De-risking Practices and ML/FT Risk Management – CSSF

De-risking Practices and ML/FT Risk Management – CSSF Close Professionals Consumers Search in: Search for information (3 characters minimum) Search All content Regulatory framework Publication and data Direct links Loading... Entities Access the database Close Professionals Consumers Loading... Search Entities Whistleblowing Customer complaint Public register of the audit profession Published on 16 June 2026 Email this Share this on LinkedIn Share this on Facebook Communiqué De-risking Practices and ML/FT Risk Management The CSSF has been approached by individuals and legal entities regarding difficulties in opening bank accounts in Luxembourg. In this context, the CSSF has been informed that some credit institutions attribute these difficulties to burdensome legal requirements relating to the prevention of money laundering/financing of terrorism (“ML/FT”) and to their understanding of the CSSF’s expectations regarding ML/FT risk exposure of supervised entities. 1. Management, not avoidance, of ML/FT risks Against this backdrop, the CSSF wishes to clarify that it expects professionals to manage ML/FT risks effectively , which does however not mean that such risk shall be avoided. To manage their ML/FT exposure, supervised entities shall develop a proper understanding of the ML/FT risks to which they may be exposed in the conduct of their business and implement an appropriate and effective internal framework for the identification and mitigation of such risks. The guidance issued by different stakeholders is intended to raise awareness and supports professionals in designing and implementing appropriate internal control frameworks. It shall not however be interpreted as a prohibition of entering into higher-risk business relationships. The existence of a higher level of ML/FT risk exposure does not as such justify a refusal to establish or maintain a business relationship. Thus, supervised entities may not generally ban or exclude entire categories of clients, products or services other than those expressively provided for by applicable laws and regulations, such as the Law of 12 November 2004 on the fight against money laundering and terrorist financing and CSSF Regulation No 12-02 of 14 December 2012. However, this does not preclude any decision by professionals to redefine their business line and to stop offering services or products to a dedicated category of clients as further set out in point 2 below. As reflected in Circular CSSF 21/782 and further reinforced by Circular CSSF 23/842 and Circular CSSF 25/878, which integrate the latest amendments to the guidelines of the European Banking Authority (“EBA”) on ML/FT risk factors (EBA/GL/2021/02 and EBA/GL/2024/01), professionals shall apply a nuanced and well-informed assessment of customer risk profiles. Financial inclusion and sound ML/FT risk management are not mutually exclusive and should be pursued in a balanced and proportionate manner, as also recommended in the FATF’s Guidance on Financial Inclusion promoting greater recognition of a risk-sensitive approach to implementing AML/CFT measures. This approach allows professionals to apply “simplified due diligence” to low-risk populations instead of rigid, traditional identification requirements. 2. The CSSF does not intervene in the business model of the professionals As a general principle, the CSSF does not intervene in business models or commercial decisions of the professionals of the financial sector. Only in exceptional circumstances, when professionals have not taken the appropriate ML/FT risk management actions, the CSSF enjoins the professionals to adopt a “de-risking” approach as the ML/FT risk is deemed as no longer manageable. However, professionals must not confuse said (rare) CSSF-imposed “de-risking” with an “exit strategy” implemented in order to remain profitable. Accordingly, decisions relating to the acceptance or refusal of clients remain the sole responsibility of each institution and the CSSF may not issue opinions on individual onboarding decisions. In this context and considering the increase of compliance costs and the growing complexity of ML/FT risks, professionals may decide that some categories of higher ML/FT risk customers are no longer profitable for them. However, this then is a strategic business decision, to be distinguished from decisions driven by cases of non-compliance with laws and regulations. 3. Cooperation of clients is required The CSSF recalls that the identification and mitigation by professionals of ML/FT risks also requires an active cooperation of the potential client with the professional. Difficulties in opening a bank account may arise when potential clients are unable to provide adequate documentation, including information on the origin of funds, or refuse to provide information. In this context, it is important that clients understand that financial institutions are subject to strict legal obligations and that cooperation in providing accurate and complete information is essential to enable professionals to fulfil their obligations. Should a client present specific or high-risk characteristics or face practical difficulties in providing standard documentation, professionals are encouraged to assess whether alternative and proportionate measures may be implemented to establish or maintain existing business relationships in accordance with the updated EBA guidelines (EBA/GL/2023/03) and Circular CSSF 23/842. 4. Future guidance In order to address unwarranted de-risking, Article 21(4) of AMLR 1 mandates the EBA and EU Anti-Money Laundering Authority (“AMLA”) to issue, by July 2027, joint guidelines on the measures that may be taken to ensure compliance with AML/CFT rules, including in relation to business relationships that are most affected by de-risking practices. 1 Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing Main topic: Financial crime Relevant for Credit institutions We use cookies to ensure that we give you the best experience on our website. By clicking “Accept all”, you consent to the use of all of the cookies. Cookie settings Reject non-essential cookies Accept all Cookie settings We use cookies to improve your experience while you navigate our website. Strictly necessary cookies are stored in your browser as they are essential for the website to function. Other cookies further improve your experience and help us analyse how users interact with our website by collecting anonymous data. These cookies will only be stored in your browser with your consent. Privacy Policy Necessary cookies Necessary cookies: Allow These technical cookies only store anonymous data and are necessary for the website to function. These cannot be disabled. Name Description Duration cssf_cookies Saves information regarding the user's consent to the use of cookies for each optional category. 1 year ROUTEID Technical cookie allowing load distribution. Deleted when the browsing session ends TBMCookie* Security: This cookies protects the website against automated attacks. Deleted when the browsing session ends __utmvc These first party cookies are set by a third party service to filter out malicious requests. Deleted when the browsing session ends __utmvm* These first party cookies are set by a third party service to filter out malicious requests. 15 minutes Functional cookies Functional cookies: Allow Functional cookies provide enhanced functionality and improve your experience when you navigate our website. They may be set by us or by third party providers whose services are included in some of our pages. Disabling these cookies may affect your experience and some services may not function properly. Name Description Duration cssf_profile This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers). 1 year pll_language This cookie saves the user’s language choice. 1 year Performance cookies Performance cookies: Allow Performance cookies help us collect anonymous statistical data such as the number of visits, the average time spent on the website or the pages consulted during a browsing session. The information is aggregated and anonymous, and allows us to monitor and improve the performance of our website. Name Description Duration _pk_id.# Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party. 1 year _pk_ses.# Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party. 30 minutes SoundCloud SoundCloud: Allow This content from a third party provider has been blocked. By allowing this content to load, you agree with the terms of SoundCloud's cookie usage and privacy policy Save preferences Reset cookies Reject non-essential cookies Accept all