Luxembourg CSSF guidance on the AML/CFT implications of COVID-19

The CSSF has published on 10 April 2020 its Circular 20/740 on Financial crime and AML/CFT implications during the COVID-19 pandemic (the AML COVID-19 Circular). The AML COVID-19 Circular is to be read together with related guidance on coronavirus issued by EU, international and national authorities and organisations. The purpose of the AML COVID-19 Circular is to provide guidance to all professionals subject to the supervision of the CSSF in relation to the money laundering and terrorism financing (ML/TF) risks and AML/CFT implications of the coronavirus pandemic.

The CSSF emphasises that criminals and terrorists may seek to exploit temporary weaknesses in AML/CFT controls created by the COVID-19 crisis. Supervised professionals are therefore required to continue to put in place and maintain effective systems and controls to ensure that the Luxembourg’s financial system is not abused for ML/TF purposes.

In brief:

In its AML COVID-19 Circular, the CSSF provides guidance on:

(A) New and emerging ML/TF threats resulting from COVID-19

The AML COVID-19 Circular outlines 6 main threats that have arisen from the COVID-19 pandemic and that represent a significant operational and business risk for financial institutions. These are:

• cybercrime;
• fraud;
• corruption related to government support scheme;
• trafficking in counterfeit medicines;
• theft; and
• insider trading and market manipulation.

The AML COVID-19 Circular highlights that the changes to work practices put in place to allow for social distancing have significantly increased the risks related to cybercrimes and frauds for financial institutions. These can for example take the form of phishing and email scams campaign and CEO and Business E-Mail Compromise (BEC) fraud. The CSSF also insists on the increasing threats of market abuse that are particularly relevant for issuers of securities.

(B) Areas of particular vulnerability for the financial sector

The AML COVID-19 Circular identifies the following 6 areas of the financial sector that may be exploited by emerging ML/TF threats and for which professionals should remain vigilant:

• online payment services;
• clients in financial distress;
• mortgages and other forms of collateralised lending;
• credit backed by government guarantees;
• distressed investment products; and
• delivery of aid through non-profit organisations.

The economic impact of the COVID-19 crisis has indeed created new opportunities for criminals to exploit clients of supervised professionals in financial distress. The social distancing rules have also increased the use of online payment services that facilitate the transfer and concealing of funds of illicit origin.

(C) Mitigating actions

The following 5 areas require particular attention for supervised professionals:

• AML/CFT business continuity;
• transaction monitoring;
• customer due diligence (CDD);
• ML/TF risk assessment; and
• cooperation with authorities.

With respect in particular to CDD, professionals are encouraged to consider how the CDD measures required under the 2004 AML/CFT Law ¹ can be strengthened to mitigate the impact of lack of physical contacts with customers. The CSSF encourages the use of financial technology to manage the CDD issues created by the COVID-19 crisis and professionals are invited to consult the Financial Action Task Force (FATF)’s Guidance on Digital ID ² for mitigating ML/CT risks. Remote customer verification by electronic means is also in line with the recent law implementing AML5 ³. The AML COVID-19 Circular also provides for other mitigating measures that may include: (i) the collection of additional documents, (ii) the certification of documents, (iii) the reliance on a third party having already identified the customer, and (iv) the check by means of a first transfer of funds from a bank account in the name of the customer with a credit institution established in Luxembourg, in the European-Union, or in any other country respecting equivalent AML/CFT obligations and being supervised for that purpose.

The CSSF also emphasises that professionals should take a dynamic approach to ML/TF risk assessments, specifically at the product or business unit level, by amongst others (i) identifying and assessing the risks of specific ML/TF arising from COVID-19 which relate to their specific business model, (ii) implementing additional mitigating measures to combat these risks, and (iii) communicating these risks across their organisation. Ensuring staff is regularly trained and that internal policies are kept up-to-date is key.

(D) the AML/CFT approach of the CSSF during this pandemic period

Finally, the CSSF reminds that during the COVID-19 pandemic, it will continue its AML/CFT supervisory activities and remain fully operational and deeply committed to combatting ML/TF. AML/CFT on-site inspections that have already started before the crisis will be completed and the CSSF will also start inspections on a remote basis during this period. Off-site supervisory activities by the CSSF are also continuing. Therefore, despite the FATF’s publication of a report assessing Luxembourg's performance on combating money laundering being postponed due to COVID-19, the industry should continue to ensure obligations are fully complied with.

Hence, supervised professionals are invited to strengthen measures to be taken to remain compliant with their AML/CFT obligations and read thoroughly the AML COVID-19 Circular and other guidance issued by the CSSF on this topic.

See our coronavirus (COVID-19) feature for more information generally on the possible legal implications of COVID-19.

¹ Luxembourg law of 12 November 2004 on the fight against money laundering and terrorist financing.
² Financial Action Task Force, Guidance on Digital ID, March 2020.
³Luxembourg law of 25 March 2020 implementing Directive (EU) 2018/843) on the prevention of the use of the financial system for the purposes of money laundering or terrorism financing.