On 7 December 2020, the CSSF published significant updates to CSSF Circular 12/552 on central administration, internal governance and risk management which will enter into force on 1st January 2021. This circular is a cornerstone of Luxembourg bank regulation and contains key requirements applying to the organisation and activities of credit institutions.

One key change is that the requirements for credit institutions and investment firms will no longer be the same:

  • the scope of CSSF circular 12/552 has been restricted to credit institutions (and for certain aspects to professionals of the financial sector performing lending operations to the public);
  • a new circular with simplified requirements has been introduced for investment firms, i.e. CSSF circular 20/758 together with a new prudential procedure for the appointment of key function holders, specifically for investment firms.

One of the main reasons for the update of CSSF Circular 12/552 is to ensure that it is aligned with several recent EBA Guidelines1 . It is worth noting that some of the recent EBA Guidelines have, however, not yet been reflected therein, such as the EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02).

It is also worth noting that some requirements only confirm existing regulatory practices and are thus not new but have now been expressly spelled out.

Please find below a summary of the key changes for credit institutions and an overview of the simplification of the requirements for investment firms.

In terms of impact on your institution, you will need to verify (i) if the governance structure and internal organisation of your institution is aligned with the new requirements, (ii) if all newly required approvals of the supervisory body and authorised management have been issued, and (iii) especially if all newly required policies and procedures have already been adopted and are aligned with the new requirements on their mandatory contents or else adopt and/or align such policies and procedures.

Our legal experts and operational consultants of Arendt & Medernach, Arendt Regulatory Consulting and Arendt Business Advisory are at your disposal to assist with such exercise.

Changes to CSSF Circular 12/552 for credit institutions

The main changes introduced into the CSSF Circular 12/552 are the following:

  1. The scope of the requirements has been extended to financial holding companies and mixed financial holding companies.
  2. As regards the principle of proportionality, which in summary allows non-complex or smaller institutions not to apply certain requirements, additional guidance has been provided, including:
    • a more precise listing of elements to be taken into account when determining if the principle of proportionality may apply;
    • linking the application of the principle of proportionality in certain cases to the concept of systemic institution;
    • additional guidance on the application of the principle of proportionality in relation to the organisation of internal control functions (e.g. one person heading two functions); and
    • the requirement for the supervisory body of the institution to formally approve the conclusions of any proportionality assessment.
  3. As regards the area of risk management, several new elements were introduced, including:
    • a specification that the internal governance system shall include a clear process for risk taking, including a risk appetite formally and precisely defined in all areas of activities, a rigorous decision taking process, and quality and limits analysis. The risk appetite must be approved by the supervisory body;
    • a specification that in institutions of significant importance, the CRO is in principle a member of the authorised management and more generally increased rights of the CRO to challenge decisions of the authorised management.;
    • new specifications on the mandatory contents of the risk policy;
    • specific guidance on concentration risk and credit risk (in particular on exposures of particularly high risks and non-performing and restructured exposures);
    • specific guidance on the management of risk in case of use of sub-custodians, including the requirement to adopt a policy on the selection of sub-custodians, the obligation to perform an initial due diligence and ongoing monitoring of subcustodians and the obligation to perform regular reconciliations.


1 The following EBA Guidelines have now been reflected in CSSF circular 12/552:

" EBA Guidelines on internal governance (EBA/GL/2017/11)

" Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders (EBA/GL/2017/12)

" EBA Guidelines on the application of the definition of default under Article 178 of Regulation (EU) No 575/2013 (EBA/GL/2016/07)

" EBA Guidelines on specification of types of exposures to be associated with high risk (EBA/GL/2019/01),

" EBA Guidelines on the management of interest rate risk arising from non-trading book activities (EBA/GL/2018/02)

" EBA Guidelines on corrections to modified duration for debt instruments under the second subparagraph of Article 340(3) of Regulation (EU) 575/2013 (EBA/GL/2016/09).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.