This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

CSSF Circular 13/554 - Usage and control of resources access tools | Deloitte solution


DOWNLOAD  

Your challenge

CSSF Circular 13/554 - Usage and control of resources access toolsOn 7 January 2013, the CSSF issued circular 13/554 entitled “Evolution of the usage and control of the resources access tools”. Applicable immediately to credit institutions and other professionals of the financial sector, the objectives of the new circular are (i) to recognise that certain international financial institutions consolidate IT resources access tools at a Group level (e.g. shared Windows Active Directory), and (ii) to reinstate that banks and PSFs in Luxembourg must have full and permanent control over the IT resources under their responsibility.

Thus, Circular 13/554 describes in detail the requirements to be observed when banks and PSFs use the global resources access tools of their Parent Group. In this case, banks and PSFs in Luxembourg must::

  • Introduce a formal and detailed authorisation request to CSSF,
  • Implement certain organisational and technical controls,
  • Conduct yearly audits to ensure controls operating effectiveness.

Our solution

Deloitte assists organisations in addressing compliance of existing (or projected) global “resources access tools” implementations by in-depth analysis of IT regulatory issues and proposition of pragmatic technical and organisational solutions:

  • Compliance analysis: gap analysis of existing (or projected) global “resources access tools” implementations against regulatory requirements
  • Practical recommendations to achieve and sustain IT compliance
  • Assistance in communications with the Regulator: preparation or quality review of CSSF application files and participation in meetings with the Regulator
  • Yearly audits to ensure the preventive controls associated to the implementation operate effectively (i.e. at technical and organisational levels, including all documentation)

Page Last Updated

Contacts

Name:
Roland Bastin
Company:
Deloitte Luxembourg
Job Title:
Partner - Information & Technology Risk
Phone:
+352 451 452 213
Email
rbastin@deloitte.lu
Name:
Laurent de la Vaissière
Company:
Deloitte Luxembourg
Job Title:
Directeur - Information & Technology Risk
Phone:
+352 451 452 010
Email
ldelavaissiere@deloitte.lu

Share

 

Stay connected:
Get connected
Share your comments
More on Deloitte Luxembourg
Learn about our site

Recently published