i Market overview

The Luxembourg financial sector performed solidly during the past 12 months against a backdrop of challenges posed by the negative interest rates environment and the increasingly complex regulatory framework. Finance continued to be the key driver of Luxembourg’s economy, generating one-third of the country’s GDP.2

As of September 2016, the overall profitability of Luxembourg banks was on the increase with an estimated €4.4 billion of profits before provisions and tax (up 6.3 per cent over a year), while their balance sheet total reached €742 billion (down 2 per cent compared to September 2015).3 As at February 2017, there are 142 banks in Luxembourg, compared to 144 in February 2016.4 Luxembourg banks are mostly universal banks offering custodian services, private banking and, to a lesser extent, retail and commercial banking services. As at December 2016, the five largest Luxembourg banks in terms of total assets remain Deutsche Bank, CACEIS Bank, Banque et Caisse d’Epargne de l’Etat, Société Générale Bank & Trust and BGL BNP Paribas.5 Domiciliation and distribution of investment funds is a flagship industry of the financial sector, with Luxembourg being the second-largest fund centre in the world after the United States. In late 2016, Luxembourg was home to 3,847 funds managing €3.6 trillion of net assets, the latter representing a 1.42 per cent increase over 12 months.6

The financial sector contributed to the consolidated growth of Luxembourg’s economy, which expanded by 4.8 per cent year-on-year in the third quarter of 2016.7 Prospects remain optimistic, with the country’s GDP estimated to grow by 23 per cent in the period from 2014 to 2019.8 This is confirmed by the maintaining of Luxembourg’s AAA credit grade by Standard & Poor’s in September 2016, quoting a stable outlook with an anticipated growth exceeding the eurozone average in the coming years.9 Thus, Luxembourg remains one of the few EU countries to maintain a ‘triple A’ credit rating from all three major credit rating agencies.10

However, the impact of macroeconomic challenges cannot be ignored. In Europe, the past 12 months were marked by political and economic uncertainty surrounding the United Kingdom’s vote to withdraw from the European Union, with European equities closing with their first yearly loss in five years; 11 as well as with the European Central Bank (ECB) confirming its commitment to its key interest rates remaining at current or lower levels for an extended period of time.12 The cost of regulatory compliance, which is estimated to have grown by 20 per cent in the past four years (excluding the equity capital requirements entailed by certain regulations, such as CRD IV and EMIR),13 is another major concern as Luxembourg banks continue to adapt to increasingly stringent regulatory requirements (EMIR, MiFID II, PRIIPS, etc.).14 All of these factors put a strain on the profitability of banks. The budgets of regulatory compliance have reached record levels and are expected to grow until 2018, marking the end of the implementation of the post 2007–2008 regulatory agenda.15

ii Regulatory developments

Since 2015, the single supervisory mechanism (SSM) became operational as eurozone significant banks in the sense of the SSM Regulation16 came under the direct supervisory purview of the ECB (59 Luxembourg banks representing 74 per cent of total assets of banks were concerned as at end 2015), whereas less significant banks continued to be directly supervised by the Commission de surveillance du secteur financier (CSSF), the Luxembourg prudential supervisory authority. Following the implementation of the Capital Requirements Directive17 (CRD IV), the Bank Recovery and Resolution Directive18 (BRRD) and the Deposit Guarantee Scheme Directive19 into Luxembourg law in 2015, the main areas of focus of the Luxembourg banks in 2016 were related to further adapting to the CRD IV and CRR regime, as well as the anticipated implementation of PRIIPS,20 which is expected to be applicable as of 1 January 2018, following the rejection of the regulatory technical standards concerning the format and methodology used to compile the the key information documents for investors by the European Parliament in September 2016. The main challenge in terms of compliance and regulatory cost still lies ahead with the anticipated implementation of MiFID II package, which is due on 1 January 2018, and which will have a significant impact on Luxembourg banks in the field of their private banking operations, and in particular with respect to the advisory activities and the new regime foreseen for inducements.

Banks specialised in investment funds have been focusing on the new rules for depositaries issued from the UCITS V Directive (UCITS V)21, which was transposed into Luxembourg law by a law of 23 December 2016 (UCITS V Law). Preparing for the implementation of the Fourth Anti-Money Laundering Directive (AML IV)22 was also high among the priorities of Luxembourg banks in 2016, and is due to remain so in 2017 as the bill of law implementing AML IV has yet to be issued by the Luxembourg legislator. In addition, the EU General Data Protection Regulation (GDPR),23 which entered into force on 5 May 2016 and is due to be implemented by Member States by 6 May 2018, is expected to have an important impact, as it requires banks to hold increasing amounts of data on their clients for various purposes, including regulatory reporting and suitability tests. Further developments to the regulatory landscape are discussed below.

iii Deals

In October 2016, China Everbright Bank and Shanghai Pudong Development Bank have confirmed their intention to set up branches in Luxembourg, with the total number of Chinese banks established in Luxembourg being expected to rise to eight.24 In February 2017, UBS Group AG and Northern Trust Corporation announced that UBS AG has entered into an agreement for Northern Trust to acquire UBS Asset Management’s fund administration servicing units in Luxembourg (and Switzerland) in a move to expand and gain local fund administration capabilities.25


Save for the BRRD, the vast majority of legal and regulatory provisions concerning financial services are implemented into the Luxembourg law on the financial sector (LFS),26 which remains the principal source of banking regulation in Luxembourg. The LFS underwent a substantial overhaul in 2015 to accommodate the rules resulting from the implementation of CRD IV and the BRRD.

Luxembourg banking legislation traditionally provides for two types of banking licences: that of a universal bank – referred to indifferently as ‘bank’ or ‘credit institution’ by the LFS, 139 institutions held this status on 31 December 2015 – and a special licence for banks issuing covered bonds (four institutions held this status on 31 December 2015).27 Banks issuing covered bonds have the monopoly on covered bonds issuance, and are prohibited from collecting deposits from the public.

Banks or credit institutions may offer all commercial and investment banking services. A single banking licence granted under the LFS allows banks to perform all of the services regulated under the LFS. This includes all the classical banking activities, such as deposit taking and lending, MiFID services and activities as well as payment services.

i Securities activities

The operating conditions of Luxembourg banks in the field of securities activities are subject to the Luxembourg implementation of the Directive on Markets in Financial Instruments28 (MiFID). MiFID conduct of business and organisational requirements are implemented in Article 37-1 to 37-9 of the LFS as well as under the Grand-Ducal Regulation of 13 July 2007 relating to organisational requirements and rules of conduct in the financial sector (Grand-Ducal MiFID Regulation). CSSF Circular 07/307, as amended, further specifies certain provisions of the LFS and of the Grand-Ducal MiFID Regulation, such as those governing the categorisation of clients, suitability and appropriateness requirements, conflicts of interest, inducements, best execution, client order handling, information to clients, reporting to clients and record keeping. CSSF Circular 06/273, as amended, governing the capital adequacy requirements applying to banks’ trading book activities, is currently under review by the CSSF in view of adapting it to the changes introduced by the CRD IV package, although most of it has been superseded by the CRR.29

ii Deposit taking and lending

Deposit taking and lending are regulated under the general prudential supervision framework set out in the LFS. Pursuant to the European framework governing access to the activities of banks, a credit institution is traditionally defined as an undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account.30 Only entities that are authorised to conduct both activities may carry the name of banks, and only banks are authorised to collect deposits or other repayable funds from the public.

iii Activities of overseas banks
Banks from EU Member States31

Banks authorised in other EU Member States may open a subsidiary in Luxembourg under the same conditions as Luxembourg banks. In addition, such banks may provide services and conduct activities in Luxembourg by virtue of the ‘European passport’ (i.e., the freedom of establishment or a cross-border provision of services without further authorisation requirements pursuant to the Treaty on the Functioning of the European Union).

Luxembourg branches of banks authorised in other EU Member States are subject to supervision by their home Member State authorities pursuant to the principle of ‘home country control’, although the CSSF is responsible as a host authority for ensuring the compliance by such branches with certain requirements, such as the MiFID conduct of business rules, post-trade transparency requirements, anti-money laundering obligations and consumer protection. Such branches are required to report periodically on their activities to the CSSF.

Banks from third countries

Banks authorised in non-European Economic Area (EEA) jurisdictions do not benefit from the European passport. However, a special authorisation regime is available under Article 32(5) of the LFS for banks authorised in a non-EEA jurisdiction that are not established in Luxembourg but that occasionally and temporarily come to Luxembourg to provide services pertaining to the LFS. Such banks shall hold an authorisation from the Minister responsible for the CSSF, provided that they are subject to equivalent authorisation and supervisory rules in their country of origin as those set out under the LFS.32 Currently, seven banks originating from non-EEA jurisdictions hold such authorisations. It is worth noting that the CSSF has specified in this regard that having customers domiciled in Luxembourg does not mean that such banks shall automatically be considered as performing their activities on the Luxembourg territory.33

Non-EEA banks wishing to establish a branch in Luxembourg are subject to the same authorisation rules as those applying to credit institutions and other professionals governed by Luxembourg law.34

iv Basic structure, priorities, agenda and resources of the regulators

The authority responsible for the prudential supervision of Luxembourg banks is the CSSF, although the Luxembourg Central Bank (BCL) remains vested with certain competences, primarily in the field of liquidity supervision.

The CSSF was created by a law of 23 December 199835 as a public body with a legal personality and financial autonomy, taking over certain functions from its predecessors, the Luxembourg Monetary Institute (IML) and the Stock Exchange Commission (CAB).36 The CSSF is entrusted with the mission of promoting transparency, simplicity and fairness in the markets of financial products and services within the limits of its legal powers. The CSSF is empowered to regulate, authorise and inform professionals of the financial sector subject to its supervision as well as to carry out on-site inspections and impose administrative sanctions.

The CSSF is governed by an executive board consisting of four directors in charge of running it on a day-to-day basis and a Director General. The members of the executive board are appointed by the Grand Duke for a renewable term of five years on a proposal from the government.

Following the implementation of the BRRD, the CSSF is designated by the BRRD Law as the Luxembourg resolution authority and as the national resolution authority in the sense of Regulation (EU) No. 806/2014.37 To avoid any conflict of interest between the supervisory and resolution functions, the newly created Resolution Board, assisted by a distinct resolution department that is allocated with its own budget and headed by a special director, is vested with the tasks and powers of a resolution authority.

Following the examples of France and Germany, the Systemic Risk Board was created in 2015 and entrusted with coordinating the policies implemented by different national competent authorities in the interest of the stability of the Luxembourg financial system with the objective of decreasing the build up of systemic risk. The Systemic Risk Board is composed of four members: the minister in charge of the financial centre, the Director General of the CSSF, the Director General of the BCL and the Director of the CAA (the regulator of the insurance sector).


i Relationship with the prudential regulator

The CSSF’s supervisory and regulatory activities are principally based on banks’ reporting, although on-site inspections by the CSSF have increased steadily over the past few years.

The supervisory reporting requirements by credit institutions are regulated by the CRR, which sets out prudential requirements, whereas the Commission Implementing Regulation (EU) No. 680/2014, as amended, sets out uniform reporting frameworks, and specifies uniform formats, frequencies, dates of reporting, definitions and IT solutions.

The reporting requirements covered by the CRR include financial information,38 own funds requirements (solvency), large exposures, leverage, liquidity, losses stemming from lending collateralised by immoveable property and asset encumbrance.

The reporting of financial information on an individual basis,39 information on participating interests and subordinated loans,40 lists of head offices, agencies, branches and representative offices, analyses of shareholdings,41 and reporting on persons responsible for certain functions and activities,42 continue to be governed by national provisions.

Within the scope of monitoring compliance with large exposure limits, the CSSF intervened 11 times in writing in 2015 (the same amount as in 2014), notably to inform that the maximum level of large exposures had been exceeded.43

Under Article 40 of the LFS, banks are obliged to cooperate and provide the fullest possible response to any lawful demand emanating from the CSSF as a competent authority in the exercise of its powers. In addition, banks are required to inform the CSSF of any changes relative to the conditions based on which their licence was granted, including any changes to the management body, shareholders or business plan.

ii Management of banks
Management structure and functioning

The members of the management body must at all times justify their sufficient professional standing, and, following the implementation of CRD IV, possess sufficient knowledge, skills and experience to perform their duties.44 The good professional standing requirement (i.e., the ‘fitness and propriety’ test) consists of clean criminal records and any evidence demonstrating good repute.

At least two persons must be responsible for the management of a credit institution (the ‘four eyes’ principle) and be effectively empowered to determine the direction taken by the business, and must possess adequate professional experience.45 Such persons are in charge of the day-to-day management of the bank, and are referred to by Circular 12/552 as ‘authorised management’. Typically, in addition to the board of directors, bigger structures have ‘executive committees’ or ‘management committees’. However, where such a committee is larger than the authorised management, the authorised management must be part of it and have a veto right.46 The authorised management must permanently be on-site unless an exemption is granted by the CSSF.

The CRD IV Law47 introduced certain prescriptions regarding the management body as a whole: it must possess adequate collective knowledge, skills and experience to be able to understand the activities and main risks of the institution, and its overall composition must reflect an adequately broad range of experience.

Each member of the management body shall act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of the authorised management, where necessary, and to effectively oversee and monitor management decision-making. All of its members are required to commit sufficient time to performing their functions.48 The CRD IV Law also introduced the CEO and chair separation rule, prohibiting the chair of the management body from simultaneously exercising the CEO function unless justified by the institution and authorised by the CSSF.49

The CRD IV Law also introduced certain restrictions as to the number of directorships in CRR institutions that are considered significant.50 Unless they represent the state, members of the management body of a bank significant in terms of size, internal organisation, and the nature, scope and complexity of their activities, may hold a maximum of either one executive directorship with two non-executive directorships or four non-executive directorships.

Executive or non-executive directorships held within the same group are considered a single directorship as well as executive or non-executive directorships held within undertakings in which banks hold a qualifying holding, including non-financial entities.51 The same applies to executive or non-executive directorships held with CRR institutions that are members of the same institutional protection scheme, provided that the conditions set out in Article 113(7) CRR are fulfilled.52

The CSSF may, however, authorise the members of the management body to hold one additional non-executive directorship, and must inform the EBA where it grants such an authorisation.53

Other governance requirements

Pursuant to Article 5 of the LFS, the granting of authorisation is subject to the central administration of banks being located in Luxembourg: banks shall have a robust central administration in Luxembourg consisting of a ‘decision-making centre’ and an ‘administrative centre’.

Article 5(1-bis) of the LFS adds that credit institutions are required to have robust internal governance arrangements, including:

  • a a clear organisational structure reflecting well-defined, transparent lines of responsibility;
  • b effective risk-management processes and adequate internal controls, including sound administrative and accounting procedures;
  • c remuneration policies and practices allowing and promoting a sound and effective risk management; and
  • d control and security arrangements for IT systems.

Remuneration and nomination committees are mandatory for significant entities.

The governance requirements for banks and investment firms are set out in detail in CSSF Circular 12/552, abrogating several circulars previously issued by the CSSF and consolidating the internal governance rules.

Restrictions on bonus payments

Rules governing remuneration policies within credit institutions and certain types of investment firm were initially introduced by EU Directive 2010/76/EU (CRD III).54 Remuneration principles established by CRD III were implemented into Luxembourg law through CSSF Circular 10/496 for credit institutions and CSSF Circular 10/497 for investment firms. In addition to the existing rules, the new rules issued from the transposition of CRD IV now introduce a clear distinction between fixed and variable remuneration and establish a ratio of the fixed and variable components of remuneration by fixing the bonus cap at 100 per cent of fixed remuneration. However, pursuant to the discretion made available under CRD IV, shareholders are allowed to increase the variable part of remuneration to a maximum of 200 per cent of fixed remuneration following a special procedure set out under Article 38-6 of the LFS. Special notification requirements to the CSSF apply in the case of such an increase, as set out under CSSF Circular 15/622.

iii Regulatory capital and liquidity
Own funds requirements

The detailed rules governing capital adequacy are prescribed by the CRR, which entered into force on 1 January 2014 and is directly applicable in Luxembourg. The discretions left to Member States regarding regulatory capital requirements under the CRR are addressed in CSSF Regulation 14-01 on the implementing of certain discretions of Regulation (EU) No. 575/2013.

Luxembourg banks are required to observe a total capital ratio of at least 8 per cent of their risk-weighted assets. The Tier 1 capital, consisting of common equity Tier 1 (CET1) capital and additional Tier 1 capital, must amount to at least 6 per cent of risk-weighted assets, while the CET1 capital ratio must amount to at least 4.5 per cent.55 The inclusion of additional Tier 1 or Tier 2 instruments, whether they are capital instruments or subordinated loans in the case of the latter, into own funds, shall require prior approval of the CSSF.56 CET1 consists of common stock and retained earnings (i.e., capital instruments,57 share premiums, retained earnings, accumulated other comprehensive income, other reserves and funds for general banking risk).58

As regards the total capital ratio as at 31 December 2015, no bank was within the weaker capitalisation bands (i.e., below 10.5 per cent but still above the regulatory minimum of eight per cent in accordance with Article 92 of the CRR).59 In total, CET1 capital represented 96 per cent of Luxembourg banks’ own funds, while additional Tier 1 capital items (0.3 per cent) and Tier 2 capital items (3.6 per cent) only played a minor role.60

In addition to the CRR own funds (capital) regime, CRD IV introduced the combined capital buffer requirements consisting of:

  • a the capital conservation buffer;
  • b the institution-specific countercyclical buffer;
  • c the global systemically important institutions buffer;
  • d the other systemically important institutions buffer; and
  • e the systemic risk buffer.

Various effective dates and specific requirements apply regarding these buffers. Bonus and dividend payments restrictions apply where, as a result of distributions, CET1 would fall so that the combined buffer requirement would no longer be met.61

In addition to the other own fund requirements, Luxembourg banks must hold a capital conservation buffer made up entirely of CET1 equal to 2.5 per cent of the total amount of their risk exposure.62

The minimum regulatory capital requirements may be supplemented by specific own funds requirements with respect to a particular CRR institution should the results of the supervisory review (Pillar II) show that the minimum requirements do not fully cover the risks incurred.63

As of 1 January 2016, each Luxembourg bank has to maintain an institution-specific countercyclical buffer (CCyB)64 equivalent to its total risk exposure amount, calculated in accordance with Article 92, Paragraph 3 CRR and multiplied by the institution-specific CCyB rate. The calculation of an institution-specific CCyB rate consists of the weighted average of the CCyB rates that apply in the jurisdiction where the relevant credit exposures are located, where the weights to be applied are the own fund requirements for the credit risk of the banks’ various local portfolios.65 The CCyB rates set by other Member States’ relevant authorities are automatically applicable in Luxembourg to a maximum of 2.5 per cent; and in excess of that percentage, only where the CSSF recognises such rates (although the CSSF is held, in principle, to recognise such excess rates). On the other hand, the CCyB rate applicable to the relevant exposures located in Luxembourg is set at zero per cent as from 1 January 2016.66 The CSSF has issued Circular 15/625 in view of providing guidance to calculating institution-specific CCyBs.

The global systemically important institutions (G-SIIs) capital buffer may range from 1 to 3.5 per cent, and is due to be phased in progressively until 2019, the CSSF being entrusted with identifying the G-SIIs authorised in Luxembourg on advice provided by the BCL and upon consultation with the systemic risk board (SRB). None of the banks authorised in Luxembourg currently qualifies as a G-SSI.67

In addition, as of 1 January 2016, the other systemically important institutions (O-SIIs) capital buffer of up to 2 per cent of the total risk exposure may be imposed on the O-SIIs authorised in Luxembourg. The CSSF is in charge of identifying, on an individual, sub-consolidated or consolidated basis, the OSIIs authorised in Luxembourg pursuant to EBA methodology.68 CSSF Regulation No. 15-06 identifies six of Luxembourg’s largest banks as O-SIIs. Two of the largest banks are charged with 0.25 per cent O-SII capital buffers, and the remaining four banks with 0.125 per cent OSII capital buffers. These ratios shall be quadrupled from 1 January 2019, and amount respectively to 1 and 0.5 per cent.

The CSSF may put in place a systemic risk buffer, following an opinion of the SRB and upon consulting the BCL.69 The SRB shall adopt such an opinion only where it identifies one or several long-term, non-cyclical systemic or macroprudential risks (not covered by the CRR) having the potential of disrupting the financial system and affecting the real economy in Luxembourg, and considering that the systemic risk buffer is the only effective means to mitigate such risks.

Deductions from own funds are addressed in detail by the CRR. The principal deductions (accounting for more than 72 per cent of deductions to be made under CET1) as of the end of 2015 included those for intangible assets and holdings in entities of the financial sector, as well as the neutralisation of unrealised gains recognised as revaluation reserve.70


The general liquidity requirements are set out under Articles 412 and 413 CRR and the Commission Delegated Regulation (EU) 2015/61 implementing the corresponding Basel III liquidity framework.

The applicable liquidity regime consists of two elements: the liquidity coverage requirement (LCR), designed to enable the banks to sustain severe liquidity strains lasting up to 30 days; and the net stable funding requirement (NSFR), introduced by Article 510 CRR in view of ensuring that the banks may overcome mismatches in maturities by having stable funding at their disposal on a horizon of one year.

To allow banks sufficient time to fully comply with its detailed prescription, the LCR shall be phased in accordance with the timetable laid down in Article 460(2) CRR. As of 1 January 2016, the LCR is set to 70 per cent,71 and is due to rise gradually (90 per cent as of 1 January 2018) to finally attain 100 per cent as of January 2018.72

The NSFR is planned to be fully implemented as of 2018 and, as a consequence, there is currently no minimum ratio that is applicable, although the banks are nevertheless obliged to report their NSFR as of 2015.

The CRD IV Law also introduced a paradigm shift in the liquidity supervision arrangements of the branches of the banks from other Member States, with the CSSF no longer being in charge of supervising the liquidity of these branches. On 1 October 2015, the supervision of the liquidity of these branches passed onto the home country authorities, in cooperation with the CSSF.

Consolidated supervision

The supervisory mission of the CSSF extends both to the stand-alone and the consolidated supervision.73

The scope, content and means of consolidated supervision are specified in the CRR,74 and, after the implementation of CRD IV, in the LFS.75 The practical arrangements governing supervision on a consolidated basis are laid down in CSSF Circular IML 96/125. The rules governing consolidated supervision are relatively complex, but the main standards and requirements include, inter alia, consolidated own funds, observance of the consolidated insolvency ratios, large exposures control requirements on a consolidated basis and consolidated liquidity.

The CSSF pays particular attention to the ‘group head’ function in a Luxembourg institution under its consolidated supervision. The CSSF also takes an interest in the way the Luxembourg parent company communicates its policies and strategies to its subsidiaries.76 The principal means available to the CSSF for the exercise of the consolidated supervision include periodic reports reflecting the financial situation and the consolidated risks of a group, internal capital adequacy assessment process reports on consolidated capital adequacy in relation to the risks taken by the group or sub-group, and external auditors’ long form consolidated reports.77

iv Recovery and resolution

The BRRD was implemented in Luxembourg on 18 December 2015 by the BRRD Law.78

To improve the consistency and the legibility of legal texts concerning the financial sector, the provisions relating to the going concern of banks and investment firms (including recovery planning and early intervention measures) are now entirely incorporated in the LFS, whereas all the rules governing the gone concern are codified into the BRRD Law.

Banks are required to draw up, maintain and submit to the CSSF updated individual recovery plans (group recovery plans for parent companies supervised by the CSSF on a consolidated basis) providing for the measures to be taken in the event of a significant deterioration of their financial situation.79

An institution or group shall be deemed resolvable if it or the group entities can be credibly wound up or resolved by applying the different resolution tools and powers available to the Resolution Board avoiding any significant effect on the financial system.80 The Resolution Board has broad powers to remove any impediments to resolvability, including, inter alia, requiring the institution to cease or limit certain activities, limit exposures or divest certain assets.81

Early intervention measures may be applied where the institution has infringed, or may infringe in the near future, the requirements set out under the CRR, under the LFS or under their implementing measures.82 The CSSF may, inter alia, request the removal of the authorised management and of the managing body under certain conditions, and appoint one or more temporary administrators.83

Resolution measures shall be taken by the Resolution Board only where it determines that the bank has failed or is likely to fail. The principal resolution tools reflect those set out under the BRRD and include a sale of business, a bridge institution, asset separation (which may be applied only with another tool) and bail-in. The Resolution Board has a set of general powers as well as a number of ancillary powers to allow for the transfer of a bank’s assets and liabilities under the resolution tools. As per the BRRD, the bail-in tool includes the power to write down or convert to equity the bank’s liabilities. The liabilities excluded from the scope of bail-in are the same as those set out under the BRRD and include, most notably:

  • a covered deposits;
  • b secured liabilities, including covered bonds;
  • c liabilities in the form of financial instruments used for hedging purposes under certain conditions; and
  • d employees’ salaries, except for variable remuneration.

Within the scope of implementation of the BRRD, the Luxembourg Resolution Fund (LRF) was created in line with the requirement to establish resolution financing arrangements empowered to raise mandatory ex ante contributions from domestic banks (including branches of non-EU banks) in view of ensuring the effectiveness of resolution tools and powers. The CSSF has published Circular 15/628 specifying the modalities of collecting ex ante contributions for the LRF.


Various conduct of business rules apply to Luxembourg banks. As regards regulatory liability, pursuant to Article 63 of the LFS, the CSSF may take administrative sanctions against banks subject to its supervision, inter alia, for:

  • a failure to comply with applicable laws, regulations, statutory provisions or instructions;
  • b provision of incomplete, incorrect or false information;
  • c breaches of rules on publication of balance sheets and accounts; and
  • d failure to respond to injunctions by the CSSF.

Following the implementation of CRD IV, certain CRR-specific breaches have been introduced. The CSSF may impose warnings, reprimands or fines ranging between €250 and €250,000, in addition to temporary or permanent bans on the exercise of certain activities of operations, or on the exercise of the profession. In the case of CRR institutions, the CSSF can, inter alia, impose administrative fines of up to 10 per cent of the total net annual turnover or up to twice the amount of the profits gained or losses avoided because of the breach.

i MiFID rules of conduct

The provision of investment services and activities is subject to MiFID conduct of business requirements set out under the LFS and the MiFID Grand-Ducal Regulation, and specified under CSSF Circular 07/307.

Violation of the MiFID conduct of business rules may entail administrative sanctions pursuant to Article 63 of the LFS. Luxembourg courts have traditionally refused to grant damages on the sole basis of a violation of the MiFID conduct of business rules, unless such a violation is coupled with a fault on the part of the bank as well as with a causal link to the damage suffered by the client. In 2015, the case law of the Luxembourg courts seems to have evolved towards admitting that the mere violation of the MiFID rules of conduct may be invoked as a basis for claims for damages. However, it remains to be seen whether such precedent will be confirmed in future decisions.

ii Anti-money laundering and counter-terrorism financing requirements

Banks, as well as other professionals of the financial sector, are bound by the professional obligations laid down by the Luxembourg anti-money laundering law, as amended (AML Law).84 In particular, banks are held to apply customer due diligence measures, observe adequate internal organisation requirements and procedures, as well as to cooperate with the competent authorities, including to report suspicious transactions. The violation of the relevant professional obligations and requirements set out under the AML Law may lead to criminal as well as regulatory liability.

iii Payment services

When providing payments services, banks are required to respect the rules of conduct laid down under Titles III and IV of the Law of 10 November 2009 on payment services, as amended.85 These concern, inter alia, the transparency of the information that needs to be provided to clients, including any charges, exchange rates, transaction references and maximum execution time.

iv Banking secrecy

Banks remain subject to strict professional secrecy rules set out under Article 41(1) of the LFS, covering all information entrusted to the bank in the course of its professional activities. Banks remain subject to banking secrecy even after the termination of the bank–client relationship. Disclosure of such information is punishable by penalties laid down in Article 458 of the Criminal Code (imprisonment for up to six months or a fine ranging from €500 to €5,000, or both). A violation of banking secrecy may also lead to civil liability giving rise to claims for damages. In addition, administrative sanctions may be taken by the CSSF for a breach of banking secrecy under Article 63 of the LFS.

Article 41 of the LFS, as well as some other legislative provisions, provide for certain exemptions from banking secrecy requirements. These include, inter alia:

  • a information provided to national prudential supervisory authorities acting in the exercise of their legal powers for the purposes of such supervision, provided that information thus communicated is covered by the rules of professional secrecy governing such authorities;
  • b information provided to reference shareholders of banks, under certain conditions, provided that this is necessary for the proper and prudent management of the institution;
  • c certain outsourcing arrangements;
  • d information provided between entities forming a financial conglomerate, subject to certain conditions; and
  • e the granting of access to a financial group’s internal control bodies and information concerning specific business relations, to the extent that this is needed for the global management of legal and reputational risks in connection with money laundering or the financing of terrorism within the meaning of Luxembourg laws.

In addition, as part of their anti-money laundering obligations, banks must disclose certain information to the competent authorities concerning transfers of funds and the corresponding recorded information, irrespective of any rule of professional secrecy.

The banking secrecy requirements are also subject to exemption pursuant to some European and international arrangements governing the automatic exchange of information in tax matters.


The principal source of Luxembourg banks’ financing comes from client deposits. As of November 2016, the amount of deposits reached 45.8 per cent of the total liabilities of Luxembourg banks. Interbank loans are the second-most important source, representing 34.4 per cent of banks’ liabilities. The share of securities issuance in the banks’ funding amounted to 7.9 per cent as of November 2016.86


i Control regime

Qualifying holdings in banks must be approved by the CSSF. A ‘qualifying holding’ is defined as any direct or indirect holding that represents 10 per cent or more of the capital or of the voting rights. The requirements issued in Directive 2007/44/EC87 are applicable to banks, and have been implemented into Article 6 of the LFS.

The granting of banking licences is subject to communicating to the CSSF the identity of the persons that have qualifying holdings and the amount of such holdings. As an exception to the rules that only qualifying holdings shall be approved, following the transposition of CRD IV, the LFS provides that in the absence of qualifying holdings, the identity of the 20 largest shareholders shall be communicated to the CSSF.88

Authorisation shall be refused where the suitability of shareholders is unsatisfactory, taking into account the need of sound and prudent management of the bank.89 The CSSF assesses the reputation of the proposed shareholder or shareholders and their financial soundness, particularly in relation to the type of business pursued and envisaged. The professional repute of shareholders shall be assessed on the basis of the absence of a criminal record and on any evidence showing that such persons are of good repute and offering every guarantee of their irreproachable conduct.90 In addition, the CSSF evaluates whether the credit institution will be able to comply with the prudential requirements based on the CRD IV package, and, where applicable, other provisions of European law, in particular Directive 2002/87/EC91 and Directive 2009/110/EC.92

Moreover, the structure of the bank’s direct and indirect ownership must be transparent so that the competent prudential supervisory authorities are clearly identifiable, and to allow them to exercise supervision (also on a consolidated basis) without hindrance.93

Furthermore, where a person decides to increase its qualifying holding, whether directly or indirectly, as a result of which the proportion of voting rights or capital held would reach or exceed 20, 33.3 or 50 per cent, or so that the bank would become its subsidiary, it shall first notify the CSSF of such a decision. The CSSF shall assess such notification to ensure the sound and prudent management of the bank based on the criteria described above.

Shareholders disposing directly or indirectly of qualifying holdings, or having decided to reduce their qualifying holdings, shall also notify the CSSF prior to such a disposal if the proportion of voting rights or capital they hold would fall below the above thresholds or if the credit institution would cease to be its subsidiary.

ii Transfers of banking business

Aside from the market stress scenarios in which particular resolution powers may be taken (e.g., the transfer of a banking business tool), the transfer of the whole of a banking business comprising client deposits may only be validly performed without client consent by way of a merger, demerger or transfer of a branch of activity in accordance with the applicable Luxembourg company law provisions. For instance, Crédit Agricole Indosuez was successfully demerged into two different banking entities in 2003. More recently, Kaupthing Bank Luxembourg was successfully demerged into two entities without client consent. On the other hand, loans and loans portfolios may be transferred without client consent pursuant to the rules governing the assignment of claims under Articles 1689 to 1695 of the Luxembourg Civil Code.


i Banking

The Mortgage Credit Directive94 was implemented by the Law of 23 December 2016 (Mortgage Credit Law). The new regime applies to credit agreements with consumers secured either by a mortgage or by a comparable security interest granted commonly over residential immoveable property or credit agreements secured by a right related to residential immoveable property and credit agreements the purpose of which is to acquire or retain property rights in land or in an existing or projected building. Prior to the implementation of the Mortgage Credit Directive, the Luxembourg Consumer Code provided for a carve-out of the credit agreements with consumers secured by a mortgage. The principal novelties for Luxembourg banks are reflected in the new valuation methods and the early repayment regime, since such requirements were not imposed by the Luxembourg legislator prior to the implementation of the Mortgage Credit Directive. The Mortgage Credit Law has a retroactive effect, as it applies to mortgage credit agreements entered into after 21 March 2016.

Within the framework of the 2017 tax reform, the scope of money laundering predicate offences was extended to aggravated tax fraud and tax swindling in accordance with the Financial Action Task Force recommendations and AML IV requirements. In February 2017, the CSSF issued Circular 17/650 in cooperation with the Financial Intelligence Unit of the Luxembourg Public Prosecutor, specifying further the new provisions relating to primary tax offences and providing indicators as to when the obligation of financial professionals to report suspicious transactions shall be triggered.

On 18 January 2017, the European Account Preservation Order95 became fully applicable, making it possible for creditors in Luxembourg to obtain a preservation order for the bank accounts of a debtor situated in another EU Member State (except Denmark and the United Kingdom) and vice versa. European account preservation orders will result in greater transparency with regard to a debtor’s assets (those held in a bank account) by allowing a creditor that possesses insufficient information about its debtor’s assets to petition the court to order the CSSF – the competent authority in Luxembourg under draft bill No. 7083/1 – to produce information to this end.

ii Investment regulations

The Law of 10 May 2016 transposed the UCITS V reforming the depositary regime, introducing remuneration rules and harmonising administrative sanctions at EU level (the UCITS V Law). The CSSF has issued its Circular 16/644 clarifying the regime of depositories under the UCITS V Law.

iii Capital markets

The Market Abuse Directive96 was implemented by the Law of 23 December 2016 on market abuse, repealing the existing market abuse legislation and extending the scope of market abuse prohibition to reflect the prescription of the Market Abuse Regulation97 by specifying the powers of the CSSF, the procedure for cooperation with foreign competent authorities and supervisory authorities, as well as the administrative and criminal sanctions applicable in the context of market abuse.


The Luxembourg banking sector’s primary focus in the year ahead shall be on the implementation of AML IV, GDPR and, in particular, in light of the importance of its private banking business, on MiFID II and PRIIPs. Banks will continue to adapt to more stringent capital requirements stemming from CRD IV and the CRR, or margining requirements pursuant to the entry into effect of the clearing obligation under EMIR. Other measures, such as the Payment Services Directive II98 (which is due to not only further regulate payment services but also to open up the market to new competitors) and the progressive phase-in of various requirements under the Securities Financing Regulation,99 remain to be implemented. The regulatory pressure is, however, expected to ease beyond 2018, with the post-financial crisis regulatory agenda approaching completion.

In particular, with regard to private banking, the banking industry shall continue to closely follow developments in the field of tax transparency both on the EU and international levels, such as various automatic exchange of information initiatives. Despite these trends, the total amount of assets under management, as well as the amount of non-banking clients’ deposits, has increased for the third consecutive year. The increase of high net worth clients and the erosion of the traditional small to medium-sized portfolio client base is expected to continue, as well as the increase of assets from clients located in Asia and South America. The developments in the field of collective asset management pursuant to AIFMD, UCITS V and other related initiatives shall continue to be closely watched, and are expected to generally continue to benefit the banking industry thanks to the ever-increasing distribution opportunities offered by the European passport and the back-office and custody business they generate. Some European initiatives, such as those in the field of simplified securitisation, are also expected to have a positive impact both on the Luxembourg financial centre and on Luxembourg banks.

1 Josée Weydert is the managing partner, Jad Nader is a counsel and Milos Vulevic is an associate at NautaDutilh Avocats Luxembourg S.à r.l.

2 The Official Portal of the Grand Duchy of Luxembourg.

3 CSSF Newsletter No. 193, February 2017 (www.cssf.lu/fileadmin/files/Publications/Newsletter/Newsletter_2017/newsletter193.pdf.)

4 The year-end saw an increase in the total number of employees of Luxembourg banks. As at 31 December
2016, credit institutions employed 26,132 people in Luxembourg. Employment in credit institutions increased by 165 units compared to September 2015. Luxembourg Central Bank.

5 In terms of assets, the rating is as follows: Deutsche Bank Luxembourg (€80.023 billion), CACEIS Bank Luxembourg (€46.082 billion), Banque et Caisse d’Epargne de l’Etat, Luxembourg (€42.797 billion); Société Générale Bank & Trust (€36.399 billion); and BGL BNP Paribas (€32.969 billion). Luxembourg Banking Insights 2016, Financial Services, KPMG, p. 16.

6 ALFI, data as at 30 November 2016, www.alfi.lu/statistics-figures/luxembourg.

7 The statistics portal of the Grand Duchy of Luxembourg. GDP annual growth rate averaged at 3.7
per cent from 1996 until 2016. (Trading Economics: www.tradingeconomics.com/luxembourg/gdp-growth-annual.)

8 Luxfin 2020, Edition November 2015, p. 35.

9 The official portal of the Grand Duchy of Luxembourg.

10 As of March 2017, four other EU countries had a triple A rating. (Trading Economics, www.tradingeconomics.com/country-list/rating.)

11 ‘European stocks log first yearly loss since 2011’, MarketWatch, 30 December 2016, (www.marketwatch.com/story/european-stock-set-for-first-yearly-slide-since-2011-2016-12-30.)

13 EY, ABBL, Survey on the cost of regulation and its impact on the Luxembourg financial marketplace, Luxembourg 2016, p. 4.

14 The legal acts mentioned are explained further in the later sections of this chapter. According to a survey conducted by EY and the Luxembourg Banking Association published in 2017, the most costly regulatory measures for banks remain CRD IV, the Foreign Account Taw Compliance Act and EMIR, with MiFID II well on course to becoming the most expensive regulation for those financial institutions required to implement it. (Ibid., p. 4).

15 Ibid.

16 Regulation (EU) No. 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions.

17 Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC.

18 Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No. 1093/2010 and (EU) No. 648/2012, of the European Parliament and of the Council.

19 Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes.

20 Regulation (EU) No. 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs).

21 Directive 2014/91/EU of the European Parliament and of the Council of 23 July 2014 amending Directive 2009/65/EC on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) as regards depositary functions, remuneration policies and sanctions.

22 Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No. 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.

23 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

24 Luxembourg and China tighten cooperation, Luxembourg for finance, 28 October 2016.

25 Northern Trust Corporation press release, 20 February 2017.

26 Law of 5 April 1993 on the financial sector, as amended.

27 CSSF Annual Report 2015, p. 90.

28 Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament and of the Council and repealing Council Directive 93/22/EEC (MiFID).

29 Regulation (EU) 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU)
No. 648/2012 (CRR).

30 CRR, Article 4.1(1).

31 The states that are contracting parties to the European Economic Area Agreement (EEAA), other than EU Member States, are considered as equivalent to EU Member States within the limits provided for under the EEAA.

32 LFS, Article 32(5).

33 See CSSF Circular 11/515, p. 5.

34 LFS, Article 32(1).

35 Law of 23 December 1998 establishing a financial sector supervisory commission, as amended.

36 The Luxembourg Monetary Institute became the Luxembourg Central Bank on 1 June 1998.

37 Regulation (EU) No. 806/2014 of the European Parliament and of the Council of 15 July 2014
establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No. 1093/2010.

38 Limited to the credit institutions subject to Article 99 CRR.

39 CSSF Circulars 07/316, 07/331 and 09/410.

40 CSSF Circulars 07/316 and 07/331.

41 CSSF Circular 12/553, as amended.

42 CSSF Circular 14/585.

43 CSSF Annual Report 2015, p. 106.

44 LFS, Article 7(1); prior to the implementing of CRD IV, managers were only required to satisfy the condition of professional standing, or good repute.

45 LFS, Article 7(2).

46 CSSF Circular 12/552, p. 18.

47 Law of 23 July 2015, implementing, inter alia, Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 into Luxembourg law.

48 LFS, Article 38-2(1).

49 LFS, Article 38-1(e).

50 A bank shall be determined as significant by taking into account the following elements:

a the bank is identified as a systemically important institution (SII);

b by size, its assets are greater than €30 billion, or the ratio of its total assets to the Luxembourg GDP is greater than 20 per cent, unless the total value of its assets is less than €5 billion;

c it represents the highest level of consolidation within the group of supervised institutions in the eurozone and is included as such in the list of significant supervised entities drawn up by the ECB in accordance with Article 49(1) of Regulation (EU) No. 468/2014 of the ECB;

d it is the ultimate parent company of the group of supervised institutions to which, as the case may be, it belongs;

e it is the parent company of a significant number of subsidiaries established in other countries; and

f its shares are admitted to trading on a regulated market.

A CRR bank that does not meet at least two of the conditions listed above is not considered significant. The criteria are indicative and are meant only to guide the CSSF in its assessment.

51 LFS, Article 38-2(5).

52 Ibid.

53 LFS, Article 38-2(4).

54 Directive 2010/76/EU of the European Parliament and of the Council of 24 November 2010 amending Directives 2006/48/EC and 2006/49/EC as regards capital requirements for the trading book and for resecuritisations, and the supervisory review of remuneration policies.

55 CSSF Regulation No. 14-01, Article 5 and CRR, Article 92.

56 CSSF Regulation No. 14-01, Articles 2 and 3.

57 In the absence a common European definition of common stock, ‘capital instruments’ must fulfil 13 conditions set out under Article 28, Paragraph 1 CRR to qualify as such.

58 CRR, Article 26.

59 CSSF Annual Report 2015.

60 Ibid, p. 94.

61 LFS, Article 59-13.

62 CSSF Regulation No. 14-01, Article 6.

63 CSSF Regulation No. 15-02 relating to the supervisory review and evaluation process that applies to CRR institutions, Article 28.

64 LFS, Article 59-6.

65 CSSF Regulation 15-01, Article 2.

66 CSSF Regulation No. 16-15 on the setting of a countercyclical buffer rate.

67 CSSF Regulation No. 15-06 concerning systemically important institutions authorised in Luxembourg.

68 See EBA guidelines on the criteria to determine the conditions of application of Article 131(3) of Directive 2013/36/EU (CRD) in relation to the assessment of other systemically important institutions (O-SIIs), EBA/GL/2014/10.

69 LFS, Article 59-10.

70 CSSF, Annual report, 2015, p. 95.

71 Commission Delegated Regulation (EU) 2015/61, Article 38.

72 Member States or competent authorities may, however, impose a 100 per cent LCR on the domestically authorised banks from the outset, pending the full implementation of LCR in 2018.

73 Idem.

74 CRR, Part I, Chapter 2, Section II.

75 LFS, Part III Chapter 3.

76 As of the end of December 2015, the CSSF supervised on a consolidated basis 20 banks incorporated in Luxembourg and three Luxembourg-incorporated financial holding companies. Out of these 21 banks, 13 are supervised by the ECB, as they form part of the banking groups considered as significant. The CSSF continues to supervise the remaining seven banks. See CSSF, Annual Report, 2015, p. 114.

77 Idem, pp. 106–7.

78 Law of 18 December 2015 on resolution, recovery and liquidation measures of credit institutions and some investment firms, on deposit guarantee schemes and indemnification of investors.

79 LFS, Article 59-18(1).

80 BRRD Law, Article 26 (transposing Article 15 of the BRRD).

81 BRRD Law, Article 29.

82 LFS, Article 59-43.

83 Article 29, Paragraph 2, of the BRRD provides in addition that the competent authority shall determine such powers based on ‘what is proportionate’ in the circumstances.

84 The Law of 12 November 2004 on combating money laundering and the financing of terrorism,
as amended.

85 Transposing Titles III and IV respectively of Directive 2007/64/EC.

86 BCL quarterly bulletin, 2016/3, p. 31.

87 Directive 2007/44/EC of the European Parliament and of the Council of 5 September 2007 amending Council Directive 92/49/EEC and Directives 2002/83/EC, 2004/39/EC, 2005/68/EC and 2006/48/EC as regards procedural rules and evaluation criteria for the prudential assessment of acquisitions and increase of holdings in the financial sector.

88 LFS, Article 6(1).

89 Article 6(9) of the LFS specifies the criteria according to which such sound and prudent management is assessed.

90 LFS, Article 7.

91 Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate and amending Council Directives 73/239/EEC, 79/267/EEC, 92/49/EEC, 92/96/EEC, 93/6/EEC and 93/22/EEC, and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council.

92 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC.

93 LFS, Article 6(2).

94 Directive 2014/17/EU of the European Parliament and of the Council on credit agreements for consumers relating to residential immovable property and amending Directives 2008/48/EC and 2013/36/EU and Regulation (EU) No. 1093/2010.

95 Regulation (EU) 655/2014 establishing a European Account Preservation Order procedure to facilitate cross-border debt recovery in civil and commercial matters.

96 Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal sanctions for market abuse (market abuse directive).

97 Regulation (EU) No. 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse.

98 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC.

99 Regulation (EU) No. 1286/2014 of 26 November 2014 on key information documents for packaged retail and insurance-based investment products.