i Market overview

The Luxembourg financial sector has performed solidly during the past 12 months despite the increasingly challenging environment of negative interest rates and the growing costs of compliance. Finance continued to be the key driver of Luxembourg’s economy, generating one-third of the country’s gross domestic product (GDP).2

As at September 2017, the overall profitability of Luxembourg banks narrowed, with estimated profits of €4.2 billion before provisions (down 5.4 per cent over a year), while their balance sheet total rose to €754 billion (up 1.6 per cent compared to September 2016).3 As at February 2018, there are 139 banks in Luxembourg, compared to 142 in February 2017.4 Luxembourg banks are mostly universal banks offering custodian services, private banking and, to a lesser extent, retail and commercial banking services. The five largest banks in terms of total assets are Deutsche Bank, Banque et Caisse d’Epargne de l’Etat, Société Générale Bank & Trust, BGL BNP Paribas and Banque Internationale à Luxembourg.5 Domiciliation and distribution of investment funds is a flagship industry of the financial sector, with Luxembourg being the second-largest fund centre in the world after the United States. As at the end of 2017, Luxembourg was home to 4,044 funds managing €4.1 trillion of net assets (an 11 per cent increase over 12 months).6

The financial sector contributed to the consolidated growth of Luxembourg’s economy, which expanded by 3.20 per cent in the third quarter of 2017 as compared with same quarter of 2016.7 Prospects remain optimistic looking forward, as the GDP annual growth rate in Luxembourg is estimated to stand at 3.2 in 12 months’ time and is projected to trend at around 2.7 per cent in 2020.8 This is confirmed by Luxembourg retaining its ‘triple A’ credit grade thanks to a stable outlook by all three major credit rating agencies.9

However, despite the eurozone seeing its best economic growth in a decade, the impact of certain macroeconomic challenges, such as the growing uncertainty about the European Central Bank (ECB) maintaining its monetary stimulus programme and the prospect of its commitment to its key interest rates remaining at current levels, cannot be ignored. Nevertheless, the cost of regulatory compliance, which is estimated to have grown by 20 per cent in the past four years (excluding the equity capital requirements entailed by certain regulations, such as the Capital Requirements Directive10 and the European Market Infrastructure Regulation (EMIR)),11 remains a major source of concern for Luxembourg banks as they continue to adapt to increasingly stringent regulatory requirements (EMIR, MiFID II,12 PRIIPs,13 the EU General Data Protection Regulation,14 etc.).15 According to the Luxembourg Bankers’ Association (ABBL), the cost of investments that Luxembourg credit institutions need to make in order to comply with various regulations amounts to as much as 35 per cent of their revenues and up to 51 per cent in case of smaller banks, whereas meeting the requirements imposed by the MiFID II package now involves as much as 13 per cent of the banks’ staff.16 However, after having reached record levels, the budget dedicated to regulatory compliance is expected to stabilise as of 2018, marking the end of the implementation of the post 2007–2008 regulatory agenda.17

ii Regulatory developments

In 2015, the single supervisory mechanism (SSM) became operational as eurozone significant banks – in the sense of the SSM Regulation18 – came under the direct supervisory purview of the ECB (58 Luxembourg banks representing 69 per cent of total assets of banks as at the end of 2016), whereas less significant banks continued to be directly supervised by the Luxembourg prudential supervisory authority (CSSF).

Following the implementation of certain major pieces of European post-financial crisis reform legislation in 2015, such as CRD IV, the Bank Recovery and Resolution Directive19 (BRRD) and the Deposit Guarantee Scheme Directive,20 the year 2017 again saw a rich legislative activity in Luxembourg, with both banks and authorities focusing on the implementation of several key initiatives ranking high on the EU financial regulatory agenda. This includes primarily, the MiFID II package, the various measures implementing the Fourth Anti-Money Laundering Directive (AMLD IV),21 the entry into effect of the PRIIPs Regulation, GDPR and the ongoing reform of the Luxembourg banking secrecy regime. Important challenges in terms of compliance and regulatory cost therefore still lie ahead, most notably with regard to MiFID II and its expected impact in the field of private banking. Further developments to the regulatory landscape are discussed below.

iii Deals

In September 2017, China Everbright Bank (CEB) obtained regulatory approval from the Luxembourg authorities, becoming the seventh Chinese credit institution to set up operations in Luxembourg. The two newly authorised Luxembourg entities, a fully owned banking subsidiary and a branch, are the bank’s very first European establishments and will focus, according to the bank’s executives, on corporate banking, loan granting, deposit taking, remittance, international settlement, trade finance and money markets.22 The total number of Chinese banks in Luxembourg is expected to rise to eight in the near future, with the opening of Shanghai Pudong Development Bank’s Luxembourg subsidiary, which is currently awaiting approval by Chinese and Luxembourg regulators.

After the announcement in February 2017 of a bid by Northern Trust to acquire UBS Asset Management’s fund administration servicing units in Luxembourg (and Switzerland), the closing of the deal was announced in October 2017.23 In November 2017, Sompo International, announced its plan to establish its new European insurance headquarters in Luxembourg. In total, 10 international insurance groups including AIG, FM Global, CNA Hardy, RSA, Hiscox, Liberty Mutual, Aioi Nissay Dowa Insurance (ADI), Tokio Marine and, most recently, Britannia, have so far announced plans to move their European headquarters to Luxembourg in response to the Brexit vote and the potential loss of EU passporting rights.

In February 2018, BGL BNP Paribas and ABN AMRO Bank NV announced that they have signed an agreement concerning the acquisition, by BGL BNP Paribas, of ABN AMRO Bank (Luxembourg) SA and its fully owned subsidiary ABN AMRO Life SA in a move to acquire the group’s Luxembourg wealth management and insurance arms. Pending regulatory approval, the transaction is expected to be finalised by the third quarter of 2018.


Save for the BRRD, the vast majority of legal and regulatory provisions concerning financial services are implemented into the Luxembourg law on the financial sector (LFS),24 which remains the principal source of banking regulation in Luxembourg. The LFS underwent a substantial overhaul in 2015 to accommodate the rules resulting from the implementation of CRD IV and the BRRD.

Luxembourg banking legislation traditionally provides for two types of banking licences: that of a universal bank – referred to indifferently as ‘bank’ or ‘credit institution’ by the LFS, 137 institutions held this status on 31 December 2016 – and a special licence for banks issuing covered bonds (four institutions held this status as at the end of 2016).25 Banks issuing covered bonds have a monopoly on covered bonds issuance, and are prohibited from collecting deposits from the public.

Banks or credit institutions may offer all commercial and investment banking services. A single banking licence granted under the LFS allows banks to perform all the services regulated under the LFS. This includes all the classical banking activities, such as deposit-taking and lending, MiFID services and activities as well as payment services.

i Securities activities

As MiFID II has not yet been implemented into Luxembourg law, the operating conditions of Luxembourg banks in the field of securities activities are subject to the Luxembourg implementation of MiFID I.26 MiFID I conduct of business and organisational requirements are implemented in Articles 37-1 to 37-9 of the LFS as well as under the Grand-Ducal Regulation of 13 July 2007 relating to organisational requirements and rules of conduct in the financial sector (Grand-Ducal MiFID Regulation). CSSF Circular 07/307, as amended, further specifies certain provisions of the LFS and of the Grand-Ducal MiFID Regulation, such as those governing the categorisation of clients, suitability and appropriateness requirements, conflicts of interest, inducements, best execution, client order handling, information to clients, reporting to clients and record-keeping. Despite MiFID II not yet being implemented into Luxembourg law, as from 3 January 2018, the relevant national rules implementing MiFID I have been superseded by the provisions of MiFIR27 which, as an EU regulation, is binding and directly applicable in Luxembourg. Furthermore, pending the adoption of the Bill of Law 7157 (MiFID II Bill of Law) and other national measures implementing MiFID II, the CSSF has highlighted that, in accordance with the fundamental principles of EU law, MiFID II provisions conferring new rights or rights more favourable than the applicable national rules and regulations shall apply from 3 January 2018 and the existing national implementation of MiFID I shall be interpreted accordingly.28 This is notably the case for provisions of MiFID II enhancing investor protection, such as the provisions imposing stricter organisational requirements, the new provisions on inducements and research.

CSSF Circular 06/273, as amended, governing the capital adequacy requirements applying to banks’ trading book activities, is currently under review by the CSSF in view of adapting it to the changes introduced by the CRD IV package, although most of it has been superseded by the CRR.29

ii Deposit-taking and lending

Deposit-taking and lending are regulated under the general prudential supervision framework set out in the LFS. Pursuant to the European framework governing access to the activities of banks, a credit institution is traditionally defined as an undertaking of which the business is to take deposits or other repayable funds from the public and to grant credits for its own account.30 Only entities authorised to conduct both activities may carry the name ‘bank’ and only banks are authorised to collect deposits or other repayable funds from the public.

iii Activities of overseas banks
Banks from EU Member States

Banks authorised in other EU Member States31 may open a subsidiary in Luxembourg under the same conditions as Luxembourg banks. In addition, these banks may provide services and conduct activities in Luxembourg by virtue of the ‘European passport’ (i.e., the freedom of establishment or a cross-border provision of services without further authorisation requirements pursuant to the Treaty on the Functioning of the European Union).

Luxembourg branches of banks authorised in other EU Member States are subject to supervision by their home Member State authorities pursuant to the principle of ‘home country control’, although the CSSF is responsible as a host authority for ensuring the compliance by these branches with certain requirements, such as the MiFID conduct of business rules, post-trade transparency requirements, anti-money laundering obligations and consumer protection. These branches are required to report periodically on their activities to the CSSF.

Banks from third countries

Banks authorised in non-European Economic Area (EEA) jurisdictions do not benefit from the European passport. However, a special authorisation regime is available under Article 32(5) of the LFS for banks authorised in a non-EEA jurisdiction that are not established in Luxembourg but that occasionally and temporarily come to Luxembourg to provide services pertaining to the LFS. Such banks shall hold an authorisation from the Minister responsible for the CSSF, provided that they are subject to equivalent authorisation and supervisory rules in their country of origin as those set out under the LFS.32 Currently, seven banks originating from non-EEA jurisdictions hold such authorisations. It is worth noting that the CSSF has specified in this regard that having customers domiciled in Luxembourg does not mean that banks shall automatically be considered as performing their activities on the Luxembourg territory.33 Non-EEA banks wishing to establish a branch in Luxembourg are subject to the same authorisation rules as those applying to credit institutions and other professionals governed by Luxembourg law.34

However, with the implementation of the third country firms provisions of MiFID II, the licensing regime governing the provision of investment services and activities by third country firms is to be carved out from the general regime laid down under the LSF as described above. While the provision of investment services to per se professional clients and eligible counterparties is governed by the harmonised regime prescribed by MiFIR (which includes registration with the European Securities and Markets Authority), the current draft of the MiFID II Bill of Law foresees the implementation of the option set out under MiFID II, pursuant to which third country firms wishing to provide services to retail and opted-up professional clients will not be able to do so other than through a branch authorised pursuant to the harmonised procedure set out in MiFID II. Although the exercise of this option has been criticised by certain stakeholders involved in the legislative process (such as the Luxembourg Chamber of Commerce), it is likely that third country provisions of the current draft of the MiFID II Bill of Law shall be passed in their current form.

The regime of provision by third country firms, of financial services other than investment services, such as lending or deposit-taking, shall remain subject to national rules set out under the LFS.

iv Basic structure, priorities, agenda and resources of the regulators

The authority responsible for the prudential supervision of Luxembourg banks is the CSSF, although the Luxembourg Central Bank (BCL) remains vested with certain competences, primarily in the field of liquidity supervision.

The CSSF was created by a law of 23 December 199835 as a public body with a legal personality and financial autonomy, taking over certain functions from its predecessors, the Luxembourg Monetary Institute (IML) and the Stock Exchange Commission (CAB).36 The CSSF is entrusted with the mission of promoting transparency, simplicity and fairness in the markets of financial products and services within the limits of its legal powers. The CSSF is empowered to regulate, authorise and inform professionals of the financial sector subject to its supervision as well as to carry out on-site inspections and impose administrative sanctions.

The CSSF is governed by an executive board consisting of four directors in charge of day-to-day running, and a director general. The members of the executive board are appointed by the Grand Duke for a renewable term of five years on a proposal from the government.

Following the implementation of the BRRD, the CSSF is designated by the BRRD Law as the Luxembourg resolution authority and as the national resolution authority in the sense of Regulation (EU) No. 806/2014.37 To avoid any conflict of interest between the supervisory and resolution functions, the newly created Resolution Board, assisted by a distinct resolution department that is allocated with its own budget and headed by a special director, is vested with the tasks and powers of a resolution authority.

Following the examples of France and Germany, the Systemic Risk Board was created in 2015 and entrusted with coordinating the policies implemented by different national competent authorities in the interest of the stability of the Luxembourg financial system with the objective of decreasing the build-up of systemic risk. The Systemic Risk Board is composed of four members: the minister in charge of the financial centre, the Director General of the CSSF, the Director General of the BCL and the Director of the CAA (the regulator of the insurance sector).


i Relationship with the prudential regulator

The CSSF’s supervisory and regulatory activities are principally based on banks’ reporting, although on-site inspections by the CSSF have increased steadily in the past few years.

The supervisory reporting requirements by credit institutions are regulated by the CRR, which sets out prudential requirements, whereas the Commission Implementing Regulation (EU) No. 680/2014, as amended, sets out uniform reporting frameworks, and specifies uniform formats, frequencies, dates of reporting, definitions and IT solutions.

The reporting requirements covered by the CRR include financial information,38 own funds requirements (solvency), large exposures, leverage, liquidity, losses stemming from lending collateralised by immoveable property and asset encumbrance.

The reporting of financial information on an individual basis,39 information on participating interests and subordinated loans,40 lists of head offices, agencies, branches and representative offices, analyses of shareholdings,41 and reporting on persons responsible for certain functions and activities,42 continue to be governed by national provisions.

Within the scope of monitoring compliance with large exposure limits, the CSSF did not intervene in 2016 as the applicable limits were not exceeded (CSSF intervened 11 times in writing in 2015, notably to inform that the maximum level of large exposures had been exceeded).43

Under Article 40 of the LFS, banks are obliged to cooperate and provide the fullest possible response to any lawful demand emanating from the CSSF as a competent authority in the exercise of its powers. In addition, banks are required to inform the CSSF of any changes relative to the conditions on which their licence was granted, including any changes to the management body, shareholders or business plan.

ii Management of banks
Management structure and functioning

The members of the management body must at all times justify their sufficient professional standing and, following the implementation of CRD IV, possess sufficient knowledge, skills and experience to perform their duties.44 The good professional standing requirement (i.e., the ‘fitness and propriety’ test) consists of a clean criminal record and any evidence demonstrating good repute.

At least two persons must be responsible for the management of a credit institution (the ‘four eyes’ principle) and be effectively empowered to determine the direction taken by the business, and must possess adequate professional experience.45 Such persons are in charge of the day-to-day management of the bank, and are referred to by Circular 12/552 as ‘authorised management’. Typically, in addition to the board of directors, bigger structures have executive committees or management committees. However, where a committee is larger than the authorised management, the authorised management must be part of it and have a veto right.46 The authorised management must permanently be on-site unless an exemption is granted by the CSSF.

The CRD IV Law47 introduced certain prescriptions regarding the management body as a whole: it must possess adequate collective knowledge, skills and experience to be able to understand the activities and main risks of the institution, and its overall composition must reflect an adequately broad range of experience.

Each member of the management body shall act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of the authorised management, where necessary, and to effectively oversee and monitor management decision-making. All members are required to commit sufficient time to performing their functions.48 The CRD IV Law also introduced the chief executive officer (CEO) and chair separation rule, prohibiting the chair of the management body from simultaneously exercising the CEO function unless justified by the institution and authorised by the CSSF.49

The CRD IV Law also introduced certain restrictions as to the number of directorships in CRR institutions that are considered significant.50 Unless they represent the state, members of the management body of a bank significant in terms of size, internal organisation, and the nature, scope and complexity of their activities, may hold a maximum of either one executive directorship with two non-executive directorships or four non-executive directorships.

Executive or non-executive directorships held within the same group are considered a single directorship as well as executive or non-executive directorships held within undertakings in which banks hold a qualifying holding, including non-financial entities.51 The same applies to executive or non-executive directorships held with CRR institutions that are members of the same institutional protection scheme, provided that the conditions set out in Article 113(7) CRR are fulfilled.52

The CSSF may, however, authorise the members of the management body to hold one additional non-executive directorship, and must inform the European Banking Authority (EBA) where it grants such an authorisation.53

Other governance requirements

Pursuant to Article 5 of the LFS, the granting of authorisation is subject to the central administration of banks being located in Luxembourg: banks shall have a robust central administration in Luxembourg consisting of a ‘decision-making centre’ and an ‘administrative centre’.

Article 5(1-bis) of the LFS adds that credit institutions are required to have robust internal governance arrangements, including:

  1. a clear organisational structure reflecting well-defined, transparent lines of responsibility;
  2. effective risk-management processes and adequate internal controls, including sound administrative and accounting procedures;
  3. remuneration policies and practices allowing and promoting a sound and effective risk management; and
  4. control and security arrangements for IT systems.

Remuneration and nomination committees are mandatory for significant entities.

The governance requirements for banks and investment firms are set out in detail in CSSF Circular 12/552, abrogating several circulars previously issued by the CSSF and consolidating the internal governance rules.

Restrictions on bonus payments

Rules governing remuneration policies within credit institutions and certain types of investment firm were initially introduced by EU Directive 2010/76/EU (CRD III).54 Remuneration principles established by CRD III were implemented into Luxembourg law through CSSF Circular 10/496 for credit institutions and CSSF Circular 10/497 for investment firms. In addition to the existing rules, the new rules issued from the transposition of CRD IV now introduce a clear distinction between fixed and variable remuneration and establish a ratio of the fixed and variable components of remuneration by fixing the bonus cap at 100 per cent of fixed remuneration. However, pursuant to the discretion made available under CRD IV, shareholders are allowed to increase the variable part of remuneration to a maximum of 200 per cent of fixed remuneration following a special procedure set out under Article 38-6 of the LFS. Special notification requirements to the CSSF apply in the case of such an increase, as set out under CSSF Circular 15/622.

iii Regulatory capital and liquidity
Own funds requirements

The detailed rules governing capital adequacy are prescribed by the CRR, which entered into force on 1 January 2014 and is directly applicable in Luxembourg. The discretions left to EU Member States regarding regulatory capital requirements under the CRR are addressed in CSSF Regulation 14-01 on the implementing of certain discretions of Regulation (EU) No. 575/2013.

Luxembourg banks are required to observe a total capital ratio of at least 8 per cent of their risk-weighted assets. The Tier 1 capital, consisting of Common Equity Tier 1 (CET1) capital and Additional Tier 1 capital, must amount to at least 6 per cent of risk-weighted assets, while the CET1 capital ratio must amount to at least 4.5 per cent.55 The inclusion of Additional Tier 1 or Tier 2 instruments, whether they are capital instruments or subordinated loans in the case of the latter, into own funds, shall require prior approval of the CSSF.56 CET1 consists of common stock and retained earnings (i.e., capital instruments,57 share premiums, retained earnings, accumulated other comprehensive income, other reserves and funds for general banking risk).58

As regards the total capital ratio as at 31 December 2016, no bank was within the weaker capitalisation bands (i.e., below 10.5 per cent but still above the regulatory minimum of 8 per cent in accordance with Article 92 of the CRR).59 In total, CET1 capital represented 96.8 per cent of Luxembourg banks’ own funds, while Additional Tier 1 capital items (0.3 per cent) and Tier 2 capital items (2.8 per cent) only played a minor role.60

In addition to the CRR own funds (capital) regime, CRD IV introduced the combined capital buffer requirements consisting of:

  1. the capital conservation buffer;
  2. the institution-specific countercyclical buffer;
  3. the global systemically important institutions buffer;
  4. the other systemically important institutions buffer; and
  5. the systemic risk buffer.

Various effective dates and specific requirements apply regarding these buffers. Bonus and dividend payments restrictions apply where, as a result of distributions, CET1 would fall so that the combined buffer requirement would no longer be met.61

In addition to the other own fund requirements, Luxembourg banks must hold a capital conservation buffer made up entirely of CET1 equal to 2.5 per cent of the total amount of their risk exposure.62

The minimum regulatory capital requirements may be supplemented by specific own funds requirements with respect to a particular CRR institution should the results of the supervisory review (Pillar 2) show that the minimum requirements do not fully cover the risks incurred.63

As of 1 January 2016, each Luxembourg bank has to maintain an institution-specific countercyclical buffer (CCyB)64 equivalent to its total risk exposure amount, calculated in accordance with Article 92, Paragraph 3 CRR and multiplied by the institution-specific CCyB rate. The calculation of an institution-specific CCyB rate consists of the weighted average of the CCyB rates that apply in the jurisdiction where the relevant credit exposures are located, where the weights to be applied are the own fund requirements for the credit risk of the banks’ various local portfolios.65 The CCyB rates set by other Member States’ relevant authorities are automatically applicable in Luxembourg to a maximum of 2.5 per cent; and in excess of that percentage, only where the CSSF recognises such rates (although the CSSF is held, in principle, to recognise such excess rates). On the other hand, the CCyB rate applicable to the relevant exposures located in Luxembourg is set at zero per cent as from 1 January 2018.66 The CSSF has issued Circular 15/625 to provide guidance to calculating institution-specific CCyBs.

The global systemically important institutions (G-SIIs) capital buffer may range from 1 per cent to 3.5 per cent, and is due to be phased in progressively until 2019, the CSSF being entrusted with identifying the G-SIIs authorised in Luxembourg on advice provided by the BCL and upon consultation with the systemic risk board (SRB). None of the banks authorised in Luxembourg currently qualifies as a G-SSI.67

In addition, as of 1 January 2016, the other systemically important institutions (O-SIIs) capital buffer of up to 2 per cent of the total risk exposure may be imposed on the O-SIIs authorised in Luxembourg. The CSSF is in charge of identifying, on an individual, sub-consolidated or consolidated basis, the OSIIs authorised in Luxembourg pursuant to EBA methodology.68 CSSF Regulation No. 17-04 identifies eight of Luxembourg’s largest banks as O-SIIs, seven of which are charged with 0.375 per cent O-SII capital buffers and the eighth with a 0.75 per cent O-SII capital buffer. These ratios shall be increased from 1 January 2019 to 0.5 per cent.

The CSSF may put in place a systemic risk buffer, following an opinion of the SRB and after consulting the BCL.69 The SRB shall adopt such an opinion only where it identifies one or several long-term, non-cyclical systemic or macroprudential risks (not covered by the CRR) having the potential of disrupting the financial system and affecting the real economy in Luxembourg, and considering that the systemic risk buffer is the only effective means to mitigate such risks.

Deductions from own funds are addressed in detail by the CRR. The principal deductions (accounting for more than 72 per cent of deductions to be made under CET1) as of the end of 2015 included those for intangible assets and holdings in entities of the financial sector, as well as the neutralisation of unrealised gains recognised as revaluation reserve.70


The general liquidity requirements are set out under Articles 412 and 413 CRR and the Commission Delegated Regulation (EU) 2015/61 implementing the corresponding Basel III liquidity framework.

The applicable liquidity regime consists of two elements: the liquidity coverage requirement (LCR), designed to enable the banks to sustain severe liquidity strains lasting up to 30 days; and the net stable funding requirement (NSFR), introduced by Article 510 CRR to ensure that banks may overcome mismatches in maturities by having stable funding at their disposal on a horizon of one year.

To allow banks sufficient time to fully comply with its detailed prescription, the LCR has been phased in, as per the timetable laid down in Article 460(2) CRR. As at 1 January 2018, the LCR has reached 100 per cent, pursuant to Article 38 of the Commission Delegated Regulation (EU) 2015/61. However, the consequences of full implementation of LCR remain limited in Luxembourg, as banks are generally running high on liquidity, with the weighted average of the LCR amounting to 230 per cent as of December 2016 (compared to 157 in December 2015).71

The NSFR is due to be fully implemented in 2018 and there is still no minimum ratio that is applicable in Luxembourg; banks are nevertheless obliged to report their NSFR to the CSSF as of 2015.

The CRD IV Law also introduced a paradigm shift in the liquidity supervision arrangements of the branches of banks from other Member States, with the CSSF no longer being in charge of supervising the liquidity of these branches. On 1 October 2015, the supervision of the liquidity of these branches passed to the home country authorities, in cooperation with the CSSF.

Consolidated supervision

The supervisory mission of the CSSF extends to both stand-alone and consolidated supervision.72

The scope, content and means of consolidated supervision are specified in the CRR,73 and, since the implementation of CRD IV, in the LFS.74 The practical arrangements governing supervision on a consolidated basis are laid down in CSSF Circular IML 96/125. The rules governing consolidated supervision are relatively complex, but the main standards and requirements include, inter alia, consolidated own funds, observance of the consolidated insolvency ratios, large exposures control requirements on a consolidated basis and consolidated liquidity.

The CSSF pays particular attention to the ‘group head’ function in a Luxembourg institution under its consolidated supervision. The CSSF also takes an interest in the way the Luxembourg parent company communicates its policies and strategies to its subsidiaries.75 The principal means available to the CSSF for the exercise of the consolidated supervision include periodic reports reflecting the financial situation and the consolidated risks of a group, internal capital adequacy assessment process reports on consolidated capital adequacy in relation to the risks taken by the group or subgroup, and external auditors’ long form consolidated reports.76

iv Recovery and resolution

The BRRD was implemented in Luxembourg on 18 December 2015 by the BRRD Law.77

To improve the consistency and the legibility of legal texts concerning the financial sector, the provisions relating to the going concern of banks and investment firms (including recovery planning and early intervention measures) are now entirely incorporated in the LFS, whereas all the rules governing gone concerns are codified into the BRRD Law.

Banks are required to draw up, maintain and submit to the CSSF updated individual recovery plans (group recovery plans for parent companies supervised by the CSSF on a consolidated basis) providing for the measures to be taken in the event of a significant deterioration in their financial situation.78

An institution or group shall be deemed resolvable if it or the group entities can be credibly wound up or resolved by applying the different resolution tools and powers available to the Resolution Board avoiding any significant effect on the financial system.79 The Resolution Board has broad powers to remove any impediments to resolvability, including, inter alia, requiring the institution to cease or limit certain activities, limit exposures or divest certain assets.80

Early intervention measures may be applied where the institution has infringed, or may infringe in the near future, the requirements set out under the CRR, under the LFS or under their implementing measures.81 The CSSF may, inter alia, request the removal of the authorised management and of the managing body under certain conditions, and appoint one or more temporary administrators.82

Resolution measures shall be taken by the Resolution Board only where it determines that the bank has failed or is likely to fail. The principal resolution tools reflect those set out under the BRRD and include a sale of business, a bridge institution, asset separation (which may be applied only with another tool) and bail-in. The Resolution Board has a set of general powers as well as a number of ancillary powers to allow for the transfer of a bank’s assets and liabilities under the resolution tools. As per the BRRD, the bail-in tool includes the power to write down or convert the bank’s liabilities to equity. The liabilities excluded from the scope of bail-in are the same as those set out under the BRRD and include, most notably:

  1. covered deposits;
  2. secured liabilities, including covered bonds;
  3. liabilities in the form of financial instruments used for hedging purposes under certain conditions; and
  4. employees’ salaries, except for variable remuneration.

Within the scope of implementation of the BRRD, the Luxembourg Resolution Fund (LRF) was created in line with the requirement to establish resolution financing arrangements empowered to raise mandatory ex ante contributions from domestic banks (including branches of non-EU banks) in view of ensuring the effectiveness of resolution tools and powers. The CSSF has published Circular 15/628 specifying the modalities of collecting ex ante contributions for the LRF.


Various conduct of business rules apply to Luxembourg banks. As regards regulatory liability, pursuant to Article 63 of the LFS, the CSSF may take administrative sanctions against banks subject to its supervision, inter alia, for:

  1. failure to comply with applicable laws, regulations, statutory provisions or instructions;
  2. provision of incomplete, incorrect or false information;
  3. breaches of rules on the publication of balance sheets and accounts; and
  4. failure to respond to injunctions by the CSSF.

Following the implementation of CRD IV, certain CRR-specific breaches have been introduced. The CSSF may impose warnings, reprimands or fines ranging between €250 and €250,000, in addition to temporary or permanent bans on the exercise of certain activities of operations, or on the exercise of the profession. In the case of CRR institutions, the CSSF can, inter alia, impose administrative fines of up to 10 per cent of the total net annual turnover or up to twice the amount of the profits gained or losses avoided because of the breach.

i MiFID rules of conduct

The provision of investment services and activities is currently subject to MiFID conduct of business requirements set out under the LFS and the MiFID Grand-Ducal Regulation, and specified under CSSF Circular 07/307. MiFID II, which is currently being implemented into Luxembourg law through the MiFID II Bill of Law, will amend, among others, the MiFID conduct of business provisions of the LFS. The MiFID II Delegated Directive83 is to be implemented by a draft Grand Ducal regulation on the protection of financial instruments and clients’ assets, product governance and inducements and repealing the MiFID Grand-Ducal Regulation.

Violation of the MiFID conduct of business rules may entail administrative sanctions pursuant to Article 63 of the LFS. Luxembourg courts have traditionally refused to grant damages on the sole basis of a violation of the MiFID conduct of business rules, unless a violation is coupled with a fault on the part of the bank as well as with a causal link to the damage suffered by the client. In 2015, the case law of the Luxembourg courts seemed to evolve towards admitting that the mere violation of the MiFID rules of conduct may be invoked as a basis for claims for damages. However, it remains to be seen whether this precedent will be confirmed in future decisions.

ii Anti-money laundering and counter-terrorism financing requirements

Banks and other professional entities in the financial sector are bound by the professional obligations laid down by the Luxembourg anti-money laundering law, as amended (AML Law).84 In particular, banks are held to apply customer due diligence measures, observe adequate internal organisation requirements and procedures, and to cooperate with the competent authorities, including to report suspicious transactions. Violation of the relevant professional obligations and requirements set out under the AML Law may lead to criminal as well as regulatory liability.

iii Payment services

When providing payment services, banks are required to respect the rules of conduct laid down under Titles III and IV of the Law of 10 November 2009 on payment services, as amended.85 These concern, inter alia, the transparency of the information that needs to be provided to clients, including any charges, exchange rates, transaction references and maximum execution time.

iv Banking secrecy

Banks remain subject to strict professional secrecy rules set out under Article 41(1) of the LFS, covering all information entrusted to the bank in the course of its professional activities. Banks remain subject to banking secrecy even after the termination of the bank–client relationship. Disclosure of such information is punishable by penalties laid down in Article 458 of the Criminal Code (imprisonment for up to six months or a fine ranging from €500 to €5,000, or both). A violation of banking secrecy may also lead to civil liability, giving rise to claims for damages. In addition, administrative sanctions may be taken by the CSSF for a breach of banking secrecy under Article 63 of the LFS.

Article 41 of the LFS and other legislative provisions provide for certain exemptions from banking secrecy requirements. These include, inter alia:

  1. information provided to national prudential supervisory authorities acting in the exercise of their legal powers for the purposes of such supervision, provided that information thus communicated is covered by the rules of professional secrecy governing such authorities;
  2. information provided to reference shareholders of banks, under certain conditions, provided that this is necessary for the proper and prudent management of the institution;
  3. certain outsourcing arrangements;
  4. information provided between entities forming a financial conglomerate, subject to certain conditions; and
  5. the granting of access to a financial group’s internal control bodies and information concerning specific business relations, to the extent that this is needed for the global management of legal and reputational risks in connection with money laundering or the financing of terrorism within the meaning of Luxembourg laws.

In addition, as part of their anti-money laundering obligations, banks must disclose certain information to the competent authorities concerning transfers of funds and the corresponding recorded information, irrespective of any rule of professional secrecy.

The banking secrecy requirements are also subject to exemption pursuant to some European and international arrangements governing the automatic exchange of information in tax matters.

The law of 27 February 2018, which entered into force on 5 March 2018, aims, among other things, to extend the possibilities of outsourcing activities to both external and intra-group undertakings, thereby providing for further exceptions to banking secrecy requirements. (This is discussed in more detail in Section VII.iv.)


The principal source of Luxembourg banks’ financing comes from client deposits. As at October 2017, the amount of deposits reached 46.7 per cent of the total liabilities of Luxembourg banks. Interbank loans are the second-most important source of financing for banks, representing 33.6 per cent of their liabilities. The share of securities issuance in the banks’ funding increased by €4.1 billion year-on-year and, as at October 2017, accounts for 8.6 per cent as of Luxembourg banks’ total liabilities.86


i Control regime

Qualifying holdings in banks must be approved by the CSSF. A ‘qualifying holding’ is defined as any direct or indirect holding that represents 10 per cent or more of the capital or of the voting rights. The requirements issued in Directive 2007/44/EC87 are applicable to banks and have been implemented into Article 6 of the LFS.

The granting of banking licences is subject to communicating to the CSSF the identity of the persons that have qualifying holdings and the amount of such holdings. As an exception to the rules that only qualifying holdings shall be approved, following the transposition of CRD IV, the LFS provides that in the absence of qualifying holdings, the identity of the 20 largest shareholders shall be communicated to the CSSF.88

Authorisation shall be refused where the suitability of shareholders is unsatisfactory, taking into account the need of sound and prudent management of the bank.89 The CSSF assesses the reputation of the proposed shareholder or shareholders and their financial soundness, particularly in relation to the type of business pursued and envisaged. The professional repute of shareholders shall be assessed on the basis of the absence of a criminal record and on any evidence showing that such persons are of good repute and offering every guarantee of their irreproachable conduct.90 In addition, the CSSF evaluates whether the credit institution will be able to comply with the prudential requirements based on the CRD IV package, and, where applicable, other provisions of European law, in particular Directive 2002/87/EC91 and Directive 2009/110/EC.92

Moreover, the structure of the bank’s direct and indirect ownership must be transparent so that the competent prudential supervisory authorities are clearly identifiable, and to allow them to exercise supervision (also on a consolidated basis) without hindrance.93

Furthermore, where a person decides to increase his or her qualifying holding, whether directly or indirectly, as a result of which the proportion of voting rights or capital held would reach or exceed 20, 33.3 or 50 per cent, or so that the bank would become its subsidiary, it shall first notify the CSSF of such a decision. The CSSF shall assess the notification to ensure the sound and prudent management of the bank based on the criteria described above.

Shareholders disposing directly or indirectly of qualifying holdings, or having decided to reduce their qualifying holdings, shall also notify the CSSF prior to that disposal if the proportion of voting rights or capital they hold would fall below the above-mentioned thresholds or if the credit institution would cease to be its subsidiary.

ii Transfers of banking business

Aside from the market stress scenarios in which particular resolution powers may be taken (e.g., the transfer of a banking business tool), the transfer of the whole of a banking business comprising client deposits may only be validly performed without client consent by way of a merger, de-merger or transfer of a branch of activity in accordance with the applicable Luxembourg company law provisions. For instance, Crédit Agricole Indosuez was successfully demerged into two different banking entities in 2003. More recently, Kaupthing Bank Luxembourg was successfully demerged into two entities without client consent. On the other hand, loans and loans portfolios may be transferred without client consent pursuant to the rules governing the assignment of claims under Articles 1689 to 1695 of the Luxembourg Civil Code.



After the scope of money laundering predicate offences was extended to aggravated tax fraud and tax swindling in accordance with the Financial Action Task Force recommendations and AMLD IV requirements, the implementation of AMLD IV continued in 2017 with the principal provisions of AMLD IV being implemented in Luxembourg by amendments to the AML Law, with the adoption of Bill of Law 7128, voted on 6 February 2018. Notably, the new legislation extends the scope of activities covered by the AML Law, introduces more detailed rules on risk assessment, extends the list of situations in which professionals need to perform due diligence measures, extends the definition of ultimate beneficial owners and the list of third parties that may perform due diligence obligations, introduces more stringent requirements regarding internal procedures and imposes a stricter sanctions regime.

Also, in November 2017, Bill of Law 7208 implementing Council Directive (EU) 2016/2258, under which national tax authorities are granted access to mechanisms, procedures, documents and information related to customer due diligence measures (in relation to Articles 13 and 40 of AMLD IV, respectively) was introduced before the Luxembourg Parliament. In addition, several other bills implementing AMLD IV are pending adoption by the Luxembourg Parliament.

Bill of Law 7217 establishing a central register of ultimate beneficial owners (UBO Register) (one of the more controversial requirements under AMLD IV) was brought before the Luxembourg Parliament in December 2017. According to Bill 7217, competent national authorities (public prosecutors, judges, the CSSF, etc.) will have unlimited access to the UBO Register, whereas certain self-regulatory bodies (such as the Luxembourg Bar, Chamber of Notaries, etc.) shall be granted limited access. Other persons will be able to request access provided a legitimate interest can be demonstrated. Bill 7217 foresees the establishment of a coordination committee, under the authority of the Luxembourg justice minister, having authority to grant access to the UBO Register, further to a substantiated request. The coordination committee will be able to restrict access to the UBO Register to national authorities only, pursuant to a substantiated request by the entity concerned, among others, if allowing access would expose the beneficial owner to a risk of fraud, kidnapping, blackmail, violence or intimidation. It remains to be seen if the implementation of these rules will comply with data protection principles and the case law of the Court of Justice of the European Union on the legality of the processing of personal data. A separate bill, implementing Article 30 of AMLD IV on the register of trusts, was also introduced at the beginning of December 2017.

ii Payment services

The Payment Services Directive94 was implemented by a law of 13 June 2017, defining new obligations for payment service providers concerning access to basic payment accounts, bank account switching and transparency and comparability of payment account fees. In October 2017, the Bill of Law 7195 implementing Payment Services Directive II (PSD2)95 was introduced before the Luxembourg Parliament. The principal novelties consist of introducing, and regulating, for the first time in Luxembourg, as per the provisions of PSD2, certain new categories of payment services as well as ‘third party payment service providers’ (TPPs) (such as ‘payment initiation services providers’ (PISPs) and ‘account information services providers’ (AISPs)).

Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No. 1781/2006 became applicable as of 26 June 2017. Circular CSSF 17/660 provides certain information in relation thereto.

The Law of 27 February 2018 on interchange fees, implementing Regulation (EU) 2015/751 of 29 April 2015 on interchange fees for card-based payment transactions and amending several laws relating to financial services, was published in the Luxembourg Official Gazette on 1 March 2018. The interchange fee cap applicable to domestic payments has been set at 0.12 per cent of the value of the transaction (with the interchange being capped at 0.2 per cent under Regulation (EU) 2015/751).

iii MiFID II

In July 2017, the MiFID II Bill of Law was brought before the Luxembourg Parliament and its adoption is pending. The current draft of the MiFID II Bill of Law foresees no gold-plating and, in line with the traditional one-on-one approach in implementing EU legislation, Luxembourg legislators have for the time being chosen not to exercise most of the national discretions and options set out under MiFID II, with the notable exception of the third county firms regime set out under Article 39 of MiFID II for the provision of investment services and activities to retail and opted-up professional clients through an authorised branch.

iv Professional secrecy and outsourcing

Having initially given rise to much discussion after its introduction before the Luxembourg Parliament in September 2016 as Bill of Law 7024, the law of 27 February 2018 amending, among others, Article 41 of the LFS (the bedrock of the Luxembourg banking secrecy regime), entered into force on 5 March 2018. As a result, barriers to several financial outsourcing transactions will officially disappear and the (IT) outsourcing landscape could undergo substantial changes. In particular, the new framework should help modernise the outsourcing arrangements embedded in the LFS. The distinction between outsourcing to intra-group and external entities that was initially made in Bill of Law 7024 has been abolished and replaced by a clear rule: the disclosure of the information covered by professional secrecy shall be possible where (1) the sub-contractor is Luxembourg-based and supervised itself, or (2) the client has agreed to the disclosure. Following the adoption of the law of 27 February 2018, persons who are:

  1. established in Luxembourg;
  2. supervised by the CSSF, the ECB or the Luxembourg insurance regulator; and
  3. whose professional secrecy obligation is subject to criminal sanctions;

will be able to receive information protected by a professional secrecy obligation, within the framework of a service agreement.

In addition, the new regime lays down a legislative framework for acceptance-based arrangements for the first time. Although several financial institutions had already put in place certain outsourcing arrangements relying on guidelines provided by the CSSF, a consent-based exemption from professional secrecy obligations was not provided for by law, and thus gave rise to legal uncertainty. Under the regime of the new Article 41 of the LFS, this uncertainty has been removed. Under the new outsourcing legal framework, even entities that do not meet the aforementioned criteria may receive or access information covered by professional secrecy requirements, subject to clients’ consent, under certain conditions. The revised LFS is therefore likely to reassure market players and to accommodate the different interests of all stakeholders concerned, although conditions of the end clients’ acceptance, which is a key concept for a valid exception to professional secrecy, might still give rise to certain discussions.

In May 2017, the CSSF published a series of circulars (Circular CSSF 17/654 regarding IT outsourcing relying on a cloud computing infrastructure, Circular CSSF 17/655 updating the outsourcing provisions in Circular CSSF 12/552, Circular CSSF 17/656 on outsourcing by other financial service providers, payment institutions and e-money institutions, and Circular CSSF 17/657 updating Circular CSSF 06/240 on administrative and accounting organisation), streamlining its regulation on (IT) outsourcing in the financial sector, and introducing specific rules for the use of cloud services. In particular, these texts lay down conditions under which financial service providers may outsource activities (and IT-related activities in particular) without infringing the regulatory principles of central administration and sound governance. These circulars complement the anticipated legislative changes brought about by the adoption of the law of 27 February 2018.

v Central securities depositories

Bill of Law 7165 implementing the EU Central Securities Depository Regulation (CSDR)96 was brought before the Luxembourg Parliament in August 2017. Bill of Law 7165 designates the CSSF as the competent authority for granting authorisations, supervising central securities depositories and exercising powers conferred to national competent authorities under the CSDR.


The Luxembourg banking sector’s primary focus in the year ahead will be on AMLD IV, GDPR, PSD2 and, in particular, in light of the importance of its private banking business, on MiFID II and PRIIPs. Banks will also continue to adapt to more stringent capital requirements stemming from CRD IV and the CRR, or margin requirements pursuant to the entry into effect of the clearing obligation under EMIR. Other measures, such as PSD2 (which is due to not only further regulate payment services but also to open up the market to new competitors) and the progressive phasing-in of various requirements under the Securities Financing Regulation97 are yet to be implemented. Pressure is expected to ease beyond 2018, however, with the post-financial crisis regulatory agenda approaching completion.

In particular, with regard to private banking, the banking industry will continue to closely follow developments in the field of tax transparency both on the EU and international levels, such as various automatic exchange of information initiatives. Despite these trends, the total amount of assets under management, as well as the amount of non-banking clients’ deposits, has been on the increase for the fourth consecutive year. The increase of high net worth clients and the erosion of the traditional small to medium-sized portfolio client base is expected to continue, as is the increase of assets from clients located in Asia and South America.

The developments in the field of collective asset management and, in particular, the initiatives aiming to confer direct supervisory powers to European Supervisory Authorities in the area of supervision of investment funds (such as the European Commission’s proposal from September 2017 to certain EU-labelled investment funds (European Venture Capital Funds, European Social Entrepreneurship Funds and European Long-Term Investment Funds) shall continue to be closely watched. However, the European investment funds regulatory framework is expected to generally continue to benefit the Luxembourg banking industry thanks to the ever-increasing distribution opportunities offered by the European passport and the back-office and custody business it generates.

Some European initiatives, such as those in the field of simplified securitisation, heralded by the much-anticipated EU Securitisation Regulation that was adopted in November 2017,98 are also expected to have a positive impact both on the Luxembourg financial centre and on Luxembourg banks.

1 Josée Weydert is the managing partner, Jad Nader is a partner and Milos Vulevic is an associate at NautaDutilh Avocats Luxembourg S.à r.l.

2 The Official Portal of the Grand Duchy of Luxembourg.

3 CSSF Newsletter No. 204, January 2017 (www.cssf.lu/fileadmin/files/Publications/Newsletter/Newsletter_2017/newsletter193.pdf).

4 The end of the third quarter of 2017 also saw a reduced head count in Luxembourg banks year-on-year. As at 30 September 2017, Luxembourg credit institutions employed 26,030 people, 102 units down compared to September 2016 (idem).

5 In terms of assets, the rating is as follows: Deutsche Bank Luxembourg (€51,787 billion), Banque et Caisse d’Epargne de l’Etat, Luxembourg (€43,445 billion), Société Générale Bank & Trust (€42,188 billion), BGL BNP Paribas (€33,933 billion) and Banque Internationale à Luxembourg (€23,149 billion). ‘Luxembourg Banking Insights 2017’, Financial Services, KPMG, p. 25.

6 ALFI, data as at 31 December 2017, www.alfi.lu/statistics-figures/luxembourg.

7 The statistics portal of the Grand Duchy of Luxembourg. GDP annual growth rate averaged at 3.7 per cent from 1996 to 2016 (Trading Economics: www.tradingeconomics.com/luxembourg/gdp-growth-annual).

8 Trading Economics, www.tradingeconomics.com/luxembourg/gdp-growth-annual/forecast.

9 As of February 2017, four other EU countries had a triple A rating
(Trading Economics, www.tradingeconomics.com/country-list/rating).

10 Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC.

11 EY, ABBL, ‘Survey on the cost of regulation and its impact on the Luxembourg financial marketplace, 2016 Edition’, p. 4.

12 Directive 2014/65/EU on markets in financial instruments.

13 Regulation (EU) No. 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs).

14 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

15 The legal acts mentioned are explained further in the later sections of this chapter. According to a survey conducted by EY and the Luxembourg Banking Association published in 2017, the most costly regulatory measures for banks remain CRD IV, the Foreign Account Taw Compliance Act and EMIR, with MiFID II well on course to becoming the most expensive regulation for those financial institutions required to implement it. (Ibid., p. 4).

16 ‘Luxembourg banks can spend up to 51 per cent of revenue on compliance, ABBL says’, Luxembourg Times, 1 February 2018.

17 Ibid.

18 Council Regulation (EU) No. 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions.

19 Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No. 1093/2010 and (EU) No. 648/2012, of the European Parliament and of the Council.

20 Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes.

21 Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No. 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.

22 ‘China Everbright Bank Luxembourg Branch officially opens’, Xinhua, 9 September 2017.

23 Northern Trust Corporation press release, 2 October 2017 (https://www.northerntrust.com/about-us/news/press-release?c=082cdff3de9c14d31b8e1f89bc61b414).

24 Law of 5 April 1993 on the financial sector, as amended.

25 CSSF Annual Report 2016, p. 90.

26 Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament and of the Council and repealing Council Directive 93/22/EEC (MiFID).

27 Regulation on Markets in Financial Instruments (600/2014).

28 CSSF Press Release, 29 December 2017.

29 Regulation (EU) No. 575/2013 of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012 (CRR).

30 CRR, Article 4.1(1).

31 The states that are contracting parties to the European Economic Area Agreement (EEAA), other than EU Member States, are considered as equivalent to EU Member States within the limits provided for under the EEAA.

32 LFS, Article 32(5).

33 CSSF Circular 11/515, p. 5.

34 LFS, Article 32(1).

35 Law of 23 December 1998 establishing a financial sector supervisory commission, as amended.

36 The Luxembourg Monetary Institute became the Luxembourg Central Bank on 1 June 1998.

37 Regulation (EU) No. 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No. 1093/2010.

38 Limited to the credit institutions subject to Article 99 CRR.

39 CSSF Circulars 18/685 and 09/410.

40 CSSF Circular 18/685.

41 CSSF Circular 12/553.

42 CSSF Circular 14/585.

43 CSSF Annual Report 2016, p. 71.

44 LFS, Article 7(1); prior to the implementing of CRD IV, managers were only required to satisfy the condition of professional standing, or good repute.

45 LFS, Article 7(2).

46 CSSF Circular 12/552, p. 18.

47 Law of 23 July 2015, implementing, inter alia, Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 into Luxembourg law.

48 LFS, Article 38-2(1).

49 LFS, Article 38-1(e).

50 A bank shall be determined as ‘significant’ by taking into account the following elements:

a the bank is identified as a systemically important institution (SII);

b by size, its assets are greater than €30 billion, or the ratio of its total assets to the Luxembourg gross domestic product is greater than 20 per cent, unless the total value of its assets is less than €5 billion;

c it represents the highest level of consolidation within the group of supervised institutions in the eurozone and is included as such in the list of significant supervised entities drawn up by the ECB in accordance with Article 49(1) of Regulation (EU) No. 468/2014 of the ECB;

d it is the ultimate parent company of the group of supervised institutions to which, as the case may be, it belongs;

e it is the parent company of a significant number of subsidiaries established in other countries; and

f its shares are admitted to trading on a regulated market.

A CRR bank that does not meet at least two of the conditions listed above is not considered ‘significant’. The criteria are indicative and are meant only to guide the CSSF in its assessment.

51 LFS, Article 38-2(5).

52 Ibid.

53 LFS, Article 38-2(4).

54 Directive 2010/76/EU of the European Parliament and of the Council of 24 November 2010 amending Directives 2006/48/EC and 2006/49/EC as regards capital requirements for the trading book and for resecuritisations, and the supervisory review of remuneration policies.

55 CSSF Regulation No. 14-01, Article 5 and CRR, Article 92.

56 CSSF Regulation No. 14-01, Articles 2 and 3.

57 In the absence a common European definition of common stock, ‘capital instruments’ must fulfil 13 conditions set out under Article 28, Paragraph 1 CRR to qualify as such.

58 CRR, Article 26.

59 CSSF Annual Report 2016, p. 53.

60 Ibid, p. 55.

61 LFS, Article 59-13.

62 CSSF Regulation No. 14-01, Article 6.

63 CSSF Regulation No. 15-02 relating to the supervisory review and evaluation process that applies to CRR institutions, Article 28.

64 LFS, Article 59-6.

65 CSSF Regulation No. 15-01, Article 2.

66 CSSF Regulation No. 17-05 on the setting of a countercyclical buffer rate.

67 CSSF Regulation No. 17-04 concerning systemically important institutions authorised in Luxembourg.

68 See EBA guidelines on the criteria to determine the conditions of application of Article 131(3) of Directive 2013/36/EU (CRD) in relation to the assessment of other systemically important institutions (O-SIIs), EBA/GL/2014/10.

69 LFS, Article 59-10.

70 CSSF, Annual Report, 2015, p. 95.

71 CSSF, Annual Report, 2016, p. 55.

72 Idem.

73 CRR, Part I, Chapter 2, Section II.

74 LFS, Part III Chapter 3.

75 As of the end of December 2015, the CSSF supervised on a consolidated basis 20 banks incorporated in Luxembourg and three Luxembourg-incorporated financial holding companies. Of these 21 banks, 13 are supervised by the ECB, as they form part of the banking groups considered as significant. The CSSF continues to supervise the remaining seven banks. See CSSF, Annual Report, 2015, p. 114.

76 Idem, pp. 106–7.

77 Law of 18 December 2015 on resolution, recovery and liquidation measures of credit institutions and some investment firms, on deposit guarantee schemes and indemnification of investors.

78 LFS, Article 59-18(1).

79 BRRD Law, Article 26 (transposing Article 15 of the BRRD).

80 BRRD Law, Article 29.

81 LFS, Article 59-43.

82 Article 29, Paragraph 2, of the BRRD provides in addition that the competent authority shall determine such powers based on ‘what is proportionate’ in the circumstances.

83 Commission Delegated Directive (EU) 2017/593 of 7 April 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to safeguarding of financial instruments and funds belonging to clients, product governance obligations and the rules applicable to the provision or reception of fees, commissions or any monetary or non-monetary benefits.

84 The Law of 12 November 2004 on combating money laundering and the financing of terrorism, as amended.

85 Transposing Titles III and IV, respectively, of Directive 2007/64/EC.

86 BCL quarterly bulletin, 2017/3, p. 32.

87 Directive 2007/44/EC of the European Parliament and of the Council of 5 September 2007 amending Council Directive 92/49/EEC and Directives 2002/83/EC, 2004/39/EC, 2005/68/EC and 2006/48/EC as regards procedural rules and evaluation criteria for the prudential assessment of acquisitions and increase of holdings in the financial sector.

88 LFS, Article 6(1).

89 Article 6(9) of the LFS specifies the criteria according to which such sound and prudent management is assessed.

90 LFS, Article 7.

91 Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate and amending Council Directives 73/239/EEC, 79/267/EEC, 92/49/EEC, 92/96/EEC,
93/6/EEC and 93/22/EEC, and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council.

92 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC.

93 LFS, Article 6(2).

94 Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features.

95 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC.

96 Regulation (EU) No. 909/2014 of the European Parliament and of the Council on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No. 236/2012.

97 Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency of securities financing transactions and of reuse and amending Regulation (EU) No. 648/2012.

98 Regulation (EU) 2017/2402 of the European Parliament and of the Council laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU, Regulation (EC) No. 1060/2009 and Regulation (EU) No. 648/2012.