Fintech 2025

LUXEMBOURG Law and Practice Contributed by: Andreas Heinzmann, Valerio Scollo and Angela Permunian, GSK Stockmann

which provide cloud computing to financial insti - tutions. 2.12 Review of Industry Participants by Parties Other than Regulators The activities of financial-sector participants are mainly reviewed by the regulators, however, auditors are typically appointed by industry par - ticipants to review their business activities. Fur - thermore, certain regulated entities, eg, banks, must set up internal risk control, compliance and internal audit functions. 2.13 Conjunction of Unregulated and Regulated Products and Services In principle, there is no general prohibition for regulated entities to combine regulated and unregulated products. However, in certain cas - es the regulator must be notified of such activi - ties and may then assess the compatibility of these services and products in more detail. For example, in the case of services and products related to virtual assets, the CSSF has published FAQs outlining its position on the possibility of banks opening virtual asset accounts. According to the CSSF, banks may open accounts, simi - lar to securities accounts, that allow customers to deposit virtual assets, however, they cannot open virtual asset bank accounts (eg, current accounts). 2.14 Impact of AML and Sanctions Rules In accordance with the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended, (the “AML Law” ), which transposes, among others, Direc - tive (EU) 2015/849 into national law, fintech com - panies that qualify as professionals under the AML Law are required to comply with several professional obligations.

The AML Law applies, eg, to banks, financial institutions, virtual asset service providers, pay - ment institutions and electronic money institu - tions. In particular, these entities are required to com - ply with customer due diligence obligations, adequate internal management requirements and co-operation requirements with the authori - ties. The CSSF is required to ensure that all the persons subject to its supervision, authorisa - tion or registration comply with the professional AML/CFT obligations and implement a risk- based approach. Accordingly, the CSSF has broad sanctioning powers (see 2.10 Significant Enforcement Actions ). In addition, the new AML package sets up the EU Anti-Money Laundering Authority (AMLA) to directly supervise high-risk entities and man - dates CASPs to comply with AML/CFT regu - lations, banning anonymous transactions, and enhancing transparency in the crypto sector. 2.15 Financial Action Task Force Standards Luxembourg is recognised as one of the most progressive jurisdictions in AML/CFT matters. The AML/CFT rules apply to the majority of financial entities, ensuring compliance with the Financial Action Task Force (FATF) standards. As a member of the FATF, Luxembourg adheres to over 40 FATF Recommendations and, according to the Mutual Evaluation Report 2023, is regard - ed as having “solid AML/CFT” framework. 2.16 Reverse Solicitation In accordance with the Financial Sector Law, third-country investment providers may rely on reverse solicitation in Luxembourg and are not obliged to establish a branch or obtain authori -

509 CHAMBERS.COM

Powered by