On 25 November 2019, the CSSF published its FAQs titled Persons involved in AML/CFT for a Luxembourg Investment Fund or Investment Fund Manager supervised by the CSSF for AML/CFT purposes (hereinafter referred to as the “FAQs”). The FAQs remind the management and supervisory bodies of Luxembourg investment funds , AIFMs, and UCITS management companies regulated by the CSSF that, in accordance with Article 4(1) of the Law of 12 November 2004 on the fight against money laundering and terrorist financing (hereinafter referred to as the “Law”), they are required to appoint, at board level, the so-called responsable du respect des obligations (hereinafter referred to as “RR”) and to designate or mandate the so-called responsable du contrôle du respect des obligations (hereinafter referred to as “RC”), who may be “hierarchically subordinate”. At the same time, the CSSF thus limits the discretion of the Board of Directors provided for in Article 4(1) of the Law, which reflects the so-called risk-based approach, to the effect that the RC must be mandated, and not only where appropriate with regard to the size and the nature of the activity of the investment fund or the management company.
Reflecting both the requirements of the AIFMD and the principles of company law, the RR is to be appointed from among the members of the Board of Directors or, at least for investment funds, may comprise the entire Board of Directors. Thus, for investment funds, no individual member of the Board of Directors needs to be appointed as RR.

However, for investment funds, selecting and mandating an RC as well as “selecting” a suitable RR may raise questions. In principle, the FAQs allow both the RC and the RR to be appointed from among the Board of Directors, but they mention that these FAQs are inevitably generalized due to the various constellations that are possible in the area of investment funds, AIFMD, and company law. In our understanding, the guiding principle of the FAQs is, in accordance with the requirements of the AIFMD and company law, the appointment of the AIFM as (external) RC if an investment fund has appointed an authorized AIFM.

1. Requirements for RRs and RCs According to the FAQs and the Law
2. Uniform Requirements

The FAQs provide for three conditions that apply equally to every RR and RC. First, RRs and RCs must demonstrate the necessary knowledge about the investments and distribution strategies of the investment fund concerned and the services offered by the alternative investment fund manager (the “AIFM”).
This is evident from the job description of an RR or an RC and requires no further explanation.
Secondly, both must demonstrate (!) sufficient experience with regard to the AML/KYC provisions applicable in Luxembourg. And thirdly, they are required to be available for questions and other communication at the request of the Luxembourg authorities responsible for measures to combat money laundering and terrorist financing. For registered AIFs “only”, i.e. the Boards of Directors of corresponding investment funds, as well as AIFMs, the CSSF Circular Letter of 31 January 2020 on the annual KYC/AML survey may serve as an example of such communication and the related responsibility of the Board of Directors.
In accordance with the FAQs, proof of sufficient experience relating to Luxembourg AML/KYC requirements can be provided through documented training, for example.

Impact on the Selection of an RR

If a specific person of the Board of Directors is to be elected as RR, but also if it is intended to appoint the entire Board of Directors as RR, the requirements described often result in a “selection”, at least if the Board of Directors, in accordance with current market practice, consists of a representative of the initiator, a representative of the service providers of the investment fund, and an independent Board of Directors based in Luxembourg. The representative of the initiator will rarely meet the requirements with regard to proven experience in Luxembourg AML/KYC legislation, not to mention that the initiator selects the service providers in Luxembourg in order to avoid having to deal with such issues himself/herself. This raises the question of whether it is a good idea to expose the representative of the initiator to the possibility of receiving an unexpected call from the CSSF who might ask a few questions about the current AML/KYC situation of the fund.
For the representative of the service providers, it should, in principle, be possible to fulfill the obligation to provide evidence of the required AML/KYC knowledge since the employees of local service providers are required to complete appropriate training anyway.
In our opinion, however, avoidable conflicts of interest may arise since the Board of Directors of an investment fund is responsible for monitoring service providers and thus also for the employer of the RC. The RR would therefore monitor itself if a service provider of the investment fund appoints an employee as the RR . In our opinion, such a conflict of interest can be avoided if the function of the RR is a) not assumed by the entire Board of Directors and b) especially not assumed by the representative of a service provider who, as AIFM, is either responsible for compliance with the AML/KYC requirements (more on this below) or for the investor due diligence, e.g. as transfer and registrar agent. Considering the role of AML/KYC compliance and the increasing focus on overall responsibility of Boards of Directors, combined with the AIFMD’s requirements to avoid conflicts of interest where possible, it seems reasonable not to create conflicts of interest if they can be avoided.
In this case, the independent Board of Directors would remain as RR, whose due diligence, which is carried out by the initiator, should cover the question of documented knowledge with regard to Luxembourg AML/KYC legislation, along with the question of whether this Board of Directors is even prepared to assume such responsibility.

Additional Requirements for RCs

In addition to sufficient knowledge with regard to Luxembourg AML/KYC legislation, RCs must also have sufficient expertise in this field. In other words: They must also apply or at least have applied their knowledge in the recent past.
For many members of the Board of Directors of an investment fund, this may be difficult to accomplish. Therefore, for this reason alone, they cannot assume the function of RC.
Furthermore, every RC must have access to all internal documents and systems that are necessary for performing its tasks and must be available to the local supervisory authorities without delay.
In principle, each Board of Directors should at all times have data on the investment fund relevant to its duties and responsibilities at its disposal. However, in accordance with the provisions of the AIFMD and the Law of 1915 on commercial companies (hereinafter referred to as the “Law of 1915”), the Boards of Directors of an investment fund are not responsible for the day-to-day operational activities related to KYC/AML. Due to the lack of substance at the level of the Boards of Directors of investment funds in the legal form of a corporation, they usually appoint external service providers to carry out the daily operational activities of the investment fund. Therefore, there is generally no direct access to the data of these investment funds at board level, let alone to the internal systems of service providers, except for the Board of Directors appointed by the service provider(s) and then only in relation to its employer . So even in this case that is causing a conflict of interest, such access is not necessarily guaranteed, e.g. if investor due diligence and transaction due diligence are performed by different companies.
Moreover, the AIFMD gives the AIFM full responsibility for the day-to-day management of the investment fund, including responsibility for compliance with applicable laws . The “only” task remaining for the Board of Directors is the supervision of these activities by the AIFM and, where appropriate, by other service providers. Where an authorized AIFM has been mandated, the Board of Directors is excluded from the day-to-day management of the investment fund.

In view of this exclusion from day-to-day management as required by supervisory authorities on the one hand and the responsibilities of the RC described above on the other hand, it would make no sense to appoint a Board of Directors as an RC. Both aspects – the “lack of substance” of the Board of Directors of an investment fund and its exclusion from day-to-day management – make the required access to all internal AML/KYC-relevant documents and systems in order to be able to answer questions from the supervisory authorities without delay as well as the day-to-day management of this data for an RC at board level appear more than questionable, not to say impossible.
We believe that if the Board of Directors performed the function of RC, this would lead to a double responsibility and “double” involvement with the AML/KYC functions for all investment funds with an authorized external AIFM: once at the level of the board member who assumes the function of RC, once at the level of the AIFM, and possibly even a third time if the function of the transfer and registrar agent is assumed by another service provider. This does not seem to be very efficient.

The FAQs also make explicit reference to CSSF Regulation No 12-02 (hereinafter referred to as “Regulation 12-02”) with regard to the qualification of and requirements for the RC. This Regulation stipulates that the RC must have the authority and powers within the organization necessary for the effective and autonomous exercise of its functions. The RC must implement the AML/CFT measures of the investment fund and has the power to propose measures on its own initiative to ensure that the investment fund complies with its AML/CFT obligations . The RC is entitled to delegate the performance of these tasks to one or more employees and/or external service providers .
These requirements correspond to (a) the function of a compliance officer in connection with the organization of an AIFM or even another PSF, (b) the allocation of responsibilities to the AIFM as stipulated by the AIFMD , and (c) the interaction between the requirements of the Law of 1915 and the AIFMD. The Board of Directors is responsible for monitoring the appointed service providers and implementing the fund documentation. It is therefore an “ex-post” monitoring activity, while the AIFM is fully responsible for the “day-to-day” management of investment funds. As explained above, the function of the RC thus legally corresponds to the area of responsibility of the AIFM and also to its organizational set-up.

What Are the Consequences If the Investment Fund Delegates the Daily AML/KYC Due Diligence to Third Parties?

For an AIFM, the question arises whether the analysis will change if the investment fund outsources the daily AML/KYC work to a legally separate entity, e.g. another service provider. This is quite common in connection with investor due diligence carried out by the appointed transfer and registrar agent and in relation to transaction monitoring, i.e. in connection with AML/KYC checks as part of the transaction business and when portfolio management is delegated to an external asset manager. In these cases, the AIFM could object that it could not meet the requirements of Regulation 12-02 and the FAQs because it did not have access to and the ability to exert influence on the responsible bodies.
The answer to this question is “no”. The AIFMD fully understands the provisions on responsibility and delegation and provides for rules for situations where the AIFM has no “right of action” against third-party service providers. These AIFMD rules apply accordingly with regard to the AML/KYC checks and systems of third-party service providers relevant in this context. Since the FAQs and Regulation 12-02 require a written agreement between the investment fund and the RC with respect to the functions of the RC when it is an “external” RC, appropriate provisions should be included in such agreement.
Pursuant to Article 42(5) of Regulation 12-02, the RC is required to provide the Board of Directors with regular written reports on the implementation of the AML/CFT measures as well as the problems, risks, etc. identified in this regard. This procedure should be mutually defined by the Board of Directors and the RC with regard to the specific structure of the investment fund and thus in compliance with the risk-based approach.

Investment Funds Not Directly Subject to Supervision by the CSSF or Investment Funds Without an Authorized AIFM

For investment funds not subject to direct supervision by the CSSF, such as the RAIF or the non-regulated SCS/SCSp in the form of an AIF with an authorized AIFM, the same applies as mentioned above: In this case, the AIFM is also responsible for compliance with legal requirements and thus with the AML/KYC legislation of the European Union or Luxembourg. For the respective AIFMs themselves but also for other PSFs appointed by the investment fund, the requirements laid down in the Law and thus in Regulation 12-02 as well as the clarifications contained in the FAQs already apply. Under company law, and thus in accordance with the provisions of the Law of 1915, the Boards of Directors of the investment fund (directors or general partners) are the “supervisory body” for all service providers appointed by the respective investment fund. For this supervisory function, the Boards of Directors are also liable to investors and other creditors. Part of this supervisory function is to regularly monitor that the appointed service providers, such as an AIFM, are doing their job. In order to fulfill this duty in a documented manner, the Boards of Directors of “non-regulated” investment funds should, in our view, ultimately comply with the same requirements as their counterparts in investment funds which are subject to the direct supervision of the CSSF.

Registered AIFs in the legal form of a corporation which do not have the infrastructure of an “authorized” AIFM are also subject to the requirements of the Law of 1915. These investment funds and in particular their appointed service providers, such as a transfer and registrar agent, are also subject to the provisions of the Law of 1915 and Regulation 12-02. In the absence of an authorized AIFM, however, the appointment of the RC must be regulated differently. This can be done at the level of the Board of Directors. Unlike the cases described above, the issue of conflicts of interest is different. The management of these funds, especially the portfolio and risk management, is usually more focused on the Board of Directors. However, the documentation required should not be underestimated, which not only covers the transaction business but also the investor due diligence. In this case, an appropriate coordination and agreement with the transfer and registrar agent is required.

The FAQs therefore serve as a good reminder for these Boards of Directors.

[1] Available in English: http://www.cssf.lu/fileadmin/files/Metier_OPC/FAQ/FAQ_Persons_involved_in_AML_CFT_for_a_Luxembourg_Investment_Fund_or_Investment_Fund_Manager_251119.pdf.

[2] In the following, we will refer to the boards of directors and general partners of investment funds, as well as the management boards of AIFMs and UCITS management companies as “Board of Directors“.

[3] To what extent investment funds not directly regulated by the CSSF, such as RAIFs and SCS/SCSp-AIFs, are also covered will be explained later in this article.

[4] Available in English: http://www.cssf.lu/fileadmin/files/Lois_reglements/Legislation/Lois/L_121104_AML_upd100818_eng.pdf and in French: http://www.cssf.lu/fileadmin/files/Lois_reglements/Legislation/Lois/L_121104_blanchiment_upd100818.pdf.

[5] It should be noted that the AML/KYC requirements for investment funds are not limited to a check and monitoring of the investors in an investment fund, but they also include the investment side of the funds. This aspect of risk management is also the responsibility of the AIFM, whether “authorized” or “registered”. In the latter case, it is the responsibility of the Board of Directors.

[6] In our article, we will focus on the AIFMD and disregard the UCITS Directive. With regard to AIFs, we are assuming in the following that it is the legal form of a corporation and not an FCP since for the latter, RRs and RCs may be appointed from among the management company. Management companies already have appropriate functions so that the issues discussed below should not arise.

[7] Available in English: http://www.cssf.lu/fileadmin/files/Lois_reglements/Circulaires/Blanchiment_terrorisme/lettre-circulaire_310120_AML-CFT.pdf.

[8] Even if it can be assumed that the CSSF is more likely to call local Board of Directors, the FAQs and the Law provide for exactly that.

[9] Where a service provider appoints a member of the Board of Directors, there is always a conflict of interest. However, the question is whether this should be broadened further. It should be noted that the AIFMD is based on the principle of avoiding conflicts of interest and that only where conflicts of interest cannot be avoided, the rules for dealing with such conflicts apply.

[10] Please also refer to footnote 7 for more examples.

[11] If the practical experience is too long in the past, the relevance of this experience can be called into questions considering how a) the requirements as such have changed in recent times and b) what developments in the IT field have taken place since.

[12] With regard to this very general requirement, see: Annex I point 2 (a) (iv) of the AIFMD: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32011L0061&from=DE and with regard to the responsibility of the AIFM: ESMA FAQ Question 2: https://www.esma.europa.eu/sites/default/files/library/esma34-32-352_qa_aifmd.pdf.

[13] ESMA FAQ Question 3: https://www.esma.europa.eu/sites/default/files/library/esma34-32-352_qa_aifmd.pdf.

[14] Available in English: http://www.cssf.lu/fileadmin/files/Lois_reglements/Legislation/RG_CSSF/RCSSF_No12-02eng.pdf and in French: http://www.cssf.lu/fileadmin/files/Lois_reglements/Legislation/RG_CSSF/RCSSF_No12-02.pdf.

[15] Regulation 12-02, Art. 40(3).

[16] Regulation 12-02, Art. 42(1).

[17] Regulation 12-02, Art. 41.

[18] Please refer to footnote 12.

[19] This is a misleading term as there is no such thing as a non-regulated investment fund in today’s world. RAIFs and SCS/SCSp-AIFs are subject to the same requirements of the AIFMD as a FIS, for example.