On 22 April 2022, the CSSF issued a new Circular CSSF 22/807 updating Circular CSSF 12/552 on central administration, internal governance and risk management, as amended ("Circular CSSF 12/552").
- Scope of application and timeline
Circular CSSF 12/552, as amended by Circular CSSF 22/807, is applicable to credit institutions, including their branches. It also applies to Luxembourg branches of third-country credit institutions, to Luxembourg branches of credit institutions established in another Member State and, in part, to professionals carrying out lending operations ("In-Scope Entities").
The updated Circular CSSF 12/552 has been applicable since 30 June 2022.
- Main changes brought by Circular CSSF 22/807
Since 30 June 2022, the CSSF applies the following guidelines:
- EBA Guidelines on internal governance (which have been integrated into the body of Circular CSSF 12/552);
- Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body (which have not been integrated into the body of Circular CSSF 12/552 but are directly applicable to the In-Scope Entities);
- ESMA Guidelines on certain aspects of the MiFID II compliance function requirements (which have been partially integrated into the body of Circular CSSF 12/552).
In addition, the CSSF has updated some parts of Circular CSSF 12/552:
- reinforcement of the responsibilities of the supervisory body (which must (i) take into account ESG risks in the institution's risk monitoring and management, (ii) improve gender equality and representation of the under-represented gender among the members of the management body, and (iii) hold the majority of its meetings in Luxembourg);
- reinforcement of the requirements applicable to the authorised management regarding the obligation to implement gender-neutral policies ensuring fair treatment and equal opportunities for all staff;
- reinforcement of the conflicts of interest rules;
- reinforcement of the AML/CFT requirements in the internal governance arrangements;
- update of the internal alert arrangements' requirement to be implemented by the In-Scope Entities in light of the EU Whistleblowing Directive requirements; and
- repeal of Chapter 7's outsourcing requirements. In-Scope Entities must now comply with the requirements of the newly issued Circular CSSF 22/806 on outsourcing arrangements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.