Regulatory framework

1) high-risk jurisdictions on which enhanced due diligence and, where appropriate, counter-measures are imposed
2) jurisdictions under increased monitoring of the FATF

Version of 25 February 2025

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats

laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat

complétant le règlement (UE) 2022/2554 du Parlement européen et du Conseil par des normes techniques de réglementation précisant les critères utilisés pour identifier les entités financières tenues d’effectuer des tests d’intrusion fondés sur la menace, les exigences et les normes régissant le recours à des testeurs internes, les exigences relatives au périmètre et à la méthodologie des tests ainsi qu’à l’approche à suivre pour chaque phase des stades de test, de résultats, de clôture et de correction et le type de coopération en matière de surveillance et les autres types de coopération pertinents qui sont nécessaires pour l’exécution des tests d’intrusion fondés sur la menace et pour la facilitation de la reconnaissance mutuelle

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities

relating to:

1° implementation of Regulation (EU) 2023/606 of the European Parliament and of the Council of 15 March 2023 amending Regulation (EU) 2015/760 as regards the requirements pertaining to the investment policies and operating conditions of European long-term investment funds and the scope of eligible investment assets, the portfolio composition and diversification requirements and the borrowing of cash and other fund rules;

2° implementation of Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937;

3° implementation of Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849;

4° transposition of Article 38 of Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849;

5° implementation of Regulation (EU) 2023/2631 of the European Parliament and of the Council of 22 November 2023 on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds;

6° modification of: a) the Law of 16 July 2019 on the operationalisation of European regulations in the area of financial services, as amended;b) the Law of 5 April 1993 on the financial sector, as amended; c) the Law of 23 December 1998 establishing a financial sector supervisory commission, as amended;d) the Law of 12 November 2004 on the fight against money laundering and and terrorist financing, as amended; e) the Law of 10 November 2009 on payment services, as amended;f) the Law of 7 December 2015 on the insurance sector, as amended.

2024 Questionnaire on financial crime

laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information

amending Circular CSSF 19/732 of 20 December 2019 on the Prevention of Money Laundering and Terrorist Financing: clarifications on the Identification and Verification of the Identity of the Ultimate Beneficial Owner(s)

laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) (Text with EEA relevance)

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid

concerning restrictive measures in view of the situation in Russia

establishing templates for certain forms as well as technical rules for the effective exchange of information under Regulation (EU) 2018/1672 of the European Parliament and of the Council on controls on cash entering or leaving the Union