AML/CFT Conference 3 December 2019 summary

Luxembourg is the leading Investment funds (also called Collective Investments) centre in terms of assets under management in Europe.

In this context the publication of the Luxembourg’s National Risk Assessment on Money Laundering and Terrorist Financing risks (hereafter “NRA”) in December 2018, showed that the Collective Investment Sector had an inherent risk of ML/TF rated as “High”.

As per Article 2-1 of the Law of 12 November 2004 as amended (“the AML Law”), the CSSF is notably competent for the AML/CFT supervision of Registered AIFMs and Self-Managed Non-AIFs.

In this context, the CSSF launched for this target group an AML/CFT questionnaire in 2019 based on data as of 31 December 2018 with the purpose to collect AML/CFT related data, perform an AML/CFT scoring at entity level, and, last but not least, raise the awareness of those professionals on some key AML/CFT elements.

The analysis of the answers provided showed that generally speaking the Registered AIFMs and Self-Managed Non-AIFs had a sound AML/CFT framework while there were some outliers.

Nevertheless, based on discussions with those professionals in addition to the analysis of the questionnaires, the CSSF has identified areas of improvement or areas where further guidance was required:

1. Beneficial Owner (there is always one!)

There is always a Beneficial Owner and it is always a natural person.

Additional information is provided in Article 1(7) of the AML Law.

2. Procedures (the mandatory bricks of an efficient AML/CFT framework)

Procedures are crucial to setting-up an efficient AML/CFT control framework. In practice, these were implemented by most of the registered AIFMs and self-managed non-AIFs.

AML/CFT procedures should be tailor-made and continuously updated with the aim of reflecting changes to the regulatory framework as well as internal changes.

Procedures are more than pieces of paper, they are there to ensure that the professional has a lifeline to perform coherent and homogeneous AML/CFT controls commensurate with its inherent ML/TF risks. Therefore, there is no one-size-fits-all AML/CFT procedure.

Additional information is provided in Article 4(1) of the AML Law.

3. Risk based approach (the mortar of an efficient AML/CFT framework)

A Risk Based Approach (hereafter “RBA”) should be used as a tool to optimize the use of resources and ensure that controls are commensurate with the inherent ML/TF risks faced by a professional. The higher the risk, the more controls need to be implemented.

As of 31 December 2018 there were still some registered AIFMs and self-managed Non-AIFs which did not have the mandatory RBA.

The CSSF underlines that ML/TF risk assessments are mandatory pursuant to Article 2-2 of the AML/CFT Law and should hence not be considered as being “optional”.

4. AML/CFT TRAININGS (Arming all your lines of defences)

The mere implementation of AML/CFT trainings is not considered as being sufficient. Indeed, trainings must be tailormade to the services offered by the entities and strengthened by including specific typologies adapted to the fund industry.

AML/CFT trainings are mandatory and since the Collective Investment sector is inherently High risk in terms of ML/TF, the CSSF considers a yearly training mandatory.

The CSSF expects to see a significant improvement in terms of training curriculum in the CIS in the following year.

Additional information may be found in Article 4 of the AML Law.

5. Name screening on Targeted Financial Sanctions (Acting as a gatekeeper)

The analysis of the questionnaire revealed that the frequency of the Targeted Financial Sanctions screening (e.g. European Union and United Nations sanctions lists) could still be improved in order to ensure that immediate notifications would be made by the professionals to the competent authorities in case of confirmed hit.

Additional information can be found on the website of the Ministry of Finance (https://mfin.gouvernement.lu/en/dossiers/2018/sanctions-financiaires-internationales.html)

6. Transactions Monitoring (Not just for the happy few!)

The Transaction Monitoring is essential in detecting unusual transactions that must be investigated to detect potential suspicion of ML/TF.

Transactions monitoring must be performed on all investors.

In case of delegation of this control to a third party (e.g. a third party Registrar Transfer Agent), an oversight on the delegate must be conducted by the professional that retains responsibility.

7. Cooperation with the Financial Intelligence Unit (Go AML!)

As per Article 5 of the AML Law, professionals must communicate without delay their suspicions of ML/TF to the Luxembourg Financial Intelligence Unit.

In order to comply with said requirements, professionals must be registered on the GoAML platform which requires a LuxTrust token.

Additional information can be found on the website of the Luxembourg Financial Intelligence Unit (https://justice.public.lu/fr/organisation-justice/crf.html)

Closing remarks (Last but not least)

The CSSF wishes to thank all the participants to the conference and takes this opportunity to draw the attention of the reader to the communiqué published on 28 November 2019 regarding the launch of next year’s AML/CFT questionnaire

For further information please contact the OPC AML team at aml_cft_reg@cssf.lu

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
cssf_profile	This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers).	1 year
pll_language	This cookie saves the user’s language choice.	1 year

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes