2025 AML/CFT  
Conference  
Dedicated to Investment Firms  
28 March 2025  
1
Welcome & opening  
remarks  
Cyrille TONNELET  
Head of the AML/CFT and Licensing division,  
Investment Firms supervision department,  
CSSF  
2
Agenda  
09:00-09:15  
Welcome & opening remarks  
Cyrille TONNELET  
09:15-10:00  
Key takeaways from AML/CFT  
Investment Firms’ offsite  
supervision  
Martine WAGNER  
Cyrille TONNELET  
Axel BARBIER  
10:00-10:45  
Key takeaways from AML/CFT on-site  
inspections for Investment Firms  
Valérie ALEZINE  
10:45-11:00  
11:00-11:45  
Coffee Break  
CRF’s statistics, ML/TF typologies,  
indicators and best practices for  
Investment Firms  
Anouk DUMONT  
Esman KURUM  
11:45-12:15  
12:15-12:30  
Regulatory evolution  
(AML/CFT package)  
Vincent RENAUD  
Claude MARX  
Closing remarks  
12:30-13:30  
Networking Lunch  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
3
Opening remarks  
No recording (audio, video, …)  
No third-party diffusion of content  
This conference cannot replace the regular AML/CFT training  
No certificate of attendance will be provided  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
4
Key takeaways from  
AML/CFT Investment  
Firms’ off-site  
2
supervision  
Martine WAGNER  
Head of the Investment Firms supervision  
department, CSSF  
Cyrille TONNELET  
Head of the AML/CFT and Licensing division,  
Investment Firms supervision department, CSSF  
Axel BARBIER  
AML/CFT expert, Investment Firms  
supervision department, CSSF  
5
Key takeaways from AML/CFT  
Investment Firm off-site  
supervision  
1. Investment Firm sector overview  
2. Main findings and best practices  
A. AML/CFT compliance governance: RR/RC  
B. AML/CFT reports  
C. Transaction monitoring  
3. Update of the 2024 Questionnaire on  
financial crime  
4. Supervisory priorities  
A. Terrorism and terrorist financing  
B. Thematic review on TCSPs  
6
1. Sector overview  
(Section not publicly shared)  
7
2. Main findings and  
best practices  
2  
Best practices  
AML/CFT compliance governance: RR/RC  
Reminder  
Definitions (Art. 1(1)) of CSSF Regulation 12-02)  
RR: the member of the authorized management responsible for the fight  
against money laundering and terrorist financing.  
RC: the person who shall implement AML/CFT, for example, the  
compliance officer […]”.  
Suitability requirements for RR/RC (Art. 40(3) of CSSF Regulation 12-02)  
Professional experience  
Knowledge of the Luxembourg AML/CFT legal framework  
Hierarchy and powers with the company  
Availability  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
13  
Best practices  
AML/CFT compliance governance: RR/RC  
Reminder  
RR  
RC  
Defines the AML/CFT framework of the  
entity  
Ensures that the AML/CFT framework  
set by the RR is implemented and  
applied by the company  
Verifies that the Investment Firm is  
compliant with the AML/CFT professional  
obligations  
Ensures trainings  
Is the privileged contact person for the  
Luxembourg authorities  
Oversees the activities and reviews the  
reportings (regular, ad-hoc and annual)  
of the RC  
Approves the establishment of business  
relationships with PEPs and high risk  
country clients as part of the authorized  
management  
Submits the annual RC report to the  
CSSF  
Reports in writing on a regular basis to  
the RR  
Submits annual reports to the RR, the  
authorized management and Board of  
Directors  
2024 AML/CFT Conference dedicated to Investment Firms  
28 March 2025  
14  
Best practices  
AML/CFT compliance governance: RR/RC  
Findings  
23% of the Investment Firms do not have different persons for RR and RC.  
1% of the Investment Firms have designated their Board of Directors either  
as RR or RC.  
Source: Tableaux EI  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
15  
Best practices  
AML/CFT compliance governance  
Best practices  
RR and RC shall be two different persons  
RR=RC only if principle of proportionality applies (EBA/GL/2022/05)  
Duly justified communication to the CSSF (EBA/GL/2022/05 and Art. 40(2)  
and Art. 43 of CSSF Regulation 12-02)  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
16  
Best practices  
AML/CFT reports  
Reminder  
CSSF Regulation 12-02 (Art. 42(6))  
Annual summary report to be prepared by the RC.  
Should cover the RC’s activities and operations.  
CSSF Circular 20/758 (point 141)  
The summary report of the compliance function should cover AML/CFT in a  
dedicated chapter.  
Must include the following elements:  
corrective and preventive measures  
implemented  
description of the activities in the area  
the main recommendations issued  
major (existing or emerging) deficiencies  
irregularities and problems identified  
list of deficiencies, irregularities and  
problems which have not been yet  
subject to corrective measures  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
17  
Best practices  
AML/CFT reports  
Reminder  
EBA Guidelines on the role of AML/CFT Compliance Officers (EBA/GL/2022/05, point  
50): 3 main topics  
ML/TF risk self-assessment findings  
Client risk matrix changes  
ML/TF risk  
Classification of customers by risk category  
assessment  
Statistics (unusual transactions, SAR/STR, relationship ceased, etc.)  
Description of the AML/CFT organisation structure  
Description of AML/CFT human and technical resources  
AML/CFT outsourcings  
Resources  
Important measures taken & identified shortcomings  
Compliance monitoring actions  
Policies &  
procedures  
AML/CFT trainings  
Plan of activities for the subsequent year  
Findings of internal and external audits relevant to AML/CFT and any progress made  
Supervisory activities and communications with the authorities  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
18  
Best practices  
AML/CFT reports  
Findings  
No follow-up on the previous AML/CFT shortcomings identified by the internal  
control functions and statutory auditor.  
No description of the irregularities identified and corrective measures taken.  
No description of the organisation of the Compliance function for AML/CFT  
(3LoD, etc.).  
The report(s) do not contain any section dedicated for the recommendations  
issued by the Chief Compliance Officer.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
19  
Best practices  
AML/CFT reports  
Best practices  
AML/CFT report to be done by the RC (CSSF Regulation 12-02) should be  
ideally separated (at least identifiable) from the summary report of the  
compliance function done by the CCO (CSSF Circular 20/758).  
Contents of AML/CFT report: refer to point 50 of the EBA/GL/2022/05.  
Contents of summary report of the compliance function, AML/CFT chapter:  
refer to point 141 of the CSSF Circular 20/758.  
IF are expected to decide remediation actions so as to effectively remediate  
to the weaknesses within one year after their initial finding.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
20  
Best practices  
Transaction monitoring  
Reminder  
Art. 3(2)d) and Art. 3(7) of AML/CFT Law of 12 November 2004  
Art. 32 and Art. 39 of CSSF Regulation 12-02  
Art. 1(3) of Grand Ducal Regulation of 1 February 2010  
Suspicious Transaction Report  
Alert review  
Unusual patterns  
Complexity  
Efficiency of the tool  
Frequency  
Source of funds  
Scenarios  
Consistency checks  
Smurfing  
Volume  
Rationale  
Ex-post  
Client transactional profile  
Purpose and nature of the business relationship  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
21  
Best practices  
Transaction monitoring  
Findings  
Portfolio manager fully relying on depositary banks for transaction  
monitoring.  
Manual transaction monitoring not adequate for the volume of transactions.  
Scenarios set up in the automated transaction monitoring tool not accurate or  
exhaustive.  
Absence of approved procedures for the escalation of transaction monitoring  
alerts.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
22  
Best practices  
Transaction monitoring  
Best practices  
Cooperate with the depositary bank to check the available information.  
Involve the second line of defence for the review of transaction monitoring  
alerts.  
Ensure to test the adequacy and effectiveness of the transaction monitoring  
tools.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
23  
3. Update of the 2024  
Questionnaire on  
financial crime  
4  
Update of the 2024 Questionnaire on financial crime  
Deadline: 4th April 2025  
2 sub-categories added to  
fully reflect the diversity  
of portfolio management  
mandates (Art. 24-4 LFS).  
New geographical risk  
table for the clientele  
linked to the branches of  
the Investment Firm.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
25  
Update of the 2024 Questionnaire on financial crime  
Reorganisation of the “Mitigation Effectiveness” section & refitting of the  
former AML/CFT actions in progress to mitigate AML/CFT riskssection.  
Before  
After  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
26  
Key points  
Update of the 2024 Questionnaire on financial crime  
Financial information in the questionnaire: the turnovers and amounts  
involved for each activity should match the numbers included in the national  
/“Ad-hoc” reporting.  
Consistency between sections: the total number of clients reported in the  
Geographical Risk table should match the figure reported as “total clients” in  
the section “Inherent Risks, therefore including clients for non-MiFID  
services and activities.  
New methodology for the reporting of UBOs in the Geographical Risk table:  
Amounts involved to be divided by the number of UBOs based on their  
jurisdiction of residence.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
27  
4. Supervisory  
priorities  
8  
Supervisory priorities  
Terrorism & Terrorist financing  
Terrorist Financing risk involves the risk that funds or other assets intended for a  
terrorist or terrorist organisation are being raised, moved, stored or used in or  
through a jurisdiction, in the form of legitimate or illegitimate funds or other assets.  
Risks of Terrorist Financing are not the same as risks of Terrorism while these risks can  
be interlinked.  
Luxembourg is a significant international financial centre with very significant  
crossborder activities which may potentially be abused for terrorist financing.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
29  
Supervisory priorities  
Terrorism & Terrorist financing  
FATF, 2023 Mutual Evaluation Report for Luxembourg  
“Luxembourg has a strong understanding of its money laundering (ML)  
risks and a reasonable understanding of its terrorist financing (TF)  
risks, which is reflected in its national, vertical and sub-sectoral risk  
assessments.”  
“There are major shortcomings in the understanding of TF risks across  
the private sector, in terms of awareness of TF exposure and the TF methods  
used.”  
Luxembourg should further develop and disseminate its understanding of  
TF risks and vulnerabilities, including misuse of legal persons for TF  
purposes, stemming from its exposure as international financial centre.”  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
30  
Supervisory priorities  
Terrorism & Terrorist financing  
2020 National Risk Assessment of Money Laundering and Terrorist Financing  
Terrorist financing is a more likely threat to Luxembourg than terrorism, given the  
country’ s open economy. Still, both threats are closely connected and deemed  
overall moderate relative to ML.  
2022 Vertical Risk Assessment Terrorist Financing  
Raising: Relevant for wealthy terrorism sponsors outside the EU”  
Moving: Discretionary asset management is not suitable for moving funds for TF  
purposes [] Generated returns that are no longer subject to discretionary  
management may be transferred to terrorists or terrorist organisations”  
Using: Not applicable as long as the funds are under discretionary management”  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
31  
Supervisory priorities  
Terrorism & Terrorist financing  
2023 Subsector risk assessment on Private Banking  
“In private banks, the close relationship between the client and the bank, the high entry  
thresholds, the longer-term view on investments, the particularly high level of due  
diligence and the specific nature of transactions (high value, but low numbers facilitate  
a closer scrutiny) make them an unlikely and unsuited target for the financing of (low  
value) terrorist support or acts”  
2020 Subsector risk assessment on Specialised PFS providing corporate  
services (Trust and Corporate Service Provider activities “TCSP”)  
The threat of Terrorist Financing via TCSPs in Luxembourg is relatively lower than the  
threat of Money Laundering [].  
Despite the threat being relatively lower than for Money Laundering, Terrorist Financing  
via the TCSP sector cannot be ruled out.”  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
32  
Supervisory priorities  
Terrorism & Terrorist financing  
Recommendations for Investment Firms  
Include TF risks in the Risk Appetite Statement.  
Assess the TF risks in the risk self-assessment.  
Assess the TF risks in the client risk assessment.  
Have dedicated sub-section(s) focusing on TF risks and restrictive measures  
in AML policies and procedures.  
Perform KYC/KYT coherence checks on source of funds/wealth and  
destination of funds.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
33  
Supervisory priorities  
Terrorism & Terrorist financing  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
34  
Supervisory priorities  
2025 Thematic review - TCSP  
5 categories of Trust and Corporate Services  
Incorporation  
Fiducie/trust  
Directorship and secretarial services  
Domiciliation  
(Nominee shareholder)  
Legal bases:  
Family Office (Art. 28-6 LFS)  
Corporate domiciliation agents (Art. 28-9 LFS)  
Professionals providing company incorporation and management services  
(Art. 28-10 LFS)  
Law of 27 July 2003 on trusts and fiduciary contracts  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
35  
Supervisory priorities  
2025 Thematic review - TCSP  
Inherent and residual risk assessment of the SSRA TCSP 2020  
TCS CATEGORY  
INHERENT RISK  
RESIDUAL RISK  
MEDIUM HIGH  
INCORPORATION  
HIGH  
HIGH  
PROVISION OF DIRECTORSHIPS  
DOMICILIATION OF COMPANIES  
MEDIUM HIGH  
HIGH  
MEDIUM HIGH  
MEDIUM LOW  
(NOMINEE SHAREHOLDER  
SERVICES)  
MEDIUM HIGH  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
36  
Supervisory priorities  
2025 Thematic review - TCSP  
Trust and corporate services provided by  
investment firms  
13  
13  
11  
11  
13 Investment Firms (14%  
of the sector) provide TCSP  
activities.  
10  
10  
9
9
6
6
5
5
Domiciliation is historically  
the most provided TCSP  
activities carried out by  
investment firms.  
4
4
2
2
1
1
0
0
2020  
Incorporation  
Fiducie & trust  
2021  
2022  
2023  
Directorship & sec. services  
Nominee shareholder  
Domiciliation  
sources: Questionnaires on financial crime 2020-2023  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
37  
Supervisory priorities  
2025 Thematic review - TCSP  
Better understand the business model and the  
specific ML/TF risks associated to these activities for  
investment firms.  
Assess the risks of some TCSP categories not  
covered in the SSRA (i.e. Fiducie & Trust) and the  
specificities identified for investment firms.  
Specific questionnaire to be sent over the 2nd  
semester 2025 to the relevant investment firms.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
38  
Questions?  
amlei@cssf.lu  
9  
3
Key takeaways from  
AML/CFT on-site  
inspections for  
Investment Firms  
Valérie ALEZINE  
Deputy head of the on-site inspection  
department, CSSF  
40  
Agenda  
Main focus when performing AML/CFT on-site  
inspections  
1
2
3
Examples of findings detected for Investment  
Firms  
Questions?  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
41  
1
Main focus when performing  
AML/CFT on-site inspections  
42  
AML/CFT on-site inspections for Investment Firms  
The number of AML/CFT on-site inspections performed by the CSSF within Investment Firms  
remains stable and in line with the risk level of the investment firms sector  
Overall % of all AML/CFT OSIs  
25%  
19%  
18%  
20%  
15%  
10%  
5%  
17%  
13%  
13%  
0%  
2021  
2022  
2023  
2024  
2025  
(*) Excluding investment fund sector  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
43  
Different types of AML/CFT on-site inspections  
A thematic on-site inspection aims at  
comparing AML/CFT practices and  
compliance levels across several entities on  
a specific supervisory theme  
A full scope on-site  
inspection covers all 7  
AML/CFT processes,  
while a partial scope one  
usually covers 3  
Full  
Thematic  
Ad-hoc  
scope  
processes  
Partial  
scope  
An ad-hoc on-site  
inspection aims at  
investigating a particular  
situation or topic  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
44  
Control plan of AML/CFT on-site inspections  
The control plan of AML/CFT on-site inspections, is divided into 7 process:  
A- Risk assessment / Risk  
B- Risk based approach  
appetite  
D- Ongoing due diligence -  
C- Customer due diligence  
Transaction monitoring  
G- Adequate internal  
organisation / governance  
E- Ongoing due diligence -  
Name screening controls  
F- Cooperation with the  
authorities  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
45  
Control plan of AML/CFT on-site inspections  
A. Risk assessment/Risk appetite  
Our inspections  
encompass  
analysis of  
procedures,  
management  
interviews and  
sample testing  
A.01 ML/TF risk self-assessment  
A.02 Risk appetite  
B. Risk based approach  
B.01 Country risk assessment  
B.02 Customer risk assessment  
B.03 Due diligence measures  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
46  
Control plan of AML/CFT on-site inspections  
C. Customer due diligence  
C.01 Customer due diligence  
C.02 Periodic review and regularisation of incomplete files  
C.03 Blocking process  
C.04 Third Party Introduction  
D. Ongoing due diligence Transaction monitoring controls  
Transaction  
monitoring can  
be carried out  
manually only in  
the case of low  
volumes  
D.01 Adequacy of the transaction monitoring process  
D.02 Effectiveness of the transaction monitoring process  
D.03 Cash transactions  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
47  
Control plan of AML/CFT on-site inspections  
E. Ongoing due diligence Name screening controls  
E.01 Clients database  
E.02 Adequacy of name screening controls on the clients  
database  
E.03 Effectiveness of name screening controls on the clients  
database  
F. Cooperation with the authorities  
F.01 Processing of AML/CFT suspicions  
F.02 Closed business relationships  
F.03 Refused entries into business relationship  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
48  
Control plan of AML/CFT on-site inspections  
G. Adequate internal organisation / governance  
G.01 Information and training programme  
G.02 Compliance Function  
G.03 Supervision of outsourced AML/CFT controls  
G.04 Supervision of branches and subsidiaries  
G.05 Internal Organisation  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
49  
Coverage of Terrorism Financing risk during CSSF on-site inspections  
Main specific topics related to TF covered  
Risk Assessment  
How did the Entity consider the Terrorism Financing (TF) risk in the risk self-  
assessment of its activities ?  
When conducting AML/CFT partial  
and full scope on-site inspections,  
Risk based approach  
How is TF risk taken into account in the country risk assessment ?  
How is TF risk taken into account in the customer risk assessment ?  
Terrorism Financing risk is a key  
examined topic which has been  
reinforced over the past years  
Customer due diligence  
When selecting the KYC files to be reviewed, a specific focus is given on NPOs/NGOs,  
clients / UBOs from countries exposed to TF  
Name Screening on the client database  
Is the name screening system adequate (frequency, lists used, % of matching…)?  
For a sample of alerts : what is the timeliness of the review? was the analysis  
accurate and well documented? were appropriate actions taken?  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
50  
Coverage of Terrorism Financing risk during CSSF on-site inspections  
Main specific topics related to TF covered  
Governance  
Is TF risk sufficiently considered in the Compliance Monitoring Plan?  
Training  
Does the training program include TF specificities?  
Cooperation with the authorities  
Was the communication with the competent authorities (e.g. for cases identified as  
related to TF or for any TF related request from the authorities) adequate and  
prompt?  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
51  
2
Examples of findings detected  
for Investment Firms  
52  
Examples of findings detected for Investment Firms  
Risk assessment / Risk appetite  
Risk based approach  
Customer due diligence  
Inadequate  
customer  
risk  
assessment methodology  
Inadequate risk self-assessment  
Lack of information / corroboration  
not  
taking  
into  
consideration  
of the source of funds / wealth  
No EDD on clients involving high-risk  
specific risks of the Entity e.g.:  
Different products and services  
Predicate tax offences risks  
Financing of terrorism  
countries  
Insufficient  
information  
collected  
the  
or  
to  
risk  
PTO risk not taken into consideration  
documentation  
reasonably  
related to the laundering of  
funds resulting from a predicate  
tax offence  
Country risk of (legal) representatives  
exclude  
not taken into consideration  
Inadequate  
country  
risk  
assessment methodology  
EU Delegated Regulation on high risk  
countries; EU list of uncooperative  
jurisdictions in tax matters; OECD list  
of countries granting “golden Visas”;  
and risk factors mentioned under point  
3 of Appendix IV of the AML/CFT Law  
not taken into consideration  
Structure  
not  
allowing  
the  
Insufficient measures to identify  
the beneficial owner(s) of legal  
entities (including lack of obtaining  
extract from the BO register)  
assessment of inherent and residual  
risks  
Mitigating measures not justifying  
the residual risks  
Inadequate frequency of periodic  
file reviews  
Lack of sufficient information to  
establish whether a customer  
fulfils the requirements for the  
application of SDD  
Risk appetite statement too high  
level or not applied in practice  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
53  
Examples of findings detected for Investment Firms  
Adequate internal organisation /  
governance  
Transaction monitoring controls  
Name screening controls  
Alerts closed without proper  
investigation and/or without  
any proper formalisation of the  
analysis performed  
Alerts closed without any proper  
formalisation of the analysis  
performed  
Missing outsourcing agreements  
or outsourcing agreements with no  
detailed description of the tasks  
to be performed  
Significant  
delays  
in  
the  
Significant  
delays  
in  
the  
treatment of alerts  
Lack of oversight of outsourced  
treatment of alerts  
AML/CFT related tasks  
Inadequate frequency of name  
screening controls  
Inadequate  
or  
incomplete  
Compliance monitoring plan  
Lack of effectiveness controls  
on name screening tools, e.g.:  
Yearly Compliance report too high  
No controls if sanctions lists have  
level  
been (correctly) uploaded  
No controls if the tool performs  
Inadequate AML/CFT trainings  
screening  
and trainings not followed by all staff  
No controls if all clients and related  
parties are screened  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
54  
Examples of findings detected for Investment Firms  
Cooperation with the authorities (1/2)  
Late or missing declarations of money laundering / terrorism financing suspicions to the FIU  
Insufficient investigation of suspicious elements  
Example A: Absence of a declaration to the FIU, despite the fact that the information and documentation on the tax domicile of  
the client was suspicious:  
Two different clients (1 Norwegian national and his wife, and 1 Belgian national) had the same address in Luxembourg  
The apartment was too small for the amount of persons (3 individuals) and the rent too low for Luxembourg  
Example B: Absence of a declaration of a suspicion to the FIU, despite the fact that several indicia of money laundering related  
to a predicate tax offence were present:  
Sale of 2 companies via a loan, whereby no loan agreement existed. The loan was between the seller and the purchaser  
No information on the capital gain and the taxation of the two companies  
The transaction looked more like a donation rather than a sale via a loan  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
55  
Examples of findings detected for Investment Firms  
Cooperation with the authorities (2/2)  
Example C: Late declaration of a suspicion to the FIU, despite the fact that suspicious elements were on file regarding the tax  
domicile of a client since entry into business relationship:  
Polish national stated living in Cyprus provided water bill for the period May to August 2023 with consumption at 0 and an electricity bill for the  
period July to September 2023 with a consumption of 0 kWh  
Wife lives in Poland  
Client provided Polish phone number  
Example D: Absence of a declaration to the FIU, despite the fact that  
manifest adverse media was on file:  
Point of attention related to press  
articles:  
Client company entered into business relationship in 2003. The client was held by a  
trust whose settlor was sentenced to a prison term of 4 years in 2019  
When negative press articles are  
identified, a specific analysis must be  
carried out to determine whether sending  
a declaration to the FIU is appropriate.  
This analysis must be formalised.  
Alert generated by the name screening tool but no in-depth analysis performed and  
alert dismissed despite the fact that the person was duly sentenced to a prison term  
due to fraudulent activities  
There may be a ML/TF suspicion even if  
the customer has not yet been convicted.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
56  
3
Questions ?  
57  
Thank you  
Coffee Break  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
59  
CRF’s statistics,  
ML/TF typologies,  
indicators and best  
practices for  
4
Investment Firms  
Anouk DUMONT  
Deputy Director, CRF  
Esman KURUM  
Analyst, CRF  
60  
Cellule de Renseignement Financier (CRF)  
Investment Firms :  
statistics, ML/TF  
typologies and best  
practices  
Luxembourg, March 28th 2025  
Cellule de Renseignement Financier (CRF)  
Contents  
Overview of the FIU and key figures  
Investment Firms : Key figures and data from filed reports  
Overview of suspected predicate offences for Investment Firms  
ML/TF risk indicators for Investment Firms  
ML/TF typologies and emerging trends for Investment Firms  
Best practice guidance  
Q&As  
Cellule de Renseignement Financier (CRF)  
Overview of the FIU  
and key figures  
Luxembourg FIU (CRF)  
Cellule de Renseignement Financier (CRF)  
In a nutshell  
A judiciary type of FIU, operationally independent and  
autonomous  
Under the administrative supervision of the Prosecutor General’s  
Office of the Grand-Duchy of Luxembourg  
Total number of employees: 50+  
A multidisciplinary team  
A team made up of magistrates, IT and data analysis experts, operational and strategic  
analysts specialized in a wide range of areas such as terrorist financing, tax offences,  
virtual assets and cybercrime, investment funds, corruption, legal structures and  
complex money-laundering schemes.  
Luxembourg FIU (CRF)  
Cellule de Renseignement Financier (CRF)  
Our teams  
IT & Data  
Science  
Strategic  
Cooperation  
Operational  
Cooperation  
At national and international level  
Cellule de Renseignement Financier (CRF)  
Reporting entities  
FIU  
International cooperation  
FIU  
FIU  
FIU-to-FIU  
EUROPOL  
EPPO  
CRF  
National cooperation  
Databases  
Judiciary authorities  
Law enforcement authorities  
National intelligence services  
Supervisory authorities  
Self-regulated bodies  
Tax administrations  
Other competent authorities for AML/CFT matters  
The FIU’s ability to freeze  
Cellule de Renseignement Financier (CRF)  
suspicious transactions  
Reminder  
The FIU's decision to freeze may be taken at any time.  
From the time you receive the acknowledgement of receipt of the report, until you receive a freeze instruction from the FIU, you  
may decide, under your own responsibility, to execute the transactions referred to in your communications, as well as any  
subsequent non-suspicious transactions.  
Freeze are not limited in time, but might be partial or total.  
The FIU may spontaneously and at any time decide to release the freeze.  
The freeze may be legally challenged before the Chambre du Conseil of the Tribunal d'arrondissement de Luxembourg.  
Freeze order is not a means to an end in itself. It is an exceptional measure that is only considered, if seizure and confiscation are  
likely:  
either in context of an international mutual legal assistance request,  
or as part of a national investigation and prosecution.  
Our key figures in 2024  
Cellule de Renseignement Financier (CRF)  
FIU Luxembourg  
12 500+  
Registered professionals  
850+  
Disseminations received  
50 000+  
Filed reports  
2 500+  
Disseminations sent by  
~ EUR 875 mio  
of assets currently frozen  
on goAML  
from foreign FIUs  
Luxembourg FIU  
Additional cross-border  
reporting is done via FIU.net  
100%  
Digital and paperless  
650+  
Financial analysis reports  
Top 5  
Associated  
Predicate Offences  
Top 5  
International cooperation -  
Top 5  
International cooperation -  
submitted to judicial  
Information sent to foreign countries  
Information received from abroad  
Fraud  
authorities and other  
Tax offences  
national AML/CFT authorities  
Counterfeiting  
Money laundering  
Forgery and fraud  
Yearly evolution of the total  
number of filed reports  
(2010-2024)  
Cellule de Renseignement Financier (CRF)  
The total number of reports received by  
the FIU from reporting entities has been  
following an ascending trend since  
2010.  
Since 2018, the number of reports filed  
with FIU Luxembourg on a yearly basis  
has stabilized at a high level, i.e.  
hovering around 50.000 reports  
received per year.  
Yearly evolution of the total  
number of filed reports  
Cellule de Renseignement Financier (CRF)  
(2017-2024) Detailed view  
While the number of traditional SARs and STRs filed with  
the FIU has been increasing at a steady pace since  
2019, the number of SARe and STRe filed on a yearly  
basis remains stable since 2020.  
When it comes to terrorist financing-related suspicious  
activity (TFAR) and transaction (TFTR) reports, filings  
have been made at a lower level since 2022.  
Cellule de Renseignement Financier (CRF)  
Investment Firms :  
Key figures and data  
from filed reports  
Investment Firms  
Cellule de Renseignement Financier (CRF)  
Definition  
Legal definition of investment firms in Luxembourg  
Pursuant to Part I, Chapter 2, Section 2, Sub-section 1 of the Law of 5 April 1993 on the financial sector, the professionals of the  
financial sector (“PFS”) falling within the following categories are defined as investment firms:  
Article 24-1. Reception and transmission of orders in relation to one or more financial instruments  
Article 24-2. Execution of orders on behalf of clients  
Article 24-3. Dealing on own account  
Article 24-4. Portfolio management  
Article 24-5. Investment advice  
Article 24-6. Underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis  
Article 24-7. Placing of financial instruments without a firm commitment basis  
Article 24-8. Operation of an MTF  
Article 24-9. Operation of an OTF  
Key figures from reports filed by  
Investment Firms in 2024  
Cellule de Renseignement Financier (CRF)  
+116%  
40%  
67%  
+38%  
of SARs/STRs from Investment  
Firms in 2024 were filed by 4  
reporting entities  
of SARs/STRs from Investment  
Firms in 2024 involved a legal  
person as client/account holder  
increase of SARs/STRs from  
Investment Firms compared to  
2020  
increase of SARs/STRs from  
Investment Firms compared to  
2023  
70% 12%  
21%  
31%  
of SARs/STRs from Investment  
Firms in 2024 were filed in H2  
2024 (between July 1st and  
December 31st).  
of SARs/STRs from Investment  
Firms in 2024 were filed based  
open source information, mainly  
about adverse media.  
of SARs/STRs from Investment  
Firms in 2024 were filed based on  
a lack of cooperation on KYC or  
KYT documentation.  
of SARs/STRs from Investment  
Firms in 2024 involved business  
relationships being closed or  
already closed.  
Investment Firms registered with  
goAML (2020-2024)  
Cellule de Renseignement Financier (CRF)  
The number Investment Firms registered  
with goAML has increased by 42% since  
2020.  
On average, 29% of Investment Firms  
registered with goAML filed at least one  
report per year with the FIU between 2020  
and 2024.  
Investment Firms registered with  
goAML Categorization  
Cellule de Renseignement Financier (CRF)  
n=88  
More than 70% of Investment Firms  
currently registered with goAML are  
classified under the “PFS / Portfolio  
managementbusiness category.  
24% of other Investment Firms currently  
registered with goAML include the  
following business categories:  
“PFS / Reception and transmission  
of orders” (11%);  
“PFS / Investment advice” (8%);  
“PFS / Execution of orders on behalf  
of clients” (5%).  
Yearly evolution of reports filed by  
Investment Firms (2020-2024)  
Cellule de Renseignement Financier (CRF)  
For the 2020-2024 time period, filings  
made by Investment Firms were  
characterized by a large majority of  
SARs (87% of filed reports) and a low  
level of terrorist financing-related  
suspicious activity and transaction reports  
(1 TFAR filed in 2021).  
Cellule de Renseignement Financier (CRF)  
Overview of  
suspected predicate  
offences for  
Investment Firms  
Suspected predicate offences from reports filed by  
Investment Firms in 2024  
Cellule de Renseignement Financier (CRF)  
In 2024, 50% of suspected predicate offences from SARs/STRs filed by Investment Firms involved either tax offences, fraud  
(including attempts), or forgery and fraud.  
*“Unspecified” refers to suspicious activity or transactions reports for which an associated predicate offence could not be determined on receipt.  
Suspected predicate offences from reports filed by  
Investment Firms (2020-2024)  
Cellule de Renseignement Financier (CRF)  
Tax offence remains the most suspected predicate offence from Investment Firms’ filings for the 2020-2024 time period.  
However, suspicious reports by Investment Firms involving other predicate offences such as sanction evasion, forgery & fraud  
and embezzlement of public funds have been emerging since 2023, with a trend that continued in 2024.  
*“Unspecified” refers to suspicious activity or transactions reports for which an associated predicate offence could not be determined on receipt.  
Cellule de Renseignement Financier (CRF)  
ML/TF risk indicators  
for Investment Firms  
Main ML/TF risk indicators from reports filed by  
Investment Firms in 2024  
Cellule de Renseignement Financier (CRF)  
Inconsistencies regarding the KYC/KYT  
documentation  
Inconsistencies regarding the economic  
origin of funds  
Economic background of the account user  
Suspicious transaction pattern  
Reluctance  
to  
provide  
KYC/KYT  
documentation  
Open source indications and information  
Other  
In 2024, ML/TF risk indicators relating to KYC, KYT and source of funds (SoF) inconsistencies remained the most prevalent  
indicators from suspicious activity (SARs) and transaction reports (STRs) filed by Investment Firms.  
ML/TF risk indicators from reports filed by  
Investment Firms (2024 versus 2023)  
Cellule de Renseignement Financier (CRF)  
Although the main ML/TF risk indicators from reports  
filed by Investment Firms remained mostly the  
same, 2024 saw the relative (in %) increased  
mention of risk indicators relating, among others, to :  
Transactions involving high-risk jurisdictions  
(+137%);  
Business activity inconsistencies (+77%);  
Sanctions (+48%);  
Use of forged documents (+33%).  
In 2024, 30% of SARs/STRs from Investment Firms  
were filed because of a lack of client cooperation  
regarding KYC/KYT documentation (21%) or a lack  
of clarity on the source of funds or source of  
wealth (9%).  
Cellule de Renseignement Financier (CRF)  
ML/TF typologies and  
emerging trends for  
Investment Firms  
Main ML/TF typologies for  
Investment Firms in 2024 -  
Details  
Cellule de Renseignement Financier (CRF)  
Impersonation fraud  
Refers to client impersonation fraud, but also includes fake CEO  
or president fraud attempts;  
Portfolio managers get contacted, usually by email but also  
phone calls, by someone pretending to be the client and  
requesting a transfer (either partial or total) to be made to an  
account held abroad;  
Falsified documents are often attached to an email sent to the  
portfolio manager to appear as legitimate.  
Fictitious loans  
Involvement of one or several loans as the main source of funds  
being provided for investment financing purposes;  
These loans might be contracted between:  
a company and his sole UBO;  
an individual and a foreign PEP;  
sister companies held by a sole UBO;  
parents and children.  
Purposes of such loan schemes often include tax evasion.  
When companies are involved, it often includes wholly-owned  
offshore holding companies.  
Use of forged documents  
Apart from impersonation fraud cases, falsified or forged  
documents might used by a client to:  
legitimate the purpose of one or several transactions;  
legitimate the role of a specific counterparty that has  
initiated one or several transactions towards the client.  
Most frequently falsified documents include to-be-paid invoices  
to justify incoming fund transfers and pay slips.  
Transactions with third-party accounts or transit  
accounts  
The use of third-party transactions or transit accounts for money  
laundering purposes can occur in situations such as:  
The refunneling of funds to one or several third-party  
accounts for alleged purposes such as real estate  
purchases;  
Misuse of legal entities  
Situations that could be indicative of a money laundering scheme  
exploiting legal entities include:  
The use of complex multi-jurisdictional ownership  
structures without a clear rationale;  
The use of front companies to cover up illicit activities;  
Unjustified consecutive changes in shareholding and/or  
beneficial ownership.  
Fraudulent transactions made to third-party accounts;  
The use of transit accounts to funnel funds from  
seemingly unrelated third-parties.  
Emerging ML/TF trends for  
Investment Firms  
Cellule de Renseignement Financier (CRF)  
Fraud  
Artificial intelligence  
Client impersonation fraud, as well as fake CEO or president  
fraud remain a key emerging trend, mostly targeting individual  
accounts, i.e. where the direct client is a natural person, via an  
online or phone call solicitation regarding funds transfers to be  
sent abroad.  
The use of AI-powered tools for ML/TF purposes remains a threat  
to Investment Firms as those tools can be used to:  
Help falsifying existing legit documents;  
Generate forged documents from scratch;  
Gather relevant publicly available data for impersonation  
purposes.  
Third-party involvement  
These falsified or forged documents might then be used to justify:  
More transactions with third-parties implies higher ML/TF risks Fund transfers;  
especially when those third-parties appear as unrelated to the Personal or company loans;  
client, or with suspicious transactional activity or purpose etc.  
involving the client. Such situations might be indicative of funnel  
and/or transit accounts handling funds of potentially illicit origins.  
These trends are not necessarily independent, as they may also be linked together within the same ML/TF typology.  
Cellule de Renseignement Financier (CRF)  
Best practice  
guidance  
Best practice guidance –  
Practical recommendations  
Cellule de Renseignement Financier (CRF)  
CDD and file reviews timing  
SAR vs STR template  
Ultimate beneficial owner (UBO) identification  
The FIU noticed that many reports are made  
When reference is made to an activity, but  
An extract from the Register of Beneficial Owners following a remediation process or a review of the  
(RBE) does not replace the report of beneficial business relationship. When such reports only  
owner document that the professional asks its contain past data without an up-to-date analysis,  
client to sign. The FIU may request a copy of this the information therein is not actionable and will  
operations/transactions are described in the  
report, details of these operations/transactions,  
including dates, amounts, origin and destination  
accounts, etc., should be provided by completing  
an STR (and not a SAR).  
report.  
prompt the FIU to revert with requests for current  
information.  
Request for opinion  
SAR/STR completeness  
The FIU is not authorized to express any opinion  
on the legality/suitability of a transaction or entry  
into a business relationship. Responsibility for  
these decisions lies with the professional. As long  
as the FIU does not apply its blocking power, the  
professional only is responsible for its actions. The  
fact that the FIU closes a report without taking any  
further action at a given time in no way prejudges  
what may happen to that report, and can in no way  
be considered as an agreement by the FIU.  
Additional information  
Completeness when it comes to SARs and STRs  
means that a clear narrative of the situation AND  
all relevant documents shall be attached to the  
report sent to the FIU via goAML. Otherwise, the  
FIU will probably send a subsequent request for  
information, meaning more work for the  
professional, which could have been avoided in  
the first place.  
For data consistency, we would be grateful if you  
could send us additional information about a  
reported file via RIRT (for an STR) or RIRA (for a  
SAR).  
Cellule de Renseignement Financier (CRF)  
Q&As  
Cellule de Renseignement Financier (CRF)  
Thank you for your attention!  
Have other questions?  
Please email us at crf@justice.etat.lu  
5
Regulatory evolution  
(AML/CFT package)  
Vincent RENAUD  
Jurist, AML/CFT coordination, Legal  
department, CSSF  
90  
Update on the new AML/CFT  
package - Introduction  
Official adoption of the 3 remaining texts of the  
AML/CFT package on 19.06.2024  
Regulation (EU) 2024/1624 (‘AMLR’),  
Directive (EU) 2024/1640 (‘AMLD6’),  
Regulation (EU) 2024/1620 (‘AMLAR’)  
[+ Regulation (EU) 2023/1113 on information  
accompanying transfers of funds and certain crypto-  
assets (‘TFR’)]  
Date of application (for the most part): 10 July 2027  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
91  
Update on the new AML/CFT  
package - Introduction  
Establishment of AMLA  
Role of harmonisation  
Issuance of:  
RTS/ITS  
Guidelines  
(Public consultations)  
Direct supervisor for a limited number of obliged entities  
Timeline:  
S1 2025: Executive Board appointed  
End of 2025: Transfer of EBA’s AML/CFT tasks to AMLA  
2026: most RTS to be presented to COM, Guidelines to be  
issued  
2027: selection of 40 obliged entities  
2028: start of direct supervision by AMLA  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
92  
Update on the new AML/CFT  
package - Introduction  
Chair of AMLA  
Bruna Szego, formerly Head of the AML Supervision and  
Regulation Unit at Banca d’Italia  
General Board  
Representatives of national supervisors and FIUs (2 pillars)  
Executive Board  
Simonas Krepsta (Lithuania)  
Juan Manuel Vega Serrano (Spain)  
Derville Rowland (Ireland)  
Marcus Pleyer (Germany)  
Rikke-Louise Petersen (Denmark)  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
93  
Update on the new AML/CFT  
package  
Topics  
Selection process for direct supervision by AMLA  
Geographical exposure in AMLR  
Targeted Financial Sanctions  
Public consultations on RTS  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
94  
Update on the new AML/CFT  
package  
Supervisory framework  
Selection process for direct supervision by AMLA  
Articles 12 and 13 (and 77) of AMLAR  
Eligibility (1) : presence in at least 6 MS (through establishments  
and/or freedom to provide services)  
eligible obliged entities under this criteria subject to fees for AMLA  
RTS on minimum activities for freedom to provide services to be  
considered  
Eligibility (2) : obliged entities that are assessed as high risk (pursuant to  
AMLA methodology)  
Selection (1) : obliged entities operating in the highest number of MS  
(via establishments and/or freedom to provide services)  
If criteria of selection (1) is not sufficient, Selection (2): obliged entities that  
have the highest ratio of transactions with third countries (to the total  
volume of transactions)  
At least 1 obliged entity directly supervised per MS  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
95  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (entity level)  
Group wide requirements (Articles 16, 9, 10 AMLR)  
Article 16 AMLR:  
‘requirements on internal procedures, risk assessment and staff  
(…) apply in all branches and subsidiaries of the group in the  
Member States and, for groups whose head office is located in  
the Union, in third countries’  
‘The group-wide policies, procedures and controls and the group-  
wide risk assessments (…) shall include all the elements listed in  
Articles 9 and 10, respectively’  
Article 9, §2 AMLR (Scope of internal policies, procedures and  
controls):  
‘carrying out and updating of the business-wide risk assessment’  
risk management framework’  
CDD  
reporting of suspicious transactions’  
outsourcing and reliance on CDD performed by other OEs  
record retention  
a policy on the training of employees, etc.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
96  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (entity level)  
Group wide requirements (Articles 16, 9, 10 AMLR)  
Article 10 AMLR (Business-wide risk assessment):  
Obliged entities shall take appropriate measures, proportionate to the  
nature of their business, including its risks and complexity, and their size,  
to identify and assess the risks of money laundering and terrorist financing  
to which they are exposed, as well as the risks of non-implementation and  
evasion of targeted financial sanctions, taking into account at least:’  
the risk variables  
findings of the risk assessment at Union level  
findings of the national risk assessments and any relevant sector-  
specific risk assessment carried out by the Member States  
relevant information published by international standard setters in the  
AML/CFT area or, at the level of the Union, relevant publications by the  
Commission or by AMLA  
information on ML/TF risks provided by competent authority  
information on the customer base  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
97  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (entity level)  
Branches and subsidiaries in third countries (Article 17 AMLR)  
1. Where branches or subsidiaries of obliged entities are located in third countries  
where the minimum AML/CFT requirements are less strict than those set out in  
this Regulation, the parent undertaking shall ensure that those branches or  
subsidiaries comply with the requirements laid down in this Regulation,  
including requirements concerning data protection, or equivalent.  
Reminder:  
2. Where the law of a third country does not permit compliance with this  
Regulation, the parent undertaking shall take additional measures to ensure  
that branches and subsidiaries in that third country effectively handle the risk of  
money laundering or terrorist financing, and shall inform the supervisors of its home  
Member State of those additional measures. Where the supervisors of the home  
Member State consider that the additional measures are not sufficient, they  
shall exercise additional supervisory actions, including requiring the group  
not to enter into any business relationship, to terminate existing ones or  
not to undertake transactions, or to close down its operations in the third  
country.  
Article 4-1 (4) of the AML/CFT Law  
‘(…) If the additional measures are not  
sufficient, the supervisory authorities  
and self-regulatory bodies shall exercise  
additional supervisory actions, including  
requiring that the group does not  
establish or that it terminates business  
relationships, and does not undertake  
transactions and, where necessary,  
requesting the group to close down its  
operations in the third country.’  
RTS to be issued on the additional measures, including on the minimum action  
to be taken by OEs where the law of the 3rd country does not permit the  
implementation of the group-wide requirements  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
98  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (entity level)  
Outsourcing  
Article 18, §6 AMLR :  
obliged entities shall not outsource tasks deriving from the  
requirements under this Regulation to service providers residing  
or established in third countries identified pursuant to Section 2  
of Chapter III, unless all of the following conditions are met:  
(a) the obliged entity outsources tasks solely to a service provider  
that is part of the same group;  
(b) the group applies AML/CFT policies and procedures,  
customer due diligence measures and rules on record-keeping  
that are fully in compliance with this Regulation, or with  
equivalent rules in third countries;  
(c) the effective implementation of the requirements referred  
to in point (b) of this paragraph is supervised at group level by  
the supervisory authority of the home Member State in  
accordance with Chapter IV of Directive (EU) 2024/1640.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
99  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (notions)  
Third countries identified pursuant to Section 2 of Chapter  
III of AMLR  
Article 29 AMLR: definition of high-risk third countries (list of  
third countries with significant strategic deficiencies in their  
national AML/CFT regimes, issued by EU Commission, taking  
especially into account FATF lists)  
Article 30 AMLR: third countries with compliance weaknesses in  
their national AML/CFT regimes (list issued by EU Commission)  
Article 31 AMLR: third countries posing a specific and serious  
threat to the Union’s financial system (list issued by EU  
Commission)  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
100  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (customer level)  
Third countries identified pursuant to Section 2 of Chapter  
III of AMLR  
Article 29 AMLR: high-risk third countries (third countries with  
significant strategic deficiencies in their national AML/CFT  
regimes)  
Application of EDD measures listed in Article 34(4) with  
respect to the business relationships or occasional transactions  
involving natural or legal persons from such country  
Article 30 AMLR: third countries with compliance weaknesses in  
their national AML/CFT regimes  
Application of the specific EDD measures referred to in the EU  
Commission’s delegated act  
Article 31 AMLR: third countries posing a specific and serious  
threat to the Union’s financial system  
Application of the specific EDD measures referred to in the EU  
Commission’s delegated act  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
101  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (customer level)  
EDD measures (Article 34, §4 AMLR)  
(a) obtaining additional information on the customer and the beneficial owners;  
(b) obtaining additional information on the intended nature of the business  
relationship;  
(c) obtaining additional information on the source of funds, and source of wealth of  
the customer and of the beneficial owners;  
Reminder:  
Current legal framework on high-risk  
countries, especially to be found in:  
(d) obtaining information on the reasons for the intended or performed transactions  
and their consistency with the business relationship;  
(e) obtaining the approval of senior management for establishing or continuing the  
business relationship;  
-Article 3-2 (2) of the AML/CFT Law  
-Article 3 (1) of the AML/CFT Grand-  
Ducal Regulation  
(f) conducting enhanced monitoring of the business relationship by increasing the  
number and timing of controls applied, and selecting patterns of transactions that  
need further examination;  
-Article 31 of CSSF Regulation 12-02  
(g) requiring the first payment to be carried out through an account in the  
customer’s name with a credit institution subject to customer due diligence  
standards that are not less robust than those laid down in this Regulation.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
102  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Geographical exposure (customer level)  
Additional measures to be decided by Commission  
Article 35 AMLR  
Measures to be applied by obliged entities  
Additional EDD elements  
introduction of enhanced relevant reporting mechanisms or  
systematic reporting of financial transactions’  
limitation of business relationships or transactions with natural  
persons or legal entities from those third countries’  
Measures to be applied by MS  
refusing the establishment of subsidiaries or branches or  
representative offices of obliged entities from the country  
concerned’  
prohibiting obliged entities from establishing branches or  
representative offices in the third country concerned’  
requiring increased external audit requirements for financial  
groups with respect to any of their branches and subsidiaries  
located in the third country concerned’  
Etc.  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
103  
Update on the new AML/CFT  
package  
Obligations of professionals/obliged entities  
Targeted Financial Sanctions (TFS)  
Scope of AML/CFT internal policies, procedures and  
controls explicitly includes mitigation and management  
of risks of non-implementation and evasion of TFS  
(Article 9, 1., (b) AMLR)  
TFS included in business-wide risk assessment (Article 10,  
1. AMLR)  
TFS explicitly included in the tasks of the Compliance  
officer (Article 11, 2. AMLR)  
Recital (33) AMLR: ‘The risk-sensitive nature of AML/CFT  
measures related to targeted financial sanctions does not  
remove the rule-based obligation incumbent upon all  
natural or legal persons in the Union to freeze and not  
make funds or other assets available, directly or  
indirectly, to designated persons or entities.’  
Private banking as a higher risk factor:  
Annex III, (2), (a) AMLR // Annex IV, 2), a) AML/CFT Law  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
104  
Update on the new AML/CFT  
package  
Public consultations by the EBA (until 06.06.2025)  
Call for advice from EU Commission, first drafts by  
EBA to be handed to AMLA  
Draft RTS on the assessment of the inherent and residual risk profile  
of obliged entities under Article 40(2) of AMLD6  
Draft RTS on the risk assessment for the purpose of selection  
(…) for direct supervision (by AMLA) under Article 12(7) of AMLAR  
Draft RTS on CDD under Article 28(1) of AMLR  
Draft RTS on pecuniary sanctions, administrative measures and  
periodic penalty payments under Article 53(10) of AMLD6  
28 March 2025  
2025 AML/CFT Conference dedicated to Investment Firms  
105  
Thank you for your  
attention!  
28 March 2025  
6
Closing remarks  
Claude MARX  
Director General, CSSF  
107  
Thank you for your  
attendance!