On 22 April 2022, the Commission de Surveillance du Secteur Financier (the “CSSF”) issued the Circular CSSF 22/807 updating the amended Circular CSSF 12/552 on central administration, internal governance and risk management (the “Circular 12/552”).
1. Main objective
The update seeks to implement recent changes to relevant EBA and ESMA Guidelines and further reflects the fact that the regulatory requirements pertaining to outsourcing arrangements, which were previously included in the Circular 12/552, have now been moved into the new general Circular CSSF 22/806 on outsourcing arrangements (discussed in our Newsflash on Circular CSSF 22/806 - available here_).
2. Key changes
The key changes to the central administration, internal governance and risk management requirements introduced as a result of the update are the following:
- the Circular 12/552 now includes a definition of ESG risks and explicit requirements to take the latter into account;
- the roles and responsibilities of the Chief Compliance Officer and the compliance function pertaining to AML/CFT have been further specified and now also include the requirement to adopt a “compliance monitoring plan”, tracking the progress of implemented AML/CTF compliance surveillance measures;
- a specific section dedicated to the documentation of loans granted to members of the management body and their related parties has been included, which notably specifies the information to be gathered and, upon first request, made available to the competent authority in this respect;
- the section pertaining to outsourcing arrangements has been considerably shortened and now includes references to the outsourcing rules provided for in the new general Circular CSSF 22/806 on outsourcing arrangements and the CSSF Regulation 12-02 pertaining to anti-money laundering and counter terrorist financing.
The relevant updates will enter into force on 30 June 2022. As of this date, all credit institutions and professionals performing lending operations must comply with the obligations and requirements laid down in the revised Circular 12/552.
If you require more information on the legal regime governing central administration, internal governance and risk management requirements and how to implement the new requirements in practice, do not hesitate to contact us.