Accelerating the integration of crypto-assets into Luxembourg-based investment funds

At a glance

The CSSF has updated both the Crypto-assets FAQ for UCIs (Version 7 – 04/02/2026) and the FAQ concerning the Luxembourg Law of 17 December 2010 (Version 23 – 17/02/26), clarifying how UCITS, AIFs, IFMs and depositaries can engage with crypto‑assets following MiCAR’s entry into force, and what is now expected in practice.

Key points from the amended FAQ 

• UCITS: May invest indirectly in crypto-assets, up to 10% of NAV, through eligible transferable securities that do not embed derivatives. In addition, UCITs may also hold e-Money tokens (EMTs) as ancillary assets, up to 20% of the vehicle net assets, solely for the purpose of processing subscriptions or redemptions.
• AIFs: May invest both directly and indirectly in crypto-assets. Retail AIFs (other than those reserved for well-informed investors) are limited to 10% of NAV in crypto-assets.
• IFMs: Managers overseeing AIFs with more than 10% of NAV allocated to crypto-assets must obtain a dedicated CSSF strategy authorization (“Other–Other Fund–Crypto-assets”) and demonstrate robust frameworks covering risk management, valuation, custody and AML/CTF.
• Fund of funds: No crypto-assets strategy license is required; however, enhanced due diligence is expected for target funds with crypto-assets as a primary exposure, including an assessment of the target manager’s ability to identify and manage associated risks.
• Depositaries: May act for funds investing directly in crypto-assets but must adapt their operating model and—where custody services are provided—comply with MiCAR authorization and notification requirements.
• AML/CTF: Crypto-assets are considered higher risk; accordingly, IFMs and funds are expected to conduct asset-level ML/TF risk assessments and perform appropriate due diligence.

Strategic risk of inaction

• Regulatory exposure: Failure to align with evolving expectations may result in authorization delays, heightened supervisory scrutiny, and potential regulatory intervention.
• Competitive disadvantage: Firms that move early will be better positioned to launch compliant crypto-asset strategies, potentially capturing market share while slower actors fall behind.

Recommended actions

• Identify product opportunities: Evaluate new crypto-asset offerings, how they complement existing portfolios, and their operational implications.
• Map exposures: Align current and planned crypto-assets exposure with the applicable regulatory limits.
• Confirm authorization needs: Determine whether the “Other–Other Fund–Crypto-assets” strategy authorization is required.
• Strengthen control frameworks: Enhance risk management, valuation, custody, and AML/CTF processes to address crypto-specific risks.
• Engage proactively with the CSSF: Initiate early dialogue before launching or adapting crypto-focused products to facilitate a smoother approval process.

A closer look

The CSSF’s FAQs update Luxembourg fund rules further to MiCAR entry into force and materially reshapes how UCITS, AIFs, IFMs and depositaries can engage with crypto‑assets.

The updated positions apply from 4^th and 17^th  February 2026 onward respectively, taking immediate effect for new projects and serving as the reference point for the review of existing products.

UCITS and AIFs: Portfolio construction and limits

Key changes

UCITS are permitted to gain indirect exposure to crypto-assets—capped at 10% of NAV—through eligible transferable securities without embedded derivatives. Practically, exchange-traded products (ETPs) with crypto-assets as underlying and that qualify as transferable securities would be considered as eligible assets within the meaning of this ratio.

UCITS may, on an ancillary and temporary basis, maintain exposures of up to 20% of their net assets to EMTs or single-fiat-backed “stablecoins” in connection with subscription and redemption activity. Upon receipt, UCITS are expected to convert these EMTs into bank deposits or invest them in eligible fund assets in a timely manner.

AIFs may obtain direct or indirect exposure to crypto-assets, subject to compliance with applicable fund regulations. Retail-oriented AIFs (excluding those reserved for well-informed investors) must not exceed a 10% NAV allocation.

• The CSSF highlights that the volatility, liquidity, and technological risks associated with crypto-assets can materially affect a fund’s risk profile, highlighting the need for their prudent integration into the investment policy, supported by robust internal controls.
• Managers are expected to update their risk management frameworks, reinforce internal approval processes for new products or strategies, and provide investors with clear and transparent disclosures.  Any intended exposure to crypto-assets must be communicated to the CSSF in advance.

Opportunities

• Launch of hybrid UCITS with capped crypto-assets indirect exposure such as ETPs, appealing to mainstream distributors.
• Fully capture the benefits of tokenized funds by executing the entire settlement process on chain.
• Institutional and professional AIFs can be structured as higher‑beta crypto-assets allocations under a clear Luxembourg framework.

IFMs: Exemption of new strategy authorization

Key changes

• IFMs managing AIFs with less than 10% of NAV allocated to crypto‑assets are not required to obtain the “Other–Other Fund–Crypto‑assets” strategy authorization.
• For fund of funds, no dedicated crypto-assets strategy license is needed; however, comprehensive due diligence on crypto‑focused target funds is mandatory.

Opportunities

• IFMs now have an opportunity to test and gradually integrate crypto-assets into their investment strategies without triggering a prior application for a new asset strategy or related authorization.
• This development may broaden the pool of IFMs entering the crypto-asset space and expand market product offerings, ultimately enhancing investor access.

Depositaries: Reminder on potential operating models and impacts

Key points

Subject to prior notification to the CSSF, Luxembourg fund depositaries may act for funds investing directly in crypto‑assets, provided they continue to meet all applicable regulatory requirements and appropriately adapt their organization and operating model to address the specific safekeeping risks associated with such assets.

Market participants are further reminded that where crypto-assets qualify as “other assets,” the depositary’s liability is limited to its safekeeping duties, namely ownership verification and record-keeping.

• Where the depositary does not provide crypto-asset custody under MiCAR: The fund or its manager must appoint a crypto-asset service provider and maintain a direct contractual relationship with that provider, which assumes responsibility for safeguarding the assets. In this scenario, the crypto-assets are not recorded on the depositary’s off-balance sheet, and the depositary is not liable for their restitution.
• Where the depositary provides crypto-asset custody and administration: If authorized or notified as a crypto-asset service provider under MiCAR, the depositary must record the crypto-assets on its off-balance sheet and assume the associated MiCAR obligations for safekeeping and administration, including restitution liability.

Opportunities

• Traditional depositaries may unlock new business opportunities by incorporating crypto-assets into their services offering, thereby diversifying their products mix.
• A range of operating models is available, spanning partnerships with crypto-asset service providers to fully integrated solutions that combine depositary, safekeeping, and MiCAR-compliant services in-house.

AML/CTF: Asset-level due diligence

Key points

The amended FAQ reminds market participants of the requirement to perform mandatory ML/TF risk scoring for each crypto‑asset and to conduct tailored due diligence reflecting the asset type, acquisition method, and source of funds.

• When a fund or its manager invests in any asset, including crypto‑assets, it must evaluate the associated ML/TF risk and implement anti‑money laundering controls proportionate to that risk. In the crypto-asset context, the CSSF encourage market participants to consider the national risk assessment on virtual asset service providers issued in December 2020.
• The level of risk and corresponding depth of due diligence will vary depending on the investment approach (direct exposure versus investment through an intermediary vehicle), the nature of the crypto-asset, and the matter in which it is acquired.

Opportunities

• Engaging specialized crypto-assets AML analytics providers and related advisory services may support market participants in deepening their understanding of the specific risks considerations associated with this asset class, while facilitating the compliant scaling of regulated crypto-assets funds in Luxembourg.

How Deloitte can help

Market participants will require structured, end‑to‑end support to translate these regulatory developments into a viable and scalable crypto‑asset strategy, rather than viewing them solely as a compliance exercise.

Deloitte Luxembourg can assist in navigating this evolving landscape by turning regulatory expectations into clear design choices across products, governance, and operating models. This includes determining the appropriate level of crypto-asset exposure for a given investor base, demonstrating robust risk management, valuation, and custody arrangements, and ensuring AML/CFT controls are sufficiently resilient to withstand supervisory scrutiny at the asset level.

More specifically, Deloitte can help your business move from uncertainty to clarity by:

• Identifying where you stand, what “good” looks like in this new environment, and outlining the concrete steps required to make your crypto strategy both compliant and competitive.
• Ensuring your approach reflects regulatory expectations and market practice so that new or adapted products can be approved efficiently, distributed cross‑border, and remain resilient in the face of regulatory challenge or market stress.

Deloitte’s regulatory watch team closely monitors digital finance developments, helping you stay ahead of the regulatory curve.