Administrative sanction of 24 December 2024 for non-  
compliance with professional obligations related to “anti-  
money laundering / counter financing of terrorism”  
Luxembourg, 03 April 2025  
Administrative decision  
On 24 December 2024, following an on-site inspection, the CSSF imposed an administrative fine  
amounting to EUR 14,000 (fourteen thousand) on “****************** S.A.” (the “Investment  
Firm”), authorised as investment firm according to the provisions of Articles 24-1, 24-2, 24-3, 24-  
4 and 24-5 and of ancillary services 1 and 4 listed in section C of the annex II of the amended Law  
of 5 April 1993 on the financial sector.  
Legal framework/motivation  
The administrative fine was imposed by the CSSF pursuant to Article 2-1(1) of the amended Law of  
12 November 2004 on the fight against money-laundering and terrorist financing (the “AML/CFT  
Law”) read in conjunction with the provisions of Article 8-4(1), (2) and (3) of the AML/CFT Law for  
non-compliance with anti-money laundering / counter-financing of terrorism (“AML/CFT”)  
professional obligations.  
In order to determine the type and amount of the administrative sanction, the CSSF duly took into  
account all the legal and factual elements set out and discussed, the gravity and duration of the  
breaches, the limited scope of the on-site inspection and the financial situation of the Investment  
Firm at the time of the on-site inspection, in accordance with the provisions of Article 8-5(1) of the  
AML/CFT Law.  
The CSSF draws the public's attention to the fact that the Investment Firm decided to cease its  
activities in Luxembourg on 1 January 2024 and transferred all its clients to a foreign legal entity on  
31 December 2023. The voluntary liquidation of the Investment Firm was decided on 18 September  
2024. The decision taken by the Investment Firm to terminate its activities in Luxembourg had no  
link with this administrative sanction. The Investment Firm has been removed from the official list  
of the entities authorised and supervised by the CSSF on 18 October 2024.  
The professional obligations in relation to which the breaches were observed are namely quoted in  
the relevant provisions of:  
(i)  
the AML/CFT Law;  
(ii)  
the amended Grand-ducal Regulation of 1 February 2010 (the “AML/CFT Grand-ducal  
Regulation”), providing details on certain provisions of the AML/CFT Law; and  
ADMINISTRATIVE SANCTION  
1/3  
(iii)  
The amended CSSF Regulation No 12-02 of 14 December 2012 on the fight against  
money laundering and terrorist financing (the “CSSF Regulation No 12-02”) which  
constitutes an implementing measure of the AML/CFT Law,  
in their version applicable at the time of the on-site inspection.  
Legal bases for the publication  
This publication is made pursuant to the provisions of Article 8-6(1) of the AML/CFT Law on a  
nominative basis, the CSSF having considered that none of the legal exceptions provided for in  
Article 8-6(1) of the AML/CFT Law is applicable.  
Context and breaches of the professional obligations  
identified  
This administrative fine is the result of an on-site inspection carried out by the CSSF on the  
Investment Firm between 8 February 2023 and 9 October 2023 covering the AML/CFT framework  
focusing on the risk-based approach, on the customer due diligence measures and on the adequate  
internal organisation and governance. During the on-site inspection, the CSSF identified breaches to  
the AML/CFT professional obligations applicable to the Investment Firm which related in particular  
to the following points:  
In the context of the applied customer due diligence measures, the CSSF identified that the  
information and, when necessary, the documentation on the origin of funds were insufficient  
for several clients, especially considering that (i) the amount of deposits self-declared by the  
client or the deposits actually made were high compared to the amount of deposits usually  
made by the clients and (ii) several transactions had been highlighted in alerts or a review  
of the business relationships had been performed, which in both cases should have triggered  
a deeper analysis on the origin of funds.  
Such cases constitute a failure to comply with the provisions of point (d) of Article 3(2) of  
the AML/CFT Law and Article 24 of the CSSF Regulation No 12-02 which insists on the  
obligation to gather, register, analyse and understand the information on the origin of the  
customer’s funds and, when necessary, to obtain supporting evidence. Such information  
would have enabled the Investment Firm to ensure that transactions were consistent with  
its knowledge of the clients on an ongoing basis.  
The CSSF further noted that the periodic review exercise had not been performed in 2022  
for a relatively high percentage of clients being classified as high and very high risk,  
constituting a failure to comply with the provisions of point (d) of Article 3(2) and Article  
3(5) of the AML/CFT Law, further specified by Article 1(4) of the AML/CFT Grand-ducal  
Regulation and Article 35(1) of the CSSF Regulation No 12-02 which explicitly foresees an  
annual review of high-risk business relationships. This control contributes to the appropriate  
application of enhanced customer due diligence measures to these clients, to manage and  
mitigate a higher risk of money laundering or terrorist financing appropriately.  
ADMINISTRATIVE SANCTION  
2/3  
The CSSF also identified that for the names of new clients being uploaded into the client  
database on a weekly basis for daily name screening purposes, no name screening controls  
occurred between the entry into business relationship date and the upload of the names into  
the client database that could take up to one week. This approach and the absence of  
alternative control during this period of time constitute a failure to comply with point (d) of  
Article 3(2) of the AML/CFT Law and Articles 33(1) and (2) and 39(1) of the CSSF Regulation  
No 12-02 as the Investment Firm would not have been able to detect States, persons,  
entities and groups subject to prohibitions and restrictive measures in financial matters  
without delay, to apply such restrictive measures and to inform the authorities competent  
for financial sanctions, also without delay.  
The internal governance framework was deficient, in particular with regard to the  
Compliance function which did not perform controls, or at least did not duly formalize them,  
on the appropriate treatment of transaction monitoring and name screening alerts by  
employees that were not part of the Compliance function. In addition, the Compliance  
function did not appropriately escalate identified shortcomings to the Management and to  
the Board of Directors or to the Risk Compliance and Audit Committee. These elements  
constitute a breach of respectively Articles 39(7) and 42(5) of the CSSF Regulation No 12-  
02 which highlight i.a. the importance of implementing governance arrangements with  
respect to AML/CFT which shall follow the three lines of defence model and foresee that the  
Compliance function verifies the controls carried out by the first line of defense to ensure  
compliance with the AML/CFT policy.  
In addition, the CSSF noted that the outsourcing of day-to-day compliance tasks to an entity  
of the same group, in particular the review of the transaction monitoring alerts, was not  
documented in any contract or outsourcing agreement. Moreover, at the beginning of the  
on-site inspection, the Compliance function did not monitor the obligations of this third-party  
delegate. This resulted in a breach of Article 3-3(5) of the AML/CFT Law and Article 37(1)  
and (2) of the CSSF Regulation No 12-02 which foresee regular control of compliance with  
the commitments arising from the outsourcing contract, in particular to gain comfort on the  
compliance of the outsourced tasks and the adequacy of the resources used.  
Finally, the CSSF noticed that the AML/CFT training that was provided to the employees of  
the Investment Firm only made reference to the UK regulations and was therefore not  
adapted to the laws and regulations applicable in Luxembourg. This constitutes a failure to  
comply with Article 4(2) of the AML/CFT Law and Article 46(3) of the CSSF Regulation No  
12-02 which foresee that where the professionals adopt a training developed abroad, they  
are required to adapt it to the legal and regulatory rules applicable in Luxembourg, so that  
local employees complete a training tailored to the country in question and to the money  
laundering/terrorist financing typologies to which this one is exposed to.  
ADMINISTRATIVE SANCTION  
3/3