AML-CTF new regulation for the Luxembourg insurance sector

Luxembourg

On 20 August 2020, two important texts from an anti-money laundering and counter-terrorism financing (“AML-CTF”) perspective were published:

  • the Commission de Surveillance du Secteur Financier (« CSSF ») regulation n°20-05 of 14 August 2020 amending CSSF regulation n°12-02 of 14 December 2012 relating to the fight against money laundering and terrorism financing (“ML-TF”) (the “CSSF Regulation”); and
  • the Commissariat aux Assurances (“CAA”) regulation n°20/03 of 30 July 2020 relating to the fight against ML-TF (the “CAA Regulation”) which repeals the CAA regulation n°13-01 of 23 December 2013 relating to the fight against ML-TF. The CAA Regulation is completed by an interpretative note which provides useful guidance on the provisions of the CAA Regulation (the “Interpretative Note”).

Both texts, which either amend or replace previous provisions, have been adopted in order to take into account the current legislative framework on the fight against ML-TF. Indeed, since respectively 2012 and 2013, the law of 12 November 2004 on the fight against ML-TF (“the 2004 Law”) has been amended several times in order notably to implement directives 2015/849 (the “4th AML Directive”) and 2018/843 on the fight against ML-TF. In that context, on 24 August 2020, the Grand Ducal regulation of 14 August 2020 amending the Grand Ducal regulation of 1 February 2010 providing details on certain provisions of the 2004 Law, as amended, has also entered into force[1]. The regulatory framework in the financial and insurance sectors therefore required updating.

We will briefly analyse in the present note the changes implemented by the CAA Regulation. Changes implemented by the CSSF Regulation are set out in a separate note which you will find at the following link : AML-CTF amended regulation for the Luxembourg financial and asset management sectors

In addition to amendments which are general from an AML-CTF perspective (A), the CAA Regulation furthermore implements changes which are specific to the insurance sector, such as briefly detailed below (B).

A. General amendments

a. Scope of the CAA Regulation

The CAA Regulation brings clarifications with respect to the scope of applicable AML/CTF requirements. Pursuant to Article 2 of the CAA Regulation, notably insurance and reinsurance companies as well as insurance intermediaries are subject to the CAA Regulation as soon as they obtain their authorisation to carry out activities in relation to life-insurance classes and/the non-life insurance classes 14 and 15 (credit and surety operations). The Interpretative Note further specifies in this respect that in such cases, the relevant professional is at least subject to the obligation to designate a Person Responsible for Compliance (RR) even if the relevant professional does not effectively carry out the activities for which the authorisation has been granted. Furthermore, in case the relevant professional wishes to start any activity which falls within the scope of application of the 2004 Law, such professional will be required to take any required measures to implement the policies, controls and procedures required pursuant to the 2004 Law.

Article 2 further specifies that all natural and legal persons which are supervised by the CAA are required to implement financial restrictive measures, whether or not such persons are professionals subject to the aforementioned obligations. In this respect, the CAA provided recent guidance in its CAA circular letter n° 20/12. It should further be noted that the CAA Regulation does not directly apply to insurance agencies or agents but only to the insurance undertakings which have requested their licensing on their behalf.

b. Automated client acceptance process in low risks situations

By exception to the general requirement relating to the acceptance of a new client, whenever the relevant client presents a low ML/TF risk, such acceptance may be carried out on the basis of an automated acceptance process at the level of the relevant professional, which does not involve a natural person[2].

c. Simplified due diligence

The CAA Regulation in its new version now also takes into account the application of simplified due diligence measures which was previously not the case. Examples of simplified due diligence measures are provided such as:

  • when dealing with regulated entities, verifying that the client is indeed subject to registration/licensing requirements by carrying out a research on the official website of the regulator and documenting the results thereof; or
  • when dealing with a credit institution or financial institution which is regulated, for the persons who are acting on behalf of this institution, instead of requiring the exhaustive identification of these persons, obtaining from the relevant institution a letter confirming that the latter carried out due diligence measures in relation to these persons and regularly screens these persons against restrictive financial measures lists[3].

d. Non-face-to-face business relationships

In case of a non-face-to-face business relationship for which the relevant professional did not take into account the necessary guarantees, the professional is required to take additional measures considering the potentially higher risk presented by this relationship[4].

Therefore, even though the 2004 Law no longer provides for the automatic application of enhanced due diligence measures in relation to non-face-to-face business relationships, the CAA Regulation requires professionals to take additional measures nonetheless in order to compensate for the potentially higher risk presented by this type of relation.

e. Outsourcing arrangements

The obligations of a professional relying on a service provider are further detailed in the CAA Regulation[5]. In particular, in addition to previous requirements, the CAA Regulation specifies the monitoring obligation of the professional which, beyond the requirement to occur regularly, should enable the professional to verify and control (for example by way of sample testing and on-site controls) compliance with the obligations of the service provider.

B. Insurance sector specific amendments

a. Beneficiaries of life insurance contracts

The CAA Regulation now expressly specifies that professionals shall take into account the beneficiary of a life insurance contract as a relevant risk factor when determining whether enhanced due diligence measures are applicable to a relevant business relationship[6].

b. Due diligence requirements for insurance portfolio transfers

Professionals towards which an insurance or reinsurance portfolio is being transferred is required to carry out a due diligence on the policies and procedures in place at the level of the transferring company[7]. The receiving professional is furthermore required to also assess the internal or external audit reports of the three last years of the transferring company in order to assess whether the latter’s AML/CTF policies and procedures comprise client due diligence measures which are compliant with the requirements of the 2004 Law or of the 4th AML Directive.

c. AML/CTF checks for beneficiaries of insurance policies

The CAA Regulation now specifies that in case of a full or partial transfer of a life-insurance contract or other type of unit-linked insurance contract to a third party, the professional which is informed of such transfer is required to identify the beneficial owner at the time of the transfer to the natural or legal entity or legal arrangement which receives for its account the value of the transferred contract[8].

In addition, the verification of the identity of the beneficiaries of insurance policies must be carried out at the latest when the insurance benefits are paid out, and, in any case, prior to the disbursement of funds[9].

d. Scope of sanction screening requirements

The CAA Regulation now expressly specifies which persons have to be screened when entering into a new business relationship, i.e. the client, their proxy, the beneficial owners, the beneficiaries of the insurance policy, and, if applicable, the intermediaries, the insured persons, the identified objects subject to insurance or reinsurance coverage, the service providers and the recipients of compensation[10].

e. Supervisory systems identifying unclaimed insurance contracts

A new paragraph 6 has been added to Article 37 of the CAA Regulation pursuant to which professionals are required to have an adequate supervisory system in place in order to monitor the due date of insurance benefit payments and identify insurance contracts that are likely to be unclaimed.

f. Appointment of a person responsible for compliance and a compliance officer

Professionals are required to appoint a Person Responsible for Compliance (RR) at the level of management[11]. Management is defined under the CAA Regulation as the persons who have an effective influence on the general conduct of the activities of the professional, which are part of the management bodies of the professional, including the board of directors or managers, the management committee and, in so far as these persons are not part of these bodies, the effective management[12].

Depending on their activities, size and organisation, professionals are also required to designate a compliance officer (RC) which is in charge of controlling compliance with AML/CTF obligations. In the absence of a compliance officer, the Person Responsible for Compliance (RR) may also be designated to undertake the function of compliance officer.

The Person Responsible for Compliance (RR) and the compliance officer (RC) including any change in relation thereto must be prior notified to the CAA.

Finally, the Interpretative Note specifies notably that at the level of an insurance brokerage firm, the authorised manager (“dirigeant de société de courtage”) thereof may be designated as Person Responsible for Compliance (RR) if this person is also a member of the management body of the insurance brokerage firm.

___________

[1] A coordinated version of the Grand Ducal regulation of 1 February 2010 providing details on certain provisions of the amended 2004 Law as amended by the Grand Ducal regulation of 14 August 2020 was drawn up by the CSSF and is available on the CSSF website since 24 August 2020.
[2] Article 8(1) of the CAA Regulation.
[3] Article 26 of the CAA Regulation.
[4] Article 27 of the CAA Regulation.
[5] Article 35 of the CAA Regulation.
[6] Article 4(1) of the CAA Regulation.
[7] Article 12 of the CAA Regulation.
[8] Article 20 of the CAA Regulation.
[9] Article 23(1) of the CAA Regulation.
[10] Article 31 of the CAA Regulation.
[11] Article 38(1) of the CAA Regulation.
[12] Effective management is defined as the person(s) in charge of daily management, including the authorised managers (“dirigeant agréé”) and general representatives of the branches established in Luxembourg.