File transport and data protection

All information related to the transmission of reportings required by CSSF in the context of its prudential supervision is available below.

Reportings transmission to CSSF must be performed through platforms provided by external services providers.

The CSSF currently accepts reports transmitted through the following service providers:

All reporting files transmitted to the CSSF through the external transmission channels must be encrypted according to the standards defined in Circular CSSF 08/334.

Before sending any files, the Luxtrust SSL certificate used by the reporting entity to generate its electronic signature must be registered with the CSSF according to the procedure described in that circular.

The CSSF certificates to be used to encrypt data are available below:

Please find below the technical requirements to comply with for transmitting reportings belonging to following categories.

All other reportings not listed below (MiFIR, CSDR, MMFR, SFTR, etc.) are subject to dedicated technical requirements available directly in regulations and related reportings pages.

• COREP/FINREP reporting
• ESP – Special enquiries
• SIC – SICAR reporting
• PFS – Reporting PFS and support PFS
• EDP – Payment institutions reporting
• EME – Electronic money institution
• SGO – Management companies reporting
• OPC – Fund XML reporting
• DOC – Non-structured electronic documents
• NOT – UCITS notifications
• OTH – Other
• OCB – Other reportings for CSSF and BCL
• AIF – AIFM and AIF reportings
• SUF –XBRL reportings for subfund-based structured products

The file naming to comply with is detailed in the related naming convention.

There are two types of feedback files:

• acknowledgements of receipt (FBR)

All FBR files are in XML format and are instances of the same XML schema FileAcknowledge-v1.0. A file is considered to be properly received by the CSSF if the 4 operations performed at the reception of the file by the CSSF (file name verification, decryption, signature verification, etc.) correctly returned the status ‘A’ – Accepted. If one of those operations returns the status ‘R’ – Rejected, the file has not been properly received and the file must be sent a second time. The CSSF only generates FBR return files for its own reportings, as well as for entering EDIFACT files (including those of the BCL).

• applicative processing outputs from transmitted files (FDB)

The FDB file format depends on the type of reporting; a common format is not foreseen because of the differences between the types of reporting. Only a sub-set of the current reportings will return an FDB file. Details are provided in the naming convention above and in the CSSF circulars, notably those mentioned below.

Where another transmission channel must be used to transmit one of these reportings (e.g. specific enquiries- ESP), a dedicated circular will specify the applicable procedures.

Circular CSSF 11/509 defines, among other things, the initial notification procedure for the marketing of Luxembourg UCITS in the European Union. The latest information and developments concerning the notification packages are available in the file “Notifications FAQ”.

In accordance with the circular, every notification package must include a notification letter in XML format (XML schema notifletter.xsd) and a PDF version of this notification letter. It is the notifying party’s responsibility to make sure that the information in both files are the same. The most recent version was activated on 30 January 2012; it includes the amendments described in the document “Notifications FAQ”.

CSSF feedback is composed of XML files based on the following schemas:

In practice, it is recommended that Luxembourg-based UCITS, proposing to market their units in another EU Member State, make use of the services offered by external transmission channels accepted by CSSF to submit the notification files.

You are also entitled to file a notification package directly with the CSSF, registration should therefore be made at the website https://register.cssf.lu/?lang=EN. Following this registration, an email containing a link to upload a notification package will be sent to the registered email address.