CSSF circular

Restrictive measures of the EU in response to the current situation in Ukraine

Circular letter to all persons and entities supervised by the CSSF

The CSSF would like to draw the attention of the professionals of the financial sector subject to its supervision to the restrictive measures decided by the European Union in this respect, in particular to those that were adopted and entered into force on 23 February 2022, 25 February 2022 and 28 February 2022, as well as to those which will be taken by the European Union in the future.

As a result, amendments as regards the financial restrictive measures have recently been made to the existing European regulations, i.e.:

  • to Council Regulation (EU) No 269/2014, notably by first adding to Annex I three hundred and fifty-eight persons (mainly members of the State Duma) and four entities to the list of persons, entities and bodies which are subject to financial and other restrictive measures, and by adding subsequently the members of National Security Council who supported Russia’s immediate recognition of the two self-proclaimed republics Donetsk and Luhansk, the persons who facilitated the Russian military aggression from Belarus, as well as those members of the State Duma not yet included in that list who ratified the government decisions of the “Treaty of Friendship, Cooperation and Mutual Assistance between the Russian Federation and the Donetsk People’s Republic and between the Russian Federation and the Luhansk People’s Republic”. The President of the Russian Federation, Vladimir Vladimirovich Putin, and the Minister for Foreign Affairs of the Russian Federation, Sergey Viktorovich Lavrov, are also included in that list;
  • as well as to Council Regulation (UE) No 833/2014 by imposing, inter alia, further restrictive measures prohibiting the financing of Russia, its government and its Central Bank, and prohibiting transactions related to the management of reserves as well as of assets of the Central Bank of Russia, including transactions with any legal person, entity or body acting on behalf of, or at the direction of, the Central Bank of Russia.

We also draw professionals’ attention to the new Council Regulation (EU) 2022/263 of 23 February 2022 concerning restrictive measures in response to the recognition of the non-government controlled areas of the Donetsk and Luhansk oblasts of Ukraine and the ordering of Russian armed forces into those areas. This EU Regulation lays down new rules on penalties imposing restrictions on economic relations with the non-government controlled areas of the Donetsk and Luhansk oblasts of Ukraine.

The full measures were published in the Official Journal of the European Union of 23 February 2022, 25 February 2022 and 28 February 2022 and are also available on the CSSF’s website under the following dedicated links:

International financial sanctions (under Ukraine/Russia)

Ukraine crisis

The CSSF reminds that these regulations are binding in their entirety and directly applicable in national law and that professionals are required to comply with them, while putting in place the necessary controls and measures. The professionals must also assess whether, in addition to the restrictive measures directly applicable in Luxembourg, other financial restrictive measures of third countries must be implemented by professionals according to the international nature of their activities.

The CSSF further stresses that following the entry into force of the Law of 19 December 2020 on the implementation of restrictive measures in financial matters, it expects that the persons and entities subject to its supervision apply these restrictive measures without delay, in the form provided for in Article 6(1) of that Law and forthwith inform the Ministry of Finance in addition to the CSSF in accordance with the provisions of Article 33(2) of CSSF Regulation No 12-02 of 14 December 2012 on the fight against money laundering and terrorist financing.

For all practical purposes, professionals will find the relevant provisions of the Law of 19 December 2020 under the following link: Law of 19 December 2020.

Finally, the CSSF calls on supervised entities to exercise the greatest possible vigilance with respect to the risks of cyberattacks, notably denial of service attacks.

Supervised entities are also requested to give careful consideration to their business continuity plan and to ensure the proper functioning and recovery of their backups. The CSSF places particular emphasis on the importance of offline backups of the most essential systems and data, i.e. that are not physically or logically connected to the network.


Commission de Surveillance du Secteur Financier