Regulatory framework

1) high-risk jurisdictions on which enhanced due diligence and, where appropriate, counter-measures are imposed
2) jurisdictions under increased monitoring of the FATF

Version of 25 February 2025

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats

laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat

complétant le règlement (UE) 2022/2554 du Parlement européen et du Conseil par des normes techniques de réglementation précisant les critères utilisés pour identifier les entités financières tenues d’effectuer des tests d’intrusion fondés sur la menace, les exigences et les normes régissant le recours à des testeurs internes, les exigences relatives au périmètre et à la méthodologie des tests ainsi qu’à l’approche à suivre pour chaque phase des stades de test, de résultats, de clôture et de correction et le type de coopération en matière de surveillance et les autres types de coopération pertinents qui sont nécessaires pour l’exécution des tests d’intrusion fondés sur la menace et pour la facilitation de la reconnaissance mutuelle

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities

2024 Questionnaire on financial crime

Survey on covered claims in connection with investment business – mode of transmission

Version 1

Version 1

laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information

amending Circular CSSF 19/732 of 20 December 2019 on the Prevention of Money Laundering and Terrorist Financing: clarifications on the Identification and Verification of the Identity of the Ultimate Beneficial Owner(s)

laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) (Text with EEA relevance)

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid

concerning restrictive measures in view of the situation in Russia