Issued on 23 August 2018, the CSSF Circular 18/698 is directed to Luxembourg-based UCITS Managers and AIFMs, including self-managed UCITS/AIFs. It provides extensive prescriptive guidance on organization, operations and substance, as well as management information systems and regulatory reporting necessary to facilitate the CSSF’s ongoing supervision of these firms. It covers questions of governance, oversight of delegated activities, as well as broad variety of other topics.

Governance Framework

The Circular clarifies the role and responsibilities of Directors, the number and type of other mandates permitted and their professional time commitments. In principle, Directors are limited to 20 mandates and 1,920 professional hours. However, there is some flexibility, including for mandates on special purpose vehicles (SPVs) that are held by the funds and for mandates within the same family of funds. Furthermore, the majority of Directors may not be at the same time employees of the Manager.
The CSSF also specifies the responsibilities and location of Senior Management, their time commitments, other mandates and responsibilities. It expects the two Senior Managers to be located in Luxembourg, while allowing for some flexibility with regard to Managers with less that EUR 1.5bn in assets under management. In these cases, one of the Senior Managers may be based abroad and work in Luxembourg on a part-time basis, provided that there be a sufficient number of qualified staff in Luxembourg to support them in their areas of responsibility. When the assets under management exceed the limit of EUR 1.5bn, the two Senior Managers must be located in Luxembourg on a full-time basis. However, if the management company has more than two Senior Managers, the additional Senior Managers may be located abroad if they have qualified staff in Luxembourg to support them in their areas of responsibility.

Oversight of Delegated Functions

The Circular clarifies the range of functions that may be delegated, while indicating the specific conditions for each type of delegation. These functions include portfolio management, risk management, valuation, complaints handling, compliance, internal audit, IT, finance and so-called MiFID services.
The guidance spells out detailed requirements for initial and ongoing due diligence on delegates. It specifies that delegate oversight arrangements should satisfy the same standards irrespective of whether the delegate is part of the same corporate group or an external delegate. The CSSF expects the investment management company to develop a continuous risk-based approach for the oversight of its distribution network. The management company must put in place a plan for carrying out periodic due diligence on its delegates for a multi-year period. The monitoring of activities delegated to a third party cannot be delegated under any circumstances. Therefore, the management company must have a sufficient number of qualified staff in Luxembourg to adequately monitor the delegated activities. In carrying out the initial due diligence, the management company shall, inter alia, identify and assess all risks arising from the delegation, including operational, financial, legal and reputational risks, with a view to properly managing them. It must enable the management company to ensure that the enterprise to which functions will be delegated is qualified and capable of performing the functions in question, depending on the nature of the delegated functions, in compliance with legal and regulatory and contractual requirements. The continuous monitoring must allow the company to ensure that the services provided by the intermediary are continuously in compliance and to evaluate in the long term the adequacy of the organizational structure and procedures of the intermediary relative to the delegated distribution activity and to determine whether the intermediary is qualified and capable of performing the functions in question.

Further Areas

The Circular offers also detailed guidance on the following topics:
• requirements in relation to the anti-money laundering and counter-terrorist financing (AML/CTF) legal provisions;
• committees, including a new product approval committee and a new intermediary approval committee;
• staffing requirements (with a minimum staff of 3 full time equivalents (FTE) employed and located in Luxembourg), as well as secondments;
• the format and content of the Risk Management Process document which the AIFMs must communicate to the CSSF, as well as the annual update of this document;
• the additional authorization and organisational requirements to obtain a license to perform the activity of discretionary portfolio management for individual clients;
• obligations regarding EMIR, MiFID II and MMFR compliance for funds managed;
• notifications and approval requirements for changes to qualified shareholdings;
• own funds requirements, including eligible capital instruments, use of own funds, acquisition/creation of a subsidiary, and ongoing financial control and reporting obligations; and
• reporting to the CSSF, with some changes to the frequency and deadlines of specific reports.

Entry into force

Circular 18/698 went immediately into effect. It repealed Circular 12/546 which set out the CSSF’s expectations for UCITS Managers, while, in practice, it also served as the benchmark for AIFMs. Furthermore, the CSSF Circular 04/155 (Compliance Function) and IML Circular 98/143 (Internal Audit Function) are no longer applicable to Investment Fund Managers given that the new Circular contains the full body of requirements for these functions.

Julien Dif

Related Expertises