In a communication of the 29 November 2021 (the “Communication”), the CSSF, whilst acknowledging that virtual assets have generated a strong interest as a potential new asset class, addressed the challenges raised by virtual assets since this category of assets comes with a variety of rights that are complex to assess.
The communication does not refer to a definition of virtual assets but pursuant to the law of 12 November 2004 on the fight against money laundering and terrorist financing they are defined as follows :
“ a digital representation of value, including a virtual currency, that can be digitally traded, or transferred, and can be used for payment or investment purposes, except for virtual assets that fulfil the conditions of electronic money within the meaning of point (29) of Article 1 of the Law of 10 November 2009 on payment services, as amended, and the virtual assets that fulfil the conditions of financial instruments within the meaning of point (19) of Article 1 of the Law of 5 April 1993 on the financial sector, as amended”. The latter are hereinafter referred to as “Digital Assets”.
The CSSF noted that many of the questions around virtual assets concerned investments in virtual assets by investment funds, direct investments in virtual assets or depositary duties in the context of virtual assets. Thus, in addition to the guidance in the Communication, the CSSF published an FAQ for UCIs and an FAQ for credit institutions to be updated from time to time. This article focuses on the Communication and the FAQ for UCIs.
General Guidelines in the Communication
- Due diligence
any supervised entity interested in pursuing an activity involving virtual assets bears the responsibility to carry out thorough due diligence related to the risks associated with the proposed virtual assets activity.
- Internal governance
the internal governance of such entity must ensure a sound and prudent management of all the activities of the entity and the internal governance arrangements shall include a clear risk-taking process including a risk appetite that is formally and precisely defined in all areas of the business and a rigorous decision-making process.
Thus, the management body is responsible for developing:
- A business strategy with respect to the activities involving virtual assets taking into consideration the specific risks.
- A risk strategy concerning virtual assets including notably the definition of the risk appetite and the overall framework for risk-taking and risk management.
- Regulatory Updates
the CSSF reminds supervised entities that regulatory developments and in particular those concerning the prudential treatment of virtual assets and the related practical implications are regularly updated and should be taken into consideration.
Professionals are invited to proactively engage with the CSSF when planning any activity involving virtual assets.
UCITS and UCIs addressing non-professional investors and pension funds may not invest directly or indirectly in virtual assets.
Digital Assets are not subject to the above position and could potentially fall within the scope of eligible investments for UCITS.
AIFs marketing their units only to professional investors and having an authorised AIFM the authorisation of which extends to the strategy “Other-Other Fund Virtual assets” may invest directly and indirectly in virtual assets.
- Authorisation Requirements for the Management of virtual assets
Virtual assets present specificities such as their volatility, liquidity and technological risks, which can significantly affect the risk profiles of investment vehicles. Each authorised Investment Fund Manager (“IFM”) which intends to manage an alternative investment fund, regulated or not, investing in virtual assets needs to obtain prior authorisation from the CSSF for the strategy “Other-Other Fund Virtual assets”. In this context, the CSSF expects to receive, among others, the following information/documents:
- Description of the project and of the different services providers/delegates involved
- Information on whether or not the investments in virtual assets will be made directly or indirectly (by the means of derivatives for example);
- An updated risk management policy including in particular how the risks in relation to the virtual assets are managed;
- An updated valuation policy including the rules as to how the value of the virtual assets will be determined;
- Description regarding the experience of the portfolio manager (and other involved entities in the investment management process) in virtual assets;
- Description of how the custody of the assets will be organised by the depositary;
- Information regarding the targeted investors, as well as any information on the distribution channels of the AIF;
- The IFM’s Anti-Money Laundering (“AML”) and Counter-Terrorist Financing (“CTF”) analysis on the assets side.
Note that the initiator of an AIF should present its project to invest in virtual assets beforehand to the CSSF. If the IFM is also a virtual assets provider (“VASP”) a complete application file for registration as a VASP needs to be submitted to the CSSF before the start of the activity (click here for more details on registration).
- AML and CTF Risk
The mitigation measures implemented by the supervised entity must take into consideration the increased risk of AML/CTF and proliferation financing. The Responsable du Respect (RR) and the Responsable du Contrôle (RC) of supervised entities investing in virtual assets must possess and demonstrate an understanding of the specific risks and mitigating measures with regards to virtual assets.
In this regard, the CSSF refers to the national vertical risk assessment of money laundering and terrorist financing related to VASPs, which provides elements of information as regards risks linked to virtual assets.
Luxembourg fund depositaries may act as such for investment funds investing directly in virtual assets subject to adequate organisation and an appropriate operation model considering the specific risks related to the safekeeping of virtual assets.
In relation to depositary services, for virtual assets that qualify as “other assets”, the depositaries’ liability is limited to safekeeping duties.
A depositary providing administrative and depositary services to an investment fund investing in virtual assets triggers an obligation for the depositary to register as a VASP, if the depositary directly provides services relating to the safekeeping or the administration of virtual assets. In such case, virtual assets are recognised in the off-balance sheet and the depositary has an obligation of restitution. The CSSF has to be informed of the plans to directly safeguard virtual assets beforehand. Where the depositary does not offer safekeeping or administration types of services for the virtual assets and the IFM/Investment fund directly appoint a specialised virtual asset provider offering a custodian wallet type of service, it is the specialised services provider, which becomes liable for the restitution of the assets.