On 4 February 2026, the Commission de Surveillance du Secteur Financier (CSSF) issued Version 7 of its FAQ on Crypto-Assets for Undertakings for Collective Investment.
The update, which comes into effect today introduces material changes to investment permissions, authorisation thresholds, and regulatory frameworks.
Terminology Updates
1. Terminology Change Throughout Document
The entire FAQ has been updated to replace "virtual assets" with "crypto-assets" throughout all questions and answers.
For the purposes of this FAQ, crypto-assets are defined in accordance with Article 3(1), point (5) of Regulation (EU) 2023/1114 (MiCAR), excluding those falling within the categories listed in Article 2(2), Articles 2(3) and 2(4) of MiCAR, or otherwise qualifying as funds.
Investment Rule Changes
2. UCITS Investment in Crypto-Assets: A New Conditional Framework
Under the previous regulatory framework, UCITS were prohibited from investing either directly or indirectly in virtual assets.
The updated FAQ introduces a notable shift in this position. UCITS are now permitted to invest indirectly in crypto-assets, subject to a maximum threshold of 10% of their net asset value. These indirect investments are restricted to transferable securities that do not embed any derivatives. Furthermore, any UCITS contemplating such investments must notify the CSSF of their plans in a timely manner. The CSSF emphasises that investment managers must assess the impact on the fund's risk profile, update risk management policies accordingly, and ensure transparent investor disclosure.
3. AIF Investment Rules: Expanded Access for Retail Investors
Previously, AIFs were only permitted to invest directly or indirectly in virtual assets on the condition that their units were marketed exclusively to well-informed investors. This restriction effectively excluded retail investors from accessing crypto-asset exposure through AIFs.
AIFs may now invest both directly and indirectly in crypto-assets falling within the scope of MiCAR. Notably, AIFs that are open to retail investors other than well-informed investors are permitted to invest in crypto-assets up to a maximum of 10% of their NAV. This opens crypto-asset exposure to a broader investor base while maintaining safeguards through the investment threshold.
4. Investment Fund Manager Authorisation: Introduction of a Threshold
The previous regulatory position required each Luxembourg authorised IFM intending to manage an AIF investing directly or indirectly in virtual assets to obtain prior authorisation from the CSSF for the strategy designated as 'Other-Other Fund-Virtual assets'. This requirement applied regardless of the level of exposure to virtual assets.
The updated FAQ introduces a material change by establishing a threshold-based approach. Luxembourg authorised IFMs are now only required to obtain prior CSSF authorisation for the 'Other-Other Fund-Crypto-assets' strategy when managing an AIF that invests in crypto-assets beyond 10% of its NAV. Investments up to 10% of NAV no longer trigger this authorisation requirement. When required, the CSSF expects comprehensive documentation covering the project description, investment approach, risk management and valuation policies, portfolio manager experience, custody arrangements, investor targeting, and AML/CTF analysis.
The CSSF also clarified that no application for the “Other-Other Fund-Crypto-assets” licence is required for a Luxembourg IFM managing an AIF investing in crypto-assets indirectly through one or several target funds.
Changes to Depositary Services Framework
5. The updated FAQ also introduces significant changes to the depositary services framework under MiCAR
Under the previous regulatory framework, a depositary providing services to an investment fund investing in virtual assets was required to register as a virtual asset service provider within the meaning of the AML/CTF Law.
The new framework takes a different approach. Where the depositary does not offer custody and administration of crypto-assets pursuant to MiCAR, the IFM or investment fund must directly appoint a specialised crypto-asset service provider, which then bears the liability for restitution. Conversely, where a depositary does provide such custody services, this triggers either an authorisation requirement under Article 62 of MiCAR or a notification obligation under Article 60 for certain financial entities. Fund depositaries intending to directly safeguard crypto-assets must inform the CSSF in a timely manner.
6. AML/CFT Risk Mitigation Expectations Remain Robust
Whilst the procedural framework has shifted to MiCAR, the CSSF's substantive expectations regarding anti-money laundering and counter-terrorist financing (AML/CFT) risk mitigation remain unchanged.
The CSSF continues to emphasise that investing in crypto-assets, whether directly or indirectly, increases the risk of money laundering, terrorist financing and proliferation financing. The Responsable du Contrôle and Responsable du Respect of supervised entities investing in crypto-assets must possess and demonstrate an adequate understanding of these risks and the necessary measures to mitigate them.
Entities must conduct ML/TF risk scoring of assets and perform AML/CFT due diligence in line with the computed risk, with the key objective being to understand the source and destination of crypto-assets to prevent abuse by money launderers or terrorist financiers.
Share on
