New Circular CSSF 26/906 “Central administration, internal governance and risk management” applicable to payment and electronic money institutions

The CSSF publishes its new Circular CSSF 26/906 “Central administration, internal governance and risk management” applicable to payment and electronic money institutions and repealing Circulars IML 95/120, IML 96/126, IML 98/143 and CSSF 04/155 for these institutions.

The payment and electronic money industry has experienced and is still experiencing important growth driven by multiple factors leading to important transaction volumes and value increases, but this growth necessitates strong governance to ensure safety, efficiency and trust in the payment and electronic money services provided by these institutions.

This new circular represents in that perspective an important step to foster the sound and prudent management of these institutions. Actually this circular intends to clarify the modalities of application of the requirements laid down in the amended Law of 10 November 2009 on payment services which requires these institutions to dispose of robust internal governance arrangements, effective processes to identify, manage, monitor and report risks as well as adequate internal control mechanisms.

The rules covered by this circular mainly concern the following areas :

• The responsibilities, composition, qualification, organisation and functioning of the management bodies;
• The responsibilities, characteristics, organisation of the internal control functions as well as the execution of their respective work;
• Key requirements applicable to the management of conflicts of interest;
• Key steps applicable to the new product approval process;
• Common sense rules applicable to the safeguarding requirements of funds.

Institutions in scope of this circular shall assess and review their central administration, internal governance and risk management framework in view to ensuring their compliance by 30 June 2026 with this circular.