2022 was another busy year. Many legal and regulatory changes have impacted your business, and will continue to impact it in 2023. That is why we are pleased to provide you with an overview of 2022's major legal and regulatory developments

Inactivity in accounts, safe-deposit boxes and insurance contracts

The new law on inactive (bank) accounts, safe-deposit boxes and unclaimed insurance contracts was published in the Luxembourg Official Journal on 1 April 2022 and entered into force on 1 June 2022.

The law introduces a completely new and rather prescriptive and stringent legal framework in this field, which applies not only to dormant accounts and safe-deposit boxes (for banks) but also to life insurance contracts in respect of which benefits remain unclaimed. It can be summarised under three main pillars:

  • Prevention - obligations to maintain contact and thus prevent inactivity in relation to bank accounts, safe-deposit boxes and life insurance contracts.
  • Consignment - mandatory consignment of assets after a prolonged period of inactivity or period of unclaimed benefits under life insurance contracts.
  • Restitution - helping facilitate arrangements for the return of deposited assets.

It should be noted that the law includes administrative sanctions which can be imposed by the CSSF or the CAA for certain specific breaches of the law (along with a possible "name and shame" process). In addition, criminal sanctions can be imposed for a number of other breaches. Read more...

Central administration, internal governance and risk management

On 22 April 2022, the CSSF published Circular 22/807 which amends Circular 12/552 on central administration, internal governance and risk management.

With a view to integrating both the newly revised EBA Guidelines on internal governance and the joint ESMA and EBA Guidelines on assessment of the suitability of members of the management body, CSSF Circular 12/552 has been amended as follows:

  • A definition of ESG risks has been added, together with an explicit requirement to take ESG risks into account in the business plan and in various guiding principles.
  • The roles and responsibilities of the Chief Compliance Officer and the AML/CFT compliance function have been set out in further detail and now also include a requirement for the yearly summary report of the compliance function to describe progress made in the implementation of the "compliance monitoring plan".
  • The guiding principles to be set by the management body in relation to equality and non-discrimination must now take account of a considerably expanded list of criteria.
  • A specific section dedicated to the documentation of loans granted to members of the management body and their related parties has been included, which notably sets out the information to be gathered and, if requested, made available to the competent authority.
  • The internal control framework must now adequately cover prevention of fraud and AML/CFT risks.
  • The section relating to outsourcing arrangements has been considerably shortened and now includes references to the outsourcing rules in the new general CSSF Circular 22/806 on outsourcing arrangements and CSSF Regulation 12-02 on the fight against money laundering and terrorist financing.

The relevant updates entered into force on 30 June 2022. Read more...


On 22 April 2022, the CSSF published Circular 22/806 on outsourcing arrangements, addressed to: credit institutions; financial sector professionals, including investment firms, payment institutions and electronic money institutions; investment fund managers (IFMs); UCITS with a designated management company; central counterparties; approved publication arrangements and authorised reporting mechanisms; market operators of trading venues; central securities depositories and administrators of critical benchmarks, including their branches.

The Circular sets out internal governance requirements for planning, implementing, monitoring and managing outsourced activities, and imposes ongoing obligations relating to governance, risk management, conflicts of interest, internal controls, professional secrecy, data protection, business continuity and exit planning. Additionally, the Circular lists requirements for the contents of outsourcing agreements.

The Circular sets out specific rules on information communication technologies (ICT) outsourcing, which only apply to actual outsourcing of ICT (and not to arrangements that concern outsourcing of entire functions which may happen to rely on ICT solutions). Where ICT outsourcing relies on cloud solutions, additional rules apply that are similar to those previously included in CSSF Circular 17/654 (now repealed). Read more...

Click here to continue reading . . .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.