11.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for banks?
Luxembourg follows the Financial Action Task Force recommendations, implemented in the European legal framework by Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, as amended (AMLD 4), as amended by Directive (EU) 2018/843 (AMLD 5) and Directive (EU) 2018/1673 (AMLD 6).
AMLD 4 has been implemented in Luxembourg by the law of 12 November 2004 on the fight against money laundering and terrorist financing (AML/CTF), as amended ('AML Law'). The specific requirements (eg, the types of information or documentation that must be requested by banks in order to identify customers) are detailed in grand-ducal regulations, Commission de Surveillance du Secteur Financier (CSSF) regulations and CSSF circulars. Two of the most important texts in this respect are the Grand-Ducal Regulation of 1 February 2010 providing details on certain provisions of the amended law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended; and CSSF Regulation 12-02 of 14 December 2012 on the fight against money laundering and terrorist financing
Credit institutions are 'professionals' within the meaning of the AML Law, and must in particular:
- identify each customer and verify its identity on the basis of documents, data or information obtained from a reliable and independent source;
- identify the beneficial owner and take measures to verify his or her identity;
- take measures to understand the ownership and control structure of each customer;
- assess and, to the extent appropriate, obtain information on the purpose and the intended nature of the business relationship;
- conduct ongoing due diligence of the business relationship to ensure that the transactions being conducted are consistent with the credit institution's knowledge of each customer, its business and its risk profile; and
- ensure that the documents, data and information held are kept up to date.
One important characteristic of the current AML/CTF regime is the requirement for professionals to adopt a risk-based approach in order to determine the extent of the measures they are applying to ensure compliance with the AML/CTF requirements.
A register of beneficial owners (Registre des bénéficiaires effectifs (RBE)) has been introduced in Luxembourg further to the law of 13 January 2019 creating a register of beneficial owners and implementing Article 30 of AMLD 4 ('UBO Law'). The UBO Law obliges entities registered with the Luxembourg trade and companies register (RCS) to provide the RBE with certain information concerning their ultimate beneficial owner(s) and to provide such information to professionals in the context of the performance of their customer due diligence obligations under the AML Law. The requirement to provide information with respect to beneficial owners to the RBE also applies to credit institutions, which are registered with the RCS.
On 20 December 2019, the CSSF published Circular 19/732 concerning clarifications on the identification and verification of the identity of the ultimate beneficial owners in order to provide guidance to all professionals subject to AML/CTF obligations on the practical implementation of the identification requirements of the ultimate beneficial owner(s), as well as on the reasonable measures that should be taken to verify their identity.
11.2 Does banking secrecy apply in your jurisdiction?
Yes. Pursuant to Article 41 of the Law of 5 April 1993 on the financial sector, as amended ('Banking Act'), natural and legal persons subject to the prudential supervision of the CSSF or established in Luxembourg and subject to the supervision of the European Central Bank or a foreign supervisory authority for the exercise of an activity referred to in the Banking Act, as well as members of the management body, directors, employees and any other persons working for these natural or legal persons, shall keep secret all information entrusted to them in the context of their professional activity or their mandate. The disclosure of such information is punishable, under Article 458 of the Luxembourg Criminal Code, by a prison term of between eight days and six months and a fine of between €500 and €5,000.
There are a number of exceptions to the secrecy requirement. This is the case, for instance, where the revelation of information is required or authorised by applicable law, or where information must be provided to national, European or international supervision or resolution authorities, subject to certain conditions.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.