-
Audit of stand-alone annual accounts
At Grant Thornton Luxembourg, our team of experts is specialised in audits of stand-alone annual accounts.
-
Audit of consolidated annual accounts
Grant Thornton Luxembourg team of experts is specialised in providing audit services to a lot of multinational which have their administrative center located in Luxembourg for whom the consolidated annual accounts have to be audited.
-
Agreed-Upon Procedures Engagements
In the case of agreed-upon procedures engagement, Grant Thornton Luxembourg performs procedures particularly requested by the client/bank and reports on the findings.
-
GDPR-CARPA Certification
Grant Thornton Audit and Assurance is accredited by the Commission Nationale pour la Protection des Données (CNPD) to provide GDPR-CARPA certifications for organisations.
-
Forensic Audit
Grant Thornton Luxembourg has the forensic and business skills to deal with the most complex situations. A multi-disciplinary team of dedicated accountants in consultation with lawyers, IT consultants, insurance experts, valuation specialists and actuaries may be engaged when necessary.
-
Supervisory Auditor (Commissaire)
Grant Thornton Luxembourg has a dedicated team of experts committed to deliver services to reserved to Supervisory Auditor or "Commissaire aux Comptes".
-
Liquidation Audit
Grant Thornton Luxembourg has a dedicated team of experts committed to deliver services to reserved to liquidation audit "Commissariat à la liquidation".
-
Assurance Engagements
Grant Thornton Luxembourg have a dedicated team of experts committed to work on audit and assurance special engagements.
-
IFRS Services
At Grant Thornton Luxembourg, our experts can help you navigate the complexity of International Financial Reporting Standards (IFRS).
-
Valuation
Grant Thornton Luxembourg helps clients evaluate and implement various strategic alternatives through our comprehensive suite of corporate value consulting services. From opinions, board solutions and services, to valuation and modeling, we can assist you with value added services throughout the transaction lifecycle.
-
Governance, Risk & Compliance
Grant Thornton Luxembourg offers comprehensive services in Governance, Risk & Compliance (GRC) tailored to meet the evolving needs of businesses in today's dynamic regulatory environment. Our commitment is to provide personalised guidance and global expertise, ensuring that your company establish robust internal controls and navigates governance challenges effectively.
-
Structuring & Modeling
Grant Thornton Luxembourg offers workable solutions to maximise your value and deliver sustainable growth. Transactions or reorganisations are significant events in the life of a business, so the stakes are high for both buyers and sellers.
-
External DPO and Data Protection Compliance
EU General Data Protection Regulation (GDPR) - The real challenge consists of remaining compliant with GDPR and in being able to prove this compliance (accountability principle). Grant Thornton Luxembourg can help you with a tailored phase approach.
-
Sustainability & ESG Services
At Grant Thornton, we recognise the need of our clients to operate responsibly and to meet the high standards posed by the sector they operate. We offer pragmatic, tailor-made solutions to our clients and we assist them to make the required transitions towards the implementation of sustainable business practices.
-
Whistleblowing services
Since May 2023, the Whistleblower Law has become effective in Luxembourg. What does this mean for your business? Our experts can advise and help you to set-up internal reporting channels and to comply with the new law.
-
Alternative Investment Services
Grant Thornton Luxembourg is a bespoke business partner to established Alternative Investment Fund (“AIF”) Managers (“AIFM”) as well as independent Managers launching start-up Funds and seeking for a single entry point in Luxembourg in order to set-up and manage their Luxembourg domiciled Funds.
-
Fund Administration
Fund Administration - Grant Thornton Luxembourg offers a full range of tailored solutions to our clients.
-
Registrar & Transfer Agency Services, Client Reporting
Grant Thornton Luxembourg provides investors with confirmations, final Contract Notes and regular statements upon finalisation of the Fund’s Net Asset Value, We handle all wire payments and transfers, including the processing of distribution dividend payments, and perform in-depth Anti-Money Laundering Counter Terrorism Financing and Know-Your Client due diligence checks on investors.
-
Fund set-up, Launch & Corporate life
High-quality product structuring and legal services have become a crucial tool enabling industry players to get through the major changes impacting their business development, strategy and organisation as a whole. Our Investment Management practice at Grant Thornton Luxembourg is your one-stop place for expert advice combining pragmatism and a unique in-depth knowledge of the Luxembourg market.
-
AML Compliance Services
Grant Thornton Luxembourg helps its Clients to keep compliant with AML-CTF laws and regulations and provide an expert skilled team.
-
Regulatory Reporting Delivery
Grant Thornton Luxembourg has set up a Business Process Outsourcing Solution that manages and mutualises regulatory expertise, reporting solutions and skilled human resources
-
Legal Support & Corporate Services
Grant Thornton Luxembourg delivers Legal Support & Corporate services.
-
Accounting & Reporting Services
Grant Thornton Luxembourg may explore the specific characteristics of your company in order to provide a personalised assistance in the fields of Accounting & Reporting services.
-
Corporate Tax Compliance
Grant Thornton Luxembourg may explore the specific characteristics of your company in order to provide a personalised assistance in the fields of corporate tax compliance.
-
Direct Corporate Tax Advice
Grant Thornton Luxembourg understand the complexity of national and international tax laws. We can unlock your potential for local and international growth.
-
VAT and Other Indirect Tax Compliance
Handling the day-to-day VAT compliance obligations requires being close to your business. Our VAT compliance business line assists you to ensure that long term reporting processes are implemented and respected with the aim of safeguarding a proper and timely VAT filing. This is important for achieving a VAT compliant environment and mitigating local VAT risks.
-
VAT and Other Indirect Tax Advice
Our VAT advisory business line is dedicated to keeping you up to date with amended VAT legislation and changes in the administrative practice in Luxembourg and worldwide with our Grant Thornton global VAT network. Specialists review and comment on new EU directives and the latest case law by the Court of Justice of the European Union in order to provide you with advice tailored to your specific needs.
-
Transaction & Reorganisation
Reorganisations - Transaction Planning - Tax Structuring - M&A. Companies strive to improve their market position with take-overs, mergers and demergers. Strategy and financial tactics are important elements in this respect. Grant Thornton tax specialists may intervene in all stages of the transaction.
-
Transfer Pricing
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public. Grant Thornton Luxembourg can help you manage your transfer pricing risks and find opportunities.
-
Tax - Financial Services & Operational Tax
Our Tax - Financial Services team provides tax advisory services relevant for the Financial Services Industries and Operational Tax assistance. This includes tax advice, automatic exchange of information (FATCA, CRS, DAC 6, DAC 7 and DAC 8), advisory and compliance assistance regarding the US Qualified Intermediary (QI) regime, assistance regarding withholding tax reclaims, investor tax reporting and tax structuring in the context of Islamic finance.
-
Personal Tax
Our experienced multilingual Personal Tax Team is keen to give you tailored solutions, optimise your situation and help you make decisions. We could assist you with: income tax returns, vat returns, tax assessments, contacts with the tax authorities and assistance by tax audit or tax litigation, tax matters advices, inheritance tax matters, international assignments and trainings.
-
Cross-Border Tax
Tax policies are constantly evolving and there are a number of complex changes on the horizon that could significantly affect your business. We can help you with practical advice such as VAT and direct tax.
-
Corporate Finance
Exploring the strategic options available to you as a business or shareholder, advising and project managing the chosen solution, Grant Thornton Luxembourg provide a truly integrated corporate finance offering. Merger & acquisition, buying a business, selling a business, transaction piloting,raising finance to support your business plans.Vendor due diligence, acquisition due diligence, reporting accountant work,operational due diligence, management assessment.
-
Expatriate Tax
Although international employment has become a standard practice in business life, employers and their assignees are still faced with numerous questions in this area. Grant Thornton Luxembourg can help you to be one step ahead.
-
Set-up, Restructuring & Business Planning
Grant Thornton Luxembourg is delighted to add value during the implementation of your businesses and to be given the opportunity to grow together with you. Relying on our professionals’ financial expertise will allow you to take dynamic but sustainable decisions.
-
Corporate Secretarial Services
Grant Thornton Luxembourg provides corporate secretarial services to enable our clients to comply with their legal and administrative obligations in Luxembourg.
-
Liquidation & Insolvency
Grant Thornton Luxembourg can draw on years of experience in the areas of liquidation and insolvency and then make sensible recommendations on how best to deal with your financial crisis.
-
Human Resources Management & Payroll
Grant Thornton Luxembourg has been delivering since 1987 Payroll and Human Resources services to private and institutional clients. A team of highly qualified collaborators manages around 7 000 payslips per month and offers related consulting services.
-
Information Security
Is your organisation resilient to information security threats? Whether you're a large enterprise or a small business, Grant Thornton is committed to providing comprehensive security services tailored to your needs.
-
IT Audit
Grant Thornton internal audit team provides IT audit services as part of your internal audit or as part of any specific IT audit that is required (ad’hoc , assurance reports, external audits).
-
MySmartOffice
Grant Thornton Luxembourg offers a new complete online accounting and consulting solution for SMEs named MySmartOffice to access financial and operational information instantly online.
Common contractual ground: The intersection points
Before delving into what sets DORA apart, it’s valuable to note the commonalities between the two regulatory frameworks:
- Written agreement: Both emphasize the critical need for a written contract that outlines each party's rights and responsibilities.
- Service description: A detailed depiction of the services to be provided is mandatory in both regulations.
- Locations: Both require explicit information about where the services and data storage are located.
- Data security: Security protocols for data, including its integrity and accessibility, are emphasized in both frameworks.
- Performance monitoring: A clause for ongoing scrutiny of the service provider's adherence to performance metrics is required by both.
- Reporting obligations: Service providers are mandated to report any incidents or conditions that may adversely affect the service quality.
- Authority cooperation: Both regulations necessitate cooperation with governing or competent authorities.
- Termination rights: Conditions for terminating agreements are clearly stipulated in both sets.
The DORA difference: Unique contractual features and their value
While both sets of regulations are comprehensive, DORA brings several unique features that add value to its framework.
Exit strategies
In an ever-changing technology landscape, the ability for financial entities to adapt is critical. DORA explicitly mandates the establishment of exit strategies, including a mandatory adequate transition period. This proactive requirement ensures that financial entities have a well-defined plan for reducing the risk of disruptions when changing service providers. It also grants the flexibility to revert to on-premises solutions or switch providers without undue complexity or risk.
ICT incident assistance
DORA stands out in its specific requirement for ICT third-party service providers to assist in case of an ICT incident. This assistance must be provided either at no additional cost or at a cost determined in advance. In today's cyber-threat landscape, where incidents are not a matter of ‘if’ but ‘when’, this provision is invaluable. It assures that during an emergency, the focus will be on problem-solving and recovery rather than negotiating assistance costs.
Involvement of ICT third-party vendors in the financial firms' security awareness initiatives
One of DORA's standout provisions centers on the conditions under which ICT third-party service providers participate in financial entities' ICT security awareness programs. This clause offers multifaceted benefits. Firstly, it ensures that both the financial entity and its ICT provider are on the same page regarding security protocols, thereby reducing potential vulnerabilities and mismatches in system safeguards. Secondly, it fosters a collaborative environment, strengthening the relationship between the two entities, which is crucial for swift and effective response in times of digital threats or operational disruptions. Moreover, this mutual training approach ensures a consistent level of knowledge and skills across the board, reducing the chances of security breaches caused by human error.
Additional contractual requirements related to ICT services
DORA emphasizes several additional key elements for contractual arrangements related to ICT services underpinning critical or important functions:
- Comprehensive descriptions of service levels, inclusive of updates and revisions, containing clear quantitative and qualitative performance goals.
- Notice periods and reporting obligations of the ICT third-party service provider to the financial entity.
- Requirements for the ICT third-party service provider to implement and test business contingency plans.
- The obligation of the ICT third-party service provider to participate and fully cooperate in the financial entity’s TLPT (threat-led penetration testing).
- Exit strategies, emphasizing the need for a compulsory suitable transition timeframe.
Why these unique points matter?
DORA's unique features do more than just supplement existing regulatory requirements; they address areas that are often overlooked but are pivotal in ensuring robust operational standards. Here's a more in-depth look at why these unique points are so valuable.
Enhancing decision-making & reducing complexity
The requirement for well-defined exit strategies not only allows for agility but also enhances decision-making by making the risks and processes clear. It pushes financial entities to consider the entire lifecycle of an outsourcing relationship, from initiation to potential termination. By doing so, it fosters a culture of holistic risk assessment and planning, reducing complexities that often arise during unplanned terminations or transitions. This can save financial entities both time and resources in the long run.
Future-proofing business operations
Exit strategies aren't just for the here and now; they're a form of future-proofing. As technological landscapes evolve and business objectives shift, the capability to change ICT providers with a minimal operational hiccup is invaluable. DORA ensures that financial entities are not locked into technology that may become obsolete, inadequate, or excessively costly. This is particularly relevant in the current era of rapid technological innovation, where committing to a single vendor for an extended period can lead to missed opportunities or create vulnerabilities.
Rapid response and minimized disruption
DORA's insistence on mandatory ICT incident assistance facilitates a rapid and well-coordinated response in crisis situations. When the clock is ticking, and every moment can translate to financial losses or reputational damage, a clear and predetermined plan for crisis management can be a lifesaver. By ensuring that service providers assist promptly and effectively, DORA eliminates possible bottlenecks and enables financial entities to recover more swiftly from ICT incidents.
Shifting the financial burden
In addition, by stipulating that the service provider must assist at no additional cost or at a predetermined cost, DORA shifts part of the financial burden of incident resolution away from the financial entities. This ensures that costs are predictable and helps financial entities better budget for and manage operational risks. It also ensures that financial entities can allocate their resources more efficiently, focusing on their core competencies and strategic initiatives rather than unexpected crises.
Unique contractual features of CSSF Circular 22/806
CSSF Circular 22/806 also has its own unique elements that address some critical areas of concern in outsourcing contracts.
For instance, it explicitly stipulates that the outsourcing agreement must mention the start and end dates, which provides both parties with a clear time-bound framework for their collaboration. The Circular additionally outlines the necessity of defining the parties' financial obligations, making for transparent and predictable financial planning. Perhaps most importantly, it calls for the agreement to specify its governing law, thereby preempting any legal ambiguities that could arise in cross-border relationships. Another noteworthy feature is the provision that service providers should have mandatory insurance against certain risks, specifying the required level of insurance cover. This is particularly useful in mitigating financial risks and ensuring that both parties are adequately protected in case of unforeseen eventualities.
These unique features make CSSF Circular 22/806 a comprehensive regulatory guide that complements DORA in ensuring a secure and stable financial services ecosystem.
Conclusion
CSSF CIRCULAR 22/806 and DORA both offer comprehensive frameworks to navigate the intricacies of outsourcing and third-party services in financial entities. However, DORA goes a step further with its unique provisions for exit strategies and ICT incident assistance. These additions make DORA a particularly robust framework, providing both strategic adaptability and operational resilience for financial entities in a volatile, uncertain, complex, and ambiguous world.
Contact
In any case of questions, please contact our Chief Information Security Officer Sabika Ishaq, or our Senior Information Security Manager, Magdalena Mihalcea.