AML/CFT in Luxembourg during the COVID-19 crisis

In Circular 20/7401   of 10 April 2020, the Commission de Surveillance du Secteur Financier (the “CSSF”) describes the money laundering and terrorism financing (“ML/TF”) implications of the worldwide COVID-19 crisis for Luxembourg professionals under its supervision (“Professionals”), including credit institutions, investment fund managers and professionals of the financial sector (PFS). The CSSF stresses that, more than ever, Professionals must continue to comply with their anti-money laundering and counter-terrorism financing (“AML /CTF”) obligations in accordance with the Law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended (the “AML Law”) during this crisis. Indeed, due to the extraordinary circumstances under which they are currently providing services, Professionals are exposed to particular forms of ML/TF threats they are neither used to nor particularly prepared to manage. 

The two most important ML/TF COVID-19-related threats are cybercrime (e.g. phishing) and fraud. These two ML/TF threats have become more critical since Professionals are facing temporary organisational weaknesses (e.g. homeworking, alternative means of communication, and lessened IT security), which may make it easier for criminals to commit ML/TF-related offences. 

As indicated in the Note "Typologies COVID-19" of 2 April 2020 issued by the Luxembourg Financial Intelligence Unit (Cellule de Renseignement Financier or “CRF”), the CRF is currently working on certain fraud schemes based on recent suspicious transactions reports and suspicious activities reports received during the last few weeks. The Note sets out indicators of suspicious activities to which Professionals are encouraged to refer.

Fraud schemes may take many forms but include in most cases embezzlement of funds or money laundering. As the CSSF sets out in Circular 20/740, important ML/TF threats are posed by bribery (linked to emergency government schemes), trafficking in counterfeit products (due to a high demand and low offer of COVID-19 supplies), robbery (due to confinement rules), and insider trading and market manipulation (due to disturbed access to confidential information). The CSSF identifies as particularly relevant for ML/TF threats, vulnerabilities in relation to online payment services, clients in financial distress, mortgages and other forms of collateralised lending, credit backed by government guarantees, distressed investment products and delivery of aid through non-profit organisations.

In this particularly difficult context, Professionals must strengthen their controls and increase their vigilance thresholds with a view to mitigating the aforementioned ML/TF threats. The CSSF highlights five sets of areas requiring particular focus by Professionals to maintain effective and robust internal systems and controls:

  • AML/CTF business continuity and governance: Professionals must ensure that AML/CTF controls continue to be carried out as far as possible during the crisis, or even strengthened. Moreover, Professionals must put in place communication channels that facilitate interaction between employees so that issues are addressed appropriately and in due course. In this respect, the compliance function's availability is of particular importance: staff must be able to report ML/TF issues swiftly and efficiently. In addition, Professionals must enhance controls on their outsourcing arrangements. They should also confirm the robustness of their cyber risk controls and reflect upon measures taken following the CSSF's guidance on minimum IT security conditions2 .
  • Transaction monitoring: more than ever, Professionals must undertake regular transaction monitoring of their customers’ transactions so as to detect any unusual activity or transaction which could entail ML/TF paying particular attention to unusual or suspicious patterns and financial flows, and confirm the adequacy of their outsourcing arrangements in this respect.
  • Customer due diligence (CDD): Professionals must consider how to strengthen CDD to mitigate the impact of the lack of face-to-face contacts in line with a risk-based approach. The CSSF refers to the Financial Action Task Force (FATF) Guidance on Digital ID  when Fintech is used in the CDD process and its recent FAQ  on AML/CFT and IT requirements for specific customer on-boarding KYC methods. Enhanced due diligence may include the collection of additional documentation or the certification thereof. Professionals will need to pay particular attention to their PEP and high-risk customers (which usually pose major threats anyway). The CSSF reminds Professionals that should they be unable to apply appropriate CDD, they must not enter into the prospective business relationship or continue one with an existing customer and report any unusual transaction or activity to the CRF.
  • ML/TF risk assessment: Professionals should take a dynamic approach to ML/FT risk assessment incorporating the ML/TF risks inherent in the current crisis. Professionals ought to communicate thereon to their staff, so that COVID-19-related threats and risks are dealt with as efficiently as possible by all employees.
  • Cooperation with authorities: the CSSF insists on the importance of cooperation with the CRF and to report to it any ML/TF suspicion without delay. Moreover, Professionals must remain transparent and responsive in their interactions with the CSSF. Lastly, Professionals must play their part in the fight against ML/TF and share any typology of threat they observe during the pandemic in due course.

As also mentioned in the Asset management and investment funds section of this COVID-webpage, the CSSF has further explained how to implement this guidance in the collective investment sector in a presentation published with a press release of 4 May 2020

In addition, it is important to note that CSSF supervision remains fully effective during the crisis and Professionals will continue to receive relevant information from the CSSF in a timely manner to help them mitigate the ML/TF threats they are facing. The CSSF will also complete on-site inspections that have already commenced and will conduct new inspections on a remote basis during the crisis. Moreover, the CSSF remains available on a remote basis in order to answer Professionals’ questions as well as to address specific issues which may threaten the stability of the Luxembourg financial sector.

Finally, on 4 May 2020, the FATF issued a document entitled “COVID-19-related Money Laundering and Terrorist Financing – Risks and Policy Responses”, which aims at identifying challenges and responses to the new kinds of ML/TF threats and vulnerabilities deriving from the COVID-19 crisis.

1 Circular CSSF 20/740 of 10 April 2020 regarding the financial crime and AML/CFT implications during the COVID-19 pandemic.
2 See CSSF press release of 2 March 2020 and the CSSF's FAQ COVID-19.