Sound and effective corporate governance arrangements are fundamental to the proper functioning of any financial institution and for the financial system they form as a whole.

A financial institution’s management body must have ultimate and overall responsibility for their financial institution and define, oversee and be accountable for the implementation of any governance arrangements within their institution that ensure effective and prudent management of the institution.

Considering the fundamental role and responsibilities of the management body in any financial institution and in view of ensuring sound and prudent management of any financial institution, members of the management body shall be of good repute, possess sufficient knowledge, skills and experience and commit sufficient time to the performance of their functions.

EU and national legislation require that financial institutions have robust governance arrangements, which include a clear organisational structure, well defined lines of responsibility, effective risk management processes, control mechanisms as well as all standards and principles concerned with setting an institution’s objectives, strategies and risk management framework; how its business is organised; how responsibilities and authority are defined and clearly allocated; how reporting lines are set up and what information they convey; and how the internal control framework is organised and implemented, including accounting procedures and remuneration policies. Internal governance also encompasses sound information technology systems, outsourcing arrangements and business continuity management.

These governance arrangements should in that respect be appropriate to the nature, scale and complexity of the financial institution.

While implementing robust internal governance arrangements, investment firms (“IF”) shall comply with the legal provisions of the Law of 5 April 1993 on the financial sector, as amended (“LFS”), and in particular with Articles 17, 19, 38-1 and 38-2 for all IF and Articles 38-5, 38-6 and 38-7 for CRR IF.

Those legal requirements are completed by the following main CSSF circulars applicable to IF:

  • Circular CSSF 06/240 (as amended by Circulars CSSF 13/568 and 17/657) related to the administrative and accounting organisation; IT outsourcing and details regarding services provided under the status of support PFS, Articles 29-1, 29-2, 29-3, 29-4, 29-5 and 29-6 of the Law of 5 April 1993 on the financial sector, as amended
  • Circular CSSF 12/552 (as amended by Circulars CSSF 13/563, 14/597, 16/642, 16/647 and 17/655) on central administration, internal governance and risk management
  • Prudential approval procedure of key functions holders in IF
  • Circular CSSF 13/577 related to the introduction of table EI “Responsible persons for certain functions and activities” (as amended by Circular CSSF 18/699)
  • Circular CSSF 17/654 (as amended by Circular CSSF 19/714) relating to IT outsourcing relying on a cloud computing infrastructure
  • Circular CSSF 17/658 relating to the adoption of the EBA Guidelines on sound remuneration policies (only for CRR IF)
  • Circulars CSSF 17/665 and 17/670 related to the ESMA Guidelines for the assessment of knowledge and competence
  • Circular CSSF 18/692 related to product oversight and governance arrangements for retail banking products (only for CRR IF)

Suitability assessment of members of management body and of control functions

In line with the legal requirements, members of an IF management body shall be expressly authorised in advance by the CSSF. The members of an IF management body may only enter into function upon receipt of the formal authorisation by the CSSF. In order to be authorised, they shall produce evidence of adequate knowledge, skills and experience as well as of their professional standing.

Such professional standing shall be assessed on the basis of police records and of any evidence tending to show that the persons concerned are of good standing and are offering a guarantee of irreproachable conduct. Any proposed member of IF management body needs in that respect to provide the CSSF with at least the following information:

  • an up-to-date and detailed curriculum vitae;
  • a certified copy of an identification document;
  • evidence of reputation, honesty and integrity which among others include criminal records and/or relevant equivalent information, issued less than 3 months ago, as well as the duly completed and signed declaration of honour;
  • confirmation from the IF that this appointment i) has been duly approved by the IF’s board of directors (or, where applicable, the nomination committee); ii) intervenes in accordance with the guiding principles and policies governing the appointment and succession of key functions established by the IF in accordance with points 17 and 18 of Circular CSSF 12/552; iii) complies with the IF’s internal policy on conflicts of interest and the requirements of point 25, respectively of sub-chapter 7.2. of Circular CSSF 12/552; iv) was preceded by an assessment of the person concerned and accompanied by a reassessment of the entire board in accordance with Guidelines EBA/GL/2012/06;
  • any information or any negative fact in relation to the proposed person available to the IF by explaining, if necessary, the reasons for which it would have judged these elements as not significant for the envisaged appointment.

The persons to be appointed by an IF to be responsible for respectively managing the Compliance function (Chief Compliance Officer), the internal audit function (Chief Internal Auditor) as well as the risk control function (Chief Risk Officer) shall be notified in advance to the CSSF. The acceptance by the CSSF of the appointment of these key function holders is tacit. The absence of reply by the CSSF within one month from the receipt of the complete application, is deemed to signal acceptance of the appointment. The notification to the CSSF shall also encompass the same set of information as the one related to the appointment of members of the management body meaning at least:

  • an up-to-date and detailed curriculum vitae;
  • a certified copy of an identification document;
  • evidence of reputation, honesty and integrity which among others include criminal records and/or relevant equivalent information, issued less than 3 months ago, as well as the duly completed and signed declaration of honour;
  • confirmation from the IF that this appointment i) has been duly approved by the IF’s board of directors (or, where applicable, the nomination committee); ii) intervenes in accordance with the guiding principles and policies governing the appointment and succession of key functions established by the IF in accordance with points 17 and 18 of Circular CSSF 12/552; iii) complies with the IF’s internal policy on conflicts of interest and the requirements of point 25, respectively of sub-chapter 7.2. of Circular CSSF 12/552; iv) was preceded by an assessment of the person concerned and accompanied by a reassessment of the entire board in accordance with Guidelines EBA/GL/2012/06;
  • any information or any negative fact in relation to the proposed person available to the IF by explaining, if necessary, the reasons for which it would have judged these elements as not significant for the envisaged appointment.

Documentation

Laws, regulations and directives

Circulars

Other regulatory texts

Forms

Guidance

Contact

Investment Firms Department
Last update: 04 May 2020