Ruling [LUX] ¦ Luxembourg Court Approves Settlement with Accounting Firm over AML Failings

Case background and procedural posture

The Tribunal d’arrondissement of Luxembourg, twenty-third chamber, delivered a judgment on an agreement dated 22 October 2025 after a public hearing following the law of 24 February 2015 on judgments by agreement. The prosecution brought charges against an expert accountant firm (here anonymised as SOCIETE1.) SARL) for breaches of Luxembourg’s anti‑money‑laundering and counter‑terrorist financing regime. The firm voluntarily appeared and accepted a negotiated disposition reached with the Procureur d’Etat. The underlying investigation was triggered by police reports and a judicial information file that identified shortcomings in client due diligence, internal organisation and cooperation with authorities.

Factual core of the offences

The police anti‑money laundering unit identified failures in SOCIETE1.)’s compliance with statutory obligations to know its clients and to manage AML/CTF risk. Key findings showed that SOCIETE1.) provided accounting services and prepared annual accounts for an entity (SOCIETE4.) on behalf of another client (SOCIETE3.) without establishing a proper KYC file for SOCIETE4.). For SOCIETE3.), the firm had entered into a business relationship in 2011 but did not carry out a documented risk assessment until 26 October 2017. Where adverse information existed – notably that the beneficial owner of SOCIETE3.) had been sanctioned by the French market regulator in 2010 – the firm failed to document the reason for the sanction, to re‑assess the client’s risk profile appropriately, or to submit a suspicious activity report to the national financial intelligence unit (CRF). The organisation’s internal AML procedures were inadequate for significant periods, and staff training records were limited. During a search and seizure operation, investigative authorities collected documents demonstrating these gaps.

Bastian Schwind-Wagner _Follow

"This Luxembourg judgment underscores that documentation and timely risk assessments are not optional: firms must record why they accept a client and how client risk is managed, and must act when adverse information emerges. Even longstanding procedural gaps can lead to criminal liability when authorities uncover failures during targeted investigations.

Regulated professionals should treat AML/CTF obligations as operational priorities, ensuring policies are tailored, staff are trained, and suspicious activity is reported without delay. Doing so reduces legal exposure and protects the firm’s reputation and its clients."

Legal characterisation and applicable law

The conduct was prosecuted as breaches of the amended law of 12 November 2004 on the fight against money laundering and the financing of terrorism (AML/CFT Law), specifically:

• failures of client vigilance under articles 3, 3-1, 3-2 and 3-3;
• inadequate internal organisation under article 4; and
• failure to cooperate with authorities under article 5.

The indictment also noted that, while the targeted conduct implicated risk assessment obligations introduced in 2018 (article 2-2), the temporal application meant the primary offences were framed under the pre‑existing vigilance provisions (articles 3 and following). Under article 9 of the AML/CFT Law, the statutory fine range is broad; for legal persons the applicable ceiling may be doubled under the penal code.

Prescription and discoverability

The judgment addressed prescription: AML/CTF breaches by regulated professionals were treated as potentially clandestine or occult offences. The court followed recent higher‑court reasoning that the limitation period begins when the offence becomes discoverable in a manner that enables prosecution. Here, the misconduct only came to light through targeted investigatory action; consequently the prosecution was not time‑barred.

Admissions and sentencing

SOCIÉTE1.) pleaded guilty within the negotiated framework to being the author of the breaches and admitted specific shortcomings:

• failing to maintain ongoing vigilance toward clients with signs of elevated risk;
• failing to implement adequate AML/CTF procedures over a prolonged period; and
• failing to inform the CRF when suspicious circumstances existed.

Taking account of the age of the conduct, remedial measures taken and a clean criminal record, the court accepted the agreement and imposed a monetary penalty of €12,500. The court ordered confiscation of all documents seized during the search as evidence, and condemned the firm to cover prosecution costs, which were liquidated at a small amount in the file.

Enforcement and remedial implications for regulated professionals

This judgment illustrates several practical compliance lessons for accounting and fiduciary service providers operating in Luxembourg and similar jurisdictions. Firms must document risk assessments at client onboarding and review those assessments at appropriate intervals or upon receipt of adverse information. Where adverse media or regulatory sanctions affect a beneficial owner, a documented analysis of the sanction’s nature and origin is required, together with a reclassification of client risk and, if appropriate, a filing with the FIU. Internal AML policies must be tailored to the firm’s structure and capacity, kept current, and supported by demonstrable staff training. Relying on client‑provided documentation or operating with mere read‑only access to another entity’s files does not absolve a service provider from conducting its own KYC and risk evaluation. Finally, cooperation with authorities, including a timely suspicious activity report (SAR) when justified, is a standalone legal duty; failing to report can itself attract criminal liability.

Broader regulatory context and risk management takeaways

Regulatory evolution in Luxembourg has progressively reinforced the centrality of documented risk assessment and proportional, risk‑based due diligence. The court’s treatment of prescription emphasises that concealment of procedural omissions by regulated professionals can delay the start of limitation periods, increasing the practical window for enforcement when investigative triggers occur.

Firms should therefore prioritise:

• a written, risk‑based AML program;
• onboarding and periodic review workflows that generate auditable evidence;
• incident escalation protocols for adverse findings; and
• records retention that meets statutory minimums.

Senior management must ensure delegated responsibilities are effective in practice and not only on paper, and external audit or compliance reviews should verify that procedures are applied consistently across client segments, including when services are provided through or for third parties.

Conclusion

The SOCIETE1.) decision is a cautionary example showing that failures in basic KYC, risk assessment and reporting obligations can result in criminal conviction of legal persons, even when the fine imposed may appear modest relative to statutory maxima. The enforcement focus remains on ensuring that regulated professionals implement, document and enforce proportionate AML measures; doing so mitigates legal, reputational and operational risk and is essential to maintain trust in the financial services ecosystem.

Dive deeper

• La Justice Grand Duché de Luxembourg ¦ Décisions intégrales des juridictions judiciaires ¦ Link