Finologee introduces its CEDRS module: the fast track to CSSF Circular 20/747 compliance.
The Luxembourg ‘Central Register Law’ (Law of 25 March 2020 establishing a central data retrieval system for bank, payment accounts and safe-deposit boxes) is implementing certain provisions of the EU Directive 2018/8431 (the “5th AML Directive”) by establishing a central electronic data retrieval system (CEDRS).
It enables the identification of any natural or legal person holding or controlling payment accounts, bank accounts identified by IBAN and safe-deposit boxes in Luxembourg, in a timely manner. The CSSF Circular 20/747 published on 23 July 2020 contains the technical arrangements related to the application of the Law of 25 March 2020.
The setup requires each financial industry professional that is under the Law to create a file on a daily basis containing the whole client data set as defined by the regulator.
The CSSF, in its capacity of ‘Central Repository Supervisor’, will access the file through a secure procedure that will be able to carry out queries on these data sets. The deadline to implement this setup is scheduled on 10 September 2020, as pointed out by the CSSF Circular 20/747.
What does it imply for banks?
Each bank in Luxembourg needs to make all required data available on a daily basis and in a system that is available permanently (24 hours/7-days a week): IBAN number, account or safe-deposit box holder’s name, date of birth, nationality, ID document type, number and validity information for natural persons…, as well as additional information for legal entities, for every payment account and safe-deposit box held in its books.
The data to be shared is defined by the CSSF and needs to be up to date, true and accurate.
“Finologee’s CEDRS Module is the fast track way to achieving account and safe-deposit box holder reporting compliance for Luxembourg-regulated entities.”
Moreover, the above data needs to be transferred by financial institutions to the regulator in a predefined format, following a specific protocol and in an API “pull” setup: indeed, the CSSF will retrieve the file containing the customer data sets through an API portal available at the bank’s side.
To do so, banks will have to gather and centralise all required information on accounts and safe-boxes deposits, prepare a file in the expected format, build the required OpenAPI implementation for file retrieval by the CSSF, prepare the enrolment with the CSSF via a secured channel and plan the testing phase, handle errors, as well as keep the files up to date on a regular basis.
This is a paradigm shift from previous setups and implementations that Luxembourg-based banks. Today’s workflows are typically relying on a ‘push’ setup, where banks make use of approved third-party systems to hand in their reporting files.
The CEDRS implementation in Luxembourg requires banks to allow for the reporting file to be retrieved on an API infrastructure to be set up and maintained by the bank, or by a provider that will implement and operate such a system on the bank’s behalf.
How can banks become compliant with CEDRS?
This is where the Luxembourg FinTech platform operator Finologee can help: with its CEDRS Module, the company provides a fully outsourced and compliant technical gateway enabling banks to share account and safe-deposit box holder data with the CSSF to be able to meet the rather tight deadline of September 10th 2020 that the regulator has brought forward.
Launches are done strictly in accordance with CSSF Circular 20/747 specifications.
As the CEDRS Module is installed and runs on Finologee’s ‘Trusted Platform’ alongside the Finologee ‘PSD2 for Banks’ product (that is currently used by 35 financial institutions), existing clients will be able to benefit from a substantial economy of scale when choosing Finologee as their provider for CEDRS compliance.
New clients can safely rely on the company’s significant experience in managing such implementations with its highly efficient processes, documentation and project management expertise. Finologee operates under a double Support PFS license by the Luxembourg regulator CSSF, which makes this kind of outsourcing structure a straightforward process for Luxembourg-regulated banks.
Finologee also supplies an optional component that handles file validation and encryption, so only encrypted data is transferred outside of the bank’s own systems.
Besides, Finologee can also link the CEDRS Module with the KYC Manager product to aggregate data or manage manual data entry or curation for client data sets that are only available on paper or on scanned documents for instance.
Finologee’s CEDRS Module is the fast track way to achieving account and safe-deposit box holder reporting compliance for Luxembourg-regulated entities.