AML Guidelines 2021

| guidelines
REVIEWED PRACTICES AND

RECOMMENDATIONS AIMED
AT REDUCING THE RISK
OF MONEY LAUNDERING AND
TERRORIST FINANCING IN THE
LUXEMBOURG FUND INDUSTRY
May 2021
in association with
Important
This document was prepared by the of publication. It is worth noting that during
ALFI Anti-Money Laundering Working the drafting process ALFI submitted a number
Group jointly with ABBL, ALCO, LPEA and of questions for discussion and common
LuxReal. The working group comprises of understanding to the CSSF AML Experts
representatives of asset managers, management Working Group.
companies, securities service firms, audit firms
and law firms. Generally, this document may be amended
without prior notice to incorporate new
The Reviewed Practices and Recommendations material and to amend previously published
present the working group’s interpretation and material where the working group considers
understanding of the anti-money laundering it appropriate. ALFI strives to update this
and counter terrorist financing framework document to the best of its endeavours but is
for the securities sector in Luxembourg. not legally bound to do so.
These guidelines have not been validated by
any regulator. It is the responsibility of each Readers are hereby informed that this
stakeholder to comply with applicable rules publication is for the exclusive use of ALFI
on the fight against money laundering and members. No part of this publication may be
terrorist financing. This document must not be reproduced or transmitted, in any form or
relied upon as advice and is provided without by any means, to non-members without the
any warranty of any kind and neither the written and prior consent of ALFI.
participating associations nor their members
who contributed to this document accept any ALFI members are welcome to submit a
liability whatsoever for any action taken in question. Please send your questions to
reliance upon it. UCIs and Professionals should info@alfi.lu.
refer to their legal advisor for all general advice
on AML and CTF matters. This document is May 2021
drafted on the basis of rules in force at the time © 2021 ALFI. All rights reserved.
2
Table of contents
I. Glossary 4
II. Preamble – The AML/CTF regulatory framework 7
Section I – AML/CTF framework and risk 8
III. AML/CTF responsibilities 8

A.1. The initiator 8
A.2. The investment fund manager (“IFM”) 9
A.2.1. The management company 9
A.2.2. The AIFM 9
A.3. The Registrar and Transfer Agent 10
A.4. The portfolio manager 10
A.5. Intermediaries 10
A.5.1. (Global) Distributors 11
A.6. The depositary 11
A.7. The domiciliation agent of the fund 11
A.8. Outsourcing of AML/CTF controls 11
IV. Persons responsible for AML/CTF compliance 12

A.1. UCIs 12
A.2. IFMs 12
V. Oversight obligations 13
A.1. Initial due diligence 13
A.2. Ongoing monitoring and ongoing due diligence 13
VI. ML/TF risk appetite and risk assessment 13

A.1. ML/TF risk appetite 13
A.2. ML/TF Risk Assessment 13
A.2.1. Product, services and transactions risk 14
A.2.2. Customer/investor risk 15
A.2.3. Delivery (Distribution) channel risk 15
A.2.4. Geographical risk 16
A.2.5. Other ML/TF risk factors 16
Section II – The application of the risk-based approach 17
VII. Due diligence on the liability side 17

A.1. Who is the customer of the UCI? 17
A.2. Different customer types 17
A.2.1. Intermediaries 17
A.2.2. Third-Party Introducer relationship 19
A.3. Application of the AML/CTF due diligence 19
A.3.1.(a). Customer identification 20
A.3.1.(b). Name screening - Politically Exposed Persons 20
A.3.1.(c). Name screening – TFS 20
A.3.1.(d). Transaction monitoring 21
VIII. Due diligence on the asset side 21

A.1. Asset types 22
A.1.1. Asset classification and required due diligence 22
A.2. Guidance for due diligence 23
A.2.1. Private equity 24
A.2.1.(a). Real estate 24
A.2.1.(b). Tangible assets 25
A.2.1.(c). Private debt/loan 25
3
I. Glossary
2013 Law Law of 12 July 2013 on alternative investment fund managers, as
amended
2010 Law Law of 17 December 2010 relating to undertakings for collective

investment, as amended
AED Administration de l’enregistrement, des domaines et de la

TVA
AIFM Alternative Investment Fund Manager, within the meaning of

the 2013 Law
AML Anti-money laundering
AML/CTF GDR Grand-ducal regulation of 1 February 2010 providing details on

certain provisions of the amended law of 12 November 2004 on
the fight against money laundering and terrorist financing, as
amended
AML/CTF Law Law of 12 November 2004 on the fight against money

laundering and terrorist financing, as amended
Beneficial Owner Any natural person(s) who ultimately own(s) or control(s)

the legal entity or any natural person(s) on whose behalf a
transaction or activity is being conducted, within the meaning of
Article 1(7) of the AML/CTF Law.
Business Relationship Professional or commercial relationship which is connected with

the professional activities of the UCI and which is expected, at
the time when the contact is established, to have an element of
duration
CDD Customer due diligence
CSSF Commission de Surveillance du Secteur Financier
CSSF Regulation 12-02 CSSF Regulation No. 12-02 of 14 December 2012 on the fight
against money laundering and terrorist financing, as amended
CTF Counter Terrorist Financing
Customer Natural or legal person with whom a business relationship exists

or for whom an occasional transaction is carried out within
the meaning of point (b) of Article 3(1) of the AML/CTF Law,
including persons purporting to act on behalf of the customer.
As regards UCIs, the notion of customer encompasses the notion
of investor registered in the investment fund register
ESAs The three European Supervisory Authorities (ESAs): the

European Banking Authority (EBA), the European Insurance and
Occupational Pensions Authority (EIOPA) and the European
Securities and Markets Authority (ESMA)
4
ESAs Joint Guidelines The Risk Factors Guidelines published by ESAs on 26 June, 2017
(JC 2017 37), as amended by the EBA Risk Factors Guidelines of
March 1, 2021 (EBA/GL/2021/02)
EU European Union
FATF Financial Action Task Force on Anti-Money Laundering and

Counter Terrorist Financing
FIU The Luxembourg Financial Intelligence Unit (the Cellule de

Renseignement Financier)
GoAML The online portal which is to be used to make declarations

of suspicious activities or transactions in Luxembourg. This
system allows the reporting in a standardised format to the
FIU. Professionals (including UCIs and IFMs) must report
without delay to the FIU when they are aware, suspect or have
reasonable grounds to suspect that money laundering, an
associated predicate offence or terrorist financing is happening
or has been committed or attempted, regardless of the amount
involved.
IFM Investment fund managers, including management companies

set up under Chapter 15 and 16 of the 2010 Law, Alternative
Investment Fund Managers within the meaning of the 2013
Law, self-managed investment companies and Luxembourg
branches of foreign IFMs established and providing services in
Luxembourg
KYC Know your customer
ML/TF Money laundering and terrorist financing
PF Proliferation financing – act of providing funds or financial

services which are used, in whole or in part, for the manufacture,
acquisition, possession, development, export, transshipment,
brokering, transport, transfer, stockpiling or use of nuclear,
chemical or biological weapons of mass destruction
Politically Exposed Person Natural person who is or has been entrusted with a prominent
(PEP) public function and including family members or persons known
to be close associates of such person. Reference is made to the
definitions provided in Articles 1(9) to (12) of the AML/CTF Law
Professional Any person regulated in Luxembourg for AML/CTF purposes as

per Article 2 of the AML/CTF Law
Regulations and Standards The AML/CTF laws, regulations, circulars and guidelines
applicable in Luxembourg, as further detailed in Section II below
5
RC The compliance officer (i.e. the responsable du contrôle du
respect des obligations) at appropriate hierarchical level, for
the purpose of Article 4(1) para. (a) of the AML/CTF Law
RR The person responsible for the fight against ML/TF at

the management level (i.e. the responsable du respect
des obligations) for the purpose of Article 4(1), fourth
subparagraph of the AML/CTF Law
RAIF Luxembourg Reserved Alternative Investment Fund
SAR Suspicious activity report
STR Suspicious transaction report
Third-Party Introducer A third-party introducer within the meaning of Article 3-3(1) of

the AML/CTF Law
TFS Targeted financial sanctions – covering both asset freezing and

prohibitions to prevent funds or other assets from being made
available, directly or indirectly, for the benefit of designated
states, persons, entities and groups
UCITS Undertaking for Collective Investment inTransferrable Securities,

within the meaning of the 2010 Law
Undertaking for Collective Undertaking for collective investment, investment company

Investment (UCI) or investment fund set up under the relevant applicable
Luxembourg law and/or established in Luxembourg
Please note that any terms used in these Practices and Recommendations which have not been
defined in the above glossary have the meaning defined in the Regulations and Standards. More
detailed definitions of those terms are available within the applicable laws and regulations.
6
II. Preamble – The This document aims to provide best practices ■ Other circulars on the fight against
AML/CTF regulatory and recommendations on the fight against money laundering and terrorist financing
framework money laundering and terrorist financing to published on the CSSF website:
the investment fund industry in Luxembourg. www.cssf.lu, including (non-exhaustive
It has been drafted on the basis of applicable lists):
EU directives and regulations, Luxembourg ○ CSSF Circular communicating FATF
laws, Grand-ducal regulation, regulations, statements on 1) high-risk jurisdictions
circulars and guidelines issued by Luxembourg on which enhanced due diligence and,
competent authorities, as well as international where appropriate, countermeasures
standards, including but not limited to FATF are imposed, and 2) jurisdictions under
recommendations and guidance (see list below, increased monitoring of the FATF, as
generically referred to as “Regulations and repealed and replaced from time to
Standards”). This document provides practical time;
guidance as a complement to the existing legal ○ CSSF Circular 18/698: Authorization
and regulatory framework in place to prevent and organization of investment
money laundering and terrorist financing fund managers incorporated under
and should be read in conjunction with the Luxembourg law (including specific
Regulations and Standards. provisions on the fight against money
laundering and terrorist financing
Non-exhaustive list of the key Regulations and applicable to investment fund managers
Standards taken into consideration: and entities carrying out the activity of
registrar agent);
■ Directive 2015/849/EU of the European ○ CSSF Circular 17/650: Providing details
Parliament and Council of 20 May on certain provisions of the AML/CTF
2015 on the prevention of the use of the Law and AML/CTF GDR to predicate
financial system for the purposes of money tax offences, as complemented by
laundering or terrorist financing, and CSSF Circular 20/744 highlighting
Directive 2018/843/EU of the European in particular red flag indicators that
Parliament and of the Council of 30 May warrant specific attention for the UCI
2018 amending Directive (EU) 2015/849 sector;
on the prevention of the use of the ○ CSSF Circular 17/661: Adoption of the
financial system for the purposes of money ESAs’ Joint Guidelines;
laundering or terrorist financing; ○ CSSF Circular 19/732: Prevention
■ FATF Guidance for A Risk-Based of Money Laundering and Terrorist
Approach: Securities Sector (Dated Financing: Clarifications on the
October 2018); Identification and Verification of the
■ Law of 12 November 2004 on the fight Identity of the Ultimate Beneficial
against money laundering and terrorist Owner(s);
financing, as amended (“AML/CTF ○ CSSF Circular 11/529: Risk analysis
Law”); regarding the fight against money
■ Grand-ducal regulation of 1 February laundering and terrorist financing
2010 providing details on certain (AML/CTF);
provisions of the amended law of ■ Guidelines and documents on AML/CTF
12 November 2004 on the fight against topics issued by the FIU can be found on
money laundering and terrorist financing, https://justice.public.lu/fr/organisation-
as amended (“AML/CTF GDR”); justice/crf.html;
■ Law of 19 December 2020 implementing ■ Other documents and information on
financial restrictive measures and related the fight against money laundering and
implementing Grand-ducal regulation; terrorist financing published in relation to
■ CSSF regulation No.12-02 of 14 RAIFs can be found on https://pfi.public.
December 2012 on the fight against money lu/fr/blanchiment/questionnaire/vehicules-
laundering and terrorist financing, as financier-non-regules/rr-rc-identification.
amended (including via CSSF Regulation html
20-05);
7
Section I – AML/CTF framework and risk
III. AML/CTF As a key principle, it is the responsibility of The due diligence should at least cover the
responsibilities the IFMs (as defined under A.2 below) and the following AML/CTF measures and may be
UCIs, as professionals (hereafter “Responsible subject to additional considerations:
Entity”), to develop and maintain an
effective and well documented AML/CTF ■ An initial and ongoing screening of the
programme which complies with the applicable Professionals against targeted financial
Regulations and Standards and which is sanctions (“TFS”) lists and including a
commensurate to its money laundering and reputational risk assessment;
terrorist financing (“ML/TF”) risk appetite ■ The identification of the Professionals (and
and risk assessment. Whilst the Responsible of their Beneficial Owners); and
Entity may rely on third parties, including ■ An initial and ongoing assessment of the
Professionals to fulfil its AML/CTF obligations, relevant Professionals’ policies, controls
the practical arrangements for the performance and procedures including AML/CTF
of such obligations must be formalised in procedures.
writing with details on the respective roles and
responsibilities of the third parties involved to A general description of the main Professionals
ensure compliance with its obligations. which may be involved in the life cycle of the
UCI/IFM and which may be subject to AML
Several categories of Professionals may inter and CTF due diligence obligations are provided
alia intervene within the term of a UCI/IFM below.
and more than one of them may assist the
Responsible Entity to fulfil its AML/CTF It must be noted that other professionals/firms
obligations. In the latter case, it is understood also play a role in the UCI business activities,
that the ultimate responsibility remains with such as external auditors, lawyers or notaries,
the Responsible Entity. and may be potentially subject to a different
AML/CTF regulatory regime.
Professionals must comply with their own
obligations under the AML/CTF Law, starting A.1. The initiator
with the definition of their own risk appetite The entity or person at the origin of a UCI is
and risk assessment (which should take into generally referred to in Luxembourg as the
account the relevant national, supranational “initiator” of a UCI (for UCITS also often
and subsector risk assessments) and going referred to as the “promoter”). The initiator
through the implementation of an appropriate is not a legally defined term, but is referred to
AML/CTF framework, including – but not in CSSF Regulation 12-02 as the “[promoter]
limited to – measures related to the ongoing who launched an investment fund”, i.e. the
monitoring and cooperation with the public (natural or legal) person who initiates the
authorities. The AML/CTF risk appetite, establishment and defines the purpose of
assessment, policies and procedures – the UCI, and is the driving force behind its
including the application of the risk-based creation.
approach – must be formalised in writing by
each Responsible Entity. The initiator may be further involved in the
business activities as the investment fund
Professionals shall perform their own due manager (including non-Luxembourg entities),
diligence to ensure that the risks of money investment adviser, portfolio manager, or
laundering and terrorist financing linked to distributor and as such appear on documents
the services provided to or for the Responsible published by the UCI. Alternatively, the
Entity are identified, assessed, understood and Initiator could be a shareholder or act as
controlled accordingly. member of the board of the investment
fund manager (including non-Luxembourg
Similarly, the Responsible Entity must perform entities) of the UCI, or be the general partner
its own risk-based due diligence before entering in the case of UCIs established in the form of
into a business relationship with third parties, partnerships.
including as the case may be Professionals
assisting it to fulfil its AML/CTF obligations.
8
A.2. T
he investment fund manager at a frequency determined according to the
(“IFM”) risks to which the IFM is exposed and at least
every time the relevant obligations change.
Every IFM, as defined above is subject to the
laws and regulations in force regarding the The IFM must implement due diligence
fight against money laundering and terrorist measures, in particular on customers (including
financing, including the AML/CTF Law, the UCIs under management), initiators of
CSSF Regulation 12-02, as amended and the UCIs and portfolio managers to whom it
CSSF circulars on AML/CTF. In addition, delegates the management. The IFM must
every IFM is also subject to the Law of 19 implement due diligence measures which
December 2020 implementing financial are adapted to ML/TF risks which may
restrictive measures which, amongst other arise from the UCIs/discretionary clients it
things, implements United Nations Security manages as well as the assets. The IFM must
Council resolutions as well as acts adopted by also implement due diligence measures on a
the European Union concerning prohibitions risk-based approach on other counterparties,
and restrictive measures in financial matters in including counterparties to which it delegates
respect of certain persons, entities and groups AML/CTF related tasks.
in the context of the combat against terrorist
financing, as well as to Articles 33(1) and 39(1) Any reference to IFM below shall encompass
of CSSF Regulation 12-02 on the obligation of the two situations hereafter.
ongoing due diligence in this context.
A.2.1. The management company
In addition, EU regulations directly applicable
in national law or via the adoption of A management company (subject to Chapter
ministerial regulations also apply to every IFM. 15 of the 2010 Law) may be either appointed
by an incorporated UCITS or, in the case of
The IFM must be organised so as to take an unincorporated UCITS (i.e. fonds commun
into account and apply the new laws and de placement), it represents the UCITS. In the
regulations on this subject as soon as they latter case, the management company acts in
become applicable. the name and on behalf of the UCITS.
The IFM is also recommended to follow the The management company may also act as
publications of the FATF on these subjects, portfolio manager, registrar and transfer
including those related to financial sanctions agent, global distributor and/or appoint other
relating to terrorist financing and those relating distributors or delegates such tasks to third
to the prevention, suppression and disruption parties.
of proliferation of weapons of mass destruction
and its financing. Management companies subject to Chapter
15 or Chapter 16 of the 2010 Law must also
The IFM must take appropriate measures comply with the Regulations and Standards.
to identify and assess ML/TF risks to which
it is exposed by taking into account the risk A.2.2. The AIFM
factors, including, amongst others, those
linked to customers (including the UCIs under Each UCI established in Luxembourg and
management), countries and geographical qualifying as an alternative investment fund
areas, products, services, transactions and within the scope of the 2013 Law must appoint
delivery channels. The IFM must take effective a single AIFM. The AIFM can be either:
measures to mitigate these risks.
■ The UCI itself, being then internally
The professional obligations laid down managed (possible with a UCI in the form
in the Regulations and Standards must be of a corporate entity);
implemented effectively by every IFM. ■ The entity managing and acting on behalf
of the UCI, being then externally managed
Compliance with these obligations must be (possible with a UCI in the form of a
subject to regular monitoring and verifications
9
corporate partnership, limited partnership A Registrar and Transfer Agent shall ensure
or common fund); that the Responsible Entity has implemented
■ An entity designated as such by the UCI adequate AML/CTF policies and procedures to
or by the entity managing and acting on effectively discharge its obligations.
behalf of the UCI, being then externally
managed (possible with all forms of UCI). The Responsible Entity shall ensure that the
relating written arrangements include detailed
The AIFM is responsible for the core functions clauses specifying the roles and responsibilities
relating to the UCI set out in the 2013 Law as of each party. The Responsible Entity shall
well as any additional managing or ancillary also ensure that the contract allows to have
functions relating to the UCI that have been access to any information necessary for the
contractually agreed upon as permitted under performance of its (ongoing) monitoring
the 2013 Law. function in respect of the registrar and transfer
agent, and notably grants the Responsible
The AIFM may also act as portfolio manager, Entity and the CSSF access to relevant
registrar and transfer agent, global distributor databases of the registrar and transfer agent
and/or appoint other distributors, or delegates (or relevant sub-delegate).
such tasks to other third parties.
The fact that the Registrar and Transfer Agent
AIFMs must comply with the Regulations and is considered, pursuant to the outsourcing
Standards. contract, as part of the investment fund and/
or IFM does not exempt it from its own AML/
A.3. The Registrar and Transfer Agent CTF obligations. As a result, in cases where the
A Responsible Entity (i.e. the UCI or the IFM, Responsible Entity has delegated the CDD on
where the UCI appointed the IFM for the the UCI’s investors to another service provider
central administration function) may appoint or distributor, the Registrar and Transfer Agent
an external Registrar and Transfer Agent for must receive detailed information as to which
the purpose of maintaining the share register tasks are delegated and must ensure that such
and perform the AML/CTF controls on the delegation is carried out in compliance with
investors on behalf of the Responsible Entity, AML/CTF Luxembourg rules.
with the Responsible Entity maintaining
ultimate responsibility for this process. A.4. The portfolio manager
When the Responsible Entity appoints a
It is understood that the Registrar and Transfer portfolio manager to perform the investment
Agent must comply with its own obligations management activities, it takes and handles the
under the Regulations and Standards, including investment decisions of the UCI in accordance
but not limited to the identification of the UCI with the constitutive documents of the UCI
and its Beneficial Owners (and the relevant and with the provisions of the relevant
verification on a risk-based approach) and agreement appointing the portfolio manager.
cooperate with the competent authorities. The portfolio manager undertakes such
investment decisions under the oversight of the
Due to the fact that the Registrar and Transfer Responsible Entity.
Agent, as part of its services offered to the
UCI, will manage the names of the UCI The AML/CTF controls on the assets of the
investors who are recorded in the UCI register, respective UCI may also be delegated to the
the Registrar and Transfer Agent is usually portfolio manager.
required to perform regular name screening
against TFS/PF lists, PEP databases and adverse A.5. Intermediaries
media applying a risk-based approach, and is The Responsible Entity might interact with
also typically appointed to perform transaction intermediaries which are either investing
monitoring and ongoing due diligence on the on behalf of their customers or act as a
investors. transaction conduit for the participants
of their services (e.g. “platforms”). Those
intermediaries might not necessarily act as
10
distributors but play a key role in the AML/ A.8. Outsourcing of AML/CTF controls
CTF process as they contractually represent
their customers/underlying investors. Any Professional that falls under the scope of
the AML/CTF Law may use external parties to
It must be noted that intermediaries such as carry out certain AML/CTF controls within a
banks in loan agreements may also be involved contractual outsourcing or agency relationship,
in the context of the investment activities of which should clearly set out the relevant
the UCI (for more details please see Section II, terms and conditions, including the roles and
VIII on the due diligence on assets below). responsibilities of both parties as mentioned
in the previous sections, the AML/CTF due
A.5.1. (Global) Distributors diligence information and documentation to
be gathered as well the immediate provision,
The Responsible Entity may decide to regardless of confidentiality or professional
appoint one or several Global or regional secrecy rules or any other obstacle, of the
Distributors and/or one or several third parties information gathered while fulfilling the
(generally referred to as “Distributors”) to AML/CTF due diligence obligations and the
distribute shares or units of the UCI. The transmission, upon request and without delay,
Global Distributor and/or Distributors may of a copy of the original supporting evidence
be appointed by the Responsible Entity received in this respect.
via contract which should clearly set out
the relevant terms and conditions related In this context, the external party operates
to AML/CTF controls, including the roles under the instructions and responsibility of the
and responsibilities as well as any ongoing Professional.
reporting requirements.
Before appointing the external party, the
A.6. The depositary Professional should perform a detailed risk
The depositary, which is appointed by the assessment and due diligence to evidence
board of directors of the UCI or of the the ability and suitability of the external
management company (in the case of an party to perform the tasks to be outsourced
unincorporated UCI), shall also comply with (e.g. Customer/investor due diligence,
its own AML/CTF obligations, including but ongoing monitoring, sanctions screening and
not limited to the identification and verification transaction monitoring) in compliance with
of identity of the UCI, its Beneficial Owner(s), the provisions of the Luxembourg AML/CTF
screening (TFS/PF) and cooperation with the Regulations and Standards.
competent authorities.
Such due diligence shall be carried out in
A.7. The domiciliation agent of the fund accordance with the internal procedures of the
The domiciliation agent of a UCI authorises Professional and they should include provisions
the UCI to have its registered office at the on the procedures to apply, as well as the
address of the domiciliation agent. The relevant criteria and process to determine the
domiciliation agent will keep all notices, choice of the external party.
correspondence or other representations and
communications addressed to the UCI and is The Professional should assess the risks
usually contractually authorised to open the associated with the outsourcing arrangement
mail received and take note of its content. and must implement appropriate internal
The domiciliation agent is legally obliged processes and regular controls to monitor and
to perform its own CDD measures on the oversee that the external party carries out its
domiciled UCIs as customers, including their obligations accordingly in an effective manner.
respective representatives (i.e. the persons
purporting to act on behalf of the customers) In accordance with the risk-based approach,
and Beneficial Owners, and to retain the the regular control shall ensure that the
relevant information and documentation and Professional is provided with means to monitor
keep it up to date. regularly and/or occasionally (for example,
through sampling or by carrying out on-site
11
visits and reporting (including key performance Note that the Responsible Entity remains
indicators) from the external party) compliance the ultimate responsible party to ensure
with the obligations delegated to the external compliance with the AML/CTF requirements.
party.
IV. Persons responsible for All Professionals must appoint a responsible must also be available to the Luxembourg
AML/CTF compliance for compliance with the AML/CTF AML/CTF competent authorities without
professional obligations (“Responsable du delay.
Respect des obligations”, the “RR”).
The RC must in addition have permanent
In addition, subject to the proportionality access to all internal documents and systems
principle, each Professional must appoint required to perform his/her duties, this includes
a compliance officer at the appropriate access to GoAML.
hierarchical level (“Responsable du Contrôle
du respect des obligations”, the “RC”), it A.2. IFMs
being noted that the CSSF and the AED In the case of an IFM, the RR can be the board
clarified that proportionality principle does of directors of the IFM (or other governing
not apply to IFMs, regulated UCIs and RAIFs, body depending on the legal structure of the
which shall therefore appoint a RC under all IFM) acting as a collegial body, or a person
circumstances. It is recommended that non- at the level of the authorised management of
regulated UCIs (other than RAIFs) comply the IFM (being the persons responsible for
with such requirement as well. the daily management of the IFM authorised
by the CSSF). Alternatively, the board may
A.1. UCIs appoint one of its members (or of the other
For UCIs (including RAIFs), the RR can be governing body) as RR.
the board of directors of the UCI (or other
governing body depending on the legal The RC can be a compliance officer or
structure) collectively. Alternatively, the board appointed third party in charge of AML/CTF.
may appoint one of its members as RR.
Both the RR and RC must have sufficient
The RC may be a member of the board or a AML/CTF knowledge, and expertise in the
third party, for example a member of staff case of the RC, with regard to (i) the applicable
of the IFM (in the latter case a contractual Luxembourg laws and regulation and (ii) the
relationship is required between the UCI investments and distribution strategies of the
and the RC personally or, where the contract UCIs that are managed. Both must be available
is concluded with the employer of the RC, to the Luxembourg AML/CTF competent
(i) the contract must name the RC, (ii) any authorities without delay.
replacement of the RC must be subject to
the UCI’s approval and (iii) the RC must The RC must in addition have permanent
acknowledge its appointment in writing). access to all internal documents and systems
required to perform his/her duties, this
Both the RR and RC must have sufficient includes access to GoAML. The RC should act
AML/CTF knowledge and the RC expertise independently and be able to report directly to
with regard to (i) the applicable Luxembourg the management, without having to report to
laws and regulations and (ii) the investments his direct superior, or to the board of directors.
and distribution strategies of the UCI. Both
12
V. Oversight obligations A.1. Initial due diligence ■ Screening against TFS/PF lists, PEP
databases and adverse media applying a
Before entering into any agreement or business risk-based approach;
relationship related to its business activities, ■ As necessary, a review of the relevant
each Responsible Entity shall perform counterparty’s procedures, including those
due diligence to ensure the risks of money on AML/CTF.
laundering and terrorist financing linked to
A.2. Ongoing monitoring and ongoing due
the services provided or business undertaken diligence
are duly assessed, understood and controlled
accordingly. The Responsible Entity shall establish ongoing
AML/CTF due diligence measures which are
From an AML/CTF perspective, the initial based on the risk and nature of the relationship
due diligence shall, subject to additional and which should at least include:
considerations depending on the level of risk
involved, at least include: ■ A periodic assessment of the initial AML/
CTF due diligence, taking into account the
■ Identification of: development of risks (i.e. adapting the risk
evaluation where elements are detected
○ The relevant counterparty; that give reason to believe that the risk
○ The Beneficial Owner(s) of the presented may have increased);
counterparty; ■ Ongoing monitoring including the
○ The persons purporting to act on behalf review, and, as necessary collection of all
of the customer who will be acting in necessary information, based on the nature
the relationship; of the relationship; and
■ Screening against TFS/PF lists.
VI. ML/TF risk appetite and An effective risk-based approach allows ML/TF risk it is willing to be exposed to, and
risk assessment the Responsible Entity to identify, assess, thus establishes controls and processes which
understand and mitigate money laundering/ are adequate and proportionate to address
terrorist financing risks and to exercise identified ML/TF risks of the activities and in
reasonable judgment with respect to its order to focus on areas of higher risk nature.
activities and should be proportionate to the
nature and size of each entity. The risk appetite should be stated in writing
and formally approved by the board of
The following sections deal with the main directors of the Responsible Entity (or other
elements which comprise an adequate risk- governing body depending on the legal
based approach: structure) and shall document the extent of
ML/TF risk the Responsible Entity is willing
■ ML/TF risk appetite; to expose itself to for conducting its business
■ ML/TF risk assessment. activities.
A.2. ML/TF Risk Assessment

A.1. ML/TF risk appetite
The Responsible Entities should identify
The starting point for the adequate handling and assess AML/CTF risk associated with
of ML/TF risk should be the definition and the products and services they offer, the
approval of a risk appetite. This is required to jurisdictions they operate in, the customers/
ensure the Responsible Entity understands the investors they attract and the transactions
13
or delivery channels they use to service their ■ It is possible to subscribe to the UCI
customers/investors. The steps to identify, and then quickly redeem the investment
assess, understand and mitigate the ML/TF without the investor incurring significant
risks across the business must be proportionate administrative costs; and
to the nature and size of each firm. ■ Units of or shares in the UCI can be traded
without the fund or fund manager being
The Responsible Entity shall carry out the ML/ notified at the time of the trade and, as a
TF risk assessment taking into account at least result, information about the investor is
the following factors, as further detailed in divided among several subjects (as is the
Annex III and IV of the AML/CTF Law and case with closed-ended funds traded on
CSSF Circular 11/529: secondary markets).
■ Product/services and transactions risk As per FATF guidance, the following products
(including the asset classes invested into); and services may also indicate a higher risk:
■ Customer/investor risk;
■ Delivery (or distribution) channel risk; and ■ Products or services that may inherently
■ Geographical risk. favour anonymity or obscure information
about underlying customer transactions
Both the IFM and the UCI shall have a (e.g. bearer share instruments or the
documented risk-based approach approved by provision of omnibus account services);
their respective governing bodies. ■ The geographical reach of the product or
service offered, such as those emanating
A.2.1. Product, services and transactions from higher-risk jurisdictions;
risk ■ Products with unusual complexity or
structure and/or with no obvious economic
Each Responsible Entity should assess the purpose;
ML/TF risks of the products, services and ■ Products or services that permit the
transactions provided both prior to any new unrestricted or anonymous transfer of
launch and on a defined ongoing basis to value (by payment or change of asset
ensure that any change in circumstances is ownership) to an unrelated third party,
adequately considered. particularly those residing in a higher-risk
jurisdiction;
When assessing the ML/TF risk associated ■ Use of new technologies or payment
with their products, services or transactions, methods not used in the normal course of
the Responsible Entities should consider the business by the securities provider;
following elements at a minimum: ■ Products that have been particularly
subject to fraud and market abuse, such as
■ The level of transparency or opaqueness of low-priced securities;
the product, service or transactions; ■ The purchase of securities using physical
■ The complexity of the product, service or cash;
transactions; and ■ Offering bank-like products, such as check
■ The value or size of the product, service or cashing and automated cash withdrawal
transactions. cards;
■ Securities-related products or services
The following factors may among others funded by payments from or instructions
contribute to an increase in the risk associated given by unexpected third parties,
with a UCI (as per ESAs Joint Guidelines): particularly from higher-risk jurisdictions;
and
■ The UCI is designed for a limited number ■ Transactions involve penny/microcap
of individuals or family offices, for stocks.
example a private fund or single investor
fund;
14
A.2.2. Customer/investor risk ■ Customers whose transactions indicate
a potential connection with criminal
Each customer/investor type has a different set involvement, typologies or red flags
of ML/TF risks and, subject to the provisions provided in reports produced by the FATF
of the Regulations and Standards, the extent of or national competent authorities (e.g.
the customer due diligence measures may vary FIU, law enforcement etc.);
accordingly. Whilst there is a need for each ■ Customers who are also securities
customer/investor to undergo a risk assessment providers, acting as intermediaries or
both prior to customer/investor acceptance otherwise, but are either unregulated
and on an ongoing basis, each Responsible or regulated in a jurisdiction with weak
Entity shall assess the risks associated with AML/CTF oversight;
the customer/investor types to target an ■ Customers who are engaged in, or derive
appropriate and effective level of due diligence. wealth or revenues from, a high-risk cash-
intensive business;
As highlighted by the FATF guidance, the ■ Customer groups who generate a notable
following categories of customers may present amount of SARs/STRs;
a higher risk due to their business or activities ■ Customers in the form of legal entities
(please also refer to Annex IV of the AML/CTF predominantly incorporated in the form
Law): of bearer shares (note: since 2014 bearer
shares of Luxembourgish companies have
■ Customers sanctioned by the relevant been immobilised in Luxembourg and
national competent authority for non- there exist stringent regulations regarding
compliance with the applicable AML/CTF holding and keeping bearer shares);
regime and not engaging in remediation to ■ Customers whose ownership structures
improve their compliance; are unduly complex as determined by the
■ Customers who are PEPs (including where securities provider or in accordance with
a Beneficial Owner of a customer is a any regulations or guidelines;
PEP); ■ Customers who have sanctions exposure
■ Customers who reside in or whose primary (e.g. have business/activities/transactions);
source of income originates from high-risk and
jurisdictions (regardless of whether that ■ Customers whose ownership structures are
income originates from a cash-intensive non-transparent.
business) (unless evidence to show that
customer’s source of income comes from a A.2.3. Delivery (Distribution) channel risk
low-risk country);
■ Customers who reside in countries Each Responsible Entity shall determine the
considered to be uncooperative risks inherent to its distribution channels by
in providing beneficial ownership considering the ML/TF risk profile of the
information; parties involved in the distribution channel,
■ Customers who act on behalf of third i.e., the level of AML/CTF controls it applies
parties and are either unwilling or unable as well as the level of supervision it is subject
to provide consistent information and to, the risks associated with the country of
complete documentation thereon; domicile or activity, the transparency of the
■ Customers who have been mentioned in distribution channel, the nature of the business
negative news reports from credible media, and the Responsible Entity’s ability to monitor
particularly those related to predicate and obtain additional information about
offences for ML/TF or to financial crimes; the business made through the distribution
channel.
15
A.2.4. Geographical risk ■ Countries identified as providing funding

or support for terrorists or their activities;
Country risk, in conjunction with other ML/ and
TF risk factors, provides useful information ■ Countries identified as having significant
as to potential money laundering and terrorist levels of criminal activity, including
financing risks. corruption and drug trafficking; and
countries facing a period of political
High-risk countries are defined in Article 1(30) instability.
of the AML/CTF Law and comprise those Each UCI/Professional should make use of
included in the list of high-risk third countries available material and sources to assess a
pursuant to Article 9(2) of Directive 2015/849 country’s money laundering/terrorist financing
(i.e. Commission Delegated Regulation (EU) risk level.
2016/1675 of 14 July 2016 supplementing
Directive (EU) 2015/849 of the European Amongst others, the UCI/Professional can refer
Parliament and of the Council by identifying to the following public sources:
high-risk third countries with strategic
deficiencies, as amended), or designated by the ■ FATF reports and declarations;
FATF as presenting a higher risk as well as any ■ International Monetary Fund reports;
other country that the supervisory authorities ■ World Bank reports;
and the professionals consider as such. For ■ CSSF notifications (e.g., circulars, press
example, the ESAs Joint Guidelines require that releases);
certain factors are taken into account to assess ■ Publication and reports from national
the risk level of a particular country, such as agencies (e.g. OFAC);
for example: ■ National risk assessment reports;
■ Transparency International (Corruption
■ Countries subject to sanctions, embargoes Perceptions Index).
or similar measures issued, at least, by the
United Nations and the European Union; A.2.5. Other ML/TF risk factors
■ Countries identified as lacking appropriate
AML/CTF laws and regulations, as Other ML/TF risk factors should be
defined by the FATF and the European considered, like the organisation of the
Commission through Commission entity, any material delegation or outsourcing
Delegated regulations; arrangements.
16
Section II – The application of the risk-based approach
VII. Due diligence on the The following sections detail recommendations Notwithstanding specific distribution business
liability side for the measures to be taken depending on models – which may justify a different
the different types of customers/investors and approach – it is useful to refer to the ESAs
assets. Joint Guidelines1, which detail who should
be considered as the UCI’s customer/investor
Shares, units or interests of UCIs can be depending on the distribution channel used:
purchased by a limited number of investors
or by a broad number of investors, directly or (a) A natural or legal person who directly
through the involvement of multiple parties, purchases units of or shares in a fund on
in a single or across several jurisdictions, their own account, and not on behalf of
exclusively in the primary market or also in the other, underlying investors.
secondary market. Investors may subscribe into (b) A firm that, as part of its economic activity,
the UCI either directly and in their own name directly purchases units of or shares in its
or via an intermediary who may appear in the own name and exercise control over the
UCI register or not. investment for the ultimate benefit of one
or more third parties who do not control
Based on the above, the Responsible Entity is the investment or investment decisions.
exposed to varying ML/TF risks which need to (c) A firm, for example a financial
be appropriately mitigated. intermediary, that acts in its own name
and is the registered owner of the shares
A.1. Who is the customer of the UCI? or units but acts on the account of, and
A customer is defined in CSSF Regulation pursuant to specific instructions from,
12-02, as amended as a natural or legal person one or more third parties (e.g. because the
with whom a business relationship exists or financial intermediary is a nominee, broker,
for whom an occasional transaction is carried multi-client pooled account/omnibus type
out within the meaning of point (b) of Article account operations or operator of a similar
3(1) of the AML/CTF Law, including persons passive-type arrangement).
purporting to act on behalf of the customer. (d) A firm’s customer, for example a financial
As regards UCIs, the notion of customer intermediary’s customer, where the firm is
encompasses the notion of investor registered not the registered owner of the shares or
in the investment fund register. units (e.g. because the investment fund uses
a financial intermediary to distribute fund
As there can be multiple intervening parties shares or units, and the investor purchases
and different business relationship types units or shares through the firm and the
in the fund industry, it is not always easy firm does not become the legal owner of the
to determine who is to be considered the units or shares).
customer of the UCI and therefore on whom
A.2. Different customer types
the Responsible Entity (directly or indirectly)
shall perform customer due diligence measures. In line with the UCI’s customer definitions
above, it is possible to identify different types
The following should be considered: of customers which may require different levels
of due diligence, based on (i) the nature of the
(i) How the UCI is sold or purchased; relationship, (ii) their ML/TF risk rating and
(iii) as necessary, the structure in which the
(ii) With whom the business relationship is investments will be made.
established; and
A.2.1. Intermediaries
(iii) Who is registered in the UCI’s share or
unit register. Intermediary relationships, which may also
include clearing platforms acting as an
1 Page 115 of the ESAs Joint Guidelines: https://www.eba.europa.eu/sites/default/documents/files/document_

library/Publications/Guidelines/2021/963637/Final%20Report%20on%20Guidelines%20on%20revised%20
ML%20TF%20Risk%20Factors.pdf
17
investor subscribing units or shares of an investor appearing in the register of the

UCI in their own name but on behalf of their UCI;
customers, generally offer less transparency ■ Level 2 due diligence measures:
or access to information on the underlying additional enhanced due diligence on the
customers of the intermediary. Therefore, intermediary’s business relationship as
in such context the Responsible Entity shall per Article 3 of CSSF Regulation 12-02,
carry out enhanced due diligence on such including information on the AML/CTF
intermediary relationship, as per Article 3 of controls to enable a qualitative assessment
CSSF Regulation 12-02 especially given that of its control framework. An in-depth
accounts may be operated on an omnibus/ review shall be conducted for higher-risk
pooled basis (i.e. nominee account in the relationships, possibly including reviewing
register of the UCI). This means that, in the independent audit reports, interviewing
addition to applying the CDD measures the relevant AML/CTF compliance
pursuant to article 3 (2) of the AML/CTF Law officers, having the review carried out by
on the intermediary acting as an investor in the an independent third-party and/or carrying
UCIs (“Level 1 due diligence measures”) the out an on-site visit.
enhanced due diligence measures in accordance
with Article 3-2 (3) of the AML/CTF Law Amongst others, the Responsible Entity shall
have to be applied on such intermediary gather the following information:
focusing on the distributing/intermediary
relationship and should include, amongst ■ Type of intermediary;
others, the review of its AML/CTF processes ■ Country of establishment;
and controls, in particular as regards the AML/ ■ Applicable AML/CTF legal and regulatory
CTF due diligence performed on its underlying framework;
customers (“Level 2 due diligence measures”). ■ AML/CTF supervisory authority name;
■ AML/CTF framework implemented by the
This is regardless of whether the intermediary, intermediary;
which subscribes shares/units of the UCI on ■ Reputation of the intermediary, potential
behalf of its customers, has been contractually ML/TF investigations and/or enforcement
appointed by the UCI/Professional to distribute or fines against the latter;
shares/units of the UCI on its behalf or not. ■ Nature of the activity, and
■ Distribution strategy (if applicable).
As indicated above, some intermediary
scenarios additionally involve the usage of If the Responsible Entity has assessed the
trading platforms, which pool the subscription results of both the Level 1 due diligence
and redemption orders from their customers measures and the Level 2 due diligence
and send them to participating UCIs in a measures to be satisfactory, and if the
structured fashion. Platform customers may be intermediary is a AML/CTF regulated entity
private individuals, legal entities or financial located in a country with no strategic AML/
intermediaries acting on behalf of their own CTF deficiencies, the Responsible Entity may,
clients. pursuant to market practice, generally rely on
the intermediary’s due diligence measures on
The use of such platforms may add a further the underlying customers of the intermediary
layer of complexity in terms of AML/ unless a higher-risk situation has been
CTF the inherent risks of which need to be identified.
appropriately assessed and mitigated.
Pursuant to the FATF Guidelines there is no
Therefore, the due diligence shall be performed expectation or requirement for the Responsible
on a 2-tier basis: Entity to apply CDD on an intermediary’s
customer (unless the Responsible Entity has
■ Level 1 due diligence measures: a risk- a direct relationship with such customers
based due diligence on the intermediary of the intermediary), which is instead the
(including its Beneficial Owners), as responsibility of the intermediary. Nonetheless,
it is consistent with the risk-based approach for
18
the Responsible Entity to have some general Due diligence measures should be applied in at
sense of the intermediary’s customer base as least the following cases:
part of ascertaining the risks associated with
the intermediary itself. ■ When establishing a new business
relationship, e.g. at the time of the
A.2.2. Third-Party Introducer relationship subscription/at the time of the signature of
a distribution agreement;
The Third-Party Introducer relationship is ■ For existing customers, notably:
provided for in Article 3-3 of the AML/CTF ○ Through a periodical risk-based review
Law and can be defined as a relationship process based on formal cycles;
between the Responsible Entity and an ○ When there is a significant trigger
intermediary which is regulated and supervised event, for example:
by an AML/CTF supervisory authority and Increase in risk rating,
is subject to its own AML/CTF professional The nature, scope and/or
obligations, where the Responsible Entity jurisdiction of the business activities
decides to rely on the initial CDD performed of the Customer are changing,
by the Third-Party Introducer (identification Change in regulation which
and verification of the customer, identifying requires additional documents to be
and taking reasonable measures to verify the collected;
identity of the Beneficial Owner, identification ○ When there is a suspicion of money
and verification (if needed) of the identity of laundering or terrorist financing,
the persons purporting to act on behalf of regardless of any derogation,
the customer (if applicable) and assessing, exemption or threshold;
understanding and as appropriate obtaining ○ When there are doubts about the
information on the purpose and intended veracity or adequacy of previously
nature of business relationship). The obtained customer identification data.
intermediary’s customer becomes the customer
of the UCI, i.e. the underlying customer name The due diligence process applies to all
is registered in the UCI’s register. customers and typically includes:
However, even though the identification ■ Risk assessment of the customer (to be
and verification of identity measures may appropriately documented) to determine
be performed by the Third-Party Introducer, the level and type of due diligence required
which shall comply with the conditions and support the decision whether to enter
provided in Article 3-3 of the AML/CTF into, continue or terminate the business
Law and Article 36 of CSSF Regulation relationship;
12-02, including providing the due ■ Identification, and collection and
diligence information and documents upon verification of customer information;
request; under such business relationship ■ Identification, and, applying a risk-based
the Responsible Entity cannot rely on the approach, collection and verification
intermediary to perform ongoing monitoring, (if needed) of the beneficial ownership
ongoing due diligence and scrutiny of information;
transactions. ■ Identification, and, applying a risk-based
approach, collection and verification of
A.3. Application of the AML/CTF due the persons purporting to act on behalf
diligence of the customer, i.e. all natural or legal
Without prejudice to certain relationships persons purporting to act on behalf of the
requiring enhanced due diligence as per customer (where applicable);
the AML/CTF Law and related laws and ■ Assessing, understanding and, as
regulations, the risks associated with every appropriate, obtaining information on
customer determine the level of due diligence the purpose and intended nature of the
required as well as the frequency upon which business relationship, to form a basis
such due diligence should be refreshed. for ongoing monitoring of the business
relationship and with a view to facilitating
19
the detection of potentially suspicious of verification can be performed on a risk-

activities; sensitive basis. Under certain circumstances,
■ Taking reasonable measures to establish the information to be collected regarding the
and, applying a risk-based approach, Beneficial Owner may be adjusted for entities
obtaining supporting documents on the which present a low AML/CTF risk, such as
source of funds and, as applicable, the regulated financial institutions or entities listed
source of wealth of the customer; on a stock exchange (see also illustrations in
■ Obtaining a duly signed declaration as the ALFI publication Who is the beneficial
to whether the customer acts on his own owner of an investment fund?).
account or on behalf of underlying clients;
■ Carrying out name screening on the Where the customer is a legal entity not
customer, Beneficial Owner, persons (directly or indirectly) subject to an equivalent
purporting to act on behalf of the AML/CTF supervision, the Responsible Entity
customer and other associated parties as shall also collect appropriate information on
required; the directors or persons exercising similar
■ Monitoring transactions, payments, positions and – regardless of the type of the
changes in static data (such as address customer – information on the source of funds
changes, bank mandates and pledges) and, as applicable, on the source of wealth
in order to detect suspicious or unusual (if legally required) of the customer. Such
behaviour. information must be verified or corroborated
with supporting documents applying a risk-
The Responsible Entity may determine based approach.
the extent of such measures using a risk-
based approach, subject to the provisions The Responsible Entity must also obtain
of the AML/CTF Law and related laws and written confirmation if the customer is
regulations. investing on its own behalf or not.
1.
A.3.1.(a). Customer identification A.3.1.(b). Name screening - Politically
Exposed Persons
For the purposes of the identification of
customers, the Responsible Entity shall gather Prior to entering into a relationship, the
and register at a minimum the information Responsible Entity shall ensure the name(s)
required by the Regulations and Standards. of the customer, its related parties including
Beneficial Owner(s), persons purporting to
Based on the established risk assessment act on behalf of the customer and board
(which shall also encompass the assessment of members, as applicable, is/are screened against
the country risk), the Responsible Entity shall lists of PEPs. Control shall also be carried out
collect information and documentation on the whenever there is a change in static data and
customer and on its Beneficial Owner(s). on an ongoing basis.
It is important to stress that Beneficial The purpose of such screening is to identify

Owner(s) must always be identified, and PEPs not previously identified, which may
information on the beneficial ownership must have an impact on the risk of the Business
always be collected, regardless of the risk Relationship.
assessed for the relationship. The Beneficial
Owner information to be collected generally A.3.1.(c). Name screening – TFS
is: first name(s) and surname(s), date and
place of birth, nationality(/-ies), full postal Prior to entering into a relationship, whenever
address of the main residence and the official there is a change in static data and on an
national identity number applying a risk-based ongoing basis, the Responsible Entity shall
approach. Verification of such information screen the name of the customer, its related
must be carried out; however, the manner parties including Beneficial Owner(s) and
20
board members, as applicable, against TFS customer’s transactions to determine whether
lists. Such screening, in principle to be carried they are consistent with the Responsible
out on a daily basis, shall cover new lists Entity’s (or relevant delegate’s) profiling
published by the relevant authorities without information about the customer and the nature
delay, which means – as applicable – within and purpose of the business relationship.
one business day from the moment when TFS
lists are published. The extent and depth of transaction
monitoring shall be based on the established
Where the customer is an intermediary, it is risk-based approach.
important to note that when the Responsible
Entity receives a potential name match on Defined situations or thresholds used for
the name/other information related to the transaction monitoring should be reviewed on
intermediary’s customer, even if this person a regular basis to determine their adequacy
is not to be considered the customer of to the risk levels established. Monitoring
the Responsible Entity, the latter should measures should be in place to flag unusual
follow up with the intermediary by making movements of funds or transactions for further
a request for information on the particular analysis and scrutiny in a timely manner to
underlying customer and possibly leading determine whether the funds movements or
to more information being requested on the transactions are suspicious.
intermediary’s customers.
Criteria applied to decide the frequency
In case of a positive match, the Responsible and intensity of the monitoring of different
Entity shall refrain from entering into a customer segments should also be readily
relationship or block any redemption and explicable and the rationale for the monitoring
immediately inform the Ministry of Finance strategy appropriately documented.
and other competent authorities, as necessary.
In case of AML/CTF suspicious activity or
A.3.1.(d). Transaction monitoring. transaction, the Responsible Entity shall
immediately inform the FIU via the GoAML
As part of its ongoing monitoring obligations, tool by filing a SAR/STR.
the Responsible Entity shall monitor the
VIII. Due diligence on the UCIs are created to hold and manage assets, The Responsible Entity, either directly or
asset side in accordance with a determined investment through a third party (e.g. the appointed
strategy, in their own name and for the benefit portfolio manager or investment advisor) shall
of one or multiple UCI’s investors. establish:
The Responsible Entity needs to analyse 1. Appropriate due diligence controls by asset
the ML/FT risks intrinsic to the investment type (“know your investment”) applying a
activity and establish appropriate due diligence risk-based approach.
measures adapted to the risks assessed per asset 2. TFS/PF controls on all assets and
class. This assessment shall be appropriately depending on the asset types, the parties
documented in writing, formalised and linked to the transactions.
reviewed at least on an annual basis.
21
TFS can take a number of different forms or indirectly, for the benefit of designated
including: states, persons, entities and groups, and
■ Prevention of PF, intended as the act
■ Trade sanctions, including arms embargoes of providing funds or financial services
and restrictions on dual-use items2; which are used, in whole or in part, for
■ Financial sanctions, including asset freezes the manufacture, acquisition, possession,
and other restrictive measures; development, export, transshipment,
■ Immigration sanctions, known as travel brokering, transport, transfer, stockpiling
bans. or use of nuclear, chemical or biological
weapons of mass destruction.
In such context, the Responsible Entity directly
A.1. Asset types
or through a third party should especially pay
attention to: The Responsible Entity, directly or through a
third party, may invest in assets traded on a
■ TFS, covering both asset freezing and security exchange/regulated market or through
prohibitions to prevent funds or other direct acquisition.
assets from being made available, directly
The table below provides a non-exhaustive overview of the main types of assets:
Examples of Listed Assets Examples of unlisted assets

(on a security exchange or regulated market)
■ Shares, stocks, bonds listed ■ Real estate

■ Investment funds ■ Private equity
■ Exchange traded funds (ETF) ■ Real assets (direct vs indirect investment)
■ Money market instruments ■ Private debt/loans
■ Derivative instruments (e.g. futures) ■ Infrastructure
■ Investment funds
■ Shares/stocks/bonds/derivative
instruments (structured bonds, OTC
instruments, swaps)
■ Money market instruments
■ Virtual assets3
A.1.1. Asset classification and required due security exchange (“Listed Assets”) have
diligence a lower risk. For such types of assets, the
Responsible Entity may therefore decide to
Prior to investing in an asset, the Responsible apply a simplified due diligence, hence only
Entity must, as a minimum, screen the name of carrying out TFS (including PF) screening at
such asset and/or of its issuer against the TFS/ the time of the first transaction and on an
PF lists. ongoing basis (i.e. at least whenever a list is
updated).
Generally, assets which are listed on a securities
exchange/traded on regulated markets or Unlisted assets (including virtual assets)
which are issued by a company listed on a are assets which are not listed on a security
2 Dual-use items are goods, software and technology that can be used for both civilian and military applications.
3 As defined in the Glossary of the FATF Recommendations, “a virtual asset is a digital representation of value
that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets
do not include digital representations of fiat currencies, securities and other financial assets that are already
covered elsewhere in the FATF Recommendations”.
22
exchange/traded on regulated markets or Other criteria, such as the risk of the country
which are not issued by a company listed on of the Issuer (as defined in the table below),
a security exchange. These assets may have the presence of a regulated intermediary (e.g.
a higher risk compared to Listed Assets. The clearing agents, the regulatory status of the
Responsible Entity must therefore also consider Issuer and/or whether reliable valuation and
the associated risks in the way the type of appropriate information on the asset are
assets are acquired, sold or transferred (i.e. available), may be considered to determine the
take into consideration ML/TF risks related risk of unlisted assets.
to the Principal and/or Agent(s), as defined in
the table below) and adapt the level of due The table below provides a high-level overview
diligence accordingly. of the due diligence measures to be considered,
subject to a risk assessment.
AML/CTF due diligence measures

TFS name screening Proliferation financing screening**
(identification, verification, origin of funds)
On the On the
On the
asset OR On the asset OR On the On the
Agent/
Due diligence underlying On the Principal On the underlying Principal asset OR On the
tenants/
by asset type asset Issuer and/or Issuer asset and/or underlying Principal
leases/co-
(applying Agent (applying Agent asset
investors
RBA) RBA)
Yes (as Yes (as

Listed Assets Yes N/A Yes N/A N/A N/A N/A
necessary) necessary)
Unlisted Yes (as Yes (if Yes (as Yes (if RBA (if RBA (if RBA (if
Yes Yes
Assets* necessary) applicable) necessary) applicable) applicable) applicable) applicable)
* Additional measures may have to be performed depending on the way the assets are acquired/sold/transferred. If the assets are
shares or parts of a fund (including ETFs), the diligence is performed on the fund and not on the underlying basket.
** Similar rules should apply to cluster munitions financing.
Glossary:
Assets Securities or any other type of assets purchased or sold by a UCI.
Underlying asset: e.g. derivative
Issuer A legal entity that creates, develops, registers and sells assets to investors.
Agent Facilitator of the transaction (e.g. intermediating party like a bank in a loan scheme)
Principal End buyer/end seller/borrower
RBA Risk-based approach
of the ML/TF risks presented by specific

A.2. Guidance for due diligence assets or assets classes. This analysis must
The mitigation actions described below may be formalised in writing by the Responsible
be used as a general guidance for the minimum Entity (or by its delegate and reported to
due diligence measures to be adopted in the Responsible Entity).
respect to the assets, taking into account the
specificities of each asset type and applying, as b) When the Responsible Entity wishes to use
necessary, a risk-based approach. the AML/CTF due diligence performed by
a third party involved in the transaction, it
General principle: should ensure that such third party applies
due diligence standards equivalent to those
a) AML/CTF due diligence on assets can be applicable in Luxembourg. Nevertheless,
performed using a risk-based approach, the Responsible Entity remains the
which therefore requires an understanding ultimate responsible for the compliance
23
with AML/CTF due diligence on assets Responsible Entity carry out the following
and must monitor the delegated function controls on the co-investors:
through periodic reporting on a risk-based
approach. ■ If the co-investor holds or will hold more
than 25% of the shares of the asset, the
A.2.1. Private equity Responsible Entity shall at least screen
the name of the co-investor against TFS,
The Responsible Entity may invest directly in including PF, lists;
shares of private companies, i.e. companies ■ If the co-investor holds or will hold less
that do not have their shares offered to the than 25% of the shares of the asset, unless
public. Those shares are usually subject to there are reasons which would indicate a
transfer restrictions so that their holders higher risk, the Responsible Entity is not
cannot transfer them to another person expected to carry out a due diligence on it.
without the consent of the company or the
company’s management body and/or under The Responsible Entity shall also directly or
specific conditions. through a third party establish appropriate
controls to monitor changes in the
The Responsible Entity shall adopt a risk-based shareholding composition of the asset, and
approach in carrying out initial and ongoing adopt an adequate and appropriate level of
due diligence on the target private company, its due diligence on the other co-investors on an
related parties (including the Principal), and on ongoing basis.
the Agent(s) of the transactions.
A.2.1.(a). Real estate
Private equity transactions can also involve a
variety of co-investors. These might include A UCI may invest into real estate asset (e.g.
other private equity funds or institutional residential or commercial properties) types
investors. Where the UCI intends to become which may represent a higher risk and
a majority shareholder in such private therefore the Responsible Entity is, if the
companies (i.e. it intends to acquire 50% + 1 result of a risk-based assessment so warrants,
of the shares), the Responsible Entity may also expected to apply an enhanced due diligence
perform due diligence on the co-investors on a on this type of asset.
risk-based approach.
For this type of assets, the Responsible Entity
In particular, in case the UCI is the majority is recommended to apply a due diligence on
shareholder, it is recommended that the the Principal considering a risk-based approach
Responsible Entity carry out the following (e.g. if the Principal is an AML/CTF regulated
controls on the co-investors: entity, located in a jurisdiction with equivalent
AML/CTF regulations to those applicable in
■ If the co-investor holds or will hold more Luxembourg).
than 25% of the shares of the asset, the
Responsible Entity directly or through Similarly, in case the transaction is placed
a third party shall at least perform through an Agent which is regulated for AML/
appropriate due diligence on the co- CTF purposes and which has performed the
investor and its Beneficial Owner(s)and due diligence on the Principal, the Responsible
screen their names against TFS/PF lists; Entity may take this into account to (i)
■ Applying a risk-based approach the implement simplified due diligence in respect of
Responsible Entity directly or through the Agent, and/or (ii) rely on the due diligence
a third party may apply additional due performed by the Agent on the Principal,
diligence measures such as lowering the subject to relevant contractual arrangements
threshold for due diligence measures on and reporting being in place.
the co-investor and its Beneficial Owner(s).
Real estate properties may be held as an
In contrast, in case the UCI is not the majority investment to generate regular steady income
shareholder, it is recommended that the through its rent, or with the aim of achieving
24
income and/or capital growth through its For example, subject to a risk assessment,
disposal. luxury assets may be desirable to criminals and
enhanced due diligence may be considered,
For example, the Responsible Entity may including identification of potential TFS/PF
carry out a risk-based approach due diligence risks (e.g. if the tangible asset is a vessel).
on tenants depending on predetermined risk
factors, such as the volume of the property’s For this type of assets, the Responsible Entity
revenue, the type of property and geographical directly or through a third party is expected
risks. to apply a due diligence on the Principal
considering a risk-based approach ((e.g. if
For instance, in a case where the income might the Principal is an AML/CTF regulated entity
mainly be generated from a limited percentage located in a jurisdiction with equivalent
of tenants (i.e. mostly major tenants, with AML/CTF regulations to those applicable in
more than a certain percentage of the building/ Luxembourg). Similarly, in case the transaction
property’s revenue such as for instance more is placed through an Agent which is regulated
than 25% of the total rent for a property for AML/CTF purposes and which has
located in a low risk country or 10% of the performed the due diligence on the Principal,
total rent for a property located in a high the Responsible Entity directly or through a
risk jurisdiction), the Responsible Entity may third party may take this into account to (i)
consider to screen the name of the tenant implement simplified due diligence in respect of
against the TFS, including PF, lists. the Agent, and/or (ii) rely on the due diligence
performed by the Agent on the Principal,
The Responsible Entity may also perform subject to relevant contractual arrangements
a risk-based approach due diligence on the and reporting being in place.
property developer (if any). Such due diligence
should at least entail TFS, including PF, A.2.1.(c). Private debt/loan
screening on the property developer name.
Based on their investment strategies, the
Similar to private equity, real estate activities of private debt/loan UCIs can be
transactions can also involve a variety of co- classified as either being loan-originating or
investors. In this case similar rules as described loan-participating activities (or a mixture
under the private equity section shall be thereof):
applied.
■ A loan-originating activity is any type
A.2.1.(b). Tangible assets of a fund’s activity that is, according
to its investment strategy, allowed to
Tangible type of assets can vary in their nature grant and restructure loans (i.e. to
and range from very expensive down to low- subsequently amend loan conditions such
value assets. as prolongation or deferral).
■ A loan-participating activity is a fund’s
Such type of dealing is not always regulated, activity that is allowed to partially or
and this type of assets may be traded by a entirely acquire and restructure existing
range of commercial entities such as banks, loans originated by banks or other
manufacturers, independent vendors/dealers of institutions, either directly from the lender
assets or commercial brokers. or in secondary markets where such loans
are traded.
The Responsible Entity shall assess the risks
linked to the specific type of assets in which it When the UCI – directly or indirectly – lends
intends to invest, taking into account notably money, the main ML/TF risks reside on the
the counterparties involved in the transaction borrowers. The Responsible Entity directly or
and with whom the contracts are signed. through a third party is therefore generally
Depending on whether the UCI is acting as required to perform a risk-based approach
buyer or seller, the target of the due diligence due diligence on the borrowers. Depending
shall either be the buyer or the seller. on the characteristics of the private debt/loan,
25
a secondary market may exist where banks The Responsible Entity relies on the borrower-
and other parties buy or sell interests in loans. related information received by the Principal.
Generally the risk of money laundering in Similarly, in case the transaction is placed
relation to a secondary market participant is through an Agent which is regulated for AML/
lower than in relation to a primary syndication CTF purposes and which has performed the
due to the fact that the secondary market due diligence on the Principal, the Responsible
participants are usually AML/CTF regulated Entity may take this into account to (i)
entities, located in jurisdictions with equivalent implement simplified due diligence in respect of
AML/CTF regulations to those applicable in the Agent, and/or (ii) rely on the due diligence
Luxembourg. performed by the Agent on the Principal,
subject to relevant contractual arrangements
For this type of assets, the Responsible Entity and reporting being in place.
is expected to apply a due diligence on the
Principal (i.e. buyer/seller) and the borrower Unless there is a direct contact/business
considering a risk-based approach (e.g. if the relationship with a co-lender, the Responsible
Principal is an AML/CTF regulated entity, Entity is not expected to carry out a due
located in a jurisdiction with equivalent diligence on co-lenders.
AML/CTF regulations to those applicable in
Luxembourg).
26
27
About ALFI
The Association of the Luxembourg Fund decision-making through relevant input

Industry (ALFI) represents the face and voice for changes to the regulatory framework,
of the Luxembourg asset management and implementation of European directives and
investment fund community, championing regulation of new products or services.
mainstream, private assets and sustainable
investing. ALFI seeks to promote Foster dedication to professional standards,
Luxembourg’s fund sector internationally, integrity and quality
and to cultivate for the benefit of its members
a collaborative, dynamic and innovative Investor trust is essential for success in collective
ecosystem underpinned by the most robust investment services and ALFI thus does all it can
regulatory framework. ALFI’s ambition is to to promote high professional standards, quality
empower investors to meet their life goals. products and services, and integrity. Action in
this area includes organising training at all levels,
Created in 1988, the Association today defining codes of conduct, transparency and
represents over 1,500 Luxembourg domiciled good corporate governance, and supporting
investment funds, asset management companies initiatives to combat money laundering.
and a wide range of business that serve the
sector. These include depositary banks, fund Promote the Luxembourg investment fund
administrators, transfer agents, distributors, industry
legal firms, consultants, tax advisory firms,
auditors and accountants, specialised IT and ALFI actively promotes the Luxembourg
communication companies. Luxembourg is investment fund industry, its products and its
the largest fund domicile in Europe and a services. It represents the sector in financial
worldwide leader in cross-border distribution and in economic missions organised by the
of funds. Luxembourg domiciled investment Luxembourg government around the world and
funds are distributed in more than 70 countries takes an active part in meetings of the global
around the world. fund industry.
ALFI defines its mission as to “Lead industry ALFI is an active member of the European Fund
efforts to make Luxembourg the most attractive and asset Management Association, of the
international center”. European Federation for Retirement and of the
International Investment Funds Association.
Its main objectives are to:
To keep up to date with all the news from
Help members capitalise on industry trends the association and the fund industry in
Luxembourg, join us on LinkedIn (The
ALFI’s many technical committees and Luxembourg Fund Industry Group by ALFI),
working groups constantly review and analyse Twitter (@ALFIfunds), Youtube, or visit our
developments worldwide, as well as legal and website at www.alfi.lu.
regulatory changes in Luxembourg, the EU and
beyond, to identify threats and opportunities
for the Luxembourg fund industry.
Shape regulation
An up-to-date, innovative legal and fiscal

environment is critical to defend and improve
Luxembourg’s competitive position as a
center for the domiciliation, administration
and distribution of investment funds. Strong
relationships with regulatory authorities, the
government and the legislative body enable
ALFI to make an effective contribution to
May 2021
© 2021 ALFI. All rights reserved.
Reviewed practices and recommendations

aimed at reducing the risk of money laundering
and terrorist financing in the Luxembourg fund
industry

AML Guidelines 2021

Uploaded by

Copyright:

Available Formats

AML Guidelines 2021

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AML Guidelines 2021

Uploaded by

Copyright:

Available Formats

| guidelines

REVIEWED PRACTICES AND

II. Preamble – The AML/CTF regulatory framework 7

Section I – AML/CTF framework and risk 8

III. AML/CTF responsibilities 8

IV. Persons responsible for AML/CTF compliance 12

VI. ML/TF risk appetite and risk assessment 13

Section II – The application of the risk-based approach 17

VII. Due diligence on the liability side 17

VIII. Due diligence on the asset side 21

2010 Law Law of 17 December 2010 relating to undertakings for collective

AED Administration de l’enregistrement, des domaines et de la

AIFM Alternative Investment Fund Manager, within the meaning of

AML Anti-money laundering

AML/CTF GDR Grand-ducal regulation of 1 February 2010 providing details on

AML/CTF Law Law of 12 November 2004 on the fight against money

Beneficial Owner Any natural person(s) who ultimately own(s) or control(s)

Business Relationship Professional or commercial relationship which is connected with

CDD Customer due diligence

CSSF Commission de Surveillance du Secteur Financier

CTF Counter Terrorist Financing

Customer Natural or legal person with whom a business relationship exists

ESAs The three European Supervisory Authorities (ESAs): the

FATF Financial Action Task Force on Anti-Money Laundering and

FIU The Luxembourg Financial Intelligence Unit (the Cellule de

GoAML The online portal which is to be used to make declarations

IFM Investment fund managers, including management companies

KYC Know your customer

ML/TF Money laundering and terrorist financing

PF Proliferation financing – act of providing funds or financial

Professional Any person regulated in Luxembourg for AML/CTF purposes as

RR The person responsible for the fight against ML/TF at

RAIF Luxembourg Reserved Alternative Investment Fund

SAR Suspicious activity report

STR Suspicious transaction report

Third-Party Introducer A third-party introducer within the meaning of Article 3-3(1) of

TFS Targeted financial sanctions – covering both asset freezing and

UCITS Undertaking for Collective Investment inTransferrable Securities,

Undertaking for Collective Undertaking for collective investment, investment company

A.2. ML/TF Risk Assessment

A.2.4. Geographical risk ■ Countries identified as providing funding

1 Page 115 of the ESAs Joint Guidelines: https://www.eba.europa.eu/sites/default/documents/files/document_

investor subscribing units or shares of an investor appearing in the register of the

the detection of potentially suspicious of verification can be performed on a risk-

It is important to stress that Beneficial The purpose of such screening is to identify

Examples of Listed Assets Examples of unlisted assets

■ Shares, stocks, bonds listed ■ Real estate

AML/CTF due diligence measures

Yes (as Yes (as

of the ML/TF risks presented by specific

The Association of the Luxembourg Fund decision-making through relevant input

An up-to-date, innovative legal and fiscal

Reviewed practices and recommendations

You might also like