AML/CFT

Summary Report

RC - Practical

and technical

guidance

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

1/56

AML/CFT Summary Report RC - Practical and technical guidance

Contents

1.

Glossary and objectives

Who must submit the report?

2.2

When does an entity have to report?

S3 system reporting technical specifications

Annex I – Synopsis on information to be collected

“General Information” section

"Risk assessment” section

"Investment fund managers ("IFM")” section

"Funds” section

"Investors” section

"AML/CFT blocked investors” section

"Third-party distributors” section

"Third-party initiators” section

"External portfolio managers” section

"Intermediaries” section

"Third-party investment advisors” section

"PEPs” section

"Assets” section

"Branches/subsidiaries” section

"AML/CFT findings” section

Annex II – Codes required in the report for closed questions

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

2/56

Update information

Date

Version

1.0

Changes

29/02/2024

Publication of the document

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

3/56

1. Glossary and objectives

1.1

Glossary

Notion

Definition

CSSF Regulation 12-02 of 14 December 2012 on the fight against

money laundering and terrorist financing

RCSSF 12-02

RC

« Responsable du contrôle du respect des obligations

professionnelles »; in the RCSSF 12-02 also referred to as, the

compliance officer in charge of the control of compliance with the

professional obligations

A bucket is a container for objects. S3 stores data as objects

within buckets. An object is a file and any metadata that

describes the file. Each entity manages its own separate buckets

to be used for each report type.

Bucket

The “IT Expert” is an eDesk specific role that is granted by the

"Advanced User" of the entity to the person managing access to

the S3 API. A person with this role is responsible for creating,

viewing and revoking access keys.

IT Expert

SRRC

AML/CFT Summary Report RC

S3 – or “simple storage service” – is the object storage protocol

(through a web service interface) used by the CSSF for the file

exchange. In this context, S3 simply refers to the protocol for

managing object storage and does not rely on any services

provided by commercial cloud providers.

S3

1.2

Objectives

The general objective of this document is to provide practical and technical information

on the AML/CFT Summary Report RC (“SRRC”)

The first part of the document aims at providing information on the scope of the

reporting obligation and outlines the CSSF expectations on the manner in which the

information should be submitted to the CSSF.

The second part of the document aims at providing technical details in relation to the

SRRC:

•

Technical overview of the reporting system;

Data and file format of the reports;

Data validation and feedbacks.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

4/56

2. Scope

2.1

Who must submit the report?

This report is referred to in Articles 42 (6) and 42 (7) of the CSSF Regulation 12-02 of

14 December 2012 on the fight against money laundering and terrorist financing

("RCSSF 12-02") as amended.

This Report shall be prepared annually by the compliance officer in charge of the

control of compliance with the professional obligations, also referred to as the

“Responsable du contrôle du respect des obligations professionnelles” or the “RC”.

This Report needs to be completed if you are:

•

A designated Investment Fund Manager ("IFM");

A self-managed fund;

A fund managed by a foreign IFM.

This Report shall be submitted to the CSSF by either one of the following eDesk users

(hereafter the “submitters”):

•

AML/CFT Responsible;

Conducting officer;

Board Member.

2.2

When does an entity have to report?

The submitters are required to submit the Report every year 5 months after the closing

of the financial year-end.

Please note, that within these 5 months, the submitters may submit the report and

update any previously submitted instances of this report. Once the 5 months are

lapsed, no further modification of the report is possible anymore.

3. Practical guidance

Please refer to Annexes I & II.

4. Technical guidance

The SRRC can be submitted through two different channels:

•

via an online form available on the eDesk platform;

via the S3 system by using a structured exchange file.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

5/56

4.1

eDesk online form

An online form is available on the eDesk platform via the “AML/CFT Summary Report

RC (“SRRC”)” module (https://edesk.apps.cssf.lu/srrc/edesk-srrc/home ).

4.1.1

Authentication

The submitters are required to have an eDesk account (available with a LuxTrust

authentication) and must be linked to the relevant entity. Further details can be found

in the User Guide (“eDesk – Authentication – User Guide”) from the dedicated section

of

the

CSSF

eDesk

Portal

homepage:

https://edesk.apps.cssf.lu/edesk-

dashboard/dashboard/getstarted .

4.1.2

Dashboard

The main dashboard labelled “SRRC” or “AML/CFT Summary Report RC (“SRRC”)” lists

all reporting linked to the entity represented by the connected user. Those listed

reporting are either in “DRAFT” status or already “SUBMITTED”.

From the dashboard, it is possible for any user linked to the entity to consult the details

of a reporting, either by double-clicking on the respective line or by clicking on the

“magnifying glass” icon. It is also possible to delete any report in draft status, i.e. not

yet submitted to the CSSF.

4.1.3

Creation and submission of a report

Through a dedicated “Create report” action on the dashboard, a user linked to the

relevant entity can initiate the creation of a report.

A first step consists of specifying which year-end this report is related to, starting on

31/12/2023. Please note that if a relevant year-end is not presented for a relevant

entity, contact the CSSF via edesk@cssf.lu.

Once the report is filled in, upon submission, a control will list any potential errors. If

no error is detected, the report will be sent, and its status changed to “SUBMITTED”.

In case a report needs to be corrected, it may be updated and resubmitted, as long as

the deadline for the report’s submission (five months after the year-end) is not

reached, or a new report can be initiated, based on the same year-end. Please note

that only the last submitted report for a specific year-end will be considered by the

CSSF.

4.1.4

Export PDF

Regardless whether a report is submitted or not, a “Submission of the report” action

is available to export the report in PDF format. It is accessible through a report’s

detailed view, under “Actions” in the navigation menu on the left side.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

6/56

4.2

S3 system reporting technical specifications

The method for transmitting reports via Application Programming Interface can be

found on our website following the link .

In the eDesk IT management console, the “IT Expert” must create a bucket

“Summary report on compliance with AML/CFT obligations”.

4.2.1

Reporting file

4.2.1.1

Reporting format

The data concerning the Summary report on compliance with AML/CFT obligations

shall be reported in the JSON (JavaScript Object Notation) format.

The JSON report must be compressed in a ZIP format.

Summary report on compliance with AML/CFT obligations document JSON schema

The schema concerning the reporting is available at:

Publicatio

n date

Version

Link

Release note

31/12/20

23

1.0.0

schema

Initial version

4.2.1.2

Submission process

The ZIP file MUST be uploaded to the “submission” folder in S3. No upload is allowed

into other folders (e.g. “feedback” folder is only dedicated to CSSF feedbacks).

4.2.1.3

ZIP technical specifications

The reporting file must be transmitted via a compressed .zip format containing one

single .json file and an optional .pdf file.

Here are the specifications for ZIP archive:

Compression algorithm

RFC 1951 (DEFLATE Compressed

Data Format Specification

version 1.3)

Multi-volume archives (multi-part zipfile) No

Maximum size of a file in the archive

Codepage

2 Gigabytes

UTF-8

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

7/56

4.2.1.4

Naming conventions

i.

ZIP file

The mandatory file naming convention for .zip files is specified below.

Format: SRRC-ENNNNNNNN-YYYY-MM-DD-UUID.ext

Code

SRRC

Meaning

Structure Authorised value

Reporting

type

Char(4)

‘SRRC’ (constant)

-

Separator

Char(1)

‘-’ (constant)

E

Reporting

entity

Entity type : ‘A’, ‘K’, ‘O’ or ‘S’

NNNNNNNN

Identification Number(8 00000001…99999999 (CSSF code

number

)

of the entity)

-

Separator

Char(1)

‘-’ (constant)

YYYY

Financial

Year-end

Year

Char(4)

Year of this reporting’s related

–

financial year-end

-

Separator

Char(1)

Char(2)

‘-’ (constant)

MM

Financial

Year-end

Month

Month of this reporting’s related

financial year-end

-

Separator

Char(1)

Char(2)

‘-’ (constant)

DD

Financial

Year-end

Day

Day of this reporting’s related

financial year-end

UUID

.ext

Unique

UUID

Unique identifier following the rfc

4122 norm

identifier

format

(ReportUid)

Extension

Char(5)

.zip (constant)

UUID specifications

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

8/56

The UUID is necessary to uniquely identify a report. It is also used to prevent a file to

be processed several times.

A ZIP file with the same UUID of another ZIP file concerning the same entity will be

rejected with the error SRRC007 (cf. chapter 4.2.2.2.3).

The expected format of an UUID is:

XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

where each X data can have a value from 0 to 9 or from a to f (hexadecimal authorised

characters).

You can find more information about the UUID on Universally Unique Identifier (UUID).

ii.

JSON report

No specific naming convention will apply for the JSON report included in the zip file,

but it is recommended to use report.json.

4.2.2

CSSF feedback file

It is up to the submitter to monitor transmission correctness.

A feedback file in JSON format is systematically generated for each file transmitted

and made available in the “feedback” folder.

The schema concerning the data of the generated feedback is available in the CSSF

feedback file .

Please ensure that you have received a feedback file for the last file sent before

submitting a new file concerning a same entity. Feedback generation could take some

time. If you do not receive a response within one working day, please contact our

dedicated support team at edesk@cssf.lu .

4.2.2.1

Naming convention

Feedbacks from the CSSF are received in the “feedback” folder of the S3 transfer

client.

Format: SourceFileName_FEEDBACK_TrackingCode.json

Code

Meaning Structure Authorised value

SourceFileName Reporting Char(N)

Submitted file name - Refer to

the ZIP File name structure in

section 4.2.1

entity

_

Separator Char(1)

‘_’ (constant)

FEEDBACK

File type

Char(8)

FEEDBACK (constant)

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

9/56

TrackingCode

Unique

Char(16)

Unique identifier created by the

CSSF system after file

submission

identifier

SRRCYYYYMMDDXXXXXX where:

YYYYMMDD: year, month and day

of submission

XXXXXX: daily increment

_

Separator Char(1)

Extension Char(5)

‘_’ (constant)

.ext

.json (constant)

4.2.2.2

File content

A feedback file contains several information:

•

A status at the report level;

ReportUids previously processed;

Feedback messages at the report level.

4.2.2.2.1

Report status

The report status can have two different values:

•

REJECTED when the report is entirely rejected. That is the case when the

archive is not technically compliant.

ACCEPTED when the archive is technically compliant and all the relevant data

to be included in the report have been correctly reported.

4.2.2.2.2

ReportUids previously processed

The feedback file lists the unique identifiers (ReportUid) of the last reports concerning

the entity in the CSSF processing order (most recent report at the top of the list).

4.2.2.2.3

Feedback message at report level

If a report has the ACCEPTED status, a feedback message with the “SRRC000” code is

sent.

If a report has the REJECTED status, the possible errors at report level, are listed in

the table below with the severity “ERROR”.

Feedback messages

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

10/56

Code

Message

Severity

INFO

SRRC000

The summary report on compliance with AML/CFT

obligations has been accepted by the CSSF

ERROR

SRRC001

SRRC002

The archive is corrupted

The archive filename is invalid. The expected naming

convention must follow the regex: SRRC-

(?<entityCssfCode>[ASOK]\\d{8})-(?<exerciseEndDate>[1-

9][0-9][0-9]{2}-([0][1-9]|[1][0-2])-([1-2][0-9]|[0][1-

9]|[3][0-1]))-(?<reportUid>[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-

f]{4}-[0-9a-f]{4}-[0-9a-f]{12}).zip

ERROR

SRRC003

SRRC004

SRRC005

The archive must contain a single JSON file

The archive file cannot exceed 20 MB

The submitter is not authorized to transmit a report for

this entity

ERROR

SRRC006

SRRC007

The entity defined in the archive filename is not in scope

for the reported period

The archive with ReportUid "ReportUid" has already been

received for this entity

ERROR

SRRC008

SRRC009

JSON file does not respect JSON Schema

The unique identifier "ReportUid" in the JSON file is

different from the unique identifier used in the archive

name

ERROR

SRRC010

SRRC011

SRRC012

The CSSF code of the entity in the JSON file is different

from the CSSF code of the entity used in the archive

name

The year end date of the entity in the JSON file is

different from the year end date used in the archive

name

Due to the condition <fieldname1:value>, the field

<fieldname2> value must not be provided

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

11/56

ERROR

SRRC013

The finding <findingsPrevId> you are trying to update

cannot be retrieved from the list of AML/CFT findings

opened from previous periods

4.2.3

Data quality

Entities are required to review and validate the reporting files (ZIP and JSON files)

before any submission.

Files must be validated against the JSON schema provided by the CSSF.

4.2.4

Review the feedback files and correct the rejected reports

Entities must ensure that all feedback files are properly analysed and that any rejected

data are corrected and resubmitted.

5. Contact information

If you have any questions, please contact edesk@cssf.lu .

To facilitate the processing of your request, please provide the entity’s CSSF code and

name.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

12/56

Annex I – Synopsis on information to be collected

For general guidance on filling in the AML/CFT Summary Report RC (“SRRC”), please refer to the JSON schema linked in section 4.2.2.2.1

of the present document.

Below is guidance for each field:

•

Which requires a specific answer (closed questions may refer to codes, listed in annex II);

Which triggers another section / question that becomes required to fill; and

For which a specific guidance has been provided by the CSSF.

“General Information” section

Information to be JSON ID

provided

Required only if …

Codes required CSSF guidance

for closed

questions (see

Annex II)

Type of entity

Please select your

type of entity:

infoIfmNonLu

-

TypeOfEntity

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

13/56

Have you

infoIfmDueDil

[infoIfmNonLu] has value

[FundForeignIFM]

YesNoList

-

performed AML/CFT

due diligence on

your IFM?

Funds

Have you, or the

Group to which you

belong, initiated

infoFundsInitiatedAll

-

The notion "Group"

is explained in

Article 1 (3b) of the

AML/CFT Law of 12

November 2004.

If you are a fund,

type in 0.

ALL the funds you

provide services to?

How many funds do infoFundsNbr

you service?

-

Have you

infoFundsDueDilOutsourced

[infoFundsNbr] has value [>0]

YesNoPartiallyList

-

outsourced the

AML/CFT due

diligence on the

funds you service?

Have you

performed the

AML/CFT due

diligence on the

funds you service?

infoFundsDueDil

[infoFundsDueDilOutsourced] has

value [N] or [P]

YesNoList

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

14/56

Have you

infoFundsAmlOversightOnOutsourced

[infoFundsDueDilOutsourced] has

value [Y] or [P]

YesNoList

-

performed AML/CFT

oversight on the

outsourced

control(s)

performed on the

funds you service?

Investors

-

Are you, by license

or by contractual

obligation,

infoInvestorsCentralAdminServices

YesNoList

If you are an AIFM,

such responsibilities

are derived from the

provision of other

functions that you

may additionally

perform as referred

to in Annex I point

2. of the AIFM Law

(e.g. administration,

...).

responsible for the

AML/CFT Due

Diligence on

investors of the

funds you service?

If you are a UCITs

Manco, you are de

facto, by license

responsible for the

AML/CFT Due

Diligence on

investors.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

15/56

How many

infoInvestorsNbr

[infoInvestorsCentralAdminServices]

has value [Y]

-

By investor, it is

meant "account

holder". As such, if

Mr X has 7 positions

in a fund, you only

count him once. If

Mr X has multiple

positions across

multiple funds, you

only count him once

as well. What

investors are in

your fund(s) or in

the funds for which

you are responsible

for the AML/CFT

Due diligence on

investors?

matters is to count

the number of KYC

files.

Have you

infoInvestorsDueDilOutsourced

[infoInvestorsNbr] has value [>0]

YesNoPartiallyList

-

outsourced the

AML/CFT due

diligence on

investors?

Have you

infoInvestorsDueDil

[infoInvestorsDueDilOutsourced] has

value [N] or [P]

YesNoList

-

performed AML/CFT

due diligence on

investors?

Have you

infoInvestorsAmlOversightOnOutsourced

[infoInvestorsDueDilOutsourced] has

value [Y] or [P]

For instance, if you

have outsourced the

identification and

verification of

investors to another

company, have you

checked the work

performed AML/CFT

oversight on the

outsourced

control(s)

performed on

investors?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

16/56

they have performed

during the reference

period covered by

the report?

Third-party

distributors

Are you, by license

or by contractual

obligation,

responsible for the

AML/CFT Due

Diligence on

distributors of the

infoTpDistriCentralAdminServices

-

YesNoList

If you are an AIFM,

such responsibilities

are derived from the

provision of other

functions that you

may additionally

perform as referred

to in Annex I point

2. of the AIFM Law

(e.g. administration,

...).

funds you service?

How many third-

party distributors

do you have a

contractual

infoTpDistriNbr

[infoTpDistriCentralAdminServices]

has value [Y]

-

"third-party" means,

that they are not

part of the Group to

which you belong.

relationship with?

Have you

outsourced the

AML/CFT due

diligence on third-

party distributors?

infoTpDistriDueDilOutsourced

[infoTpDistriNbr] has value [>0]

YesNoPartiallyList "Due diligence" in

this question is to be

understood as KYC

on the entity (i.e.

identification,

verification,

monitoring).

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

17/56

Have you

infoTpDistriDueDil

[infoTpDistriDueDilOutsourced] has

value [N] or [P]

YesNoList

-

performed AML/CFT

due diligence on

third-party

distributors?

Have you

performed AML/CFT

oversight on the

outsourced

infoTpDistriAmlOversightOnOutsourced

[infoTpDistriDueDilOutsourced] has

value [Y] or [P]

control(s)

performed on third-

party distributors?

Third-party

initiators

How many third-

party initiators of

funds do you have?

infoTpInitNbr

-

"third-party" means,

that they are not

part of the Group to

which you belong.

Have you

infoTpInitDueDilOutsourced

[infoTpInitNbr] has value [>0]

YesNoPartiallyList "Due diligence" in

this question is to be

understood as KYC

on the entity (i.e.

identification,

outsourced the

AML/CFT due

diligence on third-

party initiators of

funds?

verification,

monitoring).

Have you

performed AML/CFT

due diligence on

infoTpInitDueDil

[infoTpInitDueDilOutsourced] has

value [N] or [P]

YesNoList

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

18/56

third-party

initiators of funds?

Have you

infoTpInitAmlOversightOnOutsourced

[infoTpInitDueDilOutsourced] has

value [Y] or [P]

YesNoList

-

performedAML/CFT

oversight on the

outsourced

control(s)

performed on third-

party initiators of

funds?

External portfolio

managers

How many external

portfolio managers

do you have a

contractual

relationship with?

infoExtPtfMgNbr

-

For the purpose of

this question,

external porftolio

manager includes

entities from your

Group (if

applicable).

Have you

infoExtPtfMgDueDil

[infoExtPtfMgNbr] has value [>0]

YesNoList

Due diligence is to

be understood as :

reviewof KYC

documents of the

entity, screening ...

performed AML/CFT

due diligence on

external portfolio

managers?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

19/56

Third-party

investment

advisors

How many third-

party investment

advisors do you

have a contractual

relationship with?

Have you

performed AML/CFT

due diligence on

third-party

infoTpInvAdvNbr

-

"third-party" means,

that they are not

part of the Group to

which you belong.

infoTpInvAdvDueDil

[infoTpInvAdvNbr] has value [>0]

YesNoList

"Due diligence" in

this question is to be

understood as KYC

on the entity (i.e.

identification,

investment

advisors?

verification,

monitoring).

Intermediaries

How many

infoIntermediariesNbr

[infoInvestorsCentralAdminServices]

has value [Y]

-

"Intermediary"

means "nominee" in

the shareholders

registers of the

funds, which are

acting on behalf of

their customers.

-

intermediaries

("nominees") are in

the funds you

service at your

closing date?

Have you

infoIntermediariesDueDilOutsourced

[infoIntermediariesNbr] has value

[>0]

YesNoPartiallyList

outsourced the

AML/CFT due

diligence on

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

20/56

intermediaries

("nominees")

present in the

shareholders

registers of the

funds?

Have you

infoIntermediariesDueDil

[infoIntermediariesDueDilOutsourced] YesNoList

has value [N] or [ P]

-

performed AML/CFT

due diligence on

intermediaries

("nominees")

present in the

shareholders

registers of the

funds?

Have you

infoIntermediariesAmlOversightOnOutsourced [infoIntermediariesDueDilOutsourced] YesNoList

has value [Y] or [ P]

-

performed AML/CFT

oversight on the

outsourced

control(s)

performed on

intermediaries

("nominees")

present in the

shareholders

registers of the

funds?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

21/56

PEPs

How many

infoPepNbr

[infoInvestorsCentralAdminServices]

has value [Y]

-

Please provide the

number as at the

end of the reference

period for your

entity.

investors qualifying

as PEPs are in the

funds to which you

provide services?

The number shall be

provided at account

holder level (i.e. The

investor is PEP or

the BO /

representative of the

investor is PEP).

-

Have you

infoPepDueDilOutsourced

infoPepDueDil

[infoPepNbr] has value [>0]

YesNoPartiallyList

YesNoList

outsourced the

AML/CFT due

diligence on PEPs?

Have you

performed AML/CFT

due diligence on

PEPs?

[infoPepDueDilOutsourced] has value

[N] or [ P]

-

Have you

infoPepAmlOversightOnOutsourced

[infoPepDueDilOutsourced] has value

[Y] or [ P]

YesNoList

performed AML/CFT

oversight on the

outsourced

control(s)

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

22/56

performed on

PEPs?

Assets

Have you

infoAssetsDueDilOutsourced

-

YesNoPartiallyList

-

outsourced /

delegated AML/CFT

due diligence on

assets?

Have you

infoAssetsDueDil

[infoAssetsDueDilOutsourced] has

value [N] or [ P]

YesNoList

-

performed AML/CFT

due diligence on

assets?

Have you

infoAssetsAmlOversightOnOutsourced

[infoAssetsDueDilOutsourced] has

value [Y] or [ P]

performed AML/CFT

oversight on the

outsourced

control(s)

performed on

assets?

Branches /

subsidiaries

Do you have any

branches /

infoBranch

[infoIfmNonLu] has value [IFM] or

[SelfManFund]

YesNoNAList

-

subsidiaries?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

23/56

Do the branches /

subsidiaries

perform AML/CFT

controls?

infoBranchAmlControls

infoBranchAmlOversight

[infoBranch] has value [Y]

YesNoList

-

Have you

[infoBranchAmlControls] has value

[Y]

performed AML/CFT

oversight on your

branches /

subsidiaries?

Assessment

Please confirm that

the findings

infoFindingsAck

-

YesNoList

-

contained in this

report have been

presented and

acknowledged by

the Board of

Directors /

Managers or

equivalent.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

24/56

"Risk assessment” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

What is your ML/TF

risk appetite?

riskAppetite

-

MLTFRiskCombo

The CSSF uses

a 4-leveled risk

rating scale,

like "Low",

"Medium-Low",

"Medium-High"

and "High".

If you use a 3-

leveled risk

rating scale

(like Low,

Medium and

High), you will

select "Low"

for your Low

risk, "High" for

your High risk

and "Medium-

High" for your

Medium risk.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

25/56

What is your overall

assessment of the

inherent ML/TF risk of

the funds you

riskInherentRiskSelfAssess

-

MLTFRiskCombo

If you are an

IFM, please

provide an

overall

inherent ML/TF

service?

risk

assessment for

all the funds

you service.

If you are a

fund, then

please provide

your inherent

ML/TF risk.

If you are an

IFM, please

provide an

What is your overall

assessment of the

residual ML/TF risk of

the funds you

riskResidualRiskSelfAssess

-

MLTFRiskCombo

overall residual

ML/TF risk

service?

assessment for

all the funds

you service.

If you are a

fund, then

please provide

your residual

ML/TF risk.

"Trigger(s)"

means an

Have you identified,

during the reference

period, triggers which

riskInherentRiskHasTrigger

-

YesNoList

event from one

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

26/56

led to a modification

of the inherent risk?

or more

sources which

may lead to an

increase or a

decrease of the

inherent risk.

-

The triggers are

related to:

In case of "Others",

please specify:

riskInherentRiskTriggers

[riskInherentRiskHasTrigger] has

value [Y]

[riskInherentRiskTriggers] has

value [Others]

InherentRiskTriggersCombo

-

riskInherentRiskTriggersOthers

-

"Investment fund managers ("IFM")” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Investment fund

managers ("IFM")”

section

ifm

[infoIfmDueDil] has value [Y]

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

27/56

Did you perform

sample testing as part

of your AML/CFT due

diligence performed

during the reference

period?

ifmDueDilHasSample

-

YesNoList

"Sample

testing" is to

be understood

as document-

based review

(i.e. KYC

documents,

proof of

screening …).

How long ago did you

perform a sample

testing?

ifmLastSample

-

SampleCombo

-

Size of sample for the ifmDueDilSampleSize

reference period

[ifmDueDilHasSample] has value

[Y]

-

Did you identify any

AML/CFT findings as a

result of your

ifmDueDilHasFindings

-

YesNoList

AML/CFT work?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

28/56

"Funds” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Funds” section

funds

[infoFundsDueDil] has value [Y]

Or

-

[infoFundsAmlOversightOnOutsourced]

has value [Y]

Did you perform

fundsDueDilHasSample

-

YesNoList

"Sample

sample testing as part

of your AML/CFT due

diligence or as part of

your AML/CFT

testing" is to

be understood

as document-

based review

(i.e. KYC

oversight on the

outsourced control(s)

performed during the

reference period?

How long ago did you

perform a sample

testing?

documents,

proof of

screening …).

fundsLastSample

[fundsDueDilHasSample] has value

[N]

SampleCombo

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

29/56

Size of sample for the fundsDueDilSampleSize

reference period

[fundsDueDilHasSample] has value [Y]

-

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

review frequency of

due diligence files for

funds with high

fundsDueDilReviewFreqHigh

fundsDueDilHasFindings

-

YearReview

YesNoList

residual risk

Did you identify any

AML/CFT findings as a

result of your

-

AML/CFT work?

"Investors” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

30/56

“Investors” section

investors

[infoInvestorsDueDil] has value [Y]

Or

[infoInvestorsAmlOversightOnOutsourced]

has value [Y]

-

Number of investors

with residual high risk

investorsHR

-

By investor, it

is meant

"account

holder". As

such, if Mr X

has 7 positions

in a fund, you

only count him

once. If Mr X

has multiple

positions

across multiple

funds, you only

count him once

as well. What

matters is to

count the

number of KYC

files.

Did you perform

investorsDueDilHasSample

-

YesNoList

"Sample

sample testing as part

of your AML/CFT due

diligence or as part of

testing" is to

be understood

as document-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

31/56

your AML/CFT

based review

(i.e. KYC

documents,

proof of

screening …).

-

oversight on the

outsourced control(s)

performed during the

reference period?

How long ago did you

perform a sample

testing?

investorsLastSample

[investorsDueDilHasSample] has value

[N]

SampleCombo

-

Size of sample for the investorsDueDilSampleSize

reference period

[investorsDueDilHasSample] has value

[Y]

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

review frequency of

due diligence files for

investors with high

residual risk

Did you identify any

AML/CFT findings as a

result of your

investorsDueDilReviewFreqHigh

investorsDueDilHasFindings

-

YearReview

YesNoList

-

AML/CFT work?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

32/56

"AML/CFT blocked investors” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“AML/CFT blocked

blockedInv

[infoInvestorsNbr] has value [>0]

-

investors” section

Percentage of blocked blockedInvDueDilSampleSize

investors compared to

-

You may use

the same

all investors in your

fund or in the funds

you service

statistics that

you computed

in the past for

paragraph f) of

point 318 of

Circular CSSF

18/698

Have you identified

shortcomings

regarding the

remediation plans of

the blocked investors?

blockedInvDueDilHasFindings

-

YesNoList

You may

explain in the

comments why

you believe

that a

remediation

plan is not

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

33/56

possible (e.g.

The blocked

investors are

all deceased)

"Third-party distributors” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Third-party

distributors

[infoTpDistriDueDil] has value [Y]

-

distributors” section

Or

[infoTpDistriAmlOversightOnOutsourced]

has value [Y]

Did you perform

distributorsDueDilHasSample

-

YesNoList

"Sample

sample testing as part

of your AML/CFT due

diligence or as part of

your AML/CFT

testing" is to

be understood

as document-

based review

(i.e. KYC

oversight on the

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

34/56

outsourced control(s)

performed during the

reference period?

documents,

proof of

screening …).

How long ago did you

perform a sample

testing?

distributorsLastSample

[distributorsDueDilHasSample] has

value [N]

SampleCombo

-

Size of sample for the distributorsDueDilSampleSize

reference period

[distributorsDueDilHasSample] has

value [Y]

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

review frequency of

due diligence files for

third-party

distributors with high

residual risk

distributorsDueDilReviewFreqHigh

distributorsDueDilHasFindings

-

YearReview

YesNoList

Did you identify any

AML/CFT findings as a

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

35/56

result of your

AML/CFT work?

"Third-party initiators” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Third-party

initiators

[infoTpInitDueDil] has value [Y]

-

initiators” section

Or

[infoTpInitAmlOversightOnOutsourced]

has value [Y]

Did you perform

initiatorsDueDilHasSample

-

YesNoList

"Sample

sample testing as part

of your AML/CFT due

diligence or as part of

your AML/CFT

testing" is to

be understood

as document-

based review

(i.e. KYC

oversight on the

outsourced control(s)

documents,

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

36/56

performed during the

reference period?

proof of

screening …).

How long ago did you

perform a sample

testing?

initiatorsLastSample

[initiatorsDueDilHasSample] has value

[N]

SampleCombo

-

Size of sample for the initiatorsDueDilSampleSize

reference period

[initiatorsDueDilHasSample] has value

[Y]

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

initiatorsDueDilReviewFreqHigh

initiatorsDueDilHasFindings

-

YearReview

YesNoList

review frequency of

due diligence files for

third-party initiators

with high residual risk

Did you identify any

AML/CFT findings as a

result of your

-

AML/CFT work?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

37/56

"External portfolio managers” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“External portfolio

extPtfMg

[infoExtPtfMgDueDil] has value [Y]

-

managers” section

Did you perform

sample testing as part

of your AML/CFT due

diligence performed

during the reference

period?

extPtfMgDueDilHasSample

-

YesNoList

"Sample

testing" is to

be understood

as document-

based review

(i.e. KYC

documents,

proof of

screening …).

How long ago did you

perform a sample

testing?

extPtfMgLastSample

[extPtfMgDueDilHasSample] has value

[N]

SampleCombo

-

Size of sample for the extPtfMgDueDilSampleSize

reference period

[extPtfMgDueDilHasSample] has value

[Y]

You may count

all the

AML/CFT due

diligence files

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

38/56

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

review frequency of

due diligence files for

external portfolio

managers with high

residual risk

Did you identify any

AML/CFT findings as a

result of your

extPtfMgDueDilReviewFreqHigh

extPtfMgDueDilHasFindings

-

YearReview

YesNoList

-

AML/CFT work?

"Intermediaries” section

Information to be JSON ID

provided

Required only if …

Codes required for CSSF guidance

closed questions

(see Annex II)

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

39/56

“Intermediaries”

section

intermediaries

[infoIntermediariesDueDil] has value [Y]

Or

-

[infoIntermediariesAmlOversightOnOutsourced]

has value [Y]

Did you perform

intermediariesDueDilHasSample

-

YesNoList

"Sample testing"

is to be

sample testing as part

of your AML/CFT due

diligence or as part of

your AML/CFT

understood as

document-based

review (i.e. KYC

documents, proof

of screening …).

oversight on the

outsourced control(s)

performed during the

reference period?

How long ago did you

perform a sample

testing?

intermediariesLastSample

[intermediariesDueDilHasSample] has value [N]

[intermediariesDueDilHasSample] has value [Y]

SampleCombo

-

Size of sample for the intermediariesDueDilSampleSize

reference period

You may count all

the AML/CFT due

diligence files

which were

reviewed during

the reference

period covered by

the report.

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

40/56

Please select the

review frequency of

due diligence files for

intermediaries with

high residual risk

Did you identify any

AML/CFT findings as a

result of your

intermediariesDueDilReviewFreqHigh

intermediariesDueDilHasFindings

-

YearReview

YesNoList

-

AML/CFT work?

"Third-party investment advisors” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Third-party

investment advisors”

section

invAdv

[infoTpInvAdvDueDil] has value [Y]

-

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

41/56

Did you perform

sample testing as part

of your AML/CFT due

diligence performed

during the reference

period?

invAdvDueDilHasSample

-

YesNoList

"Sample

testing" is to

be understood

as document-

based review

(i.e. KYC

documents,

proof of

screening …).

How long ago did you

perform a sample

testing?

invAdvLastSample

[invAdvDueDilHasSample] has value

[N]

SampleCombo

-

Size of sample for the invAdvDueDilSampleSize

reference period

[invAdvDueDilHasSample] has value

[Y]

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

invAdvDueDilReviewFreqHigh

-

YearReview

review frequency of

due diligence files for

third-party

investment advisors

with high residual risk

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

42/56

Did you identify any

AML/CFT findings as a

result of your

invAdvDueDilHasFindings

-

YesNoList

-

AML/CFT work?

"PEPs” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“PEPs” section

pep

[infoPepDueDil] has value [Y]

Or

-

[infoPepAmlOversightOnOutsourced]

has value [Y]

Did you perform

pepDueDilHasSample

-

YesNoList

"Sample

sample testing as part

of your AML/CFT due

diligence or as part of

your AML/CFT

testing" is to

be understood

as document-

based review

(i.e. KYC

oversight on the

outsourced control(s)

documents,

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

43/56

performed during the

reference period?

proof of

screening …).

How long ago did you

perform a sample

testing?

pepLastSample

[pepDueDilHasSample] has value [N]

[pepDueDilHasSample] has value [Y]

SampleCombo

-

Size of sample for the pepDueDilSampleSize

reference period

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Did you identify any

AML/CFT findings as a

result of your

pepDueDilHasFindings

-

YesNoList

AML/CFT work?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

44/56

"Assets” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Assets” section

assets

[infoAssetsDueDil] has value [Y]

Or

-

[infoAssetsAmlOversightOnOutsourced]

has value [Y]

Have you, or the

funds you service,

invested in high risk

assets?

assetsHR

-

YesNoList

As per your

self

assessment.

Did you perform

assetsDueDilHasSample

"Sample

sample testing as part

of your AML/CFT due

diligence or as part of

your AML/CFT

testing" is to

be understood

as document-

based review

(i.e. KYC

oversight on the

outsourced control(s)

performed during the

reference period?

documents,

proof of

screening …).

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

45/56

How long ago did you

perform a sample

testing?

assetsLastSample

[assetsDueDilHasSample] has value

[N]

SampleCombo

-

Size of sample for the assetsDueDilSampleSize

reference period

[assetsDueDilHasSample] has value

[Y]

You may count

all the

AML/CFT due

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Please select the

frequency of due

diligence files for high

risk assets

Did you identify any

AML/CFT findings as a

result of your

assetsDueDilReviewFreqHigh

assetsDueDilHasFindings

-

YearReview

YesNoList

-

AML/CFT work?

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

46/56

"Branches/subsidiaries” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

“Branches/subsidiaries” branchSection

section

[infoBranchAmlControls] has value [Y]

Or

-

[infoBranchAmlOversight] has value

[Y]

Did you perform

sample testing as part

of your AML/CFT

oversight performed on

branches/subsidiaries

during the reference

period?

branchOversightHasSample

-

YesNoList

"Sample

testing" is to

be understood

as document-

based review

(i.e. KYC

documents,

proof of

screening …).

How long ago did you

perform a sample

testing?

branchLastSample

[branchOversightHasSample] has

value [N]

SampleCombo

-

Size of sample for the

reference period

branchOversightSampleSize

[branchOversightHasSample] has

value [Y]

You may count

all the

AML/CFT due

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

47/56

diligence files

which were

reviewed

during the

reference

period covered

by the report.

-

Did you identify any

AML/CFT findings as a

result of your AML/CFT

work?

branchOversightHasFindings

-

YesNoList

"AML/CFT findings” section

Information to be JSON ID

provided

Required only if …

Codes

required

for CSSF

closed questions (see guidance

Annex II)

Identifier of a finding trackingCode

Prior AML/CFT finding relating to

previous reference periods must be

updated

-

The

[trackingcode]

field should not

be provided if

the finding is

newly added to

the current

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

48/56

reference

period.

Detected by

Severity

detectedBy

severity

-

FindingsDetectedByCombo

FindingsSeverityCombo

FindingsSections

Related section of the

report

relatedSection

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

49/56

Action(s) taken to

remediate the finding

remedialAction

-

If none, mark

"None"

Status

status

-

FindingsStatusCombo

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

50/56

Annex II – Codes required in the report for closed questions

Reference (if applicable)

Label

Yes

Code for JSON file

Questions requiring a “Y” or “N” answer (“YesNoList”)

Y

No

N

Y

Questions requiring a “Y”, “N” or “N/A” answer Yes

(“YesNoNaList”)

No

N

NA

Y

Not applicable

Questions requiring a “Y”, “N” or “Partially” answer Yes

(“YesNoPartiallyList”)

No

N

P

Partially

TypeOfEntity

a designated Investment Fund

Manager

IFM

a self-managed fund

SelfManFund

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

51/56

Reference (if applicable)

Label

Code for JSON file

a fund managed by a foreign

IFM

FundForeignIFM

MLTFRiskCombo

High

H

Medium High

Medium Low

Low

MH

ML

L

SampleCombo

Never

One

1 year ago

2 years ago

3 years ago

More than 3 years ago

Fund service

Geography

Two

Three

ThreeOrMore

Fund_service

Geography

InherentRiskTriggersCombo

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

52/56

Reference (if applicable)

Label

Code for JSON file

License

Investors

Assets

Type of funds

Volume of assets

Business model

Others

Type_of_funds

Volume_of_assets

Business_model

Others

FindingsDetectedByCombo

Responsable du Contrôle (RC)

Responsable du Respect (RR)

CSSF

rc

rr

cssf

Statutory Auditor

Internal Audit

Other

statutory_auditor

internal_auditor

other

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

53/56

Reference (if applicable)

Label

Code for JSON file

FindingsSeverityCombo

Less significant

Less_significant

Moderately significant

Significant

Moderately_significant

Significant

Very_significant

Open

Very significant

Open

FindingsStatusCombo

YearReview

Closed

every year or less

every two years

every three years or more

IFM

Every1y

Every2y

Every3ym

ifm

FindingsSections

Funds

funds

Investors

investors

blockedInv

Blocked investors

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

54/56

Reference (if applicable)

Label

Code for JSON file

Distributors

distributors

Initiators

initiators

External

Portfolio

Management

extPtfMg

invAdv

Investment Advisors

Intermediaries

PEPs

intermediaries

pep

Assets

assets

Branches / subsidiaries

Other

branch

other

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

55/56

AML/CFT SUMMARY REPORT RC - PRACTICAL AND TECHNICAL GUIDANCE

56/56