In Luxembourg credit institutions (“établissements de credit”) (hereinafter, “banks”) are allowed to operate as “universal banks”, that is, spanning the full range of banking and investment activities, both on the domestic market and abroad.
The incorporation of a bank under Luxembourg law requires written authorisation from the Minister responsible for the financial supervisory authority. Authorisation is granted after examination of the application by the Luxembourg financial sector supervisory authority, “Commission de Surveillance du Secteur Financier” (CSSF), and, to the extent applicable, by the European Central Bank (ECB).
Banks incorporated in Luxembourg are supervised by the CSSF. Regulatory and supervisory rules apply in the same way to all banks incorporated under Luxembourg law, regardless of the nature of their activities. The legal and regulatory conditions governing the establishment of a Luxembourg bank are mainly laid down in the Law of 5 April 1993 on the financial sector, as modified, as well as in a series of circular issued by the CSSF (such as Circular CSSF 12/552 and Circular CSSF 17/669).
Banks must be incorporated in one of the following forms: a public law institution (établissement de droit public), a public limited company (société anonyme), a corporate limited partnership (société en commandite par actions) or a cooperative company (société cooperative).
Banks incorporated under Luxembourg law are required to have a subscribed and fully paid-up share capital of EUR 8,700,000. These amounts may be modified by Grand Ducal regulation. The shareholders’ equity may not fall below the minimum level of share capital stated above. If the shareholders’ equity does fall below this amount the CSSF can, if circumstances justify it, grant a limited time extension for the credit institution to correct its position or cease its activities.
The registered seat and central administration of a Luxembourg bank must be in Luxembourg, meaning that all accounting and administrative functions must be performed in the Grand Duchy. The requirements of a central administration are detailed in the CSSF Circular 12/552, as amended. Moreover, depending on the activities of the bank, the organisational requirements set out by the MiFID II framework (as implemented in Luxembourg) will also need to be met.
Authorisation of a bank is subject to prior communication to the CSSF and the ECB (depending on the size and systemic importance of the bank) of the identity of shareholders or partners, either direct or indirect, individuals or legal entities, who hold a qualifying holding, or a holding which permits them to exercise significant influence over the conduct of its affairs, and the total amount of these holdings. The suitability of these shareholders or partners must be of a satisfactory level, taking into consideration the need to guarantee sound and prudent management of the credit institution. The structure of the shareholding must be transparent in order not to impede the prudential supervision of the bank, especially, when applicable, the supervision of the group on a consolidated basis.
A bank must have sound administrative and accounting organisation including a clear organisational structure with defined procedures and responsibilities. It is required to have adequate internal control processes for the monitoring, detection, management and declaration of risks to which the bank might be exposed. It must have autonomous support functions in accounting and data processing, mechanisms for the control and security of its IT systems and an internal audit function adapted to its size and activities.
Authorisation is subject to the members of the bodies performing administrative, management and supervisory functions, as well as the shareholders or partners, providing proof of their professional standing. This reputation is assessed on the basis of past history and by any other evidence which shows that the persons concerned have a good reputation and present every guarantee of irreproachable conduct. Particular focus is also put on the absence of any suspicious involvement related to money laundering and/or terrorist financing and or proliferation financing. The management of the bank must be exercised by at least two individuals who are effectively authorised to determine general business policy. The executive managers must have the necessary professional repute and sufficient experience for the performance of their duties. Moreover, the authorisation process of the key function holders within the bank provided for in CSSF Circular 12/552 should be observed.
The annual accounts must be audited by one or more approved statutory auditors who qualify in Luxembourg as “Réviseurs d’entreprise agréés” and who have the professional experience necessary for the performance of their duties. Any change of external auditors requires prior approval by the CSSF.
Authorisation is accorded by the Minister responsible for the CSSF (the Minister of Finance) on the basis of a written application and following instruction by the CSSF.
The application must be accompanied by a full set of supporting documentation, together with a business plan identifying the type and volume of business to be undertaken and the administrative and accounting structures to be put in place.
It is customary for entities applying for authorisation as a credit establishment to submit an informal file to the CSSF containing information relevant to the evaluation of the request, before submitting a formal request for approval to the Ministry.
Financial markets trading is bound by the provisions of EU regulation, notably the MiFID Law of 30 May 2018 implementing directive 2014/ 65/EU of 15 May 2014 and Regulation (EU) Nr 600/2014 of 15 May 2014.
A bank must satisfy the regulatory authority that it has adequately foreseen and adapted to the financial repercussions of MiFID 2 and PRIIPs regulation. This will include enhanced transparency relating to the provision of investment advice and the cost of investing, extended trade reporting, a corporate structure adequate to any cross-border activities foreseen and stronger governance and compliance functions.