The CSSF has recently reiterated a key message for all supervised entities: if a major ICT-related incident occurs, it must be reported—promptly and without exception.
The Commission de Surveillance du Secteur Financier (CSSF) has issued two Circulars — CSSF 25/893 and CSSF 25/892 — that reinforce Luxembourg’s commitment to implementing the Digital Operational Resilience Act (DORA). These circulars provide a comprehensive regulatory framework for ICT-related incident classification and reporting, as well as for estimating the financial impact of such incidents. Branches in Luxembourg of financial entities whose head office is based in another EU Member State (EU branches) are expected to report major ICT-related incidents, significant cyber threats and their estimations to the competent authority of their home Member State under DORA. As such, they are excluded from the scope of these circulars.
Grant Thornton Luxembourg, in association with several Grant Thornton member firms in Europe are once again launching a study aimed at establishing an overview of the DPO function (Data Protection Officer) in the main countries of the European Union.
Stay Ahead of Luxembourg Tax Compliance. Take control of your tax obligations and discover new opportunities. Discover our online calendar tool and contact our tax experts to take the first step towards seamless tax compliance.
Our specialised training program is designed to enhance your cybersecurity and risk management practices while ensuring regulatory compliance. Contact us
The three European Supervisory Authorities (EBA, EIOPA, and ESMA, collectively known as the ESAs) have unveiled the second batch of policy products under the Digital Operational Resilience Act (DORA). This latest release comprises four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines, all designed to bolster the digital operational resilience of the European Union’s financial sector.
The Corporate Sustainability Due Diligence Directive (CSDDD) has been published in the Official Journal of the European Union, marking a major advancement in promoting sustainable business practices across Europe.
The CSSF and the CAA are authorised to impose administrative sanctions and measures for violations of specific articles of the EU regulation 2022/2554. These sanctions can be applied to both individuals and organisations, including directors and responsible persons within the entities.
In a significant development for corporate responsibility, the Council of the European Union approved the Corporate Sustainability Due Diligence Directive on the 24th of May 2024, marking the culmination of its adoption process. This directive mandates large corporations to address the adverse impacts of their activities on human rights and the environment, backed by stringent penalties for any failure to comply. Significantly, this holistic framework does not just target the primary companies but also ensures that accountability is fostered through their subsidiaries and business associates across the entire value chain.
On 14 May 2024, the European Securities and Markets Authority (ESMA) issued its Final Report on Guidelines for funds' names, following its Public Statement on the matter released on 14 December 2023. These guidelines, applicable to various types of investment fund managers (IFMs), aim to clarify when the use of ESG or sustainability-related terms in fund names could be considered misleading. The Commission de Surveillance du Secteur Financier (CSSF) emphasizes that the Guidelines apply to IFMs overseeing UCITS or AIFs, regardless of their disclosure category under Articles 6, 8, or 9 of the Sustainable Finance Disclosure Regulation (SFDR). Therefore, IFMs are required to conduct a self-assessment to determine the relevance of the Guidelines to the products they manage and to ensure that fund names comply with these Guidelines.
Amidst the global challenges posed by climate change, financial institutions and regulatory bodies are progressively acknowledging the significance of incorporating sustainability principles into their operations. Considering this mounting necessity, the Commission de Surveillance du Secteur Financier (CSSF) in Luxembourg has recently revised its supervisory focus on sustainable finance. This move underscores the CSSF’s dedication to fostering a financial sector that is both environmentally conscious and socially responsible. It builds upon their earlier communication of priorities in April 2023
As the deadline for compliance with Circular CSSF 24/847 on ICT-related incident reporting framework rapidly approaches, financial institutions are facing mounting pressure to ensure their systems are up to standard. With the 1st of April deadline just around the corner, it's imperative for organisations to act swiftly to avoid potential penalties and reputational damage.
Circular CSSF 24/847 introduces a comprehensive framework for reporting ICT-related incidents in the financial sector. The aim is to gain a more detailed understanding of the nature, frequency, significance, and impact of such incidents within the context of a highly interconnected global financial system. The circular addresses the evolving ICT and security risks by expanding the incident coverage and introducing a structured reporting mechanism.
The European Central Bank ("ECB"), on July 24th, announced a public consultation on Guide on effective Risk Data Aggregation and Risk Reporting (“RDARR”). The consultation is opened until October 6th and the ECB invites comments from Banks and other stakeholders on effective Risk Data Aggregation and Risk Reporting.
As the world grapples with the impacts of climate change, financial institutions and regulatory bodies increasingly recognise the importance of integrating sustainability into their operations. In response to this growing need, Luxembourg's Commission de Surveillance du Secteur Financier (CSSF) has recently outlined its supervisory priorities in sustainable finance, demonstrating its commitment to shaping a more environmentally and socially responsible financial sector.
On the 11th of January 2023, the World Economic Forum published its 2023 Global Risk Report. The result of an extensive survey of experts across academia, business, government, the international community and civil society, this report highlights the most pressing risk the world faces both in the short-term, over the next two years, and the long-term, over the next ten years.