This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Pathfinder volume 10, issue 8

August 2008


New AML Laws in Luxembourg, maturity of the preventive system?

Luxembourg parliament passed two new AML Laws on 17 July 2008 enacting the requirements laid down by the third AML Directive.

The first Law amends the now familiar Law of 12 November 2004. This text states different obligations that professionals must observe in order to fulfill their duty with regard to the prevention of money laundering and terrorist financing. The second Law amends the Criminal Code by extending the scope of predicate offences that give rise to money laundering.

This article will not cover in detail all existing professional obligations but focus on what has changed and what is new. The first part of the article highlights regulatory changes with respect to:

  • Predicate offences
  • Obligation to know your client
  • Obligation to have an adequate internal organisation
  • Obligation to cooperate with the authorities

The second part highlights some of the practical consequences and challenges for the professionals concerned.

Part 1: Regulatory changes

1) Extension of the scope of predicate offences

Based on the international trend to extend the scope of predicate offences and based on FATF recommendations, the European legislator adopted a broad approach in determining the scope of predicate offences for money laundering: all serious crimes are included.

Luxembourg incorporated this requirement within national law. The updated list of predicate offences includes the following:

  • participation in an organised criminal group and racketeering;
  • terrorism, including terrorist financing;
  • trafficking in human beings and migrant smuggling;
  • sexual exploitation, including sexual exploitation of children;
  • illicit trafficking in narcotic drugs and psychotropic substances;
  • illicit arms trafficking;
  • illicit trafficking in stolen and other goods;
  • corruption and bribery;
  • fraud and swindling (including bankruptcy2);
  • counterfeiting currency;
  • counterfeiting and piracy of products;
  • environmental crimes and offences;
  • murder, grievous bodily injury;
  • kidnapping, illegal restraint and hostage-taking;
  • robbery or theft;
  • smuggling;
  • extortion;
  • forgery;
  • piracy;
  • insider trading and market manipulation and;
  • any other offence incurring a minimum six-month custodial sentence.

We should note that some predicate offences like forgery are extremely broad and may have an impact for financial or non-financial professionals. The section of the Criminal Code that relates to forgery3 includes all forgery performed in public documents, in commercial documents, in bank documents or in private documents. We may conclude that deliberate accounting fraud or false statements in balance sheets or profit and loss account would fall within forgery if those false statements are made deliberately.

Another important comment would concern the issue of serious tax fraud (escroquerie fiscale4). According to our understanding this offence is not covered as such in the scope of predicate offences because the minimum custodial sentence is below the threshold of 6 months (custodial sentence varying between 1 month and 5 years). However, we should note that some offences like fraud, forgery and participation in an organised criminal group potentially related to serious tax fraud are included within the scope of predicate offences giving rise to money laundering. Special care should be applied by professionals in matters related to serious tax fraud.

2) Obligation to Know Your Customer (KYC)

The main change in the Law of 12 November 2004 concerns the provisions related to the obligation to know your customer (KYC). Whilst the initial Law of 12 November 2004 and subsequently regulatory bodies like CSSF5 and CAA6 implemented the risk based approach in the identification and monitoring of customers, the new Law goes one step further. Due diligence procedures in the identification and the monitoring of customers7 and beneficial owners are split into 3 categories:

  • Normal risk: this risk category includes procedures that should be currently applied by professionals in Luxembourg. No significant change to the current situation.
  • Low risk: this risk category extends to certain types of customer and certain types of product.
    • Concerning the types of customer representing a low risk. It has been extended compared to the previous situation.
      It includes now not only credit or financial institutions subject to equivalent AML measures9, but also under certain conditions listed companies, beneficiaries of pooled accounts held by notaries and other independent legal professionals, public authorities or public bodies or other financial professionals representing a low risk of money laundering.
    • Concerning the types of product representing a low risk, the Law foresees minimum diligences for certain life insurance products with low amounts involved, certain types of insurance policies for pension schemes or pension, superannuation or similar schemes. Some forms of electronic money are also covered.
  • High risk: this risk category is very similar to the high risk customers already referred to in the CSSF Circular 2005/211 and CAA Circular 2008/5. Professionals are obliged to consider a client as high risk:
    • if the client performs transactions that are more at risk,
    • if the customer has not been physically present for identification purposes,
    • in case of cross-border correspondent banking relationship with institutions from not equivalent countries or
    • where the customer is a Politically Exposed Person (PEP)10.

In general, whenever there is a ground of suspicion, a customer should be classified as high risk. 

Another interesting development is the additional detail with respect to delegation of identification processes. Professionals no longer need a written identification delegation mandate with a professional of the same activity sector. Professionals can now delegate the identification to credit and financial institutions, to auditors, to notaries and to lawyers or to similar foreign professionals with similar AML obligations.

In the same trend to rationalise the identification delegation process, copies of the identification documentation no longer need to be present in Luxembourg but simply to be available upon first request. This condition may be imposed by a contract but rules concerning client confidentiality should be kept in mind when examining the feasibility of identification delegation to another professional. Responsibility for the identification remains, however, as previously, with the Luxembourg professional.

3) Obligation to have an adequate internal organisation

This obligation remains the same as in the previous Law. Professionals have an obligation to establish adequate and appropriate policies and procedures for customer due diligence, reporting, record keeping, internal control, risk assessment, risk management, compliance management and communication in order to forestall / prevent transactions related to money laundering or terrorist financing. The obligation to make employees aware and to train them remains also unchanged.

4) Obligation to cooperate with the authorities

Provisions concerning the cooperation obligation remain largely unchanged. The only major change concerns the no tipping-off rule. There is still a ban on communicating the existence of an investigation to the customer concerned but now an exchange of information intra-group or with a professional11 counterparty on the subject of the suspicious transaction is allowed without requesting prior approval of the Luxembourg FIU.

This new situation may contribute to mitigating the risk of money laundering globally but the Luxembourg professional should bear in mind interaction with the rules concerning client confidentiality.

Part 2: Practical consequences for professionals

This is not an exhaustive list of all possible impacts of the new AML Law for professionals but an attempt to highlight some thoughts and concerns. 

1) The extension of predicate offences will require professionals to obtain a deep detailed knowledge of the activities and reputation of their customer in order to have additional assurance or comfort that the activities and transactions are not in the scope of AML predicate offences. This required level of detail may well have an impact on the way front offices manage their clients. 

2) The extension of predicate offences may have an impact on the number of suspicious transaction reports sent to the State Prosecutor. An increasing number of STRs may require the installation of more sophisticated procedures for reporting and case management may be needed by professionals. 

3) The Risk Based Approach (RBA) is a challenge but also a great opportunity for professionals to better target their efforts in the identification and monitoring of customers’ transactions. This will however only be possible if a mature process of client risk classification is in place. It may also be dependent on the information available in IT systems. In case the information is missing, professional may be required to perform a remediation plan to capture all information needed in the IT systems.

4) The Risk Based Approach will also have an impact on IT systems. It may on the first hand imply the update or implementation of name matching systems to identify persons blacklisted, persons sanctioned for example by OFAC or persons to be considered as PEP. On the second hand monitoring of customers may need to be updated taking into account new predicate offences and varying degrees of diligence according to the risk classification. Even if in many cases sophisticated system might be disproportionate compared to the size of the client database or client transactions, some basic type of risk based transactions monitoring will be needed.

5) Finally new rules and additional details for identification delegation provide investment fund industry and life-insurance industry professionals with the legal context to organise AML compliant distribution channels. 


This important update of the AML Law in Luxembourg will certainly have an impact on the way professionals meet their obligations.

However the trend will not always make things more complex; a couple of measures allow some to better target AML resources at risky clients and transactions, while remaining pragmatic in their approach (for example: Risk Based Approach, new rule for delegation of identification and new rule for the no tipping-off). 

In the near future, it is likely that professionals will receive updates from their respective supervisory bodies (for example CSSF and CAA) with profession-specific revised regulations. We can now look forward to a stabilisation of the AML legal and regulatory framework for the years to come.

Single contractual status for private sector employees

The Law of 13 May 2008 on the Single status seeks to harmonize the statuses of “blue” and “white”-collar workers to eliminate the discrepancy existing at the level of labour law and social security legislation.

Continuation of payment in case of sickness

The Law introduces the continuation of payment in case of sickness for all employees working in the private sector. The new regime applicable to both blue-and white-collar workers is close to the current treatment of white-collar workers on the basis of which the employer pays the remuneration during the month the sickness starts and the three following months, with National Insurance only intervening after the termination of this period.

The new provisions provide that an employee has the right to receive in full his/her salary and other benefits allied to his/her employment contract until the end of the month in which the 77th day of work incapacity occurs. When the employee reaches the threshold of 77 days, the employer is obliged to pay his/her salary until the end of the month started, which results in guaranteed payment during 11 weeks minimum and 15 weeks maximum. Consequently, in average, the employer compensates the first 13 weeks of the employee’s work incapacity.

This results on the one hand in an increase of the obligations of the employer for blue-collar workers, and on the other hand, in a decrease of the obligations of the employer for white-collar workers, for whom the maximum period to cover is reduced from 123 days to 107 days.

Fixed rate of contribution for cash sickness insurance

The rate of contribution for the financing of the cash sickness insurance is uniformly set for all employees to 0,50%, of which one part of 0,25% is paid by the employer and one part of 0,25% is paid by the insured person.

The total rate for sickness insurance, covering the financing of sickness insurance in cash and in kind, is set at 5,90% (0,50% + 5,40%) for all employees, i.e. 2,95% for the insured person and 2,95 % for the employer.

Financial impact for insured persons

The application of the new regime has the effect of reducing the overall rate of social security contributions for blue-collar workers (employee share) from 14,45% to 12,35%. This results in an increase of the semi-net remuneration before payroll tax of 2,1%.

For white-collar workers, the overall rate of social security contributions (employee share) will increase from 12,20% to 12,35%. This results in a decrease of the semi-net remuneration before payroll tax of 0,15%. 

Creation of a Mutual insurance institution for employers

The Mutual insurance institution for employers (Mutualité des employeurs) is a public institution which the employers of the private sector are obliged to join. However, there is a possibility to claim for an exemption of affiliation for companies who have concluded private insurance arrangements before 31 December 2008 in order to protect them against possible risks in case of sickness of their employees during the period of continuation of the remuneration.


The Law has introduced the principle of compensation of overtime by time of in lieu at the rate of one and a half hours per hour of overtime performed. It is also possible to record overtime on a time savings account, with application of the same rate.

In case this recovery (compensation or record on a time saving account) is not possible for reasons inherent to the organisation of the company, or in case the employee leaves the company and for one or the other reason the overtime hours cannot be recovered, overtime hours will be paid out at a rate of 140%.

That part of the remuneration which is not increased, i.e. the first 100%, is subject to social security contributions for the sickness insurance in kind at a rate of 2,70% for the employee share and 2,70% for the employer share. The increase of 40% is entirely exempt from social contributions. Moreover, overtime hours paid out at 140% are completely exempt from taxation.

Occupational pension plans

In absence of a former scheme applicable to the same category of persons, employees in service at the time of establishment of a new scheme must be affiliated to this new scheme as soon as they full fill all conditions foreseen in the scheme rules.

In case there is a former scheme applicable to the same category of persons, the employees in service at the moment of establishment can, at the discretion of the company, remain affiliated to the former scheme or be affiliated to the new scheme. Restrictions apply in case the new regime is less favorable for the affiliated persons.

Other amendments
  • The school family allowance is also granted to children younger than six years who start primary school;
  • Attribution of a three months’ death indemnity becomes identical to both white-and blue-collar workers; and
  • The departure indemnities of blue-collar workers are adapted to those of white-collars with regards to the length of ongoing service of at least 20 years.
Entry into force

With the exception of the measures relating to the Mutual insurance institution for employers which came into force as of 15 May 2008, the majority of the provisions of the Law of 13 May 2008 regarding the Single status will come into force as of 1 January 2009.

Reporting by FSPs

Circular CSSF 2008/369 of 31 July 2008 on the electronic transmission of “Statistical ad-hoc information” (tables II.1. – II.22.) to be submitted to the CSSF by FSPs and on the change in the ad-hoc reporting periodicity and adaptation of the transmission method of the FSPs’ prudential reporting.

The primary aim of this Circular is to extend, as from 30 September 2008, the electronic transmission to all ad-hoc schedules (tables II.1. to II.22.) specific to the different FSP categories, set out in Circulars CSSF 2005/187 and CSSF 2008/364, which FSPs currently transmit in paper form to the CSSF.

The secondary aim of the Circular is to reduce, as from 30 September 2008, the monthly periodicity of ad-hoc reporting to quarterly. The financial situation (table I) thus remains the only schedule to be submitted on a monthly basis.

The third aim of the Circular is to replace the current FSP reporting method by a secure and standardised transmission method.

The CSSF implemented a security concept based on end-to-end encryption between the institution performing the prudential reporting and the regulator, similar to the requirements applicable to TAF/MIFID reporting and the prudential financial reporting of credit institutions (FINREP/COREP in XBRL format).

As from 30 September 2008, FSPs shall transmit the complete prudential reporting package provided for by Circulars IML 1996/124, CSSF 2005/187 and CSSF 2008/364 via one of the transmission channels commonly used at the CSSF. Currently, E-file and SOFiE are offered with an encryption/decryption module compatible with the encryption specifications set out in Circular CSSF 2008/334 “Encryption specifications for reporting firms”.

CSSF Circular 2008/364 of 22 July 2008 on the financial information to be submitted to the CSSF on a quarterly basis by the FSPs performing a support FSP activity The purpose of this Circular is to update the “ad-hoc” CSSF reporting formats to be delivered by Support FSPs. 

The reporting schedules:

  • Table II.17. Customer relations service providers
  • Table II.18. Financial services administrative agents
  • Table II.19. Operators of FSI computer systems and communications networks
    defined by CSSF Circular 2005/187 are superseded by 2 schedules which take up all activities held by support FSPs:
  • Table II.17. Support FSPs: Individual contracts
  • Table II.18. Support FSPs: Global contracts



Stay connected:
Get connected
Share your comments
More on Deloitte Luxembourg
Learn about our site

Recently published