This consolidated text was drawn up by the CSSF for information purposes only. In case of discrepancies

between the French and the English consolidated texts, the texts published in the Journal officiel du

Grand-Duché de Luxembourg are the sole authoritative and universally valid versions.

Law on the fight against money laundering and terrorist financing

Law of 12 November 2004 on the fight against money laundering and terrorist financing

transposing Directive 2001/97/EC of the European Parliament and of the Council of 4

December 2001 amending Council Directive 91/308/EEC on prevention of the use of the

financial system for the purpose of money laundering and amending:

1.

2.

3.

the Penal Code;

the Code of Criminal Procedure;

the Law of 7 March 1980 on the organisation of the judicial system, as

amended;

4.

the Law of 23 December 1998 establishing a financial sector supervisory

commission (“Commission de surveillance du secteur financier”), as amended;

the Law of 5 April 1993 on the financial sector, as amended;

the Law of 6 December 1991 on the insurance sector, as amended;

the Law of 9 December 1976 on the organisation of the profession of notary, as

amended;

5.

6.

7.

8.

9.

the Law of 10 August 1991 on the legal profession, as amended;

the Law of 28 June 1984 on the organisation of the profession of company

auditor, as amended;

10.

11.

the Law of 10 June 1999 on the organisation of the accounting profession;

the Law of 20 April 1977 on gaming and betting on sporting events, as

amended;

12.

the General Fiscal Code (“Abgabenordnung”),

(Mém. A 2004, No 183)

as amended

−

by the Law of 13 July 2007 on markets in financial instruments transposing:

−

Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets

in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive

2000/12/EC of the European Parliament and of the Council and repealing Directive 93/22/EEC;

Article 52 of Commission Directive 2006/73/EC of 10 August 2006 implementing Directive

2004/39/EC of the European Parliament and of the Council as regards organisational requirements

and operating conditions for investment firms and defined terms for the purposes of that Directive;

−

and amending:

−

the Law of 5 April 1993 on the financial sector, as amended;

the Law of 20 December 2002 relating to undertakings for collective investment, as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing;

the Law of 31 May 1999 governing the domiciliation of companies, as amended;

the Law of 23 December 1998 establishing a financial sector supervisory commission (“Commission

de surveillance du secteur financier”), as amended;

−

the Law of 6 December 1991 on the insurance sector, as amended;

the Law of 3 September 1996 concerning the involuntary dispossession of bearer securities;

the Law of 23 December 1998 concerning the monetary status and the Banque centrale du

Luxembourg;

and repealing:

−

the Law of 23 December 1998 relating to the supervision of securities markets, as amended;

the Law of 21 June 1984 on financial futures, as amended;

(Mém. A 2007, No 116)

−

by the Law of 17 July 2008

−

transposing Directive 2005/60/EC of the European Parliament and of the Council of 26 October

2005 on the prevention of the use of the financial system for the purpose of money laundering and

terrorist financing;

−

transposing Commission Directive 2006/70/EC of 1 August 2006 laying down implementing

measures for Directive 2005/60/EC of the European Parliament and of the Council as regards the

definition of politically exposed persons and the technical criteria for simplified customer due

diligence procedures and for exemption on grounds of a financial activity conducted on an

occasional or very limited basis;

and amending:

1. the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended;

2. the Law of 7 March 1980 on the organisation of the judicial system, as amended;

3. the Law of 5 April 1993 on the financial sector, as amended;

4. the Law of 6 December 1991 on the insurance sector, as amended;

5. the Law of 9 December 1976 on the organisation of the profession of notary, as amended;

6. the Law of 10 August 1991 on the legal profession, as amended;

7. the Law of 28 June 1984 on the organisation of the profession of company auditor, as amended;

8. the Law of 10 June 1999 on the organisation of the accounting profession;

(Mém. A 2008, No 106)

−

by the Law of 10 November 2009 on payment services, on the activity of electronic money institution

and settlement finality in payment and securities settlement systems and

−

transposing Directive 2007/64/EC of the European Parliament and of the Council of 13 November

2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC,

2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC;

amending:

−

the Law of 5 April 1993 on the financial sector, as amended;

−

the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

−

the Law of 18 December 2006 on financial services provided at distance;

the Law of 15 December 2000 on postal services and financial postal services, as amended;

the Law of 13 July 2007 on markets in financial instruments;

the Law of 20 December 2002 relating to undertakings for collective investment, as amended;

the Law of 23 December 1998 establishing a financial sector supervisory commission

(“Commission de surveillance du secteur financier”), as amended;

the Law of 23 December 1998 concerning the monetary status and the Banque centrale du

Luxembourg, as amended;

−

the Law of 6 December 1991 on the insurance sector, as amended;

−

repealing Title VII of the Law of 14 August 2000 on electronic commerce, as amended;

(Mém. A 2009, No 215)

−

by the Law of 18 December 2009 concerning the audit profession and:

−

transposing Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006

on statutory audits of annual accounts and consolidated accounts amending Council Directives

78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC,

organising the audit profession,

amending certain other legal provisions, and

repealing the Law of 28 June 1984 on the organisation of the profession of company auditor, as

amended;

−

(Mém. A 2010, No 22)

−

by the Law of 27 October 2010

−

enhancing the anti-money laundering and counter terrorist financing legal framework;

organising the controls of physical transport of cash entering, transiting through or leaving the

Grand Duchy of Luxembourg;

−

implementing United Nations Security Council resolutions as well as acts adopted by the European

Union concerning prohibitions and restrictive measures in financial matters in respect of certain

persons, entities and groups in the context of the combat against terrorist financing;

amending:

1.

2.

3.

4.

the Penal Code;

the Code of Criminal Procedure;

the Law of 7 March 1980 on the organisation of the judicial system, as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

5.

6.

7.

the Law of 19 February 1973 on the sale of medicinal substances and the fight against drug

addiction, as amended;

the Law of 11 April 1985 approving the Convention on the Physical Protection of Nuclear

Material, opened for signature at Vienna and New York on 3 March 1980, as amended;

the Law of 31 January 1948 on the regulation of air navigation, as amended;

2

8.

9.

the Law of 20 June 2001 on extradition;

the Law of 17 March 2004 on the European arrest warrant and surrender procedures

between Member States of the European Union;

10. the Law of 8 August 2000 concerning mutual legal assistance in criminal matters;

11. the Law of 23 December 1998 establishing a financial sector supervisory commission

(“Commission de surveillance du secteur financier”), as amended;

12. the Law of 5 April 1993 on the financial sector, as amended;

13. the Law of 6 December 1991 on the insurance sector, as amended;

14. the Law of 9 December 1976 on the organisation of the profession of notary, as amended;

15. the Law of 10 August 1991 on the legal profession, as amended;

16. the Law of 10 June 1999 on the organisation of the accounting profession, as amended;

17. the Law of 18 December 2009 concerning the audit profession;

18. the Law of 20 April 1977 on gaming and betting on sporting events, as amended;

19. the Law of 17 March 1992 approving the United Nations Convention against Illicit Traffic in

Narcotic Drugs and Psychotropic Substances signed in Vienna on 20 December 1988, as

amended;

20. the Law of 14 June 2001 approving the Council of Europe Convention on Laundering,

Search, Seizure and Confiscation of the Proceeds from Crime, signed in Strasbourg on 8

November 1990, as amended;

(Mém. A 2010, No 193)

−

by the Law of 20 May 2011

−

transposing:

−

Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009

on taking up, pursuit and prudential supervision of the business of electronic money

institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive

2000/46/EC;

−

Directive 2009/44/EC of the European Parliament and of the Council of 6 May 2009 amending

Directive 98/26/EC on settlement finality in payment and securities settlement systems and

Directive 2002/47/EC on the financial collateral arrangements as regards linked systems and

credit claims;

−

amending:

−

the Law of 10 November 2009 on payment services, on the activity of electronic money

institutions and settlement finality in payment and securities settlement systems;

the Law of 5 August 2005 on financial collateral arrangements;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

−

the Law of 5 April 1993 on the financial sector, as amended;

the Law of 23 December 1998 establishing a financial sector supervisory commission

(“Commission de surveillance du secteur financier”), as amended;

(Mém. A 2011, No 104)

−

by the Law of 21 December 2012 on the activity of Family Office and amending:

−

the Law of 5 April 1993 on the financial sector, as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended;

(Mém. A 2012, No 274)

by the Law of 12 July 2013 on alternative investment fund managers and

–

transposing Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011

on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC

and Regulations (EC) No 1060/2009 and (EU) No 1095/2010;

amending:

–

−

the Law of 17 December 2010 relating to undertakings for collective investment, as amended;

the Law of 13 February 2007 relating to specialised investment funds, as amended;

the Law of 15 June 2004 relating to the investment company in risk capital (SICAR), as

amended;

−

the Law of 13 July 2005 on institutions for occupational retirement provision in the form of

pension savings companies with variable capital (SEPCAV) and pension savings associations

(ASSEP), as amended;

the Law of 13 July 2005 on the activities and supervision of institutions for occupational

retirement provision;

−

the Law of 5 April 1993 on the financial sector, as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

3

−

the Law of 23 December 1998 establishing a financial sector supervisory commission

("Commission de surveillance du secteur financier"), as amended;

the Law of 10 August 1915 on commercial companies, as amended;

the Law of 19 December 2002 on the trade and companies register and the accounting

practices and annual accounts of undertakings, as amended;

the Commercial Code;

the Law of 4 December 1967 on income tax, as amended;

the Law of 1 December 1936 on business tax, as amended;

the law on tax adaptation of 16 October 1934, as amended;

the Law of 16 October 1934 on the valuation of assets and values, as amended;

the Law of 12 February 1979 on value added tax, as amended;

−

(Mém. A 2013, No 119)

−

by the Law of 12 July 2013* amending

–

the Law of 6 December 1991 on the insurance sector, as amended;

–

the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

(Mém. A 2013, No 129)

by the Law of 24 July 2015 amending:

–

the Law of 12 February 1979 on value added tax, as amended;

the Law of 17 December 2010 laying down the excise duties and similar taxes on energy products,

electricity, manufactured tobacco, alcohol and alcoholic drinks, as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended;

–

(Mém. A 2015, No 145)

−

by the Law of 13 February 2018

1.

transposing the provisions on the professional obligations and the powers of the supervisory

authorities as regards the fight against money laundering and terrorist financing of Directive (EU)

2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the

use of the financial system for the purposes of money laundering or terrorist financing, amending

Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing

Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive

2006/70/EC;

2.

3.

implementing Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May

2015 on information accompanying transfers of funds and repealing Regulation (EC) No

1781/2006;

amending:

(a) the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

(b) the Law of 10 November 2009 on payment services, as amended;

(c) the Law of 9 December 1976 on the organisation of the profession of notary, as amended;

(d) the Law of 4 December 1990 on the organisation of bailiffs, as amended;

(e) the Law of 10 August 1991 on the legal profession, as amended;

(f) the Law of 5 April 1993 on the financial sector, as amended;

(g) the Law of 10 June 1999 on the organisation of the accounting profession, as amended;

(h) the Law of 21 December 2012 relating to the Family Office activity;

(i) the Law of 7 December 2015 on the insurance sector, as amended;

(j) the Law of 23 July 2016 concerning the audit profession;

(Mém. A 2018, No 131)

−

by the Law of 17 April 2018 implementing Regulation (EU) of the European Parliament and of the Council

of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to

measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU

and Regulation (EU) No 596/2014 and amending:

1.

2.

the Consumer Code;

the Law of 23 December 1998 establishing a financial sector supervisory commission (“Commission

de surveillance du secteur financier”), as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended; and

3.

*

hereafter Law of 12 July 2013 on professionals of the insurance sector

4

4.

the Law of 7 December 2015 on the insurance sector, as amended;

(Mém. A 2018, No 257)

−

by the Law of 10 August 2018 amending:

1.

2.

3.

the Code of Criminal Procedure;

the Law of 7 March 1980 on the organisation of the judicial system, as amended;

the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended;

4.

the Law of 25 March 2015 determining the salaries and the advancement conditions and rules for

civil servants for the purpose of organising the Financial Intelligence Unit (FIU);

(Mém. A 2018, No 796)

−

by the Law of 25 March 2020 establishing a central electronic data retrieval system concerning payment

accounts and bank accounts identified by IBAN and safe-deposit boxes held by credit institutions in

Luxembourg and amending:

1° the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended;

2° the Law of 5 July 2016 reorganising the State Intelligence Service, as amended;

3° the Law of 30 May 2018 on markets in financial instruments;

4° the Law of 13 January 2019 establishing a Register of beneficial owners; for the purpose of

transposing:

1° points (19) and (29) of Article 1 of Directive (EU) 2018/843 of the European Parliament and

of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the

use of the financial system for the purposes of money laundering and terrorist financing risk,

and amending Directives 2009/138/EC and 2013/36/EU;

2° point (28)(d) of Article 1 of Directive (EU) 2019/878 of the European Parliament and of the

Council of 20 May 2019 amending Directive 2013/36/EU as regards exempted entities,

financial holding companies, mixed financial holding companies, remuneration, supervisory

measures and powers and capital conservation measures;

3° Article 64(5) of Directive (EU) 2019/2034 of the European Parliament and of the Council of

27 November 2019 on the prudential supervision of investment firms and amending Directives

2002/87/EC, 2009/65/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU and 2014/65/EU;

(Mém. A 2020, No 193)

(hereinafter referred to as “Law of 25 March 2020 establishing a central electronic data retrieval system

related to IBAN accounts and safe-deposit boxes”)

−

by the Law of 25 March 2020 amending:

1° the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as

amended;

2° the Law of 9 December 1976 on the organisation of the profession of notary, as amended;

3° the Law of 4 December 1990 on the organisation of bailiffs, as amended;

4° the Law of 10 August 1991 on the legal profession, as amended;

5° the Law of 10 June 1999 on the organisation of the accounting profession, as amended;

6° the Law of 23 July 2016 concerning the audit profession, as amended;

with a view to transposing certain provisions of Directive (EU) 2018/843 of the European Parliament

and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of

the financial system for the purposes of money laundering or terrorist financing, and amending

Directives 2009/138/EC and 2013/36/EU;

(Mém. A 2020, No 194)

(hereinafter referred to as the “Law of 25 March 2020”)

−

by the Law of 25 February 2021 amending:

1° the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

2° the Law of 20 April 1977 on gaming and betting on sporting events, as amended;

3° the Law of 17 December 2010 relating to undertakings for collective investment, as amended;

4° the Law of 25 March 2020 establishing a central electronic data retrieval system related to

IBAN accounts and safe-deposit boxes;

5° the Law of 10 July 2020 establishing a Register of fiducies and trusts;

(Mém. A 2021, No 158)

5

−

by the Law of 20 May 2021

1. transposing:

(a) Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019

amending Directive 2013/36/EU as regards exempted entities, financial holding

companies, mixed financial holding companies, remuneration, supervisory measures and

powers and capital conservation measures; and

(b) Directive (EU) 2019/879 of the European Parliament and of the Council of 20 May 2019

amending Directive 2014/59/EU as regards the loss-absorbing and recapitalisation

capacity of credit institutions and investment firms and Directive 98/26/EC;

2. implementing Regulation (EU) 2019/876 of the European Parliament and of the Council of 20

May 2019 amending Regulation (EU) No 575/2013 as regards the leverage ratio, the net stable

funding ratio, requirements for own funds and eligible liabilities, counterparty credit risk, market

risk, exposures to central counterparties, exposures to collective investment undertakings, large

exposures, reporting and disclosure requirements, and Regulation (EU) No 648/2012; and

3. amending:

(a) the Law of 5 April 1993 on the financial sector, as amended;

(b) the Law of 18 December 2015 on the failure of credit institutions and certain investment

firms, as amended;

(c) the Law of 24 March 1989 on the Banque et Caisse d’Epargne de l’Etat, Luxembourg, as

amended;

(d) the Law of 23 December 1998 establishing a financial sector supervisory commission

(“Commission de surveillance du secteur financier”), as amended;

(e) the Law of 12 November 2004 on the fight against money laundering and terrorist

financing, as amended;

(f) the Law of 10 November 2009 on payment services, on the activity of electronic money

institution and settlement finality in payment and securities settlement systems, as

amended; and

(g) the Law of 7 December 2015 on the insurance sector, as amended;

(Mém. A 2021, No 384)

−

by the Law of 29 July 2022 amending:

1° the Code of Criminal Procedure;

2° the Law of 8 August 2000 concerning international mutual legal assistance in criminal matters,

as amended;

3° the Law of 12 November 2004 on the fight against money laundering and terrorist financing,

as amended;

4° the Law of 10 July 2020 establishing a Register of fiducies and trusts;

(Mém. A 2022, No 429)

−

by the Law of 4 December 2024 amending the Law of 12 November 2004 on the fight against money

laundering and terrorist financing, establishing a Committee on the prevention of money laundering and

terrorist financing;

(Mém. A 2024, No 495)

–

by the Law of 6 February 2025:

1° implementing Regulation (EU) 2023/606 of the European Parliament and of the Council of 15

March 2023 amending Regulation (EU) 2015/760 as regards the requirements pertaining to the

investment policies and operating conditions of European long-term investment funds and the

scope of eligible investment assets, the portfolio composition and diversification requirements

and the borrowing of cash and other fund rules;

2° implementing Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31

May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and

(EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937;

3° implementing Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31

May 2023 on information accompanying transfers of funds and certain crypto-assets and

amending Directive (EU) 2015/849;

4° transposing Article 38 of Regulation (EU) 2023/1113 of the European Parliament and of the

Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-

assets and amending Directive (EU) 2015/849;

6

5° implementing Regulation (EU) 2023/2631 of the European Parliament and of the Council of

22 November 2023 on European Green Bonds and optional disclosures for bonds marketed as

environmentally sustainable and for sustainability-linked bonds

6° amending:

(a) the Law of 16 July 2019 on the operationalisation of European regulations in the area of

financial services, as amended;

(b) the Law of 5 April 1993 on the financial sector, as amended;

(c) the Law of 23 December 1998 establishing a financial sector supervisory commission

(“Commission de surveillance du secteur financier”), as amended;

(d) the Law of 12 November 2004 on the fight against money laundering and terrorist

financing, as amended;

(e) the Law of 10 November 2009 on payment services, as amended;

(f) the Law of 7 December 2015 on the insurance sector, as amended.

(Mém. A 2025, No 38)

7

TITLE I

Professional obligations concerning the fight against money laundering and terrorist

financing

“Chapter 1: Definitions, scope and designation of supervisory authorities and self-

regulatory bodies”¹

Article 1. Definitions

“(1)”²“Money laundering” shall, in accordance with this law, mean any action as defined in Articles

506-1 of the Penal Code and 8-1 of the Law of 19 February 1973 on the sale of medicinal

substances and the fight against drug addiction, as amended.

(Law of 10 August 2018)

“(1a) “Associated predicate offence” shall mean the offences referred to in Article 506-1, point (1)

of the Penal Code and in Article 8(1)(a) and (b), of the Law of 19 February 1973 on the sale

of medicinal substances and the fight against drug addiction, as amended.”

“(2)”³“Terrorist financing” shall, in accordance with this law, mean any action as defined in Article

135-5 of the Penal Code.

(Law of 13 February 2018)

“ “(3) “Credit institution” shall, in accordance with this law, mean a credit institution as defined in

point (1) of Article 4(1) of Regulation (EU) No 575/2013 of the European Parliament and of

the Council of 26 June 2013 on prudential requirements for credit institutions and investment

firms and amending Regulation (EU) No 648/2012, including branches thereof, as defined in

point (17) of Article 4(1) of that regulation, whether its head office is situated within the

Union or in a third country.”⁴

(Law of 13 February 2018)

“(3a) “Financial institution” shall, in accordance with this law, mean:

(a)

any insurance undertaking as defined in point (1) of Article 13 of Directive

2009/138/EC of the European Parliament and of the Council of 25 November 2009 on

the taking-up and pursuit of the business of Insurance and Reinsurance, insofar as it

carries out life insurance activities covered by that directive;

(b)

(c)

any investment firm as defined in point (1) of Article 4(1) of “Directive 2014/65/EU of

the European Parliament and of the Council of 15 May 2014 on markets in financial

instruments and amending Directive 2002/92/EC and Directive 2011/61/EU”⁵;

any undertaking for collective investment marketing its units or shares;

(Law of 6 February 2025)

“(ca) any crypto-asset service provider; ”

(d)

(e)

any insurance intermediary as defined in “point (3) of Article 2(1) of Directive (EU)

2016/97 of the European Parliament and of the Council of 20 January 2016 on

insurance distribution”⁶where it acts with respect to life insurance and other

investment-related services;

any “person”⁷other than those referred to in points (a) to (d), and in paragraph 3,

which carries out, “by way of its business”⁸, one or more of the activities listed in

Annex I “on behalf of or for a customer”⁹;

1

2

3

4

5

6

7

8

9

Law of 13 February 2018

Law of 17 July 2008

Law of 13 February 2018

Law of 25 March 2020

8

(f)

any branch, in Luxembourg, of financial institutions as referred to in points (a) to (e)

“and (g)”¹⁰, whether their head office is situated in a Member State or in a third

country”;

(Law of 25 March 2020)

“(g) any person in respect of which the CSSF is in charge of ensuring compliance with the

professional obligations as regards the fight against money laundering and terrorist

financing in accordance with Article 2-1(1).”

(Law of 13 February 2018)

“(3b) “Group” shall, in accordance with this law, mean any group of undertakings which consists

of a parent undertaking, its subsidiaries, and the entities in which the parent undertaking or

its subsidiaries hold a participation, as well as undertakings linked to each other by a

relationship within the meaning of Article 22 of Directive 2013/34/EU of the European

Parliament and of the Council of 26 June 2013 on the annual financial statements,

consolidated financial statements and related reports of certain types of undertakings,

amending Directive 2006/43/EC of the European Parliament and of the Council and repealing

Council Directives 78/660/EEC and 83/349/EEC, hereinafter referred to as “Directive

2013/34/EU”.”

(4)

“Member State” shall, in accordance with this law, mean a Member State of the European

Union. The States that are contracting parties to the European Economic Area Agreement

other than the Member States of the European Union, within the limits set forth by this

agreement and related acts are considered as equivalent to Member States of the European

Union. "Another Member State" shall mean a Member State other than Luxembourg.

(5)

(6)

“Third country” shall, in accordance with this law, mean a State other than a Member State.

“Property” shall, in accordance with this law, mean assets of every kind, whether corporeal

or incorporeal, movable or immovable, tangible or intangible, and legal documents or

instruments in any form including electronic or digital, evidencing title to or an interest in

such assets.

“(7)

“Beneficial owner” shall, in accordance with this law, mean any natural person(s) who

ultimately owns or controls the customer or any natural person(s) on whose behalf a

transaction or activity is being conducted. The concept of beneficial owner shall include at

least:

(a) in the case of corporate entities:

(i)

any natural person who ultimately owns or controls a legal entity through direct

or indirect ownership of a sufficient percentage of the shares or voting rights or

ownership interest in that entity, including through bearer shareholdings, or

through control via other means, other than a company listed on a regulated

market that is subject to disclosure requirements consistent with European

Union law or subject to equivalent international standards which ensure

adequate transparency of ownership information.

A shareholding of 25% plus one share or an ownership interest of more than

25% in the customer held by a natural person shall be an indication of direct

ownership. A shareholding of 25% plus one share or an ownership interest of

more than 25% in the customer held by a corporate entity, which is under the

control of a natural person(s), or by multiple corporate entities, which are under

the control of the same natural person(s), shall be an indication of indirect

ownership;

(ii)

if, after having exhausted all possible means and provided there are no grounds

for suspicion, no person under point (i) is identified, or if there is any doubt that

the person(s) identified are the beneficial owner(s), any natural person who

holds the position of senior managing official.

10

Law of 25 March 2020

9

(Law of 25 March 2020)

“Control through other means may be determined in accordance with Articles

1711-1 to 1711-3 of the Law of 10 August 1915 on commercial companies,

as amended, as well as in accordance with the following criteria:

(aa) the direct or indirect right to exercise a dominant influence over a

customer, on the basis of a contract entered into with that customer or

of a clause of the articles of association of that customer, where the law

governing that customer allows being subject to such contracts or such

statutory clauses;

(bb) the fact that a majority of the members of the administrative,

management or supervisory bodies of the customer, in office during the

financial year as well as the preceding financial year and until the

preparation of the consolidated financial statements, were appointed

through direct or indirect exercise of the voting rights of one natural

person;

(cc) the direct or indirect power to exercise or the actual direct or indirect

exercise of a dominant influence or control over the customer, including

the fact that the customer is placed under a single management with

another undertaking;

(dd) an obligation, under the national law to which the parent undertaking of

the customer is subject, to prepare consolidated financial statements and

a consolidated management report;”

(b) in the case of fiducies and trusts “, all following persons”¹¹:

(i)

the “settlor(s)”¹²;

(ii)

(iii)

(iv)

“the fiduciaire(s) or trustee(s)”¹³;

the “protector(s)”¹⁴, if any;

the beneficiaries, or where the individuals benefiting from the legal arrangement

or entity have yet to be determined, the class of persons in whose main interest

the legal arrangement or entity is set up or operates;

any other natural person exercising ultimate control over the fiducie or trust by

means of direct or indirect ownership or by other means;

(v)

(c) in the case of legal entities such as foundations, and legal arrangements similar to

trusts, any natural person holding equivalent or similar positions to those referred to in

point (b).”¹⁵

(8)

“Trust and company service providers” shall, in accordance with this law, mean any natural

or legal person which by way of “a business relationship”¹⁶provides any of the following

services to third parties:

(a) forming companies or other legal persons;

(b) acting as or arranging for another person to act as a “director”¹⁷“, manager, member

of the board of directors, member of the Executive Board”¹⁸or secretary of a company,

a partner of a partnership, or a similar position in relation to other “types of”¹⁹legal

persons;

11

Law of 25 March 2020

12

13

14

15

16

17

18

19

Law of 25 March 2020

Law of 13 February 2018

Law of 29 July 2022

Law of 13 February 2018

Law of 29 July 2022

Law of 25 March 2020

10

(c) providing a registered office, business address, correspondence or administrative

address “or business premises”²⁰and “, where applicable,”²¹other related services for

a company, a partnership or any other legal person or arrangement;

(d) “acting as, or arranging for another person to act as, a fiduciaire in a fiducie, a trustee

of an express trust or an equivalent function in a similar legal arrangement;”²²

“(e) “acting as, or arranging for another person to act as, a nominee shareholder for another

person (…)²³.”²⁴”²⁵

(9)

“Politically exposed persons” (PEPs) shall, in accordance with this law, mean natural persons

who are or have been entrusted with prominent public functions and (…)²⁶family members

or persons known to be close associates, of such persons.

(…)²⁷

(10)

“Natural persons who are or have been entrusted with prominent public functions” shall, in

accordance with paragraph 9 above, mean all natural persons, including:

(a) heads of State, heads of government, ministers and deputy or assistant ministers;

(b) members of parliament “or of similar legislative bodies”²⁸;

(c) members of supreme courts, of constitutional courts or of other high-level judicial

bodies, the decisions of which are not subject to further appeal, except in exceptional

circumstances;

(d) members of courts of auditors or of the boards “or directorates”²⁹of central banks;

(e) ambassadors, chargés d’affaires and high-ranking officers in the armed forces;

(f) members of the administrative, management or supervisory bodies of State-owned

enterprises;

“(g) important officials “and members of the governing bodies”³⁰of political parties;”³¹

(Law of 13 February 2018)

“(h) directors, deputy directors and members of the board or equivalent function of an

international organisation”;

(Law of 25 March 2020)

“(i) the natural persons exercising the functions included in the list published by the

European Commission based on Article 20a(3) of Directive (EU) 2015/849 of the

European Parliament and of the Council of 20 May 2015 on the prevention of the use of

the financial system for the purpose of money laundering or terrorist financing,

amending Regulation (EU) No 648/2012 of the European Parliament and of the Council,

and repealing Directive 2005/60/EC of the European Parliament and of the Council and

Commission Directive 2006/70/EC, hereinafter referred to as “Directive (EU)

2015/849.”

None of the categories set out in “(a) to (h)”³²above shall be understood as covering middle

ranking or more junior officials.

20

21

22

23

24

25

26

27

28

29

30

31

32

Law of 13 February 2018

Law of 29 July 2022

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 27 October 2010

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 27 October 2010

Law of 13 February 2018

11

(…)³³

(11)

(Law of 27 October 2010) “ “(…)³⁴Family members” shall, in accordance with paragraph 9,

mean all physical persons, including in particular:”

(a) the spouse;

(b) any partner considered by national law as equivalent to the spouse;

(c) the children and their spouses, or partners “considered by national law as equivalent to

a spouse”³⁵;

(d) the parents;

(Law of 13 February 2018)

“(e) the brothers and sisters.”

(12)

“Persons known to be close associates” shall, in accordance with paragraph 9 above, mean

all natural persons, including:

(a) any natural person who is known to have joint beneficial ownership of legal entities or

legal arrangements, or any other close business relations, with a person referred to in

paragraph 10;

(b) any natural person who has sole beneficial ownership of a legal entity or legal

arrangement which is known to have been set up for the benefit de facto of the person

referred to in paragraph 10.

(13)

(14)

(15)

“Business relationship” shall, in accordance with this law, mean a business, professional or

commercial relationship which is connected with the professional activities of the institutions

and persons covered by this law and which is expected, at the time when the contact is

established, to have an element of duration.

“Shell bank” shall, in accordance with this law, mean a credit institution “or a financial

institution”³⁶or an institution engaged in equivalent activities, incorporated “or authorised”³⁷

in a jurisdiction in which it has no physical presence, involving meaningful mind and

management and which is unaffiliated “or unassociated”³⁸with a regulated financial group.

“Persons engaging in a financial activity on an occasional or very limited basis” shall mean

natural or legal persons who engage in a financial activity which fulfils the following criteria:

(a) the financial activity is limited in absolute terms and does not exceed a sufficiently low

threshold fixed by grand-ducal regulation depending on the type of financial activity;

(b) the financial activity is limited as regards transactions and does not exceed a maximum

threshold per customer and per transaction, whether the transaction is carried out in a

single operation or in several operations which appear to be linked, this threshold being

fixed by grand-ducal regulation according to the type of financial activity at a sufficiently

low level in order to ensure that the types of transactions in question are an impractical

and inefficient method for laundering money or for terrorist financing, and shall not

exceed EUR 1,000;

(c) the financial activity is not the main activity, the turnover of the financial activity in

question does not exceed 5% of the total turnover of the natural person or legal person

concerned;

(d) the financial activity is ancillary and directly related to the main activity;

(e) the main activity is not an activity exercised by the professionals listed in Article 2(1),

with the exception of activities of such persons referred to in Article 2(1)(15);

33

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

34

35

36

37

38

12

(f) the financial activity is provided only to the customers of the main activity and is not

generally offered to the public.”

(Law of 13 February 2018)

“(16) “Supervisory authority” shall, in accordance with this law, mean any authority referred to in

Article 2-1(1), (2) and (8).”

(Law of 13 February 2018)

“(17) “European Supervisory Authorities” shall, in accordance with this law, mean the European

Banking Authority, the European Insurance and Occupational Pensions Authority and the

European Securities and Markets Authority.”

(Law of 13 February 2018)

“(18) “Payable-through account” shall, in accordance with this law, mean any correspondent

account, used directly by third parties to transact business on their own behalf.”

(Law of 13 February 2018)

“(19) “Senior management” shall, in accordance with this law, mean any director (dirigeant,

member of the authorised management) or employee with sufficient knowledge of the

professional's money laundering and terrorist financing risk exposure and sufficient seniority

to take decisions affecting its risk exposure, and need not, in all cases, be a member of the

board of directors.”

(Law of 13 February 2018)

“(20) “Electronic money” shall, in accordance with this law, mean electronic money as defined in

point (29) of Article 1 of the Law of 10 November 2009 on payment services, as amended.”

“(…)”³⁹

(Law of 13 February 2018)

“(21) “Self-regulatory body” shall, in accordance with this law, mean a body”, composed of

members of a profession it represents, that”⁴⁰has a role in regulating them, in performing

certain supervisory or monitoring type functions and in ensuring the enforcement of the rules

relating to them. It means thus each body referred to in Article 2-1(3) to (7).”

(Law of 13 February 2018)

“(22) “Correspondent relationship” shall, in accordance with this law, mean:

(a) the provision of banking services by one bank as the correspondent to another bank as

the respondent, including providing a current or other liability account and related

services, such as cash management, international funds transfers, cheque clearing,

payable-through accounts and foreign exchange services;

(b) any “similar”⁴¹relationship between and among credit institutions and financial

institutions including where (…)⁴²services are provided by a correspondent institution

to a respondent customer, and including any relationship established for securities

transactions or funds transfers “or any relationship established for transactions in

crypto-assets or transfers of crypto-assets”⁴³.”

(Law of 13 February 2018)

“(23) “Gambling services” shall, in accordance with this law, mean the services which involve

wagering a stake with monetary value in games of chance, including those with an element

of skill such as lotteries, casino games, poker games and betting transactions that are

provided at a physical location, or by any means at a distance, by electronic means or any

other technology for facilitating communication, and at the individual request of a recipient

of services, except for games which give the player no chance for enrichment or material

gain other than the right to continue playing.”

39

Law of 6 February 2025

Law of 25 March 2020

40

41

42

43

Law of 6 February 2025

13

(Law of 25 March 2020)

“(24) “Professionals” shall, in accordance with this law, mean all the persons referred to in Article

2.

(25)

“CSSF” shall, in accordance with this law, mean the Commission de Surveillance du Secteur

Financier.

(26)

(27)

“CAA” shall, in accordance with this law, mean the Commissariat aux assurances.

“AED” shall, in accordance with this law, mean the Administration de l’enregistrement, des

domaines et de la TVA.

(28)

(29)

“FIU” shall, in accordance with this law, mean the Financial Intelligence Unit.

“Person” shall, in accordance with this law, mean a natural or legal person, where

appropriate.

(30)

“High-risk country” shall, in accordance with this law, mean a country included in the list of

high-risk third countries pursuant to Article 9(2) of Directive (EU) 2015/849 or designated

by the Financial Action Task Force (FATF) as presenting a higher risk as well as any other

country that the supervisory authorities and the professionals consider, in the framework of

their money laundering and terrorist financing risk assessment, as a high-risk country based

on geographical “risk”⁴⁴factors listed in Annex IV.”

(Law of 6 February 2025)

“(31) “Crypto-asset” shall, in accordance with this law, mean a crypto-asset as defined in

Article 3(1), point (5), of Regulation (EU) 2023/1114 of the European Parliament and of the

Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No

1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937,

hereinafter referred to as “Regulation (EU) 2023/1114”, except where falling within the

categories listed in Article 2(2), (3) and (4) of that Regulation or otherwise qualifying as

funds.

(32)

“Crypto-asset service provider” shall, in accordance with this law, mean a crypto-asset

service provider as defined in Article 3(1), point (15), of Regulation (EU) 2023/1114, where

performing one or more crypto-asset services as defined in Article 3(1), point (16), of that

Regulation, with the exception of providing advice on crypto-assets as referred to in

Article 3(1), point (16)(h), of that Regulation;

(33)

“Self-hosted address” shall, in accordance with this law, mean a self-hosted address as

defined in Article 3, point (20), of Regulation (EU) 2023/1113 of the European Parliament

and of the Council of 31 May 2023 on information accompanying transfers of funds and

certain crypto-assets and amending Directive (EU) 2015/849, hereinafter “Regulation (EU)

2023/1113”.

(34)

(35)

(36)

“Transfer of crypto-assets” shall, in accordance with this law, mean a transaction as defined

in Article 3, point (10), of Regulation (EU) 2023/1113.

“Originator” shall, in accordance with this law, mean a person as defined in Article 3, point

(21), of Regulation (EU) 2023/1113.

“Beneficiary” shall, in accordance with this law, mean a person as defined in Article 3, point

(22), of Regulation (EU) 2023/1113. ".

Article 2. Scope

(1)

This title applies to the following (…)⁴⁵persons:

1. credit institutions and professionals of the financial sector (PFS) licensed or authorised

to exercise their activities in Luxembourg in accordance with the Law of 5 April 1993 on

the financial sector, as amended, “and payment institutions “and electronic money

institutions”⁴⁶licensed or authorised to exercise their activities in Luxembourg in

44

Law of 25 February 2021

Law of 25 March 2020

Law of 20 May 2011

45

46

14

accordance with the Law of 10 November 2009 on payment services“, as well as tied

agents as defined in Article 1 of the Law of 5 April 1993 on the financial sector, as

amended, and agents as defined in Article 1 of the Law of 10 November 2009 on

payment services, as amended, established in Luxembourg”⁴⁷;”⁴⁸

(Law of 10 November 2009)

“1a. the natural and legal persons benefiting from the waiver in accordance with Article 48

“or 48-1”⁴⁹of the Law of 10 November 2009 on payment services;”

(Law of 17 July 2008)

“2. insurance undertakings licensed or authorised to exercise their activities in Luxembourg

in accordance with the “Law of 7 December 2015 on the insurance sector, as

amended”⁵⁰, in connection with operations covered by “Annex II of the Law of 7

December 2015 on the insurance sector, as amended,”⁵¹and insurance intermediaries

licensed or authorised to conduct business in Luxembourg in accordance with the “Law

of 7 December 2015 on the insurance sector, as amended,”⁵²when they act in respect

of life insurance and other investment related services;”

(Law of 12 July 2013 on professionals of the insurance sector)

“2a. the professionals of the insurance sector authorised to carry out their business in

Luxembourg pursuant to the “Law of 7 December 2015 on the insurance sector, as

amended”⁵³.”

3. “pension funds under the prudential supervision of the Commissariat aux assurances”;⁵⁴

“4. undertakings for collective investment and investment companies in risk capital

(SICAR), which market their “units, securities or partnership interests”⁵⁵and to which

the “Law of 17 December 2010 relating to undertakings for collective investment, as

amended”⁵⁶, or the Law of 13 February 2007 relating to specialised investment funds

or the Law of 15 June 2004 relating to the Investment company in risk capital (SICAR)

applies;”⁵⁷

5. management companies under the “Law of 17 December 2010 relating to undertakings

for collective investment, as amended,”⁵⁸“and alternative investment fund managers

governed by the Law of 12 July 2013 on alternative investment fund managers, as

amended”⁵⁹

;

6. pension funds under the prudential supervision of the Commission de Surveillance du

Secteur financier;

(Law of 27 October 2010)

“6a. managers and advisors of undertakings for collective investment, investment companies

in risk capital (SICAR) and pension funds;

6b. securitisation undertakings, when they perform trust and company service provider

activities;

6c. insurance and reinsurance undertakings and their intermediaries whenever they

perform credit and surety operations;”

47

48

49

50

51

52

53

54

55

56

57

58

59

Law of 25 March 2020

Law of 10 November 2009

Law of 20 May 2011

Law of 13 February 2018

Law of 12 July 2013 on professionals of the insurance sector

Law of 12 July 2013

Law of 25 March 2020

15

(…)⁶⁰

(Law of 13 February 2018)

“6e. any person carrying out the Family Office activity within the meaning of the Law of 21

December 2012 relating to the Family Office activity;”

7. “the other financial institutions carrying out their activities in Luxembourg;”⁶¹

“8. réviseurs d’entreprises (statutory auditors), réviseurs d’entreprises agréés (approved

statutory auditors), cabinets de révision (audit firms) and cabinets de révision agréés

(approved audit firms) within the meaning of the “Law of 23 July 2016 concerning the

audit profession, as amended,”⁶²;”⁶³

9. accountants, within the meaning of the Law of 10 June 1999 on the organisation of the

accounting profession (…)⁶⁴

(Law of 17 July 2008)

“9a. accounting professionals, within the meaning of Article 2(2)(d) of the Law of 10 June

1999 on the organisation of the accounting profession;”

10. real estate agents“, within the meaning of the Law of 2 September 2011 regulating the

access to the professions of craftsman, salesman, industrial as well as to some liberal

professions, as amended”⁶⁵, established or acting in Luxembourg“, including when

acting as intermediaries in the letting of immovable property, but only in relation to

transactions for which the monthly rent amounts to EUR 10,000 or more”⁶⁶;

(Law of 25 March 2020)

“10a. real estate developers within the meaning of the Law of 2 September 2011 regulating

the access to the profession of craftsman, salesman, industrial as well as to some liberal

professions, as amended, established or acting in Luxembourg, including when they

are, in their capacity as intermediary, involved in purchase and sale transactions of

immovable property;”

11. notaries, within the meaning of the Law of 9 December 1976 on the organisation of the

profession of notary, as amended;

(Law of 13 February 2018)

“11a. bailiffs within the meaning of the Law of 4 December 1990 on the organisation of

bailiffs, as amended, where they carry out valuation and public sales of furniture,

movables and harvests;”

12. lawyers, within the meaning of the Law of 10 August 1991 on the legal profession, as

amended, when:

(a) assisting in the planning or execution of transactions for their customer concerning

the:

(i)

buying and selling of real property or business entities,

managing client money, securities or other assets,

(ii)

(iii) opening or management of bank, savings or securities accounts,

(iv) organisation of contributions necessary for the creation, operation or

management of companies,

(v)

creation, domiciliation, operation or management of trusts, companies or

other similar structures,

60

61

62

63

64

65

66

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 18 December 2009

Law of 17 July 2008

Law of 13 February 2018

Law of 25 March 2020

16

(b) or acting for and on behalf of their customer in any financial or real estate

transaction;

“(c) or providing a service of a trust and company service provider;”⁶⁷

“(d) or carrying out the activity of Family Office;”⁶⁸

(Law of 29 July 2022)

“(e) or acting as depositaries of bearer shares.”

“13. persons other than those listed above who:

(a) exercise in Luxembourg by way of “a business relationship”⁶⁹, an activity of tax

advice;

(b) exercise in Luxembourg, by way of “a business relationship”⁷⁰, one of the activities

described in point (12)(a) and (b), or

(c) undertake to provide, directly or by means of other persons to which they are

related, material aid, assistance or advice on tax matters as principal business or

professional activity;”⁷¹

(Law of 17 July 2008)

“13a. persons other than those listed above who exercise “by way of a business relationship”⁷²

in Luxembourg a trust and company service provider activity;”

14. “providers of gambling services governed by the Law of 20 April 1977 on gaming and

betting on sporting events, as amended, acting in the exercise of their professional

activities;”⁷³

(Law of 24 July 2015)

“14a. operators in a free zone authorised to carry out their activity pursuant to an

authorisation by the Administration des douanes et accises (customs and excise) within

the Community control type 1 free zone located in the municipality of Niederanven

Section B Senningen called Parishaff L-2315 Senningerberg (Hoehenhof).”

(Law of 17 July 2008)

“15. other (…)⁷⁴persons trading in goods, only to the extent that payments are made “or

received”⁷⁵in cash in an amount of EUR “10,000”⁷⁶or more, whether “the transactions

or series of transactions are executed”⁷⁷in a single operation or in several operations

which appear to be linked”;

(Law of 25 March 2020)

(…)⁷⁸

(…)⁷⁹“

18. persons trading or acting as intermediaries in the trade of works of art, including when

this is carried out by art galleries and auction houses, where the value of the transaction

or a series of linked transactions amounts to EUR 10,000 or more;

67

68

69

70

71

72

73

74

75

76

77

78

79

Law of 17 July 2008

Law of 21 December 2012

Law of 29 July 2022

Law of 25 February 2021

Law of 29 July 2022

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 February 2021

Law of 6 February 2025

17

19. persons storing, trading or acting as intermediaries in the trade of works of art when

this is carried out by free ports, where the value of the transaction or a series of linked

transactions amounts to EUR 10,000 or more;”

(Law of 6 February 2025)

“20. crypto-asset service providers.”

(Law of 17 July 2008) “ (…)⁸⁰

(…)⁸¹

(2)

(Law of 27 October 2010)

(…)⁸²

(Law of 27 October 2010)

"The scope of application of this title and hence the notion of professional also includes

branches in Luxembourg of foreign professionals as well as professionals established under

the laws of foreign countries who supply services in Luxembourg without establishing any

branch in Luxembourg." ”

(Law of 13 February 2018)

“Article 2-1. Supervisory authorities and self-regulatory bodies

(1)

The “CSSF”⁸³, is the supervisory authority in charge of ensuring compliance by the credit

institutions “and, without prejudice to paragraph 3, by the professionals supervised,

authorised or registered by it, including by branches of the foreign professionals notified to

the CSSF and by the professionals incorporated under foreign law notified to the CSSF which

provide services in Luxembourg without establishing a branch,”⁸⁴with their professional

obligations as regards the fight against money laundering and terrorist financing provided for

in Articles 2-2 to 5 “, 7-1a and 7-2,”⁸⁵and their implementing measures.

“Moreover, the CSSF is the supervisory authority in charge of ensuring compliance with the

professional obligations as regards the fight against money laundering and terrorist financing

provided for in Articles 2-2 to 5 and in their implementing measures by tied agents established

in Luxembourg of credit institutions or PFS licensed or authorised to carry out their activity in

Luxembourg pursuant to the Law of 5 April 1993 on the financial sector, as amended, as well

as by agents established in Luxembourg of payment institutions and electronic money

institutions licensed or authorised to carry out their activity in Luxembourg pursuant to the

Law of 10 November 2009 on payment services, as amended.

The CSSF is the supervisory authority in charge of ensuring compliance with the professional

obligations as regards the fight against money laundering and terrorist financing provided for

in Articles 2-2 to 5 and in their implementing measures by foreign institutions for occupational

retirement provision authorised pursuant to the Law of 13 July 2005 concerning the activities

and supervision of the institutions for occupational retirement provision, as amended, to

provide services to sponsoring undertakings in Luxembourg.”⁸⁶

(2)

The “CAA”⁸⁷, is the supervisory authority in charge of ensuring compliance by the natural and

legal persons referred to in Article 2(…)⁸⁸subject to its supervision“, including by branches of

the foreign professionals notified to the CAA and by the professionals incorporated under

foreign law notified to the CAA which provide services in Luxembourg without establishing a

branch,”⁸⁹with their professional obligations as regards the fight against money laundering

and terrorist financing provided for in Articles 2-2 to 5 and their implementing measures.

80

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 6 February 2025

Law of 25 March 2020

81

82

83

84

85

86

87

88

89

18

(3)

(4)

The Institut des réviseurs d’entreprises, referred to in Part 1, Title II of the Law of 23 July

2016 concerning the audit profession, shall ensure compliance by its members who are natural

and legal persons referred to in point (8) of Article 2(1) “as well as by branches of audit

professionals incorporated under foreign law and by audit professionals incorporated under

foreign law which provide services in Luxembourg without establishing a branch”⁹⁰, except for

audit firms, with their professional obligations as regards the fight against money laundering

and terrorist financing provided for in Articles 2-2 to 5 and their implementing measures.

The Ordre des experts-comptables, referred to in Title II of the Law of 10 June 1999 on the

organisation of the accounting profession, as amended, shall ensure compliance by its

members who are natural and legal persons referred to in point (9) of Article 2(1) “as well as

by branches of the professionals incorporated under foreign law which carry out the activities

referred to in the first subparagraph of paragraph 1 of the Law of 10 June 1999 on the

organisation of the accounting profession, as amended, and by the professionals incorporated

under foreign law which provide the activities referred to in the first subparagraph of Article 1

of the Law of 10 June 1999 on the organisation of the accounting profession, as amended, in

Luxembourg without establishing a branch”⁹¹with their professional obligations as regards

the fight against money laundering and terrorist financing provided for in Articles 2-2 to 5 and

their implementing measures.

(5)

The Chambre des Notaires, referred to in Section VII of the Law of 9 December 1976 on the

organisation of the profession of notary, as amended, shall ensure compliance by the notaries

referred to in point (11) of Article 2(1) with their professional obligations as regards the fight

against money laundering and terrorist financing provided for in Articles 2-2 to 5 and their

implementing measures.

“(6) The Ordre des avocats in Luxembourg shall ensure compliance by lawyers who carry out in

Luxembourg the activities referred to in point (12) of Article 2(1) with their professional

obligations as regards the fight against money laundering and terrorist financing provided for

in Articles 2-2 to 7 and in their implementing measures.

By way of derogation from the first subparagraph, the Ordre des avocats in Diekirch shall

ensure compliance by its members with their professional obligations as regards the fight

against money laundering and terrorist financing provided for in Articles 2-2 to 7 and in their

implementing measures.”⁹²

(7)

(8)

The Chambre des huissiers, referred to in Chapter VIII of the Law of 4 December 1990 on the

organisation of bailiffs, as amended, shall ensure compliance by the bailiffs referred to in point

(11a) of Article 2(1) with their professional obligations as regards the fight against money

laundering and terrorist financing provided for in Articles 2-2 to 5 and their implementing

measures.

The “AED”⁹³, is the supervisory authority in charge of ensuring compliance by the professionals

not referred to in paragraphs 1 to 7 with their professional obligations as regards the fight

against money laundering and terrorist financing provided for in Articles 2-2 to 5 and their

implementing measures.”

Chapter 2: Professional obligations

(Law of 13 February 2018)

“Article 2-2. Obligation to perform a risk assessment

(1)

The professionals shall take appropriate steps to identify, assess “and understand”⁹⁴the risks

of money laundering and terrorist financing that they face, taking into account risk factors

including those relating to their customers, countries or geographic areas, products, services,

transactions or delivery channels. Those steps shall be proportionate to the nature and size of

the professionals.

90

Law of 25 March 2020

91

92

93

94

19

(2)

“The professionals shall consider all relevant risk factors before determining the overall risk

level and the level and type of appropriate measures to apply in order to manage and mitigate

these risks. Moreover, the professionals shall ensure that the information on the risks included

in the national and supranational risk assessment or communicated by the supervisory

authorities, self-regulatory bodies or the European Supervisory Authorities is incorporated in

their risk assessment.”⁹⁵The professionals shall document, keep up-to-date and make the

risk assessments referred to in paragraph 1 available to the supervisory authorities and self-

regulatory bodies. The supervisory authorities and self-regulatory bodies may decide that

individual documented risk assessments are not required where the specific risks inherent in

the sector are clear and understood.

(3)

The professionals shall identify and assess the risks of money laundering and terrorist

financing which may result from the development of new products and business practices,

including new distribution mechanisms, and the use of new or developing technologies related

to new or pre-existing products.

The professionals shall:

(a) assess the risks before the launch or use of these products, practices and technologies;

and

(b) take appropriate measures to manage and mitigate these risks.”

(Law of 17 July 2008)

“Article 3. Customer due diligence

(1)

The professionals shall apply customer due diligence measures in the following cases:

(a) when establishing a business relationship;

“(b) when carrying out an occasional transaction that:

(i) amounts to EUR 15,000 or more, whether this transaction is carried out in a single

operation or in several operations which appear to be linked; (…)⁹⁶

(ii) constitutes a transfer of funds, as defined in point (9) of Article 3 of “Regulation (EU)

2023/1113”⁹⁷”,”⁹⁸exceeding EUR 1,000;”⁹⁹”or” ¹⁰⁰

(Law of 6 February 2025)

“(iii) constitutes a transfer of crypto-assets exceeding EUR 1,000;”

(Law of 13 February 2018)

“(ba) in the case of persons trading in goods, when carrying out occasional transactions in

cash amounting to EUR 10,000 or more, whether the transaction is carried out in a single

operation or in several operations which appear to be linked;

(bb)for providers of gambling services, upon the collection of winnings, the wagering of a

stake, or both, when carrying out transactions amounting to EUR 2,000 or more, whether

the transaction is carried out in a single operation or in several operations which appear

to be linked;”

(c) when there is a suspicion of money laundering or terrorist financing, regardless of any

derogation, exemption or threshold;

(d) when there are doubts about the veracity or adequacy of previously obtained customer

identification data.

A grand-ducal regulation may modify the “thresholds”¹⁰¹laid down in this paragraph.

Customer due diligence measures shall comprise:

(2)

95

Law of 25 March 2020

Law of 6 February 2025

Law of 25 February 2021

Law of 13 February 2018

Law of 6 February 2025

Law of 13 February 2018

96

97

98

99

100

101

20

(a)

identifying the customer and verifying the customer's identity on the basis of

documents, data or information obtained from “reliable and independent sources,

including, where available, electronic identification means and relevant trust services as

set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council

of 23 July 2014 on electronic identification and trust services for electronic transactions

in the internal market and repealing Directive 1999/93/EC, hereinafter referred to as

“Regulation (EU) No 910/2014”, or any other secure, remote or electronic identification

process regulated, recognised, approved or accepted by the relevant national

authorities”¹⁰²

;

(b)

identifying (…)¹⁰³the beneficial owner and taking “reasonable measures”¹⁰⁴to verify his

identity “using relevant information or data obtained from a reliable and independent

source,”¹⁰⁵so that the professionals are satisfied that they know who the beneficial

owner is, including, as regards legal persons, fiducies“, trusts, companies,

foundations”¹⁰⁶and similar legal arrangements, taking “reasonable measures”¹⁰⁷to

understand the ownership and control structure of the customer.

“For customers which are legal persons, the professional shall identify and take

reasonable measures to verify the identity of the beneficial owners using the following

information:

(i)

the identity of the natural persons, if any, who ultimately hold a controlling

ownership interest within the meaning of point (i) of point (a) of Article 1(7), in

a legal person; and

(ii)

where, after applying point (i), there is doubt as to whether the person(s) with

the controlling ownership interest is the beneficial owner(s) or where no natural

person exerts control through ownership interests, the identity of the natural

person(s), if any, exercising control of the legal person through other means;

(iii) where no natural person is identified pursuant to points (i) and (ii), the identity

of any relevant natural person who holds the position of senior managing official.

The professionals shall keep records of the actions taken as well as any difficulties

encountered during the verification process.

For customers which are legal arrangements, the professionals shall identify the

beneficial owners and take reasonable measures to verify the identity of these persons

using the following information:

(i)

for fiducies and trusts, the identity of the settlor(s), the fiduciaire(s) or trustee(s),

the protector(s), if any, the beneficiaries or, where the individuals benefiting from

the legal arrangement or entity have yet to be determined, the class of persons

in whose main interest the legal arrangement or entity is set up or operates and

any other natural person exercising ultimate control over the fiducie or trust by

means of direct or indirect ownership or by other means, including through a

chain of ownership or control;

(ii)

for other types of legal arrangements similar to fiducies or trusts, the identity of

persons in equivalent or similar positions to those referred to in point (i);”¹⁰⁸

(c)

“assessing “and understanding the purpose and intended nature of the business

relationship”¹⁰⁹and, as appropriate,”¹¹⁰obtaining information on the purpose and

intended nature of the business relationship;

102

103

104

105

106

107

108

109

110

Law of 25 March 2020

Law of 13 February 2018

Law of 27 October 2010

Law of 25 March 2020

Law of 13 February 2018

Law of 27 October 2010

Law of 25 March 2020

Law of 13 February 2018

21

(d)

conducting ongoing due diligence of the business relationship including scrutiny of

transactions undertaken throughout the course of that relationship to ensure that the

transactions being conducted are consistent with the professionals’ knowledge of the

customer, the business and risk profile, including, where necessary, the source of funds

and ensuring that the documents, data or information “collected under the customer

due diligence process is kept up-to-date and relevant”¹¹¹. “To this end, the professionals

shall review existing records, particularly for higher-risk categories of customers.”¹¹²

“The identification and verification obligation provided for in points (a) and (b) of the first

subparagraph shall also include, where applicable:

(a)

for all customers, the obligation to verify that any person purporting to act on behalf

of or for the customer is so authorised, and to identify and verify the identity of that

person;

(b)

for customers which are legal persons or legal arrangements:

(i)

the obligation to understand the nature of their business and their ownership

and control structure;

(ii)

the obligation to verify the name, legal form and actual existence of the legal

person or legal arrangement, notably by obtaining proof of incorporation or

similar proof of establishment or actual existence;

(iii) the obligation to obtain information concerning the name of the customer, the

names of the administrators of fiducies, the legal form, the address of the

head office and, if different, a principal place of business, the names of the

relevant persons having a senior management position in the legal person or

legal arrangement, as well as the provisions regulating the power to bind the

legal person or legal arrangement.”¹¹³

(Law of 25 February 2021)

“In case of a real estate transaction, the professionals referred to in points (10) and (10a) of

Article 2(1) shall be required to apply customer due diligence measures to both the purchasers

and vendors of the property.”

“(2a) The professionals shall apply each of the customer due diligence requirements laid down in

paragraph 2. “”Except for the identification provided for in letters (a) and (b) of Article 3(2),

the”¹¹⁴professionals shall determine the extent of such measures according to their

assessment of risks relating to types of customers, countries or geographical areas and

particular products, services, transactions or delivery channels.”¹¹⁵“In every circumstance,

the professionals shall identify the customer and the beneficial owner as referred to in

paragraph 2.”¹¹⁶

When assessing the risks of money laundering and terrorist financing “relating to types of

customers, countries and geographical areas and particular products, services, transactions

or delivery channels, the professionals shall take into account the risk variables relating to

those risk categories set out in Annex II. These variables, either singly or in combination, may

increase or decrease the potential risk posed, thus impacting the appropriate level of due

diligence measures. These variables shall notably include”¹¹⁷the variables set out in Annex

II.

The professionals shall be able to demonstrate to the supervisory authorities or self-regulatory

bodies that the measures they apply, in accordance with this article, Articles 3-1, 3-2 and 3-

3 and their implementing measures, are appropriate in view of the risks of money laundering

and terrorist financing that have been identified.

111

Law of 25 March 2020

Law of 29 July 2022

Law of 25 March 2020

Law of 25 February 2021

Law of 25 March 2020

112

113

114

115

116

117

22

The professionals shall not rely exclusively on the central registers referred to in Article 30(3)

and Article “31(3a)”¹¹⁸of Directive (EU) 2015/849 to fulfil their customer due diligence

requirements in accordance with this article, Articles 3-1, 3-2 and 3-3 and their implementing

measures. The professionals shall fulfil those requirements by using a risk-based approach.”

(Law of 13 February 2018)

“(2b) For life or other investment-related insurance business, “concluded or negotiated by them”¹¹⁹

in addition to the customer due diligence measures required for the customer and the

beneficial owner, credit institutions and financial institutions shall conduct the following

customer due diligence measures on the beneficiaries of life insurance and other investment-

related insurance policies, as soon as the beneficiaries are identified or designated:

(a) in the case of beneficiaries that are identified as specifically named persons or legal

arrangements, taking the name of the person;

(b) in the case of beneficiaries that are designated by characteristics or by class or by other

means, obtaining sufficient information concerning those beneficiaries to satisfy the credit

institution or financial institution that it will be able to establish the identity of the

beneficiary at the time of the payout.

With regard to points (a) and (b) of the first subparagraph, the verification of the identity of

the beneficiaries shall take place at the time of the payout. In the case of assignment, in whole

or in part, of the life or other investment-related insurance to a third party, credit institutions

and financial institutions aware of the assignment shall identify the beneficial owner at the

time of the assignment to the natural or legal person or legal arrangement receiving for its

own benefit the value of the policy assigned.

“Credit institutions and financial institutions shall take into account the beneficiary of a life

insurance policy as a relevant risk factor when determining whether enhanced due diligence

measures are applicable.”¹²⁰Where a credit institution or a financial institution establishes

that the beneficiary of a life insurance policy which is a legal person or legal arrangement

presents a higher risk, then the enhanced customer due diligence measures should include

reasonable measures to identify and verify the identity of the beneficial owner of the

beneficiary or the life insurance policy, at the time of payout.” “They shall report suspicious

transactions to the FIU, if the circumstances give rise to a suspicion of money laundering or

terrorist financing.”¹²¹

“(2c) In the case of beneficiaries of fiducies, trusts or of similar legal arrangements that are

designated by particular characteristics or class, the professionals shall obtain sufficient

information concerning the beneficiary to satisfy them that they will be able to establish the

identity of the beneficiary at the time of the payout or at the time of the exercise by the

beneficiary of its vested rights.”

(…)¹²²

(…)¹²³

(4)

The verification of the identity of the customer and of the beneficial owner shall take place

before the establishment of a business relationship or the carrying-out of the transaction.

“Whenever entering into a new business relationship with a corporate or other legal entity, or

a fiducie, trust or a legal arrangement having a structure or functions similar to trusts which

are subject to the registration of beneficial ownership information pursuant to Article 30 or 31

of Directive (EU) 2015/849, the professionals shall collect proof of registration or an excerpt

of the register “and compare their information with that of the registers in order to detect

either the existence of any erroneous data or the absence of all or part of the data, or the

118

Law of 25 March 2020

Law of 13 February 2018

119

120

121

122

123

23

failure to register, modify or delete them. The professionals shall proceed in a similar manner

in the framework of ongoing due diligence of the business relationship”¹²⁴.”¹²⁵

However, the verification of the identity of the customer and the beneficial owner may be

completed during the establishment of a business relationship if this is necessary not to

interrupt the normal conduct of business and where there is little risk of money laundering or

terrorist financing occurring. In such situations these procedures shall be completed as soon

as practicable after the initial contact “and the professionals shall take measures to manage

effectively the risk of money laundering and terrorist financing”¹²⁶

(…)¹²⁷

.

By way of derogation from “the first subparagraph”¹²⁸of this paragraph, the opening of “an

account with a credit institution or financial institution, including accounts that permit

transactions in transferable securities”¹²⁹is allowed on an exceptional basis “if essential so as

to not interrupt the normal conduct of business and if the risks of money laundering and

terrorist financing are managed effectively,”¹³⁰provided that there are adequate safeguards

in place to ensure that transactions are not carried out by the customer or on its behalf until

full compliance with “the customer due diligence requirements laid down in points (a) and (b)

of paragraph 2”¹³¹is obtained “and that the measures necessary for compliance are taken as

soon as reasonably practicable”¹³². The keeping of anonymous accounts, anonymous

passbooks “or anonymous safe-deposit boxes”¹³³“and accounts in obviously fictitious

names”¹³⁴is prohibited. “The keeping of numbered accounts, numbered passbooks or

numbered safe-deposit boxes is prohibited.”¹³⁵

The professionals who are unable to comply with paragraph 2(a) to (c) “and, where applicable,

with paragraphs 2b and 2c”¹³⁶may not carry out a transaction through an (…)¹³⁷account,

establish a business relationship, carry out the transaction “and”¹³⁸shall terminate the

business relationship and shall consider making a “suspicious transaction”¹³⁹report “to the

141

“FIU”¹⁴⁰

”

in accordance with Article 5.

(Law of 13 February 2018)

“The fourth subparagraph shall not apply to the professionals referred to in points (8), (9),

(…)¹⁴²(11), (11a), (12) and “(13)(a)”¹⁴³of Article 2(1) only to the strict extent that those

persons ascertain the legal position of their client, or perform the task of defending or

representing that client in, or concerning, judicial proceedings, including providing advice on

instituting or avoiding such proceedings.”

(Law of 13 February 2018)

“The professionals shall also adopt risk management procedures with respect to the conditions

under which a customer will be able to benefit from the business relationship before the

verification of the identity.”

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

Law of 29 July 2022

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 February 2021

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 February 2021

24

(Law of 25 March 2020)

“In cases where the professionals form a suspicion that a transaction relates to money

laundering or terrorist financing and reasonably believe that performing their due diligence

process will tip-off the customer, they may choose not to pursue that process and to make a

suspicious transaction report to the FIU.”

(5)

The professionals are required to apply the customer due diligence procedures not only to all

new customers but also at appropriate times to existing customers based on their risk

assessment“, by taking into account the existence of previous customer due diligence

procedures and the moment when they are implemented, “or”¹⁴⁴when the relevant

circumstances of a customer change “, or when the professional has any legal duty in the

course of the relevant calendar year to contact the customer for the purpose of reviewing any

relevant information relating to the beneficial owner(s), or if the professional has had this duty

under the Law of 18 December 2015 on the Common Reporting Standard (CRS), as

146

amended”¹⁴⁵

”

.

(6)

“The professionals shall retain “and make available promptly” the following documents, data

and information for the purposes of preventing, detecting and investigating, by the

Luxembourg authorities responsible for the fight against money laundering and terrorist

financing “or self-regulatory bodies”, possible money laundering or terrorist financing:

(a) in the case of customer due diligence, a copy of (…)¹⁴⁷the documents, data and

information which are necessary to comply with the customer due diligence requirements

laid down in Articles 3 to 3-3, “including, where available, data obtained through

electronic identification means, relevant trust services as set out in Regulation (EU) No

910/2014 or any other secure, remote or electronic identification process regulated,

recognised, approved or accepted by the relevant national authorities, account files,

business correspondence, as well as the results of any analysis undertaken,”¹⁴⁸for a

period of five years after the end of the business relationship with their customer or after

the date of an occasional transaction;

(b) the supporting evidence and records of transactions which are necessary to identify or

reconstruct “individual”¹⁴⁹transactions “in order to provide, where necessary, evidence

in the framework of an investigation or criminal proceedings”¹⁵⁰, for a period of five years

after the end of a business relationship with their customer or after the date of an

occasional transaction.

(Law of 25 March 2020)

“The retention period referred to in this paragraph, including the further retention period that

shall not exceed five additional years, shall also apply in respect of the data accessible through

the centralised mechanisms referred to in Article 32a of Directive (EU) 2015/849.”

The professionals shall also retain the information concerning the measures taken in order to

identify the beneficial owners within the meaning of sub-points (i) and (ii) of point (a) of Article

1(7).

Without prejudice to longer retention periods prescribed by other laws, the professionals shall

delete the personal data at the end of the retention period referred to in the first

subparagraph.

In specific cases when necessary for the purpose of carrying out their relevant prudential

supervisory duties under this law, the supervisory authorities may require that the

professionals retain the data for a further period which cannot exceed five years.

144

145

146

147

148

149

Law of 25 March 2020

Law of 13 February 2018

Law of 29 July 2022

Law of 25 March 2020

Law of 25 March 2020 (Note from translator: the change required in the French version requires two

separate changes in the English version)

150

Law of 25 March 2020

25

By way of derogation from the “fourth”¹⁵¹subparagraph, the professionals “shall retain”¹⁵²

the personal data for a further period of five years where this retention is necessary to

effectively implement internal measures for the prevention or detection of money laundering

or terrorist financing.”¹⁵³

(Law of 13 February 2018)

“(6a) The processing of personal data in accordance with this law is subject “to Regulation (EU)

2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of

natural persons with regard to the processing of personal data and on the free movement of

such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter

referred to as “Regulation (EU) 2016/679””¹⁵⁴

.

Personal data shall be processed by the professionals on the basis of this law only for the

purposes of the prevention of money laundering and terrorist financing and shall not be further

processed in a way that is incompatible with those purposes. The processing of personal data

on the basis of this law for any other purposes shall be prohibited.

The professionals shall provide new clients with the information required pursuant to “Articles

13 and 14 of Regulation (EU) 2016/679”¹⁵⁵before establishing a business relationship or

carrying out an occasional transaction. That information shall, in particular, include a general

notice concerning the legal obligations of the professionals under this law to process personal

data for the purposes of the prevention of money laundering and terrorist financing.

Pursuant to “the first subparagraph of Article 5(5)”¹⁵⁶, the person who is responsible for the

processing shall restrict or defer the right of access of the person concerned to his personal

data where such measure is necessary “and proportionate”¹⁵⁷in order to:

(a) enable the professionals, the Financial Intelligence Unit, a supervisory authority or a self-

regulatory body to fulfil their tasks properly for the purposes of this law or its

implementing measures; or

(b) avoid obstructing official or legal inquiries, analyses, investigations or procedures for the

purposes of this law, its implementing measures or Directive (EU) 2015/849 and to

ensure that the prevention, investigation and detection of money laundering and terrorist

financing is not jeopardised.

The processing of personal data on the basis of this law “for the purposes of the prevention of

money laundering and terrorist financing”¹⁵⁸shall be considered to be a matter of public

interest under “Regulation (EU) 2016/679”¹⁵⁹.”

(7)

The professionals shall pay special attention to any activity which they regard as particularly

likely, by its nature, to be related to money laundering or terrorist financing and in particular

complex or unusually large transactions and all unusual patterns of transactions which have

no apparent economic or visible lawful purpose.”

(Law of 17 July 2008)

“Article 3-1.

Simplified customer due diligence

(1)

“Where the professionals identify”, based on their risk assessment,”¹⁶⁰a lower risk of money

laundering and terrorist financing, they may apply simplified customer due diligence

measures.

(2)

Before applying simplified customer due diligence measures, the professionals shall ascertain

that the business relationship or the transaction presents a lower degree of risk.

151

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 29 July 2022

152

153

154

155

156

157

158

159

160

26

When assessing the risks of money laundering and terrorist financing relating to types of

customers, geographic areas, and particular products, services, transactions or delivery

channels, the professionals shall take into account at least the factors of potentially lower risk

situations set out in Annex III.

The professionals shall carry out sufficient monitoring of the transactions and business

relationship to enable the detection of unusual or suspicious transactions.”¹⁶¹

(3)

(4)

(Law of 27 October 2010) “(…)¹⁶²The professionals are required to gather sufficient

information in every circumstance to determine whether the customer satisfies all of the

conditions required to apply the simplified customer due diligence measures, which means

that the professionals must have access to a reasonable amount of information relating to the

requirements set forth in Article 3(2) and must monitor the business relationship at all times

so as to ensure that the conditions for the application of Article 3-1 continue to be met. (…)¹⁶³”

“By way of derogation from points (a), (b) and (c) of Article 3(2) and Article 3(4) but without

prejudice to paragraph 1 of this article, and based on an appropriate risk assessment which

demonstrates a low risk, the professionals are allowed not to apply certain customer due

diligence measures with respect to electronic money, where all of the following risk-mitigating

conditions are met:

(a) it is not possible to reload the payment instrument or the instrument has a maximum

monthly limit of EUR “150”¹⁶⁴which can be used only in Luxembourg;

(b) the maximum amount stored electronically does not exceed EUR “150”¹⁶⁵

;

(c) the payment instrument is used exclusively to purchase goods or services;

(d) the payment instrument cannot be funded with anonymous electronic money;

(e) the issuer carries out sufficient monitoring of the transactions or business relationship to

enable the detection of unusual or suspicious transactions.

The derogation provided for in the first subparagraph is not applicable in the case of

redemption in cash or cash withdrawal of the monetary value of the electronic money where

the amount redeemed exceeds EUR “50”¹⁶⁶“, or in the case of remote payment transactions

as defined in point (6) of Article 4 of Directive (EU) 2015/2366 of the European Parliament

and of the Council of 25 November 2015 on payment services in the internal market, amending

Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010,

and repealing Directive 2007/64/EC, hereinafter referred to as “Directive (EU) 2015/2366”,

where the amount paid exceeds EUR 50 per transaction”¹⁶⁷.”¹⁶⁸

(Law of 25 March 2020)

“Credit institutions and financial institutions acting as acquirers shall only accept payments

carried out with anonymous prepaid cards issued in third countries where such cards meet

requirements equivalent to those set out in the first and second subparagraphs.”

(5)

“If there is information available which suggests that the degree of risk is not lower, “or

where”¹⁶⁹there is a suspicion of money laundering or terrorist financing or when there is a

doubt about the veracity or adequacy of previously obtained data “or in specific cases of higher

risks”¹⁷⁰, the application of this regime for simplified customer due diligence is not possible

161

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

162

163

164

165

166

167

168

169

170

27

for these customers, “geographical areas,”¹⁷¹“particular”¹⁷²products“, services,”¹⁷³

transactions “or delivery channels”¹⁷⁴.”¹⁷⁵

(6)

The scope and modalities of application of this regime for simplified customer due diligence

can be modified or extended to other customers, products or transactions not listed in this

article by way of grand-ducal regulation.

A grand-ducal regulation can also restrict or entirely prohibit the application of this regime for

simplified customer due diligence relating the customers, products or transactions listed in

this article, if this regime is not justified given the risk of money laundering or terrorist

financing.

Article 3-2.Enhanced customer due diligence

(1)

The professionals are required to apply, based on their risk assessment, enhanced customer

due diligence measures, in addition to the measures referred to in Article 3, in situations which

“present”¹⁷⁶a higher risk of money laundering or terrorist financing, and at least in the cases

described in paragraphs 2, 3 and 4“, to manage and mitigate those risks appropriately.

When assessing the risks of money laundering and terrorist financing, the professionals shall

take into account at least the factors of potentially higher-risk situations set out in Annex IV.

(Law of 25 March 2020)

“Enhanced customer due diligence measures need not be invoked automatically with respect

to branches or majority-owned subsidiaries which are located in high-risk countries, where

those branches or majority-owned subsidiaries fully comply with the group-wide policies and

procedures in accordance with Article 4-1 or with Article 45 of Directive (EU) 2015/849. The

professionals shall handle those cases by using a risk-based approach.”

The professionals shall examine, as far as reasonably possible, the background and purpose

of any transaction “that fulfils at least one of the following conditions:”¹⁷⁷

(Law of 25 March 2020)

“(a) it is a complex transaction;

(b)

(c)

(d)

it is an unusually large transaction;

it is conducted in an unusual pattern; or

it does not have an apparent economic or lawful purpose.”

In particular, the professionals shall increase the degree and nature of “monitoring

measures”¹⁷⁸of the business relationship, in order to determine whether those transactions

or activities appear “unusual or”¹⁷⁹suspicious.”¹⁸⁰

(2)

“With respect to business relationships or transactions involving high-risk countries, the

professionals shall apply the following enhanced customer due diligence measures:

(a)obtaining additional information on the customer and on the beneficial owner(s) and

updating more regularly the identification data of the customer and beneficial owner;

(b)obtaining additional information on the intended nature of the business relationship;

(c)obtaining information on the source of funds and source of wealth of the customer and

of the beneficial owner(s);

(d)obtaining information on the reasons for the intended or performed transactions;

171

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

172

173

174

175

176

177

178

179

180

28

(e)obtaining the approval of senior management for establishing or continuing the

business relationship;

(f) conducting enhanced monitoring of the business relationship by increasing the number

and timing of controls applied, and selecting patterns of transactions that need further

examination.

The professionals shall ensure, where applicable, that the first payment be carried out through

an account in the customer’s name with a credit institution subject to customer due diligence

standards that are not less robust than those laid down in Directive (EU) 2015/849.”¹⁸¹

(Law of 25 March 2020)

“(2a) In addition to the measures provided for in paragraph 2 and in compliance with the European

Union’s international obligations, the supervisory authorities and self-regulatory bodies shall

require the professionals to apply, where applicable, one or more additional countermeasures

to persons and legal entities carrying out transactions involving high-risk countries. Those

measures shall consist of one or more of the following:

(a)

(b)

the application of additional elements of enhanced due diligence;

the introduction of enhanced relevant reporting mechanisms or systematic reporting of

financial transactions;

(c)

the limitation of business relationships or transactions with natural persons or legal

entities from high-risk countries.

(2b) In addition to the measures provided for in paragraph 2, the supervisory authorities and self-

regulatory bodies shall apply, where applicable, one or several of the following

countermeasures with regard to high-risk countries in compliance with the European Union’s

international obligations:

(a)

refusing the establishment of subsidiaries or branches or representative offices of the

professionals from the country concerned, or otherwise taking into account the fact

that the relevant professional is from a country that does not have adequate anti-

money laundering and counter terrorist financing regimes;

(b)

prohibiting the professionals from establishing branches or representative offices in

the country concerned, or otherwise taking into account the fact that the relevant

branch or representative office would be in a country that does not have adequate

anti-money laundering and counter terrorist financing regimes;

(c)

(d)

(e)

requiring increased supervisory examination or increased external audit requirements

for subsidiaries and branches of the professionals located in the country concerned;

requiring increased external audit requirements for financial groups with respect to

any of their subsidiaries and branches located in the country concerned;

requiring credit institutions and financial institutions to review and amend, or if

necessary terminate, correspondent relationships with respondent institutions in the

country concerned.

(2c) When enacting or applying the measures set out in paragraphs 2a and 2b, the supervisory

authorities or, where applicable, the self-regulatory bodies shall take into account, as

appropriate, relevant evaluations, assessments or reports drawn up by international

organisations and standard setters with competence in the field of preventing money

laundering and combating terrorist financing, in relation to the risks posed by individual

countries.

(2d) The supervisory authorities or, where applicable, the self-regulatory bodies shall notify the

European Commission before enacting or applying the measures set out in paragraphs 2a and

2b.”

(3)

“In the case of cross-border correspondent relationships or other similar relationships with

respondent institutions, credit institutions, financial institutions and other institutions

181

Law of 25 March 2020

29

concerned by such relationships shall, in addition to the customer due diligence measures laid

down in Article 3(2), when entering into a business relationship:”¹⁸²

(a)

gather sufficient information about a respondent institution to understand fully the

nature of the respondent's business and to determine from publicly available

information the reputation of the institution and the quality of supervision“, including

whether it has been subject to a money laundering or terrorist financing investigation

or regulatory action”¹⁸³;

(b)

(c)

(d)

(e)

assess the respondent institution's anti-money laundering and anti-terrorist financing

controls;

obtain approval from senior management before establishing new correspondent (…)¹⁸⁴

relationships;

“clearly understand and”¹⁸⁵document the respective responsibilities “as regards the

fight against money laundering and terrorist financing”¹⁸⁶of each institution;

with respect to payable-through accounts, be satisfied that the respondent (…)¹⁸⁷

institution has verified the identity of and performed ongoing due diligence on the

customers having direct access to accounts of the “credit institutions, financial

institutions and other institutions concerned by such relationships”¹⁸⁸and that it is able

to provide relevant customer due diligence data “and information”¹⁸⁹to the

correspondent institution, upon request.

(Law of 25 March 2020)

“It is prohibited for the professionals to enter into or continue a correspondent relationship

with a shell bank or with a credit institution or financial institution that is known to allow its

accounts to be used by a shell bank. The professionals shall ensure that the respondent

institutions do not permit their accounts to be used by shell banks.”

(Law of 6 February 2025)

“(3a) By way of derogation from paragraph 3, with respect to cross-border correspondent

relationships involving the execution of crypto-asset services as defined in Article 3(1), point

(16), of Regulation (EU) 2023/1114, with the exception of point (h) of that point, with a

respondent entity not established in the European Union and providing similar services,

including transfers of crypto-assets, crypto-asset service providers shall, when entering into

a business relationship with such an entity, in addition to the customer due diligence measures

laid down in Article 3(2) of this law:

(a)

(b)

determine if the respondent entity is licensed or registered;

gather sufficient information about the respondent entity to understand fully the nature

of the respondent’s business and to determine from publicly available information the

reputation of the entity and the quality of supervision;

(c)

(d)

assess the respondent entity’s AML/CFT controls;

obtain approval from senior management before establishing new correspondent

relationships;

(e)

(f)

clearly understand and document the respective responsibilities as regards the fight

against money laundering and terrorist financing of each party to the correspondent

relationship;

with respect to payable-through crypto-asset accounts, be satisfied that the respondent

entity has verified the identity of, and performed ongoing due diligence on, the

customers having direct access to accounts of the correspondent entity, and that it is

182

183

184

185

186

187

188

189

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

30

able to provide relevant customer due diligence data to the correspondent entity, upon

request.

Where crypto-asset service providers decide to terminate correspondent relationships for

reasons relating to anti-money laundering and counter-terrorist financing policy, they shall

document and record their decision.

Crypto-asset service providers shall update the due diligence information for the

correspondent relationship on a regular basis or when new risks emerge in relation to the

respondent entity.

Crypto-asset service providers shall take into account the information referred to in this

paragraph in order to determine, on a risk-sensitive basis, the appropriate measures to be

taken to mitigate the risks associated with the respondent entity.”

(4)

(Law of 27 October 2010) “With regard to transactions or business relationships with politically

exposed persons (…)¹⁹⁰”, whether they are a customer, a person purporting to act on behalf

of or for the customer, or a beneficial owner”¹⁹¹, the professionals are required”, in addition

to the customer due diligence measures laid down in Article 3,”¹⁹²to:”

(a)

have “appropriate risk management systems, including risk-based procedures,”¹⁹³to

determine “if the customer“, the person purporting to act on behalf of or for the

customer”¹⁹⁴or beneficial owner is a politically exposed person”¹⁹⁵;

(b)

(c)

obtain senior management approval for establishing “or continuing”¹⁹⁶“, for existing

customers,”¹⁹⁷business relationships with “such persons”¹⁹⁸

;

take reasonable measures to establish the source of wealth and source of funds that

are involved in the business relationship or transaction “with such persons”¹⁹⁹“.

Furthermore, credit institutions and financial institutions must take reasonable

measures to establish the source of wealth and the source of funds of customers and

beneficial owners identified as politically exposed persons”²⁰⁰

conduct enhanced ongoing monitoring of the business relationship.

;

(d)

(Law of 27 October 2010)

“The provisions of this paragraph shall also apply where a customer has already been accepted

and the customer or the beneficial owner is subsequently found to be, or subsequently

becomes, a politically exposed person.”

(Law of 13 February 2018)

“The professionals shall take reasonable measures to determine whether the beneficiaries of

a life or other investment-related insurance policy or, where required, the beneficial owner of

the beneficiary are politically exposed persons. Those measures shall be taken no later than

at the time of the payout or at the time of the assignment, in whole or in part, of the policy.

Where there are higher risks identified, in addition to applying the customer due diligence

measures laid down in Article 3, the professionals shall:

(a) inform senior management before the payout of policy proceeds;

(b) conduct enhanced scrutiny of the entire business relationship with the policyholder“;

and”²⁰¹

”

190

191

192

193

194

195

196

197

198

199

200

201

Law of 13 February 2018

Law of 29 July 2022

Law of 25 March 2020

Law of 13 February 2018

Law of 29 July 2022

Law of 27 October 2010

Law of 13 February 2018

Law of 25 March 2020

Law of 25 February 2021

Law of 25 March 2020

31

(Law of 25 March 2020)

“(c) make a suspicious transaction report to the FIU or, if the professional is a lawyer, to the

respective President of the Ordre des avocats, if the circumstances give rise to a suspicion

of money laundering or terrorist financing.”

(Law of 13 February 2018)

“Where a natural person who is or has been entrusted with prominent public functions is no

longer entrusted with a prominent public function by a Member State or a third country, or

with a prominent public function by an international organisation, the professionals shall, for

at least 12 months, take into account the continuing risk posed by that “politically exposed”²⁰²

person and apply appropriate and risk-sensitive measures “until that person no longer poses

particular risks”²⁰³.”

(…)²⁰⁴

(6)

The professionals shall pay special attention to any money laundering or terrorist financing

threat that may arise from products or transactions that might favour anonymity, and take

measures, if needed, to prevent their use for money laundering or terrorist financing purposes.

(7)

The mandatory application and the modalities of application of enhanced customer due

diligence can be modified, completed or extended to other situations representing a high risk

of money laundering or terrorist financing by a grand-ducal regulation.

Article 3-3.Performance of customer due diligence by third parties

“(1) For the purposes of this article, “third parties” shall mean the professionals listed in Article 2,

the member organisations or federations of those professionals, or other institutions or

persons situated in a Member State or third country that:

(a) apply customer due diligence requirements and record-keeping requirements that are

consistent with those laid down in this law and in Directive (EU) 2015/849; and

(b) have their compliance with the requirements of this law, Directive (EU) 2015/849 or

equivalent rules applicable to them, supervised in a manner consistent with Chapter VI,

Section 2 of Directive (EU) 2015/849.

It is prohibited for the professionals to rely on third parties established in “high-risk”²⁰⁵

countries. Third parties that are branches and majority-owned subsidiaries of the professionals

established in the European Union are exempt from that prohibition, where those branches

and majority-owned subsidiaries fully comply with the group-wide policies and procedures in

accordance with Article 4-1 or Article 45 of Directive (EU) 2015/849."²⁰⁶

(2)

The professionals may rely on third parties to meet the requirements laid down in points (a)

to (c) of “the first subparagraph”²⁰⁷“and in the second subparagraph of” Article 3(2), provided

that obtaining “immediately, from the third party they rely on, the information referred to”²⁰⁸

in paragraph 3 is assured. However, the ultimate responsibility for meeting those

requirements shall remain with the professionals which rely on the third party.

(Law of 25 March 2020)

“The professionals relying on a third party shall take adequate steps to ensure that this third

party provides immediately, upon request, in accordance with paragraph 3, the necessary

documents relating to the customer due diligence obligations laid down in points (a) to (c) of

the first subparagraph and in the second subparagraph of Article 3(2), including, where

available, data obtained through electronic identification means, relevant trust services as set

out in Regulation (EU) No 910/2014, or any other secure, remote or electronic, identification

process regulated, recognised, approved or accepted by the relevant national authorities.

202

203

204

205

206

207

208

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

32

The professionals relying on a third party shall also ensure that this third party is regulated,

supervised and has measures in place in order to comply with the customer due diligence and

record-keeping requirements which are in line with those laid down in Articles 3 to 3-2 of this

law.”

(3)

Where a third party acts in accordance with paragraph 2 above, it shall in accordance with the

requirements laid down in points (a) to (c) of “the first subparagraph”²⁰⁹and “in the second

subparagraph of”²¹⁰Article 3(2) make the information requested immediately available to the

professionals to whom the customer is being referred, notwithstanding any applicable rules

on confidentiality or professional secrecy.

In this case, relevant copies of identification and verification data“, including, where available,

data obtained through electronic identification means, trust services concerned as set out in

Regulation (EU) No 910/2014 or any other secure, remote or electronic identification process

regulated, recognised, approved or accepted by the national authorities concerned”²¹¹and

other relevant documentation on the identity of the customer or the beneficial owner shall

immediately be forwarded, on request, by the third party to the professionals whom the

customer contacted.

(4)

“The requirements set out in paragraphs 1 and 3 shall be considered as complied with by the

professionals through their group programme, where all of the following conditions are met:

(a)

the professionals rely on information provided by a third party that is part of the same

financial group;

(b)

that group applies customer due diligence measures, rules on record-keeping and

programmes against money laundering and terrorist financing in accordance with “this

law”²¹², Directive (EU) 2015/849 or equivalent rules;

(c)

the effective implementation of the requirements referred to in point (b) is supervised

at group level by a supervisory authority, a self-regulatory body or one of their foreign

counterparts”²¹³;

(Law of 25 March 2020)

“(d) any risk relating to a high-risk country is satisfactorily mitigated in accordance with

Article 4-1(3) and (4).”

(5)

(6)

This article shall not apply to outsourcing or agency relationships where, on the basis of a

contractual arrangement, the outsourcing service provider or agent is to be regarded as part

of the professionals covered by this law.

A grand-ducal regulation can restrict or entirely prohibit the option of relying on third parties

or certain third parties, if this option is not justified given the risk of money laundering or

terrorist financing.”

(Law of 17 July 2008)

“Article 4. Adequate internal management requirements

(1)

“The professionals shall put in place policies, controls and procedures to mitigate and manage

effectively the risks of money laundering and terrorist financing identified at international,

European, national, sectorial level and at the level of the professionals themselves. Those

policies, controls and procedures“, which take into account the risks of money laundering and

terrorist financing,”²¹⁴shall be proportionate to the nature, specificities and size of the

professionals.

The policies, controls and procedures referred to in the first subparagraph shall include:

(a) the development of internal policies, controls and procedures, including model risk

management methods, customer due diligence, cooperation, record-keeping, internal

209

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

210

211

212

213

214

33

control, compliance management including (…)²¹⁵the appointment of a compliance officer

at appropriate hierarchical level, and employee screening;

(b) where appropriate with regard to the size and nature of the business “and the risks of

money laundering and terrorist financing”²¹⁶, an independent audit function to test the

internal policies, controls and procedures referred to in point (a).

The professionals shall obtain approval from their senior management for the policies, controls

and procedures that they put in place and monitor and enhance the measures taken, where

appropriate.

The professionals shall appoint, where appropriate, among the members of their management

body or effective direction, the person responsible for compliance with the professional

obligations as regards the fight against money laundering and terrorist financing.”²¹⁷

(Law of 25 March 2020)

“The internal control arrangements, including the internal audit function, shall be adequately

resourced to test compliance, including sample testing, with the procedures, policies and

controls and to enjoy the independence which is necessary to perform their tasks. The

compliance officer and the other staff members concerned shall have timely access to

customer identification data and other due diligence information, transaction records, and

other relevant information. The compliance officer shall be able to act independently and to

report directly to the management, without having to report to the next reporting level, or to

the board of directors.

An adequate internal organisation shall include putting into place appropriate procedures to

ensure that the hiring is made according to applicable professional standing and experience

criteria.”

“(2) The professionals shall take measures proportionate to their risks, nature and size so that

their employees“, including the members of the management bodies and the effective

direction,”²¹⁸are aware of the professional obligations as regards the fight against money

laundering and terrorist financing, as well as the relevant data protection requirements. Those

measures shall include participation of their employees in special ongoing training

programmes to “be informed of new developments, including information on techniques,

methods and trends in money laundering and terrorist financing, and to”²¹⁹help them

recognise operations which may be related to money laundering or terrorist financing and to

instruct them as to how to proceed in such cases. “The special ongoing training programmes

shall provide the employees with clear explanations of all aspects of the laws and obligations

as regards the fight against money laundering and terrorist financing and, in particular

obligations concerning customer due diligence and suspicious transaction reporting.”²²⁰

Where a natural person falling within any of the categories listed in Article 2(1) performs

professional activities as an employee of a legal person, the obligations in this section shall

apply to that legal person rather than to the natural person.”²²¹

(Law of 13 February 2018)

“(2a) The supervisory authorities, self-regulatory bodies and the Financial Intelligence Unit shall

ensure that the professionals have access to up-to-date information on the practices of

criminals committing money-laundering or terrorist-financing offences and on indicators

leading to the recognition of suspicious transactions.”

(3)

“The professionals”²²²shall have systems in place that enable them to respond fully and

rapidly to enquiries from the Luxembourg authorities responsible for the fight against money

laundering and terrorist financing “and self-regulatory bodies”²²³as to whether they maintain

215

Law of 25 March 2020

Law of 13 February 2018

Law of 25 March 2020

Law of 13 February 2018

Law of 25 February 2021

216

217

218

219

220

221

222

223

34

or have maintained during the previous five years a business relationship with specified natural

or legal persons and on the nature of that relationship“, through secure channels and in a

manner that ensures full confidentiality of the enquiries”²²⁴.”

(Law of 13 February 2018)

“(4) The professionals shall have in place appropriate procedures, proportionate to their nature

and size, for their employees, or persons in a comparable position, to report internally, through

a specific, independent and anonymous channel, breaches of professional obligations as

regards the fight against money laundering and terrorist financing.”

(Law of 13 February 2018)

“Article 4-1. Group-wide policies and procedures

(1)

The professionals that are part of a group shall implement group-wide policies and procedures,

including data protection policies and policies and procedures for sharing information within

the group for anti-money laundering and counter terrorist financing purposes. Those policies

and procedures shall be implemented effectively “and adequately, by taking into account, in

particular, the identified risks of money laundering and terrorist financing and the nature,

specificities, size and activity of the branches and subsidiaries,”²²⁵at the level of branches

and majority-owned subsidiaries established in Member States and third countries.

(Law of 25 March 2020)

“The group-wide policies and procedures shall include:

(a)

(b)

the policies, controls and procedures provided for in Article 4(1) and (2);

the provision, pursuant to Article 5(5) and (6), of customer, account and transaction

information from branches and subsidiaries, when necessary for anti-money laundering

and counter terrorist financing purposes, to the compliance, audit and anti-money

laundering and counter terrorist financing functions at group level. This information

refers to data and analyses of transactions or activities which appear unusual, if such

analyses were done “. This information may include”²²⁶information related to suspicious

reports or the fact that such reports have been transmitted to the FIU. Similarly,

branches and subsidiaries shall receive such information from these group-level

compliance functions when relevant and appropriate to risk management; and

(c)

adequate safeguards on the confidentiality and use of information exchanged, including

safeguards to prevent tipping-off.”

(2)

(3)

The professionals that operate establishments in another Member State shall ensure that those

establishments respect the national provisions of that other Member State transposing

Directive (EU) 2015/849.

The professionals shall apply in their branches and majority-owned subsidiaries located abroad

measures at least equivalent to those laid down in Articles 2-2 to 7, “in Directive (EU)

2015/849 or”²²⁷in their implementing measures (…)²²⁸with regard to risk assessment,

customer due diligence, “record-keeping,”²²⁹adequate internal management and cooperation

with the authorities.

The professionals shall pay particular attention that this principle is complied with in respect

of their branches and subsidiaries in “high-risk”²³⁰countries.

Where the minimum standards on combating money laundering and the financing of terrorism

in a country where the professionals have branches or majority-owned subsidiaries differ from

those applicable in Luxembourg, those branches and subsidiaries shall apply the higher

standard, to the extent that host country laws and regulations permit. In this context, if the

standards of the country in which those branches and subsidiaries are located are less strict

224

Law of 13 February 2018

Law of 25 March 2020

Law of 25 February 2021

Law of 25 March 2020

225

226

227

228

229

230

35

than those of Luxembourg, the data protection rules applicable in Luxembourg with respect

to the fight against money laundering and terrorist financing shall be complied with“, insofar

as the legislative and regulatory texts of the host country allow it”²³¹.

(4)

Where a (…)²³²country's law does not permit the implementation of the policies and

procedures required under “paragraphs 1 and 3”²³³, the professionals shall ensure that their

branches and majority-owned subsidiaries in that third country apply additional measures to

effectively handle the risk of money laundering or terrorist financing, and inform the

supervisory authorities and self-regulatory bodies. If the additional measures are not

sufficient, the supervisory authorities and self-regulatory bodies shall exercise additional

supervisory actions, including requiring that the group does not establish or that it terminates

business relationships, and does not undertake transactions and, where necessary, requesting

the group to close down its operations in the third country.”

(Law of 27 October 2010)

“Article 5. Cooperation requirements with “the FIU,”²³⁴the authorities “and the self-

regulatory bodies”²³⁵

(1)

The professionals, their directors (dirigeants, members of the authorised management) and

employees are obliged to cooperate fully with the Luxembourg authorities responsible for the

fight against money laundering and terrorist financing “and self-regulatory bodies, in

particular, in the framework of their respective supervisory powers conferred on them under

Articles 8-2 and 8-2a”²³⁶

.

Without prejudice to the obligations vis-à-vis the “supervisory authorities or self-regulatory

bodies”²³⁷, the professionals, their directors (dirigeants, members of the authorised

management) and employees are required to:

(a)

inform promptly, on their own initiative, the Financial Intelligence Unit (…)²³⁸when they

know, suspect or “have reasonable grounds to suspect that money laundering, an

associated predicate offence or terrorist financing”²³⁹is being committed or has been

committed or attempted, in particular in consideration of the person concerned, its

development, the origin of the funds, the purpose, nature and procedure of the

operation. This report must be accompanied by all supporting information and

documents having prompted the report.

(Law of 10 August 2018)

“All suspicious transactions, including attempted suspicious transactions, shall be

reported, regardless of the amount of the transaction.”

The obligation to report suspicious transactions shall apply regardless of whether those

filing the report can determine the predicate offence.

(b)

provide without delay to the Financial Intelligence Unit, at its request, any information.

This obligation includes the submission of the documents on which the information is

based.

“The identity of the professionals, directors (dirigeants, members of the authorised

management) and employees having provided such information” ²⁴⁰is kept confidential by the

aforementioned authorities, unless disclosure is essential to ensure the regularity of legal

proceedings or to establish proof of the facts forming the basis of these proceedings.

(1a) With regard to combating terrorist financing, the obligation to report suspicious transactions

set forth in paragraph 1, point (a) shall also apply to funds where there are reasonable grounds

231

Law of 25 March 2020

Law of 10 August 2018

Law of 13 February 2018

232

233

234

235

236

237

238

239

Law of 10 August 2018

240

36

to suspect or they are suspected to be linked or related to, or to be used for terrorism, terrorist

acts, by “a terrorist or terrorist”²⁴¹groups or by those who finance terrorism.

(2)

(3)

The communication of information and documents referred to in paragraphs 1 and 1a is usually

carried out by the individual(s) appointed by the professionals for this purpose, in accordance

with the procedures laid down in “Article 4(1)” ²⁴². The elements of information and documents

provided to the authorities, other than the judicial authorities, in application of paragraphs 1

and 1a may only be used in the combat against money laundering and terrorist financing.

“The professionals must refrain from carrying out transactions of which they know, suspect or

have reasonable grounds to suspect to be related to money laundering, to an associated

predicate offence or to terrorist financing until they have informed the Financial Intelligence

Unit thereof in accordance with paragraphs 1 and 1a and have complied with any specific

instructions from the Financial Intelligence Unit. The Financial Intelligence Unit may give

instructions not to carry out the operations relating to the transaction or the customer.

Where refraining from carrying out transactions referred to in the first subparagraph is

impossible or is likely to frustrate efforts to pursue the beneficiaries of a suspected operation,

the professionals concerned shall inform the Financial Intelligence Unit immediately

afterwards.

Where the instruction is communicated orally, it must be followed by a written confirmation

within 3 business days, otherwise the effects of the instruction cease on the third business

day at midnight.

The professional is not authorised to disclose this instruction to the customer without the

express prior consent of the Financial Intelligence Unit.

The Financial Intelligence Unit may order systematically and at any time the total or partial

withdrawal of the order not to carry out the operations pursuant to the first subparagraph.”²⁴³

(3a) The provisions of paragraph 1, point (b) and paragraph 3 shall apply even in the absence of

a suspicious transaction report made by the professionals according to paragraph 1, point (a)

and paragraph 1a.

(4)

“No professional secrecy shall apply vis-à-vis the Financial Intelligence Unit in respect of the

provisions of paragraphs 1, 1a and 3.

The disclosure in good faith to the Luxembourg authorities responsible for the fight against

money laundering and terrorist financing“, the self-regulatory bodies”²⁴⁴“or, if the

professional is a lawyer, to the relevant President of the Ordre des avocats”²⁴⁵, by the

professionals or employees or directors (dirigeants, members of the authorised management)

of such professionals of any information referred to above “in accordance with this article and

Article 7”²⁴⁶does not constitute a breach of any restriction on disclosure of information

imposed by contract“, by professional secrecy or a legislative, regulatory or administrative

provision”²⁴⁷and shall not involve such persons in liability of any kind“, even in circumstances

where they were not precisely aware of the “associated” ²⁴⁸predicate offence and regardless

of whether illegal activity actually occurred”²⁴⁹.”

“Individuals, including employees and representatives of the professional may not be subject

to threats, retaliatory or hostile action, and in particular to adverse or discriminatory

employment actions due to the report of a suspicion of money laundering or terrorist financing

to the FIU.

Individuals who are exposed to threats, retaliatory or hostile actions, or adverse or

discriminatory employment actions for reporting suspicions of money laundering or terrorist

241

Law of 25 March 2020

Law of 10 August 2018

Law of 25 March 2020

Law of 10 August 2018

Law of 13 February 2018

Law of 10 August 2018

Law of 13 February 2018

242

243

244

245

246

247

248

249

37

financing to the FIU are entitled to present a complaint to the supervisory authority or self-

regulatory body referred to in Article 2-1.

Any contractual clause or any act contrary to the third subparagraph and, notably any

termination of the employment contract in breach of the provisions of the third subparagraph

shall be null and void.

In case the employment contract is terminated, the employee may seek the remedies provided

for in Article L.271-1(4) to (7) of the Labour Code.”²⁵⁰

(4a) Reports, information and documents supplied by the professionals pursuant to the provisions

of paragraphs 1 and 1a cannot be used against these professionals in proceedings on the basis

of Article 9.

(5)

The professionals and their directors (dirigeants, members of the authorised management)

and employees shall not disclose to the customer concerned or to other third persons the fact

that information “is being, will be or has been reported or provided” ²⁵¹to the authorities in

accordance with paragraphs 1, 1a, 2 and 3 or that a money laundering or terrorist financing

investigation by the Financial Intelligence Unit is being or may be carried out.”

(Law of 17 July 2008)

“This prohibition shall not apply to a disclosure to the “supervisory”²⁵²authorities or, if

appropriate, the self-regulatory bodies of the different professionals.

“The prohibition laid down in the first subparagraph shall not apply to disclosure between the

credit institutions and financial institutions “of Member States, provided that they belong to

the same group,”²⁵³or between those institutions and their branches and majority-owned

subsidiaries located in third countries, provided that those branches and majority-owned

subsidiaries fully comply with the group-wide policies and procedures, including procedures

for sharing information within the group, in accordance with Article 4-1 or Article 45 of

Directive (EU) 2015/849, and that the group-wide policies and procedures comply with the

requirements laid down in this law or in Directive (EU) 2015/849.”²⁵⁴

The prohibition laid down in the first subparagraph of this paragraph shall not prevent the

disclosure between the professionals referred to in points (8), (9), (11), (12) and (13) of

Article 2(1), from Member States or from third countries which impose requirements

equivalent to those laid down in this law or in “Directive (EU) 2015/849”²⁵⁵, who perform their

professional activities, whether as employees or not, within the same legal person or a

network. For the purposes of this subparagraph, a “network” shall mean the larger structure

to which the person belongs and which shares common ownership, management and

compliance control.

For credit and financial institutions and the professionals referred to in points (8), (9), (11),

(12) and (13) of Article 2(1), in cases “involving the same person concerned”²⁵⁶and the same

transaction involving two or more professionals, the prohibition laid down in the first

subparagraph of this paragraph shall not prevent disclosure between the relevant

professionals provided that they are situated in a Member State, or in a third country which

imposes requirements equivalent to those laid down in this law or in “Directive (EU)

2015/849”²⁵⁷and that they are from the same professional category and are subject to

equivalent obligations as regards professional secrecy and personal data protection. The

information exchanged must be used exclusively for the purposes of the prevention of money

laundering and terrorist financing.

250

251

252

253

254

255

256

257

Law of 25 March 2020

Law of 10 August 2018

Law of 13 February 2018

Law of 25 March 2020

Law of 10 August 2018

Law of 25 March 2020

Law of 10 August 2018

38

By way of derogation from the preceding paragraphs, a grand-ducal regulation can prohibit

the disclosure between the aforementioned professionals and institutions or persons situated

in a third country if there is a risk of money laundering or terrorist financing.

Where the professionals referred to in points (8), (9), (11), (12) and (13) of Article 2(1), seek

to dissuade a customer from engaging in illegal activity, this shall not constitute a disclosure

within the meaning of the first subparagraph.”

(Law of 10 August 2018)

“(6) Information on suspicions that funds are the proceeds of money laundering, of an associated

predicate offence or are related to terrorist financing reported to the Financial Intelligence Unit

shall be shared within the group, unless otherwise instructed by the Financial Intelligence

Unit.”

Chapter 3: Special provisions for certain professionals

Section 1: Special provisions applicable to the insurance sector

Article 6. (…)²⁵⁸

Section 2: Special provisions applicable to lawyers

Article 7. (Law of 27 October 2010)

“(1) Lawyers are not subject to the obligations referred to in Article 3(4)(5) and in Article 5(1) and

(1a) with regard to information they receive from or obtain on one of their clients, in the

course of providing legal advice or ascertaining the legal position for their client or performing

the task of defending or representing that client in judicial proceedings or concerning such

proceedings, including advice on instituting or avoiding proceedings, whether such information

is received or obtained before, during or after such proceedings.

(2)

In lieu and instead of a direct information or transmission of documents to the Financial

Intelligence Unit, the information or documents referred to in Article 5(1) and (1a) have to be

disclosed to the President of the Ordre des avocats before whom the disclosing lawyer is

enrolled in conformity with the Law of 10 August 1991 on the legal profession, as amended.

In this case, the President of the Ordre des avocats shall verify compliance with the conditions

laid down under the previous paragraph and under Article 2(1)(12). In case of compliance, he

shall transmit the information or documents received to the Financial Intelligence Unit.”

(…)²⁵⁹

(Law of 25 March 2020)

“(3) By way of derogation from the sixth subparagraph of Article 3(6), a lawyer who forms a

suspicion of money laundering or terrorist financing and who reasonably believes that

performing the customer due diligence process will tip-off the customer, may choose not to

pursue the customer due diligence process but transmit a suspicious transaction report to the

President of the Ordre des avocats on which table he is registered. In that case, the President

of the Ordre des avocats shall verify compliance with the conditions laid down in paragraph 1

and in point (12) of Article 2(1). If so, he is required to transmit the suspicious transaction

report to the FIU.”

258

Law of 17 July 2008

Law of 13 February 2018

259

39

(Law of 25 March 2020 establishing a central electronic data retrieval system related to IBAN accounts and safe-

deposit boxes)

“Section 3: Specific provisions applicable to transfers of crypto-assets directed to or

originating from a self-hosted address”²⁶⁰

Article 7-1. (…)²⁶¹

(Law of 6 February 2025)

“Article 7-1a.

(1)

Crypto-asset service providers shall identify and assess the risk of money laundering and

financing of terrorism associated with transfers of crypto-assets directed to or originating from

a self-hosted address. To that end, crypto-asset service providers shall have in place internal

policies, procedures and controls.

(2)

Crypto-asset service providers shall apply mitigating measures commensurate with the risks

identified. Those mitigating measures shall include one or more of the following:

(a)

taking risk-based measures to identify, and verify the identity of, the originator or

beneficiary of a transfer made to or from a self-hosted address or the beneficial owner

of such originator or beneficiary, including through reliance on third parties;

(b)

requiring additional information on the origin and destination of the transferred crypto-

assets;

(c)

(d)

conducting enhanced ongoing monitoring of those transactions;

any other measure to mitigate and manage the risks of money laundering and terrorist

financing as well as the risk of non-implementation and evasion of targeted financial

sanctions and proliferation financing-related targeted financial sanctions.”

Section 4: Particular provisions applicable to trust and company service providers

Article 7-2.

(1) The trust and company service providers shall register with the supervisory authority or self-

regulatory body that is competent for each one of them pursuant to Article 2-1. The application

for registration shall be accompanied by the following information:

(a)

for an applicant natural person:

i)

the name and the first name(s);

ii)

the precise private address or the precise professional address

stating:

- for addresses in the Grand Duchy of Luxembourg, the usual residence

as stated in the national register of natural persons, or, for professional

addresses, the name of the town, street and number of the building as

stated in the national register of towns and streets, as provided for in

letter (g) of Article 2 of the Law of 25 July 2002 on the reorganisation

of the land registry and topography administration, as amended, as well

as the postal code;

- for addresses abroad, the name of the town, street and number abroad,

the postal code and the country;

iii) for persons registered in the national register of natural persons, the

identification number as provided for by the Law of 19 June 2013 on the

identification of natural persons, as amended;

iv) for non-residents not registered in the national register of natural persons, a

foreign identification number;

v) the service(s) provided that fall under one or more of the services referred to in

Article 1(8).

260

261

Law of 6 February 2025

Repealed by the Law of 6 February 2025

40

(b)

for an applicant legal person:

i) the name of the legal person and, where applicable, the abbreviation

and the trading name used;

ii) the precise address of the registered office of the legal person;

iii) as regards

- a legal person registered within the Luxembourg trade and companies

register, the registration number;

- a legal person not registered within the Luxembourg trade and

companies register, where applicable, the name of the register within

which the legal person is registered and the registration number, if the

law of the State by which the legal person is governed provides for such

a number;

iv) the service(s) provided that fall under one or more of the services

referred to in Article 1(8).

(2) The supervisory authorities may exempt trust and company service providers that are under their

prudential supervision and that are already approved or authorised to perform the activity of

trust and company service provider, from the obligations referred to in the first paragraph.

(3) The supervisory authorities and self-regulatory bodies shall coordinate with each other in order

to establish and maintain a list of trust and company service providers for which they are

competent pursuant to Article 2-1.

This list shall indicate, for every trust and company service provider, the supervisory authority

or self-regulatory body concerned, as well as any exemption granted pursuant to the second

paragraph.

(4) As regards the trust and company service providers subject to the supervision of a self-regulatory

body, the obligations provided for in the first paragraph shall be considered as professional

obligations imposed under the legislation on anti-money laundering and combating the financing

of terrorism within the meaning of point (1a) of Article 71 and Article 100-1 of the Law of 9

December 1976 on the profession of notary, as amended, point (4) of Article 32 and Article 46-

1 of the Law of 4 December 1990 organising the judicial officers, as amended, Article 17, Article

19 point (6) and Article 30-1 of the Law of 10 August 1991 on the profession of lawyers, as

amended, letter (f) of Article 11 and Article 38-1 of the Law of 10 June 1999 organising the

profession of certified accountant, as amended, and letter (d) of Article 62 and letter (c) of Article

78(1) of the Law of 23 July 2016 on the audit profession, as amended.”

(Law of 25 February 2021)

“(5) For natural persons subject to the supervision of the AED pursuant to Article 2-1(8) and carrying

on the activity of trust and company service provider, the registration shall be subject to the

condition that these natural persons have the adequate professional standing and provide the

AED with the necessary information to justify it.

For legal persons subject to the supervision of the AED pursuant to Article 2-1(8) and carrying

on the activity of trust and company service provider, the registration shall be subject to the

condition that the persons who perform a management function within these legal persons and

the beneficial owners of these legal persons have the adequate professional standing and provide

the AED with the necessary information to justify it.

Professional standing shall be assessed on the basis of criminal records and of any evidence

demonstrating that the persons referred to in the first and second subparagraphs are of good

repute and offer every guarantee of irreproachable business conduct.

Any change in the persons as referred to in the second subparagraph shall be notified to the AED.

The AED may request all the information as may be necessary regarding the persons who may

be required to fulfil the legal requirements with respect to professional standing.

Any trust and company service provider, subject to the supervision of the AED pursuant to Article

2-1(8), which ceases its activities shall notify the AED thereof.”

41

(Law of 13 February 2018)

“Chapter 3-1: Supervision and sanctions

Section 1 - Supervision of the professionals

Article 8-1. Exercise of supervisory powers by the supervisory authorities and self-

regulatory bodies

(1)

The supervisory authorities and self-regulatory bodies shall monitor effectively and take the

measures necessary to ensure compliance by the professionals with their professional

obligations as regards the fight against money laundering and terrorist financing.

(Law of 25 March 2020)

“(1a) The supervisory authorities and self-regulatory bodies shall provide the professionals with

information on the countries which do not or which insufficiently apply anti-money laundering

and counter terrorist financing measures and, in particular, on concerns about weaknesses in

the anti-money laundering and counter terrorist financing systems of the countries concerned.

The supervisory authorities may order credit institutions and financial institutions to adopt one

or more enhanced due diligence measures proportionate to the risks laid down in Article 3-

2(2) to (2c), in the framework of the business relationships and transactions with natural

persons or legal entities involving such countries.”

(2)

Where the professionals with the head office in another Member State operate establishments

in Luxembourg, the supervisory authorities and self-regulatory bodies shall supervise that the

establishments operated in Luxembourg respect the (…)²⁶²obligations laid down in Articles 2-

2, 3, 3-1, 3-2, 3-3, 4, 4-1, 5, 7 “and 8-3(3) or”²⁶³their implementing measures.

The supervisory authorities and self-regulatory bodies shall cooperate with their respective

counterparts of the Member State in which the professionals have their head office, to ensure

effective supervision of the requirements of this law, its implementing measures and Directive

(EU) 2015/849.

(Law of 25 March 2020)

“In the case of credit institutions and persons referred to in letters (a) to (e) and (g) of Article

1(3a) established in other Member States that are part of a group whose parent undertaking

is established in Luxembourg, the CSSF and the CAA shall cooperate with their counterparts

from the Member States in which the institutions belonging to the group are established in

order to ensure compliance by these institutions with the national provisions of the Member

State concerned transposing Directive (EU) 2015/849.

In the cases referred to in the third subparagraph, the CSSF and the CAA shall supervise the

effective implementation of group-wide policies and procedures referred to in Article 4-1(1).

In the case of credit institutions and persons referred to in letters (a) to (e) and (g) of Article

1(3a) established in Luxembourg that are part of a group whose parent undertaking is

established in another Member State, the CSSF and the CAA shall cooperate with their

counterpart from the Member State in which the parent undertaking is established for the

purpose of supervising the effective implementation of the group-wide policies and procedures

referred to in Article 45(1) of Directive (EU) 2015/849.”

(3)

In the case of electronic money issuers as defined in point (3) of Article 2 of Directive

2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the

taking up, pursuit and prudential supervision of the business of electronic money institutions

amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC,

hereinafter referred to as “Directive 2009/110/EC”, and payment service providers as defined

in “point (11) of Article 4 of Directive (EU) 2015/2366”²⁶⁴, established in Luxembourg in forms

other than a branch and whose head office is situated in another Member State, the

supervision referred to in the first subparagraph of paragraph 2 may include the taking of

appropriate and proportionate measures on the basis of Article 8-4 to address serious failings

262

Law of 25 March 2020

263

264

42

that require immediate remedies. Those measures shall be temporary and be terminated when

the failings identified are addressed, including with the assistance of or in cooperation with

the supervisory authorities of the Member State in which the professionals have their head

office.

Electronic money issuers as defined in point (3) of Article 2 of Directive 2009/110/EC “,”²⁶⁵

payment service providers as defined in “point (11) of Article 4 of Directive (EU) 2015/2366”²⁶⁶

267

“and crypto-asset service providers”

established in Luxembourg in forms other than a

branch, and whose head office is situated in another Member State “and that fulfil at least one

of the criteria laid down in the measures implementing Article 45(9) of Directive (EU)

2015/849”²⁶⁸, shall appoint a central contact point in Luxembourg to ensure, on behalf of the

“entity operating on a cross-border basis” ²⁶⁹, compliance with anti-money laundering and

counter terrorist financing rules and to facilitate supervision by “the CSSF”²⁷⁰. The central

contact point in Luxembourg shall provide, on request, “the CSSF”²⁷¹with documents and

information necessary to exercise “its”²⁷²functions within the limits laid down in this law.

(4)

The supervisory authorities and self-regulatory bodies shall apply a risk-based approach to

supervision. When applying this approach, the supervisory authorities and self-regulatory

bodies shall:

(a) ensure that they have a clear understanding of the risks of money laundering and terrorist

financing present in Luxembourg;

(b) have on-site and off-site access to all relevant information on the specific domestic and

international risks associated with customers, products and services of the professionals;

and

“(c) base the frequency and intensity of on-site and off-site supervision of the professionals

on:

(i) the money laundering or terrorist financing risks and the policies, internal controls and

procedures associated with the professional or the group to which it belongs, as

identified by the assessment of the professional’s or group’s risk profile carried out by

the supervisory authority or self-regulatory body;

(ii)the characteristics of the professionals subject to this law and their financial group, in

particular the diversity and number of the professionals and the degree of discretion

allowed to them under the risk-based approach; and

(iii)

(Law of 25 February 2021)

“When assessing the risks of money laundering and terrorist financing, the supervisory

the money laundering and terrorist financing risks that exist in Luxembourg.”²⁷³

authorities and self-regulatory bodies shall take into account the factors of potentially higher-

risk situations set out in Annex IV.”

(5)

(6)

The assessment of the money laundering and terrorist financing risk profile of the

professionals, including the risks of non-compliance, shall be reviewed by the supervisory

authorities and self-regulatory bodies both periodically and when there are major events or

developments in their management and operations.

The supervisory authorities and self-regulatory bodies shall take into account the degree of

discretion allowed to the professionals, and appropriately review the risk assessments

underlying this discretion, and the adequacy and implementation of their internal policies,

controls and procedures.

265

Law of 6 February 2025

Law of 25 March 2020

Law of 6 February 2025

Law of 25 March 2020

Law of 6 February 2025

Law of 25 March 2020

Law of 25 February 2021

266

267

268

269

270

271

272

273

43

Article 8-2. Supervisory powers of the supervisory authorities

(1)

For the purposes of applying this law, the supervisory authorities shall have all the supervisory

and investigatory powers which are necessary to exercise their functions within the limits laid

down in this law.

The powers of the supervisory authorities referred to in the first subparagraph shall include

the right to:

(a) have access to any document in any form whatsoever, and to receive or take a copy of

it;

(b) request information from any person and, where applicable, summon any person subject

to their respective supervisory power in accordance with Article 2-1 and hear that person

to obtain information;

(c) carry out on-site inspections or investigations, including seize any document, electronic

file or other things that seem useful to ascertaining the truth, with the persons subject

to their respective supervisory power pursuant to Article 2-1;

(d) require the communication of recordings of telephone conversations, electronic

communications and data traffic records held by the persons subject to their respective

supervisory power in accordance with Article 2-1;

(e) enjoin from the persons subject to their respective supervisory powers in accordance with

Article 2-1 to cease, within such period as they may prescribe, any practice that is

contrary to Articles 2-2 to 5 “and 8-3(3)”²⁷⁴or their implementing measures and to desist

from repetition of that conduct;

(f) request the freezing or sequestration of assets with the President of the Tribunal

d’arrondissement (District Court) of Luxembourg deciding on request;

(g) impose temporary prohibition, for a period not exceeding 5 years, of professional

activities with respect to persons subject to the prudential supervision of the supervisory

authority concerned, as well as members of the management body, employees and tied

agents linked to these persons;

(h) require réviseurs d'entreprises (statutory auditors) and réviseurs d’entreprises agréés

(approved statutory auditors) of the persons subject to their respective supervisory

powers in accordance with Article 2-1 to provide information;

(i) refer information to the State Prosecutor for criminal prosecution;

(j) require réviseurs d'entreprises (statutory auditors), réviseurs d’entreprises agréés

(approved statutory auditors) or experts to carry out on-site verifications or

investigations of persons subject to their respective supervisory powers in accordance

with Article 2-1. These verifications and investigations are carried out at the expense of

the person concerned.

(2)

(3)

When imposing the injunction laid down in point (e) of paragraph 1, the supervisory authorities

may impose a coercive fine upon the professionals subject to this measure in order to compel

these persons to act upon the injunction. The amount of this coercive fine, on the grounds of

an observed failure to perform, may not be greater than EUR 1,250 per day, with the

understanding that the total amount imposed due to an observed failure to perform may not

exceed EUR 25,000.

In application of point (e) of paragraph 1, if the situation has not been remedied by the end

of the period prescribed by the supervisory authorities, the supervisory authority may, with

respect to persons subject to its prudential supervision:

(a) suspend the members of the management body or any other persons who, by their

actions, negligence or lack of prudence brought about the situation found to exist and

whose continued exercise of functions may prejudice the implementation of recovery or

reorganisation measures;

(b) suspend the exercise of voting rights attached to shares or units held by shareholders or

members whose influence is likely to operate to the detriment of the prudent and sound

management of the person or which are held responsible for the practice that is contrary

to Articles 2-2 to 5 “and 8-3(3)”²⁷⁵or their implementing measures;

274

Law of 25 March 2020

275

44

(c) suspend the pursuit of business by the person or, if the situation found to exist concerns

a particular area of activity, the pursuit of such activity.

(4)

The powers of the AED referred to in the first subparagraph of paragraph 1 include the right

to make use of all the databases of which it is responsible for the processing and to have at

its disposal all the information required for assessing if the professionals comply with their

professional obligations under this law.

For the purposes of the first subparagraph, the AED shall have access to the Registre de

Commerce et des Sociétés.

The Minister responsible for economy shall transmit to the AED on a monthly basis a list of

the professionals having an authorisation of establishment and subject to the supervisory

powers of the AED in accordance with Article 2-1(8).

(5)

In order to ensure the supervision of the professionals laid down in point (14a) of Article 2,

the AED and the Administration des douanes et accises shall cooperate closely and be

authorised to exchange information that is necessary for the fulfilment of their respective

duties.

(Law of 25 March 2020)

“Article 8-2a. Supervisory powers of the self-regulatory bodies

(1)

For the purposes of applying this law, the competent bodies within the self-regulatory bodies

shall have the following supervisory and investigatory powers:

(a)

to have access to any document in any form whatsoever, and to receive or take a copy

of it;

(b)

to request information from any person and, where applicable, summon any person

subject to their respective supervisory powers in accordance with Article 2-1 and hear

that person to obtain information;

(c)

(d)

(e)

to carry out on-site inspections or investigations, including seize any document,

electronic file or other things that seem useful to ascertaining the truth, of the persons

subject to their respective supervisory powers in accordance with Article 2-1;

to require the communication of recordings of telephone conversations or electronic

communications held by the persons subject to their respective supervisory powers in

accordance with Article 2-1;

to enjoin from the persons subject to their respective supervisory powers in accordance

with Article 2-1 to cease, within such period as they may prescribe, any practice that is

contrary to Articles 2-2 to 5 and 8-3(3) or to their implementing measures and to desist

from repetition of that practice;

(f)

to request the freezing or sequestration of assets with the President of the Tribunal

d’arrondissement (District Court) of Luxembourg deciding on request;

(g)

to impose, in case of serious failure to comply with the professional obligations and, if

particular circumstances so require, on a temporary basis, pending a disciplinary body’s

decision on the substance, the prohibition of professional activities against the persons

subject to the supervision of the self-regulatory body concerned, as well as against

members of the management body, their effective directors (dirigeants, members of

the authorised management) or other persons subject to their supervisory powers; this

prohibition shall cease ipso jure if the disciplinary body has not been referred to within

two months as from the day on which the measure was taken;

(h)

to require réviseurs d'entreprises (statutory auditors) and réviseurs d’entreprises

agréés (approved statutory auditors) of the persons subject to their respective

supervisory powers in accordance with Article 2-1 to provide information;

(i)

(j)

to refer information to the State Prosecutor for criminal prosecution;

to require réviseurs d'entreprises (statutory auditors), réviseurs d’entreprises agréés

(approved statutory auditors) or experts to carry out on-site verifications or

45

investigations of persons subject to their respective supervisory powers in accordance

with Article 2-1. These verifications and investigations shall be carried out at the

expense of the person concerned.

(2)

(3)

When imposing the injunction laid down in point (e) of paragraph 1, the competent bodies

within the self-regulatory bodies may impose a coercive fine on the professionals subject to

this measure in order to compel these persons to act upon the injunction. The amount of this

coercive fine, on the grounds of an observed failure to perform, may not be greater than EUR

1,250 per day, with the understanding that the total amount imposed due to an observed

failure to perform may not exceed EUR 25,000.

The Tribunal administratif (Administrative Tribunal) can undertake a full review of the merits

of the decision (recours en pleine jurisdiction) taken by the self-regulatory bodies in

application of this article. The case must be filed within one month from the date of notification

of the contested decision, or otherwise shall be time-barred.” “By way of derogation from the

legislation on procedure before administrative courts, there may not be more than one

pleading by each party, including the application initiating the proceedings. The reply pleading

must be provided within fifteen days as from the service of the application. The Court shall

take a decision within one month as from the bringing of the application.”²⁷⁶

Article 8-3. Reporting of breaches to the supervisory authorities “and to the self-

regulatory bodies”²⁷⁷

(1)

The supervisory authorities “and the self-regulatory bodies”²⁷⁸shall establish effective and

reliable mechanisms to encourage the reporting of potential or actual breaches of the

professional obligations as regards the fight against money laundering and terrorist financing

by the professionals subject to their respective supervisory powers in accordance with Article

2-1.

(Law of 25 March 2020)

“For that purpose, they shall provide the persons with one or more secure communication

channels for the reporting referred to in the first subparagraph. Such channels shall ensure

that the identity of persons providing information is known only to the supervisory authority

or self-regulatory body to which the information has been reported.”

(2)

The mechanisms referred to in paragraph 1 shall include at least:

(a) specific procedures for the receipt of reports on breaches and their follow-up;

(b) appropriate protection for employees or persons in a comparable position, of legal

persons subject to the supervision of the supervisory authorities “or the self-regulatory

bodies”²⁷⁹under Article 2-1 who report breaches committed within this entity;

(c) appropriate protection for the accused person;

(d) protection of personal data concerning both the person who reports the breaches and the

natural person who is allegedly responsible for the breach, in compliance with the

provisions of “Regulation (EU) 2016/679”²⁸⁰;

(e) clear rules that ensure that confidentiality is guaranteed in all cases in relation to the

person who reports the breaches referred to in paragraph 1, unless disclosure is required

by or pursuant to a law.

(Law of 25 March 2020)

“(3) Individuals, including employees and representatives of the professional may not be

subject to threats, retaliatory or hostile action, and in particular to adverse or discriminatory

employment actions due to the report of a suspicion of money laundering or terrorist financing

internally, to a supervisory authority or to a self-regulatory body.

Individuals who are exposed to threats, hostile actions, or adverse or discriminatory

employment actions for reporting suspicions of money laundering or terrorist financing

internally, to a supervisory authority or to a self-regulatory body are entitled to present a

276

277

278

279

280

Law of 25 February 2021

Law of 25 March 2020

46

complaint to the supervisory authority or self-regulatory body which has the power to

supervise the professional in accordance with Article 2-1.

Any contractual clause or any act contrary to the first subparagraph and, notably any

termination of the employment contract in breach of the provisions of the first subparagraph

shall be null and void.

In case the employment contract is terminated, the employee may seek the remedies provided

for in Article L.271-1(4) to (7) of the Labour Code.”

Section 2 - Administrative enforcement

Article 8-4. Administrative sanctions and other administrative measures

(1)

The supervisory authorities have the power to impose administrative sanctions and to take

other administrative measures laid down in paragraph 2 with respect to the professionals

subject to their respective supervisory powers in accordance with Article 2-1 which do not

comply with the (…)²⁸¹obligations laid down in Articles 2-2, 3, 3-1, 3-2, 3-3, 4, 4-1 and 5 “,

7-1(2) and (6) and 7-2(1)”²⁸²“and 8-3(3)”²⁸³or their implementing measures, as well as with

respect to the members of their executive bodies, effective directors (dirigeants, members of

the authorised management) or other persons responsible for the non-compliance by the

professionals with their obligations.

(2)

In the event of a breach referred to in paragraph 1, the supervisory authorities shall have the

power to impose the following administrative sanctions and to take the following

administrative measures:

(a) a warning;

(b) a reprimand;

(c) a public statement which identifies the natural or legal person and the nature of the

breach;

(d) where the professionals are subject to “registration or”²⁸⁴authorisation“, initiate the

procedure for”²⁸⁵the withdrawal or suspension of that “registration or”²⁸⁶authorisation;

(e) a temporary ban, imposed by the CSSF and the CAA, for a period not exceeding 5 years:

(i) to exercise a professional activity of the financial sector or to carry out one or several

transactions with respect to the persons subject to their respective supervisory

powers in accordance with Article 2-1; or

(ii) to exercise managerial functions within the professionals subject to their respective

supervisory powers in accordance with Article 2-1 with respect to any person

discharging managerial responsibilities within such professionals or any other natural

person held liable for the breach;

(f) maximum administrative fines of twice the amount of the benefit derived from the breach,

where that benefit can be determined, or EUR 1,000,000 at the most.

In the cases referred in the first subparagraph, the AED shall cooperate closely with the

Minister responsible for economy. Based on the reasoned opinion of the Director of the AED,

the Minister of Economy shall decide the final or temporary withdrawal of the authorisation of

establishment, until the Director of the AED issues a new opinion, as soon as the non-

compliance with the provisions referred to in paragraph 1 affect the director’s (dirigeant,

member of the authorised management) professional standing.

(Law of 25 February 2021)

“Where the professional is a provider of gambling services, the AED shall cooperate closely

with the Minister of Justice. Based on the reasoned opinion of the Director of the AED, the

Minister of Justice shall decide the final or temporary withdrawal of the operating

281

282

Law of 25 March 2020

Law of 25 March 2020 establishing a central electronic data retrieval system related to IBAN accounts and

safe-deposit boxes

283

Law of 25 March 2020

284

285

286

47

authorisation, until the Director of the AED issues a new opinion, as soon as the non-

compliance with the provisions referred to in paragraph 1 affect the director’s (dirigeant,

member of the authorised management) professional standing.”

(3)

Where the professionals concerned are credit institutions or financial institutions, the

maximum administrative fine referred to in point (f) of paragraph 2 shall amount to:

(a) in the case of legal persons, EUR 5,000,000 or 10 % of the total annual turnover according

to the latest available accounts approved by the management body; where the

professionals are parent undertakings or subsidiaries of a parent undertaking required to

prepare consolidated financial accounts in accordance with Article 22 of Directive

2013/34/EU, the relevant total annual turnover shall be the total annual turnover or the

corresponding type of income in accordance with the relevant accounting directives

according to the last available consolidated accounts approved by the management body

of the ultimate parent undertaking;

(b) in the case of natural persons, EUR 5,000,000.

(4)

The supervisory authority may impose an administrative sanction of between EUR 250 and

EUR 250,000 on the natural and legal persons obstructing the application of their powers laid

down in Articles 8-2(1), failing to act in response to injunctions issued pursuant to point (e)

of Article 8-2(1), or purposefully providing it with documents or other information that are

incomplete, incorrect or false following a request based on Article 8-2(1).

(Law of 25 March 2020)

“The supervisory authorities may impose an administrative fine of between EUR 250 and EUR

250,000 on the professionals subject to their supervisory powers in accordance with Article 2-

1 which did not comply with the provisions of the third subparagraph of Article 5(4) and of the

first subparagraph of Article 8-3(3), as well as on the members of their management bodies,

their effective directors (dirigeants, members of the authorised management) or other persons

responsible for the non-compliance with these provisions.”

(5)

The expenses for the forced recovery of sanctions shall be borne by the persons on whom the

sanctions are imposed.

Article 8-5. Exercise of the sanction powers

(1)

When determining the type and level of administrative sanctions, the supervisory authorities

shall take into account all relevant circumstances, including, where applicable:

(a) the gravity and the duration of the breach;

(b) the degree of responsibility of the natural or legal person held responsible for the breach;

(c) the financial situation of the natural or legal person held responsible for the breach, as

indicated for example by the total turnover of the legal person held responsible or the

annual income of the natural person held responsible;

(d) the benefit derived from the breach by the natural or legal person held responsible,

insofar as it can be determined;

(e) the losses to third parties caused by the breach, insofar as they can be determined;

(f) the level of cooperation of the natural or legal person held responsible for the breach with

the supervisory authorities“, the self-regulatory bodies”²⁸⁷and the Financial Intelligence

Unit;

(g) previous breaches by the natural or legal person held responsible;

(h) any potential systemic consequences of the offence.

(2)

In the exercise of their powers to impose administrative sanctions and measures, the

supervisory authorities shall cooperate closely “among themselves, with the self-regulatory

bodies and with their foreign counterparts”²⁸⁸in order to ensure that those administrative

sanctions or measures produce the desired results and coordinate their action when dealing

with cross-border cases.

287

Law of 25 March 2020

288

48

Article 8-6. Publication of the decisions by the supervisory authorities

(1)

The supervisory authorities shall publish any decision, into force (force de chose décidée) or

which has become res judicata (force de chose jugée) and imposing an administrative sanction

or measure for breach of the provisions referred to in Article 8-4(1), on their official website

immediately after the person sanctioned is informed of that decision. The publication shall

include information on the type and nature of the breach and the identity of the persons

responsible.

The supervisory authorities shall assess on a case-by-case basis the proportionality of the

publication of the identity or personal data of the persons responsible referred to in the first

subparagraph. Where they consider this publication as disproportionate or where this

publication jeopardises the stability of financial markets or an ongoing investigation, the

supervisory authorities shall:

(a) delay the publication of the decision to impose an administrative sanction or measure

until the moment at which the reasons for not publishing it cease to exist;

(b) publish the decision to impose an administrative sanction or measure on an anonymous

basis (…)²⁸⁹, if such anonymous publication ensures an effective protection of the

personal data concerned; in the case of a decision to publish an administrative sanction

or measure on an anonymous basis, the publication of the relevant data may be

postponed for a reasonable period of time if it is foreseen that within that period the

reasons for anonymous publication shall cease to exist;

(c) not publish the decision to impose an administrative sanction or measure at all in the

event that the options set out in points (a) and (b) are considered insufficient to ensure:

(i) that the stability of financial markets would not be put in jeopardy; or

(ii) the proportionality of the publication of the decision with regard to measures which

are deemed to be of a minor nature.

(2)

The supervisory authorities shall ensure that any publication in accordance with this article

shall remain on their official website for a period of five years after its publication. However,

personal data contained in the publication shall only be kept on the official website of the

supervisory authority for a period of 12 months at the most.

Article 8-7. Administrative remedies

The Tribunal administratif (Administrative Tribunal) can undertake a full review of the merits of the

decision taken by the supervisory authorities in connection with this chapter. The case must be filed

within one month from the date of notification of the contested decision, or otherwise shall be time-

barred.

Article 8-8. Informing the European Supervisory Authorities

The supervisory authorities shall inform the European Supervisory Authorities of all administrative

sanctions and measures imposed on credit institutions and financial institutions in accordance with

Article 8-4, including of any remedy in relation thereto and the outcome thereof.

The supervisory authorities shall check the existence of a relevant conviction in the criminal record

of the person concerned. Any exchange of information for those purposes shall be carried out in

accordance with the Law of 29 March 2013 on the organisation of the criminal record, as amended.

Article 8-9. Recovery of pecuniary sanctions by the AED

(1)

For the recovery of debts resulting from administrative sanctions and other measures which

it imposed in accordance with this law, the AED shall have the following means available:

(a) the right of enforcement by administrative constraint;

(b) the right to register a mortgage pursuant to the administrative constraint;

(c) the right to issue a third-party debt order (sommation à tiers détenteur) in accordance

with Article 8 of the Law of 27 November 1933 on the recovery of direct contributions,

excise duties on spirits and social security contributions, as amended.

289

Law of 25 March 2020

49

(2)

(3)

The first act in the proceedings for the debt recovery by the AED pursuant to this law shall be

a constraint issued by the receiver of the Bureau de recette in charge of its recovery or by his

representative. The constraint shall be endorsed and rendered enforceable by the Director of

the AED or his representative. It shall be served by writ of a bailiff or by an agent of the AED

or by post. Legal interests shall be due as from the day on which the constraint is served.

The enforcement of the constraint may only be interrupted by reasoned opposition with a

summons to appear on a determined date (assignation à jour fixe) before the Luxembourg

Tribunal d’arrondissement (District Court), sitting in civil matters. The writ containing the

opposition shall be served on the State in the person of the civil servant who has issued the

constraint. The opposition to the constraint may only be based on the nullity for defect in form

(nullités de forme) either of the constraint or of the order or on the causes for the

extinguishment of debt.

(4)

(5)

In case of distraint (saisie-exécution), the proceedings are carried out by a bailiff or an agent

of the AED in accordance with the New Code of Civil Procedure.

Acts to proceedings, including the constraints and commands, acts of seizure and procedural

documents to which the debt recovery of the AED gives rise, shall be exempt from the stamp

and registration duties and formalities.”

(Law of 25 March 2020)

“Section 3 - Enforcement by the self-regulatory bodies

Article 8-10. Sanctions and other enforcement measures

(1)

The competent bodies of self-regulatory bodies shall have the power to impose the sanctions

and take the other measures laid down in paragraph 2 on the professionals subject to their

respective supervisory powers in accordance with Article 2-1 which do not comply with the

obligations laid down in Articles 2-2, 3, 3-1, 3-2, 3-3, 4, 4-1, 5 and 8-3(3) or in their

implementing measures, as well as on members of their management bodies, their effective

directors (dirigeants, members of the authorised management) or other persons subject to

their supervisory powers who are responsible for the non-compliance by the professional with

its obligations.

(2)

In case of breach of the provisions referred to in paragraph 1, the competent bodies within

the self-regulatory bodies shall have the power to impose the following sanctions and to take

the following measures:

(a)

(b)

(c)

a warning;

a reprimand;

a public statement which identifies the natural or legal person and the nature of the

breach;

(d)

a temporary ban for a period not exceeding five years:

(i)

from carrying out one or more of the activities listed in Article 1(8) and in point

(12) of Article 2(1);

(ii)

from exercising managerial functions in the professionals subject to their

respective supervisory powers in accordance with Article 2-1 against any person

discharging managerial responsibilities in such professional or any other natural

person held responsible for the breach;

(e)

a temporary suspension for a period not exceeding five years of the right to practice

the profession;

(f)

a lifelong ban from practising the profession or the dismissal;

(g)

a fine of up to twice the amount of the benefit derived from the breach, where that

benefit can be determined, or EUR 1,000,000 at the most.

(3)

The competent bodies within the self-regulatory bodies may impose a fine of between EUR

250 and EUR 250,000 against the persons subject to their supervisory powers obstructing the

application of their powers laid down in Article 8-2a(1), failing to act in response to injunctions

50

issued pursuant to point (e) of Article 8-2a(1), or purposefully providing them with documents

or other information that are incomplete, incorrect or false following a request based on Article

8-2a(1).

The self-regulatory bodies may impose a fine of between EUR 250 and EUR 250,000 on the

professionals subject to their supervisory powers in accordance with Article 2-1 which did not

comply with the prohibition laid down in the first subparagraph of Article 8-3(3), as well as on

the members of their management bodies, their effective directors (dirigeants, members of

the authorised management) or other persons responsible for the non-compliance with this

prohibition.

Article 8-11. Exercise of the sanction powers

(1)

When determining the type and level of the sanctions, the self-regulatory bodies shall take

into account all relevant circumstances, including, where applicable:

(a)

(b)

(c)

the gravity and duration of the breach;

the degree of responsibility of the person held responsible for the breach;

the financial situation of the person held responsible for the breach, as indicated for

example by the total turnover of the legal person held responsible or the annual income

of the natural person held responsible;

(d)

the benefit derived from the breach by the person held responsible, insofar as it can be

determined;

(e)

(f)

the losses to third parties caused by the breach, insofar as they can be determined;

the level of cooperation of the person held responsible for the breach with the self-

regulatory bodies, the supervisory authorities and the FIU;

(g)

(h)

previous breaches by the person held responsible;

any potential systemic consequences of the breach.

(2)

In the exercise of their powers to impose sanctions and other measures, the self-regulatory

bodies shall cooperate closely among themselves, with the supervisory authorities and with

their foreign counterparts in order to ensure that those administrative sanctions or measures

produce the desired results and coordinate their action when dealing with cross-border cases.

Article 8-12. Publication of the decisions by the self-regulatory bodies

(1)

(2)

The self-regulatory bodies shall publish any decision, into force (force de chose décidée) or

which has become res judicata (force de chose jugée) and imposing a enforcement sanction

or measure for breach of the provisions referred to in Article 8-10(1), on their official website

immediately after the person sanctioned has been informed of that decision. The publication

shall include information on the type and nature of the breach and the identity of the persons

responsible.

The self-regulatory bodies shall assess, on a case-by-case basis, the proportionality of the

publication of the identity or personal data of the persons responsible referred to in the first

subparagraph. Where they consider this publication as disproportionate or where this

publication jeopardises the stability of financial markets or an ongoing investigation, the self-

regulatory bodies shall:

(a)

delay the publication of the decision to impose an administrative sanction or measure

until the moment at which the reasons for not publishing it cease to exist;

(b)

publish the decision to impose a sanction or enforcement measure on an anonymous

basis, if such anonymous publication ensures an effective protection of the personal

data concerned; in the case of a decision to publish a sanction or enforcement measure

on an anonymous basis, the publication of the relevant data may be postponed for a

reasonable period of time if it is foreseen that by the end of that period the reasons for

anonymous publication shall cease to exist;

(c)

not publish the decision to impose a sanction or enforcement measure at all, in the

event that the options set out in points (a) and (b) are considered insufficient to ensure:

51

(i)

that the stability of financial markets would not be put in jeopardy; or

(ii)

the proportionality of the publication of the decision with regard to the measures

which are deemed to be of a minor nature.

(3)

The self-regulatory bodies shall ensure that any publication in accordance with this article

shall remain on their official website for a period of five years after its publication. However,

personal data contained in the publication shall only be kept on the official website of the self-

regulatory body for a maximum period of 12 months.

Article 8-13. Recovery of fines, coercive fines and other expenses

(1)

In the case of a fine referred to in Article 8-10 or a coercive fine referred to in Article 8-2a(2),

the expenses for the forced recovery of fines shall be borne by the sanctioned person.

(2)

(3)

The fines, coercive fines or expenses referred to in paragraph 1 shall be recovered by the AED.

The amount of the fines, coercive fines or expenses referred to in paragraph 1 shall go to the

Trésorerie de l’État. By way of derogation from the first subparagraph, 50% of this amount

shall go to the respective self-regulatory body, with the understanding that the amount going

to the self-regulatory body may not exceed EUR 50,000.

Article 8-14. Annual report

Self-regulatory bodies shall publish an annual report containing information about:

(a)

(b)

(c)

the measures taken in the framework of this section;

the number of reports of breaches received as referred to in Article 8-3, where applicable;

the number of reports received by the self-regulatory body in the framework of Articles 5 and

7 and the number of reports forwarded by the self-regulatory body to the FIU, where

applicable;

(d)

where applicable, the number and description of measures taken in the framework of Section

1 of this chapter to monitor compliance by the professionals subject to their respective

supervisory powers with their obligations under the following articles:

(i)

Articles 2-2, 3, 3-1 and 3-2 (customer due diligence);

Article 5 (suspicious transaction reporting);

(ii)

(iii) Article 3(6) (record-keeping);

(iv) Articles 4 and 4-1 (internal control).”

Chapter 4: Criminal sanctions

Article 9.

(Law of 27 October 2010) “A fine of between “EUR 12,500 and EUR 5,000,000”²⁹⁰shall be imposed

on any person who knowingly contravenes the provisions of “Articles 2-2, 3, 3-1, 3-2, 3-3, 4, 4-1

“,”²⁹¹5”²⁹²“, 7-1(2) and (6)“,”²⁹³7-2(1) “and 8-3(3)”²⁹⁴.”²⁹⁵

290

Law of 13 February 2018

291

Law of 25 March 2020 establishing a central electronic data retrieval system related to IBAN accounts and

safe-deposit boxes

292

Law of 13 February 2018

Law of 25 February 2021

293

294

295

Law of 25 March 2020 establishing a central electronic data retrieval system related to IBAN accounts and

safe-deposit boxes

52

“TITLE I-1

“National and international cooperation”²⁹⁶

(Law of 25 March 2020)

“Chapter 1: National cooperation”²⁹⁷

“Article 9-1.

Cooperation between “the FIU,”²⁹⁸the supervisory authorities and “the

self-regulatory bodies”²⁹⁹

“The FIU, the”³⁰⁰supervisory authorities and “the self-regulatory bodies”³⁰¹shall cooperate closely

“among themselves”³⁰². (…)³⁰³

For the purposes of the first subparagraph, “the FIU, the supervisory authorities and the self-

regulatory bodies”³⁰⁴are authorised to exchange information that is necessary for the fulfilment of

their respective duties in the framework of the fight against money laundering and terrorist

financing. “The FIU, the supervisory authorities and the self-regulatory bodies”³⁰⁵shall use the

exchanged information solely to carry out these duties.”³⁰⁶

”

(Law of 25 February 2021)

“The exchange of information shall be subject to the condition that the information is used only for

the purposes for which it was sought or provided, unless prior and express authorisation by the

person which supplied the information to use it for other purposes. Similarly, any use of information

for other purposes or for purposes beyond those originally approved shall require prior and express

consent from the person which supplied the information.

Without prejudice to cases covered by criminal law, the person receiving the information may not

disseminate it to another person without the prior and express consent of the person which supplied

the information.

The exchanged information shall be protected by the professional secrecy provided for in Article 458

of the Penal Code or, where applicable, by the professional secrecy provided for in a special law. The

self-regulatory bodies must duly permit the persons which, for the purposes of this law, process the

exchanged information. These persons shall remain subject to secrecy, even after the end of their

permission.

The réviseurs (auditors) and experts mandated by the supervisory authorities or self-regulatory

bodies shall be subject to the same professional secrecy, including after the end of their mandate.”

(Law of 25 March 2020)

“Article 9-1a. Cooperation between the CSSF and the CAA acting for the purposes of

combating money laundering and terrorist financing and for the purposes of the

prudential supervision of credit institutions and financial institutions or the supervision

of financial markets

(1)

Without prejudice to Article 9-1 and to other laws governing national cooperation between the

financial sector supervisory authorities, the CSSF and the CAA shall closely cooperate and

exchange information among themselves or between their respective departments for the

purposes of combating money laundering and terrorist financing as well as for the purposes

of other legislative acts relating to the regulation and prudential supervision of credit

institutions and financial institutions or relating to the supervision of financial markets.

296

Law of 25 March 2020

Law of 25 February 2021

Law of 13 February 2018

297

298

299

300

301

302

303

304

305

306

53

(2)

(3)

All persons who, for the purposes of this law, are working or have worked for the CSSF and

the CAA and the réviseurs (auditors) or experts acting on behalf of them, shall be bound by

the obligation of professional secrecy.

Without prejudice to cases covered by criminal law, confidential information which the persons

referred to in the first subparagraph receive in the course of their duties, under this law, may

be disclosed only in summary or aggregate form, in such a way that individual credit

institutions and financial institutions cannot be identified.

The CSSF, the CAA receiving confidential information shall only use it:

(a)

in the discharge of their duties, under this law or under other legislative acts, in the

field of anti-money laundering and counter terrorist financing, of the regulation and

prudential supervision of credit institutions and financial institutions and of the

supervision of financial markets, including sanctioning;

(b)

(c)

in an appeal against a decision of the CSSF or the CAA, including court proceedings; or

in court proceedings initiated pursuant to special provisions provided for in the European

Union law adopted in the field of Directive (EU) 2015/849 or in the field of the regulation

and prudential supervision of credit institutions and financial institutions as well as of

the supervision of financial markets.

Any dissemination of this information by the receiving supervisory authority or department to

other authorities, departments or third parties, or any use of this information for other

purposes or for purposes beyond those originally approved shall be subject to prior

authorisation by the authority or department which supplied it.”

(Law of 20 May 2021)

“Article 9-1b. National cooperation between the CSSF, in its capacity as supervisory

authority, the FIU and the supervisory authorities

The CSSF, in its capacity as competent authority for the purposes of Article 42 of the Law of 5

April 1993 on the financial sector, as amended, the FIU and the supervisory authorities shall

cooperate closely with each other within their respective competences and shall provide each other

with information relevant for their respective tasks under this law, the Law of 5 April 1993 on the

financial sector, as amended, and Regulation (EU) No 575/2013 of the European Parliament and

of the Council of 26 June 2013 on prudential requirements for credit institutions and investment

firms and amending Regulation (EU) No 648/2012, hereinafter “Regulation No 2013/575”,

provided that such cooperation and information exchange do not impinge on an on-going inquiry,

investigation or proceedings.”

(Law of 4 December 2024)

“Article 9-1c. Committee on the prevention of money laundering and terrorist financing

(1)

A Committee on the prevention of money laundering and terrorist financing, hereinafter

“ML/TF Prevention Committee”, is hereby established under the authority of the Minister

responsible for the fight against money laundering and terrorist financing. The ML/TF

Prevention Committee shall:

1°

2°

3°

constitute a multi-disciplinary round table for exchanges on the fight against money

laundering and terrorist financing;

contribute to the development, coordination and assessment of the national policies and

strategies relating to the prevention of money laundering and terrorist financing;

coordinate the development and update of the national risk assessment and of the

sectoral risk assessments to identify, assess and understand the risks of money

laundering and terrorist financing to which the Grand Duchy of Luxembourg is exposed,

and ensure its adequate dissemination;

4°

propose adjustments to the national anti-money laundering and combating the

financing of terrorism legal and regulatory framework, in terms of both prevention and

suppression, as well as any measure relating to the management and mitigation of

money laundering and terrorist financing risks;

54

5°

6°

draft guidelines promoting a harmonised implementation of the anti-money laundering

and combating the financing of terrorism framework, within the limits of the laws and

regulations relating to the fight against money laundering and terrorist financing;

ensure adequate dissemination of knowledge concerning the prevention of money

laundering and terrorist financing.

(2)

The composition and functioning of the ML/TF Prevention Committee shall be laid down by

grand-ducal regulation.”

(Law of 25 March 2020)

“Chapter 2: International cooperation”

(Law of 13 February 2018)

“Article 9-2. Cooperation with the European Supervisory Authorities

“The supervisory authorities”³⁰⁷“provide”³⁰⁸the European Supervisory Authorities with all the

information that they have in the framework of their duties laid down in Article 2-1 and that are

necessary to allow the European Supervisory Authorities to carry out their duties under Directive

(EU) 2015/849.

“The supervisory authorities”³⁰⁹shall inform the ESAs of instances in which a third country's law

does not permit the implementation of the policies and procedures required under Article 4-1(1).”

“In such case, coordinated actions may be taken to pursue a solution. In the assessing which third

countries do not permit the implementation of the policies and procedures required under Article 4-

1(1), “the supervisory authorities”³¹⁰shall take into account any legal constraints that may hinder

proper implementation of those policies and procedures, including secrecy, data protection and other

constraints limiting the exchange of information that may be relevant for that purpose.”³¹¹

(Law of 25 March 2020 establishing a central electronic data retrieval system related to IBAN accounts and safe-

deposit boxes)

“Where, in the context of the prudential supervision of a CRR institution within the meaning of

paragraph (11a) of Article 1 of the Law of 5 April 1993 on the financial sector, as amended, a review,

in particular the evaluation of the governance arrangements and the business model, or the activities

of that institution, gives the CSSF reasonable grounds to suspect that, in connection with that

institution, money laundering or terrorist financing is being or has been committed or attempted, or

there is an increased risk thereof, the CSSF shall immediately notify the European Banking Authority.

In the event of an increased risk of money laundering or terrorist financing, the CSSF shall

immediately notify its assessment to the European Banking Authority. This subparagraph shall be

without prejudice to other measures taken by the CSSF in the context of the prudential supervisory

tasks conferred on it. For the purpose of this subparagraph, the CSSF shall ensure that the

departments in charge of prudential supervision and the fight against money laundering and terrorist

financing cooperate and inform each other in accordance with Article 9-1a. Similarly, the CSSF shall,

pursuant to Article 9-2b, consult with the European Central Bank acting in accordance with

Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central

Bank concerning policies relating to the prudential supervision of credit institutions. They shall

immediately communicate their common assessment to the European Banking Authority.”

(Law of 25 March 2020)

“Article 9-2a. Cooperation of the supervisory authorities with their foreign counterpart

authorities

(1)

The supervisory authorities shall cooperate with their foreign counterpart authorities where

necessary to perform their respective tasks and for the purposes of combating money

laundering and terrorist financing, of Directive (EU) 2015/849, of this law or of their

implementing measures. Foreign counterpart authorities refer to counterparts from other

307

Law of 25 February 2021

308

Law of 25 March 2020 establishing a central electronic data retrieval system related to IBAN accounts and

safe-deposit boxes

309

Law of 25 February 2021

Law of 25 March 2020

310

311

55

Member States or third countries which are competent to discharge similar responsibilities and

exercise similar functions in the framework of a cooperation request, including where the

nature or status of these foreign competent authorities is different. The supervisory authorities

shall lend assistance to the foreign counterpart authorities, in particular by exchanging

information and cooperating in investigations.

(2)

Upon request, the supervisory authorities shall communicate, on a timely basis, any

information required for the purpose referred to in paragraph 1.

Before acting on the information request, the requested supervisory authority shall verify that

the information request includes complete factual and, as appropriate, legal information as

well as information on the urgency degree and foreseen use of the information requested.

Where appropriate, the requested supervisory authority may ask the requesting counterpart

authority to provide feedback on the use and usefulness of the information requested.

Where the supervisory authority receives an information request complying with the preceding

subparagraph, it shall, without delay, take the necessary measures to collect the information

requested by using the powers conferred on it by law. If the supervisory authority cannot

provide the requested information on time, it shall notify the reasons thereof to the requesting

counterpart authority.

(3)

(4)

Where the supervisory authority is convinced that acts contrary to the provisions of this law

are being, or have been, carried out in a Member State or third country, or that acts carried

out in Luxembourg breach the provisions of Directive (EU) 2015/849 or the national legislation

applicable in a Member State or third country which provides for similar provisions and

prohibitions regarding the fight against money laundering and terrorist financing, it shall give

notice of that fact, in as specific a manner as possible, to the counterpart authority from the

Member State or third country concerned.

The communication of information by the supervisory authorities to a foreign counterpart

authority shall be subject to the following conditions:

(a)

(b)

the communicated information is necessary and intended for the performance of the

task of the authority receiving it under Directive (EU) 2015/849 or under the national

legislation of this authority relating to the fight against money laundering and terrorist

financing;

the communicated information is subject to the professional secrecy of the receiving

authority and the professional secrecy of this authority offers guarantees at least

equivalent to those to which the supervisory authorities are subject, in particular with

respect to the persons working for them in accordance with Article 9-1a(2);

(c)

(d)

the authority receiving information from the supervisory authority may use it only for

the purpose for which it was supplied to it and must be able to ensure that it will not be

used for any other purpose;

where this information comes from other national supervisory authorities, other national

authorities or national bodies bound by professional secrecy or from other foreign

counterpart authorities, the disclosure can only be made with the explicit consent of

these authorities or bodies and, where appropriate, solely for the purposes for which

these authorities or bodies gave their consent.

(5)

(6)

When making a request for cooperation to their foreign counterpart authorities, the

supervisory authorities shall make their best efforts to provide complete factual and, as

appropriate, legal information as well as information on the urgency degree and foreseen use

of the information requested. Upon request, the requesting supervisory authorities shall

provide feedback to the requested counterpart authority on the use and usefulness of the

information obtained.

Without prejudice to its requirements in the framework of judicial proceedings under criminal

law, the supervisory authorities receiving confidential information from a foreign counterpart

authority may only use this information for the purpose for which it was sought or provided.

In particular, this information may only be used:

56

(a)

in the discharge of their duties under this law, under Directive (EU) 2015/849 or under

other legislative acts in the field of anti-money laundering and counter terrorist

financing;

(b)

(c)

in an appeal against a decision of the supervisory authority, including court proceedings;

or

in court proceedings initiated pursuant to special provisions provided for in the European

Union law adopted in the field of this law.

Any dissemination of the information for administrative, judicial, investigative or prosecutorial

purposes, beyond those originally approved, shall be subject to prior authorisation by the

requested authority.

(7)

The supervisory authorities shall maintain appropriate confidentiality for any request for

cooperation and the information exchanged, in order to protect the integrity of the

investigation or inquiry, consistent with both parties’ obligations concerning privacy and data

protection. The supervisory authorities shall protect exchanged information in the same

manner as they would protect similar information received from domestic sources. Exchange

of information shall take place in a secure way, and through reliable channels or mechanisms.

(Law of 29 July 2022)

“(8) The supervisory authorities may request that foreign counterpart authorities carry out an

investigation or on-site inspection on the territory of this foreign counterpart authority.

Subject to the consent of their foreign counterpart authorities, staff of the supervisory

authorities may participate in, or carry out the investigation or on-site inspection abroad.

(9)

The supervisory authorities may act on a duly reasoned and substantiated request from a

foreign counterpart authority to carry out an investigation or on-site inspection, in the

framework of their duties in the field of anti-money laundering and counter terrorist financing,

of persons subject to their respective supervisory powers, in accordance with Article 2-1,

established in the Grand Duchy of Luxembourg, subject to the following conditions:

1. the investigation or on-site inspection does not adversely affect the sovereignty, security

or public policy of the State of Luxembourg;

2. the investigation or on-site inspection is not likely to impede proceedings initiated in

Luxembourg in respect of the same facts and against the same persons;

3. no final judgement has been delivered in relation to such persons for the same facts in

Luxembourg;

4. the requesting authority grants the same right to the supervisory authority; and

5. the requesting authority provides guarantees of professional secrecy that are at least

equivalent to the professional secrecy to which the supervisory authority is subject.

The supervisory authority may, upon request, authorise the presence of staff of the requesting

authority during the investigation or on-site inspection. The investigation or on-site inspection

shall, however, be subject to the oversight of the supervisory authority. Where the supervisory

authority is not able to act on such a request, it shall inform the requesting counterpart

authority thereof in as detailed a manner as possible.”

Article 9-2b. Cooperation of the supervisory authorities and the self-regulatory bodies

with their foreign counterpart authorities

The supervisory authorities and the self-regulatory bodies shall not refuse a request for assistance

from a foreign counterpart authority on the grounds that:

(a)

(b)

the request is also considered to involve tax matters;

the law requires the professionals to maintain secrecy or confidentiality, except in those cases

where the relevant information that is sought is protected by legal privilege or where legal

professional secrecy applies, as described in Article 7(1);

(c)

(d)

there is an inquiry, investigation or proceeding underway in Luxembourg, unless the

assistance would impede that inquiry, investigation or proceeding;

the nature or status of the requesting counterpart authority is different from that of the

requested supervisory authority.

57

Article 9-2c. Cooperation of the CSSF and the CAA with their foreign counterpart

authorities acting for the purposes of combating money laundering and terrorist financing

and for the purposes of the prudential supervision of credit institutions and financial

institutions or the supervision of financial markets

(1)

Without prejudice to Article 9-2a and to other provisions governing international cooperation

between the financial sector supervisory authorities, the CSSF and the CAA shall closely

cooperate with their foreign counterpart authorities where necessary to perform their

respective tasks and for the purposes of combating money laundering and terrorist financing,

of Directive (EU) 2015/849, of this law or of their implementing measures as well as for the

purposes of other legislative acts relating to the regulation and prudential supervision of credit

institutions and financial institutions or relating to the supervision of financial markets. Foreign

counterpart authorities refer to counterparts from other Member States or third countries

which are competent to discharge similar responsibilities and exercise similar functions in the

framework of a cooperation request, including where the nature or status of these foreign

competent authorities is different.

The CSSF and the CAA shall lend assistance to the foreign counterpart authorities, in particular

by exchanging information and cooperating in investigations. They shall also exchange

information and cooperate with the European Central Bank acting in accordance with Council

Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European

Central Bank concerning policies relating to the prudential supervision of credit institutions.

(2)

Upon request, the CSSF and the CAA shall communicate any information required for the

purpose referred to in paragraph 1.

Before acting on the information request, the requested authority shall verify that the

information request includes complete factual and, as appropriate, legal information as well

as information on the urgency degree and foreseen use of the information requested. Where

appropriate, the requested authority may ask the requesting counterpart authority to provide

feedback on the use and usefulness of the information requested.

Where the supervisory authority receives an information request complying with the preceding

subparagraph, it shall, without delay, take the necessary measures to collect the information

requested by using its powers conferred on it by law. If the requested authority cannot provide

the requested information on time, it shall notify the reasons thereof to the requesting

counterpart authority.

(3)

The communication of information by the CSSF or the CAA to a foreign counterpart authority

shall be subject to the following conditions:

(a)

the communicated information is necessary and intended for the performance of the

task of the authority receiving it under Directive (EU) 2015/849 or under the national

legislation of this authority relating to the fight against money laundering and terrorist

financing or relating to the regulation and prudential supervision of credit institutions

and financial institutions as well as the supervision of financial markets;

(b)

the communicated information is subject to the professional secrecy of the receiving

authority and the professional secrecy of this authority offers guarantees at least

equivalent to those to which the CSSF and the CAA are subject, in particular with respect

to the persons working for them in accordance with Article 9-1a(2);

(c)

(d)

the authority receiving information from the supervisory authority may use it only for

the purpose for which it was supplied to it and must be able to ensure that it will not be

used for any other purpose;

where this information comes from other national supervisory authorities, other national

authorities or national bodies bound by professional secrecy or from other foreign

counterpart authorities, the disclosure can only be made with the explicit consent of

these authorities or bodies and, where appropriate, solely for the purposes for which

these authorities or bodies gave their consent.

(4)

The provisions of Article 9-2a(5) shall apply.

58

(5)

(6)

When making a request for cooperation to their foreign counterpart authorities, the CSSF or

the CAA shall make their best efforts to provide complete factual and, as appropriate, legal

information as well as information on the urgency degree and foreseen use of the information

requested. Upon request, they shall provide feedback to the requested counterpart authority

on the use and usefulness of the information obtained.

Without prejudice to the provisions applicable with respect to professional secrecy referred to

in Article 9-1a(2), the CSSF and the CAA receiving confidential information may only use it:

(a)

in the discharge of their duties under this law or under other legislative acts in the field

of anti-money laundering and counter terrorist financing, of the regulation and

prudential supervision of credit institutions and financial institutions and the supervision

of financial markets, including sanctioning;

(b)

(c)

in an appeal against a decision of the CSSF or the CAA, including court proceedings; or

in court proceedings initiated pursuant to special provisions provided for in the European

Union law adopted in the field of Directive (EU) 2015/849 or in the field of the regulation

and prudential supervision of credit institutions and financial institutions as well as of

the supervision of financial markets.

Any dissemination of this information by the receiving supervisory authority to other

authorities or third parties, or any use of this information for other purposes or for purposes

beyond those originally approved shall be subject to prior authorisation by the authority which

communicated it.

(7)

The CSSF and the CAA shall be empowered to conclude cooperation agreements providing for

collaboration and exchanges of confidential information with their counterpart authorities from

third countries. Such cooperation agreements shall be concluded on the basis of reciprocity

and only if the information disclosed is subject to guarantees of professional secrecy

requirements at least equivalent to the professional secrecy referred to in Article 9-1a(2).

Confidential information exchanged according to those cooperation agreements shall be used

for the purpose of performing the supervisory tasks of those authorities.

Where the information exchanged originates from an authority of another Member State, it

shall only be disclosed with the explicit consent of the authority which shared it and, where

appropriate, solely for the purposes for which that authority gave its consent.

(8)

(9)

The CSSF and the CAA shall maintain appropriate confidentiality for any request for

cooperation and the information exchanged, in order to protect the integrity of the

investigation or inquiry, consistent with both parties’ obligations concerning privacy and data

protection. The CSSF and the CAA shall protect exchanged information in the same manner

as they would protect similar information received from domestic sources. Exchange of

information shall take place in a secure way, and through reliable channels or mechanisms.

The CSSF and the CAA may exchange notably, the following types of information when

relevant for the purposes of the fight against money laundering and terrorist financing with

their foreign counterpart authorities, in particular with their counterpart authorities that have

a shared responsibility for credit institutions or financial institutions operating in the same

group:

(a)

regulatory information, such as information on the domestic regulatory system, and

general information on the financial sectors;

(b)

prudential information, in particular for supervisory authorities applying “Core Principles

for Effective Banking Supervision” published by the Basel Committee on banking

supervision, “Objectives and Principles of Securities Regulation” published by the

International Organization of Securities Commissions (IOSCO) or “Insurance Core

Principles” published by the International Association of Insurance Supervisors (IAIS),

including information on the credit institutions’ and financial institutions’ business

activities, beneficial ownership, management and professional standing;

(c)

information on the fight against money laundering and terrorist financing, such as

internal anti-money laundering and counter terrorist financing procedures and policies

59

of credit institutions and financial institutions, customer due diligence information,

customer files, samples of accounts and transaction information.”

(Law of 20 May 2021)

“Article 9-2d. International cooperation between the CSSF, in its capacity as supervisory

authority, the FIU, the supervisory authorities and their counterparts

The CSSF, in its capacity as competent authority for the purposes of Article 42 of the Law of 5 April

1993 on the financial sector, as amended, the FIU and the supervisory authorities shall cooperate

closely with their counterparts of the other Members States within their respective competences and

shall provide them with information relevant for their respective tasks under Directive 2013/36/EU

of the European Parliament and of the Council as regards exempted entities, financial holding

companies, mixed financial holding companies, remuneration, supervisory measures, and powers

and capital conservation measures, hereinafter “Directive 2013/36/EU”, Regulation (EU) No

575/2013 and Directive (EU) 2015/849, provided that such cooperation and information exchange

do not impinge on an on-going inquiry, investigation or proceedings.”

(Law of 10 August 2018)

“TITLE I-II:

Appeal against the instruction of the Financial Intelligence Unit

Article 9-3.

(1) Any person demonstrating an interest in the property concerned by the instruction from the

Financial Intelligence Unit not to carry out the operations in accordance with Article 5(3) and

the professional concerned by this instruction may request, by simple request to the Chambre

du Conseil du Tribunal d’arrondissement de Luxembourg (Judges’ Council Chamber of the

Luxembourg District Court), the withdrawal of this instruction.

(2) The request shall be communicated within 24 hours upon its receipt by the registry (greffe) of

the Chambre du Conseil to the Financial Intelligence Unit and to the State prosecutor.

(3) The Financial Intelligence Unit shall draw up a written and reasoned report justifying the

instruction taken in application of Article 5(3) and transmit it to the registry (greffe) of the

Chambre du Conseil within five days of the receipt of the request. This report shall be

communicated by the registry (greffe) of the Chambre du Conseil to the State prosecutor and

the requestor.

(4) The Chambre du Conseil may request or authorise a judge of the Financial Intelligence Unit to

provide his observations orally.

(5) The Chambre du Conseil shall rule based on the report transmitted in accordance with paragraph

3, the comments made in application of paragraph 4 and after hearing the State prosecutor and

the requestor.

(6) The order of the Chambre du Conseil can be appealed by the State prosecutor or by the

requestor in the forms and within the deadlines set out in Articles 133 and following of the Code

of Criminal Procedure.”

TITLE II

Repealing and various provisions

(…)³¹²

(Law of 6 February 2025)

“Article 24-1.

Virtual asset service providers that are registered as at 30 December 2024 in accordance with Article

7-1 as applicable on 30 December 2024, shall remain registered within the register of virtual asset

service providers established by the CSSF until 1 July 2026 or until they are granted or refused an

authorisation pursuant to Article 63 of Regulation (EU) 2023/1114, whichever is sooner.

The virtual asset service providers referred to in the first subparagraph shall remain within the scope

referred to in Article 2 and remain subject to the professional obligations defined in this law and in

its implementing measures.

312

The repealing provisions are not included in this coordinated version.

60

Article 7-1(3) to (6), as applicable on 30 December 2024, continues to apply until 1 July 2026.

For the purpose of applying Articles 3-2(3a), and 7-1a of this law and Regulation (EU) 2023/1113

and its implementing measures, the virtual asset service providers referred to in the first

subparagraph shall be treated as crypto-asset service providers.

The CSSF shall remain the supervisory authority for the virtual asset service providers referred to in

the first subparagraph in accordance with Article 2-1(1).”

Article 25.

This law may be referred to in abbreviated form using the designation “Law on the fight against

money laundering and terrorist financing”.

(…)³¹³

313

Law of 13 February 2018

61

“ANNEX I

Activities or operations referred to in point (e) of Article 1(3a):

(1) Acceptance of deposits and other repayable funds from the public, including portfolio

management.

(2) Lending, including consumer credit, mortgage credit, factoring, with or without recourse, and

financing of commercial transactions (including forfeiting).

(3) Financial leasing, not including financial leasing arrangements in relation to consumer products.

(4) Payment services as defined in point (3) of Article 4 of Directive “(EU) 2015/2366 of the

European Parliament and of the Council of 25 November 2015 on payment services in the

internal market, amending Directives 2002/65/EC, 2009/110/EC, 2013/36/EU and Regulation

(EU) No 1093/2010, and repealing Directive 2007/64/EC”³¹⁴.

(5) Funds or value transfer services insofar as this activity is not covered by point (4). It refers to

financial services consisting of accepting cash, cheques or any other payment instrument or

value deposit and paying an equivalent amount in cash or any other form to a payee by means

of a communication, a message, a transfer or a clearing system to which the funds or value

transfer service belongs. The operations carried out through these services may involve one or

several intermediaries and a third-party recipient of the final payment and may include any new

means of payment. It does not refer to the exclusive provision of messages or any other support

system for the purposes of transferring funds to financial institutions.

(6) Issue and administration of other means of payment (e.g. cheques, travellers' cheques, money

orders and bank drafts, letters of credit) insofar as such activity is not covered by points (4) or

(15).

(7) Financial guarantees and commitments.

(8) Trading and transactions for own account or for account of customers in:

(a) money market instruments (such as, cheques, bills, banknotes, certificates of deposit

(CDs), derivatives);

(b) foreign exchange;

(c) exchange, interest rate and index instruments;

(d) transferable securities;

(e) commodity futures trading;

(f) financial futures and options;

(9) Participation in securities issues and the provision of financial services related to such issues.

(10) Advice to undertakings on capital structure, industrial strategy and related questions and

advice as well as services relating to mergers and the purchase of undertakings.

(11) Money broking.

(12) Individual and collective portfolio management and advice.

(13) Safekeeping and administration of cash or liquid securities “on behalf of other persons”³¹⁵

(14) Safe custody services.

(15) Issuing “and managing”³¹⁶electronic money.

.

(16) Otherwise investing, administering or managing funds or money on behalf of other persons.

(17) Underwriting and placement of life insurance and other investment related insurance by both,

insurance undertakings and insurance intermediaries (agents and brokers).

(18) Money and currency changing.

ANNEX II

The following is a non-exhaustive list of risk variables that the professionals shall consider when

determining to what extent to apply customer due diligence measures in accordance with Article

3(2a):

(i)

the purpose of an account or relationship;

(ii)

the level of assets to be deposited by a customer or the size of transactions undertaken;

314

315

316

Law of 25 March 2020

62

(iii) the regularity or duration of the business relationship.

ANNEX III

The following is a non-exhaustive list of factors and types of evidence of potentially lower risk

referred to in the second subparagraph of Article 3-1(2):

1. Customer risk factors:

(a) public companies listed on a stock exchange and subject to disclosure requirements (either

by stock exchange rules or through law or enforceable means), which impose requirements

to ensure adequate transparency of beneficial ownership;

(b) public administrations or enterprises from countries or territories having a low level of

corruption;

(c) customers that are resident in geographical areas of lower risk as set out in point (3);

2. Product, service, transaction or delivery channel risk factors:

(a) life insurance policies for which the premium is low;

(b) insurance policies for pension schemes if there is no early surrender option and the policy

cannot be used as collateral;

(c) a pension, superannuation or similar scheme that provides retirement benefits to employees,

where contributions are made by way of deduction from wages, and the scheme rules do

not permit the assignment of a member's interest under the scheme;

(d) financial products or services that provide appropriately defined and limited services to

certain types of customers, so as to increase access for financial inclusion purposes;

(e) products where the risks of money laundering and terrorist financing are managed by other

factors such as purse limits or transparency of ownership (particularly, certain types of

electronic money);

3. Geographical risk factors “- registration, establishment, residence in”³¹⁷:

(a) Member States;

(b) third countries having effective anti-money laundering and counter terrorist financing

systems;

(c) third countries identified by credible sources as having a low level of corruption or other

criminal activity;

(d) third countries which, on the basis of credible sources such as mutual evaluations, detailed

assessment reports or published follow-up reports, have requirements to combat money

laundering and terrorist financing consistent with the revised FATF Recommendations and

effectively implement those requirements.

ANNEX IV

The following is a non-exhaustive list of factors and types of evidence of potentially higher risk

referred to in the second subparagraph of Article 3-2(1):

1. Customer risk factors:

(a) the business relationship is conducted in unusual circumstances;

(b) customers that are resident in geographical areas of higher risk as set out in point (3);

(c) legal persons or arrangements that are personal asset-holding vehicles;

(d) companies that have nominee shareholders or shares in bearer form;

(e) businesses that are cash-intensive;

(f) the ownership structure of the company appears unusual or excessively complex given the

nature of the company's business;

317

Law of 25 March 2020

63

(Law of 25 March 2020)

“(g) customer is a third-country national who applies for residence rights or citizenship in

exchange of capital transfers, purchase of property or government bonds, or investment in

corporate entities.”

2. Product, service, transaction or delivery channel risk factors:

(a) private banking;

(b) products or transactions that might favour anonymity;

(c) non-face-to-face business relationships or transactions, without certain safeguards, such as

“electronic identification means, relevant trust services as defined in Regulation (EU) No

910/2014 or any other secure, remote or electronic, identification process regulated,

recognised, approved or accepted by the relevant national authorities”³¹⁸

(d) payment received from unknown or unassociated third parties;

;

(e) new products and new business practices, including new delivery mechanism, and the use

of new or developing technologies for both new and pre-existing products;

(Law of 25 March 2020)

“(f) transactions related to oil, arms, precious metals, tobacco products, cultural artefacts and

other items of archaeological, historical, cultural and religious importance, or of rare

scientific value, as well as ivory and protected species.”

3. Geographical risk factors:

(a) without prejudice to Article 3-2(2), countries identified by credible sources, such as mutual

evaluations, detailed assessment reports or published follow-up reports, as not having

effective anti-money laundering and counter terrorist financing systems;

(b) countries identified by credible sources as having significant levels of corruption or other

criminal activity;

(c) countries subject to sanctions, embargos or similar measures issued by, for example, the

European Union or the United Nations;

(d) countries providing funding or support for terrorist activities, or that have designated

terrorist organisations operating within their country.”³¹⁹

318

Law of 25 March 2020

Law of 13 February 2018

319

64