2025 AML/CFT  
Conference  
Dedicated to Specialised Professionals  
of the Financial Sector  
27 January 2025  
Rules of the conference  
. Cameras, microphones and chat function are deactivated  
. Q&A based on received questions (integrated)  
. No recording (audio, video, …)  
. Presentation slides will be published on CSSF website  
. This conference cannot replace the regular AML/CFT trainings  
. No certificate of attendance will be provided  
Overview of the functions  
2024 Key findings from  
offsite supervision  
Whistleblowing  
Terrorist Financing risk  
3
Please revert to CSSF website regarding information in  
relation to whistleblowing www.cssf.lu  
Whistleblower protection – CSSF  
Terrorist Financing risk  
Terrorism Financing risk involves the risk that funds or  
other assets intended for a terrorist or terrorist  
organisation are being raised, moved, stored or used  
in or through a jurisdiction, in the form of legitimate or  
illegitimate funds or other assets.  
Risks of Terrorist Financing are not the same as risks  
of Terrorism while these risks can be interlinked.  
Luxembourg is a significant international financial  
centre with very significant cross-border activities  
which may potentially be abused for terrorist  
financing.  
5
Terrorist Financing risk  
The FATF in its 2023 mutual evaluation report for Luxembourg concluded:  
“Luxembourg has a strong understanding of its money laundering (ML)  
risks and a reasonable understanding of its terrorist financing (TF) risks,  
which is reflected in its national, vertical and sub-sectoral risk assessments.”  
“There are major shortcomings in the understanding of TF risks across the  
private sector, in terms of awareness of TF exposure and the TF methods  
used.”  
Luxembourg should further develop and disseminate its understanding of  
TF risks and vulnerabilities, including misuse of legal persons for TF  
purposes, stemming from its exposure as international financial centre.”  
Terrorist Financing risk  
The 2020 National Risk Assessment of Money Laundering and Terrorist  
Financing:  
The threats of terrorism and terrorist financing are assessed as moderate  
overall.  
ML/TF vertical risk assessment Legal persons and legal arrangements:  
The corporate sector may be misused for TF purposes, by channeling legitimate  
funds to support terrorist activities or groups.  
7
Terrorist Financing risk  
TF vertical risk assessment Terrorist Financing:  
The main TF risks for Luxembourg emanate from the threat that terrorists,  
terrorist organisations and their financiers might exploit the vulnerabilities of  
certain sectors essentially for moving funds.  
The VRA TF does not consider the subsector of the Specialised PFS as a  
vulnerable sector. This does not mean that the TF risk for Specialised PFS is zero!!  
Subsector risk assessment on Specialised PFS providing corporate  
services (Trust and Corporate Service Provider activities “TCSP”):  
The threat of Terrorist Financing via TCSPs in Luxembourg is relatively lower  
than the threat of Money Laundering […].  
Despite the threat being relatively lower than for Money Laundering, Terrorist  
Financing via the TCSP sector cannot be ruled out.”  
8
Terrorist Financing risk  
Best practices  
Include TF risks in the risk appetite statement  
Assess the TF risks in the risk self-assessment  
Assess the TF risks in the client risk assessment  
Have dedicated section(s) focusing on TF risks and  
restrictive measures in AML policies and procedures  
CSSF circular 21/782 on  
the adoption of the  
revised guidelines, by  
the European Banking  
KYC/KYT coherence checks to be performed on  
source of funds/wealth and destination of funds  
Authority  
useful  
provides  
guidance on  
terrorist financing risk  
factors.  
9
Terrorist Financing risk  
Ongoing due diligence:  
Mandatory Screening of UN/EU/LUX targeted  
financial sanction lists regarding terrorists and  
terrorist organisations  
Transaction monitoring; is destination of funds  
in line with the knowledge on client and the  
purpose of the business relationship?  
Provide trainings on TF risks and restrictive  
measures to the staff and management. Awareness  
raising, red flags and devoplement of critical thinking  
CSSF circular 21/782 on  
the adoption of the  
revised guidelines, by  
the European Banking  
Do not hesitate to file a report to the FIU in case of  
Authority  
useful  
provides  
guidance on  
TF suspicion  
terrorist financing risk  
factors.  
10  
Terrorist Financing  
risk  
Subscribe to CSSF  
newsletter  
11  
2024 key findings from off-site supervision  
1) Customer due diligence  
2) KYC remediations  
3) Content of the report from the compliance officer in charge of the control of  
compliance with the professional obligation (“RC”)  
4) Responsibilities of the professionals, the RC and the person responsible for  
compliance with the professional obligations (“RR”)  
1) Identification and  
verification of the customer and  
its UBO - 3(2) a) and b) of the  
AML/CFT Law (Law of 2004)  
Not a « tick the box exercise », you need to review the  
documents/explanations.  
Article 18 of CSSF Regulation 12-02  
“According to their risk assessment and without prejudice to  
other enhanced due diligence obligations, the professionals  
shall take additional verification measures such as, for  
example, the verification of the address indicated by the  
customer through the proof of address”  
Utility bills as EDD measures  
Contradictory information in the customer file  
Assessing and understanding the purpose of  
relationship – 3(2) c) of the AML/CFT Law  
Examples in relation to Article 24 of CSSF Regulation 12-02.  
“The professionals' obligation to know their customer includes the  
obligation to gather, register, analyse and understand at the time of the  
customer identification, the information about the origin of the customer's  
funds and the types of transaction for which the customer requests a  
business relationship, as well as any adequate information allowing the  
determination of the customer’s purpose of the business relationship in  
accordance with point (c) of the first subparagraph of Article 3(2) of the  
Law.”  
Services provided as per the contract  
Payments from a company in the BVI  
Risks related to the services  
provided  
“Services which may be provided by TCSPs and which  
(in some circumstances) risk being used to assist  
money launderers may include:…  
Situations where advice on the setting up of legal  
persons or legal arrangements may be misused to  
obscure ownership or real economic purpose …  
Services where TCSPs may in practice represent or  
assure the client’s standing, reputation and  
credibility to third parties, without a commensurate  
knowledge of the client’s affairs. …”  
Useful questions:  
Why has the client chosen you  
as a service provider?  
One-stop shop = complete  
services or other service  
providers involved? (+ or -)  
Do you really understand what  
the client is doing/willing to do  
with the client company?  
2) KYC remediations  
Points of concerns:  
- Scope of remediation (documents required  
by law or by your procedure?)  
- Length of the remediations (resources,  
deadlines)  
- Correct frequency (Article 35(2) of the  
CSSF Regulation 12-02)  
- Priorities (use of the Risk Based Approach)  
- The dilemma of blocking/not blocking  
- Departure of clients (unhappy) for a new  
service provider (CSSF Circular 11/528)  
3) Content of the RC Report  
- irregularities found were not  
described  
- corrective measures were not  
provided  
Article 42(5) of the CSSF Regulation  
12-02  
Article 50 the EBA guidelines on the  
role and responsibilities of the  
AML/CFT compliance officer  
The appointment of the RR and  
the RC  
This is not an approval from the CSSF. This is  
a take note process.  
Responsibility of the PFS to ensure that the RR  
and RC comply with Articles 40(2) and 43 of  
the CSSF Regulation 12-02  
Responsibility of the RC and RR to do their  
work in an effective manner, raise issues and  
propose solutions.  
Issues encountered and solutions  
Issues  
Possible solutions  
- Recognition of the importance of AML/CFT matters by the  
Management  
- Involvement from Management in AML/CFT matters  
- Measures to increase staff fidelity  
- RR as part of the Management to support RC (opinion,  
needs)  
High Turnover  
Balance of experience between RR and RC  
- Guidance from RR  
-
Sufficient experience  
Sufficient knowledge of the  
Luxembourg legal framework  
More AML/CFT trainings  
-
Creation of a separate RC team  
- No involvement/sign off on a client file where a conflict of  
interest exists  
-
Independance and  
objectivity  
Recruit additional resources in the AML/CFT team (if juniors  
-
are recruited, train and guide them)  
- Avoid the accumulation of functions (RR with multiple  
client mandates, RC involved in 1st LoD tasks...)  
Availability  
Update on the new AML/CFT  
package  
21  
Update on the new AML/CFT  
package - Introduction  
Official adoption of the 3 remaining texts of the  
AML/CFT package on 19.06.2024  
Regulation (EU) 2024/1624 (‘AMLR’),  
Directive (EU) 2024/1640 (‘AMLD6’),  
Regulation (EU) 2024/1620 (‘AMLAR’)  
[+ Regulation (EU) 2023/1113 on information  
accompanying transfers of funds and certain crypto-  
assets (‘TFR’)]  
Date of application (for the most part): 10 July 2027  
22  
Update on the new AML/CFT  
package - Introduction  
Establishment of AMLA  
Role of harmonisation  
Issuance of:  
RTS  
Guidelines  
Direct supervisor for a limited number of entities  
Timeline:  
Q1 2025: AMLA to open offices in Frankfurt, Executive Board  
to be appointed  
End of 2025: EBA not longer has its AML/CFT mandate,  
transfer of central database (EuReCA) to AMLA  
2026: most RTS to be presented to COM, Guidelines to be  
issued  
2027: selection of 40 obliged entities  
2028: start of direct supervision  
23  
Update on the new AML/CFT  
package – Changes to come  
Supervisory framework  
AMLA (2 pillars: supervision and FIU)  
RTS/GL: with public consultations (as of 2025!)  
Harmonisation of supervision also for non-selected  
obliged entities  
Obligations of professionals/obliged entities  
Pending clarifications by RTS/GL  
E.g.:  
Notion of PEP,  
Procedures to mitigate/manage TFS risk,  
Outsourcing,  
24  
Thank you for your  
attention!  
27 January 2025  
In case of questions, please send an email to:  
aml.psf-sp@cssf.lu  
26