The EU AML Package, entering into force on 10 July 2027, and the start of AMLA’s direct supervision on 1 January 2028, mark a fundamental shift in how AML/CTF compliance is governed across the EU. Financial institutions, investment fund managers, and insurers must now move from national frameworks to a centralised EU rulebook—requiring not just awareness, but readiness to implement change across governance, people, systems, and operations.
Your challenges
How PwC can help
PwC Luxembourg helps you transform theory into practice through a modular and scalable support model:
The AML/CTF landscape is constantly evolving. The compliance function, RR (Responsable du Respect) and RC (Responsable du Contrôle) are overwhelmed with an ever-growing number of regulatory requirements. We know that a proactive approach is needed to respond effectively to these legal and regulatory changes, as the consequences of non-compliance, such as reputational damage, are immense. Thanks to our team of experts and professionals, we can provide your compliance function, RR and RC with the right support and level of expertise. We stay prepared.
Your challenges
Despite AML/CTF risks remaining firmly under the spotlight, attracting and retaining the right talent, and managing finite resources present notable challenges for your company:
Failure to timely identify new AML/CTF laws and regulations impacting your organisation.;
Delays in reviewing and adapting your policies and procedures to cover changes in the AML/CTF laws and regulations;
Failures to meet the obligation to carry out a periodic review of your business relationships;
Delay in the work to be carried out by the RC;
Backlog in the analysis of hits generated by the systems (screening, transaction monitoring systems);
Lack of resources or delays in preparing the dashboards and reports to be produced for different stakeholders (regulators, management, board of directors, head office …);
Lack of resources for on-going due diligence and ad-hoc AML/CTF projects.
How PwC can help
Our AML/CTF services team—comprising over 70 client-facing professionals with diverse backgrounds—serves a wide range of financial institutions, including banks, investment funds, asset servicers, payment and e-money institutions, PFSs, and insurers. We act as a trusted advisor to your stakeholders, offering tailored support across governance, systems, and people.
At PwC, we support the RCs of all types of investment funds (UCITS, SIF, SICAR, RAIF and all other AIFs, both CSSF regulated, or AED regulated) and management companies with tailor-made, responsive solutions. Our dedicated account team provides expertise, know-how and customised support to RCs to do their job as and when needed, throughout the year. This includes ongoing and ad-hoc assistance with AML, regulatory, and compliance tasks and questions.
Overview
In Luxembourg, the AML laws and regulations set out that each investment fund and each management company must appoint an RC. The role of the RC is defined in detail and includes a plethora of regular duties for each mandate.
As such, each investment fund and each management company must complete regular annual tasks and reporting, including but not limited to:
Updating AML/CTF policies and procedures;
Updating AML/CTF risk appetite;
Updating AML/CTF BWRA;
Updating and executing their AML/CTF compliance monitoring plan;
Updating due diligence questionnaires;
Performing AML delegation oversight of transfer agents, distributors, or portfolio managers;
Ensuring AML/CTF SLAs are up to date;
Reporting to the board of directors each quarter and on an annual basis;
Providing AML/CTF internal trainings with appropriately tailored and up-to-date Luxembourg AML/CTF regulatory content;
Replying to CSSF/AED surveys and data calls;
Ensuring that investor and asset due diligence is in place and kept up to date;
Ensuring all investor files are up-to-date and appropriately risk scored;
Perform transfer agency, portfolio manager and distribution oversight;
Proposing and tracking remediation plans and implementation;
Assessing changes to laws and regulations to evaluate their impact on policies and procedures as well as business processes;
Being the contact liaison with the authorities (CSSF, AED, FIU, Ministry of Finance);
Overseeing the AML external audit of the investment fund, or the investment fund managers, in accordance with CSSF Circular 21/790, in conjunction with Article 49 of the CSSR Regulation 12-02 (as amended) or alternatively CSSF Circular 21/788.
The AML Responsable du Respect (RR) must ensure that the RC has sufficient knowledge, time, and systems in place to fulfil their role appropriately. Performing these duties for each investment fund and/or management company means that talent must be paired with time, needs and systems.
How PwC can help
PwC offers a dedicated account team to support your Regulatory Compliance (RC) needs. At the outset of our collaboration, we work with you to define how best to align our talent and advisory expertise with your operational setup—ensuring support is available when and where you need it throughout the year.
Our RC support services are designed to assist with the production and completion of key compliance tasks. Drawing on our extensive experience, we tailor our approach to meet your specific regulatory requirements, regardless of your organisational structure.
Our focus is on providing meaningful, high-impact support. Whether your needs are specific, nuanced, or urgent, you can rely on our capabilities. PwC becomes an extension of your team, providing ongoing support through agreed deliverables or ad-hoc hotline consultations.
To further empower RCs in their role, we’ve developed a suite of digital tools—including solutions for AML/CTF BWRA and asset scoring for UCITS and Alternative funds across all strategies. These tools help you assess inherent and residual risks with precision.
Ultimately, our RC support services are built to help you stay efficient, cost-effective, and compliant.
At PwC Luxembourg, our RC support services assist Responsible Officers of financial institutions in efficiently and effectively complying with their AML/CTF regulatory duties. This service is provided on an ongoing basis throughout the year.
The PwC AML/CTF Subject Matter Expert (SME) team offers support through a modular approach, allowing clients to select the specific elements where assistance is required. A schedule will be agreed upon for all elements, initially for setup and then annually. The RC directs PwC's work to ensure alignment with the company's AML/CTF risk appetite. Additionally, the RC has continuous access to the PwC AML/CTF partner to ensure proper technical views are aligned and executed on the mandate.
Overview
In Luxembourg, AML/CTF laws require each financial institutions to appoint an RC responsible for overseeing the institution’s compliance with applicable regulations. The RC’s role is clearly defined and includes a wide range of duties that must be performed regularly and accurately.
Banks must complete a series of recurring tasks and reporting obligations, including but not limited to:
Drafting and updating AML/CTF policies and procedures;
Defining and updating AML/CTF risk appetite;
Updating the AML/CTF BWRA (using PwC’s digital platform or client tools);
Performing AML delegation oversight of transfer agents, distributors, and portfolio managers;
Preparing bi-annual AML/CTF reports for the board of directors;
Responding to CSSF/AED questionnaires and data calls;
Drafting or updating the annual RC Report for submission to CSSF/AED;
Conducting KYC reviews (initial, ongoing, or remediation);
Delivering AML/CTF training for the board of directors and compliance staff;
Overseeing AML external audits in line with CSSF Circulars 21/790, 21/788, and CSSR Regulation 12-02.
The AML Responsible du Respect (RR) must ensure that the RC has sufficient knowledge, time, and systems in place to fulfil their role appropriately. Given the complexity and regulatory expectations, RCs need access to the right talent, tools, and support.
How PwC can help
PwC offers a modular support approach, allowing financial institutions to select the specific areas where assistance is needed. At the start of our engagement, we work with you to define how our expertise can best align with your operational setup and regulatory needs.
Our RC support services include:
Access to PwC AML/CTF SMEs;
Direct contact with the PwC AML/CTF partner for technical alignment;
Digital tools to support AML/CTF risk assessments and oversight.
We become an extension of your team, providing high-value, tailored support that helps you stay compliant, efficient, and prepared for regulatory scrutiny. Whether your needs are structured or ad-hoc, PwC is here to support your RC function with confidence and clarity.
The fight against ML/TF is carried out by the three lines of defence. The Management and supervisory bodies have a key role to play in the AML/CTF framework. Establishing an adequate reporting line and a systematic oversight function with the different stakeholders is crucial for the alignment of the business strategy, the monitoring of the risk tolerance, and the proper mitigation of the residual risk. The amount and quality of information, data and documentation involved in the reporting process mean it is essential that your organisation has the right risk and governance strategies in place.
Your challenges
You need to quickly adapt to regulatory changes impacting your business, and to properly reflect them in your risk & governance strategies. Your organisation is facing the following challenges:
Your internal control environment is not properly documented and is not compliant with AML/CTF laws and regulations;
Your risk appetite does not reflect your strategy;
Your BWRA is outdated and not aligned with your risk appetite;
Your risk-based approach is not adapted to your business;
Your organisation does not have documented roles and responsibilities;
Your first line of defence is performing second line functions or vice versa;
You are unable to adequately oversee your various branches or majority-owned subsidiaries and have experienced a breakdown in reporting with these business units;
Specifically for investment funds, vehicles and investment fund managers, you are willing to implement or confirm the implementation of the oversight mechanism in line with CSSF Circular 18/698.
How PwC can help
PwC helps you build or maintain a compliant and resilient AML/CTF governance framework by clarifying roles and responsibilities, aligning your risk appetite and BWRA, and documenting your control environment. We support oversight across entities, streamline reporting, and ensure your risk-based approach reflects your business model—fully aligned with CSSF Circular 18/698 where applicable.
Overview
The future of AML compliance will require moving from defence to offence. Today’s model too often focuses on defensive, reactive tasks. We believe a paradigm shift towards value creation and compliance enhancement is required to enable efficient and effective implementation of risk mitigating measures.
Too many clients are suffering from fragmented, inefficient processes. It is time to start building trust again via a revamped client experience with greater transparency, more effective communication and more efficient procedures supported by the relevant technology.
Finding and retaining competent AML analysts remains a challenge. We view the combination of right governance, relevant training, simplified documentation and adequate technology as a catalyst to motivate and retain human capital.
Are you ready to build the future of AML compliance?
Your challenges
It’s becoming increasingly difficult to navigate the ways in which AML is changing, while also dealing with existing challenges such as:
Increased complexity of regulations at EU and local levels;
Rising costs of compliance;
Sub-optimal KYC quality;
Data volume, breadth, quality, and reporting;
Insufficient resources, confusion or overlaps of roles and responsibilities;
Lack of specialist knowledge;
Increased regulatory pressure and heavy remediation loads;
Increased number of backlogs throughout the AML process;
Compliance duties impacting business growth; and
Reliance on systems that are constantly being upgraded but that are still not state-of-the-art and lack of automated processes;
Static or difficult to adapt methodologies to risk scoring.
It’s clear that in order to keep up, you will need to transform the way in which you approach AML within your organisation. That means moving away from value preservation and a focus on regulatory compliance, to a more forward-looking strategy of value creation and enhancements to AML compliance and operations supported by technology.
How PwC can help
At PwC, we provide AML/CTF/CPF training sessions to professionals in the Luxembourg market who need to understand their AML/CTF/CPF obligations. Our trainings are tailor-made and given by experts who represent PwC in a client-facing role, such as AML Partners, Directors or Managers. Our training reflects our first-hand experience of AML/CTF legislation and rules: we understand our clients’ challenges and how to resolve them. Our Services are provided through PwC Academy.
Your challenges
Professionals across the Luxembourg financial sector face increasing pressure to stay compliant with complex and evolving AML/CTF/CPF regulations. The legal framework includes multiple laws, regulations, and circulars—such as the Law of 12 November 2004, CSSF Regulation 12-2, and various Grand Ducal Regulations—each with industry-specific implications for banking, insurance, investment funds, and fund management.
Navigating these requirements is further complicated by the involvement of multiple regulators (CSSF, AED, CAA, FIU, and the Ministry of Finance), each with distinct expectations. Keeping up with national and EU-level updates—especially in light of the EU’s upcoming AML regulatory overhaul—can be overwhelming. Professionals are legally required to undertake periodic training and ensure their organisation’s risk-based approach reflects the latest developments. For busy teams and boards, finding time for meaningful, up-to-date training is a persistent challenge.
How PwC can help
PwC delivers AML/CTF/CPF training tailored to Luxembourg and EU requirements for all levels of staff. Through the PwC Academy, we offer:
Digital training modules for flexible, self-paced learning across your organisation;
Blended learning for boards: a tailored digital session with short videos covering key AML topics for investment fund managers and directors, followed by a live expert-led session to address questions and discuss recent developments—ideal for busy boards to train when convenient and engage meaningfully;
Live sessions for dedicated audiences, led by experienced AML partners, directors and managers who bring practical insights and market expertise.
Our training helps professionals understand their obligations, engage confidently with regulators, and apply AML/CTF/CPF rules effectively in their roles.
Our PwC Academy is a dedicated platform designed to support all trainings.
Financial institutions often face mounting pressure to meet AML regulatory expectations while managing resource constraints and operational inefficiencies. Backlogs in onboarding, transaction monitoring, or customer due diligence can quickly escalate—especially when regulatory scrutiny increases. But remediation doesn’t have to be just a costly fix. It can be a strategic opportunity to strengthen your AML framework, streamline operations, and enhance collaboration between the first and second lines of defence.
Your challenges
While AML controls vary by institution, common issues include:
Inefficient onboarding and payment processing, with limited ability to demonstrate effective risk management;
Programmes misaligned with the risk-based approach or your actual risk appetite;
Poor oversight due to unclear roles and responsibilities across lines of defence;
Group-level AML controls that fail to meet local regulatory expectations;
Shortage of trained staff to address backlogs or specialised areas (e.g., Tax AML);
Delays in on-going KYC due diligence and periodical refresh exercises.
How PwC can help
We help you turn remediation into a value-adding transformation. Our approach combines technical expertise, policy and process optimisation, and hands-on delivery to help you return to a stronger, more efficient BAU state. We support you with experienced remediation experts by:
Accelerating and improving customer onboarding while maintaining robust ML risk controls;
Aligning AML programmes with your risk appetite and regulatory expectations;
Designing proportionate, transparent due diligence measures tailored to your business;
Embedding a holistic, risk-based approach across your AML framework;
Deploying experienced professionals to work alongside your teams and deliver practical, high-quality solutions;
Training staff and refining procedures to ensure sustainable BAU operations post-remediation;
Leveraging third-line testing to validate and enhance control effectiveness;
Breaking down silos to optimise end-to-end AML processes;
Providing skilled resources to manage tasks or reinforce your team;
Applying technology and automation to drive efficiency and reduce manual effort.
Several legal requirements and best practice guidelines have identified certain risk criteria to prevent and detect any suspicious activity, financial sanction breaches or criminal offenses. In line with guidance from the Financial Actions Task Force (FATF), monitoring should be carried out on a continuous basis or triggered by specific transactions. In particular for some types of activity, where large volumes of transactions occur on a regular basis, strong IT systems are the only method of effectively monitoring transactions or screening for financial sanctions, PEP and blacklisted counterparties. Where such systems are used, organisations need to understand their operating rules, verify their integrity on a regular basis and check that they address the identified ML/TF risks. In short, they must be fit for purpose and be regularly checked to ensure they remain fit for purpose. This applies also in particular to screening their clients, investors and all other related parties against the relevant sanctions / "blacklists".
Your challenges
Several challenges are present when it comes to efficient transaction monitoring and screening, such as:
Systems that are not sufficiently fit for purpose. Where automated systems are being used, organisations should understand their operating rules, verify their integrity on a regular basis, and check that their system effectively addresses the identified ML risks;
Standard or group settings are not reflecting Luxembourg business models and target populations for such controls, resulting in blind spots regarding the risks they should identify;
Generating volumes of “false positive” alerts, that distracts organisations from the real risks, in addition to having significant costs and resource implications;
A risk-based approach to perform monitoring and screening activities that is not in line with regulatory inspections or internal requirements;
The distinctions between ad-hoc screening and transaction monitoring vs. ex-post monitoring scenarios is not easy to integrate in the overall ongoing monitoring requirements;
Poor data quality, accuracy or incompleteness. Even if powerful technology is available today to handle large volumes of transaction monitoring and screening, the underlying data often remains a bottleneck, with data completeness and data quality being the biggest reasons for ineffective monitoring and screening activities.
How PwC can help
Luxembourg professionals subject to the AML/CTF laws and regulations are required to understand and assess the inherent and residual AML/CTF risks for their entity on an annual basis, or to update the assessment when significant events occur that have an impact on these risks.
Each professional subject to the AML/CTF laws and regulations must appoint an RC to ensure that AML/CTF compliance is managed. For the asset management industry, investment fund managers, investment funds and AIFs fall within the scope. One of the tasks for the RC is the data collection and labour-intensive process of creating and maintaining their company’s AML/CTF risk assessment. To start with, the assessment must consider the evolving risk factors and guidelines provided by the Financial Action Task Force (FATF), the European Banking Authority (EBA), and the Luxembourg AML/CTF regulators. Then, the methodology to assess inherent and residual risks must be developed: data and information on internal controls need to be collected. Finally, the inherent and residual AML/CTF risks of the company are calculated and reported to senior management, the board of directors and the regulators.
Your challenges
It is a continuous challenge for RCs to organise the process and data collection for their organisation’s AML/CTF BWRA:
Ensuring the methodology for inherent and residual risks is in place and reflects the evolving regulatory guidance;
Ensuring that the AML/CTF risk-based approach remains effective and proportionate;
Ensuring the relevant data is collected and collated accurately into the model;
Ensuring the calculation is accurate and in line with the company’s risk appetite;
Ensuring accurate reporting to the company’s management, the board of directors and the Luxembourg AML regulators (CSSF and AED).
How PwC can help
At PwC we developed a digital solution to render the process compliant, efficient and effective. Combining our digital solution with the support of our AML/CTF experts, we can help you address this effectively. Our team of experts:
Ensure your inherent and residual risk factors remain up to date with regulations;
Support you in collecting and inserting the required data accurately and completely;
Give you access on a continuous basis to the risk assessment via the PwC platform;
Integrate your AML/CTF risk-based approach and risk appetite into our digital solution;
Support you to tailor specific outputs for your reporting requirements.
Birgit Goldak
Risk Assurance Partner, AML Services Leader, PwC Luxembourg
Tel: +352 49 48 48 5687
Michael Weis
Advisory Partner, Forensics & Anti-Financial Crime Leader, PwC Luxembourg
Tel: +352 49 48 48 4153