On 14 August 2020, the CSSF amended the Grand Ducal Regulation (GDR) of 1 February 2010. This amended GDR updates and provides clarifications on certain provisions of the Law of 12 November 2004 on the fight against money laundering and terrorist financing, notably regarding the amendments from the transposition of the fourth and fifth anti-money laundering (AML) directives. It was published in the Luxembourg official journal (Mémorial A) on 20 August 2020 and immediately entered into force.
This article summarizes the key changes introduced by the amended GDR. You can find further key changes and amendments to Regulation 20-05 in this related blog.
Repealing of certain provisions
The amended GDR repeals the previous GDR’s obligations regarding the identification and verification of a customer — including the proxies of any natural persons acting on behalf of the customer and the legal status of the legal persons — as well as the identification and verification of the beneficial owner. However, these obligations continue to remain in force under the amended Law of 12 November 2004.
Clarification of customer due diligence measures by professionals
In line with Articles 2 and 3 of the amended Law of 12 November 2004, the amended GDR provides details on when to apply due diligence on existing customers. In particular, it further defines the appropriate times to apply due diligence on a risk-sensitive basis (Article 1), notably:
- Where a transaction of significance takes place
- Where customer documentation standards change substantially
- As regards banking business, where a material change in the way that a customer’s account is operated
- Where the professional becomes aware that it lacks sufficient information about an existing customer.
Without prejudice to higher frequency and depending on the risk assessment, customer due diligence measures should be carried out every seven years at least. The situations where special attention must be paid as part of a business relationship’s ongoing due diligence remain unchanged, but are no longer limited to the list initially defined. Therefore, it remains at the discretion of each professional to apply special attention to other situations that present a higher level of risk and that they may deem relevant.
The record-keeping obligation has been extended to data and the results of any analysis carried out. Also, the amended GDR requires professionals to ensure that the requested information defined under article 1(5) is obtained and recorded for transaction on an individual basis.
And, virtual asset service providers, as defined under Article 7-1 of the amended Law of 12 November 2004, must apply customer due diligence measures when an occasional transaction that constitutes as a transfer of funds exceeds the EUR1,000 threshold, as defined by the fourth EU AML Directive.
Situations where enhanced due diligence measures should be applied
The amended GDR has updated the situations where enhanced due diligence (EDD) measures must be applied. In particular:
- The scope of the updated GDR, previously limited to a country that was either not applying or insufficiently applying the measures for the fight against money laundering and terrorist financing, has now been extended to business relationships and transactions involving high-risk countries, as they present a higher risk situation.
- The application of EDD for non-face-to-face transactions has been limited to those where the professional has not put in place: (i) electronic identification means; (ii) relevant trust services within the meaning of Regulation (EU) No 910/2014; or (iii) any other secure, electronic or remote identification process that is regulated, recognized, approved or accepted by the relevant national authorities.
- Regarding cross-border correspondent relationship situations, the updated GDR reiterates that professionals must not only document their respective responsibilities but also clearly understand them. Also, the respondent institution must be able to provide the correspondent institution with any relevant customer data and information upon request.
- For situations involving high-risk countries or politically exposed persons, the EDD procedure must be approved both by senior management and the AML and counter-terrorist financing (CTF) compliance officer.
Extension of the obliged entities scope and clarification of due diligence obligations of branches and subsidiaries
Finally, the amended GDR extends the customer due diligence obligations of branches and majority-owned subsidiaries in high-risk third countries to all financial sector professionals. Under the previous regime, only credit and financial institutions were obliged to ensure their branches and/or subsidiaries complied with this principle, whereas the ownership status of subsidiaries as “majority-owned” was absent. In addition, only countries which do not apply or insufficiently apply the measures for the fight against money laundering and terrorist financing were in scope.
A coordinated version of the amended GDR is available at this link.