CSSF Circular 18/698

Written By OSMIA CONSULTING

A Practical Checklist for Compliance Officers

As the regulatory landscape continues to evolve, the annual review required under CSSF Circular 18/698 remains a cornerstone of the compliance function for all investment firms, UCIs, and other professionals of the financial sector (PSFs) in Luxembourg. Yet, for many compliance officers, navigating this process can feel like a maze - especially when balancing operational responsibilities with strategic oversight.

Here's a practical checklist to guide your annual review and help ensure that your compliance framework remains both robust and adaptive.

Governance and role clarity

  • Confirm that responsibilities and reporting lines of the Compliance Function are documented and up to date.

  • Review and update the mandate of the Compliance Officer (“Responsable du Contrôle de la Conformité”).

  • Ensure that the independence and effectiveness of the Compliance Function are preserved and clearly demonstrated.

Review of internal policies and procedures

  • Reassess key policies (e.g. AML/KYC, Market Abuse, Conflicts of Interest, MiFID) for relevance and completeness.

  • Ensure procedures reflect recent regulatory updates and any changes to the business model.

  • Cross-check alignment with other functions (e.g. Risk, Internal Audit, Legal).

Risk-based monitoring activities

  • Document all compliance controls carried out during the year.

  • Identify any gaps or weaknesses, along with the corresponding remediation actions.

  • Assess the adequacy of risk scoring methodologies applied to clients and services.

Reporting and escalation

  • Confirm that internal reporting to senior management and the Board occurred in a timely and comprehensive manner.

  • Ensure all regulatory filings and notifications were submitted correctly and on time.

  • Record any incidents, breaches, or alerts, including how they were resolved.

Staff training and awareness

  • Review attendance records and the content of compliance training delivered.

  • Identify the needs for refreshers or thematic training.

  • Confirm that outsourced staff and third-party service providers received adequate compliance orientation.

Follow-up on CSSF communications and circulars

  • Verify that all CSSF circulars, newsletters, and FAQs from the past year have been reviewed and assessed for impact.

  • Implement or schedule any necessary updates to internal policies or procedures.

Action plan for the coming year

  • Draught a compliance monitoring plan for the upcoming year, using insights from this review.

  • Prioritize high-risk areas and upcoming regulatory developments (e.g. DORA, CSRD, AML package).

  • Set SMART objectives and define measurable KPIs for the Compliance Function.

How can Osmia Consulting help you ?

At Osmia Consulting, we work closely with compliance professionals to ensure these obligations are not only met, but transformed into value-added processes.

The annual review is not just a regulatory formality - it’s a strategic opportunity to strengthen your compliance culture, anticipate regulatory risks, and demonstrate governance maturity.

OSMIA CONSULTING
Next

A Culture of compliance