Last update: 4 May 2020

Specific requirements for public-interest entities

Summary

What is a public-interest entity?

Pursuant to the Audit Law, public-interest entities are: 

entities governed by Luxembourg law whose securities are admitted to trading on a regulated market in a Member State;
credit institutions governed by Luxembourg law;
insurance and reinsurance undertakings governed by Luxembourg law, with the exception of captive insurance and reinsurance undertakings.

The main provisions of the EU Audit Regulation for public-interest entities

The EU Audit Regulation now centralises all requirements applicable to statutory audit of public-interest entities, in particular concerning:

audit fees;
independence rules (prohibition of non-audit services);
the appointment and role of the person in charge of the quality control review of the engagement before the signature of the audit report;
the content of the audit report;
the additional report to the audit committee;
the transparency report from the audit firm, and
the duration of the audit engagement.

The optional provisions provided for in the EU Audit Regulation are included in the Audit Law (Articles 49 to 51). Thus, derogations have been introduced regarding audit fees (cap of 70%) for a maximum period of 2 years at the justified request of the approved audit firm, regarding the provision of certain tax and evaluation services under certain conditions and regarding the maximum duration of the audit engagement, which may be extended to 20 years when a public tender procedure is conducted.

Audit Committees

All public-interest entities must, unless otherwise provided for by the Audit Law, set up an audit committee.

In the absence of specific cases, the CSSF has not yet set out the conditions under which public-interest entities that have a body performing functions equivalent to those of an audit committee may derogate from the obligation to set up an audit committee.

Henceforth, the audit committee has a more active role to play, its members must be mostly independent of the audited entity, competent in the entity’s field of activity and at least one of the members must have accounting and/or audit skills.

In addition to the tasks historically entrusted to it, namely ensuring:

the monitoring of the financial reporting process;
the effectiveness of internal control and risk management systems and, where applicable, internal audit;
the statutory audit and the independence of the statutory auditor or approved audit firm;

it must now also:

communicate the results of the statutory audit to the administrative or supervisory body and report on the actions it has taken in this process to ensure the integrity of the financial information;
assess the quality of the additional report issued to it by the réviseur d’entreprises agréé.

The audit committee must also submit its recommendation to the administrative or supervisory body of the audited entity as part of the procedure for selecting the réviseur d’entreprises agréé or cabinet de révision agréé. This recommendation, except in the case of the renewal of a statutory audit, shall be justified and shall include at least two possible choices, from among the candidates, and shall indicate the duly justified preference of the audit committee for one of them. In other words, it will have to provide more support and supervision to the approved auditor and the approved audit firm in their work.

As independence is a pillar of the European texts, réviseurs d’entreprises agréés and cabinets de révision agréés must now confirm their independence each year in writing to the audit committee and discuss the risks to their independence and the safeguards applied to mitigate these risks. This is particularly true in the case of non-audit services provided to the audited entity.

The CSSF will have to evaluate the work of these audit committees and report to the European Commission. The regulator has been given the option of sanctioning the least diligent audit committees.

Documentation

Laws, regulations and directives

23 July 2016 - Updated on 1 January 2023

Law of 23 July 2016 (coordinated version)

concerning the audit profession

PDF (287.44Kb)

PDF (317.23Kb)
16 April 2014

Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014

on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (Text with EEA relevance)

Lien

Link
17 May 2006

Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006

on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC

Lien

Link

Circulars

26 April 2019 - Updated on 31 January 2024

Circular CSSF 19/717 (as amended by Circulars CSSF 22/794 and CSSF 24/852)

Update of the general presentation of the Law of 23 July 2016 and of the regulations on audit profession

PDF (523.11Kb)

PDF (457.28Kb)

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
cssf_profile	This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers).	1 year
pll_language	This cookie saves the user’s language choice.	1 year

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes