the amount of

scam campaigns related to COVID-19 since ꢁ anuary 2020, with research by internet security

company Sophos suggesting that the volume of COVID-19 email scams nearly tripled in one week

during the end of March, with almost 3% of all global spam now estimated to be Covid-19 related.

¹⁰¹See, for instance Euronews (link), Business Insider (link).

¹⁰²See gouvernement.lu for further details (link).

¹⁰³STATEC, C oronav irus th reat becomes a reality , 2020.

¹⁰⁴EBA, Statement on actions to mitiꢀ ate ꢃ inancial crime risk s in th e C ꢆ V ꢁ ꢄ -19 pandemic, 2020 (link).

¹⁰⁵EUROPOL, C atch inꢀ th e v irus: cy bercrime, disinꢃ ormation and th e C ꢆ V ꢁ ꢄ -19 pandemic, 2020 (link).

¹⁰⁶CRF, ꢅ y poloꢀ ies C ꢆ V ꢁ ꢄ -19, 2020 (link).

107

EUROPOL, ꢋ ey ond th e P andemic: h ow C ꢆ V ꢁ ꢄ -19 w ill sh ape th e serious and orꢀ anised crime landscape in th e EU , 2020

(link).

¹⁰⁸CSSF, Circular ꢌ0ꢍ740, 2020 (link).

39

Luxembourg National Risk Assessment

COVID-19 Crisis: Impact on threats, vulnerabilities and mitigating

factors

Several of these scams have attempted to use the W ꢄ O brand to obtain personal information from

victims. In Luxembourg, the government has confirmed one such scam in which senders purporting

to be from the W ꢄ O or travel agents sent malware-ridden links to a COVID-19 interactive map.

Fraud and forgery has been noted by both domestic and international bodies as a growing threat in

the context of the pandemic¹⁰⁹. The primary fraudulent activities have included: the adaptation of

existing telephone or email scams (e.g. criminals calling victims pretending to be hospital officials who

claim that a relative has fallen sick and request payments for medical treatment)¹¹⁰; supply chain

fraud, specifically in relation to personal protective equipment (PPE) and other healthcare products

(e.g. an investigation supported by EUROPOL was conducted on the transfer of €6.6 million to a

company in Singapore in order to purchase PPE and alcohol gels – the goods were never received);¹¹¹

and fraudulent investment scams (e.g. promotions that falsely claim products or services of publicly

traded companies can prevent, detect or cure coronavirus)¹¹²

.

O ther ML/TF threats that have increased or emerged during the COVID-19 crisis include, but are not

limited to:

•

Corruption and bribery, in particular in relation to government support schemes;

Insider trading and market manipulation (both as a result of the high volatility of financial markets

increasing the risk of persons trying to take advantage of inside information, as well as persons in

possession of inside information using insecure communication channels due to remote working

arrangements);

•

Counterfeiting and piracy, in particular of medicines and other goods, as described in the Case

Study 2, below.

Case Study 2: I N TE R PO L O peration Pangea – Criminals taking advantage of the high demand in

hygiene products driven by the CO V I D -1 9 outbreak^{1 1 3}

Operation Pangea, a global operation coordinated by INTERPOL, targeted the trafficking of

counterfeit medicines from 3-10 March 2020 as criminals began to take advantage of the high

demand in hygiene products driven by the COVID-19 outbreak. The operation involved 90 countries

worldwide and resulted in 121 arrests.

During the operation, authorities around the world seized 37 000 unauthorised and counterfeit

medical devices (mostly surgical masks and self-testing kits for ꢄ IV and glucose monitoring) and €13

million in potentially dangerous pharmaceuticals (such as unauthorised antiviral medications and

the antimalarial medicine chloroquine). Painkillers and antibiotics also represented a significant

portion of the seizures.

¹⁰⁹See, for instance, CSSF, Circular ꢌ0ꢍ740, 2020 (link); EUROPOL, P andemic proꢃ iteerinꢀ – H ow criminals ex ploit th e C ꢆ V ꢁ ꢄ -

19 crisis, 2020 (link); and FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

¹¹⁰INTERPOL, ꢁ ꢇ ꢅ ERP ꢆ ꢉ ꢊ arns oꢃ ꢂ inancial ꢂ raud ꢉ ink ed to C ꢆ V ꢁ ꢄ -19, 2020 (link).

¹¹¹EUROPOL, H ow criminals proꢃ it ꢃ rom th e C ꢆ V ꢁ ꢄ -19 pandemic, 2020 (link).

¹¹²EUROPOL, C ꢆ V ꢁ ꢄ -19: ꢂraud, 2020 (link).

¹¹³INTERPOL, Rise oꢃ ꢃ ak e “corona cures” rev ealed in ꢀ lobal counterꢃ eit operation, 2020 (link).

40

Luxembourg National Risk Assessment

COVID-19 Crisis: Impact on threats, vulnerabilities and mitigating

factors

4.2. ML/TF Vulnerabilities

W hilst it is possible that specific areas across Luxembourg’ s financial and non-financial sectors could

be exploited by the emerging ML/TF threats described above, there are specific vulnerabilities that

are particularly relevant in the context of COVID-19.

O nline financial services and virtual assets: The increase in online purchases as a result of the social-

distancing measures is likely to lead to the increase in both the volume and value of online payments

services, including the use of internet banking. This may create more opportunity for criminals to

conceal illicit funds within a greater amount of legitimate payments made online. FATF has highlighted

the continuing ML/TF risks associated with virtual assets to move and conceal illicit funds¹¹⁴

.

E ntities in financial distress: The contraction in Luxembourg’ s economic activity as a result of the

global pandemic could place some entities in distress (e.g. corporates and SMEs), which in turn creates

opportunities for them to be exploited by criminals seeking to launder illicit proceeds (e.g. if a

corporate is required to make a significant payment by a credit institution, the corporate may be

forced to accept proceeds from an organised criminal group in exchange for an ownership share of

the business, enabling the integration of illicit proceeds). Furthermore, credit institutions may revalue

existing collateral or request additional collateral to be placed against existing or new loans – if

controls on the origin or source of funds and wealth are relaxed to obtain this, it could facilitate the

entry of illicit proceeds into the financial system¹¹⁵

.

D elivery of government or international financial assistance, particularly through non-profit

organisations: Luxembourg has provided support to businesses to counter the economic impact of

COVID-19¹¹⁶. International financial institutions report that there is a risk that criminals or terrorists

may fraudulently claim or misdirect such funds. Corruption in procurement or aid delivery channels

could also impact international financial assistance¹¹⁷, particularly relevant for non-profit

organisations (NPOs). FATF has highlighted that most NPOs carry little or no ML/TF risk, though CSSF

notes that where there are increased financial flows through NPOs to higher risk countries, there may

be an increased risk of illicit activity (including TF), and that there remains the potential for tax

advantages afforded by charitable donations to be misused by those seeking to engage in ML

activities¹¹⁸

.

¹¹⁴FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

¹¹⁵CSSF, Circular ꢌ0ꢍ740, 2020 (link).

¹¹⁶For further details see: European Commission, ꢅ emporary ꢂ ramew ork ꢃ or State aid measures to support th e economy in

th e current C ꢆ V ꢁ ꢄ -19 outbreak, 2020 (link).

¹¹⁷FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

¹¹⁸CSSF, Circular ꢌ0ꢍ740, 2020 (link).

41

Luxembourg National Risk Assessment

COVID-19 Crisis: Impact on threats, vulnerabilities and mitigating

factors

4.3. Mitigating factors

FATF has set out a range of mitigating factors and AML/CFT responses to the evolving risks impacted

by COVID-19¹¹⁹. Those most important for Luxembourg include (but are not limited to): coordinate

domestically and continue to cooperate internationally to assess the ongoing impact of COVID-19 on

AML/CFT risks; strengthen communication and monitoring of the private sector by engaging on the

application of their AML/CFT measures; and continue to encourage a risk-based approach to CDD to

address practical issues. For example, in order to inform private sector entities, the CSSF published a

circular on the implications of COVID-19 on AML/CFT issues (10 April 2020) and held a specific

workshop beginning of May 2020 in order to further raise awareness in the specific sector of collective

investments. The outcome of the workshop was published in the form of a presentation on the

website of the CSSF and had been shared with IOSCO members in the context of CSSF’ s on-going

cooperation with its international partners¹²⁰. CRF also published COVID-19 typologies (2 April 2020).

Private-sector entities should continue to strengthen their understanding of the developing risks by

engaging directly with authorities and reading these and other relevant publications¹²¹. It is noted that

as the COVID-19 pandemic continues to evolve, additional ML/TF threats and vulnerabilities may

emerge – the mitigating factors described above serve also to prepare the country for these dynamic

risks.

¹¹⁹FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

¹²⁰CSSF, Presentation: AML/CFT supervision in the Collective Investment Sector during the COVID-19 situation (link).

¹²¹At the time of writing (ꢁ une 2020), COVID-related guidance has been published and/or distributed by a number of relevant

bodies, including but not limited to: FATF; EBA; EUROPOL; INTERPOL; CAA; IRE; OEC and AED.

42

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

5.

INHERENT RISK – TH R E A TS A SSE SSME N T

5.1. Summary

As described in the methodology section, threats are assessed on a scale of 1 to 5 (very low, low,

medium, high, and very high), and analysed across:

•

Money laundering (ML; domestic and foreign crimes)¹²²

Terrorism and terrorist financing¹²³(TF; also predicate offences to money laundering)

It should be noted threats are analysed within the inherent risk assessment component of the NRA;

that is, in the absence of mitigating factors and controls for ML/TF (see also methodology section of

NRA for more detail).

Money laundering (domestic and foreign crimes)

Money laundering is the highest threat for Luxembourg, in particular money laundering of foreign

criminal proceeds, due to Luxembourg’ s position as a major non-domestic European financial centre

(note: it is commonly observed that criminal proceeds are laundered in different locations from where

crimes are perpetrated¹²⁴; some estimates consider that as much as 30% of all criminal proceeds

globally are laundered abroad¹²⁵).

The threat of money laundering of proceeds of domestic crimes is estimated to be significantly smaller,

due to Luxembourg’ s relatively low crime rate and limited presence of organised crime. ꢄ owever, the

Grand-Duchy’ s wealth, its economy (including payments, investments, cyber and logistics providers),

its high number of international institutions and its central location in Europe increase the ML threat

level for certain types of crime. W hile some crimes might be perpetrated domestically, this does not

necessarily imply that their proceeds are laundered domestically. They might instead be taken abroad

(e.g. offences committed by foreign organised crime groups, taking proceeds outside Luxembourg).

Given the common market, criminals can easily cross the border to France, Germany or Belgium by

car or public transport.

Terrorism and terrorist financing (TF)

The threats of terrorism and terrorist financing are assessed as medium overall; despite the likelihood

of an attack being low in Luxembourg, the consequences could be very high.

¹²²ML is criminalised through three specific legal provisions, as defined in Article 506-1 of the Penal Code (and Article 8-1 of

the 1973 Drug Trafficking Law). The offence of money laundering is in essence the act of knowingly facilitating deceit as to

the nature, origin, location, disposal, movement or ownership of any kind of asset obtained criminally. Note that ML always

needs to be based on a predicate offence that served to generate the illegal proceeds. In a certain way, ML is part of the

predicate offence itself as soon as the perpetrator is detaining the proceeds obtained from the offence. For further details,

see Prosecution section.

¹²³As defined in the Penal Code, Article 135. Terrorist financing specifically is captured in Article 135-5. For further details,

see Prosecution section.

¹²⁴See for instance, FATF, ꢂ AQ on money launderinꢀ , (link).

¹²⁵See for instance, R. W . Baker, C apitalismꢒ s Ach illes H eel: ꢄ irty ꢈ oney and H ow to Renew th e ꢂ ree-ꢈ ark et Sy stem, 2005

(link).

43

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

ꢅ errorism: Despite no previous terrorism attacks and no known terrorist groups in Luxembourg,

Luxembourg raised its level of terrorism threat to 2 (on a scale of 4 ) in 2015, in light of recent terrorism

events in neighbouring countries¹²⁶. The raised threat level was kept since then.

ꢅ errorist ꢃ inancinꢀ : Terrorist financing is a more likely threat to Luxembourg than terrorism, given the

country’ s open economy. Still, both threats are closely connected and deemed overall moderate

relative to ML. Accordingly, there are few TFTR and TFAR¹²⁷reported to the CRF (across all submitting

entities), Luxembourg’ s FIU. The risk of a sector (e.g. payments, non-profit organisations) or

Luxembourg’ s financial centre being targeted by foreign terrorist groups for their financing purpose is

however not to be excluded.

Table 8 below gives an overview of threats across money laundering and terrorism and terrorist

financing, with further details in the sections below.

Table 8: I nherent risk – Summary of threats

E xternal

exposure

D omestic

exposure

Weighted

average

(7 5 % weight)

(2 5 % weight)

exposure

Money laundering

(av eraꢀ e ꢈ ꢉ th reat across ex ternal and domestic ex posure)

V ery high

Medium

V ery high

Medium

Terrorism and terrorist financing

(also as predicate oꢃ ꢃ ences to ꢈ ꢉ )

CO V I D -1 9 impact on threats

The COVID-19 crisis has led to unprecedented global challenges and economic disruption. Since the

emergence of the virus in December 2019 to the time of writing (ꢁ uly 2020), at least half of the world’ s

population has been impacted by some form of lockdown.¹²⁸In Luxembourg, restrictions were

implemented on 12 March 2020.¹²⁹As many economies face significant downturn, financial flows are

likely to diminish (indeed, Luxembourg’ s national statistics office has stated it will downgrade short-

term prospects for the country)¹³⁰. ꢄ owever, experience from past crises suggests that in many cases

illicit finance will continue, and new techniques and channels of laundering money are likely to

emerge.¹³¹In particular, cybercrime and the risks associated with cyber security have increased since

the outbreak of the pandemic and the imposition of lockdown measures driving demand for

communication, information and supplies through online channels. Fraud and forgery have also been

noted by both domestic and international bodies as a growing threat in the context of the

pandemic¹³². The primary fraudulent activities have included: the adaptation of existing telephone or

¹²⁶The level of terrorism threat was raised after the Paris attacks in November 2015, and kept at this level after the Brussels

attacks in March 2016 as per communication by the Ministry of State. Level 2 (medium threat) defines a real yet abstract

terrorist threat; it consists of increasing vigilance against an imprecise threat and to implement measures of vigilance,

prevention and protection of variable and temporary intensity. See ꢈ inistè re dꢒ Etat ꢉ ux embourꢀ , Press Announcement on

23/03/2016 (link).

¹²⁷Terrorism Financing Transaction Report (TFTR) and Terrorism Financing Activity Report (TFAR).

¹²⁸See, for instance Euronews (link), Business Insider (link).

¹²⁹See gouvernement.lu for further details (link).

¹³⁰STATEC, C oronav irus th reat becomes a reality , 2020.

¹³¹EBA, Statement on actions to mitiꢀ ate ꢃ inancial crime risk s in th e C ꢆ V ꢁ ꢄ -19 pandemic, 2020 (link).

132

See, for instance, CRF, ꢅ y poloꢀ ies C ꢆ V ꢁ ꢄ -19, 2020 (link); CSSF, Circular ꢌ0ꢍ740, 2020 (link); EUROPOL, P andemic

proꢃ iteerinꢀ – H ow criminals ex ploit th e C ꢆ V ꢁ ꢄ -19 crisis, 2020 (link); and FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and

ꢅ errorist ꢂ inancinꢀ (link).

44

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

email scams; supply chain fraud, specifically in relation to personal protective equipment (PPE) and

other healthcare products; and fraudulent investment scams¹³³. Some detail on key threats likely

impacted by the pandemic are highlighted throughout the section; however, a more detailed

assessment is provided in the section 4 of the NRA on the impact of the COVID-19 crisis on threats,

vulnerabilities and risks.

5.2. Money laundering

N ational exposure to ML threats map

An overview of the ML threat level per category – including a breakdown per predicate offence – is

provided in table 9 below. Threats have been assessed along a list of predicate offences in line with

FATF crime categories¹³⁴; these map to granular predicate offences (“inꢃ ractions primaires” ) under

Luxembourg law. A full mapping table can be found in the ꢅProsecution” section later below in the

NRA document.

The overall threat assessment is based on a weighted average between domestic and foreign

exposure, with 25% and 75% weights respectively. Given Luxembourg’ s open economy and large

financial sector, the country is more exposed to ML from criminals abroad than domestically. For

simplicity, the weighting is assumed to be constant across predicate offences. The rest of this section

provides a more detailed assessment (ꢅ bottom up” ) per predicate offence, split into domestic and

foreign exposure to ML.

Table 9: N ational exposure to ML threats map¹³⁵

E xternal

exposure

(75%)

D omestic

exposure

(25%)

Weighted

average

exposure

D esignated predicate offense

Money laundering (average ML threat)

Fraud and forgery

V ery high

H igh

Medium

H igh

V ery high

H igh

Tax crimes

Medium

Low

Corruption and bribery

Drug trafficking

Participation in an organised criminal group & racketeering

Sexual exploitation, including sexual exploitation of children

Cybercrime

H igh

Counterfeiting and piracy of products

Smuggling

H igh

Low

H igh

Robbery or theft

Medium

H igh

Medium

Trafficking in human beings and migrant smuggling

Illicit arms trafficking

Medium

Low

Insider trading and market manipulation

Low

¹³³EUROPOL, C ꢆ V ꢁ ꢄ -19: ꢂraud, 2020 (link).

¹³⁴FATF NRA Guidance, February 2013, Annex I (link).

¹³⁵This assessment is based on a mix of research and data available, expert judgement, bilateral meetings and a workshop

group discussion with judicial authorities. Exposure to predicate offences constituting the threats was broadly assessed along

a set of criteria, namely the probability of the crime occurring, proceeds of the crime if occurring (including size and form of

proceeds, and complexity/expertise of ML and geography, where available), and the human, social and reputational impact

(the latter for domestic exposure only).

45

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

E xternal

exposure

(75%)

D omestic

exposure

(25%)

Weighted

average

exposure

D esignated predicate offense

Illicit trafficking in stolen and other goods

Extortion

Medium

Low

Medium

Low

Medium

Low

Environmental crimes

Low

Murder, grievous bodily injury

K idnapping, illegal restraint, and hostage taking

Counterfeiting currency

Low

V ery Low

Medium

Low

Piracy

Low

Terrorism and terrorist financing

Medium

5 .2 .1 . External exposure: Money laundering of proceeds of foreign

crimes

Money laundering of proceeds of foreign crimes is the most significant ML threat for Luxembourg,

given its position as a global financial centre and the low level of local criminality. The magnitude,

diversity and openness of financial flows transiting through and parked in Luxembourg contribute to

this exposure. This is supported by data from the judicial authorities, international studies and expert

assessment from the country’ s authorities.

The likelihood of Luxembourg being misused or abused for ML of proceeds of foreign crimes is very

high, given the Grand-Duchy’ s role as one of the world’ s main financial hubs. In fact, Luxembourg is

ranked 25^thon the Global Financial Centres Index¹³⁶and has a high number of financial flows in and

out of the country, with and from different geographies. OECD reports that Luxembourg has a very

high incoming FDI stock as a percentage of GDP in 2019 with 313% compared to an EU average of

67%¹³⁷. STATEC data from 2018 suggests About 31% of foreign FDI come from offshore financial

centres¹³⁸, which presents a potentially higher threat for ML. Luxembourg also has a very large banking

sector as a percentage of GDP (about 1300% with over €901 billion banking assets as of March 2020),

with 128 different credit institutions from 27 different countries¹³⁹. According to Tax ꢁ ustice Network’ s

2018 ranking, Luxembourg has the sixth highest Financial Secrecy Index out of 112 countries, sitting

between Singapore and ꢁ apan^{14 0}. This is based on a moderate secrecy score and the very large size of

the financial sector: Luxembourg is rated to have a very large share (12%) of global offshore financial

services^{14 1}. It should be noted however that Luxembourg’ s large share of financial flows relative to its

size, as depicted in these several studies, should also be put into context with its central role for these

services in the EU common market.

¹³⁶The Global Financial Centres Index 26, September 2019.

¹³⁷OECD Benchmark definition, 4 th edition (BMD4 ): Foreign direct investment: positions, main aggregates (Outward/Inward,

% of GDP, 2019 or latest available) (link).

¹³⁸STATEC, Net annual income of on FDI of Luxembourg (according to the extended directional principle; in millions of euros

; 4 th OECD benchmark definition).

¹³⁹Banque Centrale du Luxembourg, Statistiques : Etablissements de crédit ; „tableau 11.01“ and „tableau 11.05“ as of March

2020 (link).

^{14 0}Tax ꢁ ustice Network, ꢂ inancial Secrecy ꢁ ndex ꢌ 0ꢌ 0, Results (link).

^{14 1}Tax ꢁ ustice Network, ꢂ inancial Secrecy ꢁ ndex ꢌ 0ꢌ 0, ꢇ arrativ e Report on ꢉ ux embourꢀ , 2020 (link).

46

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

The magnitude of the financial sector and its share of foreign financial flows contribute to the

proceeds of foreign crimes to be potentially laundered in Luxembourg. Moreover, the sophistication

employed by money launderers is estimated to be very significant as well. International studies and

guidance point towards criminal proceeds being often laundered in distant places from where crimes

were perpetrated to try to conceal the origin of funds^{14 2}. Estimates are varied, but for example, one

study^{14 3}estimates that as much as 30% of worldwide unlawful earnings are laundered cross-border,

making countries with significant shares of foreign direct flows more vulnerable.

ML of foreign crimes accounts for a significant share of Mutual Legal Assistance (MLA) and asset

seizures by Luxembourg authorities. Across all crimes, the prosecution authorities report having

received a total of 1 701 MLAs on aggregate in the past three years of 2017–2019, of which 362 are

related to self-laundered (SL) ML^{14 4}. Note, it is estimated that most ML MLA requests are SL-related,

however there are also MLA requests that arise from third-party or stand-alone ML. Data from the

prosecution authorities show seizures following MLAs across all crimes in the past three years (2017–

2019) of ~€311.5 million, compared to ~€92.1 million for domestic cases^{14 5}

.

As in any other country, if significant amounts are to be laundered via Luxembourg this could indirectly

encourage criminal activities elsewhere with significant human, social and reputational impacts.

Citizens and companies abroad are negatively impacted if criminals can launder the proceeds of their

crimes in other countries. Africa alone is estimated to lose more than ꢂ 50 billion annually through

illicit financial outflows^{14 6}. The reputational and social costs for Luxembourg would be significant, in

particular if the country is portrayed negatively for being used for ML, given its economic model

centred on the financial sector; this is Luxembourg’ s largest economic sector with ~50 900

employees^{14 7}and 23% of GDP^{14 8}.

Split of threat by predicate offence

The sub-sections below provide an overview of the overall threat level of ML of proceeds of foreign

crimes, by foreign predicate offence. It is worth noting that the split of threats is delineated on a best-

effort basis, as it is inherently difficult to ascertain the origin, geography and detail of the predicate

offences associated with possible illicit proceeds flowing through the country.

The most likely external threats for Luxembourg in terms of ML are believed to be: fraud and forgery;

tax crimes; corruption and bribery; and drug trafficking. In fact, these four crimes represent more than

70% of estimated criminal proceeds generated globally^{14 9}, ~4 5% of seizures following MLA to the

prosecution authorities in 2017–2019¹⁵⁰, and 57% of MLA received by the prosecution authorities in

2017–2019¹⁵¹. This is also in line with expert assessment from the country’ s judicial authorities.

14 2

See for example: UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational

ꢆ rꢀ aniz ed C rimes, 2011 (link), or FATF, ꢂ AQ on money launderinꢀ (link).

^{14 3}R. W . Baker, C apitalismꢒ s Ach illes H eel: ꢄ irty ꢈ oney and H ow to Renew th e ꢂ ree-ꢈ ark et Sy stem, 2005 (link).

^{14 4}Parquet Gé né ral Statistical Service, data received in March 2020.

^{14 5}Parquet Gé né ral Statistical Service, data received in March 2020.

^{14 6}UNECA, ꢁ llicit ꢂ inancial ꢂ low s ꢃ rom Aꢃ rica, 2015 (link).

^{14 7}STATEC, Emploi salarié inté rieur par branche dꢃ activité - donné es dé saisonnalisé es 1995 – 2019 (4^etrimestre 2019).

^{14 8}STATEC, Valeur ajouté e brute aux prix de base par branche (NaceR2) (prix courants) (en millions EUR) 1995 – 2019.

^{14 9}UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

¹⁵⁰Parquet Gé né ral Statistical Service, data received in March/April 2020

151

Parquet Gé né ral Statistical Service, data received in ꢁ uly 2020; note that besides requests for LAR received by the

prosecution authorities, other Luxembourg authorities (e.g. CRF, Asset Recovery Office, Police) also receive other ꢅ foreign

requests” for cooperation and/or information sharing.

47

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

Fraud and forgery

Fraud and forgery are estimated to generate ~12% of crime proceeds globally; in some of

Luxembourg’ s neighbouring countries, this figure is significantly higher (e.g. in Germany and the

Netherlands)¹⁵²

.

Luxembourg’ s position as a payments, investment and cyber hub increases the likelihood that

criminals (in Luxembourg and abroad) commit fraud involving Luxembourg-based institutions

(wittingly or unwittingly), and potentially launder the proceeds of that fraud via Luxembourg:

•

Payments hub: The ECB reports that 74 % of EU e-money transactions have been made in

Luxembourg in 2018¹⁵³, reflecting the fact that PayPal and Amazon Payments Europe have

established their European headquarters in the country. The very high number of electronic STR

and SAR (33 399 in 2019) reported by the CRF for fraud and forgery supports this¹⁵⁴

.

•

I nvestment hub: According to CSSF data¹⁵⁵, of 97 investment firms established in Luxembourg, 82

have the license of private portfolio manager, with 68 of them exercising relevant activities. They

have €4 0.6 billion assets under management (AuM), numerous clients, substantial international

business (~95% of clients are international) and foreign ownership (~37% of firms are owned or

controlled by foreign non-EU persons/entities)

•

Cyber hub: Technology leaders such as Amazon, Skype and PayPal all have their European

headquarters in Luxembourg¹⁵⁶. Moreover 23 data centres (~50 000 sq. m.)¹⁵⁷are established in

the Grand-Duchy. Cyber fraud, often coupled with cyber-crime, is believed to be increasing; for

instance, Thomson Reuters estimates cyber-crime to generate €1 trillion per year globally¹⁵⁸

.

This assessment is in line with the very high figures reported by the prosecution authorities for fraud:

they received 796 MLA in 2017-2019 (of which 204 self-laundered ML-related) and have seized assets

worth €176.4 million following MLA on fraud and forgery in that period. In 2019, the prosecution

authorities seized ~€88.6 million for international fraud and forgery cases¹⁵⁹

.

As illustrated in Case study 3, fraudulent crimes often involve another type of infraction, in this

example cybercrime.

¹⁵²UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

¹⁵³ECB, Payment Statistics (full report); Table 7.1 Number of payments per type of payment service, 2018 figures (link).

¹⁵⁴CRF annual report 2019.

¹⁵⁵CSSF data provided for Sectorial vulnerabilities of the NRA in 2019-20.

¹⁵⁶Luxembourg for Finance, ꢊ h y ꢉ ux embourꢀ ? W ebsite (link).

¹⁵⁷Datacentres in Europe, W ebsite (link).

¹⁵⁸Thomson Reuters, C y bercrime, ꢂ inancial ꢃ raud and money launderinꢀ : understandinꢀ th e new th reat landscape, 2013.

¹⁵⁹Parquet Gé né ral Statistical Service, data received in March/April 2020.

48

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

Case Study 3: Fraudulent transactions by way of fake email addresses^{1 6 0}

A Luxembourg company uses an accountant for its payments. For a payment to be executed, an

employee of the company must send the payment order to the accountant to be countersigned,

who then sends it to the bank for execution. In the present case, the fraudsters initially hacked into

the victimꢃ s e-mail account and, probably by analysing the exchanges contained therein, (i)

determined the payment procedure in force and (ii) took possession of previous payment examples

that one of the companyꢃ s employees had left in his mailbox in PDF format.

The fraudsters then prepared two false payment instructions, of ~€ 250 000 and €200 000, by using

the victimꢃ s style, shape and logo and by affixing a false signature of the companyꢃ s CEO. These

payment orders were finally sent via the hacked e-mail address to the accounting company, which

forwarded them to the bank that executed them. It should be noted that in the e-mail addressed

to the accountant, written in a familiar tone that was probably customary, the emphasis was placed

on urgency, but without exaggerating. It said ꢈ Itꢃ s quite urgent...ꢈ

In this case, the fraudsters had, in addition to hacking into the employeeꢃ s e-mail address, also

created a domain name very similar to that of the victim, probably to support their actions. They

changed the ꢅu” to a ꢅv”, creating the domain name: levisvel.com resembling the original

levisuel.com. They then used e-mails that closely resembled the originals:

pierre.dupont@ levisvel.com instead of pierre.dupont@ levisuel.com81

Importantly, fraud and forgery have been noted by both domestic and international bodies as growing

threats in the context of the COVID-19 pandemic.¹⁶¹The primary fraudulent activities have included:

the adaptation of existing telephone or email scams (for example criminals calling victims pretending

to be hospital officials, who claim that a relative has fallen sick and requests payments for medical

treatment)¹⁶²; supply-chain fraud, specifically in relation to personal protective equipment (PPE) and

other healthcare products (for example an investigation supported by EUROPOL was conducted on

the transfer of €6.6 million by a company to a company in Singapore in order to purchase PPE and

alcohol gels – the goods were never received)¹⁶³; and fraudulent investment scams (promotions that

falsely claim products or services of publicly traded companies can prevent, detect or cure

coronavirus)¹⁶⁴

.

Tax crimes

Tax crimes are estimated to generate about 30% of crime proceeds globally according to UNODC. In

some of Luxembourg’ s neighbouring countries, this is estimated to be even higher. In Germany, for

example, the largest source of unlawful income is tax and excise evasion (4 4 % of the total unlawful

proceeds of ꢂ 80 billion in 2007/2008)¹⁶⁵. W hile the level of tax and banking transparency has been

increased significantly in recent years¹⁶⁶, there is a risk that foreigners continue trying to abuse or

¹⁶⁰CRF Annual Report, 2017.

¹⁶¹See, for instance, CSSF, Circular ꢌ0ꢍ740, 2020 (link); EUROPOL, P andemic proꢃ iteerinꢀ – H ow criminals ex ploit th e C ꢆ V ꢁ ꢄ -

19 crisis, 2020 (link); and FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

¹⁶²INTERPOL, ꢁ ꢇ ꢅ ERP ꢆ ꢉ ꢊ arns oꢃ ꢂ inancial ꢂ raud ꢉ ink ed to C ꢆ V ꢁ ꢄ -19, 2020 (link).

¹⁶³EUROPOL, H ow criminals proꢃ it ꢃ rom th e C ꢆ V ꢁ ꢄ -19 pandemic, 2020 (link).

¹⁶⁴EUROPOL, C ꢆ V ꢁ ꢄ -19: ꢂraud, 2020 (link).

¹⁶⁵UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

¹⁶⁶For example, by the Law of 23 December 2016 implementing the 2017 tax reform, as well as tax transparency initiatives

promoted by the Direct tax administration in Luxembourg; see also ACD section (under Detection) for details on these.

49

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

misuse Luxembourg financial institutions and DNFBPs (i.e. lawyers, accountants) to avoid paying taxes

in their home country. The prosecution authorities received 156 MLA on tax crimes in 2017-2019, of

which 72 were self-laundered ML-related, and have seized assets worth €7 million following MLA in

that period)¹⁶⁷

.

The following case studies (below) illustrate two different examples of tax crimes, first through the

provision of third-party accounts, and then by way of a loan.

Case Study 4: Provision of third-party accounts, private banking and tax fraud¹⁶⁸

A Belgian national, residing for tax purposes in Thailand, holds an account with a Luxembourg bank,

from which he regularly transfers funds to his daughterꢃ s bank account. These funds would come

from a donation as well as the sale of land and buildings for a total amount of € 2.1 million.

Between 2015 and 2017, the account is debited of a total of €1 million to a law firm specialising in

civil and property law in Spain for the acquisition of three apartments. In 2016, the person

concerned stays in Belgium for six months. Then he returns to Thailand and regularly travels to

Spain, the United States and Belgium.

As a result of all these elements, the bank is unable to establish his tax compliance and terminates

the business relationship.

Case Study 5: D oubts on economic reasons for a loan¹⁶⁹

A company whose tax residence is in Lichtenstein has a bank account with a Luxembourg bank. This

company is requesting a loan of ꢂ10 million to be transferred to the private account of the economic

beneficiary, resident for tax purposes in Ecuador, guaranteed by the latterꢃ s private funds which

would be the result of his professional activity. According to open sources, the economic beneficiary

is reportedly the president of an Ecuadorian company linked to corruption cases in Ecuador, and

his wife would be politically exposed. ꢄ owever, in Liechtenstein, the granting of a loan by a

company to its beneficiary would be considered as a distribution of hidden profits.

Corruption and bribery

Corruption and bribery are estimated to generate ~2% of crime proceeds globally according to

UNODC. W hile this is less significant than the threats discussed above, Luxembourg appears to have

been particularly impacted by this threat over recent years.

In the years 2018 and 2019, the CRF blocked significant amounts relating to corruption and bribery:

about €64 .1 million in 2018 and €10.5 million in 2019. Most of these freeze orders were decided in

international cases, in order to give the foreign authorities concerned the possibility to send an MLA

request for the judicial seizure of the funds. In total, the prosecution authorities received 63 MLA on

corruption and bribery in 2017–2019, of which 39 are self-laundered ML-related, and seized assets of

¹⁶⁷Parquet Gé né ral Statistical Service, data received in March/April 2020.

¹⁶⁸CRF Annual Report, 2017.

¹⁶⁹CRF Annual Report, 2017.

50

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

€130 million following MLA¹⁷⁰. In 2019, the prosecution authorities seized ~€97.4 million following

convictions in international corruption and bribery cases¹⁷¹.

The two case studies (below) illustrate examples of corruption and bribery involving external clients

or transactions.

Case Study 6: Corruption and misappropriation of public funds¹⁷²

A Luxembourg company, with no real activity, received funds from a bank account held by an

offshore company with a European bank into its bank account held with a Luxembourg bank. The

transfer of funds was justified by a shareholder loan agreement. The funds were subsequently used

to invest in the real estate sector in Luxembourg. The beneficial owner of both companies was a

person who was officially active in the construction and civil engineering sector abroad. The FIUꢃ s

analysis identified close links with another person listed in a K YC database and who was also linked

to a suspicion of money laundering in the same country. International cooperation has been

initiated to identify the economic origin of the funds that were used to invest in the real estate

sector in Luxembourg.

Case Study 7: Suspicious transactions and corruption¹⁷³

A local bank detected, on the basis of alert analyses generated by a monitoring tool, a series of

suspicious transactions linked to companies registered in particular in Costa Rica, whose sole

economic beneficiary was a person of Uruguayan nationality.

First, it was found that the transactional behaviour of the concerned companies, which, when the

accounts were opened, were presented as operating companies (consulting, financial advice,

trading), did not correspond to the use of the accounts as described by the client when entering

into the relationship. On the contrary, the analysis of the activity of the accounts revealed

numerous IN/OUT transfers, documented by contracts often with very vague content (consulting)

and not always consistent with the activities expected of the companies.

Secondly, the FIU carried out an analysis of the history of the relevant accounts, which revealed

that at least one of the accounts had been used to receive funds from a Swiss account whose holder

was allegedly involved, according to public sources, in a corruption scandal in Latin America for

having obtained bribes amounting to ꢂ785 000 in his capacity as director of the body responsible

for infrastructure and public transport in that country in return for favours from his office.

An exchange with relevant counterparts confirmed the suspicion and identified the origin of the

funds. The judicial authorities of the country in question subsequently forwarded an international

rogatory letter to the Luxembourg judicial authorities, which resulted in the seizure of funds in

Luxembourg, which had previously been frozen by the FIU.

¹⁷⁰Parquet Gé né ral Statistical Service, data received in March/April 2020.

¹⁷¹Parquet Gé né ral Statistical Service, data received in March/April 2020.

¹⁷²CRF Annual Report, 2018.

¹⁷³CRF Annual Report, 2018.

51

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

The case study below, from the CSSF thematic work in its Private Banking Sub-sector Risk Assessment

(SSRA), illustrates an example of private banks’ exposure relating to foreign corruption and bribery.

Case Study 8: Suspicious transactions involving the E stonian branch of D anske ꢀ ank A /S

Context

Following the publication of media reports about significant volumes of suspicious transactions

involving the Estonian Branch of Danske Bank A/S (Danske Estonia), CSSF contacted a number of

banks to obtain more information on (1) potential transactions with Danske Estonia; (2) banks’

conclusions from their own investigation of their monitoring of these clients and transactions; and

(3) any actions taken or proposed to be taken as a result of their investigation. The main purpose

of CSSF’ s intervention was to ascertain whether banks had respected their professional obligations

and monitored their clients and transactions adequately. Banks were also requested to review the

effectiveness of their processes and procedures to ensure they were adequate to detect similar

risks going forward.

CSSF’ s work showed that (consistently with the NRA), Luxembourg’ s banking sector is exposed to

ML/FT risks from its international clientele and the high volume and frequency of cross-border

flows.

Findings and conclusions

The findings from CSSF’ s investigation underline that as an international financial centre with a high

degree of political stability, Luxembourg may be attractive for wealthier clients, including those

whose wealth may originate from higher-risk jurisdictions. These wealthy, higher-risk clients often

set up multiple accounts with multiple banks and are introduced to these banks through

intermediaries. They often seek out private banking departments of banks, even when their

banking activity can be very transactional, complex and difficult to assess.

Private banks must operate under a clearly defined ML/FT risk appetite and ensure their risk-based

approach considers all relevant risk factors and weights them appropriately (in particular those

inherent to clients and geographical origin of assets). Undervaluing client risk may lead to

insufficient due diligence and monitoring measures being applied, exposing the bank to financial

sanctions and reputation risk.

Corruption and bribery have been noted as growing threats in the context of the COVID-19 pandemic,

particularly in relation to government support schemes. Further detail is provided in section 4 of the

NRA on the impacts of COVID-19.

Drug trafficking

Drug trafficking is estimated to generate ~30% of crime proceeds globally according to UNODC¹⁷⁴, and

is believed to be the most important foreign crime in terms of ML together with tax crimes.

Luxembourg may be exposed to this threat externally both via financial flows from abroad, and due

to its proximity with countries estimated to have sizable drug trafficking activity, such as Germany,

¹⁷⁴UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link)

52

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

France, and the Netherlands given their market sizes¹⁷⁵. The prosecution authorities received 102 MLA

on drug trafficking in 2017–2019, of which 27 are related to self-laundered ML, and seized assets of

~€106 000 following MLA for drug trafficking over that period¹⁷⁶.

Other foreign crimes

There are a number of other foreign crimes that are deemed high threat for ML of proceeds in

Luxembourg, including participation in organised criminal groups and racketeering; counterfeiting and

piracy of products; sexual exploitation, including sexual exploitation of children; and smuggling. All

remaining predicate offences have been classified as being less significant in terms of the threat of ML

of proceeds of foreign crimes.

The table (below) provides an overview of the external threat assessment across all foreign crimes,

detailing the likelihood, size and overall threat level across all threats.

175

See for instance, Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed

C rime in Europe, 2015 (link)

¹⁷⁶Parquet Gé né ral Statistical Service, data received in April 2020

53

54

55

56

Luxembourg National Risk Assessment

Inherent risk – Threats assessment

5 .2 .2 . Domestic exposure: Money laundering of proceeds of

domestic crimes

The threat from money laundering of proceeds of domestic crimes is estimated to be smaller (overall

moderate) than of foreign crimes. This is due to Luxembourg’ s low crime rate and limited presence of

organised crime. The Organised Crime Portfolio¹⁷⁸estimates that the aggregate revenue across a set

of illicit markets (i.e. drug trafficking, fraud, counterfeiting, theft) in Luxembourg is around €161

million (i.e. ~0.4 % of GDP), which is lower than for neighbouring countries (France: ~€16 billion or

0.8% of GDP; Germany: ~€17 billion or 0.7% of GDP; and Belgium: ~€2.5 billion or 0.7% of GDP), and

close to half the estimate for the EU as a whole (i.e. 0.9% of GDP on average).

ꢄ owever, the Grand-Duchy’ s wealth, its economy, its high number of international institutions and its

central location in Europe increase the threat level for certain crimes. Fraud and forgery, drug

trafficking and robberies or theft emerge as the three most significant domestic threats. W hile some

crimes might be perpetrated domestically, this does not necessarily imply that their proceeds are

laundered domestically but might be taken abroad (e.g. offences committed by foreign organised

crime groups, taking robbed goods or proceeds outside Luxembourg). Given the common market,

criminals can easily cross the border to France, Germany or Belgium.

The table below provides an overview of threat levels and rationale for key domestic crimes.

178

Organised Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link)

57

58

59

60

61

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

Fraud and forgery

Fraud and forgery constitute a significant ML threat for Luxembourg. The probability and proceeds of

crime are high, considering the broad range of offences within the scope of fraud and forgery¹⁸⁶, and

the high figures reported by the Grand-Ducal Police, the prosecution authorities and the CRF.

Fraud and forgery are one of the most important domestic predicate offences, after drug trafficking

and robberies/theft. In 2018, the Grand-Ducal Police¹⁸⁷reported 1 366 ꢅ other criminal offences

against goods” ¹⁸⁸, a category which includes ꢅ breaches of trust” ¹⁸⁹, ꢅ fraud/trickery” ¹⁹⁰, ꢅ financial

crime” ¹⁹¹and ꢅ forgery or falsification” ¹⁹²amongst others. It should be noted that these figures stem

from the crimes reported by the general population to the Grand-Ducal Police and do not necessarily

include cases treated by the specialised units within the Grand-Ducal Police, which explicitly deal with

financial and economic crime, including ML.

In 2017-2019, 7 836 fraud and forgery cases have been opened, of which 388 potential ML cases

identified for investigation. These cases concerned 9 227 suspects (of which 1 027 related to potential

ML). During the same period, 1 321 cases were prosecuted (of which 187 potential ML), concerning

2 010 persons (of which 315 to potential ML). These resulted in 158 prison sentences (of which 35 for

ML), and 53 seizures for a total amount of €26.1 million (of which 16 for a total amount of €19.3 million

related to ML¹⁹³).

As highlighted above, Luxembourg’ s position as a payment, investment and cyber hub increases the

likelihood that criminals (in Luxembourg and abroad) commit fraud involving Luxembourg-based

institutions (wittingly or unwittingly), and potentially launder the proceeds of that fraud via

Luxembourg.

The ECB reports that 74 % of EU e-money transactions have been made in Luxembourg in 2018¹⁹⁴

,

reflecting the fact that PayPal and Amazon Payments have established their European headquarters

in the country. Moreover, 97 wealth and asset managers with €4 0.6 billion assets under management

(AuM) have established themselves in the country¹⁹⁵, with numerous clients, substantial international

business (55.9% of AuM are from international business) and foreign ownership (4 1% of firms are

foreign-owned). W hile it is difficult to determine the proportion of fraudsters based in Luxembourg

that launder their proceeds domestically, it is likely that some of the proceeds would fall under the

scope of domestic ML exposure.

186

Fraud against government (including VAT fraud); embezzlement/misappropriation; lending fraud; payment fraud;

insurance fraud; healthcare fraud; benefit fraud; vendor, supplier & procurement fraud; confidence tricks/scams; false

billing/invoicing; cyber & Internet selling fraud; investment fraud; forgery of financial assets; philatelic forgery; fake

passports, drivers licenses and IDs; fake art; illegal gambling.

¹⁸⁷Grand-Ducal Police Annual Report 2018 (link).

¹⁸⁸ꢅ Autres infractions contre les biens” .

¹⁸⁹ꢅ Abus de confiance” .

¹⁹⁰ꢅ Escroqueries/tromperies” .

¹⁹¹ꢅ Dé lits financiers” .

¹⁹²ꢅ Contrefaç ons et falsifications” .

¹⁹³Parquet Gé né ral Statistical Service, data received in August/September 2020.

¹⁹⁴ECB, Payment Statistics (full report); Table 7.1 Number of payments per type of payment service, 2018 figures (link).

¹⁹⁵CSSF data provided for Sectorial vulnerabilities of the NRA in 2020.

62

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

Reported proceeds generated by fraud and forgery, as well as the complexity of the offence, are

considerable). In 2019, the CRF has transmitted 156 analysis products to the prosecution authorities

for fraud and forgery (out of a total of 219 analysis products across all predicate offences)¹⁹⁶

.

Finally, the economic consequences of fraud and forgery could be material for Luxembourg. Fraud

events (e.g. investment scandals) could erode trust in the Grand-Duchy and expose financial

institutions and tech companies to reputational risk. Furthermore, fraud and forgery impose direct

economic losses to both victims and the government.

The typology below illustrates an example of fraud attempt in a private bank through an external

advisory.

Case Study 9: I nvestment scam to convince private banking clients to invest in illicit schemes

A fraudulent advisor contacts a client of a private bank. The fraudster claims that he/she has been

appointed as nominee settlor of a trust of which the potential victim is the beneficiary.

The fraudulent advisor acknowledges the numerous scams on the internet and offers to meet the

potential victim in person.

The fraudulent advisor assures the potential victim that no up-front fee payment is to be made and

that fees, if any, would be deducted directly from the amount to be disbursed to the potential

victim.

The fraudulent advisor sends the potential victim an authentic-looking trust deed and disbursement

notice in the targeted clients’ name. The trust deed seems to be certified by a notary. The

disbursement notice bears the name and signature of an employee who recently left.

As described in the external exposure section, fraud and forgery have been noted by both domestic

and international bodies as a growing threat in the context of the COVID-19 pandemic¹⁹⁷

.

Robbery or theft

Domestic robberies and thefts are a relevant threat for Luxembourg. The number of offences per

capita is higher than in peer countries and the proceeds are believed to be high on aggregate relative

to other crimes.

196

It should be noted not all files transmitted to the prosecution authorities from CRF necessarily result in new notices

(prosecution authorities might not process all transmission in a given year, and/or decide not to open an investigation based

on transmissions received). Additionally, as explained in the CRF section, in 2017 it increased its selectiveness by doing

additional analysis and ꢅ triage” ahead of transmitting files to the prosecution authorities, only transmitting files it already

deems to have a high likelihood of being prosecuted. It is estimated that a high proportion of fraud cases transmitted from

the CRF to the prosecution authorities prior to 2017 actually relate to ꢅ attempted fraud” cases, which banks are required to

report to the CRF via an STR.

¹⁹⁷See, for instance, CSSF, Circular ꢌ0ꢍ740, 2020 (link); EUROPOL, P andemic proꢃ iteerinꢀ – H ow criminals ex ploit th e C ꢆ V ꢁ ꢄ -

19 crisis, 2020 (link); and FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ (link).

63

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

Robberies and thefts are the most important domestic predicate offence in Luxembourg across a

broad range of statistics, more prevalent than in peer countries. The Grand-Ducal Police¹⁹⁸reported

2 568 thefts related to vehicles, 3 667 house break-ins and burglaries¹⁹⁹and 10 4 22 other thefts in

2018. W hile high, the number of offences and attempts has remained stable since 2013. In 2017–19,

the prosecution authorities opened 4 9 581 new notices implicating 20 4 53 persons (of which 200 new

cases implicating 4 53 persons for potential ML). During the same period, the prosecution authorities

decided to prosecute 3 4 33 cases implicating 4 002 persons (of which 154 ML cases implicating 260

persons), leading to 714 prison sentences (of which 115 for ML)²⁰⁰. Eurostat figures support that there

are more robberies, thefts and burglaries per capita in Luxembourg than in other European countries

(22.8 per 1 000 residents vs. 19.9 EU average)²⁰¹

.

Foreign organised criminal groups and individual criminals are believed to target Luxembourg due to

its wealth and proximity to three borders. In fact, Luxembourg has the highest GDP per capita in the

EU, over 2.5 times the EU average in 2018²⁰². ꢁ udiciary authorities note an impression of easy escape

from crime scenes, by way of the Grand Duchy’ s proximity to the French, Belgian and German borders.

Based on experience from the prosecution authorities and the police, foreign perpetrators targeting

Luxembourg for robberies and thefts come from a variety of locations, including the border region,

but also Eastern Europe. Crimes have targeted a wide range of goods, including cars, bicycles,

jewellery, hospital equipment and construction site materials. For example, the Organised Crime

Portfolio estimates cargo theft revenues in Luxembourg of €1.9 million²⁰³, which is higher in absolute

terms than the estimates for Portugal, Ireland or Greece.

Given that stolen goods are frequently transported abroad for resale (as commonly proceeds of crimes

are moved from where they were perpetrated), it is estimated the proceeds for money laundering

usually do not remain in Luxembourg. This is reflected in the relatively low number of transmissions

to the prosecution authorities and asset seizures. In 2019, the CRF has transmitted 3 analysis products

to the prosecution authorities for robberies or theft (out of a total of 219 analysis products across all

predicate offences)²⁰⁴. Furthermore, the prosecution authorities seized money-laundered assets for

domestic crimes worth roughly €2.7 million in 2017–2019.

The consequences of robberies and theft mostly relate to the monetary loss of the items. W hile

physical and emotional harm is difficult to assess, it is believed to be limited. Robberies and thefts can

be accompanied by some violence; the Grand-Ducal Police reported 4 12 thefts with violence in

2018²⁰⁵. Moreover, robberies and theft are likely to contribute to a feeling of insecurity among the

population.

Drug trafficking

W hile the size of proceeds is low relative to other threats, the use of drugs is average compared to

other countries, and the human and social impact are high.

EUROPOL²⁰⁶estimates drug sales in Luxembourg to constitute less than 0.1% of GDP. Drug

consumption in Luxembourg is broadly in line with world average. According to UNODC, ecstasy

¹⁹⁸Grand Ducal Police Annual Report 2018 (link).

¹⁹⁹This figure relates to any attempt or offence of a break-in to a property, whether or not it involved theft of property.

²⁰⁰Data received from Parquet Gé né ral Statistical Service in August/September 2020.

²⁰¹Eurostat, C rime and criminal ꢑ ustice tables, 2017 (link).

²⁰²Eurostat, GDP per capita, consumption per capita and price level indices (link).

203

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

²⁰⁴CRF Annual Report, 2018.

²⁰⁵Grand Ducal Police Annual Report 2019 (link).

²⁰⁶Eurostat database.

64

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

consumption (0.4 8%) is in line with the world average (0.50%), while cannabis consumption is slightly

above (5.20% with a world average of 4 .4 7%)²⁰⁷

.

Drug trafficking in Luxembourg is mostly based on ꢅ street dealing” of drugs imported from

neighbouring countries rather than large organised crime groups importing or producing drugs for

local resale. Most offences recorded are on possession and use of drugs vs. trafficking. Crime level is

broadly in line with neighbouring countries. The Grand-Ducal Police reported 4 238 drug offences and

attempts²⁰⁸in 2017 (12% of all offences registered, vs. 7% in Ireland²⁰⁹and 17% in Belgium²¹⁰), down

from 4 675 drug offences and attempts in 2015 (20% of all offences and attempts registered). In 2017–

19, the prosecution authorities opened 1 099 drug trafficking cases for investigation (of which 279

potential ML cases) related to 1 992 persons (of which 534 for potential ML). In the same period, the

prosecution authorities decided to prosecute 552 cases (of which 272 cases for ML) implicating 906

persons (of which 4 32 persons for ML), leading to 205 prison sentences (of which 164 for ML)²¹¹

.

W hile the domestic proceeds of crime generated in Luxembourg are estimated to be lower than in

other jurisdictions, the levels of criminal proceeds and the adjacency to countries with high levels of

proceeds raise the level of ML threat. The proceeds generated by drug trafficking in Luxembourg are

estimated between €9 million²¹²and 20 million²¹³annually (representing ~€30 per resident annually);

this is lower than estimated proceeds of €28 billion²¹⁴to €80 billion²¹⁵annually in Europe

(representing ~€55 per resident annually²¹⁶). The CRF transmitted three drug trafficking cases to the

prosecution authorities in 2019, and recorded 1 572 SARs and STRs for drug trafficking in 2019²¹⁷. In

2017-2019, the prosecution authorities seized ~€0.2 million from domestic drug trafficking cases of

which €66 4 00 were money laundering related. It is however becoming increasingly difficult to detect

amounts generated by drug trafficking with the emergence of new drug trafficking methods (e.g. Dark

W eb platforms). Luxembourg’ s central location and its increasing role in logistics²¹⁸may also pose a

threat, as it is possible that some drug-trafficking may be transited through Luxembourg. W hile

proceeds of domestic drug dealing are likely to be laundered domestically and in neighbouring

countries (due to the street-dealing nature of trafficking), proceeds from drugs transiting through

Luxembourg (an organised crime activity) are probable to be laundered abroad.

Drug trafficking results in significant human and social cost. Drug trafficking leads to addiction and

death, and finances organised crime. The Luxembourg Institute of ꢄ ealth reported 5 84 6 ꢅ problematic

registered drug users” (~1% of the population) and five deaths in 2016 (0.9 deaths per 100 000 people

aged 15–64 , down from 5.9 in 2000).²¹⁹This is slightly below the European average of 2.3 (with a total

²⁰⁷UNODC statistics database, ꢄ ruꢀ U se and H ealth C onsequences, Annual prev alence ꢃ or adults ꢐ 15-6 4 y ears old) ꢃ or “Ecstasy

ꢅ y pe Substances” and “C annabis” (Luxembourg data as of 2010) (link).

²⁰⁸Grand Ducal Police Annual Report 2019 (link).

²⁰⁹Ireland, ꢇ ational Risk Assessment ꢃ or ꢁ reland, ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ , 2015 (link).

²¹⁰Federal Police Belgium, Annual Report 2017 (link).

²¹¹Parquet Gé né ral Statistical Service, data received in August/September 2020.

²¹²Organized Crime Portfolio, ꢁ llicit Rev enues and C riminal ꢁ nv estments in Europe, 2015 (link).

²¹³STATEC, Reꢀ ards sur lꢒ impact de lꢒ économie illéꢀ ale sur lꢒ économie lux embourꢀ eoise, 2014.

214

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

²¹⁵UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

216

~€55 per resident using the OCP estimates for total EU (€28 BN); the OCP study estimates proceeds of ~€7 billion in

Luxembourg’ s 3 neighbouring countries (France, Germany, Belgium), which represents ~€4 4 per resident.

²¹⁷Note cases transmitted by the CRF to the prosecution authorities, as well as STRs, can relate to domestic ML and foreign

ML; note also the annual estimates for drug trafficking proceeds referred in the previous paragraph are estimates based on

annual average data from cited sources, and not the estimate for a specific year.

²¹⁸Luxembourg Trade & Invest, ꢉ oꢀ istics H ub ꢉ ux embourꢀ , 2017 (link).

²¹⁹Luxembourg Institute of ꢄ ealth, ꢇ ational ꢄ ruꢀ Report, 2017 (link).

65

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

of 7 585 drug-induced deaths in Europe in 2017²²⁰). Finally, combating drug trafficking is a key focus

of domestic law enforcement authorities with significant resources allocated to this offence.

Tax crimes

W hile domestic tax crimes occur in Luxembourg, the threat is considered less significant than for other

countries, due to the Grand-Duchy’ s tax system, its small shadow economy²²¹, and limited number of

recorded offences.

Local businesses and individuals tend to pay their taxes thanks to a tax regime that is not complex,

easy to use and relatively low corporate taxes. The Grand-Duchy is ranked 21 out of 190 countries for

the complexity of its tax regime²²²: the average company pays the lowest tax and contribution rate in

the EU (20.5% vs. 39.6% average) and takes the third lowest time to comply with tax obligations in the

EU (55 hours vs 161 hours average). The W orld Economic Forum Global Competitiveness Index also

assesses that Luxembourg ranks fourth out of 137 countries for less distortive effect of taxes and

subsidies on competition²²³. In recent years Luxembourg joined a series of international agreements

and exchanges of tax information initiatives²²⁴. For example, the Grand-Duchy has introduced

legislation to implement the OECD’ s Common Reporting Standard (CRS) for the automatic exchange

of financial information. Luxembourg is also actively involved in the OECD Base Erosion and Profit

Shifting (BEPS) initiative and has enacted legislation to address BEPS 13, on country-by-country

reporting. Automatic sharing of information is expected to contribute significantly to ex -ante

prevention and lower cases on tax offences being transmitted to the prosecution authorities (and/or

being object of LAR).

Data from Luxembourg’ s direct tax administration shows overall stable tax revenue, with manageable

amounts outstanding to be collected (which generate associated interest and other costs for late

payers) and sanctions for late payment in given circumstances. Overall direct tax revenue (€10.6 billion

in 2019) is roughly split amongst individuals (~58%, ~€5.9 billion) and legal persons (~4 2%, ~€7.4

billion)²²⁵. For individuals, 94 % of the 2019 workforce of 4 4 3 718 persons (ꢅ emploi salarié

inté rieur” )²²⁶are employed (“salariés” ). Taxes on salaries are collected throughout the year via

withholding with employers (ꢅ retenue dꢒ impꢓ t sur les traitements et salaires” ) which further

contributes to reduce the likelihood of fraud or evasion.

Across both individuals and legal persons, taxes outstanding (to be collected; ꢅ solde ꢀ énéral” )

amounted to about €1.7 billion as of December 2019, of which 17.8% of these concerned taxes were

not yet due or still within the legal time limits and/or acceptable time limits to ACD, 57.9% was

effectively categorised as ꢅ due” and only 24 .3% was categorised as ꢅ being enforced” (ꢅ soumis ꢔ

contrainte” ). Late payers can be subject to paying interest on late payments²²⁷(€26 million in 2019),

as well as fines and sanctions for late/non-payment²²⁸(€9.9 million in 2017). In 2016–2017,

Luxembourg ran a 2-year fiscal ꢅ réꢀ ularisation” allowing taxpayers to voluntary disclose complete and

corrective tax returns, in exchange for exemption from prosecution for tax crimes on the basis of the

corrective filings submitted and payment of an additional surcharge. This resulted in additional

²²⁰European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), Statistical ꢋ ulletin ꢌ 017 — ov erdose death s (link)

221

Illicit economic activity existing alongside a countryꢃ s official economy, e.g. black market transactions and undeclared

work.

²²²PW C & W orld Bank, P ay inꢀ ꢅ ax es, 2018 (link).

²²³W orld Economic Forum, ꢅ h e G lobal C ompetitiv eness ꢁ ndex , 2019 (link).

²²⁴Further details can be found in the Detection (ACD) section.

²²⁵Data provided by ACD in ꢁ une 2020.

²²⁶STATEC, Emploi, chô mage et taux de chô mage par mois (donné es dé saisonnalisé es) 1995-2020.

²²⁷ꢁ ntérê ts de retard, data provided by ACD in ꢁ une 2020.

²²⁸Amendes, astreintes et recettes analoꢀ ues (including ꢅ maꢑ oration” from the fiscal ꢅ réꢀ ularisation” ); ACD data.

66

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

revenue of ~€54 .5 million (~1% of total tax revenue for individual persons, or 0.6% of total tax

revenue).²²⁹

Luxembourg’ s (estimated) small shadow economy is also believed to contribute to a more limited

domestic threat of tax crimes, also supported by low number of domestic offences. In fact, the

Institute for Economic Affairs estimates that the shadow economy represents ~10% of national

income (in line with Switzerland, but significantly below the world average of 33%)²³⁰. This explains

why domestic tax evasion (0.9% of GDP) is estimated lower than for most other 38 OECD countries²³¹

(e.g. 1% to 1.1% in Germany, France and Belgium). In 2017–2019, the prosecution authorities opened

14 2 tax offence new cases for investigation (of which 14 potential ML cases). These cases concerned

34 1 suspects of which 35 related to potential ML. The prosecution authorities decided to prosecute

21 cases, implicating 4 2 persons (3 cases implicating 13 persons for ML). Over the same time, there

were no convictions for ML proceeds of tax crimes²³². It should be noted that Luxembourg has added

aggravated tax evasion and tax fraud to the list of predicate offences for ML as of ꢁ anuary 2017²³³

helping to reduce the likelihood of crime.

,

W hile historically lower than in other countries, proceeds of domestic tax evasion are still significant,

with tax crime is estimated to be one of the most common offences in most countries (estimates

suggest it may represent as much as 30% of the world crime proceeds²³⁴). The prosecution authorities

seized assets from domestic tax evasion cases of ~€1.1 million in 2017–2019²³⁵. Proceeds of domestic

tax evasion are likely to be laundered both domestically (e.g. through cash payments for shadow

economy activities and retail purchases) and abroad.

Importantly, tax-related scandals are a sensitive issue for Luxembourg due to its significant financial

centre. On 14 May 2020, the European Commission launched legal actions against Luxembourg over

laws to prevent money laundering and tax avoidance. Along with more than half of the EU member

states, Luxembourg is being accused of not having adopted new EU rules which became operational

this year²³⁶. This increased scrutiny may result in reputational consequences for Luxembourg,

particularly given its financial stature.

It should also be noted, domestic tax evasion may represent an opportunity cost of lost tax revenues

to the state and the consequent impact of public services not financed.

Cybercrime

Cybercrime is considered a significant threat for Luxembourg. W hile the likelihood is low, given a

significant investment in cybersecurity, rendering the country 11^thin the world for cybersecurity²³⁷

,

potential data breaches can have major consequences on data protection, confidentiality and

availability, with important social and economic costs.

²²⁹Based on a total of ~€8.5 billion total direct tax collected, of which ~€5 billion on natural persons. All data points in data

pack provided by ACD on 04/07/2018.

²³⁰Institute for Economic Affairs, ꢅ h e Sh adow Economy , 2013 (link).

²³¹CESifo Group, Siz e and ꢄ ev elopment oꢃ ꢅ ax Ev asion in ꢎ 8 ꢆ EC ꢄ C ountries, 2012 (link).

²³²Parquet Gé né ral Statistical Service, data received in August/September 2020.

233

W hile aggravated tax evasion has been added as a new offense, tax fraud was already criminalised prior to 2017. W ith

the Law of 23 December 2016 implementing the 2017 tax reform, the legislation has been strengthened and both offences

are now also a predicate offence to ML. See section on Prosecution for further details, including the laws criminalising tax

crimes.

²³⁴UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

²³⁵Parquet Gé né ral Statistical Service, data received in August 2020.

²³⁶Reuters, May 2020 (link).

²³⁷ITU 2019, Global Cybersecurity Index, based on legal, technical, organisation, capacity building and cooperation pillars.

67

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

Public and private actors have significantly invested in Luxembourg’ s cyber infrastructure and

connectivity, building an important information network that connects Luxembourg to the main

European hubs of the numerical economy. Alongside this investment, Luxembourg developed a rising

consciousness of associated risks. As such, a national cybersecurity strategy was developed in 2012,

updated in 2015 and again in 2018. Alongside the strategy, a Cybersecurity Board and Cybersecurity

Competence Centre was set up within the government. Furthermore, Luxembourg has made

cybersecurity-related research a national priority, with 250 researchers specialising in the field, at the

Interdisciplinary Centre for Security, Reliability and Trust at the University of Luxembourg.

Luxembourg’ s Service de Police ꢁ udiciaire has a separate cybercrime unit, specifically working on

cybercrime cases, in close collaboration with other units, including economic and financial crime, and

drug trafficking, given the close association of cybercrime to other types of crime. It should also be

noted the unit cooperates with EUROPOL.

In 2019, CRF reported 517 cybercrime STRs, and ordered freezing procedures in three cases for a total

amount of €65 607,61. The CRF transmitted seven files to prosecution authorities in 2019. In 2017-

2019 the prosecution authorities opened 703 new cases (of which 9 for potential ML) for investigation,

implicating 34 5 suspects (of which 16 for potential ML). In the same period, the prosecution

authorities decided to prosecute 16 cases (of which 4 for ML), implicating 20 persons (of which 4 for

ML). W hile the number of suspected activities is low versus other risks, potential data breaches have

major consequences on data protection, confidentiality and availability. The use of data illicitly

obtained (such as passwords) can cause significant human harm, including identity theft. Furthermore,

the use of ransomware can have significant impact on the economy, for example by resulting in

shutting down core systems of banks and hospitals.

Importantly, cybercrime and the risks associated with cybersecurity have increased since the outbreak

of the COVID-19 pandemic and the imposition of lockdown measures driving demand for

communication, information and supplies through online channels. Criminals use phishing and

ransomware campaigns (such as those included in the case studies below) to exploit the current crisis

and capitalize on the anxieties and fears of their victims²³⁸. CRF’ s COVID-19 typologies report highlights

that working from home creates new risks, as criminals can exploit security loopholes to gain

confidential documents, which are then used in sophisticated frauds²³⁹. Further detail is provided in

section 4 of the NRA on the impacts of COVID-19.

Corruption and bribery

The level of domestic criminality is deemed to be relatively low in Luxembourg. Transparency

International ranks the country ninth out of 180 in its Corruption Perception Index^{24 0}(alongside

Germany), and the W orld Bank ranks Luxembourg in the top 3% worldwide in its Controls of

Corruption Index^{24 1}. Moreover, the 1997 OECD Anti-Bribery Convention, the 1999 Council of Europe

Criminal law convention on corruption (STE no. 173), the 2000 UN Convention on transnational

organised crime and the 2003 UN Convention against corruption have all been implemented into

national law between 2001 and 2007.

The proceeds of corruption and bribery generated in Luxembourg are also deemed low. In fact, the

prosecution authorities recorded just three seizures of a domestic corruption case in 2017–19. The

CRF transmitted three files to the prosecution authorities in 2019. The Grand-Duchy has an overall

small sized economy, making corruption in public procurement contracts possibly less attractive (e.g.

²³⁸EUROPOL, C atch inꢀ th e v irus: cy bercrime, disinꢃ ormation and th e C ꢆ V ꢁ ꢄ -19 pandemic, 2020 (link).

²³⁹CRF, ꢅ y poloꢀ ies C ꢆ V ꢁ ꢄ -19, 2020 (link).

^{24 0}Transparency International, C orruption P erception ꢁ ndex , 2019 (link).

^{24 1}W orld Bank, ꢄ ata ꢋ ank : ꢊ orldw ide G ov ernance ꢁ ndicators, C ontrol oꢃ C orruption, 2018 (link).

68

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

public spending of 4 2% of GDP in 2017^{24 2}). Luxembourg is also not a large receiver of EU funds: in

2018, it was the 18^thlargest receiver out of EU28 with €2 billion^{24 3}. Together with observed high

transparency, this supports why only 16 offences and attempts of misuse of (public) funds were

reported by the general population to the Grand-Ducal Police in 2016–17^{24 4}. Perpetrators are also

more likely to be individuals rather than organized crime groups. In the 2017-2019 period, 59

corruption and bribery cases have been opened, of which 3 potential ML cases identified for

investigation. These cases concern 88 suspects of which 13 related to potential ML. During the same

period, prosecution authorities decided to prosecute 29 cases (including 4 for ML) related to 36

persons (including 7 for ML).

ꢄ owever, the significant presence of international organisations in Luxembourg^{24 5}and its role in the

domestic economy increases the exposure to this type of crime, with significant social and

reputational costs. Corruption shown in public indices and in prosecution authorities/CRF figures as

described above mostly captures traditional low-level corruption. The high number of PEPs residing

or working in Luxembourg (e.g. those working in European institutions or other multilateral

organizations based in the country) could be abused or misused for ML and increase the threat level.

Such events would reduce confidence in EU institutions and would also have major reputational

impacts for the country. Corruption could lead to erosion of trust in economic and political institutions

and would increase the cost of doing business^{24 6}. Moreover, multilateral and other international

organizations based in Luxembourg (which drive the number of PEPs residing or working locally) could

spread this impact significantly beyond Luxembourg.

As noted in the external exposure section, corruption and bribery have been noted as growing threats

in the context of the COVID-19 pandemic, particularly in relation to government support schemes.

Further detail is provided in section 4 of the NRA on the impacts of COVID-19.

Participation in organised criminal group and racketeering

The domestic level of organised crime is deemed to be relatively low in Luxembourg. None of the main

criminal groups in Europe have been estimated to operate in Luxembourg^{24 7}. Nonetheless, judiciary

authorities report that organised crime groups sometimes target the Grand-Duchy, especially for

robberies, thefts and burglaries. Considering that the Luxembourg market is relatively small however,

the likelihood of crime can be assessed to be relatively low. This is in line with numbers from the

prosecution authorities. In 2017-2019, 139 cases have been opened, of which 33 potential ML cases

identified for investigation These concern 4 53 suspects, of which 160 for potential ML. In the same

period, the prosecution authorities decided to prosecute 55 cases (of which 21 related to potential

ML), implicating 153 suspects, (of which 55 related to potential ML). W hile organised crime only has

a limited presence in Luxembourg, it may promote violence, social disruption and increased cost of

living.

Proceeds of organised crime in Luxembourg are difficult to estimate but could be relatively more

significant. UNODC estimates organised crime to generate 9% of world crime proceeds^{24 8}– in

Luxembourg this figure is likely to be much lower. In 2017-2019, the prosecution authorities recorded

^{24 2}OECD, G eneral ꢀ ov ernment spendinꢀ , ꢅ otal, ꢕ oꢃ G ꢄ P , 2017 (link).

^{24 3}European Commission, EU ex penditure and rev enue ꢌ 014 -ꢌ0ꢌ0 (2016 total expenditure) (link).

^{24 4}Grand Ducal Police Annual Report 2017 (link); ꢅ détournements” .

^{24 5}See for example: The official portal of the Grand-Duchy of Luxembourg, ꢉ ux embourꢀ , seat oꢃ European institutions (link).

^{24 6}W orld Economic Forum, G lobal Aꢀ enda-C ouncil on Anti-C orruption, 2012.

24 7

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

^{24 8}UNODC, Report Estimatinꢀ ꢁ llicit ꢂ low s Resultinꢀ ꢃ rom ꢄ ruꢀ ꢅ raꢃ ꢃ ick inꢀ and ꢆ th er ꢅ ransnational ꢆ rꢀ aniz ed C rimes, 2011

(link).

69

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

~€1.1 million seizures for domestic cases. The CRF has only transmitted two files to the prosecution

authorities in 2019.

Counterfeiting and piracy of products

Luxembourg’ s role as an important logistics hub in the EU exposes^{24 9}it to counterfeited products

passing through. The country has the sixth largest airfreight platform in Europe, a freeport, significant

rail freight, a multimodal terminal in Bettembourg/Dudelange, a logistics park and a high number of

lorry drivers passing through the country each day. ꢁ udiciary authorities report that some

counterfeited goods in transit have been seized (e.g. counterfeited cigarettes from Eastern Europe

and counterfeited clothes from South East Asia. The prosecution authorities state that it is often

difficult to identify individuals behind those crimes. This is reflected in the low numbers reported by

prosecution authorities (i.e. 24 new cases for investigation in 2017–2019, of which 2 of potential ML,

implicating 4 4 people, of which 4 suspects of potential ML, and 11 people prosecuted, of which two

for ML over the same time).

The proceeds of counterfeiting and piracy of products are important based on available data: For

instance, one study estimates the crime to generate about €4 2 billion in the EU annually²⁵⁰; another

attributes ~ꢂ 10 billion to the commercial value of unlicensed software in the EU²⁵¹, which is one type

of product counterfeiting/piracy. In Luxembourg, counterfeiting revenues are also important (€63

million annually, ~0.1% of GDP) but below the world average (0.3%)²⁵². Software piracy in Luxembourg

is also less prevalent than in other countries: The commercial value of unlicensed software in use is

estimated to be ꢂ 20 million in 2017, which represents a share of unlicensed software over total

software used at 17% compared to 37% global average²⁵³. Flows of proceeds are a mix of cash, physical

and financial flows. Although the number of STR (two) and SAR (seven) reported by the CRF in 2019 is

low, there were many electronic STR (6 336) and electronic SAR (377) filed by reporting entities active

in an online environment. Prosecution authorities reported one seizure in 2017–2019 for domestic

crimes of counterfeiting.

The economic and social consequences are important. Counterfeiting and piracy of products has an

indirect impact on intellectual property rights, which are of fundamental importance for an advanced

and innovative economy. Moreover, local merchants (e.g. clothes retailers) might suffer from lost

revenues and the government loses on tax revenues as a result. Globally, counterfeit goods may also

be linked to (child) labour exploitation. Some counterfeit products (in particular counterfeit medicine)

entail health and safety risks for consumers, due to the often times inferior quality.

Counterfeiting and piracy have been noted as growing threats in the context of the COVID-19

pandemic, particularly in relation to medicines and other goods. Further detail is provided in section

4 of the NRA on the impacts of COVID-19.

Sexual exploitation, including sexual exploitation of

children

The prevalence of prostitution and the relatively high number of reported domestic offences indicate

that the probability of this crime is not negligible. Prostitution in the Grand-Duchy is not illegal, but

^{24 9}Luxembourg Trade & Invest, ꢉ oꢀ istics H ub ꢉ ux embourꢀ , 2017 (link).

250

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

²⁵¹BSA The Software Alliance, ꢋ SA G lobal Soꢃ tw are Surv ey , 2018 (link).

252

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

²⁵³BSA The Software Alliance, ꢋ SA G lobal Soꢃ tw are Surv ey , 2018 (link).

70

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

procuring is, as are those activities associated with organised prostitution, such as profiting from

(operating brothels and prostitution rings) or aiding prostitution. Furthermore, exploiting people in

distress by paying them for sex is illegal. One study provides estimates of 300 to 5000 prostitutes in

Luxembourg²⁵⁴. Another report, by the Ministry of Equal Opportunities estimates that there are ~50

active prostitutes per day in Luxembourg²⁵⁵. In 2017-2019, the prosecution authorities opened 371

new cases, of which 5 potential ML identified for investigation. These cases concerned 4 56 suspects,

of which 6 related to potential ML. The prosecution authorities decided to prosecute 103 cases, of

which 5 related to ML, implicating 122 suspects, of which 10 of ML. Over the same time, 11 prison

sentences related to this predicate offence were pronounced, of which 2 related to ML²⁵⁶

.

ꢄ owever, the proceeds generated by sexual exploitation domestically are low. STATEC estimates

prostitution to contribute to 0.21% of domestic production value in 2012, with annual proceeds of

~€80 million²⁵⁷. W hile this is significantly higher than for example drug trafficking (0.02%), not all

elements associated with prostitution are illegal (see above). The prosecution authorities recorded no

seizures for domestic cases in 2017-2019. Nonetheless, the Organized Crime Portfolio²⁵⁸estimates

that human trafficking (including sexual exploitation but also removal of organs, forced labour and

slavery) generates €36 billion in Europe annually, with France and Italy being the largest markets.

Proceeds from activities associated with organised prostitution are likely to be laundered both

domestically and abroad.

Still, sexual exploitation has a high economic and social cost, with victims subjected to long-lasting

physical and emotional impact. It can also have some impact on the attractiveness for business due to

the nature of the crime and broader concerns around labour exploitation and modern slavery

associated with this offence. This topic is also a focus of cooperation with foreign counterparts from

the Luxembourg’ s FIU, the CRF.

Trafficking in human beings and migrant smuggling

Luxembourg is in the centre of the EU common market, with its free movement of people, and has

welcomed a high number of migrants, refugees and asylum seekers relative to its size. In fact, 4 8% of

the local population are foreigners and 7% come from outside the EU²⁵⁹. Luxembourg has the fourth

highest number of first-time asylum applicants per million habitants in the EU (915 vs. 2 725 in Malta

and 383 EU average²⁶⁰). In the fourth quarter of 2019, 560 migrants in absolute terms have requested

asylum status in Luxembourg, with most asylum seekers being from Syria (110), Eritrea (110) and

Afghanistan (110). Local authorities have taken 2 154 decisions that year and given asylum status to

653 people (vs. 994 in 2018 and 1 176 in 2017)²⁶¹. ꢄ owever, while Luxembourg is a very open

economy, it is not a primary destination for human and migrant trafficking, considering its small size

(e.g. only 0.3% of the 171 325 asylum applicants in the EU in the fourth quarter 2019 have applied in

Luxembourg²⁶²); and Luxembourg is one of the countries with the lowest estimated prevalence of

modern slavery by the proportion of their population (0.02% alongside Ireland, Norway and

Switzerland²⁶³). This is in line with the low number of new cases in the 2017-2019 period: 201 cases

²⁵⁴P. Adair, O. Nezhyvenko, Sex w ork v s. sex ual ex ploitation: assessinꢀ ꢀ uesstimates ꢃ or prostitution in th e European U nion,

2016 (link).

²⁵⁵Ministere de l’ Egalite des chances, Rapport Platforme ” Prostitution” , 2014 (link).

²⁵⁶Data received from Parquet Gé né ral Statistical Service in August/September 2020.

²⁵⁷STATEC, Reꢀ ards sur lꢒ impact de lꢒ économie illéꢀ ale sur lꢒ économie lux embourꢀ eoise, 2014.

258

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

²⁵⁹STATEC, ꢉ e ꢉ ux embourꢀ en ch iꢃ ꢃ res, 2019.

²⁶⁰Eurostat Asylum Q uarterly Report, Q 4 2019.

²⁶¹MAEE, ꢋ ilan de lꢒ année ꢌ 019 en matiè re dꢒ asile et dꢒ immiꢀ ration (link).

²⁶²Eurostat Asylum Q uarterly Report, Q 4 2019.

²⁶³W alk Free Foundation, G lobal Slav ery ꢁ ndex , 2016 (link)

71

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

opened for investigation, of which 14 for potential ML, implicating 4 28 persons, of which 62 for

potential ML. Over the same period, the prosecution authorities decided to initiate eight prosecutions,

of which one for ML, implicating 15 persons, of which three for ML. Two prison sentences were

pronounced, of which one related to ML.

Nonetheless, human trafficking in Europe generates significant proceeds (€36 billion in Europe each

year as referred above – with Italy and France being the largest markets²⁶⁴), but available data suggests

that Luxembourg is impacted to a lesser degree. The prosecution authorities recorded one seizure for

domestic cases in 2019, of €24 0. Similarly, the CRF transmitted no files to the prosecution authorities

in 2019, and reported nine STR in 2019. Given that human trafficking is mostly carried out by organised

crime groups (which have limited presence in Luxembourg and where found, are foreign organised

groups), proceeds are likely to be laundered abroad.

Finally, trafficking in human beings and migrant smuggling generates significant social and human

harm, with particularly acute consequences for women and children. Moreover, there is a public

expectation that financial institutions and governments have a role in preventing this crime and

helping vulnerable persons where possible.

Extortion

Extortion is believed to be mostly effective when carried out by well-rooted organised crime groups²⁶⁵

,

but no transnational racketeering groups have been identified in Luxembourg²⁶⁶. Overall, few cases

have been reported in Luxembourg and since 2016, and the number of reported criminal offences and

convictions has remained relatively stable. ꢄ owever, the human and social impact of such cases are

significant, and notwithstanding the low number of cases, a few significant cases of online extortion

in recent years have driven the overall threat level in Luxembourg up.

According to the Computer Incident Response Centre Luxembourg (CIRCL), a government-driven

initiative providing a systematic response facility to computer security threats and incidents, an

increasing number of attempted online scams since 2018²⁶⁷. In 2019, the CRF reported virtual assets

directly related to extortion cases amounting to ~4 0 BTC, equivalent to ~€260 000, with a further

~3 230 BTC indirectly (or potentially) related²⁶⁸, equivalent to ~€2 million²⁶⁹

.

The prosecution authorities have opened 4 57 new cases in 2017-2019 (of which 9 for potential ML),

involving 4 27 people (of which 22 for potential ML). In the same period, 61 cases have been

prosecuted (of which 4 for ML), involving 132 suspects (of which 11 for ML) and 15 prison sentences

were pronounced (of which 2 related to ML).

Insider trading and market manipulation

The level of threat from insider trading and market manipulation is assessed low due to the low

volume and low complexity of domestic trading, the type of financial instruments admitted to trading

(mostly debt instruments), the likely low proceeds and the enhanced transparency of the activity in

264

Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed C rime in Europe,

2015 (link).

265

See for instance, Organized Crime Portfolio, ꢂ rom ꢁ lleꢀ al ꢈ ark ets to ꢉ eꢀ itimate ꢋ usinesses: ꢅ h e P ortꢃ olio oꢃ ꢆ rꢀ aniz ed

C rime in Europe, 2015 (link).

²⁶⁶Transcrime, Study on Ex tortion Rack eteerinꢀ : ꢅ h e ꢇ eed ꢃ or an ꢁ nstrument to C ombat Activ ities oꢃ ꢆ rꢀ anised C rime, 2009

(link).

²⁶⁷Luxembourg Times, 2018 (link).

268

Regarding the potential amount involved, it is uncertain if the amount discovered during investigation stems from just

the extortion offence, other criminal or legal activities.

²⁶⁹CRF data; per the exchange rate on 30.12.2019.

72

Luxembourg National Risk Assessment

Money laundering Inherent risk – Threats

assessment

Luxembourg (members and participants of the Luxembourg Stock Exchange are exclusively regulated

firms).

The Luxembourg Stock Exchange is large in size in terms of the value of listings, with 3 000 listed issuers

coming from over 100 countries²⁷⁰. The total amount of debt issued via instruments admitted to

trading on the Luxembourg Stock Exchange in 2019 was €1 210 billion²⁷¹, representing 1 905% of the

GDP of 2019. The Luxembourg Stock Exchange is mainly a debt issuance market, which is reflected in

the type of trading conducted (mainly debt securities) and the low value of actual transactions

turnover contributes to low risk. The trading volume in 2019 on both trading venues operated by the

Luxembourg Stock Exchange was €96.8 million in 2019, representing 0.15% of GDP. The value of equity

trading was €4 5.7 million in 2019²⁷². Furthermore, the trading volume is relatively low compared to

major European centres such as London or Frankfurt, and the securities sector is small compared to

other activities in Luxembourg’ s financial sector itself.

There have been very few isolated cases of insider trading and market manipulation in Luxembourg in

the past three years. More precisely, from 2017 to 2019, the CSSF has conducted 13 investigations on

market abuse, and pronounced administrative sanctions in three cases. The most relevant case of

market abuse resulted in an administrative fine imposed by the CSSF in 2017 of €1 million; however,

this sanction is currently being appealed.

Furthermore, from 2017 to 2019, the CSSF has received and examined 114 suspicious orders and

transaction reports from Luxembourg credit institutions, investment firms and trading platforms (the

vast majority of which concerned financial instruments admitted to trading on foreign trading venues

and were transmitted to the relevant foreign competent authorities) and 76 such reports transmitted

to the CSSF from other European competent authorities.

Finally, it should be noted that from 2017 to 2019 the CSSF has assisted other competent authorities

in 109 requests for cooperation in potential market abuse cases. This illustrates that the majority of

the suspicious transactions on financial markets take place on the more liquid trading platforms

operated outside of Luxembourg.

In 2017-2019, the prosecution authorities opened 5 new cases for investigation, implicating 11

persons (none of the cases were related to potential ML) and no prosecution was initiated during the

period (with no asset seizures associated)²⁷³. Moreover, the CRF only reported 12 STR in 2019. The

CRF transmitted no files on insider trading and market manipulation to the prosecution authorities in

2019.

Importantly, insider trading and market manipulation (both as a result of the high volatility of financial

markets increasing the risk of persons trying to take advantage of inside information, as well as

persons in possession of inside information using insecure communication channels due to remote

working arrangements) have been highlighted as increasing threats in the context of COVID-19.

Further detail is provided in section 4 of the NRA on the impact of the COVID-19 pandemic.

Other crimes

The remaining predicate offences have been assessed to represent a lower threat for ML of proceeds

of domestic crimes in Luxembourg:

•

Smuggling: There is limited smuggling of goods into Luxembourg due to low domestic prices (for

instance on cigarettes, fuel and alcohol). Taking legally purchased goods out of the country is not

²⁷⁰PW C, The ꢉ ux embourꢀ Stock Ex ch anꢀ e, A P rime ꢉ ocation ꢃ or listinꢀ , 2014 (link).

²⁷¹FESE data.

²⁷²FESE data.

²⁷³Parquet Gé né ral Statistical Service, data received in August/September 2020.

73

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

a predicate offence in Luxembourg. There have been a low²⁷⁴number of cases of undeclared cash

at borders.

•

I llicit trafficking in stolen and other goods: There are few reported cases in Luxembourg of

trafficking in stolen or other goods (e.g. precious metals, gems, cultural goods and radioactive

material). The freeport may increase the threat, but controls are in place. (Note: ꢅ common” goods

stolen are captured under ꢅ Robberies and theft” above).

E nvironmental crimes: Proceeds of crimes (e.g. related to waste management services, emission

schemes, environment standards or wildlife) are deemed low due to the small geographical size

and population. Nonetheless environmental/wildlife harm can have long-lasting effects.

•

I llicit arms trafficking: There are few reported cases in Luxembourg, even though the logistics

infrastructure may increase the threat (i.e. storage and transportation).

Counterfeiting currency: There are no recorded incidents of individuals/organized crime in

Luxembourg counterfeiting currency on a large scale. Recorded cases by the police concern

confiscation and interception of counterfeited currency particularly at banks (upon closing

numbers of cash retrieved from circulation), as well as some individuals printing counterfeited

currency (typically in low quality and low amounts). In 2017, 63 cases were reported by the police.

•

Murder, grievous bodily inj ury: Luxembourg has a very low murder rate and within those, the

vast majority of cases are opportunistic rather than by hired assassins or organized crime (ꢅ passion

crimes” ). ꢄ ence there are very little proceeds possible to be laundered.

K idnapping illegal restraint, and hostage taking: There are very few reported cases, and crimes

are carried out by individuals rather than by organized crime. ꢄ ence, there are very little proceeds

possible to be laundered.

Piracy: W hile there were legal cases opened for piracy (mostly due to merchant vessels flying the

Luxembourg flag) the Grand-Duchy has no open sea access and no known river piracy making this

predicate offence very unlikely for ML.

5.3. Terrorism and terrorist financing

Terrorism is a global threat with high social and economic costs. In 2018, 71 countries had at least one

fatality from terrorism, and 103 countries had at least one terrorism incident. Its estimated global

costs were ꢂ 33 billion, without accounting for indirect impacts on investment, business activity and

costs associated with measures countering the financing of terrorism (CFT). Terrorist activity continues

to dynamically adapt to changing environments. For example, the activity of jihadist networks in the

EU Member States has shifted from recruiting foreign terrorist fighters into the Middle East to

conducting their operations in the EU. Terrorist groups increasingly use the internet to promote goals,

but also for operational activities, such as recruiting, fundraising, or collecting bomb-making

knowledge from online sources.

Together with the terrorism threat, the means used for terrorist financing (TF) continue to evolve.

W hile terrorist financiers continue to use cash, gold and bank wire transfers to raise or move funds,

they also increasingly use new and alternative methods. Terrorists have been observed to use virtual

assets, prepaid cards and online crowdfunding websites, which now represent an emerging

vulnerability. The combination of the usage of both traditional and financial methods increase the

²⁷⁴Note there is only an obligation to declare cash at borders for non-EU cross-border cash movements, but not within EU.

W ithin EU, the obligation is only to disclose upon request. Penal reports are filed by the Customs Authority upon carrying

out controls and if an offence is discovered, such as finding undeclared cash where declaration is mandatory, false

declarations, and/or refusals to declare upon request by the Authority. See section on Administration des Douanes et des

Accises (ADA) and CRF for details.

74

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

challenges for public authorities and private entities in conducting CFT controls, especially for major

international financial centres.

Even though Luxembourg has no detected terrorist activity and had no terrorist attacks in the recent

past as of August 2020, the TF risk is significant. In all three countries that Luxembourg borders

(Germany, France, Belgium), there have been terrorist attacks with civilian victims in the past five

years. Furthermore, Luxembourg is a major financial centre, with a significant presence of traditional

financial institutions, such as banks or investment funds, and technologies companies that offer new

and alternative payment methods. Those factors make Luxembourgish entities vulnerable to TF

misuse and abuse to finance terrorist activity in other countries.

The risks related to terrorist financing will be further analysed in a specific vertical risk assessment to

be delivered by the end of the year.

5 .3 .1 . Terrorism threats

Despite no terrorism events in the past and no known terrorist groups in Luxembourg, terrorism is

currently a real threat across Europe, and countries near or neighbouring Luxembourg have been

affected significantly in recent years. For example, the November 2015 Paris attacks killed 138 people,

the Nice truck attacks in 2016 killed 87 people, the 2016 Brussels bombings killed 35 people, and the

February 2020 ꢄ anau in Germany shootings killed 11 people.

The total number of terrorist attacks in the EU (failed, foiled or completed) has been larger than this,

with 129 in 2018, 205 in 2017 and 14 2 in 2016²⁷⁵(as shown in Figure 12 below). The total number of

arrests in the EU for terrorism-related offences has been relatively stable in the past years, totalling

about 1 056 in 2018²⁷⁶. Similarly, none of the 653 convictions in the EU in 2018 for terrorism-related

offences were made in Luxembourg. Overall, attacks carried out by ethno-nationalist or separatist

groups accounted for the largest proportion of attacks. Nearly all reported casualties and fatalities in

2018 were the result of jihadist terrorist attacks²⁷⁷. In 2018, terrorist attacks caused 13 fatalities in the

EU, a large decrease compared to 62 fatalities in 2017. In the past years, terrorist attacks primarily

targeted civilians and private enterprises, followed by public institutions and representatives of law

enforcement (police and military forces).

²⁷⁵EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2018 and 2019.

²⁷⁶EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2019.

²⁷⁷EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2019.

75

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

Figure 1 2 : N umber of terrorist attacks and terrorism-related arrests in the E U , 2 0 1 4 -2 0 1 8 ²⁷⁸

A relatively large proportion of terrorism-related offences and arrests in the EU in 2018 have been

made in Luxembourg’ s neighbouring countries (in particular France with 30 attacks and 310 arrests in

2018), as shown in Figure 13 below. In 2018, most arrests were performed in suspicion of participating

in activities of a terrorist group; planning; and preparing attacks. Most arrests in 2018 were related to

jihadist terrorism (511 out of 1 056). The number of arrests related to left-wing and right-wing

terrorism remained comparatively low, with 4 4 and 34 arrests respectively in 2018²⁷⁹

.

²⁷⁸EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2018 and 2019.

²⁷⁹EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2019.

76

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

Figure 1 3 : Terrorist attacks and arrests by E U Member State in 2 0 1 8 ²⁸⁰

Following the Paris attacks in 2015, Luxembourg has increased its terrorist threat level to 2 (on a scale

of 4 ), which it has maintained through 2019. This defines a real yet abstract threat; it consists of

ꢅ increasing vigilance against an imprecise threat and to implement measures of vigilance, prevention

and protection of variable and temporary intensity” . The government plan ꢅ VIGILNAT” defines

Luxembourg’ s national framework for the vigilance, prevention and protection with respect to

potential or committed terrorist attacks on national territory as well as governmental actions to be

taken²⁸¹.

ꢄ owever, several factors increase the overall threat level:

•

Luxembourg’ s geographical proximity to countries having experienced terrorist events and with

known presence of terrorist cells (e.g. France and Belgium as referred to above) may contribute

to the terrorism threat. This proximity, coupled with open borders within the EU common market

and Luxembourg’ s central geographical position in Europe may give potential terrorists the illusion

of escape by car of public transport.

•

ꢁ ihadist terrorist attacks in Europe have, amongst others, targeted symbols of authority (Paris:

February, ꢁ une and August 2017) and symbols of W estern lifestyle (Manchester: May 2017)²⁸². As

²⁸⁰EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2019.

²⁸¹Grand-Duchy of Luxembourg website, ꢁ nꢃ oC rise: V ꢁ G ꢁ ꢉ ꢇ Aꢅ , P lan G ouv ernemental (link).

²⁸²EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2018.

77

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

such, the high number of international or multilateral institutions in the Grand-Duchy, or high-

profile public events (e.g. music concerts) could expose Luxembourg to terrorist attacks if

perceived as attractive targets.

•

ꢁ ihadist attacks are committed primarily by home-grown terrorists, radicalised in their country of

residence without having travelled to join a terrorist group abroad. This group of home grown

actors is highly diverse, consisting of individuals who have been born in the EU or have lived in the

EU for most of their lives, may have been known to the police but not for terrorist activities and

often do not have direct links to the Islamic State or any other jihadist organisation²⁸³

.

Terrorism remains a threat to EU countries and Luxembourg. Each year, there are more than 100

foiled, failed or completed terrorist attacks in the EU, and more than 1 000 suspects are arrested for

terrorism-related offences. There have been terrorist attacks with killed victims in all three countries

that Luxembourg borders in the last five years. W hile there are no known terrorist groups operating

in Luxembourg as of August 2020, multiple factors increase the terrorism threat to Luxembourg,

including the presence of international institutions and a significant migrant community. Overall, the

terrorist threat in Luxembourg is assessed as real, but abstract.

5 .3 .2 . Terrorist financing threats

In general, there are three stages to terrorist financing: the raising of funds, through either illicit or

licit activities; the moving of funds; and the using of funds. Terrorist financing not only involves the

direct financing of acts of terrorism, but also the financing of propaganda, recruitment, training, travel,

daily living expenses and other operational needs of an individual terrorist or terrorist group.

Foreign terrorist fighters (FTFs)

Globally, the two most common methods for FTFs to raise funds are self-funding and funding by

recruitment and facilitation networks²⁸⁴. For self-funding, the most common funding sources include

salaries, social benefits, non-paid-off consumer loans, overdraft from bank accounts and donations

from family and friends. Recruitment and facilitation networks will typically have specific recruiters

that support FTFs financially and materially, including arranging transportation and purchasing

supplies²⁸⁵.

Luxembourg is one of the countries in the EU least affected by FTFs travelling to conflict zones (mostly

Syria and Iraq)²⁸⁶. ꢄ owever, there are a few known cases of Luxembourg nationals having joined the

Islamic State.

It is important to note that the funding needs of FTFs are typically very low and pose significant

detection challenges, globally and for Luxembourg. For example, the level of funding of an FTF usually

falls below €10 000²⁸⁷, which is below the minimum amount of 2010 Cash Control Law. Similarly,

transactions made by FTFs using banks or MVTS providers would not always trigger additional checks

due to low amounts involved.

Lone actors and small terrorist cells

Similar to FTFs, lone actors and small terrorist cells recently been mostly funded through small

amounts and involved funds usually sourced from legitimate activities such as retail businesses,

amongst others. In addition to licit employment incomes, state subsidies and social benefits, funds

²⁸³EUROPOL, European U nion ꢅ errorism Situation and ꢅ rend Report, 2018.

²⁸⁴FATF, Emerꢀ inꢀ terrorist ꢃ inancinꢀ risk s, 2015.

²⁸⁵FATF, ꢂ inancinꢀ oꢃ th e terrorist orꢀ anisation ꢁ slamic State in ꢁ raq and th e ꢉ ev ant ꢐ ꢁ Sꢁ ꢉ ) , 2015.

²⁸⁶European Parliament press briefing: Combating terrorism, September 2017 (link).

²⁸⁷Oftedal for the Norwegian Deference Research Establishment, ꢅ h e ꢃ inancinꢀ oꢃ ꢑ ih adi terrorist cells in Europe, 2015.

78

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

provided from like-minded individuals within the community can also be sources of income for lone

actors.

Luxembourg shares the factors that drive the TF threat of lone actors and small terrorist cells globally.

The channels used to move raised funds could be legitimate, regulated channels (e.g. bank wire

transfers) but also illegal, difficult to detect channels such as hawala. Additionally, identifying financial

transactions used for terrorist financing is extremely difficult as these could very easily be confused

with legitimate activities (e.g. withdrawal from current accounts). Similar to FTFs, lone actors and small

terrorist cells can receive funding or recruit from radicalised youth.

I nternational terrorist organisations

Globally, international terrorist organisations may use a variety of methods to raise funds. They may

raise funds through private donations, and wealthy private donors may in particular form an important

source of their income²⁸⁸. They may also use proceeds of criminal activity, such as drug trafficking,

fraud and smuggling of goods. As many international terrorist organisations occupy vast territories,

they may raise funds through imposing taxes and fees on local businesses, exploiting natural resources

and other criminal activities. A growing source of income for terrorist organisations is kidnapping for

ransom: between 2008 and 2014 , terrorist organisations, including al-Q aida and ISIL, reportedly

generated at least ꢂ 222 million in ransom payments²⁸⁹.

In Luxembourg, there are no known international terrorist organisations present as of August 2020.

ꢄ owever, there is still a threat of terrorist financing. The Luxembourg finance industry may be misused

to send funds to international terrorist organisations in other countries. NPOs based in Luxembourg

may also execute projects in territories, which are in close proximity to terrorist organisations. The

materials and funds of those projects may be misused for terrorist financing.

Other terrorist actors

State sponsors of terrorism and terrorist safe havens can enable terrorists to raise or move funds. For

example, Iran’ s support to ꢄ ezbollah has been estimated to reach up to ꢂ 700 million per year,

accounting for the majority of ꢄ ezbollah’ s annual budget²⁹⁰. State sponsors of terrorism and terrorist

safe havens can also promote illicit activities that generate funds for terrorists or allow their financial

systems to be misused for funds movement. For example, the Assad regime in Syria allowed banks in

territories controlled by ISIL to continue operating²⁹¹.

Luxembourg faces the threat that entities operating from it may be misused for sending funds or other

forms of support (e.g. philanthropy) to state sponsors of terrorism, which may be then used to finance

terrorism. Furthermore, support sent by Luxembourg NPOs may be abused by terrorist organisations

operating in safe havens, particularly when local governments in safe havens have poor governance

controls.

‘ Corporate’ terrorist groups by definition have advanced and significant financing capabilities. For

example, FARC had an annual income from illegal drug production estimated to be between ꢂ 0.2 to

ꢂ 3.5 billion, according to various reports^292,293. Other methods that ‘ corporate’ terrorist groups could

use for financing include fraud, kidnapping for ransom (e.g. pirates cooperating with jihadist groups),

robbery and theft.

²⁸⁸FATF, ꢂ inancinꢀ oꢃ th e terrorist orꢀ anisation ꢁ slamic State in ꢁ raq and th e ꢉ ev ant ꢐ ꢁ Sꢁ ꢉ ) , 2015.

²⁸⁹FATF, Emerꢀ inꢀ terrorist ꢃ inancinꢀ risk s, 2015.

²⁹⁰US State Department, C ountry Reports on ꢅ errorism, 2019.

²⁹¹Committee on Political Affairs and Democracy, ꢂ undinꢀ oꢃ th e terrorist ꢀ roup ꢄ aesh : lessons learned, 2018.

²⁹²Insight Crime, ꢅ h e ꢂ ARC , th e peace process and th e potential criminaliz ation oꢃ th e ꢀ uerillas, 2013.

²⁹³ꢁ ohn Otis - W ilson Center Latin American Program, ꢅ h e ꢂ ARC and C olombiaꢖ s ꢁ lleꢀ al ꢄ ruꢀ ꢅ rade, 2014.

79

Luxembourg National Risk Assessment

Terrorism and terrorist financing Inherent

risk – Threats assessment

In Luxembourg, there are no known ‘ corporate’ terrorist groups operating. ꢄ owever, similar to the

state sponsors of terrorism and terrorist safe havens, Luxembourgish entities could be misused or

abused for financing terrorism activities by those terrorist groups.

80

Luxembourg National Risk Assessment

Summary of findings

Inherent risk –

Vulnerabilities

6.

INHERENT RISK – VULNERAꢀILITIES

This section presents findings of the inherent vulnerabilities (sectors) assessment performed as

described in the methodology section.

Vulnerabilities are ꢅ those things that can be exploited by the threat or that may support or facilitate

its activities” ²⁹⁴. In the context of this NRA, vulnerabilities in Luxembourg arise from sectors, which are

particularly exposed to misuse or abuse for laundering and terrorist financing purposes.

Note that inherent vulnerability is defined as the vulnerability of a sector to be abused or misused for

ML/TF beꢃ ore mitigating actions are considered. As described in the methodology section, the National

Risk Assessment focuses on the macro- and meso-level analyses. Results of this National Risk

assessment and of meso- and micro-level assessment done by agencies were aligned were relevant

and any differences in results were reviewed and discussed to understand the reasons for the

discrepancy.

6.1. Summary of findings

Luxembourg’ s inherent vulnerabilities are high across most sectors, but lower in market operators,

support PFSs and other specialised PFSs, insurance, gambling and dealers in high-value objects. Table

13 (below) provides an overview of the inherent vulnerabilities at a sector level.

Table 1 3 : I nherent vulnerabilities - by sector^{2 9 5}

Sector

I nherent risk

ꢄ igh

1

Banks

2

Investment sector

MVTS

ꢄ igh

3

ꢄ igh

4

Specialised PFSs providing corporate services

Market operators

ꢄ igh

5

Low

6

Support PFSs & other specialised PFSs

Insurance

Very low

Medium

ꢄ igh

7

8

Professional service providers

Gambling

9

Low

10

11

12

13

Real estate

ꢄ igh

Dealers in goods

Medium

ꢄ igh

Freeport operators

Legal entities and arrangements

ꢄ igh

Table 14 (below) shows the assessment of the level of vulnerability of the financial and non-financial

sectors at a more granular level (such as the sub-sector level).

²⁹⁴FATF, G uidance on ꢇ ational ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Risk Assessment, February 2013.

²⁹⁵At the time of writing the NRA (ꢁ uly 2020), the Ministry of ꢁ ustice is in the process of conducting a vertical risk assessment

on VASPs. These entities became obliged entities only in 2020, with CSSF designated as competent authority for their

AML/CFT supervision, and therefore they are not included in the table.

81

Luxembourg National Risk Assessment

Summary of findings

Inherent risk –

Vulnerabilities

Table 1 4 : I nherent vulnerabilities - by sub-sector^{2 9 6}

I nherent risk (sub-

sector)

Sector

I nherent risk Sub-sectors

1

Banks

ꢄ igh

Retail & business banks

4 .0

3.9

4 .4

3.7

3.6

2.7

4 .1

2.9

2.0

3.6

3.0

W holesale, corporate & investment banks

Private banking

Custodians and sub-custodians (incl. CSDs)

W ealth and asset managers

Brokers and broker-dealers (non-banks)

Traders / market-makers

2

Investment sector ꢄ igh

Collective investments

Regulated securitisation vehicles

CSSF-supervised pension funds

Payment institutions

3

4

MVTS

ꢄ igh

E-money institutions

Agents and e-money distributors acting on

behalf of PI/EMIs established in other

European Member States

Specialised PFSs

Specialised PFSs providing corporate services 3.9

Professional depositaries

Market operators

2.8

2.3

ꢇ ꢍ A

5

6

Market operators Low

Support PFSs &

other specialised

PFSs²⁹⁷

Very low

PFSs de support

Other specialised PFSs

7

8

Insurance

Medium

Life insurers

4 .1

2.6

3.4

1.9

1.8

3.9

3.7

2.8

Non-life insurers

Reinsurance

Intermediaries

Professionals of the insurance sector (PSA)

CAA-supervised pension funds

Lawyers

Professional

service providers

ꢄ igh

Notaries

Bailiffs ꢐ “H uissiers de ꢑ ustice” )

(Approved) statutory auditors and (approved) 3.8

audit firms ꢐ “Rév iseurs dꢒ entreprises ꢐ aꢀ réés) ”

and “cabinets de rev ision ꢐ aꢀ réés) )

Chartered professional accountants ꢐ “Ex perts- 4 .0

comptables” )

²⁹⁶At the time of writing the NRA, the Ministry of ꢁ ustice is in the process of conducting a vertical risk assessment on VASPs.

These entities became obliged entities only in 2020, with CSSF designated as competent authority for their AML/CFT

supervision, and therefore they are not included in the table.

²⁹⁷Analysis covered in NRA vulnerability section; Support PFSs & other specialised PFSs assessed on aggregate due to very

low risk.

82

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

I nherent risk (sub-

sector)

Sector

I nherent risk Sub-sectors

Accountants and tax advisors

4 .1

TCSPs – Administrateurs / directors²⁹⁸

TCSPs – Business offices²⁹⁹

Casino

4 .1

2.8

ꢇ ꢍ A

2.0

1.9

ꢇ ꢍ A

4 .1

9

Gambling

Low

Sports betting³⁰⁰

Ad hoc lotteries

National lottery

Online gambling³⁰¹

10 Real estate

activities

ꢄ igh

Real estate agents ꢐ “aꢀ ents immobiliers” )

Real estate developers ꢐ“promoteurs

immobiliers” )

11 Dealers in goods

Medium

Precious metals/jewellers/clocks

Car dealers

3.0

3.9

2.7

3.1

3.7

Art/Antiques

Luxury goods ꢐ e.ꢀ . “maroquinerie”)

Freeport operators

12 Freeport

operators

ꢄ igh

Sociétés commerciales

Domestic ꢅ fiducies”

Foreign trusts

13 Legal entities and ꢄ igh

arrangements

4 .4

4.8

Associations sans but lucratiꢃ ꢐASꢋ ꢉ ) and ꢃ ondations 3.6

with Non-governmental organisations (NGO) status

Sociétés civ iles

3.2

2.2

1.8

2.0

Other associations sans but lucratiꢃ ꢐ ASꢋ ꢉ )

Other ꢃ ondations

Other legal entities

6.2. Detailed assessment by sector

As explained in the methodology section, the sectors in-scope for this assessment were arrived upon

by how the supervision of these sectors is organised under the various public-sector supervisory

authorities. Therefore, this assessment involves sectors not mapped based on activity but based on

supervisory setup.

The inherent vulnerabilities rating does not take into account the vulnerability level once controls are

in place, which is covered under the residual risk sections.

²⁹⁸Analysis covered in NRA vulnerability section; TCSPs under AED supervision are assessed on aggregate.

²⁹⁹Analysis covered in NRA vulnerability section; TCSPs under AED supervision are assessed on aggregate.

³⁰⁰Analysis covered in NRA text version. No separate scorecard in appendix as activity not present in Luxembourg.

³⁰¹Analysis covered in NRA text version. No separate scorecard in appendix as activity not present in Luxembourg.

83

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

6 .2 .1 . CSSF supervised sectors

6.2.1.1. Banks

The banking sector is naturally vulnerable to ML/TF risks due to a variety of drivers such as the large

customer base, high transaction speed and the large volume of financial flows, which, pursuant to the

general understanding of ML practices worldwide, could potentially facilitate the concealment of

illegal transactions. Also, criminals laundering money or financing terrorism might attempt to conceal

the origin of their money and integrate it into the formal economy by using the financial system.

ꢄ istorically, this sector has offered strong professional secrecy, but this factor has been heavily limited

in impact through regulatory changes³⁰². Those include the introduction of the (worldwide) exchange

of information with all tax authorities adhering to the OECDꢃ s common reporting standard and the law

of 23 December 2016 subjecting aggravated and organised tax fraud to penal sanctions so that it

forthwith constitutes a primary offence of money laundering (hereafter the 2017 Tax Reform Law). In

addition, the transposition of the EU Directive 2011/16 on Administrative Cooperation in Direct

Taxation and its amendments and the Law of 13 ꢁ anuary 2019 introducing the beneficial owner

register further reduced the historical professional secrecy of the sector. More recently, the 2020

RBASD Law obliged Luxembourg (credit) institutions to set up systems containing information on

payment accounts and safe-deposit boxes holders that allow access to this data by the CSSF, the CRF

and other competent stakeholders.

This sector includes all the activities carried out by entities with a banking license (chapter 1 of 1993

LSF Law) and includes retail and business banking (including payment services), wholesale, corporate

and investment banks, private banking and custodians and sub-custodians (including CSDs).

The banking sector in Luxembourg is potentially exposed to ML/TF risks. Firstly, the size of the banking

sector is large when compared to the size of the overall economy in Luxembourg. The 128 banks from

27 different countries³⁰³represent ~20% of contribution to the GDP³⁰⁴, with €823 billion³⁰⁵in assets

representing ~12 times GDP as of the fourth quarter 2019, and more than 26 000 people employed³⁰⁶

The banking sector in Luxembourg overall had €26.6 billion revenues in 2018.

.

Secondly, banks in Luxembourg have considerable exposure to international business as only eight

banks are domestic, and the 120 other banks originate from foreign countries. For example, in private

banking, less than a quarter of private banking AuM comes from Luxembourg, while the rest of the

assets come from abroad³⁰⁷. The international client base is driven by Luxembourgꢃ s political and the

juridical stability, the high and non-discriminatory property protection rules, the stable and well-

regulated banking sector, its well-established reputation among professionals and investors, the

quality of its service providers and the broad range of financial services offered in Luxembourg, in

particular the investment sector and its products.

Thirdly, the large number of customers together with a proportion of high-risk customers may

increase ML/TF risks. In 2019, there are approximately 5 million accounts opened in Luxembourg

banks. In addition, two e-commerce institutions with a banking license operating e-payments have

³⁰²Further details can also be found in the Detection and Prosecution of the NRA, which highlight that there is no banking

secrecy with regards to the CRF (as per article 5(1) of the 2004 AML/CFT Law) and which highlight that professional secrecy

obligations do not apply to orders from magistrates.

303

Banque Centrale du Luxembourg, Statistiques : Etablissements de crédit ; „tableau 11.01“ and „tableau 11.05“ as of

February 2020 (link).

³⁰⁴STATEC.

³⁰⁵CSSF data, 2019.

³⁰⁶Banque Centrale du Luxembourg, Statistiques : Etablissements de crédit ; „tableau 11.0ꢌ “ as December 2019 (link).

³⁰⁷CSSF, ML/TF sub-sector risk assessment Private Banking, 2019.

84

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

approximately 95 million accounts. Of all accounts opened at institutions with a banking licenses,

~0.1% are classified as high-risk, and ~0.02% are linked to PEPs³⁰⁸

.

The banking sector is globally viewed as significantly vulnerable to ML/TF risks³⁰⁹. Similarly, it is

deemed as high risk in Luxembourg. The assessment is sub-divided into sub-sectors along with retail

and business banks, wholesale and investment banks, private banks and custodians, as summarised

in the table and sub-sections below.

As the contraction in Luxembourg’ s economic activity could place some entities in distress (e.g.

commercial borrowers such as corporates and SMEs), which in turn has the possibility to create

opportunities for them to be exploited by criminals seeking to launder illicit proceeds. Further detail

is provided in section 4 of the NRA on the impacts of COVID-19.

R etail and business banks

W orldwide, retail and business banks have been abused for ML/TF as they may offer services to cash-

intensive businesses, have a high volume of transactions and offer a diverse set of products.³¹⁰They

may be abused for laundering proceeds from a wide range of predicate offences, which increases the

difficulty for detection and prevention due to the high speed of transactions, the ability to withdraw

funds in cash or transfer funds to another country. For example, in France, it has been observed that

a person laundered money for a drug trafficking organisation by depositing cash into a bank account,

and then withdrawing the deposited money from an ATM in a different country in local currency³¹¹

.

Retail banking has also been abused for moving terrorist funds or raising funds for terrorist activities.

For example, in the UK , there have been cases of terrorists raising funds through credit fraud or loan

fraud, in which individuals falsely claimed to have been defrauded, expecting banks to refund them³¹²

.

Further, retail bank customers typically do not act via direct contact but through online banking, which

may increase customer anonymity features and thus increase ML/TF risks.

In Luxembourg, retail and business banks are vulnerable to ML/TF because of the nature of products

offered, the sector size in Luxembourg and their international clients and transaction flows. The

products offered are inherently vulnerable to ML/TF, as they could be misused by criminals to place

laundered money in the financial system and but more specifically to layer the funds in the

Luxembourg context.

ML/TF risks are driven by the sub-sector size of retail and business banking. There are 15 entities³¹³

with total assets of €167 billion³¹⁴in the sub-sector as of December 2019³¹⁵. They have a large stock

of customers with ~1.2 million³¹⁶clients and total income amounting to €8.4 billion³¹⁷. ꢄ owever, note

that the ~1.2 million customers are mostly explained, as most Luxembourg residents have several

accounts and with several banks and by the large number of cross border commuters³¹⁸. The ML/TF

³⁰⁸CSSF data, 2019.

³⁰⁹See for example EBA, ꢏ oint ꢆ pinion oꢃ th e European Superv isory Auth orities on th e risk s oꢃ money launderinꢀ and terrorist

ꢃ inancinꢀ aꢃ ꢃ ectinꢀ th e European U nionꢒ s ꢃ inancial sector, 2019.

³¹⁰FATF, Risk -ꢋ ased Approach ꢃ or th e ꢋ ank inꢀ Sector, 2014.

³¹¹OECD, ꢈ oney ꢉ aunderinꢀ Aw areness H andbook ꢃ or ꢅ ax Ex aminers and ꢅ ax Auditors, 2009.

³¹²ꢄ M Treasury, ꢇ ational risk assessment oꢃ money launderinꢀ and terrorist ꢃ inancinꢀ , 2017.

³¹³CSSF data, 2018.

³¹⁴CSSF data, 2019.

³¹⁵CSSF data, 2019.

³¹⁶ABBL RBS/CSSF data, 2018.

317

CSSF data, 2019. Total income (gross) as the sum of interest income, dividend income, fees income, other operating

income, P&L trading book & P&L banking book.

³¹⁸Note that this figure excludes the number of clients of two e-commerce institutions providing services under a banking

licence.

85

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

risk is partially reduced by the high concentration of the sub-sector, with the top five entities

representing 89% of the market assets³¹⁹

.

Note that the exposure to geographies with weak A ML/CFT measures is limited (0.1% of assets and

0.2% of liabilities)³²⁰. Thus, the ML/TF risk is reduced here.

As described above, part of the ML/TF risk is also increased by the nature of products. The payment

services activity carried out by retail and business banks is potentially vulnerable to ML risks, also in

Luxembourg, as they can experience layering and extraction techniques used by criminals which are

comparatively more sophisticated than in other sub-sectors. For instance, common methods used are

funding of a product using one method and withdrawal using another. For example, terrorist actors

could misuse/abuse retail banking products to move funds cross-border by opening a current account

and using the associated debit card to withdraw funds overseas (e.g. in a conflict zone or where an

attacked is planned).

Wholesale, corporate and investment banks

Wholesale, corporate and investment banks are seen to be very high risk globally. Some products

(especially those with international flows) are more exposed to ML/TF, such as trade finance and

correspondent banking. Since trade finance involves several cross-border transactions, multiple

participants and large sums, it is deemed to be particularly risky. As for Luxembourg’ s limited

correspondent banking activity, the risk is mostly driven by cross-border correspondent banking

relationships when banks execute third-party payments and thus may have limited visibility on

them³²¹.

The sub-sectorꢃ s vulnerabilities are compounded by the large volume of transactions, which are quick,

efficient and international. The sub-sector represents 32 entities³²², total assets of €14 6 billion³²³, €52

billion for intragroup treasury³²⁴. Total income of this sub-category amounts to €4 .0 billion³²⁵, which

is smaller than other banking activities.

The international nature of business also increases the risk as 77% of assets are outside of

Luxembourg. Flows with geographies with weak AML/CFT measures are limited (0.3% of assets and

0.2% of liabilities; for intragroup treasury, respectively 0.2% and 0.0%)³²⁶

.

Note that the sub-sector is relatively concentrated (the top five entities represent 60% of the

market³²⁷), which makes it easier to monitor and detect potential ML/TF activities. Finally, the risk is

reduced by the low-risk nature of clients, which are a smaller number of mostly institutional

customers (financial institutions contribute to more than 80% of the deposits³²⁸).

Custodians and sub-custodians (incl. CSD s)

Custodians could be vulnerable to ML/TF risk since they deal with a large number of transactions

across multiple customers when providing securities-related services to clients. The risk may be

increased in the cases of omnibus accounts, in which assets are held in the name of the intermediary

³¹⁹CSSF data, 2018.

³²⁰BCL data (countries in scope are those that FATF defines as ꢅ high risk and other monitored jurisdictions” ).

³²¹FATF, G uidance on correspondent bank inꢀ serv ices, 2016.

³²²CSSF data, 2018.

³²³CSSF data, 2018.

³²⁴CSSF data, 2018.

³²⁵CSSF data, 2018.

³²⁶CSSF data, 2018.

³²⁷CSSF data, 2018.

³²⁸CSSF data, 2018.

86

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

and not in the name of the ultimate beneficial owner. Globally, there have been cases where

intermediaries were used to avoid economic and financial sanctions through omnibus accounts³²⁹

.

In Luxembourg, the ML/TF risk is primarily driven by the high share of international business.

Custodians are likely to have international clients (72% of assets and 54 % of liabilities are outside

Luxembourg³³⁰). ꢄ owever, flows with geographies with weak A ML/CFT measures are limited (0.05%

of assets and 0.35% of liabilities³³¹).

The risk is also driven by the size of the sub-sector. In Luxembourg, the sub-sector consists of 29

entities³³²resulting in a total income of €5.73 billion³³³and assets of €179.4 billion³³⁴. Concurrently,

the market in Luxembourg is relatively concentrated with the top five entities accounting for almost

two-thirds of the assets which facilitates monitoring and helps limit risk.

Further, since custodians mostly deal in fairly commoditised and standardised products (e.g. custody

of shares, dividend and interest payment collection and distribution), their risk is restricted with

regards to ML and TF. As such, their overall ML/TF vulnerability is lower than for other banking sub-

sectors.

CSD s' ML/TF vulnerability results from the large volume of frequent and high-value transactions,

which adds to detection challenges. Furthermore, CSDs are exposed to cross-border flows. ꢄ owever,

in Luxembourg, the risk is mitigated due to the very high sector concentration. Out of the two players,

only one player has a banking license with revenues of €974 million. In addition, customers are limited

to a group of selected institutional members, limiting the client risk.

Private ꢀ anking

Private banking is known to be subject to ML/ TF risks. The key risk drivers for private banking stem

from the significant exposure to international clients, high concentration of high net worth clients,

and the complexity of some products (e.g. wealth structuring activities). The 2019 Private Banking

SSRA identified that for Luxembourg, there are three predicate offences especially relevant to the sub-

sector: tax crimes, corruption and bribery, and fraud. Although private banking may be abused for

terrorist financing, especially through products that allow cross-border payments, the overall TF risk

for private banking is smaller than for retail banking. Case Studies 4 and 9 (in the ꢅ threats assessment”

section) and Case Study 10 (below) provide examples and typologies³³⁵to highlight how private

banking can be abused for ML/TF purposes:

Case Study 1 0 : Private banking and terrorist financing (non-Luxembourg case) ^{3 3 6}

An EU foundation used its private bank account to deposit large amounts of cash and transfer them

to companies with strong links with EU-listed terrorist organizations. The private banking client,

head of a Non-Profit Organization, deposited large amounts of cash on the foundationꢃ s account.

Funds were transferred via an international bank payment to an IT support provider and a

publishing company in another EU member state. Investigations showed there was a strong link

between the head of the Non-profit organization and an EU-listed terrorist organization.

³²⁹ISSA, Study on th e ꢋ eneꢃ its and C osts oꢃ Securities Accountinꢀ Sy stems, 2015

³³⁰CSSF data, 2018

³³¹CSSF data, 2018

³³²CSSF data, 2018

³³³CSSF data, 2018

³³⁴CSSF data, 2018

³³⁵Case studies and typology used from the CSSF, Sub-sectoral Risk Assessment P riv ate ꢋ ank inꢀ , 2019

³³⁶FATF, ꢂ inancinꢀ oꢃ Recruitment ꢃ or ꢅ errorist P urposes, ꢁ anuary 2018

87

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

In Luxembourg³³⁷, the private banking sub-sector is well developed with 39 entities offering mainly

private banking activities serving ~172 000 customers generating about €5.8 billion of net income and

accounting for €395 billion assets under management as of 2018³³⁸.

The size and fragmentation of the private banking sector increase the ML/TF vulnerability of the sub-

sector. Most private banks in Luxembourg are part of international groups. There are several large

banks, but also many smaller institutions competing for a share of the market. Smaller banks may also

specialise in specific types of clients (e.g. affluent vs. Uꢄ NW clients only, or clients from specific

geographies or affiliated with a specific group). This focus, together with their limited size and typically

limited resources, may increase the risk level of smaller private banks.

The risk is further driven by the nature of clients. The prevalence of big and potentially more

sophisticated accounts may increase the complexity of private banking activities performed in

Luxembourg. Clients with AuM larger than €1 million hold a large and increasing majority of private

banking AuM in Luxembourg. According to private banksꢃ own internal risk assessments, a large

percentage of their clients have high ML/TF risk. The percentage of high-risk clients in Luxembourg

private banks is much higher than in other banking sub-sectors such as retail banks.

This sub-sector is very exposed to international flows both in terms of assets and entitiesꢃ origin,

which increases the vulnerability to foreigners misusing the sub-sector’ s entities for ML/TF purposes.

In terms of geographical origin, according to the CSSF-ABBL survey and CSSF internal data, the majority

of AuM comes from Europe, but outside Luxembourg. This may complicate the identification of

beneficial owners and the origin of their wealth. Less than a quarter of private banking AuM comes

from Luxembourg account-holders, while the remaining three quarters come from account-holders

located abroad^{339,34 0}. W hile the diverse, international clientele reflects the attractiveness of

Luxembourg as an international private banking centre, the cross-border origin of most AuM may

decrease the level of transparency on the funds invested in the sub-sector.

A number of banks use intermediaries in providing private banking activities. Intermediaries used by

private banks and their clients can be classified into three main types: introducing intermediaries

(sometimes also referred to as ꢈ findersꢈ ), POA-holders and third-party managers. W hilst the number

of accounts and volume of transactions that involve these categories of intermediaries is not especially

high, their involvement can increase the distance between the bank and its client. This may reduce

transparency on beneficial ownership or source of wealth and therefore increases exposure to threats

such as tax crimes, corruption or fraud.

6.2.1.2. Investment sector

Globally, the investment sector is considered to be vulnerable to ML/TF activity as large amounts of

money are invested often on behalf of wealthy individuals or entities.

The sector is large and diverse with a variety of entities such as wealth and asset managers, broker-

dealers, traders/market makers, UCITS management companies, AIFMs, self- or internally-managed

UCIs, pension funds and regulated securitisation vehicles. The detection challenges are not to be

underestimated due to high market fragmentation in terms of the number of providers and also the

high volume of retail and institutional investors. ꢄ owever, pension funds, regulated securitisation

³³⁷Text here and below from the CSSF, Sub-sectoral Risk Assessment P riv ate ꢋ ank inꢀ , 2019.

³³⁸CSSF data, 2018.

³³⁹ABBL/CSSF, Annual P riv ate bank inꢀ surv ey s, 2013-2018.

^{34 0}Note that as the geographic origin of assets is assessed through the origin of client accounts, it is likely the foreign-based

beneficial owners represent an even larger share than 76% of AuM.

88

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

vehicles and traders/market-makers face low or medium risks due to the nature of their activities or

smaller market sizes.

Due to the economic impact of COVID-19, many stock markets and investment products around the

world have experienced significant volatility. W here assets are valued at a significant discount,

investors may be looking to offload and minimise losses. This could provide an opportunity for

criminals offering to purchase or refinance such distressed assets (using the backing of illicit funds). In

addition, the contraction in Luxembourg’ s economic activity as a result of the global pandemic could

place some entities in distress, which in turn creates opportunities for them to be exploited for money

laundering purposes. Further detail is provided in section 4 of the NRA on the impacts of COVID-19.

I nvestment firms

Investment firms constitute a smaller part of Luxembourg’ s financial services sector than banking or

collective investments sub-sectors. They encompass several different types of professionals, which

can be grouped into three categories: wealth and asset managers, brokers and broker-dealers (non-

banks) and traders / market-makers.

As of the end of 2019, there are 97 investment firms established in Luxembourg, with some of

investment firms having licenses to exercise multiple activities at once (for example, an investment

firm can act as a private portfolio manager, described below, and a broker simultaneously).

Investment firms employ 1 690 people and service approximately 100 000 clients at the end of 2019.

For wealth and asset managers, and brokers and broker-dealers (non-banks), the ML/TF risk is

primarily driven by the high international business share and the nature of clients. 56 of 97

investment firms have high risk clients, and approximately 4 % of total clients are marked as high-risk.

The risk is reduced by the fact that 31 entities have limited A uM from weak A ML/CFT countries, which

represent a very small amount of the total AuM.

W ealth and asset managers

The sub-sector wealth and asset managers encompasses ꢈ private portfolio managersꢈ (article 24 -3 of

the 1993 LSF Law) and ꢈ investment advisersꢈ (article 24 of the 1993 LSF Law).

In Luxembourg, it is a medium in size and fragmentation sub-sector. 90 investment firms have the

license of investment adviser, with 37 of them exercising those activities. 82 investment firms have

the license of private portfolio manager, with 68 of them exercising those activities. Investment

advisers have a revenue of €26.5 million (top five firms capturing ~80%) and value of portfolio advised

of €6.1 billion (top five firms capturing ~80%). Private portfolio managers have a revenue of €184 .2

million (top five firms capturing ~37%) and AuM of €4 0.6 billion (top five capturing about 4 5%).

Overall, the entities of the sub-sector have approximately 50 000 assigned mandates.

Their ML/TF risk is increased by the substantial international business (as described above for

investment firms in general) and foreign ownership (approximately 37% of them have foreign non-EU

ownership, with one entity having an owner from a country with weak AML/CFT flows).

The products and activities offered by wealth & asset managers have an impact on the overall ML/TF

risk. Private portfolio managers carry out asset management activities (including providing investment

services and custody of financial instruments) as well as some limited ancillary services (wealth

structuring). Note that investment advisers may also carry out some relevant activities, however the

materiality of this is considered relatively low. The product risk may also be increased by the presence

of omnibus accounts. ꢄ owever, only seven entities have omnibus accounts, accounting for 3.82% of

the total AuM.

89

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Brokers and broker-dealers (non-banks)

ꢀ rokers include ꢈ brokers in financial instrumentsꢈ (article 24 -1 of the 1993 LSF Law), ꢈ financial

intermediation firmsꢈ (article 24 -8 of the LSF) and distributors of units/shares in UCIs (article 24 -7 of

the 1993 LSF Law). ꢀ roker-dealers (non-banks) include ꢈ commission agentsꢈ (article 24 -2 of the 1993

LSF Law).

Similar to wealth and asset managers, the sub-sector is medium in size and fragmentation, with 93

investment firms total with relevant licenses, and only 36 of them exercising them in 2019. Nearly all

revenues and transactions (about 98%) are concentrated by the top five entities.

The risk is increased by the volume of clients and transactions. In this sub-sector, numerous entities

are processing a large number of customers and executing a high volume of transactions. As such,

broker-dealers (non-banks) facilitated transactions worth €251.2 billion in 2019, and brokers

facilitated transactions worth €122.2 billion respectively, with approximately 75 000 administered

mandates. The sub-sectoral risks are also increased due to significant international involvement. 32%

of brokers and broker-dealers (non-banks) have foreign non-European ownership, whereby only one

investment firm is owned by foreign persons/ entities from high-risk countries

The risk is increased by the fact that brokers and broker-dealers offer non-client- facing businesses

but limited by the fact that the clients are mainly institutional, and the fact that client relationships

are initiated face-to-face.

Traders/market-makers

Traders/market-makers include professionals buying or selling securities for the purposes of

proprietary trading or market-making activities: Professionals acting for their own account (article 24 -

4 of the 1993 LSF Law), Market makers (article 24 -5 of the 1993 LSF Law) and underwriters of financial

instruments (article 24 -6 of the 1993 LSF Law). Globally, the ML/TF risk of traders and market-makers

have been misused to generate illicit sums of money, through offences such as insider trading, market

manipulation and fraud^{34 1}.

In Luxembourg, the ML/TF risk stems primarily from the fact that they manage money for their

owners and that they could be misused for ML/TF purposes. In addition, international exposure and

large volumes observed drive the ML/TF risk.

In Luxembourg, the vulnerability is limited because of the very small sector size. As of 2019, there are

five investment firms licensed as professionals acting for their own account, with only two carrying

out those activities in 2019. There are two investment firms licensed as underwriters of financial

instruments, but none of them carry out relevant activities. The total AuM of the investment firms is

€4 4 .2 million.

Collective I nvestments

Globally, collective investments risk to be abused or misused for different types of fraudulent

practices, including for example ꢈ Ponziꢈ schemes, confidence or ꢈ boiler roomꢈ scams, use of fictitious

or ꢈ shellꢈ companies, misleading investments and misstated value determination. Collective

investments can be abused and misused through schemes concerning both liability (inbound

investments) and asset (outbound investments) sides. The possible schemes include raising funds

from corrupt government-related investors (inbound investments), securing investments in corrupt

government-related projects (outbound investments), influencing investment and portfolio allocation

^{34 1}FATF, ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ in th e Securities, 2009.

90

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

decisions (outbound investments), and investing in corrupt portfolio companies (outbound

investments).

In other countries, there have been some cases of market manipulation via the abuse or misuse of

collective investments. For example, the investment fund managers could collude over the price of a

security before an IPO. The risk of price collusion is increased in situations with a limited number of

investors making high-value investments, in particular in securities which are difficult to price.

Case Study 11: Collective investments and money laundering^{3 4 2}

In 2018, the administrator of Fund X became aware that one of the fundꢃ s investors had requested

the full redemption of the units held in the fund. This investorꢃ s account had been blocked because

the documentation on the origin of the funds was incomplete. As for the investor, it was a tax-

opaque Liberian entity.

The funds from the liquidation were to be paid into the investorꢃ s Swiss account via a correspondent

located in the United States. The investor had never justified the reasons for the complexity of the

chosen structure, including shell companies, several changes in the corporate structure, including

at the management level, through non-cooperative jurisdictions. It had also not given any

explanation on the origin of the funds used to acquire the shares of the fund. Some entities of this

structure had been mentioned in the ꢈ Panama Papersꢈ .

The administrator was unable to remove suspicions of a possible illegal source of funds or even tax

evasion.

In Luxembourg, the sector is large and fragmented, and consists of various components with more

than €4 .73 trillion in AuM across 3 000 plus entities as of December 2019^{34 3}. This sub-section groups

collective investments into three main classes: UCITS ManCo (including Super ManCo), AIFM and self

or internally managed UCI, each consisting of multiple clustering elements. Each class is mutually

exclusive, and all classes taken together cover the full spectrum of regulated collective investments in

Luxembourg ^{34 4}

.

U CI TS Management Companies “ ManCo” (including SuperManCo)

Luxembourg Chapter 15 ManCo include an important number of entities who manage the large

majority of assets in Luxembourg in a sector characterised by a relatively high degree of concentration.

Luxembourg Chapter 15 ManCo heavily rely on cross-border distribution networks to market their UCI

across Europe and in a number of non-EU jurisdictions.

The high inherent risk presented by this category is also explained by the volume of assets under

management and the inclusion of entities benefitting from a double license (Cꢄ 15 and AIFM) in this

category. Therefore, the AIFM component of this cluster increases the inherent risk, notably because

of the types of investments made by AIFs.

EU/EEA UCITS ManCo act as designated IFM of Luxembourg investment vehicles and are primarily

located and supervised in five countries: Germany, France, United K ingdom, Ireland and Italy. Volumes

of assets under management are a key risk driver.

^{34 2}CRF, Annual report, 2018.

^{34 3}CSSF, É v olution des actiꢃ s nets et du nombre dꢖ ꢆ P C , as of 31^stDecember 2019.

^{34 4}All information below from the CSSF, Aꢈ ꢉ ꢍ ꢅ ꢂ sub-sector risk assessment: C ollectiv e inv estments, released in ꢁ anuary 2020.

91

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

The quality and transparency of distribution channels is also an important risk factor for EU/EEA IFM.

Indeed, the relationship between the IFM and end-investors is further distanced due to cross-border

management and cross-border distribution, which increases the ML/TF risks.

A lternative investment fund managers (A I FM)

Luxembourg authorised AIFM are generally of moderate size with most Luxembourg AIFM groups or

parent undertakings originating from Switzerland, Germany and Belgium. The sector is characterised

by a certain degree of fragmentation, with the top 10 entities representing 31% of total assets and the

top 50 entities representing 71% of total assets.

They manage a diverse set of UCI, across different regimes, generally subject to fewer rules and

diversification requirements than UCITS. The diversity of such types of investments statistically

increases the risk of investing in high ML/TF risk assets.

The geographical reach of Luxembourg authorised AIFM facilitated by EU/EEA passporting agreements

increases general ML/TF vulnerability. A portion of the overall distributors marketing funds managed

by these AIFMs are not supervised by NCAs or self-regulated bodies for AML/CFT purpose which

increases the overall risk of this category.

Luxembourg registered AIFM include a high number of IFM, but their net assets remain low given the

AIFMD regulatory threshold capping assets under management at €100 million or €500 million for

unleveraged and close-ended AIF. Larger AIF over €100 million managed by registered AIFM must be

closed-ended, restricting investor redemption rights during a period of five years. The resulting longer-

term nature of the investment limits the risk of ML/TF by developing the business relationship with

the investor and delaying the integration of funds back into the economy. ꢄ owever, the types of

investments remain less plain vanilla and therefore present higher ML/TF risks.

An important number of Luxembourg Chapter 16 ManCo are active in Luxembourg. Similarly to AIFM,

this sector is fragmented. Chapter 16 ManCo not authorised as AIFM do not benefit from a passport

to carry out activities outside of Luxembourg. Given this lack of EU/EEA equivalence, Chapter 16

ManCo remain less international than Luxembourg authorised AIFM, reducing ML/TF vulnerability.

Chapter 16 ManCo may manage regulated non-UCITS and non-AIF. These vehicles are subject to less

harmonised rules than UCITS and AIF, and have to abide by less requirements. The investment types

and areas of Chapter 16 ManCo are relatively diverse, increasing the risk of being exposed to higher

ML/TF risk. Chapter 16 ManCo typically invest in less transparent and less liquid assets, potentially

increasing ML/TF risks.

A portion of the distributors used for the marketing of their UCIs are not subject to AML/CFT

supervision and few UCIs managed are considered by their designated IFMs as having a complex

distribution scheme.

EU/EEA AIFMs act as designated AIFM of Luxembourg investment vehicles and are primarily located

and supervised in five countries: UK , France, Ireland, the Netherlands and Germany. Most IFMꢃ s

groups or parents originate from North America (Canada and USA) and European countries.

Volumes of assets under management are a key risk driver. EU/EEA AIFMs have predominantly global

and European investment targets. Over half of asset classes are alternative investment, private equity

or venture capital. These asset classes are typically less transparent and less liquid than traded

securities and thus subject to higher ML/TF risk.

The quality and transparency of distribution channels is also an important risk factor for EU/EEA AIFM.

Indeed, the relationship between the IFM and end-investors is further distanced due to cross-border

management and cross-border distribution, which increases the ML/TF risks.

92

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Non-EU/EEA AIFMs also act as designated AIFM of Luxembourg investment vehicles but are supervised

by non-EU/EEA National Competent Authorities. The funds managed are typically less transparent and

less liquid than traded securities and subject to higher ML/TF risk.

The quality and transparency of distribution channels is also an important risk factor for non EU/EEA

AIFM. Indeed, the relationship between the IFM and end-investors is further distanced due to cross-

border management and cross-border distribution which increases the ML/TF risks.

Self- or internally managed U CI

Luxembourg only has a very limited number of self-managed investment companies (ꢅ Socié té s

d’ investissement autogé ré es” or ꢅ SIAG” ) with relatively low assets under management and the market

is very concentrated. SIAG initiators originate from nine different jurisdictions, exclusively in Europe

and North America.

SIAG are self-managed UCITS investment companies (SICAV), which present lower ML/TF

vulnerabilities due to the nature of their investments and regulatory restrictions. As UCITS, SIAG invest

in traded securities such as bonds and equities, the transparency of which and liquidity reduces risk

of abuse or misuse for ML/TF.

The internally managed alternative investment funds (ꢅ fonds d’ investissement alternatifs gé ré s de

maniꢀ re interne” or ꢅ FIAAG” ) are composed of internally self-managed AIF. The FIAAG are initiated

from a very diverse set of countries but in terms of net assets and number of sub-funds most initiators

originate from Luxembourg.

Those funds appear to primarily invest in traded securities (e.g. bonds and equities), therefore

reducing their ML/TF risk exposure on assets.

R egulated securitisation vehicles

R egulated securitisation vehicles are securitisation undertakings governed by the law of 22 March

2004 on securitisation that issue securities to the public on a continuous basis (more than three issues

per year).

The ML/TF risks are primarily driven by the sector size and the international nature of the business.

As of December 2019, in Luxembourg, there are 33 firms with a balance sheet total of €52.7 billion. In

2019, there were 378 issues with a volume of €21.9 billion, and 311 maturities/full or partial

redemptions with a volume of €20.3 billion, which is not a significant change from 2016^{34 5}. The

ownership of regulated securitisation vehicles is 100% international (with 4 4 % ownership in France,

25% in the Channel Islands, 21% in the Netherlands). Most of the clients come from the EU, but there

is a non-minor share of clients from Asian markets.

The sub-sectorꢃ s inherent ML/TF risk is reduced by the fact that regulated securitisation vehicles in

Luxembourg are found not perform TCSP activities in practice according to CSSF data. Further, all of

them are required to have their notes distributed by MIFID firms, which limits their exposure to ML/TF

abuse. Also note the complexity of ownership schemes have been reduced over the past four years,

with the value of subscribed capital falling from €4 .4 million in 2016 to €2.2 million in 2019. In addition,

all regulated securitisation vehicles have a Luxembourgish banking institution, providing custody for

liquid assets and securities, which ensures indirect AML/CFT supervision and further limits ML/TF risk.

CSSF-supervised pension funds

CSSF-supervised pension funds which are supervised by the CSSF, are less vulnerable to ML/TF risk in

Luxembourg. They are defined in the 2005 Pension Funds Law as Variable Capital Pension Savings

^{34 5}CSSF data, 2019.

93

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Company (SEPCAV) and the Pensions Savings Association (ASSEP) regimes. Note that the CAA also

supervises a separate type of pension types, falling under pension funds under insurance legislation,

the ML/TF vulnerability of which is described in the section ꢈ CAA-supervised pension fundsꢈ of this

report.

The ML/TF risk of pension funds in Luxembourg is limited because of the small sector size, which is

also highly concentrated. As of 2019, there are 12 entities registered as pension funds and falling

under CSSF supervision. Together, they have €1.75 billion AuM^{34 6}, and top five entities have 84 %

market share^{34 7}with 18 4 4 4 clients^{34 8}.

The international exposure is limited as ownership by entities from foreign countries represents

€0.66 billion of assets^{34 9}in 2019. They offer standardised products with little ML/TF risks and have no

flows with geographies weak AML/CFT measures, as most sponsors are EU-based corporates.

6.2.1.3. MVTS

Globally, money or value transfer services providers are commonly used by criminals engaging in

ML/TF activities, given the international payments driven nature of the sector. In addition to the core

activities performed by MVTS providers, the speed and volume of transactions and geographic reach

offered are particularly attractive features, which hinder detection of suspicious activity.

Luxembourg is vulnerable to increased ML/TF risks due among other to the volume of the sector in

the country. 2.4 billion inflow transactions worth € 93.8 billion and 1.2 billion outflow transactions

worth €83.2 billion were processed by 20 entities in 2019. Note that while the number of entities

increased to 20 in 2019 from 14 in 2017, it has not changed the complexity of the sector. The business

models and activities of the new entrants are similar to the other actors of the sector. In addition, the

international nature of the payments business increases ML/TF risks, as there is a significant amount

of cross-border transactions involved. ꢄ owever, approximately 96% of the flows are within the EU.

Flows to geographies with weak AML/CFT measures are limited. As such, during 2019, the inflows and

outflows to and from non-EU countries represent less than 5% of the total inflows.

MVTS providers could potentially experience larger exposure to ML/TF risks stemming from an

increase in online purchases as a result of the COVID-19 related social distancing measures. The

increase in online purchases may lead to the increase in both the volume and value of online payments

services. Further detail is provided in section 4 of the NRA on the impacts of COVID-19.

Payment institutions

Payment institutions can offer a variety of services, such as the provision of payment infrastructure

(including payment accounts) to e-commerce marketplaces, peer-to-peer payment methods,

facilitation of payment transactions including the transfer of funds, issuing of payment instruments or

providing acquiring activities. The vulnerability of payment institutions comes from the overall

features of those activities, which can facilitate fast cross-border non face-to-face transactions.

In Luxembourg, the sub-sector has a risk profile in line with the wider sector given the number and

total value of transactions and the large sector size. As of December 2019, there are 12 payment

institutions operating in Luxembourg, with 372 employees and €0.5 billion in revenues. 1.1 BN inflow

transactions worth €55.4 billion and 1.1 billion outflow transactions worth € 55.8 billion were

processed during 2019. The risk is also driven by the nature of the different payment activities and

^{34 6}CSSF data, 2019.

^{34 7}CSSF data, 2019.

^{34 8}CSSF data, 2019.

^{34 9}CSSF data, 2019.

94

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

services provided. For example, two out of the 12 active entities provide payment services, which are

linked to some extent to virtual assets.

There are two new payment institutions licensed as compared to 2018. Although the sector has grown

in the number of payment institutions, the sector remains highly concentrated with 99% of revenue

generated by top five entities.

E-Money institutions

E lectronic-money (e-money) institutions are institutions that issue, distribute and redeem electronic

money, which is stored in electronic format mostly in e-money wallets/accounts. E-money can be

accepted and used by individuals and entities other than the e-money institution itself. E-money

institutions can also offer the same payment services as payment institutions, and therefore share

exposure to similar ML/TF schemes, even if the risks of e-money activities and payment services are

different in their nature.

In Luxembourg, the sub-sector is similar in size and activities to the payment institutions, and thus

shares similar inherent vulnerability to ML/TF risk. The sub-sector is large in size and transaction

volume. It employs 212 people and generates €0.3 billion in revenues. 1.3 billion inflow transactions

worth €38.4 billion and 0.05 billion outflow transactions worth € 27.4 BN were processed during 2019.

Similar to payment institutions, it is experiencing growth in Luxembourg, as the balance sheet total of

electronic money institutions increased from €1.3 billion in 2017 to €1.8 billion in 2018.

The risk is reduced by the high concentration of the sector. Note that although the number of entities

has increased from six in 2018 to eight in 2019, it has not increased the fragmentation of the market,

as is the case also with payment institutions³⁵⁰.

A gents and e-money distributors acting on behalf of PI /E MI s established in

other E uropean member states

Agents are money transfer intermediaries, e-money distributors on behalf of licensed and regulated

MVTS processing transfers which are established in other European member states. Payment services

are a common and convenient method to perform fast transfers of money across users and

geographies. Payment agents typically have less information on their clients than other, more

established financial institutions. ꢄ owever, agents are often the only persons to meet a customer face-

to-face and facilitate transactions physically. Payment agents services are often used to transfer

money to countries with less mature financial systems and limited access to banking services.

Agents have a limited market size in Luxembourg. There are 20 agents on behalf of seven payment

institutions and two agents and four distributors on behalf of five electronic money institutions as of

2019³⁵¹. Combined, they processed €316 million of inflows and €359 million of outflows in 2018, which

is significantly smaller than the approximately €11.9 billion of personal remittance outflows in

Luxembourg³⁵²

.

6.2.1.4 . Specialised PFSs

Specialised PFSs in Luxembourg can offer a variety of activities, such as: accounting services, corporate

services, domiciliation and directorship services, depositary services and transfer agency services.

They can be broadly categorised into two categories: specialised PFSs providing corporate services

and professional depositaries.

³⁵⁰CSSF data, 2018.

³⁵¹CSSF data, 2019.

³⁵²Eurostat, Personal remittances statistics, November 2019.

95

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Professionals of the financial sector, such as specialised PFSs are regarded globally as exposed to

ML/TF risks due to their role as gate-keepers to the financial systems. FATF guidance states that

ꢈcriminals w h o ꢀ enerate th ese ꢐ illeꢀ al) ꢃ unds need to brinꢀ th em into th e leꢀ itimate ꢃ inancial sy stem

w ith out raisinꢀ suspicionꢈ³⁵³. ꢄ ence, specialised PFSs, in general, may be abused to achieve these

ends. They may unknowingly offer various legal, accounting and other financial activities to

criminals³⁵⁴.

Specialised PFSs providing corporate services

Specialised PFSs providing corporate services are vulnerable primarily due to the nature of the

business, which involves supporting residents and non-residents to set up corporate structures (which

may be abused for ill intentions such as setting up shell companies).

In Luxembourg the ML/TF risk is driven by the fact that many specialised PFSs offer TCSP activities. As

of December 2019, 86% of the specialised PFSs (out of a total of 104 entities) offer TCSP activities, out

of which 71% also provide transfer agency services and fund administration services. TCSP activities

can be offered by entities from other sub-sectors and can be particularly exposed to ML/TF activities,

which are further detailed in a separate section of this NRA report below.

In Luxembourg, the sector risk is driven by the significant size. There are 89³⁵⁵entities³⁵⁶with 4 4 78

employees³⁵⁷as of December 2019 with balance sheet assets of €0.8 billion³⁵⁸and profit of

€77 million³⁵⁹. The sector has a relative degree of complexity as specialised PFSs can include various

licenses, each offering different services. Those licenses include registrar agents, corporate

domiciliation agents, professionals providing company incorporation and management services, and

family offices.

Another factor increasing ML/TF risk of specialised PFSs is the prevalence of distribution risks, as

specialised PFSs often use third parties to enter in contact with potential clients. Moreover, the sector

in Luxembourg has sophisticated professionals whose knowledge may be misused for money

laundering purposes.

Professional depositaries

As of December 2019, 16% of the specialised PFS qualify as depositaries (some of which also hold

TCSP licenses), 88% of which perform depositories services for assets other than financial instruments

(15 entities) and 12% perform depositories services for financial instruments (two entities). One of the

entities which performs depository services for financial instruments has obtained in 2020 a CSDR

license and no longer falls in the specialised PSF category.

Professional depositaries of assets other than financial instruments are vulnerable to ML/TF risk as

they act as depositaries for specialised investment funds, investment companies in risk capital and

non-regulated alternative investment funds, the assets of which may be used by criminals to launder

illicit proceeds.

The main risk driver for professional depositaries in Luxembourg is the large sector size. As such, as of

December 2019, the 15 professional depositories of assets other than financial instruments entities

353

ꢁ ournal of Economics, Business and Management, ꢂ Aꢅ ꢂ Recommendations Related to ꢄ ꢇ ꢂ ꢋ P s on ꢈ oney ꢉ aunderinꢀ

Assessment, February 2015.

³⁵⁴FATF guidance, Report on C oncealment oꢃ ꢋ eneꢃ icial ꢆ w nersh ip, ꢁuly 2018.

³⁵⁵Note that of those 89 entities, 2 entities also have licenses for depositories services.

³⁵⁶CSSF data, 2019.

³⁵⁷CSSF data, 2019.

³⁵⁸CSSF data, 2019.

³⁵⁹CSSF data, 2019.

96

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

have an AuM of €67.4 billion. The risk may be increased by the fact that those professionals act as

depositories for non-financial assets, which may bear a higher inherent risk of ML/TF.

6.2.1.5. Support PFSs and other specialised PFSs

Support PFSs and other specialised PFSs are deemed to have a very low exposure to ML/TF activities

due to the limited financial services client interaction and the low-risk nature of their activities (that

is, support services).

Support professional service providers mainly provide back-office IT services and do not execute

transactions. These include client communication agents (article 29-1 of the 1993 LSF Law),

administrative agents of the financial sector (article 29-2 of the 1993 LSF Law), primary IT systems

operator of the financial sector (article 29-3 of the 1993 LSF Law), secondary IT systems and

communication networks operator of the financial sector (article 29-4 of the LSF), digitisation service

providers (article 29-5 of the 1993 LSF Law) and e-archiving service provider (article 29-6 of the 1993

LSF Law). As of 2019, there were 74 support professional service providers operating in Luxembourg,

employing 10 005 people. Of those 74 entities, 36 were client communication agents and

administrative agents, and 38 were IT system operators. Two of those entities had additional

agreements for digitalisation or e-archiving service provision. In the past five years, the sector size

remained stable with 78 entities in 2015.

Some specialised professional service providers, which have been included under this sector, are less

exposed to ML/TF risks compared to the wider specialised PFS sector due to the nature of service

provided. Moreover, the current mutual savings fund is only accessible for public servants savings.

Others are considered low risk as none of these exist in Luxembourg (e.g. no license is granted at

present to currency exchange dealers and professionals performing securities lending). As of

December 2019, this sub-sector includes six professionals performing lending operations (article 28-4

of the LSF) and two debt-recovery services providers (article 28-3 of the 1993 LSF Law) and a mutual

savings fund administrator (article 28-7 of the 1993 LSF Law). The sub-sector also includes currency

exchange dealers (article 28-2 of the 1993 LSF Law), professionals performing securities lending

(article 28-5 of the 1993 LSF Law), of which none are present in Luxembourg and thus cannot be

misused for ML/TF purposes.

6.2.1.6. Market operators

The market operators sector in Luxembourg encompasses operators of a regulated market (article 27

of the 1993 LSF Law), investment firms operating an MTF in Luxembourg (article 24 -9 of the 1993 LSF

Law) and investment firms operating an OTF in Luxembourg (article 24 -10 of the 1993 LSF Law).

ML/TF risk for the Market Operators sector in Luxembourg is limited due to the presence of only one

market operator in Luxembourg – the Luxembourg Stock Exchange. The Luxembourg Stock Exchange

operates two trading venues, the Bourse de Luxembourg (regulated market) and the Euro MTF

(multilateral trading facility). A broad range of instruments is admitted to trading on both trading

venues. A majority revolves around debt securities, investments funds, warrants, GDRs, and equities.

It also diversifies into contingent convertible (CoCo) bonds, Dim Sum bonds, index-linked bonds, Tier

one issues, loan participation notes, Islamic bonds, etc³⁶⁰.

The risk, however, is increased by the volume of issuance activities. It is a large stock exchange,

especially for the issuance of debt instruments. The total amount of debt issued via instruments

³⁶⁰PW C, ꢉ ux embourꢀ P rime ꢉ ocation ꢃ or listinꢀ , 2014.

97

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

admitted to trading on the Luxembourg Stock Exchange in 2019 was € 1 210 billion³⁶¹, representing

1 905% of the GDP of 2019.

Additionally, in line with the financial sector in Luxembourg, it is exposed to international flows (about

85% of the transactions executed on the trading venues of the Luxembourg Stock Exchange were

executed exclusively between foreign members in 2019³⁶²). At the same time, the client risk is limited,

as the exchange is open only to a small number of members who in turn are all EU regulated

investment firms or banks subject to AML/CFT obligations.

The risk is further reduced by the small volume of transactions. The trading volume in 2019 on both

trading venues operated by the Luxembourg Stock Exchange was €96.8 million in 2019, representing

0.15% of GDP³⁶³. The value of equity trading was €4 5.7 million in 2019³⁶⁴. As a result, there is very

little money flowing through the exchange, which decreases ML/TF risks. In addition, the volume of

trades is very low compared to the size of the global economy and in particular, the financial sector in

Luxembourg. Thus, for example, if an entity trading on the Luxembourg Stock Exchange would execute

multiple buys and sales of financial instruments for ML purposes, the activity would be likely noticed

by the supervisor, thus preventing this theoretical ML activity from occurring.

The ML/TF is further reduced by the specifics that the Luxembourg Stock Exchange does not hold

capital linked to the primary issuance of instruments traded on its markets on its accounts and does

not intervene in settlement of the secondary market transactions.

³⁶¹FESE data.

³⁶²CSSF data.

³⁶³FESE data.

³⁶⁴FESE data.

98

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

6 .2 .2 . CAA supervised sectors

Globally, the insurance sector is typically regarded as less vulnerable with regards to ML/TF risks than

other sectors, such as banking or gambling.³⁶⁵Insurance products are less flexible than other financial

products, such as loans or payment services, limiting their attractiveness for ML/TF activities by

criminals. Furthermore, insurance products are complex for ordinary criminals, requiring some specific

knowledge. In addition, pay-outs from insurance companies are unpredictable and/or risky as they are

dependent on the incident that has been insured actually taking place (e.g. death or tail events).

Despite this, insurance can be used by terrorists to insure their individual risks. For example, terrorists

can register for life insurance policies so that the pay-out is received by their families and dependents

after their death. There is also a limited risk that funds withdrawn from insurance contracts could be

used to fund terrorism³⁶⁶.

Insurance products are generally considered to be particularly vulnerable to ML/TF risks when they

have the flexibility of payment, flexibility of investment, ease of access to accumulated funds,

negotiability (i.e. can be used as collateral) and anonymity.

Flexibility of payment in insurance products may allow payment from third parties, high value

premium payments and, overpayment of premia followed by refund request and cash payments. The

various payment methods available may increase the attractiveness of products to criminals, as they

are not limited to a specific payment scheme. The flexibility of investment enables investments in non-

listed assets (for example, privately-owned companies, real estate, special purpose vehicles). As such,

the inherent vulnerability of different assets may transfer to the insurer. Ease of access to accumulated

funds can be provided by products with ꢅ cooling off” periods, which allow clients to cancel policies for

any reason and receive a refund within a brief period of time after the policy issuance. It can also be

provided by products that allow partial withdrawals/early surrender with limited fees. A criminal could

potentially pay an insurance premium, and then request a refund within a short period of time to

another bank account, potentially allowing for complex ML schemes. Finally, some products facilitate

the anonymity of the customer, for example, by allowing deposits and payments by third parties or

providing for non-face-to-face transactions (for example, mobile payment applications).

Beyond life insurance, certain features of insurance products can add to sectorial inherent risks for

the insurance sector, namely, when they involve early termination, changes in beneficiaries and

payments forms. Early termination includes the unexpected use of ꢅcooling off” periods, early

surrender requested within the first two years after the subscription of the policy (especially when

incurring high cost) and frequent and unexplained surrenders. Changes to beneficiaries include

beneficiary clause changes to an apparently unrelated third party. Payments could be further drivers

of risk, for instance, when cash is used for payment, when there is a change or increase of the sum

insured and/or of the premium payment, if payments are made from different bank accounts without

explanation, when payment come from banks not established in the customer’ s country of residence

or when payments are received from third parties that are not associated with the contract.

Overall, the level of vulnerability of Luxembourg’ s insurance sector is deemed to be medium. The

sector is significant in size and growing with €302 billion balance sheet total³⁶⁷and €51 billion in

³⁶⁵FATF, G uidance ꢃ or a risk -based approach ꢃ or th e liꢃ e insurance sector, 2018.

³⁶⁶FATF, G uidance ꢃ or a risk -based approach ꢃ or th e liꢃ e insurance sector, 2018.

367

CAA data, 2019. To be noted that in the context of the COVID-19 sanitary crisis, an additional time was granted to the

supervised entities to communicate certain financial reporting statements to the CAA and therefore, 2019 figures are still

under the process of CAA validation at the time of writing. ꢄ owever, the CAA estimates that even if 2019 final figures might

evolve, there should be no material impact on the general conclusions inferred from those data.

99

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

premia³⁶⁸in 2019. As of 2019, it has 274 ³⁶⁹life insurance, non-life insurance and reinsurance

companies employing over 8,000 people, about 2% of the labour force³⁷⁰. Luxembourg has one of the

highest numbers of insurance companies per capita globally which significantly adds to the sectorial

inherent risk. Furthermore, the sector continues to grow in Luxembourg. In 2019 compared to 2018,

total value of premia written by life and non-life insurers increased by nearly a half.³⁷¹The growth has

been driven by non-life insurance undertakings, the number of which has increased as 12 entities have

relocated from the UK to Luxembourg due to Brexit. This has increased the revenues of non-life

insurance undertakings by more than double. In addition, premia written by life insurance

undertakings increased by more than 15%, also to an extent explained by Brexit as one UK life

insurance company transferred a portfolio with a value of approximately €2 BN to Luxembourg.

Life insurance

Globally, life insurance is the most exposed insurance sub-sector to ML/TF risks; however, the risk

depends on a given product’ s characteristics.

Products with higher complexity or flexibility of payments, or products with returns linked to the

performance of an underlying financial asset are generally more susceptible to ML/TF abuse.³⁷²

Common money laundering techniques used in life insurance include premium payment on a policy

and then asking for a refund, cashing out of policies prematurely despite penalties, funding policies

using payments from a third party, paying a large top-up into an existing life insurance policy,

channelling payments via offshore banks, purchasing an annuity with a lump sum rather than paying

regular premia over a period of time. Life insurance policies may also be used as collateral to purchase

other financial instruments, making them one part of a complex system of transactions designed to

obfuscate the origins of funds³⁷³. Case studies 12 and 13 (below) further illustrate how the flexibility

of payments and early terminations can be abused for ML purposes.

Case Study 1 2 : Luxembourg case study on life insurance^{3 7 4}

Transaction related to the purchase of life insurance

Two life insurance policies were taken out by a natural person. The premia were not paid from the

account of the natural person initially indicated to the insurance company, but came from a

foundation in Liechtenstein, unknown to the insurance company.

As a result of the refusal to provide supporting documents, the funds were returned to the original

account and the insurance policies were cancelled.

Case Study 1 3 : Luxembourg case study on life insurance^{3 7 5}

Termination of a life insurance contract

A natural person took out a life insurance policy. The client had dual French and Canadian

nationality and resided in Dubai for professional reasons. The funds were transferred from an

account held in his name in France. ꢄ e wished to exercise his right to renounce the contract within

³⁶⁸CAA data, 2019.

³⁶⁹CAA data, 2020.

³⁷⁰CAA data, 2019.

³⁷¹CAA, C onꢃ irmation du dév eloppement ex ceptionnel du secteur de lꢒ assurance au 4 ^{è me}trimestre ꢌ 019 , 2020.

³⁷²FATF, G uidance ꢃ or a risk -based approach : ꢉ iꢃ e ꢁ nsurance, 2018.

³⁷³IAIS, Application P aper on C ombatinꢀ ꢈ oney ꢉ aunderinꢀ And ꢅ errorist ꢂ inancinꢀ , 2013.

³⁷⁴CRF, Annual Report, 2018.

³⁷⁵CRF, Annual Report, 2018.

100

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

30 days (allegedly for costs reasons) and requested the return of the funds to an account held in his

name in ꢁ ersey. As the insurance company could not remove suspicions of possible tax fraud, it

returned the funds to the original French account.

Life insurance products that are less susceptible to ML/TF include products such as group annuities

and products that pay a lump sum or an annuity in the event of death or critical illness. Products that

have no surrender value, no investment elements and products with low value also limit the

attractiveness of some life insurance products for ML/TF purposes³⁷⁶.

In Luxembourg, the life insurance sub-sector is large and fragmented, which increases its ML/TF

vulnerability. As of 2019, life insurance entities show a balance sheet total of €214 billion³⁷⁷

,

€205 billion in technical provisions³⁷⁸and €25.6 billion in premia. As of 2019, there are about 36³⁷⁹

companies in the AML/CFT scope, five of which have a Luxembourgish owner. Approximately half of

revenues are generated by five entities, and the share has remained stable over the past 10 years³⁸⁰

which suggests the market remains structurally fragmented.

,

The life-insurance sector is oriented towards foreign residents, exposing Luxembourg to potential

international ML/TF activities and high-risk customers. 92% of new premia come from foreign

residents³⁸¹. For 0.35% of all life insurance contracts, the country of residence of the policyholder is a

high-risk country and for 0.4 4 % of all life insurance contracts the banking institution from which

premia originates is located in a high-risk country³⁸². Life insurance entities serve a certain number of

PEPs and customers from high-risk countries, as 0.2% and 0.4 % of all life insurance contracts³⁸³have

a policyholder or the beneficial owner that is linked to a PEP or a high-risk country respectively.

Other ML/TF risk factor for life insurance are the products offered. As described above, some life

insurance products contain features increasing ML/TF vulnerability. Contracts considered as higher

risk by the CAA include some local contracts³⁸⁴and freedom to provide services contracts, including

life insurance policies invested in internal dedicated funds with a large part of private equity

(ꢅ insurance wrappers” ). As of 2019, there were 575 contracts with underlying unlisted assets³⁸⁵

.

Altogether, however, the number of those high-risk contracts represents less than 0.1% of total life

insurance contracts. Concerning another high-risk product, the ꢅ contrat de capitalisation au porteur”,

after a stock-taking exercise, the CAA concluded that this product had become a rare and disappearing

instrument in Luxembourg. Such contracts are not underwritten anymore and, as of the end of 2019,

the 838 contracts left represent less than 0.04 % of the total technical provisions of the life insurance

sector.

Other ML/TF risk factors include high volume of transactions and the usage of intermediary

distribution channels. In 2019, over 750 000 contracts were sold for a total premium of €19.2 billion.

³⁷⁶FATF, G uidance ꢃ or a risk -based approach ꢃ or th e liꢃ e insurance sector, 2018.

³⁷⁷CAA data, 2019.

³⁷⁸CAA data, 2019.

³⁷⁹CAA data, 2020.

³⁸⁰CAA data, 2019.

³⁸¹CAA data, 2019.

³⁸²CAA data, 2019.

³⁸³CAA data, 2019.

384

Local higher risk products are considered to mainly target investment purposes and allow a lot of flexibility regarding

payments such ꢅ contrats dꢃ é pargne placement ou de capitalisation” .

³⁸⁵CAA data, 2019.

101

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

On distribution channels, direct sales are known to account for €0.6 billion. 97% (in terms of premia)

were sold through intermediaries.³⁸⁶

Non-life insurance

It is globally assumed that non-life insurance products can be misused for ML in the case of customers

paying for premia with illicit funds, or a major overpayment of premia followed by a refund request³⁸⁷

.

For example, in other countries cases have been observed where a company’ s management has

exaggerated premium rates for non-life insurance products, and asked to refund some of the premia

to another company owned by the management³⁸⁸. Other misuse examples include insurance fraud,

when it is used to launder ML proceeds. For example, in other countries criminal organisations have

insured buildings and deliberately damaged them to receive pay-outs³⁸⁹

.

Those approaches can also be misused for TF purposes. Another example of how TF can occur is if a

worker’ s compensation payments are used to finance terrorist activities or purchasing primary

coverage for the transport of terrorist materials³⁹⁰.

In Luxembourg, non-life insurance sub-sector is smaller and less fragmented than the life insurance

sub-sector. As of 2019, it had €39 billion in balance sheet total, €26 billion of technical provisions³⁹¹

,

€12.6 billion in premia and 8 284 employees across roughly 4 2 companies (17 in the AML/CFT scope),

of which three quarters had a foreign ultimate owner. The sub-sector is more concentrated with 66%

of the market captured by the top five insurance firms.

It is important to note that over the past two years the non-life insurance sector has grown rapidly,

and its growth has outpaced other insurance sub-sectors. The growth can be to a large extent,

explained by the relocation of 11 non-life companies from the UK to Luxembourg because of the UK ’ s

decision to exit the EU. The total value of written premia almost tripled in 2019³⁹²compared to 2018.

It was a unique event, which has not, however, changed the overall ML/TF risk of the sub-sector as

most of these newcomers offer standardised non-life insurance products.

The low ML/TF risk is explained by the low-risk nature of products, as products offered are not

inherently risky. Indeed, they pay out against pre-defined event, have no surrender value, no

investment elements and the premia are generally of lower value. Moreover, insurers are especially

vigilant towards fraud prevention (fraudulent claims). Insurance classes 14 (credit) and 15 (suretyship)

are considered as riskier by the 2004 AML/CFT Law, however, they represent only €951 million premia

in 2019.

Further, the sub-sector is less exposed to riskier international flows than the life insurance sub-sector.

Customers are mostly international (89% of new premia from foreign countries³⁹³). An increasing

share of turnover is realised on the markets of the EEA (82% in 2019 vs. 76% in 2018), predominantly

in Germany, France and the UK , while international activity covering risks outside of the EEA is

³⁸⁶CAA data, 2019.

387

FATF, G uidance ꢃ or a risk -based approach : ꢉ iꢃ e ꢁ nsurance, 2018 (Note: reference from page 8 for non-life insurance

activities).

³⁸⁸IAIS, Anti-money launderinꢀ and combatinꢀ th e ꢃ inancinꢀ oꢃ terrorism, 2018.

³⁸⁹IAIS, Anti-money launderinꢀ and combatinꢀ th e ꢃ inancinꢀ oꢃ terrorism, 2018.

³⁹⁰IAIS, Application P aper on C ombatinꢀ ꢈ oney ꢉ aunderinꢀ And ꢅ errorist ꢂ inancinꢀ , 2013.

³⁹¹CAA data, 2019.

³⁹²Confirmation du dé veloppement exceptionnel du secteur de l’ assurance au 4 ꢀ me trimestre 201.9

³⁹³CAA data, 2019

102

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

experiencing a downward movement in relative terms (18% in 2019 vs. 24 % in 2018).³⁹⁴For the classes

14 and 15, only four contracts were issued to PEPs in 2019, thus limiting the risk.

Reinsurance

It is often considered that reinsurance undertakings can be abused by ML/TF criminals through

establishment of shell reinsurers, establishment of shell insurers to place the proceeds of crime with

legitimate reinsurers or a deliberate placement by the insurer of the proceeds of crime with reinsurers

to disguise the source of funds. W hen a criminal establishes a shell reinsurer, the following scheme

may be abused: The criminal purchases a legitimate non-financial business and a reinsurer, and then

purchases various esoteric risks from a legitimate insurer for the non-financial business. The shell

reinsurer then reinsurers the policies issued by the legitimate insurer under a fronting arrangement,

and since there is little or no insurance risk, the reinsurer earns significant profits which it can

distribute to the criminal³⁹⁵

.

As of 2019, in Luxembourg, the sub-sector has 196 reinsurance undertakings, representing €11.4

billion in gross premia and €4 8 billion in balance sheet total. 91% of entities have a foreign owner and

39 companies are in the AML/CFT scope as they reinsure credit and suretyship risks.

The sub-sector includes traditional reinsurance undertakings (51 entities) and reinsurance captives

(14 5 entities), two entity types with different product features. Traditional reinsurance undertakings

provide insurance for other insurance companies wanting to limit their exposure in the event of large

property damages and casualty losses. Reinsurance captives are defined by the IAIS as entities directly

or indirectly created and owned by industrial, commercial or financial entities, the purpose of which

is to provide reinsurance cover for risks for the entity or entities it belongs to³⁹⁶

.

The business of reinsurance companies is highly international³⁹⁷which may increase ML/TF risk. Most

of the premia is written through ceding companies located in Luxembourg (5%), Germany (11%),

France (14 %), the UK (29%), other EEA countries (24 %) and USA/Canada (7%).

The risks are, however, reduced by the low-risk nature of products. As reinsurance is availed by

insurance companies acting as customers, the risk is lower than for life insurance undertakings. For

reinsurance entities, the only ML/TF risk is the insurance customers purchase may itself bear ML/TF

risk, resulting in a transfer of risk between products.

Reinsurance captives are often considered to be more exposed to ML risk than traditional reinsurance,

especially in the field of tax offences. ꢄ owever, in Luxembourg, this risk is limited for several reasons.

First, as for other reinsurance companies, the ownership undergoes close scrutiny by the regulator

with regard inter alia to ML risks at the licensing process and when a shareholder change takes place.

Second, reinsurance captives are fully taxable and are not subject to any special tax treatment. Third,

in their on-going concern, Luxembourg reinsurance companies are required by law to set up adequate

technical provisions. These technical provisions include an equalisation provision collecting every year

the remaining funds after claims were paid, and thus allowing especially captives with less favourable

risk diversification to cover ꢅ high risk-low frequency” exposures, (that is, where a claim does not

happen every year, but once the claim happens the company may need more than an annual premium

to pay for). The building up of this provision is regulated by a Grand-ducal regulation and closely

monitored by the regulator on the basis of detailed business plans which must be updated regularly,

thus preventing non-substantial risks to be used. The allocation to the technical provisions is tax

deductible, but the reversals are fully taxable. The funds allocated to the equalization provision are

³⁹⁴CAA data, 2019.

³⁹⁵IAIS, Anti-money launderinꢀ and combatinꢀ th e ꢃ inancinꢀ oꢃ terrorism, 2018.

³⁹⁶IAIS, Application P aper on Reꢀ ulation ꢗ Superv ision oꢃ C aptiv e ꢁ nsurers, 2015.

³⁹⁷CAA data.

103

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

locked in and may only either serve to pay claims to the fronting company or be released into taxable

results once the captive has been authorized by the regulator to give its license back. This measure

has historically limited the inherent risk of this sub-sector in Luxembourg by lowering attractiveness

for tax purposes³⁹⁸. Finally, the vast majority of parent companies of captives are foreign and premia

come from ceding companies which are predominantly located in Europe or the UK (about 83% in

2019), limiting business with riskier geographies³⁹⁹

.

Intermediaries

I ntermediaries include on the one side insurance agents and agencies and on the other side brokers,

sub-brokers and brokerage firms. Intermediaries are deemed high risk as these businesses are retail

in nature and hence tend to operate in very fragmented markets. Intermediaries are usually the first

point of contact for clients and could be misused to intermediate investment of proceeds stemming

from crimes such as bribery, corruption and fraud.^{4 00}Globally, intermediaries unknowingly allowed

criminals to obfuscate the beneficial ownership of insurance policies, for example, in cases when

intermediaries facilitate client money transaction to insurance undertakings^{4 01}

.

Further, the vulnerability of insurance product sales through intermediaries may be increased by the

fact that distribution chains become long and complex and the added incentives to arrange a policy

because of substantial commissions, which can be noticeably higher than for other financial products.

Internationally, there have been cases where criminals used insurance intermediaries from more than

five countries to limit the traceability of financial flows^{4 02}

.

Luxembourg’ s ML/TF risks of the intermediaries sub-sector are increased by the size and the

fragmentation of the market. There are 34 6 agencies, 8 353 agents, 120 brokerage firms working

through 165 approved managers and 4 78 sub-brokers as of 2019^{4 03}.

Insurance agencies and agents are inherently less risky, as they may only be approved on behalf of

Luxembourg insurance undertakings or Luxembourg branches of non-Luxembourg undertakings^{4 04}

.

The risk is increased by the high volume of transactions in brokerage business. The new premia flow

in 2019 is €65 million for non-life and €2.08 billion for life with the total premia amounting to €2.73

billion for the year.^{4 05}The risk is also increased by the high international nature of the business. As

such, brokers have mainly international clients (81% of premia from foreign countries for life and 76%

non-life) mostly focused on the EEA and UK market (premia with non-EEA and non-UK countries

accounts only for 7% in life and 12% in non-life).

Professionals of the insurance sector (PSA)

Professionals of the insurance sector (PSA) include authorised service providers of corporate

governance and management companies for insurance and pension funds^{4 06}. They typically do not

manipulate money flows and play an advisory role to the respective insurance undertakings on

pension funds, and thus have limited exposure to ML/TF risk.

³⁹⁸CAA data.

³⁹⁹CAA data, 2019.

^{4 00}FSA, Anti-bribery and corruption in commercial insurance brok inꢀ , May 2010.

^{4 01}IAIS, Ex amples oꢃ money launderinꢀ and suspicious transactions inv olv inꢀ insurance, 2004.

^{4 02}MONEYVAL, ꢈ oney launderinꢀ th rouꢀ h priv ate pension ꢃ unds and th e insurance sector, 2010.

^{4 03}CAA data, 2019.

^{4 04}2015 Insurance Law, article 284-2, para 1, subpara 2, 2^ndsentence.

^{4 05}CAA data, 2019.

^{4 06}CAA website.

104

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

The small sub-sector size of the professionals of the insurance sector further limits ML/TF exposure.

In Luxembourg, in 2019 they generated total revenues of €52 million with 25 PSA entities (for a total

of 35 licenses). Of the 35 licenses, 20 licenses were for management companies of insurance, captive

insurance, reinsurance undertakings or pension funds, three were for management companies of

insurance portfolios, nine for authorised providers of actuarial or governance-related services, and

three for claim handlers. Five management companies of captive insurance and reinsurance have a

license to act as domiciliary agent. Note that the domiciled companies are mainly entities supervised

by the CAA or linked to entities supervised by the CAA (for example, companies pertaining to the same

group).

PSAs are all locally licensed but seldom owned by foreign entities, and do not have international

business, which further reduces their ML/TF vulnerability.

CAA-supervised pension funds

CA A -supervised pension funds, similar to the pension funds supervised by the CSSF, are less

vulnerable to ML/TF risk in Luxembourg than other CAA-supervised entities. The CAA-supervised

pension funds are defined under the 2015 Insurance Law in Article 32(1) point 14 . They are similar to

CSSF-supervised ASSEP pension funds, in that they also offer defined benefit, cash-balance and

defined contribution schemes, and that affiliated members are creditors of the pension fund.

W hile pension funds are considered to have an inherently lower ML/TF vulnerability, some pension

funds globally can be structured similarly to life insurance products. They may, in rare cases, offer

cancellations or early redemptions, features that can increase ML/TF risk. In addition, criminal

proceeds can be invested into pension funds as both long-term investments and shelter of funds from

confiscation^{4 07}

.

In Luxembourg, the ML/TF risk is limited due the very small sector size. As of 2019, there were three

CAA-supervised pension funds with €82 million revenues and €539 million in balance sheet total. The

small sector size and the low fragmentation make the sector highly transparent, and acts as a barrier

for criminals to abuse the sectors. Furthermore, the low-risk products offered by the pension funds

reduce the overall ML/TF vulnerability of pension funds to a low level.

^{4 07}MONEYVAL, ꢈ oney launderinꢀ th rouꢀ h priv ate pension ꢃ unds and th e insurance sector, 2010

105

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

6 .2 .3 . Legal professions, chartered accountants, auditors,

accountants and tax advisors

Table 15 below summarises these professions in Luxembourg and their respective supervisor for

AML/CFT purposes. It should be noted that the auditors, chartered accountants, notaries, lawyers and

bailiffs are self-regulated professions in Luxembourg, and hence are supervised for AML/CFT purposes

by their respective self-regulatory body (SRB). In turn, accountants and tax advisors are unregulated

professions but under the supervision of AED for AML/CFT purposes.

Table 1 5 : Luxembourg legal professions, accountants, auditors and tax advisors and their respective

supervisor for A ML/CFT purposes

Profession

Term in French

Term in E nglish

A ML/CFT Supervisor/SR ꢀ

A cronym

R egulated professions (including for A ML/CFT purposes)

Auditors

Cabinets de ré vision

Audit firms

Institut des Ré viseurs

d’ Entreprises

IRE^{4 08}

Cabinets de ré vision agré é s Approved audit firms

Ré viseurs d’ Entreprises

Statutory auditors^{4 09}

Ré viseurs d’ Entreprises

Agré é s

Approved statutory

auditors

Chartered

accountants

Experts-comptables

Chartered professional

accountants^{4 10}

Ordre des Experts

Comptables

OEC

Notaries

Lawyers

Notaires

Avocats

Notaries

Lawyers

Chambre des Notaires

CdN

OAL

Ordre des avocats du

Barreau de Luxembourg

Ordre des avocats du

Barreau de Diekirch

OAD

Cdꢄ

Bailiffs

ꢄ uissiers de justice

Court bailiffs and judicial

officers

Chambre des ꢄ uissiers

N onregulated professions (but supervised for A ML/CFT purposes)

Accountants

Professionnels de la

comptabilité

Accounting professionals Administration de

AED

l’ Enregistrement et des

Domaines

Tax advisors

Persons other than those

listed above who exercise

in Luxembourg, by way of

their business, an activity

of tax advice or one of the

activities described in point

(12)(a) and (b), and any

other person that

Tax advisors

Administration de

l’ Enregistrement et des

Domaines^{4 12}

undertakes to provide,

directly or by means of

4 08

CSSF is the independent Public Oversight body of the Audit Profession and is responsible for performing market entry

controls.

4 09

Note that statutory auditors, approved statutory auditors, audit firms and approved audit firms may also be chartered

professional accountants. The [ approvedꢆ statutory auditors and the chartered professional accountans are two different

accreditations.

^{4 10}Note that chartered professional accountants can also be statutory auditors, approved statutory auditors, audit firms and

approved audit firms. The [ approvedꢆ statutory auditors and the chartered professional accountans are two different

accreditations.

^{4 12}If the tax advisor is a member of a SRB, then the professional is supervised for AML/FT purposes by the respective SRB. If

this is not the case, the professional is supervised for AML/CFT purposes by AED.

106

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Profession

Term in French

Term in E nglish

A ML/CFT Supervisor/SR ꢀ

A cronym

other persons to which it is

related, material aid,

assistance or advice on tax

matters as principal

business or professional

activity.^{4 11}

In Luxembourg, legal professions, chartered accountants, auditors, accountants and tax advisors are

also exposed to ML/TF risks, due to similar risk drivers as in other jurisdictions such as their legal status

key role as intermediaries. There is a significant number of professionals i.e. 2 917 lawyers^{4 13}; ~1 170

chartered professional accountants^{4 14}spread across 558 legal entities and 58 independent

professionals, 581 statutory auditors and approved statutory auditors and 78 audit firms and

approved audit firms^{4 15}; 395 accounting professionals and tax advisors^{4 16}; 36 notaries^{4 17}and 19 court

bailiffs ^{4 18}as well as eight deputising bailiffs^{4 19}. These professionals serve a wide range of clients and

international businesses.

Additionally, some of these professionals enable the creation and management of complex legal

structures and arrangements which are witnessed to be commonly used for ML/TF purposes. These

apply to different professions to different degrees (for instance, notaries legally required to register

real transactions but do not provide financial services; bailiffs also do not have a role in financial

services, etc.).

Even though their core activities are not inherently risky, their ability (except notaries and bailiffs) to

provide TCSP services in addition to their core activities exposes them to higher risk^{4 20}

.

Auditors^{4 21}

The auditors consists of audit firms, approved audit firms, statutory auditors and approved statutory

auditors. Table 16 below provides an overview of the auditors landscape in Luxembourg.

Table 1 6 : O verview of the auditors landscape in Luxembourg

Total number in Luxembourg in

E ntity / professional

Luxembourg name

February 2 0 2 0

Audit firms

Cabinets de ré vision

23

^{4 11}Referring to the 2004 AML/CFT Law, Article 2 (1), Paragraph 13.

^{4 13}ꢅ Ordre des Avocats du Luxembourg” and ꢅ Ordre des Avocats de Diekirchꢅ , data submitted ꢐ as oꢃ ꢎ 1st ꢄ ecember ꢌ 019 ) .

^{4 14}ꢅ Ordre des Experts Comptablesꢅ data submitted (as of 31st December 2019).

^{4 15}ꢅInstitut des Ré viseurs d’ Entreprisesꢅ data submitted (as of February 2020).

4 16

Referring to those accounting professionals and tax advisors that are not a member of the SRB and are supervised for

AML/CFT purposes by the AED.

^{4 17}Number fixed by law; see “Rꢀ glement grand-ducal modifié du 17 aoû t 1994 ayant pour objet de dé terminer le nombre et

la ré sidence des notaires” (link).

4 18

Number fixed by law; see “Rꢀ glement grand-ducal du 25 septembre 2009 concernant le nombre et la ré sidence des

huissiers de justice” (link).

4 19

The maximum number (10) is fixed by law; see “Rꢀ glement grand-ducal du 4 fé vrier 2016 concernant le nombre des

huissiers de justice supplé ants” (link).

4 20

The section ꢅ Cross-cutting vulnerabilitites – TCSPs” provides more detail on TCSP activities. See also FATF, ꢅ Trust And

Company Service Providers – Guidance for a risk based approach” , ꢁ une 2019.

4 21

In this document, the term ꢅ audit profession” covers equally the statutory auditors (ꢅ Ré viseurs dꢃ Entreprises” ), the

approved statutory auditors (ꢅ Ré viseurs dꢃ Entreprises Agré é s” ), audit firms (ꢅ Cabinets de Ré vision” ) and approved audit firms

(ꢅ Cabinets de Ré vision Agré é s” ).

107

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Approved audit firms

Statutory auditors

Cabinets de ré vision agré é s

Ré viseurs dꢃ entreprises

55

261 presented as follows:

•

14 8 in public practice

113 in business^{4 22}

Approved statutory auditors

Ré viseurs dꢃ entreprises agré é s

320

For the audit profession, exposure to ML/TF risks is due to three main reasons. First, in Luxembourg,

auditors is sizable and moderately fragmented profession, with 581 professionals (statutory auditors

and approved statutory auditors) in total out of which 4 68 are working in 78 audit firms and approved

audit firms or as a sole practitioner, as of February 2020. The five largest audit firms account for 73%

of statutory auditors and approved statutory auditors (34 5 out of 4 68 professionals in public practice).

The remaining 27% (123) professionals are employed by 73 audit firms, with nine professionals

working as sole practitioners.

Secondly, auditors’ activities expose them to being misused or abused for ML/TF purposes. A core

activity of the audit profession is auditing and validating the annual accounts of its customers. The

audit profession has unique access to its clients’ financial history. But statutory auditors are usually

one step removed from the daily client accounts which might limit the visibility. As such, they can play

a key role in identifying ML/TF activities but are also prone to misuse or abuse for ML/TF purposes^{4 23}

.

In addition, audit professionals perform TCSP activities which are considered as particularly ML/TF

high risk by FATF^{4 24}. It should be noted that most activities performed by the audit profession, such as

assurance services, are believed to be low-risk for AML/CFT purposes, whilst activities such as TCSP

activities are deemed higher risk. As of the first semester 2020 however, data are being assessed to

determine higher risk and lower risk activities and hence a conservative approach is taken in line with

the NRA methodology.

Finally, the auditors serve a wide variety of clients both from the financial and the non-financial

sectors, in Luxembourg and internationally, due to the nature and size of Luxembourg’ s financial

centre and its diverse population.

The case study (below) illustrates how the audit profession could be abused or misused for ML/TF.

Case Study 1 4 : Financial irregularities, forgery and use of forgeries committed by one of the

companies in which a specialised investment fund (SI F) had invested^{4 2 5}

.

One of the companies in which the SIF in question had invested is currently in judicial liquidation. This

investment was made in February 2016 on the basis of:

•

Legal and financial due diligence reports that did not mention any significant issues;

The audited accounts that were issued by the auditor for the past four years.

In August 2016, the CEO of this company died unexpectedly and a consultant was hired to assist in the

management of the business. A forensic accounting firm was also appointed for financial audits and, in

November 2016, it found that financial irregularities had occurred. External legal advisors were appointed

and their analysis revealed that irregular acts were committed by the production and use of forged

documents, in particular in conjunction with the senior management of the time, including the deceased CEO.

^{4 22}Out of which, more than 4 0 are employed by the ꢅ Commission de Surveillance du Secteur Financier” as of February 2020.

^{4 23}See, for instance, ꢅ FATF, Trust And Company Service Providers – Guidance for a risk based approach” , ꢁ une 2019.

^{4 24}The section ꢅ Cross-cutting vulnerabilitites – TCSPs” provides more detail on TCSP activities.

^{4 25}Case study taken from CRF Annual Report 2018.

108

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

In light of the above, the vulnerability of auditors is considered high, considering their ability to provide

TCSP services in addition to their core activities.

Accounting profession: Chartered accountants (ꢅ Experts-

comptables” )

In Luxembourg, chartered accountants are a large and fragmented profession, with 1 173 chartered

accountants spread across 558 legal entities and 58 independent professionals as of May 2020. A

significant portion of the chartered professional accountants is part of one of the six largest firms; 388

of the professionals are employed by one of the Big 4 firms or assimilated legal entities, which amounts

to 33%^{4 26}. The rest of the profession is spread across the remaining legal entities or are independent

professionals. Tables 17 and 18 (below) illustrate that the entities under OEC supervision are mainly

very small legal entities and independent professionals (more than 75% entities have under 10

employees) and have a limited revenue (56.2% have a revenue of less than € 500 000).

Table 1 7 : D istribution of entities under O E C supervision per size (as of 3 1 D ecember 2 0 1 8 ) ^{4 2 7}

N umber of employees^{4 2 8}

< 10

Percentage of 77.5%

entities

10-29

13.8%

30-4 9

3.7%

50-24 9

3.7%

> 250

1.4 %

Table 1 8 : R evenue range of entities under O E C supervision (as of 3 1 D ecember 2 0 1 8 ) ^{4 2 9}

R evenue range

< 500k€

500k – 1m€

16.5%

1-10m€

24 .1%

10-100m€

2.3%

> 200 m€

0.9%

Percentage of 56.2%

entities

Chartered accountants provide a key gatekeeper and intermediary role for many transactions that

have a high risk for ML/TF. In addition, they perform TCSP activities which are considered as

particularly ML/TF high risk by FATF^{4 30}. These represent a significant proportion of their activities. As

shown in Table 19 (below), 60% of chartered accountants (legal entities and independent

professionals) under OEC supervision provide domiciliation services; 14 % indicate that more than 75%

of their revenues originate from domiciliation activities. TCSP services are considered as high risk from

an ML/TF perspective. Other activities of chartered accountants such as tax and administrative advice

and establishment of annual accounts are prone to misuse or abuse for ML/TF purposes, though the

level of ML/TF risks is likely lower.

^{4 26}ꢈ Ordre des Experts-Comptablesꢈ data submitted (as of 31st December 2019).

^{4 27}Data has been collected through the 2019 RBA questionnaire (data received May 2020).

^{4 28}The size of an entity is expressed according to its number of employees, including ꢅ experts-comptables” and ꢅ non experts-

comptables” . Entities include legal entities and independent professionals.

^{4 29}Data has been collected through the 2019 RBA questionnaire (data received May 2020).

^{4 30}The section ꢅ Cross-cutting vulnerabilitites – TCSPs” provides more detail on TCSP activities.

109

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Table 1 9 : A ctivities performed by O E C legal entities / independent professionals and percentage of

total revenue stemming from this activity (TCSP activities in green) ^{4 3 1}

percentage of total revenue

% professionals

performing this

activity

Not significant

/ not

applicable

A ctivities

> 75% 10-75% < 10%

Comptabilité / Accountancy

Conseil fiscal - dé clarations fiscales / Tax advice - tax

returns

84%

81%

14%

3%

78%

54%

5%

33%

3%

10%

D omiciliation / D omiciliation

60%

50%

2%

36%

42%

43%

42%

18%

16%

Secré tariat social / Corporate secretary

nꢍ a

Mandat d'administrateur / Director’s mandate

Dé positaire de titres au porteur / Custodian of

bearer shares

49%

27%

2%

nꢍ a

30%

4%

37%

6%

31%

91%

Location de bureau / business center / O ffice

rental/ business center

25%

nꢍ a

14%

42%

44%

Autres / Others

Conseil fiscal - structuration fiscale / Tax advice - tax

structuring

25%

26%

16%

3%

52%

20%

26%

42%

6%

36%

Mandat de liquidateur / Mandate as liquidator

Activité de conseil en organisation / Organizational

consultancy activity

22%

18%

nꢍ a

4%

7%

30%

34%

33%

59%

33%

Contrat fiducie / Fiduciary contracts

A ctionnaire N ominee (portage d' actions) / N ominee

Shareholder

5%

4%

nꢍ a

35%

11%

nꢍ a

65%

89%

In light of the above, the vulnerability of chartered accountants is considered high, considering their

ability to provide TCSP services in addition to their core activities.

Notaries

Even though there are only 36 notaries in Luxembourg, the notaries employ a larger number of

professionals: approximately 250 to 300 professionals in 2019. This typically includes in-house lawyers

(ꢅ juristes collaborateurs” ) specialising in notarial law, and other experts in notarial law, notary clerks,

accountants (for the internal accounting of the respective notarial office) and/or assistants. In 2018

and 2019, five new notaries were appointed (mostly due to retirements and changes in offices); four

notaries in office changed office (the total number of 36 notaries are capped by law), and in 2020-

2021, further new notaries will be appointed given expected further retirements.

N otaries are gatekeepers to many business acts^{4 32}(such as legal entity set-up, mergers, sale of

business and credit opening) and real estate transactions. Several of the activities performed by

notaries are marked as particularly high risk by the FATF, such as overseeing real estate transactions,

the purchase of shares or other participations, legitimisation of identities of signatory, legalisation of

old documents^{4 33}or opening of safe deposit boxes in the framework of successions or divorce

^{4 31}Data has been collected through the 2019 RBA questionnaire (data received May 2020).

^{4 32}Some legal entities / arrangements are out of scope for notaries (e.g. some ꢅ fonds d’ investissement alternatif ré servé ”

(FIAR) and ꢅ SARL simplifié e” ); only acts requiring changing articles of incorporation require notaries.

^{4 33}Both legitimisation of identities of signatory and legalisation of old documents are very rare in Luxembourg.

110

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

procedures^{4 34 ,4 35}. In 2019, notaries in aggregate were responsible for guaranteeing the legal

formalities and feasibilities of around 29 600 real estate related transactions^{4 36}. Despite representing

a significant share of notaries’ activity, it should be noted not all such real estate deeds entail a

monetary consideration (i.e. some of these deeds are related to successions, donations, wills, parental

partition inter vivos and marital agreements). Notaries are also authorised to conduct real estate

public auctions for which they have an exclusive mandate, though this is estimated to be a small share

of notaries’ overall activities (no more than 50 auctions per year on average). Additionally, notaries

have an important role in accessing and updating existing company registers: they provide some

information to the RCS by means of their relevant company law deed and must consult and inform

the LBR if they detect a mismatch between the registered beneficial owner and the information that

the client has provided them with.

Some of Luxembourg notaries are involved in business acts with a wide variety of clients and

international businesses, due to the nature of Luxembourg’ s financial centre and its diverse resident

and working population. ꢄ owever, it has been observed by notaries that the majority of the notarial

deeds set up in Luxembourg concern private individuals, with international companies playing a minor

role and in some notarial offices, especially those situated in non-metropolitan areas, an insignificant

role. Newly appointed notaries usually start building their clientele amongst local private individuals

and local SMEs. Deeds set up for private individuals and SMEs do not usually concern businesses,

which are particularly exposed to ML risks. This is most notably the case for the majority of deeds

related to family or general civil law subjects, such as the setting up of wills, marriage contracts,

succession planning or real estate transactions carried out for residential purposes.

Non-face-to-face business interactions are extremely rare with natural persons but in certain cases

with legal entities could be made via intermediaries, which may, depending on the particular case,

increase the ML/TF risk (i.e. contact mostly with lawyers and not always ultimate customers).

Notaries are set up as “proꢃ ession libérale” and act as “personnes ph y siques” . This means that they are

not set up as companies or partnerships and no external ownership exists. All 36 notaries are

Luxembourg nationals. Previously it was a requirement by law that notaries appointed were

Luxembourg nationals; this has changed in recent law so new appointees’ nationality mix may change

in the future.

Case Study 1 5 : N omination of an alleged mafioso as managing administrator of a private limited

liability company (SA R L) despite his criminal background (2 0 1 9 ) ^{4 3 7}.

An alleged mafioso was nominated as managing administrator of a small private limited liability

company (SARL). This person was nominated without a notarised deed, which means that his name

was added in a small statute change after the creation of the SARL; the notary himself was not

implied in these changes.

W hen preparing such deeds, notaries check the identity of the beneficial owner. Other names listed

in a deed – especially in terms of small businesses, as it was the case here – are checked on a risk

assessment basis which also takes into account whether the persons in question are personally

known to the notary. Concerning this specific case, the case was reported in the local news in August

4 34

Opening of safe deposit boxes may occur in the framework of successions or divorce procedures and is very rare in

Luxembourg.

4 35

International standards on combating money laundering and the financing of terrorism & proliferation – FATF

recommendations.

^{4 36}Data from AED, August2020. At present, a more granular breakdown of notaries’ activities is not available, to determine

which acts relate to real estate transactions with a monetary consideration and which do not.

^{4 37}Source: ꢅ Santo Rumbo case shows the flaws in fight against money laundering” ; News item on 28th August 2019 at RTL

Today (link).

111

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

2019 and brought to the attention of the President of the CdN, who conducted the necessary

investigations and reported the findings to the CdN Committee. No professional shortcomings were

detected on the side of the notary profession, but the case highlights how company registration can

expose notaries to ML/TF risks.

In light of the above, the vulnerability of notaries is considered high.

Lawyers

Lawyers are vulnerable to ML/TF due to three main reasons. First, in Luxembourg lawyers are a large

and fragmented profession, with 2 917 lawyers working across 557 law firms as of April 2020. OAL

supervises 2 868 professionals operating in 529 different law firms, with ~30% of lawyers employed

by the seven largest law firms and a long tail of small firms (397 law firms with less than 10 lawyers;

197 with one lawyer). OAD supervises 4 9 professionals operating in 29 different law firms, all rather

small (18 of them are single-lawyer firms) with the largest law firm having about seven lawyers. Most

law firms are owned or controlled by Luxembourgish beneficial owners with 117 entities (~20%)

owned or controlled by foreign owners of which 116 are based in the EU. Regardless, the high

fragmentation of the sector increases the ML/TF risk. In aggregate, lawyers’ revenues are significant,

also given that Luxembourg is a large financial centre and a significant share of lawyers’ business is

likely to originate from the financial sector. Besides that, approximately 60% of the OAL lawyers that

responded to the first questionnaire^{4 38}state they perform activities that fall in the scope of the 2004

AML/CFT law, which amounts to about 1 4 00 lawyers.

Secondly, lawyers provide an important role as gatekeeper and intermediary for various transactions

with a high risk for money laundering. They possess relevant legal expertise, offer a variety of

different services to their clients and typically have favourable (often significant) external credibility

from their professional status. The range of lawyers’ activities has not undergone a major change in

the past two years. Services include legal advice for a variety of activities in financial and non-financial

sectors, assistance or representation of clients in financial and real estate transactions and provision

of advice in relation to, and the actual setting up and operation of, corporate structures and other

legal arrangements for clients (including domiciliation). Importantly, some of these activities

performed by lawyers are deemed as TCSP services^{4 39}, which are considered particularly high-risk for

ML/TF purposes as per FATF guidance. Approximately one third of the OAL lawyers that responded to

the first questionnaire state they perform TCSP services (see also the section “cross-cuttinꢀ

v ulnerabilities – ꢅ SC P ”ꢒ for more detail). The OAL has determined based on inspections performed

that, generally speaking, large and medium-size law firms tend to practice activities relating to

business law (investment funds, banking and financial law, etc.), while small law firms, associations

and lawyers practicing on an individual basis mainly practice activities relating to litigation^{4 4 0}. It should

be noted that OAD lawyers’ activities are mostly oriented towards litigation. As with OAL, whilst no

objective estimate exists today on the distribution of activities, further clarity on this for OAD

^{4 38}~75% of the 2,868 lawyers registered in Luxembourg responded to the questionnaire.

4 39

Namely, as per 2004 AML/CFT Law: 1) Acting as a formation agent of legal persons; 2) Acting (or arranging for another

person to act as) a director or secretary of a company, a partner of a partnership, or a similar position in relation to other

legal persons; 3) Providing a registered office, business-, correspondence- or administrative address for a company, a

partnership or any other legal person or arrangement; 4 ) Acting as (or arranging another person to act as) a fiduciary of a

ꢃ iducie or other similar legal structure; 5) Acting as (or arranging for another person to act as) a nominee shareholder for

another person.

4 4 0

In general the OAL estimates that approximately 50% of the lawyers registered with the Bar are practicing activities in

scope of the AML Law.

112

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

(including the share of potential TCSP activities for OAD lawyers) is expected when the OAD sends a

questionnaire to its members, which it plans to do in 2020.

Case Study 1 6 : Potential financial misappropriation (2 0 1 9 ) ^{4 4 1}.

In December 2018, Firm A (the ꢅ Firm” ) was contacted by a foreign state wishing to receive legal

assistance and advice in relation to a transaction involving a property located in London (the

ꢅ Property” ) owned indirectly by a ꢁ ersey-registered company (the ꢈ Targetꢈ ), itself owned by a

Luxembourg SA, whose director and beneficial owner would appear to be Mr F. Following lengthy

discussions and negotiations, on 2 May 2019, the foreign state acquired the Targetꢃ s securities,

thereby indirectly becoming the sole and exclusive owner of the Property. The agreement also

provided that the foreign state would sell the shares it held in the Sellerꢃ s capital to Mr F.

In the course of routine K YC checks, the Firm discovered the following corroborating facts reported

by the Italian press and later by the international press. A scandal is said to have rocked the foreign

state. Gifts had reportedly been invested in luxury properties, including the purchase of the

freehold to a luxury apartment block in the heart of central London. Financial arrangements are

said to have been put in place via Switzerland and Luxembourg as regards the financial management

of this property.

The press reports that this financial management, which was not particularly advantageous for the

foreign state, prompted it to buy back the entire block located in London. At the time of the

purchase, the foreign state allegedly acquired units in a Luxembourg fund B managed by the holding

company of businessman G. ꢄ e is said to have made a sizeable capital gain by selling his own units

to Mr F and his Luxembourg SA, making them business partners and co-owners with the foreign

state. In total, the foreign state is said to have invested €200 million in the management and

refurbishment of the Property.

Following a report by the foreign state’ s asset administrator, the foreign state’ s court of auditors

(which audits the foreign stateꢃ s accounts) is said to have taken the matter to court and an

investigation has been launched into financial misappropriation. Five people are reported to have

been implicated, including the head of the financial administration in the sovereign state.

Finally, lawyers serve a wide range of clients and international business, with a wide diversity of non-

resident clients and transactions in Luxembourg. There has been limited change in the client base of

lawyers in the past two years. Clients are sometimes acquired via intermediaries and non-face-to-face

interaction can occur.

In light of the above, the vulnerability of lawyers is considered high, considering their ability to provide

TCSP services in addition to their core activities.

Court bailiffs

ꢅꢄ uissiers de justice” (court bailiffs) are appointed by the Grand Duke and are ministerial officers with

the sole competence to serve judicial documents and to proceed to the enforcement of court

decisions. Court bailiffs nevertheless operate as practitioners of an independent self-employed

profession, regulated by the self-regulated body C h ambre des H uissiers. They engage in diverse legal

missions such as collecting debt, signing legal acts and more.

The sector is relatively small (19 court bailiffs and 8 deputizing court bailiffs in Luxembourg).

^{4 4 1}Case study provided by OAL on 1^stꢁ uly 2020, based on an STR dated 15 November 2019.

113

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

They pose some ML/TF risks, in particular in their capacity as gatekeepers for private auctions^{4 4 2}(i.e.

organizing public sales of furniture, household effects and harvests). The number of auctions (~60 per

year) and the number of court bailiffs carrying out auctions (~12 out of 19) are relatively low.

Moreover, only a few auctions per year are voluntary auctions by individuals or companies, with the

remaining ones being forced auctions (following a legal decision) or auctions following a bankruptcy.

The amounts of money typically involved in those auctions is low as well, even though in exceptional

cases mostly related to involuntary bankruptcy, a batch may include goods tendered valued above

€5 000 (e.g. construction vehicles and machines). Nonetheless, the value of some auctions can be

considerable. In 2019, ꢅ huissiers de justice” completed 60 auctions, where 683 items have been sold

for a total amount of €1 011 252 (average €18 854 /auction and 1 4 80/item) and prices per item

ranging from €1 to €70 000.

Besides overseeing auctions, court bailiffs also have other legal missions, with lower ML/TF risk, such

as the execution of legal decisions on Luxembourg residents (e.g. debt collections, eviction orders,

service of acts and exploits, make purely material findings). It should be noted that court bailiffs do

not accept cash for large amounts (above €15 000).

In light of the above, the vulnerability of bailiffs is considered medium

Accountants and tax advisors (supervised by AED)

In Luxembourg, the sub-sector’ s vulnerability is also increased by to the large sector size. As of 2019,

4 4 3

there were 395 accountants and tax advisors. Further, the large component of international

business involved (10 times higher import and export of auditing services in Luxembourg than

peers^{4 4 4}) also exposes the sub-sector to international flows, that may lead to ML/TF misuses.

A ccountants and tax advisors^{4 4 5}can offer a variety of services that can be potentially misused by

criminals for laundering illicit money. Accountants, for example, although they cannot certify accounts

like chartered accountants, they can be abused in their activity of recording accounting entries to

record entries related to money laundering. Also, although the Domiciliation Law prohibits them to

provide domiciliation services, they may, however, provide other TCSP services that are not reserved

for professionals. Tax advisors advise clients on taxes, and thus be misused to facilitate tax evasion

and VAT fraud^{4 4 6}

.

In Luxembourg, in line with global activity typologies, the specifics of the activities of accountants and

tax advisors may drive ML/TF risk. As such, the proprietary knowledge they possess may be misused

for unlawful activities.

In light of the above, the vulnerability of accountants and tax advisors is considered high, considering

their ability to provide some TCSP services in addition to their core activities.

^{4 4 2}This excludes real estate auctions, which are overseen only by notaries (in fact, notaries in Luxembourg can do both real

estate and non-real estate auctions).

^{4 4 3}Includes tax advisors, total unknown.

^{4 4 4}UN C omtrade 2015 figures.

^{4 4 5}As per the table (above) this concerns accounting professionals and tax advisors supervised by AED.

^{4 4 6}FATF, Risk -based approach ꢀ uidance ꢃ or th e accountinꢀ proꢃ ession, 2019.

114

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Trust and company service providers (ꢅPrestataires de

services aux socié té s et fiducies” (TCSPs)

The TCSP category includes in itself business centres and directors, which are professions that are both

supervised by the AED^{4 4 7}. Based on the 2004 AML/CFT 2004 law, business centres are allowed to

provide a registered office, business, correspondence or administrative address for a company, a

partnership or any other legal person or arrangement. For business centres, the entities have to meet

two conditions: provide domicile, and ꢅ services lié s” (related services), which may include a variety of

activities, such as reception service, telephone service, provision of equipment such as a printer, postal

mail delivery or W i-Fi. Accordingly, any natural or legal person can act (or arrange for another person

to act as) as a director or secretary of a company, a partner of a partnership, or a similar position in

relation to other legal persons.

The ML/TF risk for the sub-sector is primarily driven by the nature of TCSP activities, which are

identified as high risk. The detailed assessment on TCSP-related risks are provided in the section ꢅ TCSP

activities” of the NRA. In addition to the product risk, the sub-sector’ s size and large fragmentation

may drive ML/TF risk. As of 2019, there are 661 directors (natural persons) registered for VAT purposes

with the AED. There are at least 100 business centres operational in Luxembourg. In addition, business

centres may register companies that do not have physical presence at the centres, and as such have

limited visibility on its activity.

4 4 7

Professionals who perform these TCSP services that are a member of a SRB are not supervised by AED but by the

respective SRB.

115

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

6 .2 .4 . ꢁ ambling

Gambling is generally regarded as particularly vulnerable to money laundering given the high volume

of transactions and the widespread usage of cash to purchase tickets and to cash out winnings^{4 4 8}

.

Additionally, the emergence of online gambling websites provides additional anonymity, further

increasing the lure of this sector for ML purposes.

In Luxembourg, the gambling sector is however limited and mostly concentrated around three

activities: one casino, the National Lottery and ad hoc lotteries. There are no authorised domestic

online gambling companies or sports betting firms at the time of the drafting of this document. Online

sports betting cannot be authorised according to the 1987 Sports Betting Regulation, and offline

sports/horse betting is only offered by the National Lottery^{4 4 9}. Online gambling is not permitted; so

no legal online gambling companies operate domestically.

Casinos

Globally, casinos are typically considered as particularly vulnerable to a wide range of money

laundering techniques, given the wide customer base and large sums involved. Further, the ML risk is

increased as most transactions are cash-based. For example, 80% of payments in some European

casinos are undertaken in cash^{4 50}. Some global examples on how casinos can be misused for ML/TF

include refining, by which launderers pay low denomination cash into their casino accounts and

withdraw funds with cash of higher denomination, and criminals buying chips for cash and then

redeeming value through money transfer. Casinos are often targets of organised crime groups, and

there have been cases internationally where employees of casinos became complicit in ML/TF

activities. For example, employees can falsify player ratings and other gambling records to justify the

accumulation of casino chips, and make detection of a criminal harder to catch^{4 51}

.

In Luxembourg, the size of the sector is very small, which limits the inherent ML/TF risk. Luxembourg’ s

privately owned and only casino (Casino 2000) had 4 35 000 visitors in 2019^{4 52}, 200 employees^{4 53}and

total revenues of €53 million (of which €4 6 million gambling revenues, ꢅ GGR” ^{4 54}). About 5% of total

gambling revenues are accounted for by table games (Black ꢁ ack and Roulette) and ~95% of GGR from

slot machines. The low volumes mean that vulnerability to ML/TF is limited compared to other sectors

in Luxembourg and the gambling sector in other countries.

The ML/TF vulnerability is further reduced by the fact that the casino’ s clientele is regular and

regional: 28% of the casino customers are from Luxembourg and 60% from France, mainly within a

radius of 60 kilometres from the casino. Approximately 4 % of clients come from Germany and 4 % from

Belgium. Approximately 30% of the gambling revenues in the casino can be attributed to the highest

600 spenders. Many people visit the casino for its entertainment offers beyond gambling (for example,

concerts and restaurants). The average yearly income in Luxembourg is very high so that casino

customers have a higher spending power than other regional casinos. Note that all gambling activities

^{4 4 8}FATF, V ulnerabilities oꢃ C asinos and G aminꢀ Sector, 2009.

^{4 4 9}PMU for horse betting, Oddset for sports betting.

4 50

European Casino Association, Response to European C ommission public consultation on EU initiativ e on restrictions on

pay ments in cash , 2017.

^{4 51}FATF, V ulnerabilities oꢃ C asinos and G aminꢀ Sector, 2009.

^{4 52}A total of 4 75 000 visitors came to the Casino 2000 Entertainment Centre, but only 4 35k entered the casino area.

^{4 53}Casino 2000, ꢄ ossier ꢄ e P resse, 2016.

^{4 54}In terms of Gross Gaming Revenues (GGR), i.e. the amount the casino keeps from all wagers minus winnings and before

tax. On slot machines, customers on average lose 6% in every bet, thus bet on average ~17 times the ~€4 6 million GGR,

generated by a total turnover of ~€780 million (i.e. 17 x €4 6 million) in gambling via the casino, since intermediate winnings

are often replayed by customers in new bets. The amount that customers bring to the casino, in cash or via credit cards, is

estimated to around five times the GGR (~€230 million), including former winnings that are brought back.

116

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

require face-to-face interaction with casino staff, which makes it less attractive for criminals for ML/TF

purposes.

National lottery

W hile globally large-scales lotteries are considered less vulnerable to ML/TF risk than casinos, there

have been cases in other jurisdictions where they have been abused by criminals to launder money.

For example, criminals can buy winning lottery tickets from legitimate customers^{4 55}, or a retailer may

offer national lottery products to be exploited for criminal purposes^{4 56}. Lotteries may also be misused

for criminals to remain anonymous, for example by using fraudulent or stolen identities when claiming

significant prizes^{4 57}

.

The ML/TF risk of the N ational Lottery is very limited because of public ownership^{4 58}. The National

Lottery is operated by the “Œuv re ꢇ ationale de Secours G rande-ꢄ uch esse C h arlotte”, which is an

“établissement public” (public entity) under a law of 22^ndMay 2009^{4 59}, and managed by a dedicated

general manager and the management team. Its profits are redistributed to charities in various fields

(e.g. healthcare or culture) through the ꢅŒuv re ꢇ ationale de Secours G rande-ꢄ uch esse C h arlotte”.

The ꢅŒuv re ꢇ ationale” manages the annual profits generated by the National Lottery.

The ML/TF risk is further reduced by the small sub-sector size. As of April 2020, no other gambling or

sports betting operator expect the National Lottery is authorized in Luxembourg, it has a ꢅde ꢃ acto”

monopoly over a number of betting activities in Luxembourg. The National Lottery counted ~4 9

employees in 2019 exclusively dedicated to its operation. It has an average revenue of €4 7 million per

year^{4 60}

.

The National Lottery also has the majority of its revenue generated from low-risk products. Most

(~96%) of the revenues are generated by jackpot-driven games (with a very low probability of winning

high stakes) and only ~4 % of its revenues coming from horse/sports betting^{4 61}(which presents higher

vulnerability given higher odds of winning lower amounts)^{4 62}. Note that horse/sports betting have a

smaller base with up to 10 000 players, where jackpot-driven games have an average of 50 000

players. W ithin jackpot-type games, around 79% of revenues come from draw based games (classic

lotteries such as Euromillions and Lotto) and 18% from instant games (as scratch-cards). The relatively

small revenues are also spread across a very broad customer base, with 35 000-50 000 regular

customers on average weeks (which can go up to 80 000–90 000 customers in busy weeks).

The vast majority of customers are from Luxembourg or neighbouring countries, as sales are limited

to the Luxembourg territory. For its draw-based games, the National Lottery has established

collaborations with foreign/international lotteries (e.g. Euro Millions, Lotto), in order to offer larger

potential winning pools to its customers. The instant games (in the form of scratch-cards) are all

domestic only.

^{4 55}FATF, Vulnerabilities of Casinos and Gaming Sector, 2009.

^{4 56}Gambling Commission, ꢈ oney launderinꢀ and terrorist ꢃ inancinꢀ risk w ith in th e ꢋ ritish ꢀ amblinꢀ industry , 2017.

^{4 57}Gambling Commission, ꢈ oney launderinꢀ and terrorist ꢃ inancinꢀ risk w ith in th e ꢋ ritish ꢀ amblinꢀ industry , 2017.

^{4 58}Note that private lottery operators are possible by Luxembourg law, but none are currently present.

4 59

ꢅ Loi du 22 mai 2009 relative ꢋ l’ Œ uvre de Secours Grande-Duchesse Charlotte et ꢋ la Loterie Nationale, with Article 2

stating that “ꢉ ꢖ Œ uv re a pour missions : ꢘ…] dꢖ orꢀ aniser et de ꢀ érer la ꢉ oterie ꢇ ationale.”

^{4 60}€4 6 million gross gaming revenue (GGR) per year, with total sales averaging €100 million per year.

4 61

~2% of revenues through horse betting and ~2% of revenues through sports betting. ꢄ orse betting is organised by LN,

conducted via the French PMU, on PMU terminals. Sports betting is conducted via the German ODDSET Group and the

German Lotto- und Totoblock, formed by the 16 German State-lotteries. Although sports/horse betting present a higher

vulnerability to ML, it represents a very small part of total revenues.

^{4 62}W orld Lottery Association, “ꢅ h e ꢊ ꢉ A ꢊ orld ꢉ ottery ꢄ ata C ompendium” , 2015.

117

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

The National Lottery uses intermediaries (ꢅ points of sale” ) to sell its products, including supermarkets,

petrol stations, newsagents, bars and others, which totalled ~4 25 in 2019. Its only direct sales channel

is online at the National Lottery website, which represents only ~6% of revenues. Around 94 % of

revenues are generated from tickets sold via points of sales (supermarkets and kiosks with ~60% of

sales, petrol stations with ~15% of sales, and the remaining in bars and restaurants). As such, although

intermediaries are involved in selling National Lottery tickets, they are not likely to significantly

increase ML/TF risk as the products themselves are inherently low-risk.

Ad hoc lotteries

A d hoc lotteries are organised in Luxembourg at the municipal and national levels according to article

2 of the 1977 Gambling Law. All lotteries must be dedicated, partially, or entirely, to charity purposes.

The low ML/TF risk is driven by the small volumes involved in the sub-sector, thus inhibiting large-

scale ML/TF activities. Most lotteries are organized at the local level and approved by one of the 102

municipalities, if they are expected to generate less than €12 500. No aggregate data on local ad-hoc

lotteries across municipalities is collected, but overall they are unlikely to generate significant

proceeds given the low threshold in place. Assuming conservatively that each municipality authorizes

three ad hoc lotteries a year for average revenues of €6 000, total revenues generated by local ad hoc

lotteries would reach only €2 million per year.

Above the expected revenue level of €12 500, lotteries must be approved by the Minister of ꢁ ustice.

An average of 5-10 lotteries are authorized each year at the national level. Overall, the amounts

involved for these national ad hoc lotteries are likely to be limited: They each generate on average

between €4 0 000 and €50 000, leading to an expected annual total of ~€350 000 amongst all of them.

Furthermore, authorisations granted by the Minister of ꢁ ustice provide that 4 0% of the generated

revenue is distributed as wins to the participants.

The ML/TF risk is also reduced by the low-risk nature of ad hoc lottery organisers. Until now, all

authorisations for lotteries at the national level have been granted to well-known non-profit

organisations (such as charities, sports clubs) established in Luxembourg for decades, as for example

the Red Cross.

Sports betting and online gambling

The level of ML/TF risk from sports betting and online gambling is considered as low in Luxembourg

given that no authorised company operates in sports betting or online gambling (except the National

Lottery, see above). W hile horse/sports betting activities providers may be authorised under the 1977

Gambling Law, the National Lottery currently has a monopoly on horse/sports betting and only offers

offline horse/sports betting, with tickets sold via ~30 retailers for horse betting and ~25 for sports

betting with an approximate average yearly revenue of €2 million.

6 .2 .5 . Real estate

The real estate and associated construction sectors are typically regarded as high risk globally. They

often involve large monetary transactions and offer the ability to conceal the true source of the funds

either directly through physical persons or via layering of the transaction involving multiple legal

entities. Indeed, products offered are particularly suited to laundering since they include physical

assets such as land and houses which enable storage of monetary value and potential to reap returns

(via investment in funds/physical assets). The large number of customers (many of whom will have

legitimate activities) could offer a level of anonymity to criminals (who could for instance use physical

persons as third parties to obscure the ultimate beneficiary).

118

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

Globally, various money laundering real estate techniques have been used for misused for criminals.

For example, criminals have purchased a property with cash from criminal proceeds, or used off-shore

companies to conceal beneficial ownership. Another popular technique observed globally is financing

a property purchase through loan back, meaning the criminals borrow their own criminal

money^{4 63}.Other commonly used fraudulent techniques include mortgage schemes, manipulation of

property price (over/under-valuation, successive sales and purchases), investments schemes, financial

entities (criminals purchase real estate through investment funds), complex loans and credit finance.

In Luxembourg, the risk is in line with the global risk rating. The ML/TF is driven by the large sector

size and fragmentation. The real estate activities sector contributes 8.1 % to the country’ s gross value

added in 2019 with ~€ 4 .1 billion^{4 64}. Furthermore, the real estate and construction sector is very

fragmented with more than 6 500 enterprises involved in real estate related and construction

activities^{4 65}and more than 50 000 employees^{4 66}. Combined production value exceeded €14 billion in

2019.

The vulnerability is amplified as laundering via real estate activities is dependent on the presence and

expertise of service professionals, who form a very sophisticated and mature industry in Luxembourg.

R eal estate agents, who act as intermediaries in real estate transactions, are particularly exposed to

ML/TF, especially given their central role in transaction facilitation.^{4 67}For example, criminals may

misuse agents in a deliberate way to disguise the identity of the beneficial owner. Further, agents may

be misused to manipulate the market value of a property and allow a criminal to launder illicit money.

In Luxembourg, this sector is sizeable and fragmented, driving significant ML/TF risks, with 2 329 real

estate agents. The five largest companies account for only ~20% of the total revenue.^{4 68}The combined

turnover of real estate agents in 2018 was ~€2.6 billion. Approximately a half of real estate agents

have annual turnover less than €120 000, approximately a third have an annual turnover between

€120 000 and €620 000, and approximately 15% have annual turnover above €620 000. There is also

a high volume of and value of transactions, which may drive the ML/TF risk of the sub-sector. In

addition, real estate agents have a small proportion of non-resident clients (3-4 %), with geographical

risks adding another layer of opacity to the source of money.

R eal estate developers (“p ro mo teurs”) share similar ML/TF risk exposure to real estate agents. They

realise the construction programs of properties, and similar to agents, can be involved in operations

concerning the purchase or sale of real estate. As such, they may also act as intermediaries in the sub-

sector. Similar to agents, real estate developers are a large and fragmented sub-sector. They also

handle multiple a large volume and value transactions. The overall produced volume by the

construction sector in Luxembourg in 2019 was ~€8.6 billion. They are introduced in the AML/CFT

scope by the 2020 AML/CFT Law.

6 .2 .6 . Dealers in goods

Dealers in goods are exposed to ML/TF given that they offer products of high value that can be easily

stored, transported and exchanged at a similar value due to the commoditisation of luxury products.

Also, the anonymity offered to clients (via intermediaries) and the high level of secrecy in the industry

reinforces the sector’ s vulnerability. Globally, there have been cases where criminals used to purchase

^{4 63}OECD, ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ Aw areness H andbook ꢃ or ꢅ ax Ex aminers and ꢅ ax Auditors, 2019.

^{4 64}STATEC, Eꢌ10ꢎ, Section 7, Code ꢉ.

^{4 65}STATEC, latest data available for 2017.

^{4 66}STATEC.

^{4 67}FATF, ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ ꢅ h rouꢀ h th e Real estate sector, 2007.

^{4 68}AED.

119

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

high value goods in cash and obtained a refund in an alternative money transfer service, legitimising

their criminal proceeds^{4 69}

.

In Luxembourg, dealers in goods are defined in the AML/CFT regulation as entities dealing goods and

accepting cash equivalent to €10 000 or more in any currency. These include dealers in precious

metals, watchmakers and jewellers, car dealers, art/antiques dealers and luxury goods retailers (e.g.

”maroquinerie”).

The vulnerability to ML/TF for each of the sub-sectors except car dealers in Luxembourg is limited as

they are a very concentrated. For instance, although it has ~€4 billion in revenues and 8 000

employees, subsectors are highly concentrated. Only car dealers are moderately fragmented with over

762 dealers as of March 2020^{4 70}.

Dealers in precious metals, art and luxury goods have similar attributes including high concentration

and considerable cash usage, which drives similar levels of vulnerability. The vulnerability of dealers

in precious metal, j eweller, watchmakers is linked to the commoditized nature of high-value products

but is mitigated by the small size of the sector in Luxembourg. As of 2019, there are 153 entities in this

sub-sector. Similarly art and antiꢃ ue dealers represent a relatively small industry. Finally, luxury-good

dealers (e.g. “maroquinerie”) are a highly concentrated sector with established companies, which

limits inherent risk.

The most vulnerable sub-sector within dealers of objects is car dealers. It is a large and fragmented

sector with an estimated 762 entities^{4 71}. In addition, activities such restoration of antique or second-

hand cars sale where it is difficult to objectively value the good/service could be used to launder

money.

6 .2 .7 . Freeport operators

FATF defines Free Trade ꢇ ones as ꢅ designated areas within jurisdictions in which incentives are offered

to support the development of exports, foreign direct investment (FDI), and local employment” ^{4 72}. In

recent years, freeports have often been used for long-term storage because of the highly secure

environments provided.

Globally, freeports are typically regarded as presenting high ML/TF risks^{4 73}. Freeports have been

among the beneficiaries as undeclared money has fled offshore bank accounts as a result of tax-

evasion crackdowns in America and Europe. Freeports in other jurisdictions provide high security and

confidentiality to their clients, and may not have full information on the ultimate beneficial

ownership^{4 74}. They may prove the ability for owners to hide behind nominees, and an array of tax

advantages, that further conceal owner identities. Freeports can store high value goods (e.g. works of

art), which may be used as a replacement for intra-banks transactions (for instance art works used as

warranty and/or payment for drugs shipments). In addition, integration of illegal proceeds can occur

through trades in free trade zone, by falsifying the value/quantity of a shipment to justify value

transfer.

The Freeport in Luxembourg is located in Luxembourg Findel airport and encompasses 22 000m² of

building structure. It is specifically designed for storage of high value goods (such as artwork, vintage

cars and fine wines). ꢄ umidity, temperature and other storage conditions are adapted. It has direct

^{4 69}ꢁ ersey FSC, Aꢈ ꢉ ꢍ C ꢂ ꢅ H andbook ꢃ or Estate Aꢀ ents and H iꢀ h V alue ꢄ ealers, 2015.

^{4 70}AED.

^{4 71}STATEC.

^{4 72}FATF, ꢈ oney ꢉ aunderinꢀ v ulnerabilities oꢃ ꢂ ree ꢅ rade ꢙ ones, March 2010.

^{4 73}FATF, ꢈ oney ꢉ aunderinꢀ v ulnerabilities oꢃ ꢂ ree ꢅ rade ꢙ ones, March 2010.

^{4 74}European Parliamentary Research Service, ꢈ oney launderinꢀ and tax ev asion risk s in ꢃ ree ports, October 2018.

120

Luxembourg National Risk Assessment

Detailed assessment by sector Inherent

risk – Vulnerabilities

tarmac access on the cargo runway to reduce as much as possible package manipulations. Its fire

system is designed to protect artwork (vacuuming oxygen in the rooms). Strong rooms are up to 300m²

in surface. Gold is allowed, but cash is not. It is managed by the Freeport Management Company SA.

Four licensed freeport operators rent space at the Freeport as of March 2020. One operator works

mainly for galleries and museum, one for art intermediaries, one specialises on gold storage and the

fourth one for banks (e.g. gold), which results in second-order ML/TF exposure.

In Luxembourg, the ML/TF risk lies primarily with the freeport operators as they interact directly with

clients and handle the goods. In line with global risk assessments, the ML/TF vulnerability is primarily

driven with their high-risk nature of activities, as they allow storage for different types of high-value

goods. In addition, the freeport have large international flows, which may expose them to ML

activities from other countries.

ꢄ owever, in Luxembourg a comprehensive package of legislative and operational measures has

ensured transparency and the application of AML mitigating measures. Since 2015, freeport operators

in Luxembourg are required to identify the beneficial owners of the goods that were brought in by

their clients. Galleries, merchants and dealers are often unable to share this information on their

clients, as a major share of their clients prefer privacy. Clients cannot use offshore companies, trusts,

lawyers, nominees or galleries to shield their ownership of goods in the Luxembourg Freeport. Those

clients may prefer using other freeports where information on ultimate beneficial ownership is not

required^{4 75}. Therefore, compared to similar structures internationally, the Freeport in Luxembourg

may less be attractive for criminals for ML purposes, and as such be much less likely to be abused for

ML/TF purposes.

^{4 75}See for instance, European Parliamentary Research Service, ꢈ oney launderinꢀ and tax ev asion risk s in ꢃ ree ports, October

2018

121

Luxembourg National Risk Assessment

Legal entities and arrangements Inherent

risk – Vulnerabilities

6.3. Legal entities and arrangements

Legal entities and arrangements are commonly regarded to be highly vulnerable to ML/TF crimes. As

the OECD observes, ꢅ almost every economic crime involves the misuse of corporate vehicles” ^{4 76}since

they might help conceal origin of funds and/or allow funds to be moved overseas. This is because

movements of large amounts of proceeds between legal entities and arrangements may attract less

attention and suspicion than movements between individuals. Also, legal entities and arrangements

can help conceal identity of ultimate beneficial owners and make the link to criminality more difficult

to establish by using layers of entities in multiple jurisdictions.

As a result, the number of cases involving co-mingling of illegitimate and business activities has

increased worldwide^{4 77}. Although only a small minority of corporate vehicles are used for money

laundering, the amounts at stake are estimated to be very large. In 2011, out of the 213 grand

corruption cases reviewed by W orld Bank, 150 involve corporate vehicles with a total of ꢂ 56.4 billion

involved in those cases^{4 78}.

The following two case studies illustrate the misuse of LE&A as a means to launder assets.

Case Study 1 7 : Concealment of assets in D utch and Luxembourgish companies through complex

corporate operations and multiple trusts^{4 79}

In 2009, the ꢇ ucleo P oliz ia of Milan conducted a preventive seizure of funds, for a total value of

€1.3 billion, held in the Channel Islands and traceable to a single family. The assets were concealed

through a complex network of trust accounts, hiding the beneficiaries of assets (public debt

securities and cash). The investigation established that over a 10-year period, between 1996 and

2006, the subjects placed their assets in Dutch and Luxembourgish companies through complex

corporate operations, and by transferring the assets to different trusts in the Channel Islands. In

December 2009, the funds were legally repatriated through a tax amnesty. Moreover, the

investigation identified chartered accountants who had facilitated the concealing of funds over

times, through multiple trusts, with the aim of facilitating laundering and reinvestment.

This case brings to light two key elements, which, in conjunction, may constitute indicators of

misuse of legal entities and arrangements:

•

A legal person or arrangement incorporated in a low-tax jurisdiction or international trade or

financial centre;

•

Complex corporate structures that do not appear to legitimately require that level of

complexity or which do not make commercial sense.

Case Study 1 8 : Tax fraud involving a Luxembourg numbered account in the name of a foundation

A doctor (the suspect) received payments from the pharmaceutical industry with which he was in

business, in amounts that varied per contract. These payments, which can be considered income,

were not paid into one of the suspect’ s Dutch bank accounts, but into Luxembourg numbered

^{4 76}See for instance, OECD, ꢋ eh ind th e corporate v eil: usinꢀ corporate entities ꢃ or illicit purposes, 2001.

^{4 77}W orld Economic Forum, ꢆ rꢀ anised C rime Enablers, G lobal Aꢀ enda C ouncil on ꢆ rꢀ aniz ed C rime, ꢁuly 2012.

4 78

W orld Bank, ꢅ h e P uppet ꢈ asters: H ow th e corrupt use leꢀ al structures to h ide stolen assets and w h at to do about it,

October 2011.

^{4 79}See FATF Egmont Group, Report on C oncealement oꢃ ꢋ eneꢃ icial ꢆ w nersh ip, 2018 for more detail.

122

Luxembourg National Risk Assessment

Legal entities and arrangements Inherent

risk – Vulnerabilities

accounts, and in the name of a foundation. The suspect never declared the balances of these

Luxembourg bank accounts in his income tax returns.

This case brings to light several key elements, which, in conjunction, may constitute indicators of

misuse of legal entities and arrangements:

•

Multiple bank accounts without good reason, and/or bank accounts in multiple international

jurisdictions without good reason;

•

Transaction involving a numbered account;

Focus on aggressive tax minimisation strategies;

Correct documents not filed with the tax authority;

Funds are sent to, or received from, a foreign country when there is no apparent connection

between the country and the client.

Funds involved in the transaction are sent to, or received from, a low-tax jurisdiction or

international trade or finance centre.

Table 2 0 : Legal entities and arrangements. I nherent risk assessment (at subsector-level)

Sector

I nherent risk

Sub-sectors

I nherent risk

Legal entities

and arrangements

H igh

Sociétés commerciales*

Domestic ꢅ fiducies” *

Foreign trusts

V ery H igh

H igh

Associations sans but lucratiꢃ ꢐASꢋ ꢉ ) and ꢃ ondations with

Non-governmental organisations (NGO) status

Sociétés civ iles

Medium

Low

Other associations sans but lucratiꢃ ꢐ ASꢋ ꢉ )

Other ꢃ ondations

Other legal entities

Low

* ꢇ ote th at many oꢃ th ese corporations may already be entities superv ised by Aꢈ ꢉ ꢍ C ꢂ ꢅ competent auth orities dependinꢀ on th eir industry

sector ꢐ e.ꢀ . ꢃ inancial corporations by C SSꢂ and C AA) . Additionally , most oꢃ ꢃ iducies are ex pected to be manaꢀ ed under ꢃ iduciary aꢀ ents, w h ich

in ꢉ ux embourꢀ are required to be Aꢈ ꢉ ꢍ C ꢂ ꢅ superv ised entities, iꢃ th e ꢃ iducie is to be aw arded leꢀ al protection under th e ꢂ iducies and ꢅ rusts

ꢌ 00ꢎ ꢉ aw ꢐ see section on ꢉ eꢀ al arranꢀ ements) . H ow ev er, at present av ailable data does not allow ꢃ or a ꢀ ranular quantiꢃ ication oꢃ th e number

oꢃ leꢀ al entities or arranꢀ ements per a ꢀ iv en industry and w ith its ꢃ iduciary aꢀ ent under a ꢀ iv en Aꢈ ꢉ ꢍ C ꢂ ꢅ superv isor.

6 .3 .1 . Legal entities

Legal entities are legal persons who are recognised legal capacity. A legal entity has legal capacity to

enter into agreements or contracts, assume obligations, incur and pay debts, sue and be sued in its

own right, and to be held responsible for its actions. In Luxembourg, legal entities include five main

types as per the table below. All legal entities incorporated in Luxembourg must be registered with

the Reꢀ istre de C ommerce et des Sociétés (RCS) as per 2002 RCS Law. The RCS counts 137 4 4 4 legal

entities ^{4 80}in the registry as of ꢁ une 2020. Basic information available in the registry slightly differs

by type of company (e.g. SAs provide less information on ownership than SARLs due to their nature).

The RCS, as of 2019, is managed by the LBR (Luxembourg Business Registers). The LBR is an economic

grouping placed under the authority of the Minister of ꢁ ustice, which consolidates the State, the

^{4 80}Data request to LBR, March 2020.

123

Luxembourg National Risk Assessment

Legal entities and arrangements Inherent

risk – Vulnerabilities

Chamber of Commerce and the Chamber of Trades. The LBR’ s mission is to manage and to develop,

beyond the RCS, the different registers it is trusted with, each with its own legal framework.

Table 2 1 : Legal entity taxonomy in Luxembourg

Legal entity types, as registered in the RCS Mapping to Luxembourg legal framework

Sociétés commerciales

•

As per article 100-2 of the 1915 Companies Law:

SNC (Socié té en nom collectif)

SCS (Socié té en commandite simple) and Socié té en commandite

spé ciale^{4 81}

•

SA (Socié té anonyme) and SAS (Socié té par actions simplifié e),

including SCOOP (Socié té cooperative organisée comme une SA)

•

SCA (Socié té en commandite par actions)

SARL (Socié té ꢋ responsabilité limité e) and SARLS (Socié té ꢋ

responsabilité limité e simplifié e)

•

SC (Socié té cooperative)

SE (Socié té Europé enne)

Sociétés civ iles

•

As per article 1832 of the Civil code

Association sans but lucratiꢃ (non-profit

Non-profit organisations, as per 1928 NPOs Law

organisations, including NGOs)

ꢂ ondations

•

Foundations, according to the 1928 NPOs Law

Other legal entities

All other legal entities registered with RCS, including, but not limited

to:

•

Groupements d’ inté rê t é conomique

Groupements europé ens d’ inté rê t é conomique

Associations agricoles

Etablissements publics

An overview of the existing legal entities as of ꢁ une 2020 registered with the Reꢀ istre de C ommerce et

des Sociétés is provided below.

Table 2 2 : ꢀ reakdown of existing legal entities as registered in the R CS, 2 0 1 7 -2 0 2 0

2017

N umber

2018

N umber

ꢂ une 2020

Type

% total

N umber

% total

S o cié té s co mmerciales, incl.

Société ꢔ responsabilité limitée^{4 8 ꢌ}

Société anony me^{4 8 ꢎ}

124 729

71 347

48 048

3 058

1 675

423

87%

129 128

75 321

47 311

4 104

1 800

413

86%

120 270

74 960

37 402

5 634

1 937

174

88%

-

Société en commandite^{4 8 4}

Société en commandite par actions

Société en nom collectiꢃ

-

Société cooperativ e

146

150

129

Société Européenne

32

-

29

-

34

-

A sso ciatio ns sans ꢀ ut lucratif ( incl. N G O s)

10 838

8%

11 246

7%

8 318

6%

^{4 81}W hile Sociétés en commandite spéciale are not recognised as a legal person separate from its members by article 100-2

of the 1915 Companies Law, seeing as the LBR registers them as corporations, they are included in our count.

^{4 82}Includes Société ꢔ responsabilité limitée simpliꢃ iée.

^{4 83}Includes Société coopérativ e orꢀ anisée comme une SA, and Société par actions simplifié e.

^{4 84}Includes Société en commandite simple and Société en commandite spéciale.

124

Luxembourg National Risk Assessment

Legal entities and arrangements Inherent

risk – Vulnerabilities

S o cié té s civ iles

4 782

3%

4 998

3%

5 486

4%

Fo ndatio ns ( includes N G O s, ꢁ h ere

ap p licaꢀ le)

211

3 278

0%

2%

214

4 581

0%

3%

217

3 153

0%

2%

Other legal entity types

T o tal registered in RCS

143 ꢂ3ꢂ

100%

149 997

100%

137 444

100%

Source: Reꢀistre de Commerce et des Sociétés. ꢇ ote, numbers ꢃ or ꢌ 017 and ꢌ 018 may diꢃ ꢃ er ꢃ rom th e ꢌ 018 ꢇ RA. ꢊ e h av e rev ised th em ꢃ or

consistency w ith th e ꢌ 0ꢌ 0 classiꢃ ication

The national vulnerability derives from a high number of corporations and special legal entities:

137 4 4 4 legal entities as of ꢁ une 2020, with a high perceived level of foreign ownership and

international operations and businesses. It is also noted that in addition, ~25 000 legal entities are

under judicial or voluntary liquidation, or under insolvency proceedings under judicial control and are

thus perceived to have a lower ML/TF risk (given that they are being managed by insolvency

practitioners or lawyers).

125

126

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

S o cié té s co mmerciales (corporations) are the main type of legal entities in Luxembourg, totalling

120 270 in ꢁ une 2020. They are registered at the RCS, which is run by the LBR.

As per article 100-2 of the 1915 Companies Law, supplemented by the Law of 12 ꢁ uly 2013, and the

EC Regulation 2157/2001 (Art. 16.1), the law recognises seven types of legal entities:

•

SNC ꢐ Société en nom collectiꢃ ) – general corporate partnership/unlimited company

SCS ꢐ Société en commandite simple) – common limited partnership

SA (Société anony me), by the Law of 10 August 2016, and the SAS (Socié té par actions simplifié e)

– public company limited by shares and simplified joint stock company

•

SCA (Société en commandite par actions) – corporate partnership limited by shares

SARL (Société ꢔ responsabilité limitée) and SARLS (Société ꢔ responsabilité limitée simpliꢃ iée) –

private limited liability company, and simplified private limited liability company

•

SC (Société cooperativ e) – co-operative society

SE (Société Européenne) – European company

Each of the above constitutes a legal person separate from its members.

Temporary commercial companies (Sociétés commerciales momentanées), commercial companies by

participation (Sociétés commerciales en participation), and special limited partnerships (Sociétés en

commandite spéciale), do not have a legal personality distinct from that of their members. ꢄ owever,

as the LBR registers Sociétés en commandite spéciale, we have included them in our count.

Out of 137 4 4 4 legal entities registered, the RCS counted 71 981 SARL and 37 135 SA in ꢁ une 2020:

59 099 of the registered entities were financial services entities, excluding insurance and pension

funding – the largest segment; 5 689 entities were real estate companies.

Although these entities are widespread and play an important and legitimate role in many of the

sectors in Luxembourg’ s economy, they may also be exploited to conduct ML/TF. According to

international research, entities can be structured to make beneficial ownership more opaque, and can

be used to disguise and convert illicit proceeds. Luxembourg has immobilised bearer shares pursuant

to a legislation in force since 2014 ^{4 85}. All existing and new bearer shares must be deposited with a

professional submitted to AML/CFT requirements. Shares that have not been registered by February

2016 had been cancelled and their value deposited with the Treasury’ s C aisse de consiꢀ nation.

S o cié té s civ iles are a flexible company structure (e.g. no capital required) traditionally used by

Luxembourgish residents to manage non-commercial real estate assets in a tax transparent manner,

per article 1832 of the Civil Code^{4 86}. There have been no known cases of ML/TF through sociétés civ iles.

Although far less than commercial companies in number, their number is still relatively high (5 4 86^{4 87}

as of ꢁ une 2020) and they have no obligation to submit annual accounts or to audit accounts, which

further exposes Sociétés civ iles to ML/TF. This type of company structure is mostly used for real estate

management in the form of a Société civ ile immobiliè re. It can also concern civil, agricultural, liberal

or intellectual professions. Sociétés civ iles are registered at the RCS.

A S B L s ꢅassociations sans but lucratiꢃ ” (non-profit organisations, or NPOs) operating locally without

exposure to high risk jurisdictions are more fragmented (8 318 entities as of ꢁ une 2020^{4 88}). Even

though no centralised taxonomy exists to classify them (e.g. by type of activity), most of them are

^{4 85}Law of 28 juillet 2014 relative ꢋ l’ immobilisation des parts au porteur.

4 86

ꢅ Une socié té peut ê tre constitué e par deux ou plusieurs personnes qui accepte de mettre en commun quelque chose

choisit en vue de partager le bé né fice qui pourra ê tre ré sulter ou, dans les cas pré vus par la loi, par acte de volonté dꢃ une

personne bine qui affecte lꢃ exercice dꢃ une activité dé terminé e.” , Article 1832 du code civil.

^{4 87}Data request to LBR, ꢁ une 2020.

^{4 88}Data request to LBR, August 2020.

127

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

thought to be local sports clubs and community associations, with a limited number of non-

Luxembourg resident members. Many are assembled in broader national federations (e.g. ꢂ édération

nationale de ꢃ ootball) allowing to determine their type of activity. All ASBLs are registered at the RCS.

According to the 1928 NPO law, all ASBLs have a legal requirement to yearly file with the RCS the list

of their members (article 3) as well as any change in the composition of the board of directors (article

10). ASBLs do not need to submit financial statements unless they accept donations or wills, receive

public funds, or are recognised as being of public interest by Grand-Ducal decree, in which case they

are treated (and have similar obligations) as ꢂ ondations. All donations made to ASBLs are irrevocable.

In view of their activities (mostly sportive and cultural, with no fund raising for charitable purposes)

and ownership structure, most ASBLs are estimated to have a low exposure to ML/TF threats; but

given their relatively high number, the inherent risk is evaluated as medium for the local ASBL sector

as a whole until a national assessment of their activities will permit a more granular assessment, in

line with a conservative approach.

Notwithstanding, N ꢁ O s (non-governmental organisations) have been flagged by FATF as being

exposed to the risk to be abused for terrorism financing. This covers essentially NPOs that operate in

high-risk jurisdictions (including areas of conflict with an active terrorist threat). It should be noted

NPOs with a goal of international cooperation and development (NGOs for Development) are

specifically defined^{4 89}and accredited by the Ministry of Foreign Affairs, ꢈ inistè re des Aꢃ ꢃ aires

étranꢀ è res et européennes, (MAEE); around 100 of such NGOs were in existence as of year-end

2019^{4 90}. These NGOs for Development mostly take the legal form of an ASBL. In some instances,

foundations, when pursuing development projects in addition to their national public utility purpose,

might be recognized as NGOs for their international activity. Given MAEE finances NGOs, it performs

checks on NGOS and their projects to ensure appropriate use of government funds. W hen receiving

public subsidies, NGOs must have their accounts audited and submitted to the RCS annually. The

number of NPOs with a potential exposure to TF is however still low.

Any person may, subject to approval by grand-ducal decree, allocate by authentic act or by will all or

part of his or her assets to the creation of a f o undatio n, which has civil personality under the

conditions set out below. Only foundations that essentially with the help of the income from the

capital assigned to their creation or collected and excluding the pursuit of material gain and are

intended to carry out a work of a philanthropic, social, religious, scientific, artistic, educational,

sporting or tourist nature are considered to be foundations (217 foundations are registered in the RCS

as of 30 ꢁ une 2020^{4 91}). Any authentic declaration and any testamentary disposition made by the

founder with a view to creating a foundation shall be communicated to the Moꢁ for approval. Until it

is approved, the founder may withdraw his or her declaration. This right does not belong to the

executor or to the heirs and successors.

In Luxembourg, foundations are less vulnerable to ML/TF; the number of entities is relatively limited

(217 entities as of ꢁ une 2020^{4 92}) and no private foundations are allowed – all entities act purely in the

public interest and donations (including initial founding) made are irrevocable. They have a low

number of non-Luxembourg resident Board members, have mandatory submissions of their accounts

to the Ministry of ꢁ ustice on an annual basis, and must be registered with the RCS (article 34 ). Still,

foundations typically involve large sums of money which may make identification of suspicious activity

and criminal intent difficult to detect, and hence may still be somehow exposed to ML/TF risk.

O ther legal entities are less vulnerable to ML/TF due to their limited number, regulation and

ownership structure, such as ꢅ G roupements dꢒ intérê t économique (GIE)” (82 in ꢁ une 2020),

^{4 89}Article 7 of loi du 9 mai ꢌ 01ꢌ modiꢃ iant la loi modiꢃ iée du 6 ꢑ anv ier 19 9 6 sur la coopération au dév eloppement

^{4 90}As per Ministry’ s (MAEE) website: lien.

^{4 91}Data request to LBR, August 2020.

^{4 92}Data request to LBR, August 2020.

128

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

ꢅG roupements européens dꢒ intérê t économique (GEIE)” (58 as of ꢁ une 2020), ꢅ Associations aꢀ ricoles”

(113 as of ꢁ une 2020), ꢅ Etablissements publics” (117 as of ꢁ une 2020).

6 .3 .2 . Legal arrangements

Legal arrangements in Luxembourg are defined and recognised in the 2003 Fiducies and Trusts Law^{4 93}

.

These comprise domestic legal arrangements (ꢅ fiducies” ) and foreign Trusts.

D omestic “ f iducies” were established in 1983 through a Grand Ducal Decree. According to article 5 of

the 2003 Fiducies and Trusts Law, a fiduciary contract is an agreement whereby the settlor (or

ꢃ iduciant) agrees with the fiduciary (or ꢃiduciaire) that the latter will become the owner of certain

fiduciary assets (the fiduciary estate or patrimoine ꢃ iduciaire) under agreed conditions. These

conditions include the fiduciary mission (instructions for the fiduciary over managing the entrusted

assets) and the obligation to clearly separate each fiduciary estate (entrusted assets of each

agreement) from other property belonging to the fiduciary agent or other fiduciary estates entrusted

to him. The transfer of ownership over assets and the requirement of two parties for each agreement

(rather than by unilateral action) distinguishes domestic fiducies in Luxembourg from the Anglo-saxon

trust structure.

Luxembourg law recognises foreign trusts and does not prohibit a resident from acting as trustee,

administrator or manager or from having the responsibility to distribute profits or to administer a trust

that is constituted under foreign legislation.

•

Tax purpose:

Luxembourg law requires the registration with the AED of contracts subscribed by fiducies

concerning real estate, aircraft, ships or boats registered in Luxembourg.

Luxembourg taxation rules provide that income from Luxembourg sources received via a

fiducie is taxable in the hands of the settlor. The resulting tax obligations depend on the nature

of the settlor (natural or legal person). Paragraph 164 of the general tax law provides that

where a taxpayer claims to derive income as a fiduciary agent or representative, he has to

demonstrate for whose benefit he acts. If this is not the case the income is allocated to the

fiduciary agent. The tax law also provides that any person holding an asset in the capacity of

fiduciary must be able, upon demand, to identify the real owner of the property, and this

implies the availability of such information. The Luxembourg authorities point out that in

practice, the use of fiducies in Luxembourg is rather limited. In any case, the fiduciary must be

able to identify the settlor to the tax authorities.

The activity of professional trustee is mainly exercised by financial institutions.

AML/CFT purpose:

•

The AML/CFT Law defines the beneficial owners of the Luxembourg fiducies and foreign trusts

in compliance with the standard as the following:

(i) the ꢅ settlor(s)” ;

(ii) the ꢅfiduciaire(s)” or ꢅtrustee(s)” ;

(iii) the ꢅ protector(s)”, if any;

(iv) the beneficiaries, or where the individuals benefiting from the legal arrangement or

entity have yet to be determined, the class of persons in whose main interest the legal

arrangement or entity is set up or operates;

^{4 93}Loi du 27 juillet 2003 - portant approbation de la Convention de La ꢄ aye du 1er juillet 1985 relative ꢋ la loi applicable au

trust et ꢋ sa reconnaissance; - portant nouvelle ré glementation des contrats fiduciaires, et - modifiant la loi du 25 septembre

1905 sur la transcription des droits ré els immobiliers.

129

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

(v) any other natural person exercising ultimate control over the fiducie or trust by means of

direct or indirect ownership or by other means.

In line with the 4 AMLD, a consolidated database of BO of fiducies and trusts has been set up

by the Law of 10 ꢁ uly, 2020.

130

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

6.4. Cross cutting vulnerabilities

6 .4 .1 . Trust & corporate service providers (TCSPs)

As intermediaries providing a key link between institutions and their customers, Trust and corporate

service providers (TCSPs) play an important role in the global economy. TCSPs provide often assistance

to their clients in the setup, management, and administration of their affairs, and can thereby

significantly impact transactional flows through the financial systems^{4 94}and prevent the misuse of

legal persons and arrangements for ML/TF purposes.

Several international and national organisations have highlighted the exposure of TCSPs to ML/TF, and

the importance of professionals taking appropriate AML/CFT measures. For example, FATF has

identified the TCSP sector as particularly exposed to ML/TF and has published several reports to assist

firms and supervisors in mitigating the risks associated with their activities. Most recently, these

reports have included the 2019 ꢅ G uidance ꢃ or a risk -based approach , ꢅ C SP sector”^{4 95}describing what

a risk-based approach for both professionals and supervisors would entail and detailing specific

guidance for TCSPs and elements of a robust supervisory approach.

FATF defines TCSPs as professionals providing any of the below services to third parties^{4 96}

:

•

Acting as a formation agent of legal persons;

Acting as (or arranging for another person to act as) a director or secretary of a company, a partner

of a partnership, or a similar position in relation to other legal persons;

•

Providing a registered office, business address or accommodation correspondence or

administrative address for a company, a partnership or any other legal persons or arrangements;

Acting as (or arranging for another person to act as) a trustee of an express trust or performing

the equivalent function for another form of legal arrangement; and

Acting as (or arranging for another person to act as) a nominee shareholder for another person.

Vulnerability of TCSPs

TCSPs are often involved in the establishment and administration of legal persons and arrangements,

in many cases playing a key role as gatekeepers. ꢄ owever, they are sometimes misused or abused by

criminals for ML/TF purposes due to the central role that they play in the economy and investments

and given the nature of the services they provide. For instance, in Luxembourg, they may be involved

in changes to the shareholding or structure of legal entities, they can provide advice to structure some

transactions, etc.

Criminals can abuse or misuse TCSPs for different reasons, including concealing ultimate beneficial

ownership of funds and legitimising the integration or layering of criminal proceeds within the

financial system, through various forms of investments and legal structures. The complexity of

structures reduces the ability of investigators to trace the origin and ownership of assets held. This is

illustrated in the following two case studies (below).

^{4 94}FATF, ꢈ oney ꢉ aunderinꢀ usinꢀ ꢅ C SP s, 2010.

^{4 95}FATF, G uidance ꢃ or a risk -based approach , ꢅ C SP sector, 2019.

^{4 96}FATF, ꢈ eth odoloꢀ y , G lossary .

131

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

Case Study 1 9 : Use of nominee director and shareholder services to conceal ꢀ O indentity^{4 9 7}

International Company A headquartered in an EU jurisdiction maid corrupt payments to a

government employee using nominee director services and international transactions in the

following way:

•

International Company B was registered in a foreign jurisdiction, with a government employee

as the beneficial owner.

International Company B used nominee shareholders and directors provided by TCSPs, thereby

permitting the concealment of the government employee’ s identity.

Payments were made via a European bank account of a subsidiary of International Company A

to another of its accounts in Eastern Europe, and via an enterprise registered in Asia. These

funds were then paid into bank accounts in a foreign jurisdiction.

•

The funds were transferred from the bank accounts in foreign jurisdiction to a Luxembourg

bank account of International Company B, to which the government employee had access

(being the BO).

Case Study 2 0 : Abuse or misuse of set-up services and complex legal structures for the creation of

company networks for ML purposes^{4 9 8}

A law enforcement operation identified an accountant, ꢁ , who was believed to be part of the

criminal organisation involved in money laundering and re-investment of illicit proceeds derived

from drugs trafficking led by X.

ꢁ ’ s role was mainly that of a ꢅ legal and financial consultant” . ꢄ is task was to analyse the technical

and legal aspects of the investments planned by the organisation and identify the most appropriate

financial techniques to make these investments appear legitimate from a fiscal stance. ꢄ e was also

to try, as much as possible, to make these investments profitable. ꢁ was an expert in banking

procedures and most sophisticated international financial instruments. ꢄ e was the actual financial

ꢅ mind” of the network involved in the re-investment of proceeds available to X. ꢁ operated by sub-

dividing the financial transactions among different geographical areas through triangle transactions

among companies and foreign credit institutions, by electronic transfers and stand-by credit letters

as a warrant for commercial contracts, which were later invested in other commercial activities.

^{4 97}Case study presented FATF and Egmont Group, Report on C oncealment oꢃ ꢋ eneꢃ icial ꢆ w nersh ip, 2018.

^{4 98}Source: extracted from website of ꢁ E Financial Services Commission.

132

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

Luxembourg’ s TCSP landscape

D efinition of TCSPs

The 2004 AML/CFT Law defines trust & corporate service providers (“prestataires de serv ices aux

sociétés et ꢃ iducies” ) as any natural or legal persons who provide, in a professional capacity, any of five

trust and corporate services to third parties. That is, TCSPs are defined by the activities they perform,

rather than there being a specific license for TCSPs.

The definition of a ꢅ prestataires de serv ices aux sociétés et ꢃ iducies” in the 2004 AML/CFT law is in line

with FATF’ s definition of TCSPs, which defines TCSPs as any natural or legal persons that are not

covered elsewhere under the FATF Recommendations, and which as a business provide any of five

TCSP services to third parties.

The table below maps the five TCSP services as described in the 2004 AML/CFT Law to the description

of the respective service as per the FATF definition described in FATF’ s ꢅGuidance for a Risk-Based

Approach for Trust & Company Service Providers (TSCPs)”.

Table 2 4 : Mapping of TCSP services described in the 2 0 0 4 A ML/CFT Law, to FA TF guidance on TCSPs

TCSP services described in 2 0 0 4 A ML/CFT Law^{4 9 9}

Mapping to FA TF definition^{5 0 0}

a) Forming companies or other legal persons

I ncorporation: Acting as a formation agent

of legal persons

b) Acting as or arranging for another person to act as a

director or secretary of a company, a partner of a

partnership, or a similar position in relation to other

legal persons

D irectorship and secretarial services: Acting

as (or arranging for another person to act as)

a director or secretary of a company, a

partner of a partnership, or a similar position

in relation to other legal persons

c) Providing a registered office, business address,

D omiciliation: Providing a registered office,

correspondence or administrative address ꢅ or business business address or accommodation,

premises” and other related services for a company, a

partnership or any other legal person or arrangement

correspondence or administrative address

for a company, a partnership or any other

legal person or arrangement

d) Acting as, or arranging for another person to act as, a

Fiducie/ trust: Acting as (or arranging for

ꢃ iduciaire in a ꢃ iducie, a trustee of an express trust or an another person to act as) a trustee of an

equivalent function in a similar legal arrangement

express trust or performing the equivalent

function for another form of legal

arrangement

e) Acting as, or arranging for another person to act as, a

nominee shareholder for another person other than a

N ominee shareholder: Acting as (or

arranging for another person to act as) a

company listed on a regulated market that is subject to nominee shareholder for another person

disclosure requirements in accordance with European

Union law or subject to equivalent international

standards

^{4 99}Article 1-8 of the 2004 AML/CFT law as amended in March 2020.

⁵⁰⁰FATF, G uidance ꢃ or a Risk -ꢋ ased Approach ꢃ or ꢅ rust ꢗ C ompany Serv ice P rov iders ꢐ ꢅ SC P s) , 2019.

133

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

Professionals authorised to do TCSP activities

A range of professions in Luxembourg conducts at least one (or more) of what the 2004 AML/CFT Law

defines as TCSP activities as described above. Entities that act as TCSPs include banks, investment

firms, specialised PFSs, professionals of the insurance sector (PSA), lawyers, audit professionals⁵⁰¹and

chartered professional accountants⁵⁰², amongst others. ꢄ owever, only the activity of domiciliation is

regulated by the 1999 Domiciliation Law and restricted to credit institutions, PFSs, PSAs, lawyers,

auditors and chartered accountants. TCSPs are thus a broad and diverse category in Luxembourg,

given the range of professionals that are legally authorised to conduct such activities.

The table below describes the professions authorised to carry out TCSP activities in Luxembourg, the

relevant laws that underpin them and their respective AML/CFT supervisor.

Table 2 5 : Professionals authorised to carry out any TCSP activities in Luxembourg^{5 0 3}

A ML/CFT

supervisor

Professionals authorised to carry out TCSP

activities

R elevant laws

Banks and credit institutions

Investment firms

1993 ꢅLSF Law”⁵⁰⁴, Part I, Chapter 1

1993 ꢅLSF Law”, Part I, Chapter 2, Section 2,

Subsection 1

Management companies

2010 ꢅOPC Law”⁵⁰⁵and 2013 ꢅ AIF Law” ⁵⁰⁶

Three types of specialised PFSs⁵⁰⁷, including with

the following licenses:

CSSF

•

Family Offices

1993 ꢅLSF Law”, Article 28-6

1993 ꢅLSF Law”, Article 28-9

1993 ꢅLSF Law”, Article 28-10

Corporate domiciliation agents

Professionals providing company incorporation

and management services

Professionals of the insurance sector (PSA)

2015 Insurance Law, Articles 264, 265 and

266⁵⁰⁸

CA A

O E C

I R E

Chartered professional accountants

1993 ꢅLSF Law”, Article 28-9 and 28-10⁵⁰⁹

1999 Chartered Professional Accountants Law

2016 Audit profession Law

(Approved) statutory auditors and (approved)

audit firms

501

In this document, the term ꢈ audit professionalsꢈ covers equally the statutory auditors (ꢈ ré viseurs dꢃ entreprisesꢈ ), the

approved statutory auditors (ꢈ ré viseurs dꢃ entreprises agré é sꢈ ), audit firms (ꢈ cabinets de ré visionꢈ ) and approved audit firms

(ꢈ cabinets de ré vision agré é sꢈ ).

⁵⁰²Each profession mentioned in paragraphs 1 to 8 of Article 2(1) of the 2004 AML law.

⁵⁰³Ministry of Finance, ꢇ ational Risk Assessment oꢃ ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ , 2018.

⁵⁰⁴1993 LSF Law, defining, amongst others, which professionals under the supervision of CSSF can act as TCSPs (i.e. banks;

investment firms; family offices; corporate domiciliation agents and professionals providing company incorporation and

management services).

⁵⁰⁵2010 O PC law, on undertakings for collective investment.

⁵⁰⁶2013 AIF law, on alternative investment fund managers.

⁵⁰⁷Including support professionals of the financial sector providing TCSP services.

⁵⁰⁸2015 Insurance Law: Domiciliation services can be provided by Management companies of captive insurance undertakings

and Management companies of reinsurance undertakings – Directorship services can be provided by Management

companies of reinsurance undertakings and Management companies of pension funds.

⁵⁰⁹Based on the professionals listed in the Law of 31 May 1999 ꢅ (Domiciliation Law” ), Art. 1(1): ꢅ Only a registered member

of one of the following regulated professions established in the Grand-Duchy of Luxembourg may act as a domiciliation agent

of companies: a credit institution or another professional of the financial sector and the insurance sector, an attorney-at-law

(ꢅ av ocat ꢔ la C our” ) included in list I and a European lawyer practising under his home-title professional title included in list

IV referred to in Art. 8(3) of the amended Law of 10 August 1991 on the profession of avocat, rév iseur dꢒ entreprises (statutory

auditor), rév iseur dꢒ entreprises aꢀ réé (approved statutory auditor) or accountant.”

134

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

A ML/CFT

supervisor

Professionals authorised to carry out TCSP

activities

R elevant laws

O A L/O A D

A E D ^{5 1 1}

Lawyers (list I and IV of the Bar⁵¹⁰)

Other professions offering TCSP services

2004 ꢅAML Law”, Art.(2)1 para.13(a)

•

Business centres

Directors

The nature of the services offered can also differ significantly between different types of professionals.

For example, the nature of TCSP services provided by banks has evolved in recent years, and many

credit institutions have shifted from providing TCSP services in-house, to creating specific TCSP entities

within the group and increasingly sending clients to third-party service providers (e.g. domiciliation

agents). Similarly, the nature of domiciliation services performed by asset managers differs from those

of specialised PFSs (i.e. the former focusing on the creation of SPVs to separate investments from

client assets). Management companies only provide domiciliation services to entities linked to them.

They do not provide third-party domiciliation.

In addition, while many professions can offer TCSP activities, not all of them do in practice (and some

of them only offer or conduct a subset of activities). For example, even though accountants are legally

authorised to conduct four out of the five TCSP activities, not all accountants may do all four, or even

one TCSP activity in their day to day job. To put the sector into perspective, the size of these sub-

sectors, as provided in previous sections in this NRA, is provided in the table (below). This table

provides an overview of the TCSP landscape in Luxembourg, indicating which professions are legally

authorised to perform which TCSP activities and the total sector sizes as a whole (without

discriminating how many are conducting TCSP activities in practice given absence of aggregate sector

data).

⁵¹⁰Law of 10 August 1991 (ꢅ Lawyers Law” ): List I lawyers defined as court advocates (av ocat ꢔ la C our) who are fully qualified

Luxembourg lawyers; List IV lawyers defined as EU admitted lawyers (av ocat de l‘ U E ex erç ant sous son titre dꢒ orꢀ ine) who

are foreign lawyers from the European Union practising under their original professional title.

511

These other professions have business associations – Association lux embourꢀ eoise des centres dꢒ aꢃ ꢃ aires (ALCA) and

ꢁ nstitut lux embourꢀ eois des administrateurs (ILA) – but membership is optional and not self-regulating.

135

136

137

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

Assessment of the vulnerability of TCSPs in Luxembourg

O verview of TCSP inherent risks

The ML/TF vulnerabilities assessment of the TCSP sector in this section is performed across the

different TCSP services as described by the 2004 AML/CFT Law, on aggregate. The assessment is

performed across six dimensions, in line with the guidance of FATF on the risk-based approach for

TCSPs⁵³¹

.

Luxembourg TCSPs are particularly exposed to ML/TF, primarily due to four main factors:

•

The fragmented landscape of types of professionals acting as TCSPs, all of which are assessed to

be vulnerable (given these professions’ structure, size and ownership);

–

Includes 13 types of entities, from banks to lawyers

These are regulated by nine different supervisors (designated competent authorities or SRBs)

•

The exposure of Luxembourg’ s international financial centre to business originating from multiple

jurisdictions;

–

The country’ s open economy, contributing to significant diversity in financial flows and clients

(including a large share of private banking and fund transactions)

–

This may increase complexity to identify beneficial ownership of TCSPs clients, source of funds

and understanding the activities they conduct

•

The presence of many legal entities and arrangements(137 4 4 4 entities registered with the RCS in

Luxembourg as of ꢁ une 2020);

The use of intermediaries/third parties to conduct a range of activities, from initial introductions

to clients to advisory specific topics, and over relying on those intermediaries to fulfil their

obligations, and non-face-to-face transactions.

Table 27 provides an overview of the vulnerability assessment per assessment dimension, further

detailed in the section below.

Table 2 7 : O verview of inherent risk factors of TCSP activities per assessment dimension

A ssessment

dimension

I nherent risks

Structure

•

Complex sectoral structure, including a large number of entities providing TCSP services,

supervised by different authorities and SRBs

O wnership

ꢁ eography

•

Complex ownership of entities providing TCSP services, which may have a high number of

foreign owners

•

Exposure to multiple jurisdictions, reflecting the attractiveness of Luxembourg as an

international financial centre

This may increase complexity when it comes to identifying beneficiary ownership of TCSPs

clients, source of funds and understanding the activities they conduct

⁵³¹FATF, G uidance ꢃ or a Risk -ꢋ ased Approach ꢃ or ꢅ rust ꢗ C ompany Serv ice P rov iders ꢐ ꢅ C SP s) , 2019. The guidance describes

three dimensions instead of five, namely ‘ Country/Geographic risk’ , ‘ Client risk’ and ‘ Transaction/service and associated

delivery channel risk’

138

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

A ssessment

dimension

I nherent risks

Products /

activities

•

TCSP activities relating to the set-up of entities, including incorporation, domiciliation and

nominee shareholder services have a high ML/TF inherent risk due to products and services

potentially being abused or misused to create complex networks of structures to conceal the

identity of criminals

•

TCSP activities relating to the management of a client’ s activities, including fiduciary/trustee

services, and the provision of directorship, have a high ML/TF risk due to products and services

being abused or misused by criminals to distance themselves from ML/TF activities (liability with

the TCSP provider)

•

Secretarial services are relatively lower risk, given clients retain responsibility for actions taken

and do not transfer it to TCSPs, limiting criminals’ ability to conceal their identity

Clients/

transactions

TCSP activities relating to the set-up of entities, including incorporation, domiciliation, and

nominee shareholder services are highly exposed to complex and sophisticated clients and a

significant level of intermediation increases ML/TF risks

•

TCSP activities relating to the management of a client’ s activities, including fiduciary/trustee

services, and the provision of directorship services, are highly exposed to complex and

sophisticated clients, which often have limited reporting requirements, and a significant level of

intermediation

Channels

TCSPs often use intermediaries/ third parties to conduct a range of activities, from initial

introduction to clients to advisory on specific topics. These intermediaries/third parties may

increase exposure to ML/TF risk

D etailed vulnerability assessment of TCSP inherent risk per scorecard

dimension

Given the data and information on the proportion of TCSP activities provided by the many entities

outlined as above, we refer the reader to the specific structural and ownership assessments of entities

providing TCSP activities in relevant sections of the NRA. In line with a conservative approach, it is

estimated that diversity and fragmentation of the structure and ownership levels to be a driver of risk,

based on an aggregate assessment of threat levels of the various entities on these dimensions.

Structure and ownership

As previously described, TCSP services are provided by a wide range of entities, including sectors

supervised by the CSSF, the CAA, the AED and SRBs. This creates a sizeable and complex landscape,

particularly when considering the number and size of entities that could provide TCSP activities. For

SRB-regulated entities, this includes 1 173 chartered professional accountants, 581 statutory auditors,

78 audit firms and 2 917 lawyers in Luxembourg in 2019, but not all of them providing TCSP services

in addition to their core activities.

W hile TCSPs within the financial sector are predominantly in the market leading, large TCSPs, there is

a ꢅlong-tail” of smaller TCSPs in Luxembourg conducting set-up activities. This level of fragmentation

increases exposure to ML/TF risks. Particularly worth noting in this context is the sub-sector risk of

specialised PFSs, which in Luxembourg, is driven by their significant size. There are 92⁵³²specialised

PFS entities providing trust and company services⁵³³with 4 4 78 employees⁵³⁴as of December 2019

with balance sheet assets of €0.8 billion⁵³⁵and profit of €77 million⁵³⁶. The market has a relative

degree of complexity as specialised PFSs can include various types, each offering different services.

Those types include registrar agents, corporate domiciliation agents, professionals providing company

incorporation and management services, family offices and administrative agents of the financial

⁵³²Including the three support professionals of the financial sector providing TCSP services.

⁵³³CSSF data, 2019.

⁵³⁴CSSF data, 2019.

⁵³⁵CSSF data, 2019.

⁵³⁶CSSF data, 2019.

139

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

sector. The risks are mitigated by the relative concentration of the sector, as the five largest entities

in the sub-sector account for approximately 4 0% of all revenues.

Similar to other activities, there is a ꢅlong-tail” of smaller professionals; however, certain activities are

characterised by large economies of scale, which therefore leads to higher concentration in the

provision of administration activities. Additionally, on the TCSPs’ end, administration activities involve

handling a significant number of administrative tasks and transactions, which can increase the volume

and complexity of services provided.

By way of aggregation of vulnerabilities of the separate entities, the ownership structure of entities

providing TCSP services is deemed to significantly expose TCSPs to ML/TF risks.

Geography

As an international financial centre, Luxembourg is exposed to business originating from multiple

jurisdictions, and the TCSP industry is no exception. TCSPs’ corporate clients are generally

multinationals based outside of Luxembourg, typically from the US or the European Union.

W hile such geographic exposure reflects the attractiveness of Luxembourg as an international

financial centre, it may increase complexity when it comes to identifying beneficiary ownership of

TCSPs clients, source of funds and understanding the activities they conduct.

Due to this complexity, it is important to note that TCSPs are geographically exposed through several

channels. In this respect, the exposure spans not only the origination of Luxembourg’ s TCSP clients,

but also the beneficial owner of the latter and identified client politically exposed persons (PEPs).

As defined under the 4 ^thAnti-Money Laundering Directive (4 AMLD), third parties (e.g. K now-Your-

Customer (K YC)/Customer Due Diligence (CDD) service providers) that perform activities falling within

the scope of the 2004 AML/CFT Law must be regulated in a country with equivalent AML/CFT

standards as Luxembourg. Thus intermediaries are typically not required to be registered or

supervised in Luxembourg as they are regulated and supervised in their country of origin. ꢄ owever,

where CDD is outsourced, the outsourcing entity maintains responsibility for compliance with the

professional obligations set out in the 2004 AML/CFT Law (see Article 3-3).

Additionally, the nature of the TCSPs business itself generates a geographic exposure. The TCSP sector

is inherently international, with activities often expanding multiple geographies.

Products/activities

Under Luxembourg’ s law, it is not a requirement that a TCSP is directly involved in a company’ s

incorporation. The nature of ML/TF risks relating to the provision of these services is related to the

ways in which a criminal may abuse or misuse this service to set up a complex network of structures

that permits the concealment of their identity and the source of the funds. Notwithstanding, the setup

of structures in the form of unregulated legal entities has a higher associated ML/TF risk. Unregulated

legal entities tend to have less stringent reporting requirements, fewer limitations with regards to the

assets, which they can hold and/or invest in and have lower risk diversification requirements.

TCSP services related to the management of an entity, for example the provision of fiduciary/trustee

services and directorship, may be particularly exposed to ML/TF risk. This arises from the potential for

criminals to abuse or misuse the advice provided by TCSPs to design and implement complex schemes

and conceal their identity by delegating decision-making power to TCSPs⁵³⁷. By providing activities

relating to the management of an entity, TCSPs have the power to advise and execute decisions

relating to the structure being managed. As such, TCSPs permit clients to navigate complex fiscal and

reporting requirements in place, for example by understanding and designing structure to manage

⁵³⁷FATF and Egmont Group, Report on C oncealment oꢃ ꢋ eneꢃ icial ꢆ w nersh ip, 2018

140

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

their assets based on the jurisdiction’ s requirements. Importantly, when managing these structures,

TCSPs become liable for the decisions and actions of the client. Therefore, the TCSP will be registered

as the originator or approver of decisions and actions conducted by the professional, even in instances

where client instructions were being followed. ꢄ owever, for example for directorship services, the

TCSP (or the individual within the TCSP appointed as director) is liable for any actions they approve,

and thus has the incentive to ensure an appropriate level of controls are applied over actions and

transactions they are approving. This may somewhat reduce the level of exposure to ML/TF risk.

Secretarial services are typically less vulnerable to ML/TF. They generally involve the execution of

back-office activities that have limited overlap with actions typically carried out with the purpose of

laundering illicit funds. Nevertheless, clients maintain responsibility over decisions and actions

executed by the structure. As such, clients or their BOs will be recorded as the originator or approver

of decisions, hence limiting the opportunities to conceal their identity. Therefore, potential for

administration services to be abused or misused for ML/TF purposes is limited, compared to setup

and management. Still, while relatively limited, there may be instances, such as the use of

administrative services to give substance to the company, in which criminals are able to abuse or

misuse administration services provided by TCSP.

Clients/transactions

ML/TF risks resulting from client segments are determined by the profile of these clients. As an

example, in the case of the financial sector, private banking clients often have a sophisticated financial

profile (e.g. they may hold illiquid and complex assets like real estate) and typically have limited

disclosure requirements regarding their activities, which may result in higher level of complexity for a

TCSPs and thus of ML/TF risk exposure. In line with this, large corporate clients may have complex

ownership and management structures, and SMEs in general do not have as strict reporting

requirements as larger firms. This in turn, may result in a reduction in the transparency of corporates’

BOs and activities.

Additionally, TCSPs clients have heterogeneous legal structures, and the use of complex legal

structures may be a challenge for TCSP. These structure types may increase the level of complexity

when it comes to identifying and understanding its management and beneficiary structures.

As previously mentioned, secretarial activities tend to have less exposure to private clients, and these

administrative activities are less exposed to ML/TF risks compared to set-up and management

activities.

Channels

TCSPs often use third parties to conduct a range of activities, from initial introduction to clients, either

via introducing intermediaries whose role is to connect clients and TCSPs, or via clients’ advisers, which

represent their interest and are the direct point of contact for the TCSP, to advisory on specific topics.

Though uncommon in Luxembourg, TCPSs may rely on or use the assistance from these third-parties

when performing their CDD requirements; while the ultimate responsibility of the CDD lies with the

TCSP, this level of intermediation may result in exposure to AML/CFT risks.

Beyond the presence of third parties, activities relating to the set-up of an entity can be offered

through direct and remote channels to offer their products to clients (e.g. online, over the phone).

The use of remote channels can affect the ability of professionals carrying out TCSP activities to

accurately verify the identity of clients and their BOs.

141

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

6 .4 .2 . Cash

The usage of cash for ML/TF purposes is considered as an important vulnerability internationally and

in Luxembourg. Cash remains a primary means of transaction across the globe for legitimate purposes,

and is predominant in low value payments, though customer habits and preferences differ across

countries, with ~80% of point of sale transactions being carried out using cash, amounting to ~54 % of

the total value of all payments⁵³⁸. ꢄ oarding of cash is a known habit, yet it is difficult to quantify.

ꢄ owever, cash is also believed to be a key asset in criminal activity, particularly in organised crime

group’ s (OCG) activities (e.g. drug trafficking, goods smuggling, prostitution), constituting a significant

part of OCGs’ portfolio⁵³⁹. Criminals tend to target cash intensive businesses for laundering money

and attempt to channel cash through the legitimate financial system.

The level of net annual cash issuance in Luxembourg has been decreasing since 2014 . Net annual

issuance refers to the net amount of cash issued in a given year, which is calculated as the difference

of the cumulative cash issued for two consecutive years. To understand the level of cash usage in

Luxembourg, it is possible to compare the net annual issuance of euro banknotes in Luxembourg with

the rest of the Eurozone and assess whether this is in line with other financial indicators (e.g.

Luxembourg’ s share of banking assets, level of outstanding debt securities and GDP). It must be noted,

however, that a given share of the Eurozone sum may appear disproportionate since the annual

issuance in a certain year of some countries may be very low. Net annual issuance of euro banknotes

in Luxembourg has decreased since 2014 to ~1-2% of whole Eurozone issuance, and is in line with

Luxembourg’ s share of both banking assets (~3% of Eurozone), and of the total outstanding value of

debt securities issued (~4 % of Eurozone), as shown in the table below. The decreasing issuance of cash

in Luxembourg coincides with the adoption of key measures on international exchanges of

information, such as the EU’ s automatic exchange of information^{54 0}, and OECD’ s Common Reporting

Standard^{54 1}against which Luxembourg was rated as ꢅ Largely Compliant” in 2018^{54 2}

.

Table 2 8 : N et annual issuance of E uro notes in Luxembourg (LU ) and other E urozone countries

2014

2015

2016

2017

2018

Net annual issuance LU

6

2

1

of euro

(€ billion)

banknotes^{54 3}

Eurozone (€ billion)

60

67

43

45

60

LU share of Eurozone

(%)

10%

3%

2%

1%

Banking assets^{54 4}

LU share of Eurozone

(%)

3%

4%

3%

5%

3%

5%

3%

5%

4%

5%

Debt

securities LU share of Eurozone

(%)

(amount

outstanding)^{54 5}

GDP^{54 6}

LU share of Eurozone

(%)

0.4%

⁵³⁸G4 S, ꢊ orld C ash Report, 2018 (link).

⁵³⁹European Commission, ꢆ rꢀ aniz ed C rime P ortꢃ olio P roꢑ ect, 2015 (link).

^{54 0}From 2014 onwards, the communication of (end of year) cash account balances had become automatic.

^{54 1}See OECD for further information (link).

^{54 2}OECD, G lobal ꢂ orum on ꢅ ransparency and Ex ch anꢀ e oꢃ ꢁ nꢃ ormation ꢃ or ꢅ ax P urposes: ꢉ ux embourꢀ ꢌ 019 , 2019 (link).

^{54 3}Banque Centrale du Luxembourg, Rapport Annuel, 2014 – 2018.

^{54 4}ECB MFI Balance Sheet.

^{54 5}Bank for International Settlements – debt securities issued by resident issuers, amount outstanding as of Q 4 of each year.

^{54 6}Eurostat.

142

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

In previous years, it has been suggested that the level of cash usage was relatively high in Luxembourg.

For example, a EUROPOL report^{54 7}published in 2015 indicated specifically that Luxembourg was one

of the main issuers of euro banknotes and that this issuance was disproportionate. The level of cash

issuance was portrayed as at odds with perceived usage and outflows. ꢄ owever, this report focused

on stock (cumulative net issuance^{54 8}) and not flow (net annual issuance), which limits understanding

of the impact of recent evolutions (e.g. new regulations), as demonstrated above.

Notwithstanding this, the ML/FT risks resulting from the use of cash in Luxembourg should still be

considered by public and private entities. The number of border cash declarations (relating to currency

and other bearer negotiable instruments) received by ADA has remained relatively stable over the

past five years, as highlighted in the table below. The total value of cash border declarations made in

2018 (€5.4 million) represents less than 1% of the total value declared to customs authorities across

the Eurozone in the same year (€51 billion)^{54 9}

.

Table 2 9 : ꢀ order cash declarations (relating to currency and bearer negotiable instruments) 2 0 1 5 -

2 0 1 9 , including both intra-E U and extra-E U cash transport

2014

2015

2016

2017

2018

2019

EU regulation⁵⁵⁰

Number of

declarations

59

51

32

43

24

51

Associated

value (€)

1 666 062

145

1 869 103

144

93 731 211

62

1 304 319

119

736 724

132

1 168 759

154

National

Number of

declarations

legislation⁵⁵¹

Associated

value (€)

3 843 435

5 521 279

3 551 438

1 933 000

4 677 049

16 328 960

Finally, FATF has also noted in its guidance on the impact of COVID-19 on ML/TF that recent swings in

securities values are resulting in individuals liquidating their portfolios, and that there has been an

overall increase in banknote withdrawal, with some FATF members raising withdrawal limits.⁵⁵²The

reason for the increase has not been analysed as part of this exercise, but this may be due to a fear of

bank failures based on experience from previous crises. Though this development is not Luxembourg

specific it can lead to additional cash usage in Luxembourg as well.

The prevalence of cash and level of cash usage pose ML/TF risks in Luxembourg, given that the use of

cash can mask ML/TF activities. There are several typologies that indicate the ML/TF challenges

associated with cash, including (but not limited to):

•

Ease of transport cross-border by exploitation of cash declaration systems and EU open borders,

and/or smuggling via cargo freight and mail;

•

Usage of high-denomination bank notes (€500, €200);

Counterfeiting currency (most commonly lower denomination notes). It should be noted,

however, that the number of counterfeit euro banknotes in circulation across Europe remained

low in 2019 and has continued to decrease since 2014 . Compared with the number of genuine

euro banknote in circulation, the proportion of counterfeits is very low)⁵⁵³

;

^{54 7}EUROPOL, A strateꢀ ic report on th e use oꢃ cash by criminal ꢀ roups as a ꢃ acilitator ꢃ or money launderinꢀ , 2015.

^{54 8}Referring to the stock of cash issued since the beginning of the Eurozone in a given year.

^{54 9}See Europa.eu (link).

⁵⁵⁰This refers to the obligation of declaration once the cash crosses the external border of the EU.

⁵⁵¹This refers to the obligation of declaration once the cash crosses an EU border.

⁵⁵²FATF, C ꢆ V ꢁ ꢄ -19-related ꢈ oney ꢉ aunderinꢀ and ꢅ errorist ꢂ inancinꢀ , 2020 (link).

⁵⁵³European Central Bank, Annual Report, 2019 (link).

143

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

•

Re-depositing of large amounts of cash to cover the laundering of illicit funds;

Being used to purchase ꢅ safe haven” assets (e.g. gold) which are less easily traceable; and

Being used in ꢅ cash-out” schemes where criminals obtain access to an individual’ s bank account

and withdraw funds in banknotes from an ATM.

It should also be noted that some sectors are particularly exposed to ML/TF risks associated with cash,

due to specific characteristics of the sector (e.g. being cash-intensive). For example:

•

Dealers in goods, particularly high-value goods which offer criminals an easy way to launder illicit

funds;

Money and value transfer services, which may operate through a global network of agents,

present vulnerabilities concerning ML;

Real estate activities, where schemes could include under or over-valuation of properties (which

may allow criminals to purchase an asset below market price and pay the different to the seller in

cash); and

•

Casinos and other entities associated with gambling are typically cash-intensive, often operating

24 hours per day with high volumes of large cash transactions taking place very quickly, even

though in Luxembourg there is only one casino and other gambling activities are deemed low

ML/TF risk.

144

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

6 .4 .3 . V irtual assets

Over the past five years, virtual assets (VAs) became increasingly adopted for various legitimate

activities, for example, for investments or transactions. VAs have unique technological properties that

enable pseudo-anonymous and anonymous transactions, fast cross-border value transfer and non-

face-to-face business relationships. Those properties have the potential to improve multiple financial

products and services such as trade financing, cross-border payments and financial instrument

settlement. Traditional financial institutions have recognised those benefits. For example, a survey by

the Bank for International Settlements of 63 central banks in 2018 showed that most of them were

analysing the possibility to issue central bank-backed VAs⁵⁵⁴. Furthermore, VAs market adoption rate

has been increasing globally. The number of VAs with at least a ꢂ 1 million market capitalisation has

risen from 30 to approximately 1 000 between 2015 and 2020, with a combined capitalisation of all

VAs approaching ꢂ 300 billion⁵⁵⁵

.

At the same time, the same features of VAs that drive legitimate adoption, also make them vulnerable

to abuse by criminals for ML/TF activities. Globally, in 2019 more than ꢂ 10 billion worth of VAs were

used for ML purposes⁵⁵⁶. VAs can be misused by criminals to facilitate transactions on illegal products

marketplaces and investment fraud schemes, the combined revenues of which exceeded ꢂ 1 billion in

the same year⁵⁵⁷. VAs are also increasingly used by terrorist financing groups, cybercriminals and

sexual exploitation profiteers⁵⁵⁸. Given the high volatility of VAs, VAs could be prone to speculative

bubbles, and there have been suspected cases of market manipulation in VA markets⁵⁵⁹

.

The high adoption of VAs by criminals poses significant challenges for virtual asset service providers

(VASPs), i.e. entities that facilitate VA transactions (e.g. dedicated VA custodians, VA exchanges),

entities of other sub-sectors, supervisors and law enforcement agencies.

Globally, several jurisdictions and international bodies have recognised the rising ML/TF threat of VAs

and VASPs. FATF highlighted virtual currencies as one of the key emerging risks to ML and TF, and in

particular offences of tax evasion and fraud⁵⁶⁰. The EU Supranational Risk Assessment recognised Vas’

and VASPs’ rising risk to ML/TF purposes⁵⁶¹. Further, some countries have explicitly analysed the

vulnerability of VAs and VASPs and published correspondent risk assessments, highlighting the threat

of VAs being misused or abused for terrorist financing, investor fraud, drug trafficking and other

predicate offences⁵⁶²Note that as of ꢁ uly 2020, Luxembourg authorities are in the process of

conducting a separate vertical risk assessment on VASPs.

The technological and market factors of VAs and VASPs imply that proceeds from all predicate

offences, identified in the NRA, can be potentially laundered through them. Threats that may be

particularly increased by VAs include drug trafficking, fraud and forgery, and terrorist financing.

The VA space is relevant to drug trafficking in two significant ways. First, proceeds from drug trafficking

can be laundered through VASPs. Criminals can generate drug-trafficking revenue in fiat, convert that

fiat into VAs, and then exchange VAs back into fiat currency. Second, VAs can be used as part of the

⁵⁵⁴The Bank of International Settlement, P roceedinꢀ w ith caution – a surv ey on central bank diꢀ ital currency , ꢁ anuary 2019.

⁵⁵⁵Coinmarketcap, https://coinmarketcap.com/, retrieved 14 February 2019.

⁵⁵⁶Ciphertrace, Q ꢎ ꢌ 019 C ry ptocurrency Anti-ꢈ oney ꢉ aunderinꢀ Report, November 2019.

⁵⁵⁷Ciphertrace, Q 4 ꢌ 019 C ry ptocurrency Anti-ꢈ oney ꢉ aunderinꢀ Report, February 2020.

⁵⁵⁸Chainalysis, ꢌ0ꢌ0 Crypto Crime Report, ꢁ anuary 2020.

⁵⁵⁹Neil Gandal, ꢁ T ꢄ amrick, Tyler Moore, and Tali Oberman, ꢁ ournal of Monetary Economics, P rice ꢈ anipulation in th e ꢋ itcoin

Ecosy stem, 2017.

⁵⁶⁰FATF Report, V irtual currencies – k ey deꢃ initions and potential Aꢈ ꢉ ꢍ C ꢂ ꢅ risk s, ꢁune 2014.

⁵⁶¹European Union Supranational Risk Assessment Update, ꢁ uly 2019.

562

For example: Swiss Interdepartmental Coordinating Group on Combating Money Laundering and the Financing of

Terrorism (CGMF), Risk oꢃ money launderinꢀ and terrorist ꢃ inancinꢀ posed by cry pto assets and crow dꢃ undinꢀ , 2018.

145

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

criminal offence itself as a medium of exchange. Multiple online ꢅ darknet” markets exist that connect

drug buyers and sellers, in which trade can be facilitated with VAs.

Fraud generally refers to investment frauds, scams and phishing. VAs can potentially enable those

threats as they allow criminals to remain pseudo-anonymous in their operations. Globally, the total

monetary amount of investment frauds, which use VAs in their operations, has reached ꢂ 4 billion

volume in 2019. The majority of those funds are linked to Ponzi schemes, which counted 2.4 million

individual transactions. Luxembourg’ s position as an investment hub increases the probability that

criminals can abuse or misuse the investment sector to conduct fraud. W hile no known large-scale

Ponzi or investment schemes were operated from Luxembourg, multiple fraudulent VASPs falsely

claimed they were regulated there. Criminals were abusing Luxembourg’ s reputation for having a

stable investment and regulatory environment. In this context, the CSSF has issued warnings on four

entities, falsely claiming to have a license in Luxembourg (one case in 2018, two in 2019 and one in

2020), including an investment scam and a fake exchange⁵⁶³.

VAs also represent a potential alternative to fiat currency for terrorist financing. VAs can be misused

by terrorist organisation donors to give donations pseudo-anonymously and avoid sanctions.

According to a report published by The Middle East Media Research Institute, the list of terrorist

organisations that have received donations in Bitcoin include ISIS, Al-Q aeda, ꢄ amas and the Muslim

Brotherhood⁵⁶⁴

.

Given that VAs can be misused by criminals to launder proceeds obtained during predicate offences,

or be misused as part of an offence itself as a medium of exchange, entities from different sub-sectors

may be potentially exposed to ML/TF risks related to VAs by interacting with VASPs. Firms from the

following industries have the highest likelihood of being directly or indirectly exposed to those ML/TF

risks:

•

ꢀ anks: Banks are exposed to VAs risk as they are the point of contact of centralised exchange

users with the traditional finance sector. Criminals using VAs for ML/TF activities need to convert

VAs to fiat, or vice-versa. For that, criminals use exchanges, the deposits and withdrawals from

which are usually done to and from bank accounts. Luxembourg has a substantial retail and

business bank sector, with large numbers of existing customers, including a high share of

international users. As of 2019, no bank in Luxembourg had itself business activity in VAs, with a

small minority of banks (less than a dozen) having a very limited number of customers involved or

linked to VAs. Thus, the VA-related ML/TF risks to banks in Luxembourg are limited.

•

Money and value transfer services: E-money institutions and payment institutions may be

exposed to VASP-related ML/TF risk by enabling their users fiat deposits and withdrawals to and

from different VASPs, such as VA exchanges. Two payment institutions in Luxembourg provide

services involving VAs and are supervised by the CSSF as licensed payment institutions for the

payment activities linked to the VAs activities. The VAs activity itself is currently under assessment

by CSSF pursuant to the new framework provided for in Article 7-1 of the 2004 AML/CFT Law.

I nsurance: VA exchanges and custodians require insurance to secure their operations. Globally,

there has been a rise of insurance providers to custodians. For example, in 2019 Marsh, an

international insurance broker, arranged a ꢂ 150 million insurance policy from Lloyd’ s to insure a

custodian solution provider form hacks and thefts⁵⁶⁵. Insurers need to be able to analyse

⁵⁶³CSSF, ꢊ arninꢀ concerninꢀ th e w ebsite w w w .cry pto-bull.io, 2020 (link);

CSSF, ꢊ arninꢀ concerninꢀ th e w ebsite h ttp:ꢍ ꢍ ꢃ undrock cry pto.com, 2019 (link);

CSSF, ꢊ arninꢀ reꢀ ardinꢀ th e activ ities oꢃ an entity named C ry ptomininꢀ optionsiꢀ nal, 2019 (link);

CSSF, ꢊ arninꢀ reꢀ ardinꢀ th e activ ities oꢃ an entity named C ry ptoꢃ inance, 2018 (link).

⁵⁶⁴Middle East Media Research Institute, ꢅ h e C ominꢀ Storm – ꢅ errorists U sinꢀ C ry ptocurrency , August 2019.

⁵⁶⁵Marsh, ꢋ lue V ault: An ꢁ nnov ativ e C old Storaꢀ e Solution ꢃ or ꢄ iꢀ ital Assets, 2019.

146

Luxembourg National Risk Assessment

Inherent risk – Vulnerabilities

cybersecurity threats effectively, as VA custodians can be a target of cyber criminals. Note that

the insurance coverage of VAs is very limited globally⁵⁶⁶, which thus also constraints the risk to the

Luxembourg insurance sector.

⁵⁶⁶American Express, C ry ptocurrency ꢁ nsurance ꢈ ark et Sh ow s P romise ꢄ espite C autious Approach by ꢈ aꢑ or ꢁ nsurers, 2018.

147

Luxembourg National Risk Assessment

Mitigating factors

7.

MI TI ꢁ A TI N ꢁ FA CTO R S

This section outlines the mitigating factors of the agencies involved in Luxembourg’ s national AML/CTF

framework. As described in the methodology section, the mitigating factors are described across five

main components as per the framework depicted in the figure below. Relevant agencies under each

component are described along a common set of dimensions along mandate, model, capabilities and

results, with various degrees of detail depending on the role played by the agency in the national

AML/CTF framework. The relevant illustrations from the methodology section are included here for

ease of reference.

Figure 1 4 : Mitigating factors framework

148

Luxembourg National Risk Assessment

Mitigating factors

7.1. Overview of mitigating factors

Luxembourg has established an effective AML/CFT regime based on a solid legal framework and a

comprehensive institutional set-up involving a wide range of competent authorities to prevent,

supervise, detect, investigate and prosecute ML/TF, and to recover assets. The national AML/CFT

framework effectively mitigates the inherent risks detailed in the previous sections, as reflected in the

resulting residual risk (see the following section).

The NRA assessed Luxembourg’ s AML/CFT regime against the five dimensions shown in the figure

below: national strategy and coordination, prevention and supervision, detection, prosecution and

asset recovery, and international cooperation. The following stakeholders were involved in this

assessment: ministries (Finance, ꢁ ustice, Foreign Affairs), national supervisors and administrations

(CSSF, CAA, AED, ACD, ADA, LBR), the financial intelligence unit (CRF), law enforcement entities

(prosecution authorities, Investigative ꢁ udges, the ꢁ udicial Police Service) and Self-Regulatory Bodies

(OEC, IRE, OAL, OAD, CdN, Cdꢄ ).

Figure 1 5 : Mitigating factors framework

The Comité national de prevention du blanchiment et du financement du terrorisme (N PC) and its

dedicated E xecutive Secretariat play a central role in setting the strategic direction for the national

AML/CFT framework and coordinating the national actions. The NPC defines, coordinates and

oversees the implementation of the national AML/CFT strategy. It is supported by a permanent

Executive Secretariat in charge of coordinating the efforts of the NPC, e.g. by scheduling, organising

and preparing NPC meetings, leading the update of the NRA and the national AML/CFT strategy and

monitoring the implementation of the strategy across agencies. The NPC drafted and published the

update of the National Risk Assessment (NRA) at the end of that year. The NRA exercise included the

149

Luxembourg National Risk Assessment

Mitigating factors

formulation of the national AML/CFT strategy, which defined national strategic priorities, a national

action plan and agency-level action plans. Over the course of 2019 and 2020, the NPC and the

Executive Secretariat oversaw and coordinated the implementation of the national AML/CFT strategy,

including: the preparation of legislative work to create and organise an Asset Recovery Office (ARO),

create new databases and retrieval systems (e.g. BO registers, bank account and deposit box retrieval

system) and the transposition of the 4 ^thand 5^thAMLD. In 2020 the NPC performed the update of the

NRA and the national AML/CFT strategy and conducted several vertical risk assessments (i.e. virtual

assets service providers, legal entities & arrangements and terrorist financing).

Luxembourg’ s A ML/CFT supervisors ensure that the private sector effectively implements their

A ML/CFT obligations. In 2019, AML/CFT competent supervisors in aggregate undertook over 250 on-

site inspections and over 500 desk-based reviews, enforced over 90 remedial actions (in the form of

warnings, reprimands, fine, etc.), and published over dozens of guidelines (e.g. 15 circulars).

The Commission de Surveillance du Secteur Financier (CSSF) is the financial sector’ s prudential and

AML/CFT supervisory authority. The CSSF supervises a broad range of financial sector professionals,

including: banks, payment and e-money institutions, agents and e-money distributors acting on behalf

of payment and e-money institutions established in other European member states, investment firms,

collective investments, specialised and support PFSs and market operators. Since March 2020, the

CSSF is also the AML/CFT supervisory authority for virtual asset service providers (VASPs) established

or offering their services in Luxembourg. The CSSF has strict market entry controls, such as licensing,

registration and authorisation requirements (e.g. fit and proper requirements, analyses for

recommendation of authorisation to the Ministry of Finance), which includes ongoing review (e.g.

upon change of shareholders). The CSSF has the power to revoke licenses or registrations for non-

compliance (on AML/CFT matters or other). Additionally, there is a common authorisation process in

place since November 2014 , with Euro-zone banks being under ultimate licensing authority of the

European Central Bank (ECB).

The CSSF disposes of a wide range of supervisory powers, including requesting and accessing

information from supervised entities, exchanging information with other national and international

authorities, carrying out on-site and off-site inspections and investigations, imposing sanctions and

requesting freezing or seizure of assets with the prosecution authorities. In 2019, the CSSF conducted

57 on-site inspections and issued administrative fines worth 14 0 000 euros⁵⁶⁷strictly related to on-

site inspections performed in 2019. The sanctioning powers are harmonised across the different sub-

sectors under CSSF’ s supervision. The CSSF also established a whistleblowing process to encourage

and promote identity protection of whistle-blowers. Different teams within CSSF participate in

AML/CFT activities, including supervisory teams and dedicated AML/CFT on-site and off-site

inspection teams, the Legal team and committees to discuss cross-cutting issues. A dedicated central

coordination team supports these teams, which ascertains a harmonised and coordinated approach

across CSSF.

The CSSF applies a risk-based approach to AML/CFT supervision, which also applies to internal

procedures (e.g. to prioritise resource allocation). The CSSF promotes awareness and education in the

sectors it supervises by issuing circulars (six AML/CFT-specific circulars in total in 2018-2019) and

circular letters to complement or clarify AML/CFT regulations. The CSSF also conducted and published

detailed sub-sector risk assessments on private banking⁵⁶⁸, collective investments⁵⁶⁹and specialised

⁵⁶⁷2019 administrative fines data are not final.

⁵⁶⁸CSSF, ꢈ ꢉ ꢍ ꢅ ꢂ sub-sector risk assessment: P riv ate ꢋ ank inꢀ , 2019.

⁵⁶⁹CSSF, ꢈ ꢉ ꢍ ꢅ ꢂ sub-sector risk assessment: C ollectiv e ꢁ nv estments, 2020.

150

Luxembourg National Risk Assessment

Mitigating factors

PFSs providing corporate services (TCSP activities)⁵⁷⁰. The CSSF established two sector-specific

AML/CFT Expert W orking Groups. In 2019, the CSSF organised multiple AML/CFT conferences for the

sub-sectors it supervises, including dedicated conferences for banks, specialised PFSs, investments

firms, payment, e-money institutions and agents and e-money distributors acting on behalf of

payment and e-money institutions established in other European Member States, and collective

investments. Different employees from the CSSF also participated as speakers in AML/CFT

conferences organised by the financial sector. During all these conferences the CSSF addressed topics

including on-site and off-site supervision findings, entity-level risk assessments and regulatory

evolution. The CSSF has cooperation and information exchange frameworks in place with other

national and international authorities. It is further enhancing such processes in particular in relation

with the implementation of the AML/CFT colleges in line with the ꢁ oint guidelines on cooperation and

information exchange for the purpose of the 4 ^thAML Directive between competent authorities

supervising credit and financial institutions⁵⁷¹

.

The Commissariat aux A ssurances (CA A ) is the insurance sector’ s prudential and AML/CFT supervisor

(including insurers, reinsurers, intermediaries, professionals of the insurance sector and CAA-

supervised pension funds). The CAA has strict market entry controls through licensing and

authorisation requirements (890 applications in 2019, of which 321 were rejected), has the power to

request and access information and to penalise non-compliant entities (with sanctions including fines,

penalties, other remedial action orders or blocking certain actions such as acquisitions). In 2019 the

CAA conducted 4 15 desk-based reviews and 4 1 on-site inspections (of which 14 had an AML/CFT

component) and used a risk-based approach to prioritise them. Following on-site inspections, the CAA

issued 38 injunctions for non-compliance with AML/CFT obligations. The CAA focuses on increasing

awareness of ML/TF risks and AML/CFT obligations among its regulated entities. For instance, in 2019

the CAA issued 10 AML/CFT specific circular letters as well as two regulations, which include some

specific guidance related to AML/CFT training and the issuance of a special report by the independent

auditor. The CAA also organised an AML/CFT conference in 2019, during which it addressed various

topics including the NRA, the AML/CFT risk-based approach, financial sanctions in the framework of

TF and CAA’ s different AML/CFT inspection types. The CAA has data exchange in place with other

national and international authorities.

The A dministration de l’ E nregistrement, des D omaines et de la TV A ^{5 7 2}(A E D ), Luxembourg’ s tax

administration in charge of indirect taxes (e.g. VAT, stamp duty, succession taxes, registration fee), is

the AML/CFT supervisor for real estate agents, accountants and tax advisors, some TCSPs, such as

business centres and directors, gambling establishments, freeport operators and some dealers in high

value goods⁵⁷³. The AED supervision is focused on Designated Non-Financial Businesses and

Professions. Since February 2018, the AED has the same supervisory powers as the CSSF and the CAA.

In accordance to the 2004 AML/CFT Law, it has a wide range of sanctions available, including warnings,

reprimands, public statements and fines. In carrying out its supervisory mission, the AED has access

to databases for which it is responsible for processing, but can also request any information useful to

its function as AML supervisory authority, more particularly in carrying out its inspections. For

AML/CFT purposes, the AED has data-sharing protocols (MOU) with a variety of national authorities.

The AED has a dedicated AML/CFT unit and dedicated staff for running AML/CFT inspections in the

anti-fraud Unit. The AML/CFT unit is frequently involved in the legislative process leading to rules to

supervised professionals or sectors. During on-site inspections, dedicated agents from the Anti-fraud

⁵⁷⁰CSSF, ꢈ ꢉ ꢍ ꢅ ꢂ sub-sector risk assessment: Specialised P ꢂ S prov idinꢀ corporate serv ices ꢐ trust and company serv ice prov ider

activ ities) , 2020.

⁵⁷¹ꢁ oint guidelines on cooperation and information exchange for the purpose of Directive (EU) 2015/84 9 between competent

authorities supervising credit and financial institutions, No ꢁ C 2019 81 » of 16 December 2019.

⁵⁷²Registration Duties, Estates and VAT Authority.

⁵⁷³Natural or legal persons trading in goods, only to the extent that the payments are made in cash in an amount of €10 000

or more whenever a transaction is executed in a single operation or in several operations which appear to be linked.

151

Luxembourg National Risk Assessment

Mitigating factors

unit perform checks on customer due diligence practices, adequacy of internal management, risk

assessments performed and on cooperation with AML/CFT authorities. In 2019, the AED performed

82 on-site inspections and issued 58 fines for a total value of €622 750, with an average fine equal to

~€10 600. For the prevention and awareness component of the AED supervision mission, the AED

engages with the private sector through bilateral meetings, trainings, conferences, sending

questionnaires to supervised entities and publishing circulars. In 2018, the AED also published four

separate guides on professional obligations in the fight against ML and TF for most of its supervised

sub-sectors: accountants and tax advisors, dealers of goods, real estate and TCSPs.

Legal professions, chartered accountants and auditors in Luxembourg are supervised by dedicated

self-regulatory bodies (SR ꢀ s) for A ML/CFT purposes, namely (approved) statutory auditors

ꢐ “rév iseurs dꢒ entreprises ꢐ aꢀ réés) ” ) , (approved) audit firms ꢐ “cabinets de rev ision ꢐ aꢀ réés) ) , chartered

professional accountants ꢐ “ex perts-comptables” ) , notaries ꢐ “notaires” ) , lawyers ꢐ “av ocats” ) and

bailiffs ꢐ “h uissiers de ꢑ ustice” ) . As defined in the 2004 AML/CFT law, all SRBs are subject to the same

overarching AML/CFT obligations: ML/TF risk assessment, customer due diligence, adequate internal

organisation and cooperation requirements with the authorities. W hile supervisory powers are

broadly aligned across the SRBs, some powers and practices may differ, reflecting specificities of their

profession. Most SRBs have published AML/CFT standards for their supervised professionals, which

they update on a regular basis if AML/CFT requirements change (i.e. IRE, OEC, CdN, OAL, OAD, Cdꢄ ).

SRBs regularly organise trainings on AML/CFT topics for supervised professionals, some of which are

together with the director of the CRF (e.g. OAL/OAD and CdN). Some SRBs (such as IRE and OAL) have

established a formal whistleblowing process. As of 2020, most SRBs (i.e. IRE, OEC, CdN, OAL, Cdꢄ ) have

started implementing a more formalised consistent risk-based approach that assesses entity-level risk

based on information obtained via an annual AML/CFT questionnaire sent to their supervised

professionals. SRBs conduct reviews performed by controllers employed by the SRBs and peer

reviewers. SRBs may sanction supervised entities for non-compliance with their AML/CFT obligations.

The 2020 amendments of the 2004 AML/CFT law aligned the supervisory and sanctioning powers

across SRBs. In practice, SRBs focus on following up inspections that have found deficiencies.

A range of professions in Luxembourg are authorised to conduct at least one (or more) of what the

2004 AML/CFT Law defines as trusts & Corporate Service Providers (TCSPs) activities. Several factors

are in place to mitigate the risks of TCSP services. First, all the professionals that provide TCSP services

are supervised on AML/CFT by one of Luxembourg’ s competent authorities (CSSF, CAA, AED) or self-

regulatory bodies (OAL, OAD, IRE, OEC). All professionals providing TCSP services need to follow the

AML/CFT professional obligations under the 2004 AML/CFT Law and, as of March 2020, are required

to register with the related competent authority or SRB. Lastly, competent authorities, self-regulatory

bodies and other national agencies have taken specific measures to mitigate the ML/TF vulnerabilities

of TCSPs and TCSP activities, including for example questionnaires drafted by SRBs for their supervised

professionals (lawyers, auditing profession and chartered professional accountants), which were sent

out between February and May 2020.

Several factors contribute to mitigating ML/TF risks for Luxembourg’ s legal entities and

arrangements. All legal entities incorporated in Luxembourg must be registered with the R egistre de

commerce et des socié té s (RCS). The RCS counts 165 869 legal entities in the registry as of February

2020. Information available in the registry slightly differs by type of company. As of 2019, the RCS is

managed by the Luxembourg ꢀ usiness R egister (LBR). As per the Beneficial Ownership law⁵⁷⁴, all legal

entities – with the exception of sole traders and Fonds d’ investissements alternatifs ré servé s (FIAR) –

are under the obligation to fill out the newly created R egistre des bé né ficiaires effectifs (RBE) register

with ultimate beneficial ownership information. In line with 5^thAMLD requirements on BO registry,

the RBE is ꢅ accessible in all cases to competent authorities and the CRF; [ … ꢆ obliged entities [ … ꢆ ; any

⁵⁷⁴ꢁanuary, 13th 2019.

152

Luxembourg National Risk Assessment

Mitigating factors

member of the general public⁵⁷⁵” and includes ꢅ the details of beneficial interests held.” Legal

arrangements are not registered at the RCS, however in line with the 4 ^thAMLD, a centralised database

of beneficial ownership of fiducies and foreign trusts has been established under the AED by the Law

of 10 ꢁ uly 2020.

D etection activities are primarily driven by Luxembourg’ s financial intelligence unit, the Cellule de

renseignement financier (CR F). Its responsibilities include receiving and analysing AML/CFT

information and disseminating the intelligence it gathers to the relevant authorities. The CRF is an

independent agency headed by magistrates who operate independently and autonomously. The

administrative independence of the CRF was established in 2018: Before, the CRF sat within the State

Prosecutor’ s Office at the Luxembourg District Court. Magistrates of the CRF carry out their tasks

independently, manage their secure portal for the filing of suspicious transaction reports (STRs),

decide which operational or strategic analyses to perform and disseminate information as appropriate

(to national or international authorities). Furthermore, they have the power to freeze cash at borders

(upon indication and apprehension by the customs administration, ADA) for up to three months, and

to freeze funds upon suspicions (for instance, as those received via STRs or cooperation with other

FIUs) for an unlimited period of time⁵⁷⁶. They have direct and indirect access to a wide range of

databases and have significant IT capabilities (including a secure channel for STR filing and various

analytical tools).

As per the 2004 AML/CFT law, all professionals, their directors and employees have the obligation to

report suspicious transactions, including attempted suspicious transactions, regardless of the amount

of the transaction, to the CRF. Furthermore, legal provisions in place provide that all supervisors,

professionals and self-regulatory bodies are allowed to report suspicions to and share information

with the CRF, without professional secrecy obligations applying and with identity protection. The

number of STRs submitted to the CRF has increased rapidly in recent years, from around7 000 in 2014

to roughly50 000 in 2019, as shown in the figure below. Lastly, the CRF regularly meets with national

supervisors and SRBs to exchange feedback on the number and quality of STRs and support in

awareness-raising and training sessions. It integrates the Egmont Group and participates in multiple

international fora.

Figure 1 6 : CR F – ꢀ reakdown of suspicious transaction reports (STR s) received – 2 0 1 4 –2 0 1 9 ^{5 7 7}

⁵⁷⁵Companies can request their data not to be accessible to the general public under certain circumstances – see below

⁵⁷⁶The Law of 10 August 2018 extended CRF’ s freezing powers, making the validity period of a freezing is no longer limited

in time. Before the validity period was limited to 6 months

⁵⁷⁷CRF rapports d’ activité 2014 -19.

153

Luxembourg National Risk Assessment

Mitigating factors

W hile the A dministration des Contributions D irectes (A CD ), Luxembourg’ s direct tax administration

(e.g. income tax), is not an AML/CFT competent authority, it plays an important role in supporting the

detection efforts. The ACD has relevant tax review processes in place and information sharing that

contributes to reduce the likelihood of tax crimes and increase the probability of detection should

these occur.

Prosecution authorities conduct all necessary actions to investigate and prosecute criminal offenses

and recover crime-related assets. The General State Prosecutor ꢐ “P rocureur ꢀ énéral dꢒ Etat” )

represents the prosecution authorities in person or through his or her deputies before the Court of

Cassation and the Court of Appeal. The state prosecutors represent in person or through their

substitutes the prosecution authorities before the District Courts and the Police Courts. The State

Prosecutor receives complaints and denunciations (including dissemination reports from the CRF) and

assesses the action to be taken on them. ꢄ e or she takes or causes to be taken all necessary steps to

ascertain the truth and to prosecute violations of criminal law. The State Prosecutor supervises to this

end the activities of the judicial police in preliminary investigations and may transfer the case to an

Investigative ꢁ udge to conduct a judicial inquiry if coercive measures are required or if the offence is

a crime that cannot be decriminalised (based on a ꢅ requisition” ).

I nvestigative judges are not part of the prosecution authorities and, as such, remain independent.

Investigative judges may order measures that restrict individual freedoms (i.e. coercive measures)

such as provisional detention, searches and seizures. The judicial police execute the investigations as

per orders of state prosecutors or investigative judges, and can use a wide range of investigative

techniques (including undercover operations, intercepting communications, accessing computer

systems, etc.), if ordered to do so. Investigative judges have the means to access or request relevant

information within inquiries, including to the financial sector.

The powers of Investigative ꢁ udges, when providing major mutual legal assistance, and State

Prosecutors, when providing ancillary mutual legal assistance, are identical for both domestic and

foreign cases. In fact, given Luxembourg’ s open economy and significant share of international funds,

a considerable part of their activities relates to mutual legal assistance (MLA) and other forms of

international cooperation (such as among asset recovery offices). ML and TF are both criminalised in

Luxembourg, with the definition of offences and penalties having been expanded in recent years.

Prosecution for ML does require the demonstration, at least in an implicit but certain manner, of the

existence of the constituent elements of the underlying predicate offence (in particular the criminal

origin of the pecuniary advantages as well as the circumstance that the defendant was aware of this

criminal origin) but not the prosecution of the predicate offence, and can also be based on predicate

offences committed abroad.

Since the previous mutual evaluation, the number of investigations, prosecutions and convictions for

ML/TF has significantly increased. In 2019, the public prosecutorꢃ s offices prosecuted 321 persons for

ML/TF offenses. In the same year, the courts convicted 355 persons for ML/TF, while 256 judicial

investigations for ML/TF were opened. It should be noted that most of the convictions in 2019 relate

to prosecutions initiated before 1 ꢁ anuary 2019, which is why the number of convictions is higher than

the number of prosecutions. The majority of prosecutions related to offences on drug trafficking,

robbery or theft, and fraud and forgery, and related to self-laundering cases (i.e. cases where the ML

offence is prosecuted on the perpetrator associated with the offence itself and not stand-alone ML).

154

Luxembourg National Risk Assessment

Mitigating factors

Table 3 0 : Persons investigated/prosecuted and convicted for ML/TF (2 0 1 5 –2 0 1 9 )^{5 7 8}

2015

2016

2017

2018

2019

ML/TF new notices⁵⁷⁹

1 071

1 006

677

549

653

ML/TF investigation

(Investigative judge;

information)

475

375

282

290

256

ML/TF prosecutions

ML/TF convictions⁵⁸⁰

324

260

352

267

260

264

291

353

321

355

Recovering proceeds and benefits of domestic and foreign crimes is a priority for Luxembourg. State

prosecutors and investigative judges have the power to identify and trace the proceeds, benefits and

instrumentalities of a predicate offence during a preliminary investigation or judicial inquiry (but not

after conviction). Proceeds, benefits and instrumentalities can be seized or confiscated upon

conviction (whereby the perpetrator forgoes ownership over his assets, which are transferred to the

state). In the period 2017-2019, ML/TF related seizures totalled approximately €104 million for

domestic cases, and around €663 million for foreign cases (i.e. following mutual legal assistance

requests (MLA) received); most of these relate to fraud and forgery, corruption and bribery, illicit

goods trafficking and participation in organised crime.

Table 3 1 : Summary of ML/TF-related seizures, 2 0 1 7 –2 0 1 9 (€ million)^{5 8 1}

2 0 1 7

2 0 1 8

2 0 1 9

2 0 1 7 –1 9 (sum)

ML/TF-related seizures

Domestic cases

1.7

9.5

93.2

104 .4

662.7

Seizures following an

MLA received

22.7

180.8

4 59.3

Luxembourg’ s A sset R ecovery O ffice (A R O )⁵⁸²is part of the State Prosecutor’ s Office at the

Luxembourg District Court and is responsible for identifying and tracing assets linked to foreign crimes,

facilitating the exchange of information with foreign authorities and advising prosecution authorities,

Investigative ꢁ udges and ꢁ udicial Police on measures to take within investigations of foreign crimes.

Moreover, the A dministration des D ouanes et A ccises (A D A ), the customs administration, has the

authority to temporarily (up to 24 hours) seize undeclared cash > €10 000 or cash suspected as crime

proceeds or instrumentalities (at borders); upon reporting this to the CRF, and upon CRF’ s instruction,

cash can be held seized for up to three months. Luxembourg’ s Asset Recovery Office (ARO) is part of

the judicial authorities and is responsible for identifying and tracing assets linked to foreign crimes,

facilitating the exchange of information with foreign authorities, and advising prosecution authorities

⁵⁷⁸General State Prosecutor’ s Office Statistical Service, data received in April 2020; sum of self-laundering, third-party ML,

standalone ML and terrorism & terrorist financing; relates to number of persons, not number of cases

⁵⁷⁹Prosecution authorities receive intelligence on ML/TF from a variety of sources (including Police, CRF, Ministries, AML/CFT

competent authorities). This is then recorded as a ꢅ new notice” in the ꢅ ꢁ UCꢄ A” case management system. A Prosecutor may

decide not to act upon that intelligence, or might launch a preliminary/judicial investigation, which can lead to court-run

legal proceedings, and ultimately convictions.

⁵⁸⁰Convictions are counted as per the year of the conviction (and not per year when the new notice was received)

⁵⁸¹General State Prosecutor’ s Office Statistical Service.

⁵⁸²Bureau de Recouvrement des Avoirs (BRA); on the basis of Decision 2007/84 5/ꢁ ꢄ A, each EU State is to set up or designate

a maximum of two Asset Recovery Offices to facilitate the tracing and identification of proceeds of crime and other crime-

related property that may become the object of a freezing, seizure or confiscation order made by a competent judicial

authority in the course of criminal or civil proceedings.

155

Luxembourg National Risk Assessment

Mitigating factors

on measures to take within investigations of foreign crimes. Investigations into financial matters of

offences with the aim of asset recovery are typically performed by the ꢁ udicial Police Service along the

judicial process during the investigation phase.

Finally, international cooperation is at the centre of Luxembourg’ s A ML/CFT approach given its open

economy and diverse working population. This is ensured at the level of each competent authority

(via membership in relevant international groups as well as information sharing mechanisms), law

enforcement agencies (police cooperation), prosecution authorities (ancillary legal assistance

requests), investigative judges (major legal assistance and EAW ), Moꢁ (extraditions) and exchanges

with other asset recovery offices (ARO), as well as national level conventions and bilateral and multi-

lateral treaties. Importantly, Luxembourg has ratified/signed the Vienna Convention⁵⁸³, the Palermo

Convention⁵⁸⁴, the Terrorist Financing Convention⁵⁸⁵, the Merida Convention⁵⁸⁶, the Council of Europe

Convention on Cybercrime (2001) and the Council of Europe Convention on Laundering, Search,

Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism⁵⁸⁷. In 2017 to

2019, the General State Prosecutor has received approximately 500 MLAs per year (of which around

110 per year were ML-related). In 2019, 39 extradition requests were executed from Luxembourg to

another country (and 102 from another country to Luxembourg), 41 assistance requests were received

by the Asset Recovery Office, and ~1 000 police-to-police ML/TF related messages were exchanged

with foreign counterparts.

⁵⁸³UN Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances, 1988.

⁵⁸⁴UN Convention against Transnational Organized Crime, 2000 (and the Protocols Thereto).

⁵⁸⁵International Convention for the Suppression of the Financing of Terrorism 1999 – adopted by the General Assembly of

the UN in resolution 54/109 of 9 December 1999.

⁵⁸⁶UN Convention against Corruption, 2005.

⁵⁸⁷W arsaw Convention - Treaty No. 198 – Council of Europe Convention on Laundering, Search, Seizure, and Confiscation of

the Proceeds from Crime and on the Financing of Terrorism.

156

Luxembourg National Risk Assessment

Mitigating factors

7.2. Criminalisation of predicate offences and ML/TF

Money laundering, related predicate offenses and terrorist financing are criminalised under

Luxembourg law. This section describes the criminalisation of these offences.

The offence of money laundering is in essence the act of knowingly facilitating deceit as to the nature,

origin, location, disposal, movement or ownership of any kind of asset obtained criminally. The

definition of money laundering under current law includes^588,589:

•

K nowingly concealing the nature, origin, ownership, placement or movement of goods linked to a

predicate offence

K nowingly supporting the placement, integration or layering of goods linked to a

predicate offence

K nowingly purchasing, holding or reusing goods linked to a predicate offence

The offence of money laundering requires an underlying predicate offence. Luxembourg case law

requires that ”th e trial ꢑ udꢀ es, seiz ed oꢃ a prosecution ꢃ or th e oꢃ ꢃ ence oꢃ money launderinꢀ , must

establish , at least in an implicit but certain manner, th e ex istence oꢃ th e constituent elements oꢃ th e

predicate oꢃ ꢃ ence, in particular th e criminal oriꢀ in oꢃ th e pecuniary adv antaꢀ es as w ell as th e

circumstance th at th e deꢃ endant w as aw are oꢃ th is criminal oriꢀ in”⁵⁹⁰. ML is also punishable when the

primary offence has been committed abroad. ꢄ owever, excluding offences for which the law allows

proceedings to be brought even if they are not punishable in the State in which they were committed,

this offence must be punishable in the state in which it was committed⁵⁹¹. A list of offenses for which

the law allows proceedings to be brought even if they are not punishable in the state in which they

were committed is provided for in article 5-1 of the CPP. ML is also punishable when the perpetrator

is also the perpetrator of or accomplice in the primary offence.

If committed by a natural person, ML is punished by a prison sentence of one to five years and/or a

fine of between €1 250 and €1.25 million. The penalty amounts to 15 to 20 years and/or a fine of

between €1 250 and €1.25 million if the perpetrator is involved in the main or ancillary activity of an

association or organisation. Other ancillary penalties, i.e. special confiscation, closure of a company

⁵⁸⁸En v ertu de lꢒ article 506 -1 du C ode pénal, lꢒ inꢃ raction de blanch iment est déꢃ inie comme suit ꢘ…] :

-

C eux qui ont sciemment ꢃ acilité, par tout moy en, la ꢑ ustiꢃ ication mensonꢀ è re de la nature, de lꢒ oriꢀ ine, de

lꢒ emplacement, de la disposition, du mouv ement ou de la propriété des biens v ises ꢔ lꢒ article ꢎ 1, paraꢀ raph e ꢌ , point

1° , ꢃ ormant lꢒ obꢑ et ou le produit, direct ou indirect de ꢘ liste dꢒ inꢃ ractions primaires] ou constituant un av antaꢀ e

patrimonial quelconque tiré de lꢒ une ou de plusieurs de ces inꢃ ractions;

C eux qui ont sciemment apporté leur concours ꢔ une opération de placement, de dissimulation, de déꢀ uisement,

de transꢃ ert ou de conv ersion des biens v ises ꢔ lꢒ article ꢎ 1, paraꢀ raph e ꢌ , point 1° , ꢃ ormant lꢒ obꢑ et ou le produit,

direct ou indirect, des inꢃ ractions énumérées au point 1) de cet article ou constituant un av antaꢀ e patrimonial

quelconque tiré de lꢒ une ou de plusieurs de ces inꢃ ractions

C eux qui ont acquis, détenu ou utilisé des biens v ises ꢔ lꢒ article ꢎ 1, paraꢀ raph e ꢌ , point 1° , ꢃ ormant lꢒ obꢑ et ou le

produit, direct ou indirect, des inꢃ ractions énumérées au point 1) de cet article ou constituant un av antaꢀ e

patrimonial quelconque tiré de lꢒ une ou de plusieurs de ces inꢃ ractions, sach ant, au moment où ils les recev aient,

quꢒ ils prov enaient de lꢒ une ou de plusieurs des inꢃ ractions v isées au point 1) ou de la participation ꢔ lꢒ une ou plusieurs

de ces inꢃ ractions

589

Article 8-1 of the 1973 Drug Trafficking Law defines the money laundering offence with regards to drug trafficking (as

defined in Article 8 a. and b. of the same law). The definition of money laundering under this law is quasi-identical to the

money laundering definition as per Article 506-1 of the Penal Code.

⁵⁹⁰Court of Appeal 3 ꢁune 2009, Pas. 34, p.636.

591

Article 506 -ꢎ “ꢉ es inꢃ ractions prév ues ꢔ lꢒ article 506 -1 sont éꢀ alement punissables lorsque lꢒ inꢃ raction primaire a été

commise ꢔ lꢒ étranꢀ er. ꢅ outeꢃ ois, ꢔ lꢒ ex ception des inꢃ ractions pour lesquelles la loi permet la poursuite mê me si elles ne sont

pas punissables dans lꢒ Etat où elles ont été commises, cette inꢃ raction doit ê tre punissable dans lꢒ Etat ou elle a été commise”.

157

Luxembourg National Risk Assessment

Mitigating factors

or business, publication or display, at the convicted person’ s cost, of the conviction or a copy thereof,

prohibition to exercise certain professional or social activities, are applicable.

If ML is committed by a legal person, the maximum rate of the fine is increased tenfold. A prison

sentence does not apply but other ancillary penalties (i.e. special confiscation, exclusion from bidding

for public tenders and concession contracts, winding up) are applicable.

Repeat offenders of money laundering may be sentenced to double the maximum legal penalty.

The list of predicate offences includes, on the one hand, a restrictive enumeration of specific articles

of the Penal Code or special laws and, on the other hand, an exhaustive reference to any offence

punishable by deprivation of liberty for a minimum of more than six months⁵⁹². Since ꢁ anuary 2017,

the list includes two tax crimes, aggravated tax fraud⁵⁹³and tax swindling⁵⁹⁴, while simple tax evasion

is sanctioned by the competent tax administration and does not come within the provisions of criminal

law. The law has introduced thresholds to distinguish simple tax fraud from aggravated tax fraud and

tax swindling. Note that the predicate offense of tax swindling was criminalised back in 1993, while

aggravated tax fraud was introduced by the 2017 Tax Reform Law.

Terrorism and terrorist financing offenses provided for in articles 112-1, 135-1 to 135-6, 135-9 and

135-11 to 135-16 of the Penal Code are, on one hand, autonomous offenses and, on the other hand,

predicate offenses to ML provided for in article 506-1 of the Penal Code. The scope of terrorism and

TF has been broadened many times (in 2010, 2012 and 2015) to include the financing of a terrorist

act, the financing of a terrorist individual or group, participation in a terrorist group, active and passive

terrorist recruitment, active and passive terrorist training, travel for terrorist purposes, etc.. In

particular, terrorist financing is captured in Article 135-5, and relates to intentionally providing funds

of any nature to commit a terrorist act or finance a terrorist individual or group, directly or indirectly

(even if not linked to a specific act).

Anyone who commits a terrorist act as defined in article 135-1 of the Penal Code is punished by a

criminal sentence 15 to 20 years. ꢄ e receives a life sentence if this act led to the death of one or more

individuals.

Anyone who, wilfully and knowingly, is an active member of a terrorist group, is punished by a prison

sentence of one to eight years and/or a fine of between €2 500 and €12 500, even if he did not intend

to commit an offence as part of this group or be involved as a perpetrator or accomplice.

Anyone involved in the preparation or execution of any unlawful activity by a terrorist group, knowing

that his involvement would contribute towards the group’ s objectives, is punished by a prison

sentence of one to eight years and/or a fine of between €2 500 and €12 500.

Anyone involved in any decision-making as part of a terrorist group, knowing that his involvement

would contribute towards the group’ s objectives, as described in the previous article, is punished by

a criminal sentence of five to ten years and/or a fine of between €12 500 and €25 000.

Any leader of a terrorist group is punished by a criminal sentence of 10 to 15 years and/or a fine of

between €25 000 and €50 000.

Anyone who has committed an act of terrorist financing as described in sub-paragraph (1) of article

135-5 (financing of terrorist acts) receives the same sentences as those provided for in the articles

referred to in sub-paragraph (2) of article 135-5, following the distinctions made in these articles.

⁵⁹²Captured in article 506-1 item 28 of the Penal Code : “de toute autre inꢃ raction punie dꢒ une peine priv ativ e de liberté dꢒ un

minimum supérieur ꢔ 6 mois”.

⁵⁹³W ithin the meaning of Article 396 (5) of the General Tax Law.

⁵⁹⁴W ithin the meaning of Article 396 (6) of the General Tax Law.

158

Luxembourg National Risk Assessment

Mitigating factors

Anyone who has committed an act of terrorist financing as described in sub-paragraph (3) of article

135-5 (financing of a terrorist individual or group) shall receive the same sentences as those provided

for in article 135-2, following the distinctions made therein.

No punishment is imposed on anyone who, before attempting to commit the offences referred to in

articles 112-1, 135-1, 135-2, 135-5, 135-6, 135-9 and 135-11 to 135-16 and before any proceedings

have begun, informs the authorities of action taken in preparation for the offences referred to in these

articles or of the identity of the individuals who took this action.

In the same circumstances, custodial sentences are reduced in the manner and to the extent described

in article 52 where, after proceedings have begun, the defendant has named perpetrators whom the

authorities had previously been unable to identify.

No punishment shall be imposed on anyone convicted of membership of a terrorist group who, before

attempting terrorist acts in the group’ s name and before any proceedings have begun, informs the

authorities of this group’ s existence and names its lead and deputy commanders.

For a natural repeat offender of terrorism and TF acts the following rules do apply:

Anyone who, after having been convicted of a criminal sentence, commits another crime that carries

a prison sentence of five to 10 years may be handed down a prison sentence of 10 to 15 years.

If the crime carries a prison sentence of 10 to 15 years, the perpetrator could receive a prison sentence

of 15 to 20 years.

If the crime carries a prison sentence of 15 to 20 years, the perpetrator shall receive a prison sentence

of at least 17 years.

Legal persons can also be punished for terrorism and TF. Article 36 of the Penal Code provides, in a

general manner, that, in criminal matters, the maximum fine applicable to legal persons is €750 000.

Article 37 of the same code provides that the maximum imposed under the provisions of article 36 in

quintuples in cases where the legal person is criminally liable for certain offenses including acts of

terrorism and TF. That raises the maximum fine for terrorism and TF to €3.75 million.

Convicting a legal person of an offence does not preclude natural persons involved in the offence from

being convicted for the same offence.

159

160

161

162

163

Luxembourg National Risk Assessment

Emerging risks, evolving risks and challenges

8.

E ME R ꢁ I N ꢁ RISKS, E V O LV I N ꢁ R I SK S A N D CH A LLE N ꢁ E S

In this section, the NRA focuses on the main emerging and evolving risks that Luxembourg is likely to

be increasingly exposed to in the future and that will require coordination, supervisory, detection and

prosecution authorities to monitor and prepare for going forward. These relate to emerging, evolving

and/or unforeseen risks with some impact at present in Luxembourg, but with a future impact that is

not fully known, growing or rapidly evolving.

K ey emerging and evolving vulnerabilities include VASPs, new payment methods and entities moving

from the UK to Luxembourg in the context of Brexit. K ey emerging and evolving threats include

cybercrime and online extortion. There are also significant developments in advancing technologies

applied to AML/CFT mitigating controls, which in turn give rise to dynamic ML/TF risk. An overview is

provided below.

8.1. Emerging and evolving vulnerabilities

8 .1 .1 . V irtual assets (V A s) and virtual assets service providers

(V A SPs)

At the international level, the global virtual assets (VAs) and virtual asset service providers (VASPs)

space has expanded rapidly over the past five years. The increased number of VA and VASP types has

been accompanied by an increased volume of VA users, transactions and revenues. The number of

VAs users increased from 4 5 million in 2016 to at least 139 million by 2019⁵⁹⁷. The VASP industry

servicing VA users has also expanded rapidly, with VA exchanges generating multi-billion revenues in

2019⁵⁹⁸.

Luxembourg’ s role as a global financial, investment and international payments centre, together with

its stable regulatory framework, provides an attractive environment for new and established financial

technology firms. Luxembourg has a track record of financial innovations and is committed to

providing a productive and supportive environment for innovative finance businesses⁵⁹⁹

.

Furthermore, Luxembourg’ s domestic market offers a certain level of demand for VA related services.

According to various surveys, 4 -8% out of ~600 000 of Luxembourg residents own VAs^600,601. Those

factors contributed to VA-related activity being present in Luxembourg. It would include VASPs, such

as centralised exchanges, and non-VASP firms developing technologies that are related to VAs. Since

the adoption of the 2020 AML/CFT Law, several entities have applied for a VASP registration. As of

August 2020, no entity has been registered yet in Luxembourg for such activities. Given the high

adoption rate of VAs and new technologies in Luxembourg, there exists also a risk of VASPs established

in other jurisdictions but providing services in Luxembourg and thus requiring to be registered in

Luxembourg being abused or misused for ML/TF purposes.

Increased user adoption of VAs and their inherent technological features has led to a significant uptake

of VAs for ML/TF activities. As described in the ꢅCross-cutting vulnerabilities” section on virtual assets,

VAs may be abused/misused by criminals to power illegal products, marketplaces and investment

⁵⁹⁷Cambridge Centre for Alternative Finance, ꢌ^ndG lobal C ry ptoasset ꢋ ench mark inꢀ Study , December 2018.

⁵⁹⁸Messary Crypto, Estimating ꢅ Real 10” Exchange Revenue, 11 April 2019.

⁵⁹⁹Luxembourg for Finance, link.

⁶⁰⁰Statista, ꢄow many customers ow n cry ptocurrency ? , August 2018.

⁶⁰¹TNS Ilres, ꢉ e concept des cry pto-monnaies au ꢉ ux embourꢀ , February 2018.

164

Luxembourg National Risk Assessment

Emerging risks, evolving risks and challenges

fraud schemes, the combined revenues of which exceeded ꢂ 1 billion in 2019⁶⁰². VAs are also

increasingly used by terrorist financing groups, cybercriminals and sexual exploitation profiteers ⁶⁰³

.

Globally, several jurisdictions and international bodies have recognised the rising ML/TF threat of VAs

and VASPs. FATF highlighted virtual currencies as one of the key emerging risks to ML and TF, and in

particular offences of tax evasion and fraud⁶⁰⁴. The EU Supranational Risk Assessment recognised Vas’

and VASPs’ rising risk to ML/TF purposes⁶⁰⁵. Further, some countries have explicitly analysed the

vulnerability of VAs and VASPs and published correspondent risk assessments, highlighting the threat

of VAs being misused or abused for terrorist financing, investor fraud, drug trafficking and other

predicate offences.⁶⁰⁶Note that as of ꢁ uly 2020, the Ministry of ꢁ ustice is in the process of conducting

a separate vertical risk assessment on VASPs in close collaboration with the CSSF, the CRF and different

Luxembourgish private-sector entities.

In recent months, competent authorities have been setting up mitigating actions to manage the risks

of VASPs. Specifically, the CSSF became the dedicated supervisory authority for VASPs for AML/CFT

purposes by the 2020 AML/CFT Law of 25 March 2020 and has been granted with powers to take

supervisory measures including, among others, conducting off-site supervision and on-site

inspections, and imposing sanctions in case of non-compliance with the AML/CTF regulations. On 9

April 2020, the CSSF issued a “communiqué” detailing the registration process for VAs established in

Luxembourg or providing their services in Luxembourg⁶⁰⁷. W hile some files are pending approval by

the CSSF, at the time of writing of this report, no VASP has been registered yet.

Over past years, the CSSF has also published several general and entity-specific warnings on VASPs

and VAs that falsely claim to have a license in Luxembourg. CRF exchanges information with entities

functioning in Luxembourg, which report suspicious transactions, and coordinates work with

international financial intelligence entities.

Given the rapid expansion in this sector in recent years, and the change in Luxembourg regulatory

environment (both described above), it is possible that the number and different types of VASPs

established or providing services in Luxembourg will increase. The potentially growing diversity of

the VASP landscape will impact associated ML/TF risks and challenges, which should continue to be

monitored going forward.

8 .1 .2 . U se of new payment methods

New payment methods (NPMs) are continuously being developed and launched by a variety of

players, ranging from emerging innovators (e.g. FinTechs) to traditional entities (e.g. banks or

payment/e-money institutions). Both internationally and in Luxembourg, payment preferences are

changing to accommodate the need for ease of payment both online and at point of service⁶⁰⁸, which

in turn has led to an increase in innovative NPMs.

These NPMs can be categorised into those that extend the traditional electronic payment methods

(e.g. prepaid cards, internet banking and mobile payments); and those that are not linked to the

traditional payment methods on offer (e.g. physical electronic wallet, online and mobile payments

that are not directly linked to a bank account, digital precious metals, and virtual currencies). NPMs

⁶⁰²Ciphertrace, Q 4 ꢌ 019 C ry ptocurrency Anti-ꢈ oney ꢉ aunderinꢀ Report, February 2020.

⁶⁰³Chainalysis, ꢌ0ꢌ0 Crypto Crime Report, ꢁ anuary 2020.

⁶⁰⁴FATF Report, V irtual currencies – k ey deꢃ initions and potential Aꢈ ꢉ ꢍ C ꢂ ꢅ risk s, ꢁune 2014.

⁶⁰⁵European Union Supranational Risk Assessment Update, ꢁ uly 2019.

606

For example: Swiss Interdepartmental Coordinating Group on Combating Money Laundering and the Financing of

Terrorism (CGMF), Risk oꢃ money launderinꢀ and terrorist ꢃ inancinꢀ posed by cry pto assets and crow dꢃ undinꢀ , 2018.

⁶⁰⁷CSSF, C ommuniqué on v irtual assets, v irtual asset serv ice prov iders and th e related reꢀ istration process (link).

⁶⁰⁸See, for example: W orldpay, G lobal P ay ments Report, 2020 (link); and ꢁ .P. Morgan, ꢌ 019 G lobal P ay ments ꢅ rends Report

– ꢉ ux embourꢀ C ountry ꢁ nsiꢀ h ts, 2019 (link).

165

Luxembourg National Risk Assessment

Emerging risks, evolving risks and challenges

are available in Luxembourg and allow users to make payments to merchants associated with the

network both at the point of sale or online⁶⁰⁹, and SEPA cards, a payment-integration initiative of the

EU which enables customers to make cashless euro payments from a single payment account under

the same conditions as domestic payments, independently of the country of destination within the

SEPA-members⁶¹⁰

.

There are a number of ML/TF risks that arise in relation to NPMs⁶¹¹, which include (but are not limited

to):

•

Exploitation of the non-face-to-face nature of NPM accounts, by both making use of truly

anonymised products (i.e. without any customer identification) and by abusing personalised

products (i.e. circumventing verification measures by using fake or stolen identities). FATF’ s recent

guidance on digital identity notes that ꢅ the growth in digital financial transactions requires a

better understanding of how individuals are being identified and verified” and provides guidance

on how to apply customer due diligence measures to digital ID systems for verification onboarding

and authentication;⁶¹²

•

ꢄ igh levels of interaction with third parties. This includes the reliance on third-party funding

(including strawmen and nominees) and provision of services with third parties (e.g. card program

managers, sellers, retailers) which are often outside the scope of AML/CFT legislation;

Inability to comply with AML/CFT obligations in relation to recordkeeping, customer screening and

reporting requirements either due to cross-border operations or immaturity of the NPM itself may

lead to increased abuse for ML/TF purposes; and

The high negotiability of some NPMs (i.e. that they are widely accepted), ease of transport (i.e. in

digital form or via pre-paid card instead of bulk cash) and easy access to cash through ATMs render

prepaid cash cards and other NPMs vulnerable to abuse for ML/TF purposes.

As the number and variety of NPMs continues to increase in coming years, entities must assess ML/TF

risks before launching an NPM and continue to monitor the ML/TF risks associated with these

advances.

8 .1 .3 . ꢀ rexit: Entities moving from U K to Luxembourg

The United K ingdom (UK ) voted to leave the European Union (EU) in ꢁ une 2016. The vote was followed

by a period of negotiation both between the UK and the EU, and within the UK government to agree

the ꢅ W ithdrawal Agreement” . On 31 ꢁ anuary 2020, the UK left the EU and entered a transition period

that is due to expire at the end of the year. During this period, current rules on trade, travel and

business for the UK and EU will apply whilst the UK and EU negotiate additional arrangements, with

new rules taking effect on 1 ꢁ anuary 2021.

The result of the UK referendum led to a sustained period of political uncertainty, during which several

UK-based entities made the decision to relocate the entirety or parts of their business to maintain

their link with the single market. Entities across a number of sectors have moved (parts of) their

business to Luxembourg, in particular: insurance entities, investment management entities, credit

institutions, and alternative asset managers. For example, in 2019, 12 insurance entities relocated

from the UK to Luxembourg due to Brexit, increasing the revenues of non-life insurance undertakings

by more than double and increasing premia written by life insurance undertakings by more than 15%

⁶⁰⁹https://www.digicash.lu/en/

⁶¹⁰See, for instance: European Commission (link).

⁶¹¹See for instance, FATF, ‘ ꢈ oney launderinꢀ usinꢀ new pay ment meth odsꢒ report, 2010 (link).

⁶¹²FATF, ꢄ iꢀ ital ꢁ dentity , 2020 (link).

166

Luxembourg National Risk Assessment

Emerging risks, evolving risks and challenges

due to a UK life insurance company transferring a portfolio with a value of approximately €2 billion to

Luxembourg.

This growth, however, has not significantly changed the overall ML/TF risk of the affected sub-sectors,

as most newcomers offer standardised products and services. W hilst it is expected that the impact of

Brexit on Luxembourg is tailing off and that there will be limited further developments, the situation

should continue to be closely monitored.

8.2. Emerging and evolving threats

8 .2 .1 . Cybercrime

Cybercrime is considered a significant threat for Luxembourg. W hile the likelihood is low, given a

significant investment in cybersecurity (rendering the country 11^thin the world for cybersecurity),⁶¹³

potential data breaches can have major consequences on data protection, confidentiality and

availability, with important social and economic costs.

Luxembourg’ s position as a cyber hub increases the likelihood that criminals (in Luxembourg and

abroad) commit fraud involving Luxembourg-based institutions and potentially launder the proceeds

of that fraud via Luxembourg. Cyber fraud (often coupled with cybercrime) is believed to be

increasing⁶¹⁴and the threat has been strengthened in the context of the global COVID-19 pandemic

(see below for further details).

8 .2 .2 . Online extortion

Though few cases of extortion have been reported since 2016, there have been a few significant cases

of online extortion in recent years. Online extortion is a crime in which criminals hold data, websites,

computer systems or other sensitive information until their demands (e.g. for payment or sexual

favours) are met. It may take the form of ransomware or a distributed denial-of-service attack.

According to the Computer Incident Response Centre Luxembourg (CIRCL), a government-driven

initiative providing a systematic response facility to computer security threats and incidents, an

increasing number of attempted online scams since 2018⁶¹⁵.

Given the increasing reliance on online services for social interaction, information and purchasing of

goods both globally and in Luxembourg⁶¹⁶, the threat of online extortion is also likely to increase as

criminals continue to develop new ways to exploit the growing pool of potential victims.

8.3. Developments regarding mitigating factors

Regulators and supervised entities have increasingly been seeking technology-enabled solutions to

the challenges of effectiveness and efficiency of some long-standing AML/CFT controls (e.g. those

relying on rule-based analysis and manual mechanisms, excessive volumes of false positive alerts in

monitoring systems, processing increasing levels of structured data).

⁶¹³ITU 2019, G lobal C y bersecurity ꢁ ndex , based on legal, technical, organisation, capacity building and cooperation pillars.

614

Thomson Reuters, C y bercrime, ꢂ inancial ꢃ raud and money launderinꢀ : understandinꢀ th e new th reat landscape, 2013

(link).

⁶¹⁵Circl.lu, 2018 (link), Luxembourg Times, 2018 (link).

616

See, for instance: The Next W eb, ꢄ iꢀ ital trends ꢌ 0ꢌ 0, 2020 (link) and DATAREPORTAL, ꢄ iꢀ ital ꢌ 0ꢌ 0: ꢉ ux embourꢀ , 2020

(link).

167

Luxembourg National Risk Assessment

Emerging risks, evolving risks and challenges

Such technologies include blockchain and artificial intelligence and can be used to improve AML/CFT

regulatory reporting, risk management, identity management and control, compliance and for

transaction monitoring. Some emerging use cases are provided below:

•

Customer due diligence: Digital identification and verification technologies in general adopt a two-

stage approach: (1) validation of the customer’ s identity document; and (2) confirmation that the

customer is indeed the owner of the document. Advanced technologies enable supervised entities

to fulfil their AML/CFT obligations in relation to customer due diligence while improving customer

experience;

•

Transaction monitoring: Machine learning technologies serve to reduce the large volume of

transactions often wrongly identified by rules-based monitoring systems applied by entities and

enable human resource to analyse higher value work; and

Network identification: Applying advanced data-mining techniques to trace and identify networks

of transactions and counterparties linked to the customer may enable supervised entities and law

enforcement agencies to better identify suspicious activities related to ML/TF.⁶¹⁷

ꢄ owever, as regulators and supervised entities continue to embrace advanced technology to further

strengthen AML/CFT mitigating measures, the vulnerability to several predicate offences may increase

the ML/TF risk. For example, criminals may innovate approaches to cybercrime in parallel with the

advancements in regulatory technology. Advanced cyberattacks on these systems could impact

and/or disable an entities’ entire AML/CFT mitigation framework, increasing the risk that ML/TF

activity goes undetected, and may at the same time expose the entities themselves to ML/TF threats,

such as online extortion.

It is nonetheless expected that regulators and supervised entities will continue to expand their use of

advancing technologies to strengthen AML/CFT controls. As adoption of such technology increases, all

those engaged must consider and assess the associated ML/TF risks, and plan for appropriate

mitigation.

⁶¹⁷See, for instance: ꢄ ong K ong Monetary Authority, Reꢀ tech ꢊ atch , 2020 (link).

168

Luxembourg National Risk Assessment

Residual risk assessment

9.

R E SI D U A L R I SK A SSE SSME N T

The residual risk score is used to identify areas where Luxembourg remains exposed to the highest

level of ML/TF risk. It thus serves as a basis to develop and prioritize strategic actions, which can be

undertaken to further strengthen Luxembourg’ s AML/CFT regime and reduce ML/TF risk. The table

below provides an overview of the inherent and residual risk by sector assessed in this NRA.

Table 3 2 : R esidual risk assessment (at sector-level)