FAQ on the revised long form report framework introduced by Circulars CSSF 22/821 and 22/827

The CSSF published a set of FAQs as an XLSX-file, aiming to provide clarity regarding the revised SAQ and other aspects of the new framework introduced in Circulars CSSF 22/821 and 22/827.
These circulars have been published to regulate credit institutions and branches of credit institutions. The CSSF has received numerous questions from these entities after the implementation of the revised framework. To make these questions and answers available to other interested parties, the CSSF has decided to publish them publicly.
The XLSX-file is divided into two tabs, one names „SAQ“, the other „Circular“, each containing unredacted question from institutions, which we would like to present in full. First the SAQ-questions, quote:
> May we answer the self-assessment questionnaire in French or German? Can we also mix languages?
> Knowing that the members of the Authorised Management are effectively based in Luxembourg and most of the time in our headquarters, is a precise calculation of all days of trips (abroad meetings, holidays, etc.) required?
> How shall this question be answered considering the fact that some members of the Authorised Management did telework at the beginning of 2022 due to the pandemic situation?
> Does the CSSF only target the breaches detected through the controls carried out by the internal control functions?
Does « if relevant » mean only in case of new measures, or are measures to be described in any case?
> Do sections B „ICT General Data“ and C „ICT Risk Level and Controls“ need to be filled in for significant institutions?
> The answer refers to “Board members with IT expertise”, while the question refers to “Management Body members. Does this question only apply to Board members or shall we also consider Authorised Managers?
> After reading the two paragraphs in Chapters 2 and 3 Title III, we have the following interpretation:
For the framework contract, we understand that this can either be the general terms and conditions of the bank or for example the MultiLine or EBICS contract.
If the general conditions are considered as a framework contract, this means that each customer is covered by a framework contract.
A single transaction could then only be carried out by a non-customer to whom the bank does not offer this service. Is our understanding correct?
> Could you please clarify how the following service should be reported: an institution offers its customers the opportunity to place securities orders. The process works as follows:
The customer gives the bank an order;
The bank forwards the order to a broker;
The broker executes the orders on the marketplace.
Please confirm whether the following categorisation of the offered service is correct:
Reception and transmission of orders in relation to one or more financial instruments: this service is offered by the institution. The bank takes orders and forwards them to a broker for execution.
Execution of orders on behalf of clients: this service is not offered by the institution. The bank does not execute the orders directly on the marketplace itself, but places them with a broker for execution.
> Shall we include third-party funds within this reporting field?
> We understand that it is necessary to report the number of clients who have held these instruments between 01/01/2022 and 31/12/2022 but we have a doubt on whether we should take the positions on the date mentioned or all transactions for the given period.
> We are not sure which percentage to refer to. Could you please clarify?
> Is it correct to list external entities to the fund and the management company which have an important and specialised role in the investment strategy of the fund? If yes, does it mean that the collateral agents, prime brokers, security lending agents, etc. should be listed while auditors, legal counsels, banking counterparty for cash accounts should be excluded from the list?
> Does the input relate only to the loan book, or do the debt securities held in the ALM book also need to be considered?
> For some questions in the excel file in annex of Circular CSSF 22/821, it is mentioned that „additional information (…) will be added in a pop-up“. However, such information is not provided in eDesk. Could you please confirm whether additional information will be provided in eDesk?
> How „individual basis“ should be interpreted? Does it mean, that forward-looking information should be considered on single deal level, counterparty level, or none of both?
> What is the definition of the “loss rate approach”?
> Shall we describe rules on haircuts applied to compute lending values assigned to each collateral as part of the credit underwriting process and for the purpose of monitoring or the LGDs applied for ECL purposes under IFR9? Please clarify.
> We understand that we have to exclude the exposures towards EU central banks or EU sovereign. Could you please confirm?
> Do we need to report exposures towards national authorities (hence EU authorities meaning “supra-national” authorities) or are the national authorities to be considered as EU authorities?
> Could you please explain the following sentence “For exposures to groups of connected clients, the information should be detailed for each single counterparty as reported in C 29,00, when the counterparty’s exposure > 10% Of the groups of connected clients‘ exposure.”?
> In case of cumulated exposure (either for one individual client or for a group of clients), could you please give us guidance on the way to complete several columns of the file:
Maturity: which maturity is required? The longest? A maturity range? One line per individual exposure?
Other questions (purpose, description of the exposure, impairment provision, IFRS9, etc.) these questions can have different answer for each exposure => how do we need to answer (one line per exposure, only the description of the largest exposure?)
In case many details are required, is it possible to answer in a separated annex (see question 1)
> Could you please give more details on the approach to be adopted regarding the staging and the performing status? In the case of a group composed of clients with different information (e.g. different staging), what should be reported?
> Could you please clarify the approach with regard to doubtful commitments? In the case of a group composed of clients with different information (e.g. different staging), what should be reported?
> Point a) Are all entities worldwide which are part of the group included (this could be a very large number of entities for large groups), or only those in Luxembourg?
Point b) Does it concern all shareholders, including very minor shareholders, or only the main shareholders (= those who could generate a conflict of interest)?
Point c) Does it include the management body of the institution itself only, or the management body of all entities which are part of the group throughout the world (this could be a very large number of entities for large groups)? What is the approach adopted by the large banks in Luxembourg?
> What does the gross exposure amount mean? For example, if we have a derivative with a book value and a nominal amount, what kind of value does the CSSF expect for gross exposure amount?
> Could you please clarify what is expected in table 5? Which types of services are in-scope for this question?
> Is our understanding correct that, for consolidated entities, the questions referring to the regulatory reporting do not need to be answered if the consolidated entities are not subject to the regulatory reporting referred to in the questions (e.g. COREP, LAREX)?
> Should we reply to the question “Please provide at consolidated level the name, type of exposure and a short description for the 15 most important debtors/groups of associated debtors” provided that we already gave similar information under the large exposures part of the SAQ.
Secondy, the Circular-questions, quote:
> Does the wording “including their branches” also refer to representative offices?
> We understood from the workshops that the AML report should be integrated in the SAQ / AUP as of end 2023. Will the report on the protection of financial instruments and funds belonging to clients remain separate?
> For significant supervised institutions within the meaning of the Single Supervisory Mechanism, will the list of AUPs agreed with the ECB be communicated three months before the closure of the institution’s financial year?
> In the description of the AML/CFT report’s content (point 3.2, page 12), the term « tied agents » is not clearly defined (as far as we know). To which regulation should we refer for the definition of this term?
> What is expected in terms of presentation to the governance bodies (authorised management, audit committee, board)? Shall all SAQ and AUP be presented, or only those AUP that would contain comments (recommendations)?
> We understand from the circular that the management letter will not exist anymore but we understood from the IRE members that the topic was still under discussion, could you please confirm?
The FAQ will be updated periodically to address any additional questions or concerns.