Skip to main content

AML/CTF focal points for the investment fund sector in 2024

Recap, forecast and considerations

To the point


  • While the results of the CSSF’s latest on-site inspections are critical to predict the regulator’s upcoming focus areas, the industry should also consider previous years’ results, Luxembourg’s FATF evaluation, and the CSSF’s additional comments at conferences.
  • Certain areas, such as adequate due diligence of counterparties (especially delegates and unlisted assets) and effective cooperation with the authorities (especially regarding sanctions), will always remain in focus.
  • While complying with AML/CTF legislation and regulations is seemingly straightforward, professionals must evaluate the effectiveness of any implementations to avoid pitfalls.

How can professionals navigate forthcoming challenges successfully?

This article summarizes the Commission de Surveillance du Secteur Financier’s (CSSF) most recent observations in the field of Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF), potential forthcoming focal points, and steps that professionals could take to mitigate the risk of non-compliance.

The CSSF’s Annual Report 2022 was published on 25 August 2023 and is the leading source for gaining an overview of recent observations. While its results can help to identify future trends and concerns, they are not the only source for predicting the authority’s forthcoming focal points for 2024.

Amongst international efforts to combat money laundering and terrorism financing (ML/TF), the CSSF also considers the Financial Action Task Force’s (FATF) mutual evaluation report on Luxembourg's AML/CTF framework, issued at the end of 2023. In addition, the 2022 recommendations in the CSSF’s updated ML/TF Sub-sector Risk Assessment for the Collective Investment Sector (SSRA), as well as any information the regulator shares during conferences, serve as further indications for professionals to keep in mind.

Collectively, these sources offer valuable insights into the recent shortcomings concerning AML/CTF, allowing the industry to identify future focal points and ways to tackle various challenges.


Revisiting recent AML/CTF shortcomings

Investment fund professionals’ primary way to identify any AML/CTF weaknesses is through the CSSF’s annual reports, with the results of both on- and off-site inspections providing valuable insights. Subsequent conferences where the CSSF discussed observed shortcomings offer further background information and an understanding of the CSSF’s approach.

Professionals not subject to an inspection during the last financial year(s) should not assume their AML/CTF framework is free of the report’s identified weaknesses, especially as they provide a basis for the CSSF to further scrutinize these areas in future on-site inspections.

Therefore, despite the shortcomings being disclosed in August 2023, it remains crucial to provide a concise recap, enabling professionals to (internally) investigate their compliance. In summary, the CSSF’s 2022 Annual Report identified the following shortcomings, categorized by topic, that are relevant for investment fund sector professionals:1

    Business-wide AML/CTF risk assessment: professionals were called out for their weaknesses in properly assessing the AML/CTF risks they are exposed to, particularly in addressing the potential risks from their delegates.

    Name-matching processes/tools: professionals lack adequate controls to ensure their name-matching procedures and tools provide reliable outcomes. The deficiencies can manifest in various ways, and professionals must acknowledge there is no tolerance for errors in this area (especially regarding targeted financial sanctions):

      Delayed update of considered official lists (e.g., restrictive measures);

      Non-performance of (or delayed) name-matching controls (including the ongoing name-matching process) over a certain period or in due time; and

      Absence of the compliance function’s necessary control of alerts.

Beyond these shortcomings, the SSRA also highlights that the scope of financial sanction screenings, when outsourced to non-EU third parties, does not always include sanctions relevant to Luxembourg (EU sanctions lists).

    Due diligence process: for the second year running, the CSSF identified several weaknesses in professionals’ due diligence processes. It is noteworthy that this topic has always been and will continue to be a significant focal point for the regulator:

      Insufficient due diligence caused by incorrect AML/CTF risk assessments, including insufficient application of enhanced due diligence on intermediaries;

      Delayed periodic review of high-risk business relationships;

      Incomplete information (and supporting documentation collection, depending on the ML/TF risk classification) regarding the source of funds and origin of wealth; and

    Weaknesses regarding the AML/CTF risk analysis of an investment fund’s assets, the performance of risk-based due diligence measures and sanctions screening.

    Cooperation with the Financial Intelligence Unit (FIU): despite professionals’ awareness of the strict importance of reporting suspicious activities or transactions without delay—and the FIU frequently stressing this importance—it was identified that this is often not adhered to in practice.

Similar to previous annual reports, the identified shortcomings emphasize the importance of asset due diligence. Two additional observations indicate the CSSF’s continued focus on this topic. First, our experience indicates that assistance is frequently sought for the review, establishment, or advice on the due diligence process for assets (particularly unlisted assets). Second, the SSRA of May 2022 highlights the need for improved AML/CTF due diligence on assets.

Preparing for tomorrow—anticipating forthcoming areas of focus

Previous years’ weaknesses are not short-term concerns and should be considered as ongoing focus areas. Professionals should remain aware of these areas, as they may be subject to future inspections by supervisory authorities. This also includes thematic on-site inspections conducted on politically exposed persons (PEPs), the fight against corruption, and the adequacy of IT tools for ongoing business relationship monitoring.

Areas of great importance for upcoming inspections are those the regulator has consistently focused on in previous financial years (e.g., due diligence on delegates and assets), as this indicates that professionals are struggling to comply with the respective requirements.

While these shortcomings are a significant indicator of the regulator’s AML/CTF expectations, international circumstances also act as a guidepost, particularly the FATF’s evaluation of Luxembourg's measures to combat ML/TF. The FATF’s identified weaknesses must be addressed by Luxembourg, requiring the supervisory authorities to implement relevant measures to remedy them.

Therefore, the following points must be considered when predicting future areas of concern of the CSSF and other relevant supervisory authorities (e.g., the Administration de l’enregistrement, des domaines et de la TVA, which is scrutinizing vehicles under their supervision similarly to the CSSF):

  • An increased focus on detecting ML, prosecutions and asset recovery. This could heighten attention on professionals’ methods of identifying suspicious activities or transactions and reporting these to the respective authorities without delay. Professionals must keep in mind that investigations and subsequent prosecutions are only possible if they bring these matters to the authorities’ attention.
  • An enhancement of the supervision of non-profit organizations, including increasing the awareness of TF in this area. This could lead to an evaluation of implemented measures to ensure they are sufficient to detect terrorists/terrorist groups, etc.
  • Risk-based supervision of non-financial sectors, such as trust and company services, real estate and notaries, as they are typically exposed to an increased ML risk. This implies that professionals in these sectors could potentially come under the respective supervisory authority’s scrutiny.
To conclude, past regulatory observations and international evaluations guide the CSSF’s future focus areas. The following table outlines these and relevant considerations. 

Ongoing and potential future areas of focus2

Points of consideration

The CSSF’s on-site inspections and the FATF’s evaluation report both highlight the importance of adequate TF prevention. While the FATF recommended raising awareness of CTF’s importance (especially regarding non-profit organizations), the CSSF criticized the appropriateness of the industry’s sanction screening measures. In addition, the current geopolitical situation heightens this issue. As a multi-faceted topic, TF prevention cannot be addressed by a single, one-size-fits-all measure.

A related topic is the importance of cooperating with the FIU and the Ministry of Finance. It has been continuously highlighted there is no room for error regarding correctly identifying and classifying (sanctions) hits, processing them adequately and, of course, reporting them without delay.

  • Professionals of the investment sector must assess how the current geopolitical situation impacts their business, investor base and asset portfolio, such as adjusting risk appetite statements, and defining mitigating measures and second level of defense controls.
  • Professionals must review and, if necessary, revamp their AML/CTF policies while stressing the importance of CTF in their annual (or ad-hoc) AML/CTF training.
  • Professionals must implement clearly described processes for initial and ongoing sanction-list name screening, such as responsibilities, tools, frequency, scope of sanction lists, alert handling, and the internal and external escalation path. This must include but not be limited to applying the four-eyes principle when encoding client information and controls of the completeness and correctness of the underlying sanction lists.
  • Professionals must ensure that their preventive measures in place are sufficient to deter the financing of weapons of mass destruction.  

Business-wide risk assessment (along with risk appetite) is considered a fundamental pillar of the industry’s AML/CTF framework and must be continuously adapted to new circumstances. These can include internal changes, such as new products or delegates, or external changes, such as legislation, regulatory requirements or the geopolitical situation. The CSSF’s demonstrated shortcomings and our experience from various engagements underscores this topic’s importance.

  • Professionals of the investment sector must ensure their business-wide risk assessment follows a comprehensive structure (identification of the inherent risks, definition of mitigating measures, and conclusion of the residual risks).4
  • Professionals must evaluate the risk from any type of delegate or intermediary.
  • Professionals must consider the 2020 National Risk Assessment5 and 2022 SSRA as a minimum for identifying risk exposure. These assessments must be aligned with the nature and activities of the business.

Due diligence on and oversight of delegates are as equally important as due diligence on investors or other counterparties. The fact that the CSSF's annual reports have consistently highlighted shortcomings in this area since 2019 indicates the challenges professionals face.

  • Professionals must implement adequate AML/CTF procedures that cover the requirements for all their delegates. This includes not only the initial risk assessment and due diligence on delegates, but also the definition of the oversight framework applied on a risk-based approach.
  • Professionals should reassess and implement key risk indicators focused on AML/CTF, if they have not already done so.
  • Professionals must consider additional measures on a risk-based approach, such as on-site visits and sample checks.

Due diligence on assets is still an area with room for interpretation, especially regarding unlisted assets. Each CSSF annual report since 2019 (apart from 2021) and the 2022 SSRA have referred to shortcomings in the adequate performance of asset due diligence, highlighting this area’s relevance.

  • Professionals should actively exchange with other market participants to better understand market practices.
  • Professionals should assess the number and type of asset transactions to determine whether a manual risk assessment and due diligence process is suitable, or if an automated solution would be more efficient.
  • Professionals must remember sanction screening is mandatory, regardless of the assigned risk level. They must also adapt their screening procedures, particularly regarding the range of persons included in the screening process, as this may differ according to the asset type.