15 November 2025
FATF ¦ R.11 Record-Keeping
Recommendation 11: The Backbone of Effective Financial Crime Compliance
Accurate, timely record-keeping is more than a regulatory checkbox — it is the foundation of an institution’s ability to detect, investigate, and prosecute financial crime. Financial institutions should maintain all necessary records on domestic and international transactions for at least five years. These records must be sufficiently detailed to reconstruct any individual transaction, including amounts and currency types, enabling swift responses to competent authorities and supporting evidentiary needs in criminal proceedings.
Customer Due Diligence: Documentation That Endures
Beyond transactional data, the integrity of Customer Due Diligence (CDD) documentation is vital. Institutions should retain CDD records — copies of official identification (passports, identity cards, driving licences), account files, and business correspondence — for at least five years after a business relationship ends or after the date of an occasional transaction. This retention must also cover analytical outputs, such as inquiries into the background and purpose of complex or unusually large transactions, ensuring that risk assessments are traceable and defensible.
Legal Mandate and Availability to Authorities
Laws should obligate institutions to maintain both transaction records and CDD information, ensuring that these materials are readily accessible to domestic competent authorities upon appropriate authorization. Availability is as important as retention: institutions need systems that guarantee prompt retrieval without compromising data integrity or privacy.
Operationalizing Compliance
Effective compliance demands disciplined data governance, secure storage, and clear retrieval protocols. Institutions that invest in these capabilities enhance investigative cooperation, reduce regulatory risk, and strengthen their resilience against financial crime.
FATF Ratings Overview
Luxembourg ¦ FATF Effectiveness & Technical Compliance Ratings
Anti-money laundering and counter-terrorist financing measures
Luxembourg Mutual Evaluation Report, September 2023
This assessment was adopted by the FATF at its June 2023 Plenary meeting and summarises the anti-money laundering and counter-terrorist financing (AML/CFT) measures in place in Luxembourg as at the date of the on-site visit: 2-18 November 2022.
Table 1. Effectiveness Ratings
Note: Effectiveness ratings can be either a High- HE, Substantial- SE, Moderate- ME, or Low – LE, level of effectiveness.
IO1 Risk, policy and coordination
Money laundering and terrorist financing risks are identified, assessed and understood, policies are co-operatively developed and, where appropriate, actions co-ordinated domestically to combat money laundering and the financing of terrorism.
Substantial
IO2 International cooperation
International co-operation delivers appropriate information, financial intelligence and evidence, and facilitates action against criminals and their property.
Substantial
IO3 Supervision
Supervisors appropriately supervise, monitor and regulate financial institutions and VASPs for compliance with AML/CFT requirements, and financial institutions and VASPs adequately apply AML/CFT preventive measures, and report suspicious transactions. The actions taken by supervisors, financial institutions and VASPs are commensurate with the risks.
Moderate
IO4 Preventive measures
Supervisors appropriately supervise, monitor and regulate DNFBPs for compliance with AML/CFT requirements, and DNFBPs adequately apply AML/CFT preventive measures commensurate with the risks, and report suspicious transactions.
Moderate
IO5 Legal persons and arrangements
Legal persons and arrangements are prevented from misuse for money laundering or terrorist financing, and information on their beneficial ownership is available to competent authorities without impediments.
Substantial
IO6 Financial intelligence
Financial intelligence and all other relevant information are appropriately used by competent authorities for money laundering and terrorist financing investigations.
Substantial
IO7 ML investigation & prosecution
Money laundering offences and activities are investigated, and offenders are prosecuted and subject to effective, proportionate and dissuasive sanctions.
Moderate
IO8 Confiscation
Asset recovery processes lead to confiscation and permanent deprivation of criminal property and property of corresponding value.
Moderate
IO9 TF investigation & prosecution
Terrorist financing offences and activities are investigated and persons who finance terrorism are prosecuted and subject to effective, proportionate and dissuasive sanctions.
Substantial
IO10 TF preventive measures & financial sanctions
Terrorists, terrorist organisations and terrorist financiers are prevented from raising, moving and using funds.
Moderate
IO11 PF financial sanctions
Persons and entities involved in the proliferation of weapons of mass destruction are prevented from raising, moving and using funds, consistent with the relevant UNSCRs.
Moderate
Table 2. Technical Compliance Ratings
Note: Technical compliance ratings can be either a C – compliant, LC – largely compliant, PC – partially compliant or NC – non compliant.
R.1 Assessing Risks and applying a Risk-Based Approach
C – compliant
R.2 National Co-operation and Co-ordination
C – compliant
R.3 Money laundering offence
C – compliant
R.4 Confiscation and provisional measures
LC – largely compliant
R.5 Terrorist financing offence
C – compliant
R.6 Targeted financial sanctions related to terrorism and terrorist financing
LC – largely compliant
R.7 Targeted financial sanctions related to proliferation
LC – largely compliant
R.8 Non-profit organisations
PC – partially compliant
R.9 Financial institution secrecy laws
C – compliant
R.10 Customer due diligence
C – compliant
R.11 Record-keeping
C – compliant
R.12 Politically exposed persons
C – compliant
R.13 Correspondent banking
C – compliant
R.14 Money or value transfer services (MVTS)
C – compliant
R.15 New technologies
LC – largely compliant
R.16 Payment transparency
C – compliant
R.17 Reliance on third parties
C – compliant
R.19 Higher-risk countries
C – compliant
R.20 Reporting of suspicious transactions
C – compliant
R.21 Tipping-off and confidentiality
C – compliant
R.22 DNFBPs: Customer due diligence
C – compliant
R.23 DNFBPs: Other measures
C – compliant
R.24 Transparency and beneficial ownership of legal persons
LC – largely compliant
R.27 Powers of supervisors
C – compliant
R.28 Regulation and supervision of DNFBPs
C – compliant
R.29 Financial intelligence units
C – compliant
R.30 Responsibilities of law enforcement and investigative authorities
LC – largely compliant
R.32 Cash Couriers
LC – largely compliant
R.33 Statistics
LC – largely compliant
R.34 Guidance and feedback
C – compliant
R.35 Sanctions
LC – largely compliant
R.36 International instruments
LC – largely compliant
R.37 Mutual legal assistance
C – compliant
R.38 Mutual legal assistance: freezing and confiscation
C – compliant
R.39 Extradition
C – compliant
R.40 Other forms of international co-operation
LC – largely compliant
Dive deeper
EU Sanctions Helpdesk
The EU Sanctions Helpdesk platform supports European operators in complying with European Union restrictive measures (also known as sanctions) imposed worldwide.
Aimed primarily at Small and Medium-sized Enterprises (SMEs), the Helpdesk offers resources and personalised help to companies performing sanctions due diligence checks.
What else?
