Overview
The Commission de Surveillance du Secteur Financier (CSSF — Commission for Supervision of the Financial Sector) is Luxembourg's integrated financial services regulator, established on 23 December 1998, succeeding the Commissariat aux Bourses and consolidating prudential and market conduct supervision. The CSSF operates as the primary financial supervisory authority for the Grand Duchy of Luxembourg, regulating banking, investment services, insurance, investment funds, and payment services.
Establishment: Founded 23 December 1998 under the Law of 23 December 1998 (Loi de 23 décembre 1998 relative à la surveillance du secteur financier), which formally created the CSSF as an integrated regulator.
Current Leadership:
Claude Marx, Director General
Executive Board includes Claude Wampach, Marco Zwick, Pascale Toussing, and other Directors
Appointed by the Grand Duke on proposal of the Government in Council for five-year terms
Jurisdiction: The CSSF exercises regulatory authority over all financial market participants operating in Luxembourg, including credit institutions, investment firms, asset managers, insurance undertakings, payment institutions, and collective investment fund operators.
Strategic Position:
Luxembourg has established itself as the world's second-largest investment fund domicile (after the United States by assets, largest in Europe) and a major international banking and financial services center. The CSSF's regulatory framework facilitates this position while maintaining robust supervisory standards:
Global Fund Center: Dominates UCITS and AIF markets in Europe and Asia
International Banking: Major banking presence, including headquarters of significant banking groups
Insurance Sector: Substantial international insurance and reinsurance undertakings
Payment Services: Significant payment infrastructure (Euroclear, clearing systems)
Fintech: Growing fintech and blockchain finance ecosystem
Basic Identity
Field | Value |
|---|---|
Official Name (English) | Commission de Surveillance du Secteur Financier (CSSF) — Luxembourg |
Official Name (Local Language) | Commission de Surveillance du Secteur Financier (CSSF) — Luxembourg |
Acronym | CSSF |
Country | Luxembourg |
Jurisdiction Level | National |
Official Website | |
Official Website Language(s) | English |
Headquarters | Luxembourg |
Year Established | Not publicly documented |
Current Status | Active |
Classification
Field | Value |
|---|---|
Entity Type | Financial Services Regulator |
Control Layer | Layer 1 — Sovereign/Government Regulator |
Legal Authority Level | Binding |
Jurisdiction Level | National |
Scope of Power | Licensing, Supervision, Enforcement, Rulemaking |
Inclusion Justification
Field | Value |
|---|---|
Why This Entity Is Included | Integrated financial regulator with authority spanning multiple financial sectors including banking, insurance, and/or securities |
Type of Influence | Direct |
Exclusion Risk | Removes the primary multi-sector financial regulatory authority from the directory |
What This Entity Oversees
The CSSF is the primary prudential regulator for credit institutions operating in Luxembourg. Luxembourg hosts a significant international banking sector, including numerous headquarters of regional and global banking groups, as well as subsidiary and branch operations of major international banks.
Credit Institution Authorization:
Types of Institutions:
Credit institutions: Universal banks, commercial banks, savings banks
Specialized credit institutions: Mortgage banks, investment banks, private banks
Building societies (Caisses d'épargne)
Cooperative banks
Authorization Requirements:
Fit-and-proper persons assessment (shareholders, board members, management)
Minimum capital requirements (EUR 1–10 million depending on business type)
Business plan and risk management framework
Governance structure and internal controls
AML/CFT compliance framework
Operations and IT security standards
Prudential Supervision:
Capital Adequacy:
CRD IV/CRR implementation (Basel III standards)
Pillar 1: Minimum capital ratios (Common Equity Tier 1: 4.5%, Tier 1: 6%, Total Capital: 8%)
Pillar 2: Institution-specific capital requirements (ICAAP framework)
Pillar 3: Market discipline and transparency requirements
Capital buffers (capital conservation buffer, countercyclical buffer, systemic risk buffer)
Liquidity Management:
Liquidity Coverage Ratio (LCR): 100% coverage of 30-day stress scenarios
Net Stable Funding Ratio (NSFR): Long-term balance sheet stability
Large exposure limits: 25% of capital per counterparty
Intragroup exposure restrictions
Funding concentration monitoring
Risk Management:
Interest rate risk in banking book
Credit risk and counterparty exposure
Operational risk and business resilience
Market risk and trading book regulation
Concentration risk and sectoral exposure
Liquidity stress testing
Interconnectedness and systemic risk assessment
Supervisory Tools:
On-site inspections and off-site monitoring
Regulatory reporting and data analytics
Stress testing and capital planning reviews
Supervisory colleges for cross-border groups
Regulatory capital restrictions and distribution limitations
Behavioral requirements and operational conditions
Remedial action authority and intervention powers
SSM Participation:
For Luxembourg's "significant institutions" (meeting size/systemic criteria), banking supervision is coordinated with the Single Supervisory Mechanism (SSM) under ECB leadership. The CSSF continues to supervise "less significant institutions" (LSIs) under ECB oversight.
Securities and Investment Regulation
The CSSF regulates investment services, securities markets, and market conduct under the Luxembourg investment services framework and EU MiFID II requirements.
Investment Firm Authorization:
Categories of Firms:
Investment firms: Broker-dealers, advisers, portfolio managers
Markets operators: Regulated market operators, multilateral trading facilities (MTF)
Credit institutions providing investment services
Authorization Requirements:
Fit-and-proper assessment
Minimum capital (EUR 50,000–500,000 depending on services)
Business plan and organizational requirements
Client segregation and operational resilience
Risk management and governance framework
Complaints handling procedures
Markets Regulation:
Regulated Market (Luxembourg Stock Exchange):
Market operator authorization
Trading rules and participant requirements
Listing standards and corporate governance
Investor protection and fair dealing rules
Market surveillance and misconduct prevention
Post-trade transparency (trade reporting)
Multilateral Trading Facilities (MTF):
Operator authorization and oversight
Participant rules and fee transparency
Trading conduct and best execution
Pre/post-trade transparency requirements
Order handling and execution standards
Market Conduct Regulation:
Market Abuse Regulation (MAR):
Insider dealing and market manipulation prevention
Suspicious activity surveillance and reporting
Investigation and enforcement authority
Penalties up to EUR 5 million or 3× profit gained from abuse
Prospectus Regulation:
Prospectus approval for public offerings
Continuous disclosure for listed issuers
Exemptions for private placements and institutional offerings
Takeover regulation and delisting standards
MiFID II Implementation:
Investment service conduct of business standards
Suitability and appropriateness assessments
Best execution and order handling
Conflicts of interest management
Inducement restrictions (fees vs. commissions)
Client classification and protections
Complaints handling and dispute resolution
Securities and Fund Regulation
UCITS Fund Regulation (Largest European UCITS Domicile)
The CSSF is the primary regulator for UCITS (Undertakings for Collective Investment in Transferable Securities) domiciled in Luxembourg. As of 2026, Luxembourg hosts the largest concentration of UCITS fund assets globally, with over EUR 4+ trillion in UCITS assets domiciled in Luxembourg distributed across the world.
UCITS Supervision:
UCITS Management Company Authorization:
Fit-and-proper assessment of board, management, shareholders
Minimum capital requirements (EUR 300,000 minimum; higher if managing large AUM)
Governance and operational standards
Risk management and internal control framework
Delegation and outsourcing supervision
Remuneration governance (ESMA guidelines)
UCITS Fund Authorization:
Fund rules or prospectus approval
Investment policy and risk restrictions
Depositary selection and oversight
Valuation and pricing controls
Distribution and marketing compliance
Cross-border notification (EU passporting)
Ongoing UCITS Supervision:
Portfolio monitoring and investment limit compliance
Performance and portfolio concentration analysis
Risk management and stress testing reviews
Governance and compliance assessments
Depositary oversight and conflict management
Fund distribution and shareholder communication
UCITS Characteristics:
Harmonized investment policy (equities, fixed income, money market instruments)
Strict diversification and concentration limits
Investor protection through depositary safekeeping
EU-wide marketing rights (passporting)
Standardized disclosure and reporting
Investor redemption rights
UCITS Competitive Advantages (Luxembourg position):
Mature supervisory and regulatory ecosystem
Investor-friendly tax treatment
English-language documentation and service providers
Minimal local presence requirements
Efficient fund incorporation and listing
Centralized administration and accounting services industry
Regulatory transparency and predictability
Cross-border marketing expertise
UCITS Fund Types Commonly Domiciled:
Equity funds (single country, regional, global)
Fixed income and bond funds
Money market funds
Balanced and multi-asset funds
Sustainable/ESG funds
Alternative UCITS strategies (hedge fund-like within UCITS constraints)
Master-feeder structures
Fund-of-funds
Alternative Investment Fund (AIF) Regulation
CSSF supervises Alternative Investment Fund Managers (AIFMs) domiciled in Luxembourg or managing AIFs marketed to EU investors under the AIFM Directive.
AIFM Authorization:
Fit-and-proper assessment
Capital and liquidity requirements
Governance and organizational structure
Risk management and stress testing
Conflict of interest procedures
Delegation and outsourcing framework
Remuneration governance
AIF Supervision:
Fund rules or offering documents approval
Investment policy and leverage limits
Depositary and custody arrangements
Valuation of illiquid assets
Investor reporting and disclosure
Redemption rights and liquidity management
AIF Categories:
Hedge funds and absolute return strategies
Private equity and venture capital funds
Real estate investment funds
Infrastructure and renewable energy funds
Commodity and commodity derivative funds
Fund-of-funds and multi-strategy funds
Secondaries and co-investment funds
Leverage and Leverage Limits:
Leverage definition (borrowing and derivatives)
Gross and net leverage calculation
Leverage limits based on risk profile
Counterparty exposure limits for leveraged AIFs
Stress testing and leverage monitoring
The CSSF regulates insurance undertakings, reinsurance companies, and insurance distributors under the Solvency II regime and Luxembourg insurance law.
Insurance Undertaking Supervision:
Authorization Requirements:
Fit-and-proper assessment of board, management, shareholders
Solvency Capital Requirement (SCR) assessment
Business plan and risk management framework
Governance and compliance structure
Internal audit and actuarial functions
AML/CFT compliance
Solvency II Compliance:
Solvency Capital Requirement (SCR) calculation and compliance
Minimum Capital Requirement (MCR) maintenance
Own Risk and Solvency Assessment (ORSA) framework
Internal governance and risk management
Valuation of assets and liabilities (market-consistent principles)
Technical provisions adequacy
Reinsurance and counterparty risk management
Insurance Distribution:
Broker and agent authorization
Professional indemnity insurance requirements
Conflict of interest disclosures
Product governance and customer appropriateness
Consumer information and transparency
Complaints handling procedures
Life and Non-Life Regulation:
Premium adequacy and reserving
Policyholder protection funds
Guarantee schemes and protection levels
Investment restrictions (matching principles for life insurance)
Surrender and early termination rights
The CSSF enforces comprehensive AML/CFT requirements under the Due Diligence Act (Loi du 12 novembre 2004 relative à la lutte contre le blanchiment de capitaux et le financement du terrorisme) and AMLD6 implementation.
Customer Due Diligence (CDD):
Know Your Customer (KYC):
Customer identity verification (government-issued ID, passports)
Beneficial ownership identification (natural persons with 25%+ control)
Source of funds and source of wealth documentation
Occupation and business relationship confirmation
Customer risk classification
Enhanced Due Diligence (EDD):
Applied to PEPs (Politically Exposed Persons)
High-risk jurisdictions and countries subject to sanctions
Complex ownership structures and legal entities
Correspondent banking relationships
Additional verification and senior management approval
Ongoing Monitoring:
Continuous transaction surveillance
Behavioral pattern analysis and anomaly detection
Periodic customer file review and update
Suspicious activity identification
Transaction velocity and concentration monitoring
Beneficial Ownership Registers:
Registry of beneficial owners maintained by companies registration office
Transparency requirements for Luxembourg companies
Trusts and legal entities beneficial owner identification
Sanctions Screening:
Daily screening against UN, EU, and national sanctions lists
PEP screening and monitoring
Adverse media screening
Automatic blocking of sanctioned persons/entities
Sanctions incident reporting
Reporting Requirements:
Suspicious Transaction Reports (STR): Reported to Financial Intelligence Unit (Cellule de Renseignement Financier)
Large Transaction Reports (LTR): Cash transactions exceeding EUR 15,000
Sanctions Breach Reports: Immediate notification for sanctions incidents
Cross-border Movement Reporting: Physical currency transfers >EUR 10,000
AML/CFT Supervision:
Compliance examinations and risk assessments
Monitoring of suspicious activity and reporting
Enforcement for violations and failures to report
Penalties and license restrictions
Criminal referral of suspected money laundering
Regulatory Powers
The CSSF possesses comprehensive enforcement authority under the Law of 23 December 1998 and sector-specific legislation.
Administrative Penalties:
Financial Penalties:
Up to EUR 10 million per violation for serious breaches
Up to EUR 5 million for regulatory violations
Up to 2–3× profit gained from violations
Proportionality assessment based on gravity, duration, recidivism
Operational Sanctions:
License Revocation: Full withdrawal of authorization
Conditional Authorization: License with specific behavioral requirements
Temporary Suspension: Suspension of services or activities
Prohibition Orders: Removal of board members or managers
Operational Requirements: Mandatory policies, systems, governance improvements
Public Censure: Named enforcement and reputational consequences
Supervisory Measures:
Asset freezes and customer fund restrictions
Transaction limitations and approval requirements
Interim administration or supervised operations
Emergency liquidity support restrictions
Reporting requirements and monitoring conditions
Enforcement Process:
Initial investigation and fact-finding
Breach notification to institution
Opportunity to respond and remediate
Penalty determination (considering aggravating/mitigating factors)
Settlement discussions (potential penalty reduction)
Formal enforcement decision and publication
Appeal to administrative courts
Cooperation with Other Authorities:
Criminal referral to Procurator General
Cross-border enforcement coordination
Information sharing with EU authorities
Asset recovery and restitution procedures
Regulatory Role and Function
Role | Description |
|---|---|
Primary Role | Integrated regulation and supervision of financial services sector |
Licensing Role | Issues licenses across multiple financial sectors |
Supervisory Role | Prudential and conduct supervision of licensed financial institutions |
Enforcement Role | Enforcement of financial services legislation and regulations |
Payment Systems Oversight Role | Oversight of payment service providers and payment systems where applicable |
AML / CFT Role | AML/CFT supervision of regulated financial institutions |
Legal Foundation
The CSSF derives its authority from comprehensive legislative instruments establishing integrated supervision:
Primary Legal Framework:
Law of 23 December 1998 (Loi de 23 décembre 1998 relative à la surveillance du secteur financier):
Establishes the CSSF as an independent public institution
Confers prudential supervision authority across all financial sectors
Sets governance structure and independence guarantees
Provides enforcement and sanction authority
Succeeds and consolidates prior regulatory authorities
Sector-Specific Legislation:
Banking Act (Loi modifiée du 12 juillet 1933 sur les sociétés de crédit)
Securities Act (Loi modifiée du 10 août 1915 sur les sociétés commerciales)
Investment Services Act (Loi modifiée du 5 avril 1993 relative au secteur financier)
Insurance Act (Loi modifiée du 27 juillet 1997 sur l'assurance)
Fund Management Act (Loi modifiée du 17 décembre 2010 relative aux organismes de placement collectif)
Payment Services Act (Loi du 10 novembre 2009 relative aux services de paiement)
EU Directive Implementation:
Capital Requirements Directive IV/Regulation (CRD IV/CRR)
Markets in Financial Instruments Directive (MiFID II)
UCITS Directive (2009/65/EC)
Alternative Investment Fund Managers Directive (AIFMD)
Solvency II Directive (2009/138/EC)
Payment Services Directive 2 (PSD2)
Anti-Money Laundering Directive 6 (AMLD6)
Organizational Structure:
Governing Bodies:
Executive Board: Director General and 2–4 Directors; responsible for operational management
Audit Office: Independent internal audit function
Executive Secretariat: Administrative and support functions
Supervisory Divisions:
Banking Supervision Division: Credit institutions, banking conduct
Investment Services Division: Investment firms, securities markets, broker-dealers
Fund Management Division: UCITS, AIFs, fund managers, depositaries
Insurance Division: Insurance undertakings, reinsurance, insurance distributors
Payment Services Division: Payment institutions, e-money issuers
Compliance and Enforcement Division: Market abuse, conduct breaches, sanctions
International Supervision Division: Cross-border cooperation, equivalence assessments
Licensing and Authorization Relevance
The Commission de Surveillance du Secteur Financier (CSSF) — Luxembourg issues licenses across multiple financial sectors in Luxembourg:
License Type | Description |
|---|---|
Banking License | Authorization to conduct banking activities |
Insurance License | Authorization to underwrite or distribute insurance products |
Payment Institution License | Authorization to provide payment services |
Investment Services License | Authorization to provide investment services |
Electronic Money License | Authorization to issue electronic money |
The licensing framework requires applicants to meet capital requirements, demonstrate fitness and propriety of management, and establish adequate compliance and risk management systems.
Payments and Money Movement Relevance
The CSSF regulates payment institutions, e-money issuers, and payment service providers under the Payment Services Directive 2 (PSD2) and E-Money Directive (EMD2).
Payment Institution Authorization:
Authorized Providers:
Payment institutions (fintech payment providers)
Small payment institutions (limited-scale providers)
Credit institutions (as universal providers)
E-money institutions
Authorization Requirements:
Capital requirements (EUR 20,000–125,000 depending on services)
Governance and operational requirements
Risk management and business continuity
AML/CFT compliance framework
Consumer protection and segregation
Complaints handling procedures
Payment Services Regulated:
Payment initiation services (PISP)
Account information services (AISP)
Money transfers and remittances
Card payments and payment routing
Payment aggregation
Open Banking (PSD2) Implementation:
API connectivity requirements
Strong Customer Authentication (SCA) standards
Data sharing and privacy protections
Exemptions and safeguards (low-value, trusted beneficiaries)
Fraud prevention and liability rules
E-Money Regulation:
E-Money Institution Authorization:
Capital minimum EUR 350,000
Fund segregation (100% backing)
Governance and risk management
Redemption rights
Complaint handling
E-Money Products:
Prepaid payment cards and digital wallets
Account-based e-money
Closed-loop payment systems
Mobile money platforms
Contactless and proximity payments
Payment Systems Governed or Overseen
The Commission de Surveillance du Secteur Financier (CSSF) — Luxembourg has oversight responsibilities across multiple financial sectors in Luxembourg, including payment services:
Function | Relationship to Payments |
|---|---|
Payment Service Provider Licensing | Licenses and supervises entities providing payment services |
Conduct Supervision | Monitors market conduct of payment service providers |
Consumer Protection | Enforces consumer protection rules for payment services |
AML/CFT Compliance | Ensures payment service providers meet AML/CFT requirements |
E-Money Supervision | Oversees electronic money institutions where applicable |
Open Banking / PSD2 | Implements payment services regulatory frameworks where applicable |
The entity regulates payment service providers, e-money issuers, and related financial intermediaries within its integrated supervisory mandate.
Relationship to Other Regulators
The CSSF actively participates in European and international regulatory networks ensuring coordinated supervision and harmonized standards.
European Regulatory Coordination:
European Central Bank (ECB) - SSM:
Coordination for banking supervision of significant institutions
Regulatory harmonization for capital requirements
Macroprudential policy coordination
Emergency liquidity assistance procedures
European Banking Authority (EBA):
Participation in regulatory technical standards development
Supervisory college coordination for banking groups
Peer review and benchmarking
Crisis management coordination
European Securities and Markets Authority (ESMA):
Standards development for securities regulation
Markets surveillance and cross-border coordination
Takeover regulation harmonization
Credit rating agency and clearing house supervision
European Insurance and Occupational Pensions Authority (EIOPA):
Insurance regulatory standards development
Solvency II convergence and guidance
Insurance group supervision coordination
Consumer protection harmonization
International Coordination:
Basel Committee on Banking Supervision:
Observer status and participation in capital adequacy standards
Implementation of Basel III and emerging regulatory developments
IOSCO (International Organization of Securities Commissions):
Participation in securities market conduct standards
Cross-border enforcement cooperation
IAIS (International Association of Insurance Supervisors):
Participation in insurance supervisory standards development
Insurance group supervision coordination
Bilateral Cooperation:
Memoranda of Understanding with major financial regulators
Supervisory colleges for cross-border banking and insurance groups
Information sharing and coordinated examination protocols
Crisis management and resolution coordination
Multilateral Organizations:
Financial Stability Board (FSB) coordination (through ECB/EU participation)
FATF and AML/CFT networks
Payment systems oversight coordination (SWIFT, clearing systems)
Geography and Jurisdiction Notes
Field | Value |
|---|---|
Applies Nationwide | Yes |
Applies at State or Sub-National Level Only | No |
Cross-Border or Regional Reach | No |
Special Territorial Notes | National jurisdiction within Luxembourg |
Important Departments and Divisions
Division / Department | Primary Function |
|---|---|
Supervision Division | Oversight of regulated entities |
Licensing Division | Processing of applications and authorizations |
Enforcement Division | Investigation and prosecution of violations |
Policy and Research Division | Regulatory policy development |
Compliance Division | AML/CFT and regulatory compliance monitoring |
Key Public Resources
CSSF Headquarters Address:
Commission de Surveillance du Secteur Financier
283, route d'Arlon
L-1150 Luxembourg
Grand Duchy of Luxembourg
Website: www.cssf.lu (French, German, English)
Main Reception: +352 45 99 1 (Monday–Friday, 08:30–17:30 CET)
Organizational Contact Structure:
Department | Contact/Function |
|---|---|
General Inquiries | [email protected]; +352 45 99 1 |
Banking Supervision | [email protected] (credit institution authorization/supervision) |
Investment Firms & Markets | [email protected] (investment firm licensing, securities regulation) |
UCITS & Fund Management | [email protected] (UCITS, AIF manager authorization and oversight) |
Insurance Supervision | [email protected] (insurance undertaking authorization/supervision) |
Payment Services | [email protected] (payment institution licensing, PSD2 matters) |
Compliance & Enforcement | [email protected] (conduct violations, sanctions inquiries) |
AML/CFT | [email protected] (anti-money laundering compliance) |
International Coordination | [email protected] (cross-border cooperation, equivalence) |
Authorization and Licensing:
Online application portal available on CSSF website
Pre-authorization consultation meetings available
Standard processing timelines: 3–6 months (banking), 2–4 months (investment/funds), 1–3 months (payments)
Expedited procedures for straightforward applications
Supervisory Colleges:
CSSF hosts supervisory colleges for cross-border groups
Quarterly/semi-annual coordination meetings with foreign regulators
Joint examination plans and supervisory strategies
Notes on Naming and Language
Field | Value |
|---|---|
Preferred English Rendering | Commission de Surveillance du Secteur Financier (CSSF) — Luxembourg |
Official Local-Language Rendering | Commission de Surveillance du Secteur Financier (CSSF) — Luxembourg |
Official Website Language(s) | English |