Professional Documents
Culture Documents
Compliance Fundamentals
Compliance Fundamentals
Compliance Fundamentals
Compliance -
Fundamentals
Welcome to the House of Training!
Training opens doors and horizons. This is a privileged time, remember to take advantage
of this opportunity.
Our courses are developed and validated by quality circles that bring together
experts by specialty. In principle, the contents are reviewed at the beginning of each
semester. If important news that could cause changes in the course material would fall
between these periods, the related information will be provided orally during the course or
through documents annexed to the actual course material.
Our exams: The vast majority of our courses offers the possibility to register for an
exam. It is recommended to register within 2 months of your training session, due to the
regular update of the course material related to the evolution of current events. Each
"Fundamentals" exam lasts for an average of 1 hour and intermediate and advanced level
exams ("Informing ...", "Implementing ...", "Mastering ...", etc.) last about 1:30.
For more information about our offer, course content, prerequisites, additional training,
course dates and/or exams or other procedures for each module: our website
www.houseoftraining.lu provides fast and efficient search by keyword.
Training in Compliance:
Specificities of the exams
Compliance-Fundamentals
All questions are in English, however, candidate answers may be written in English or
French, depending on the language of the course followed by the candidate.
To be successful, candidates must get at least 60% of the total points.
The ‘Compliance-Implementation of the Regulatory Framework’ exam paper is
composed of open questions requiring that candidates develop their arguments in a
clear, concise and structured way. The consultation of the course material
‘Compliance-Fundamentals’ and ‘Compliance-Implementation of the Regulatory
Framework’ (incl. appendices as well as circulars, legal texts...) during the
examination session is permitted. It is not permitted however, to copy-paste
information from the available sources of information unless it is quoted.
SESSION 1:
2. What is Compliance?
2.1 Definition and objectives
2.2 Compliance risks
2.3 Compliance charter
2.4 Pyramid of norms
2.5 Risk-based approach
SESSION 2:
2. Compliance risks
SESSION 3:
1. Ethics
1.1. Principles
1.2 Code of Conduct
1
1.3 Anti-corruption
1.4 Whistleblowing
1.5 Professional Secrecy
2. Financial Crime
2.1 Anti-Money Laundering (AML) / Counter Terrorism Financing (CTF)
2.2 Tax offences
2.3 Fraud
3. International sanctions
4. Tax compliance
4.1 FATCA
4.2 Automatic Exchange of Information in tax matters (CRS)
4.3 FATCA/CRS Reporting
Tax compliance
SESSION 4:
1. Market integrity
2. Client protection
3. Conflicts of interests
4. Data protection
5. Remuneration Policy
2
30/03/2021
1
30/03/2021
•
•
•
•
•
•
•
•
•
•
•
2
30/03/2021
~1970 USA, several major business and government excesses generate legal, public and political reaction.
An unstable SEC investigations discovered number of US companies participated in bribery overseas.
geopolitical International sanctions, restrictions and embargoes are used more and more in the foreign policies of the
environment in a countries
globalized economy The fight against money laundering and terrorism financing
The globalisation of the economies in a context of fast exchange of information involved new risks:
external fraud, cyber-fraud, financial crime, etc.
Development, of
Corporate Social The white collar crime knows a strong growth (abuse of corporate assets, abuse of
Responsibility and weaknesses, bankruptcy, fraud with the grants or the issue of CO2 quotas, market
ethics abuse, manipulation or interest rates, etc.)
How did the financial crisis impact the regulatory environment and the development, expansion, growth of
the risks of non-compliance and reputation?
3
30/03/2021
Compliance can be defined as the process by which a business ensures that it has fulfilled all of its regulatory and
statutory obligations.
It refers to processes which make it possible to ensure the respect of the norms applicable to the business by all
employees including authorised management and Board of Directors (BoD) and also the values and the ethical spirits
inculcated by the Management of the Financial Institutions.
CSSF Circular 12/552 (as amended) is applicable to credit institutions, investment firms and professional performing lending operations
CSSF Circular 04/155 is applicable to all electronic money institutions and payment institutions
4
30/03/2021
CSSF Circular 12/552 as amended - Art. 131 and CSSF Circular 18/698
(International ref. Basel Committee : compliance in banks, 2005)
“risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply
with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities
(together, “compliance laws, rules and standards”)”
[…] these risks may include a variety of risks in connection with all activities of the institution such as :
reputational risk,
legal risk,
risk of dispute,
risk of sanctions,
some operational risk aspects, in connection with all activities of the institution.
The compliance charter must be approved by the authorised management and the BoD, and brought to the attention of all staff
members, including subsidiaries and branches abroad and shall at least set the terms of operation of the Compliance function:
objectives, responsibilities and powers of the Compliance function
define the position of the compliance function in the organisation chart (independence, objectivity, integrity, competences,
authority and adequacy of the resources),
recognise the right of initiative to open inquiries on all activities (including subsidiaries and branches),
define the responsibilities and reporting lines of the Chief Compliance Officer (CCO),
describe the relationships with the risk control and internal audit functions,
establish the conditions and circumstances applicable where external experts are used,
establish the right for the CCO to directly and on his/her initiative contact the chairman of the BoD, the members of the audit
committee, the compliance committee as well as the CSSF.
5
30/03/2021
INTERNATIONAL STANDARDS
EUROPEAN
REGULATIONS, DIRECTIVES and GUIDELINES
LUXEMBOURG LAWS
GRAND-DUCAL REGULATIONS
internal manuals and procedure of the institution which, while clearly not norms, are the internal
rules of the institutions which any staff member will apply in the executions of his/her tasks.
6
30/03/2021
7
30/03/2021
Established on 17 May 1930, the Bank of International Settlements (BIS) is an international financial organisation
owned by 60 member central banks representing countries from around the world that together make up
about 95% of world GDP.
The BCBS does not possess any formal supranational authority. Its decisions do not have legal force.
The Basel Committee on Banking Supervision (BCBS) provides a forum for regular cooperation on banking
supervisory matters. Its objective is to enhance understanding of key supervisory issues and improve the
quality of banking supervision worldwide.
Founded in 1974 by the central bank Governors of the Group of Ten countries (aftermath of serious disturbances
in international currency and banking markets)
Comprised of 45 members central banks and bank supervisors from 28 jurisdictions (2019).
Activities
exchanging information on developments in banking sector and financial markets, to help identify current or
emerging risks;
sharing supervisory issues, approached and techniques to promote common understanding and improve
cross-boarder cooperation;
establishing and promoting global standards, guidelines and sound practices;
addressing regulatory and supervisory gaps that pose risks to financial stability;
monitoring the implementation of BCBS standards in member countries;
consulting with central banks and bank supervisory authorities which are not members of the BCBS,
promoting implementation of standards, guidelines, sound practices;
coordinating and cooperating with other financial sector standard setters and international bodies.
8
30/03/2021
How ?
Through ongoing efforts, by exchanging information on national supervisory issues, approaches and techniques,
with a view to a common understanding
Policy dissemination: policy decisions by the Basel Committee are published in the form of:
standards, which establish minimum requirements for member jurisdictions
guidelines, which elaborate standards in areas important for the prudential regulation and supervision of banks
sound practices, which describe observed practices with a view to promoting common understanding and improving
supervisory or banking practices
Regular issuance of High Level Papers, as part of its ongoing efforts to address bank supervisory issues and
enhance sound practices in banking organisations, e.g.;
29 April 2005: Compliance and the Compliance function in banks
26 August 2008: Implementation of the Compliance principles
15 January 2014: Sound management of risks related to ML + TF
7 June 21017: Sound management of risks related to ML + TF
• Compliance should be part of the culture of the organisation; it is not just the responsibility of the
Compliance staff.
• A bank should organise its Compliance function and set priorities for the management of its compliance
risks in a way that is consistent with its own risk management strategy and structures.
• Regardless of how the Compliance function is organised within a bank, it should be independent and
sufficiently resourced, its responsibilities should be clearly specified, and its activities should be subject
to periodic and independent review by the Internal Audit function.
NB : The Basel Committee accepts significant differences between banks regarding the organisation of the
Compliance function.
9
30/03/2021
The bank’s Board of Directors is responsible for overseeing the management of the bank’s compliance
risks. The Board should approve the bank’s Compliance policy, including a formal document establishing a
permanent and effective Compliance function. At least once a year, the Board or a committee of the
Board, should assess the extent to which the bank is effectively managing its compliance risks.
In case of cross-border groups : The compliance function and its responsibilities should be consistent
with local legal and regulatory requirements
Tasks
harmonising financial supervision in the EU by developing single rulebook, set of prudential
standards;
helping to ensure the consistent application of the rulebook to create a level playing field;
mandated to assess risks and vulnerabilities in the financial sector.
Independent EU Authorities, but accountable to the European Parliament, the European Council of the
European Union and the European Commission.
10
30/03/2021
The EBA was established on 1 January 2011 as part of the European System of Financial Supervision (EDFS)
Objectives
EBA works:
to ensure effective and consistent prudential regulation and supervision across European banking sector;
to maintain the EU financial stability;
to ensure an effective and consistent level of prudential regulation and supervision across the European banking sector;
to safeguard the integrity, efficiency and orderly functioning of the banking sector;
to improve the functioning of the internal market by ensuring appropriate, efficient and harmonised European supervision
and regulation;
to contribute, through the adoption of Binding Technical Standards and Guidelines, to the creation of the European Single
Rulebook in banking. The Single Rulebook aims at providing a single set of harmonised prudential rules for financial
institutions throughout the EU, helping create a level playing field and providing high protection to depositors, investors and
consumers.
11
30/03/2021
ESMA has the power to issue guidelines (Article 16 of ESMA Regulation 1095/2010) which are addressed
to competent authorities or, as the case may be, to market participants.
ESMA provides an overview of all technical standards and guidelines published on its website, with
information about the process and related document(s).
ESMA is the direct supervisor of specific financial entities; Credit Rating Agencies (CRAs) and Trade
Repositories (TRs). These entities form essential parts of the EU’s market infrastructure.
12
30/03/2021
Established in 1961, headquartered in Paris, 36 member countries, it was originally established to stimulate the
economic progress of its members.
Forum for governments to share experiences and seek solutions to common problems.
International standards on a wide range of things, from agriculture and tax to the safety of chemicals
Main Compliance topics : Fight TAXATION –
SCOPE : international and domestic issues, across direct and indirect tax matters, tax transparency – ensuring
that bank secrecy and other forms of financial opacity do not prevent tax administrations from being able to
apply their tax laws no matter where their taxpayers choose to place
Global Forum on Transparency and Exchange of Information for Tax Purposes (Global Forum)
161 members of the Global Forum on Transparency and Exchange of Information for Tax Purposes
100 countries and jurisdictions committed to automatically exchanging financial account information by
September 2018
Compliance related topics : FATCA, CRS : Common Reporting standards; Transfer pricing, anti-tax avoidance
directive (ATAD), etc.
13
30/03/2021
Starting in 2000, the Wolfsberg Group is an association of 13 global banks which aim to develop
frameworks and guidance for the management of financial crime risks, particularly with respect to Know Your
Customer, AML/CTF policies.
It has since developed a large range of standards, also focused on other financial crime risks, such as
corruption, terrorist financing and sanctions.
The Wolfsberg Group has neither a written constitution nor any formalized set of rules or statutes. It has
developed its practices and procedures over the course of its existence.
Wolfberg Standards (PEPs, Private Banking, Payment transparency, …)
Wolfsberg Due Diligence Questionnaire (2017)
Wolfsberg FAQ Risk Assessment for ML, sanctions, bribery&corruption (September 2015)
Members
Banco Santander, Bank of America, MUFG Bank, Barclays, Citigroup, Crédit Suisse, Deutsche Bank,
Goldman Sachs, HSBC, J.P. Morgan Chase, Société Générale, Standard Chartered Bank, UBS.
14
30/03/2021
Questions?
15
30/03/2021
•
•
•
•
•
•
•
•
•
1
30/03/2021
The amended Luxembourg Law of 5 April 1993 on the financial sector (the Law) applies to:
Credit Institutions incorporated under Luxembourg Law: legal persons whose activities consist in receiving from the public
deposits or other repayable funds and in granting credits for their own account. The persons whose activities consist in
receiving deposits or other repayable funds from the public and in granting credits for their own account may be called either
credit institutions or banks.
Professionals of the Financial Sector (PFS): regulated entities providing financial services that are not solely reserved for credit
institutions, i.e. the receipt of deposits from the public. PFS category encompasses 3 sub-groups, classified and defined as
follows, depending on the type of business conducted and the nature of services provided
Investment firms: defined as undertakings providing or performing investment services or investment operations for
third parties on a professional and regular basis, and primarily include: (i) Investment advisers; (ii) Brokers in financial
instruments; (iii) Commission agents and (iv) Private portfolio managers.
Specialised PFS: they are neither “investment firms" nor "support PSF" and include primarily (i) Registrar agents; (ii)
Professionals carrying on lending operations; (iii) Corporate domiciliation agents and (iv) Professionals providing
company formation and management services. They are authorized to carry out financial operations in Luxembourg.
Support PFS: they do not exercise a financial activity themselves, but act as subcontractors of operation functions on
behalf of other financial professionals such client communication agents, administrative agents of the financial sector,
primary IT systems operators of the financial sector).
2
30/03/2021
Important excerpts of the Law linked to Compliance obligations (similar regulatory provisions applicable to investment firms)
• Credit institutions shall have robust internal governance arrangements, which include a clear organisational structure with well defined, transparent and consistent
lines of responsibility, effective processes to identify, manage, monitor and report the risks they are or might be exposed to, and adequate internal control
mechanisms, including sound administrative and accounting procedures and remuneration policies and practices allowing and promoting a sound and effective risk
management, as well as control and security arrangements for information processing systems.
• Credit institutions shall meet the organisational requirements referred to in Article 37-1 when providing investment services and/or performing investment activities.
Organisational requirements:
1. Policies and procedures sufficient to ensure compliance of the credit institutions or investment firms, including their managers, employees and tied agents with their
obligations laid down in the relevant legal and regulatory provisions.
2. Appropriate rules governing transactions by their managers, employees and tied agents.
3. Effective organisational and administrative arrangements with a view to taking all reasonable steps designed to prevent conflicts of interest as defined in Article 37-
2 from adversely affecting the interests of their clients.
4. Reasonable steps to ensure continuity and regularity in the performance of investment services and activities.
5. Sound administrative and accounting organisation, an appropriate internal control system, effective procedures for risk assessment, and effective control and
security arrangements for information processing systems.
6. Where they rely on third parties for the performance of operational functions which are critical for the provision of continuous and satisfactory services to clients or
the performance of activities on a continuous and satisfactory basis, reasonable steps to avoid undue additional operational risk.
7. Appropriate arrangement for records to be kept of all services and transactions undertaken by them, in accordance with the period laid down in the Commercial
Code,
8. Appropriate arrangements so as to safeguard clients’ ownership rights, especially in the event of insolvency of the credit institution or investment firm, and to
prevent the use of clients’ financial instruments on own account except with the clients’ express consent.
9. Appropriate arrangements to safeguard clients’ ownership rights, and, except in the case of credit institutions, prevent the use of client funds for their own account.
Co-existence of three Circulars issued by the CSSF re. the Compliance function:
1. CSSF Circular 12/552 (as amended) on the central administration, internal governance and risk management ( applicable
to Credit Institutions, investment firms and professionals performing lending operations)
2. CSSF Circular 18/698 ( Investment fund managers)
3. CSSF Circular 04/155 ( Electronic money institutions and payment institutions)
Contents:
Nature and purpose of the Compliance function
Responsibilities of the Board of Directors
Responsibilities of Senior or Executive Management (i.e. authorized/senior management)
Establishment of a Compliance policy and Compliance charter
Organization of the Compliance function
Responsibilities of the Compliance function
Control of the Compliance function
3
30/03/2021
Permanent and recurring obligations for financial institutions: Client onboarding, ‘Black list’ checks, transactions
monitoring, regulatory updates, risks assessment / mapping, training and reporting;
To develop a control plan according to the risk, resources (budget) and timeframe;
To ensure the identification and assessment of the compliance risk before new activities, products or business
relationships, transactions and network of the group at international level.
The annual Compliance Monitoring Plan (CMP) should take into consideration the organization of the actions
and tasks, and distributing them between teams following an agenda including all necessary priorities and
potential unforeseen events. It is then necessary to assess the budget and resources that are necessary to its
realization. This also includes staff costs, specific software, operational costs, outsourced activities, etc.
4
30/03/2021
These risks may vary in connection with all activities of the institution and may be categorized as follows:
reputational risk,
legal risk,
risk of dispute,
risk of sanctions, and
some operational risks aspects.
The Compliance risk assessment is an essential part of ensuring a robust compliance risk based monitoring
programme. It provides key insights into the risk profile of the firm and a clear picture of the strength of the
control framework environment.
It also enables the assessment of the compliance risks arising from the business activities conducted within the
firm and the measures implemented to mitigate and reduce those risks.
5
30/03/2021
N.B.: Internal audit and compliance can never be assigned to the same person.
Regulator
Compliance
Financial Control
Business Units’ Internal Audit
Controls Risk Management
IT Risk
Support Functions
6
30/03/2021
The BoD shall have the overall responsibility for the institution and shall approve and lay down in writing:
the business strategy (business model) taking into account long term financial interests, solvency, liquidity situation;
the risk strategy, risk tolerance, guiding principles governing risk identification, measurement, reporting, management,
monitoring;
the strategy with respect to regulatory and internal own funds and liquidity;
the guiding principles of a clear and consistent organisational and operational structure (creation and maintenance of legal
entities/structures), information systems, security, internal communication (whistleblower procedure);
the guiding principles relating to internal control mechanisms, internal control functions, remuneration policy, escalation,
settlement and sanctions, professional conduct (internal code of conduct), corporate values, management of conflicts of
interest;
the guiding principles as regards the central administration (human and material resources), the administrative, accounting
and IT organisation, outsourcing, cloud computing infrastructure, change in activity (markets, customers, new products and
services), approval of ‘non-standard’ or ‘non-transparent’ activities;
the guiding principles to business continuity management and crisis management arrangements (BCP);
the procedures governing composition, responsibilities, organisation and operation of the BoD; and
the guiding principles on appointment and succession of individuals with key functions (for further details please refer to
the joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key
function holders EBA/GL/2017/12 as lastly updated in December 2019).
7
30/03/2021
All employees are individually responsible for complying with the Compliance principles set out in the Compliance
charter, internal code of conduct, and complementary policies and procedures
8
30/03/2021
Example:
1. Identify and understand the upcoming EU AML 6th Directive, and associated national law
2. Detect possible gaps with the internal processes and policies with regard to the new predicate offences of Money Laundering
3. Advise the Authorised management on the possible gaps and recommend appropriate measures to get fully compliant with the new
regulation
4. Update AML/CTF procedures including these new offences
5. Organise training sessions (e.g. update e-learning tools)
6. Integrate new controls in the CMP (new parameters in the AML tool or substantive tests)
7. Report to the Management on the controls’ results, the trend, specific risk identified, and corrective actions when required
9
30/03/2021
The Article 40 of the CSSF Regulation No 12-02 of 14 December 2012 on the fight against money laundering and
terrorist financing as amended by CSSF Regulation No 20-05 of 14 August 2020 require the following:
Professionals to appoint a person responsible for compliance with the AML/CFT professional obligations at the level of the
authorized management or Board of Directors according to the arrangements specified in Article 1 of this regulation.
For credit institutions and investment firms, the professionals shall appoint a compliance officer in charge of the control of
compliance with the AML/CFT professional obligations; investment fund managers and investment funds subject to AML/CFT
supervision by the CSSF may appoint a third party.
The compliance officer and the person responsible for compliance” shall have the professional experience, knowledge of the
Luxembourg legal and regulatory framework relating to AML/CFT, the hierarchy and powers within the entity (including the
power to access on a timely basis the identification data of customers and other information and documentation required by
the due diligence measures), as well as the availability necessary to the effective and autonomous exercise of their functions.
The Article 42 of the CSSF Regulation No 12-02 of 14 December 2012 on the fight against money laundering and terrorist
financing as amended by CSSF Regulation No 20-05 of 14 August 2020 require the following:
The compliance officer shall apply the AML/CFT policy and procedures of the professional and shall have the power to propose to the authorized
management, on his own initiative, any measure necessary or useful to this end, including the release of required means.
The compliance officer shall ensure the quality of the AML/CFT controls carried out by the first line of defense and, as the second line of defense,
shall verify compliance by the professional with all the AML/CFT professional obligations.
The compliance officer shall prepare, implement and ensure the realization of the continuing training and awareness-raising program of the staff.
The compliance officer shall be the privileged contact person for the Luxembourg authorities in charge of AML/CFT as regards AML/CFT issues and
for the competent authorities with respect to the application of restrictive measures in financial matters. He shall also be in charge of the
transmission of any information or statement to these authorities
The compliance with the AML/CFT policy shall be subject to regular controls and verifications, at a frequency determined according to the money
laundering and terrorist financing risks to which the professional is exposed. The compliance officer shall report in writing on a regular basis and, if
necessary, on an ad hoc basis to the person responsible for compliance, to the authorized management and, where appropriate, to the Board of
Directors (or specialized committees). These reports concern the follow-up of the recommendations, problems, shortcomings and irregularities
identified in the past as well as the new problems, shortcomings and irregularities identified
A summary report must be submitted to the BoD, and where appropriate to the specialised committees for approval.
10
30/03/2021
3. External Audit
Common objectives:
Exchange reports on risks identified and incidents (audit reports, operational risks report, Legal reports…)
Share specific tools and methodologies (e.g. follow-up of action plans on audit issues), risks matrix,
incidents inventory, etc.
11
30/03/2021
Each financial institution must implement a formal Compliance framework which is to be updated on a
regular basis and approved by the BoD
The compliance framework must have 2 main components:
Compliance Policy setting the Compliance Risks / Principles
Compliance Charter defining the organisation of the Compliance function
The content of these documents must be brought to the attention of all staff members of the institution
including the ones working in branches, affiliates and subsidiaries, in Luxembourg or abroad within a group
These documents must:
define the compliance risk;
describe the key compliance principles the whole institution has to follow; and
the way the Compliance Function is implemented and operates including notably its objectives, responsibilities
and powers
12
30/03/2021
Each financial institution has to put in place a Compliance Policy to be updated on a regular basis and to be
approved by the Board of Directors
be in writing
describe the relevant aspects of the compliance risk
explain the principles established by the Authorized/Senior Management and by the BoD
implement the Compliance function
define its objectives and independency
stipulate the creation of a Compliance Charter
set up a continuous training program
The content of the compliance charter is brought to the attention of all staff members of the institution.
13
30/03/2021
Assist, advise and provide confidence to Authorised Management, BoD, and other employees
Compliance
function
Questions?
14
30/03/2021
15
30/03/2021
1
30/03/2021
A financial institution’s reputation relies on a strict observance of the rules (legal, professional, contractual,…) as well as on an
honest, responsible and ethical attitude adopted by all its employees.
The Code of Ethics sets the principles and values which the institution considers to be fundamental in its relations with all its
stakeholders:
Employees
Clients
Market
Suppliers
Shareholders
Third parties
It provides the reference framework within which all staff members are to perform their activities.
2
30/03/2021
7 principles set forth by the Luxembourg Banking Association (ABBL) as updated in April 2019
• loyalty, fairness and integrity: Professionals shall act with loyalty, fairness and integrity in their relations with
customers, other financial sector professionals and the markets, and society in general.
• Competence, care and diligence: Professionals shall act with diligence and care in relation to the services provided
by them. They must have the resources and procedures required to implement their activities effectively.
• Respect for privacy and confidentiality: Professionals shall strictly respect the duty of confidentiality and discretion
in regard both to customers and to third parties.
• Compliance with laws and regulations: Professionals shall comply loyally and rigorously with the letter and the spirit
of the norms and rules applicable to the performance of their duties.
• Security and reliability: Professionals shall make sure to protect the security of the assets entrusted to them and the
reliability of the services provided by them.
• Sound and efficient governance
• Responsible banking: Professionals commit to be transparent and clear about how their products and services may
create value for their clients and investors, and how they impact the society.
The 3 main principles which are of paramount importance to the nature of business relationships with clients are the foundation
of the charter, namely:
• Integrity: in business relationships; of markets, financial products and services; and of staff;
• Transparency: towards clients, and regarding the regulatory environment;
• Professionalism: regarding the primacy of clients’ legitimate interests and efficiency
The CSSF and CAA requested banks, investment firms and insurance companies to undersign the Charter and to adhere to the
principles stated herein.
3
30/03/2021
Regulatory sources: amended Luxembourg Law of 13 February 2011 and Luxembourg Penal Code
Bribery: active or passive offering, suggesting, paying, or authorising of a payment or advantage to someone for their, or another's
personal gain with the intention either to motivate active or passive deviation from a duty or to secure the performance of a duty.
Corruption: refers to the state or situation resulting from providing, soliciting, authorising or offering a bribe.
Particular attention shall be done to (non-exhaustive list):
• Transactions with countries that rate high on the corruption perceptions index.
• Transactions with PEPs.
• Transactions involving government / public contracts.
• Charitable organizations.
4
30/03/2021
Whistleblowing definition
Whistleblowing is when an employee reports suspected wrongdoing at work (‘disclosure in the public interest’) outside the usual
escalation route.
An employee can report any act, process or behavior that are not right, are illegal or if anyone at work is neglecting his duties,
including (but not limited to):
• a criminal offence;
• the company not obeying the law;
• covering up wrongdoing.
Whistleblowing procedure
Ensure that all members of staff can whistle blow (even anonymously), on (suspected) criminal or unethical conduct
How?
• by encouraging staff to make disclosure of Criminal or Unethical conduct
• by ensuring that disclosures will be treated with discretion and utmost confidentiality
• by explicitly protecting the individual against dismissal or other adverse treatment who makes a disclosure in good faith
Origin of professional secrecy: transposition of Code Napoléon into Luxembourg law; application on profession of doctors and priests
assimilated with profession within the financial sector. All persons whom by state or profession are in custody of secrecies entrusted to them
(extract from art 458 of the Penal Code)
Regulatory sources: the main laws relative to the financial sector on the professional secrecy:
Article 41 of the law of 5 April 1993 (Banks and PFS)
Article 111-1 of the law of 6 December 1991 (Insurance)
Article 22 of the law of 18 December 2009 (Audit)
According to Article 41 (1) of the amended Law of 5 April 1993 on the financial sector, as amended:
natural and legal persons, subject to prudential supervision of the CSSF pursuant to this law or established in Luxembourg and subject to the
supervision of the European Central Bank or a foreign supervisory authority for the exercise of an activity referred to in this law; as well as
members of the management body; all directors; all employees and other persons who work for these natural and legal persons;
natural and legal persons having been granted authorization pursuant to this law and in liquidation and all the persons designated,
employed or mandated for any function in the framework of a liquidation procedure of such persons,
shall be required to keep secret any information confided to them in the context of their professional activities or mandate. Disclosure of
such information shall be punishable by the penalties laid down in Article 458 of the Penal Code.
Important note: the amendments brought by the Law of 27 February 2018 exempts obligation to secrecy for outsourcing to CSSF-, ECB-, and
CAA-supervised firms, and covers other outsourcing situations as well. Additionally, it exempts professional secrecy requirements if the client
consents under the terms and conditions agreed on amongst all parties concerned
5
30/03/2021
Professional secrecy has not disappeared but exceptions under strict rules possible (AML, CRS, request for specific
information between tax authorities based on bilateral agreements,…).
Continuity of the secrecy obligation after leaving the institution.
Continuity of the secrecy obligation towards clients that have closed the account.
AML/CFT Fraud
6
30/03/2021
Knowingly facilitating, by any means, the misleading justification of the nature, the origin, the location, the mobility
or the ownership of goods, constituting the direct or indirect object or product of a primary offense (i.e. including any
offense sanctioned by imprisonment of at least 6 months).
Knowingly helping by the investment, the dissimulation, the disguise, the transfer or the conversion of goods
originated from a primary offense.
Acquiring, detaining or using goods while knowing that these goods come from a primary offense.
7
30/03/2021
Money Laundering: is the introduction of illegally gained assets into the legal financial system with the aim of concealing or
disguising their true origin.
Terrorist Financing: is the financial support, in any form, of terrorism or those who encourage, plan or engage in it.
Difference:
Illicit assets Licit assets
Illicit / Licit assets Illicit assets
For an act of Money Laundering, 3 elements are required: primary offence, material element, intentional element.
Placement
“the introduction of illegally gained assets into the legal financial system with the aim of concealing or disguising
their true origin.”
Layering
“the source of the illegally obtained funds is obscured through a succession of transfers and transactions to give
them appearance of legitimacy”.
Integration
“In order that those same funds can eventually be made to re-appear as legitimate income.”
8
30/03/2021
All the entities having principally a business in the financial sector and the insurance are subject to the
Luxembourg Law of 12 November 2004 related to the fight of money laundering and terrorism financing as
amended (non-exhaustive list):
• Credit institutions and professionals of the financial sector.
• Payment institutions and electronic money institutions.
• Insurance and insurance intermediaries.
• Pension funds.
• Investment Funds, SIF, SICAR, management companies.
• Securitization undertakings.
• Managers and advisors of undertakings for collective investment, investment companies in risk capital (SICAR) and pension
funds.
• Statutory auditors.
• Accountants.
• Notaries.
• Lawyers.
• Persons who exercise in Luxembourg on a professional basis an activity of tax or economic advice.
• Casinos.
9
30/03/2021
10
30/03/2021
Written Risk Assessment Document: i) identify and assess your money laundering and terrorist financing risks, taking into
account risk factors (including those relating to their customers, countries or geographic areas, products, services, transactions or
delivery channels) and risk variables (such as the purpose of an account or relationship, the size of the transactions undertaken,
the regulatory and duration of the business relationship), in order to adapt your level of vigilance in accordance with the identified
risks; ii) document, keep up-to-date and make available the risk assessments to the relevant control authorities and self-
regulatory bodies concerned; iii) identify and assess the money laundering and terrorist financing risks which may arise in relation
to the development of new products, business practices and technologies.
• As of 26 June 2017, information relating to both payers and payees must accompany a transfer of funds, sent or received in
any currency, when either the payer’s or payee’s payment service provider (PSP) or an intermediary PSP is established in the
European Union.
• The PSP of the recipient must put in place procedures to detect missing information on the ordering and beneficiary
customer and determine whether it is appropriate to reject or hold the transaction.
11
30/03/2021
• Within the scope of the Tax Reform 2017, the list of predicate offences for money laundering was expanded accordingly to include
serious tax crimes.
• Pursuant to the law of 23/12/2016 voted by the local Parliament, three forms of tax offence should now be considered:
• The offence of (simple)Tax Fraud is not considered as a primary offence of money laundering (it is punishable with an
administrative fine up to a maximum of two times the amount of taxes evaded).
• Tax Evasion (“Fraude Fiscale Aggravée”), established by §5 art.396/397 of the Tax code, is criminalized. It will be considered as
such only if the tax evaded amount per tax period is exceeding the following thresholds:
• > 25 % of the annual tax actually due with a minimum tax evaded amount of 10.000 EUR or annual amount of taxes evaded
> 200.000 EUR.
• Imprisonment of 1 month to 3 years and fine from 25.000 EUR up to a maximum of six times the amount of taxes evaded.
• Tax Swindle (“Escroquerie Fiscale”), established by §6 art.396/397 of the Tax code, implies an additional level of gravity
compared with tax evasion, typically when the tax fraud is committed by means of forgery (faux) or deceit (astuce), i.e. fraudulent
tactics with the intention of concealing relevant facts or persuading the local authorities of inaccurate facts.
• Imprisonment of 1 month to 5 years and fine from 25.000 EUR up to a maximum of ten times the amount of taxes evaded.
• Attempting to commit tax evasion or tax swindle incur the same penalties.
• These two last criminal offenses (aggravated tax fraud & tax swindle) are integrated in the list of predicate offenses for money
laundering and entered into force since 1 January 2017.
Definition:
The term Fraud is commonly used to describe a wide variety of dishonest behavior such as deception, forgery, false representation, concealment
of facts, etc.
The 5 elements of fraud are:
a representation about a material fact, which is false; and
made intentionally, knowingly, or recklessly;
which is believed; and
acted upon by the victim;
to the victim damage.
/!\ Fraud can be perpetrated by people outside as well as inside an organization and by collusion.
Internal fraud: committed by an employee or contractor against the Institution
Ex: payment fraud, theft, misuse of assets, receipt fraud, financial reporting fraud
Fraud prevention: Chinese Walls, passwords, segregations of functions, four eyes principle, etc.
External fraud: committed by a customer or third party against the Institution
Ex: falsified payment instruction, claims for services that were not provided
Fraud prevention: signature verification, call-back procedure, proper invoice handling, email risk awareness, etc.
12
30/03/2021
13
30/03/2021
• The recent expansion and specialization of the international financial sanctions programs leads financial institution to growing
challenges :
• EU sanctions are subject to national implementation of each EU member local regulator. In addition, each EU member can
implement its own local list or local restrictive measures.
Sanction types:
Sanctions can impose asset freezes and /or financial restriction or economic prohibitions, controls, can target individuals,
entities, activities or a government.
Comprehensive sanctions programs : sanction regime that targets the government of a country and prohibit a wide range of
commercial activities and trade restrictions
Regime based sanctions programs : sanction regime implementing limited trade restrictions or embargos and financing
prohibition to a country
List /activity based sanctions programs : sanctioning very specific activity (drug trafficking, terrorism, cybercrime…..) or
including designations on list-based sanctions
Different types of
entities concerned
Business
Countries / Criminal Physical listed Vessels,
Goods… Activities,
Regions organizations people shipping…
Corporate
14
30/03/2021
Legal sources:
EU / local regulation legal basis:
• Articles 21 et 29 treaty of the EU and article215 Treaty on the functioning of the EU.
• National authorities of each EU member states responsible for the implementation and the enforcement of the
EU sanctions programs.
• Local regulations exist.
15
30/03/2021
The Foreign Account Tax Compliance Act (FATCA) was enacted in the USA in March 2010.
IGA Model 1 signed with Luxembourg in March 2014, and transposed into national law on 29-July-2015.
FATCA aimed to increase US tax revenues by tracing persons who are deemed tax liable.
To this end, banks outside the US are required to provide information to the US tax authorities, the Internal Revenue Service
(IRS), on the identity and accounts of customers who are subject to pay taxes in the US (so-called: ‘FATCA US Persons’).
The US concluded with many countries an Inter Governmental Agreement (IGA).
This gives some relief to Banks and the reporting of clients that are FATCA US Persons. There are two IGA models:
• IGA Model-1: Reporting to the local tax authority (e.g. model selected by Luxembourg)
• IGA Model-2: Direct reporting to the US IRS (e.g. model selected by Switzerland)
• New client on-boarding: Additional documentation must be obtained to determine the FATCA Status of new
clients. The FATCA status can be established through a self-declaration by the client (IRS form such as W8,W9
and ABBL form, …).
• Monitoring change of circumstances: Comprises keeping the clients ’ FATCA-status in the books up to date
with any changes of US elements.
• Reporting: Comprises designing and developing solutions for annual reporting of the assets of all FATCA US
Persons to the local tax authorities.
16
30/03/2021
17
30/03/2021
Reporting
• Identify which countries have signed an agreement with the FI’s country.
• Report to the local tax authority all accounts held by a Reportable Person on a yearly basis (obligation to inform clients).
18
30/03/2021
FATCA CRS
Accounts numbers
Accounts value
Name of Account Holder: Title, Family Name or Surname(s), Maiden Name, First or Given Name
Current Residence Address: Street, Postal Code, Town/City, Country, Email address
Country of Residence for Tax Purposes and related Taxpayer Identification Number or equivalent number (“TIN”)
19
30/03/2021
Country of incorporation or organization Street, Postal Code, Town/City, Country, Email address
Country of Residence for Tax Purposes and related Taxpayer Identification Number or equivalent number (“TIN”)
20
30/03/2021
• With Circular 15/631, the CSSF provide some guidelines on the treatment of accounts that have become dormant or inactive.
This in anticipation of upcoming legislation in Luxembourg.
• The rules of this Circular does not only apply to credit institutions but also to other professionals which hold or manage third-
party assets, in particular when such assets are placed with a bank or other financial institutions (PFS).
• The avoidance of accounts become dormant or inactive, can be derived from the Luxembourg AML and MiFID regulation:
• As soon as client becomes dormant, enhanced vigilance is required for the re-activation of the dormant account.
• Art. 2236 of the Civil Code: assets of dormant accounts can never be appropriated by the institution or used for any other
than restitution to the client or legal owners.
Main obligations:
• Set in place internal procedures for identifying inactive relationships and keeping an inventory of dormant accounts
(facilitating also the tracing of assets by legal heirs).
• Determine period after which an account is deemed dormant with minimum rules
• No communication with client or representative during last 6 years.
• No transaction initiated by client or representative during last 3 years.
• Establish contact with dormant client by use of any appropriate communication mean and inform client on the
consequences of a dormant account in case of no reaction by the client.
• Searches for the client or any potential heirs may be made with due consideration of the costs, in particular as regards
recourse to experts. The credit institutions and PFS are entitled to debit the relevant dormant account for all expenses
derived from such a search.
• If the attempts to contact the client are unsuccessful, they shall carry on administrating the client’s assets in
accordance with the principles of loyalty, good faith, diligence and care while being entitled to all justified and
transparent administrative fees.
• Surveillance of the dormant accounts and in case of account activation, due measures should be taken to avoid any
suspect element on the reactivation.
21
30/03/2021
22
30/03/2021
1
30/03/2021
EMIR (1/3)
• EMIR = European Market Infrastructure Regulation deriving from EU Regulation 648/2012 amended by
Regulation (EU) 2015/2365 on OTC derivatives, central counterparties and trade repositories.
• Background: Following the financial crisis in 2008, the G20 agreed on a number of wide ranging measures to
prevent future crises. Governments in the EU, the US and various Asian countries have committed to drafting
new rules in order to reduce counterparty risk, operational risk and systemic risk.
• EMIR affects all entities established in the EU (banks, insurance companies, pension funds, investment firms,
corporates, funds, SPVs etc.) that enter into derivatives, whether they do so for trading purposes, to hedge
themselves against interest rate or foreign exchange risk or to gain exposure to certain assets as part of their
investment strategy.
EMIR (2/3)
clearing: certain OTC derivatives entered into between certain market participants will have to be
cleared via a central counterparty.
reporting: all derivatives (OTC and exchange-traded, including derivatives entered into since, or that
were outstanding on, 16 August 2012) will have to be reported to a trade repository.
risk mitigation techniques: OTC derivatives entered into between certain market participants and
which are not cleared via a CCP are subject to risk mitigation obligations.
Clients must obtain a Legal Entity Identifier; the LEI enables worldwide unique identification of
counterparties trading OTC derivatives.
2
30/03/2021
EMIR (3/3)
The EMIR Refit Regulation (EMIR Refit) entered into force on June 17, 2019.
The purpose of the EMIR Refit is to amend and simplify the European Markets Infrastructure Regulation (EMIR) “to
address disproportionate compliance costs, transparency issues and insufficient access to clearing for certain
counterparties.”
Regulatory background:
MAD I stands for Market Abuse Directive 2003/06/EC, which was adopted by the Council and the European
Parliament on 28 January 2003.
It introduced and implemented dissuasive measures and appropriate sanctions in order to fight illicit behavior such
as insider dealing and market manipulation; and was transposed into Luxembourg national law on 9 May 2006
and modified on 26 July 2010.
3
30/03/2021
MAR / Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market
abuse (market abuse regulation) enters into force since 3 July 2016
CSMAD, Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal
sanctions for market abuse (market abuse directive). It repeals Directive 2003/06/EC and related ones.
Luxembourg adopted the Market Abuse Law on 23 December 2016 which entered into force on 3 January 2017
4
30/03/2021
aiming to give or are likely to give false or misleading indications regarding the supply, demand or price of
financial instruments
which modify, through the action of one or several individuals acting in a concerted manner, the price of one or
several financial instruments at an artificial level
unless there are legitimate reasons to do so or that such practice is commonly accepted by the regulated market
5
30/03/2021
What is MiFID?
MiFID stands for Market in Financial Instruments Directive, which was adopted by the Council and the European Parliament on
30 April 2004.
+ CSSF Circular 17/665 ESMA Guidelines for the assessment of knowledge and competence
MiFID II – applicable since 3 January 2018 – transposed into national law end of May 2018
6
30/03/2021
7
30/03/2021
Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the
free movement of such data has been transposed to Luxembourg national law by the Law of 2 August 2002
(Data Protection Act) and be modified by the Law of 27 July 2007.
The Data Protection Act aims to protect the freedom and fundamental rights of individuals, and notably their
private life, in relation to the processing of their personal data.
The Commission Nationale pour la Protection des Données (CNPD) is responsible for enforcing these rules
(www.cnpd.public.lu).
8
30/03/2021
Purpose :Data should be obtained only for one or more specified and lawful purposes
Relevancy : Data should be adequate, relevant and not excessive for the purpose of processing
Rights : Data should be processed in accordance with the rights of data subject
9
30/03/2021
• The Directive will apply to the cross-border processing of personal data, as well as to the processing of
personal data by police and judicial authorities at strictly national level. Accordingly, police and judicial
authorities should no longer apply different rules according to the origin of the personal data
• Transferring personal data from competent authorities to private entities will be possible under
specific conditions. This allows police authorities to take swift action in cases of a terrorist attack or other
emergencies
• Police authorities will be allowed to limit both the information held in on the data and access to the
processed data. The framework allows for police authorities to neither confirm nor deny whether they
are in possession of personal data in order to avoid compromising ongoing investigations.
Whistleblowing is when an employee reports suspected wrongdoing at work (‘disclosure in the public interest’)
outside the usual escalation route.
An employee can report any act, process or behavior that are not right, are illegal or if anyone at work is neglecting
his duties, including (but not limited to):
a criminal offence;
the company not obeying the law;
covering up wrongdoing.
10
30/03/2021
On 20 April 2009, CEBS (Committee of European Banking Supervisors) issued a paper on high level principles for
remuneration policies in the financial sector.
CSSF 14/585 (transposition of ESMA guidelines on remuneration policies and practices (MiFID)– Addition of Annex V
to CSSF 07/307)
Directive 2014/91/EU (UCITS depositary functions, remuneration policies and sanctions): should be consistent with
sound and effective risk management, neither encourage risk taking which is inconsistent with risk profiles, rules… of
managed UCITS.
• Structure of the remuneration policy (compatible with the entity risk policy; reasonable variable component of
remuneration and capped by an internal limit; for significant bonuses, major part of bonus payment should be
deferred for minimum period; entity should withhold bonuses if performance criteria are not met)
• Performance measurements (should combine individual and overall performance of the entity ; should be
measured on long term (e.g. 3 - 5 y.) and take into account risks taken, compliance with internal controls and
regulations)
• Governance (Board should fix remuneration of executive and supervisory bodies; Board should approve the
remuneration policy ; Board can seek assistance of a remuneration committee; executive management
responsible for implementing remuneration policy)
• Disclosure: in a clear and transparent manner (e.g. annual report)
11
30/03/2021
The knowledge provided by this document is purely informative. Although the House of Training
makes its utmost to ensure that this information is correct and up to date, it declines any
responsibility as to possible damages, losses, losses of earnings, direct or indirect induced by its use.
The contents are subject to the laws of copyright, all rights reserved.
12