top of page

VASP obligations after registration

Continued VASP compliance

Once registered, the VASP will be subject to a certain number of obligations and must comply with AML/CFT professional obligations, including:

  • Make no use, in any way whatsoever, of its registration as evidence of a positive assessment made by the CSSF on the quality of the services that it provides. Neither can the VASP use the registration, the submission of a registration request, and/or the CSSF supervision, for advertising or for possible business solicitations (CSSF, VASP Registration procedure, end p. 2);

  • Notify to the CSSF significant changes to the activities or to the key function holders notified upon registration occur (CSSF, VASP Registration procedure, p. 3);

  • Have a ‘Responsable du Contrôle’ (hereinafter the “RC”) that possesses, and that can demonstrate, an adequate understanding of the Money Laundering, Terrorist Financing, Proliferation Financing risks posed by Virtual Assets and the necessary measures to mitigate them;

  • Have a ‘Responsable du Respect’ (hereinafter the “RR”) with the same characteristics as the RC;

  • Identify, assess and understand the AML/CTF risks related to the Virtual assets, taking into account risk factors including those relating to their clients, countries or geographic areas, products, services, transactions or delivery channels;

  • Implement customer due diligence before establishing a business relationship and apply, according to the customer’s risk level, a simplified customer due diligence or an enhanced customer due diligence;

  • Identify the customer and its beneficial owners, and verify their respective identity;

  • Apply internal AML/CFT policies, controls and processes, such as model risk management methods, cooperation, record-keeping, internal control, compliance management, employee screening, and independent audit function (where appropriate);

  • Appoint a person responsible for compliance with the professional obligations as regards to the AML/CFT Law (compliance officer);

  • Conduct ongoing due diligence of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship;

  • Monitor transactions and business relationship, and report unusual or suspicious activities to the CSSF;

  • Provide special AML/CTF training programmes to employees;

  • Cooperate with the Luxembourg authorities responsible for AML/CTF and self-regulatory bodies.

Continued VASP regulatory surveillance

For its part, the CSSF will ensure the registered VASPs comply with their obligations. In particular the CSSF:

bottom of page