Our services


Getting the right AML/CTF support in an increasingly complex environment.

The AML/CTF landscape is constantly evolving. The Compliance function, RR (Responsable du Respect) and RC (Responsable du Contrôle) are overwhelmed with an ever-growing number of regulatory requirements. We know that a proactive approach is needed to respond effectively to these legal and regulatory changes, as the consequences of non-compliance, such as reputational damage, is immense. Thanks to our team of experts and professionals we can provide your Compliance function, RR and RC with the right support and level of expertise. We stay prepared.

Your challenges

Despite AML/CTF risks remaining firmly under the spotlight, attracting and retaining the right talent, and managing finite resources present notable challenges for your company:

  • Failure to timely identify new AML/CTF laws and regulations impacting your organisation. 

  • Delays in reviewing and adapting your policies and procedures to cover changes in the AML/CTF laws and regulations.

  • Failures to meet the obligation to carry out a periodic review of your business relationships.

  • Delay in the work to be carried out by the RC.

  • Backlog in the analysis of hits generated by the systems (screening, transaction monitoring systems).

  • Lack of resources or delays in preparing the dashboards and reports to be produced for different stakeholders (Regulators, Management, Board of Directors, Head Office …).

  • Lack of resources for ad-hoc AML/CTF projects.

How PwC can help

Our AML/CTF platform team serves Banks, Investment Funds, Asset Servicers, Payment Institutions, E-Money Institutions, PFSs and Insurance Companies. The team is composed of more than 12 client-facing professionals with complementary and various backgrounds and areas of expertise. Our team can fully support you and act as a trustful advisor to your different stakeholders.


RC Support Services

At PwC, we support the RCs of all types of investment funds (UCITS, SIF, SICAR, RAIF and all other AIFs, both CSSF regulated, or AED regulated) and Management Companies with tailor-made, responsive solutions. Our dedicated account team provides expertise, know-how and customised support to RCs to do their job as and when needed, throughout the year. This includes ongoing and ad-hoc assistance with AML; regulatory, and compliance tasks and questions. 


In Luxembourg, the AML laws and regulations set out that each investment fund and each Management Company must appoint an RC. The role of the RC is defined in detail and includes a plethora of regular duties for each mandate. 

As such, each investment fund and each Management Company must complete regular annual tasks and reporting, including but not limited to: 

  • Updating AML/CTF Policies and Procedures.

  • Updating AML/CTF Risk Appetite.

  • Updating AML/CTF Business Wide Risk Assessment.

  • Updating and executing their AML/CTF compliance monitoring plan.

  • Updating due diligence questionnaires.

  • Performing AML delegation oversight of Transfer Agents; distributors, or Portfolio managers.

  • Ensuring AML/CTF SLAs are up to date.

  • Reporting to the Board of Directors each quarter and on an annual basis.

  • Providing AML/CTF internal trainings with appropriately tailored and up to date Luxembourg AML/CTF regulatory content.

  • Replying to CSSF/AED Surveys and Data Calls.

  • Ensuring that investor and asset due diligence is in place and kept up to date.

  • Ensuring investors, distributors and assets are AML risk scored, and KYC and Due Diligence is in place and kept up to date. 

  • Ensuring accuracy and completeness of data.

  • Proposing and tracking remediation plans and implementation.

  • Assessing changes to laws and regulations to evaluate their impact on policies and procedures as well as business processes.

  • Being the contact liaison with the authorities (CSSF, AED, FIU, Ministry of Finance).

  • Overseeing the AML external audit of the Investment Fund, or the Investment Fund Managers, according to CSSF 21/790 combined with Art 49 of the CSSR Regulation 12-02 as amended or the CSSF Circular 21/788.

The AML Responsible du Respect (RR) must make sure that the RC has sufficient knowledge, time, and systems in place to fulfil their role appropriately. Performing these duties for each investment fund and/or Management Company means that talent must be paired with time, needs and systems. 

How PwC can help

PwC can provide you with a dedicated account team. At the onset of working with our RC Support Services, we define together how we can best align our talent and advisory expertise to your needs, as and when you need it, throughout the year. We can support you in the production and completion of any of the above tasks. Depending on your operational and people set up, we are confident that we have the experience to support you in achieving your regulatory requirements. 

We pride ourselves on providing exceptional added value. Whatever your needs – specific, nuanced, urgent – you can be confident in our capabilities. PwC becomes an extension of your team, and in doing so we will support you throughout the year with agreed tasks or ad-hoc hotline conversations. We have developed a suite of digital tools that help the RC in their role, such as a tool to support the AML/CTF Business Wide Risk Assessment, to understand the inherent and residual risks of your company, or tools to score your assets for UCITS or Alternative funds (all strategies). 

Our RC Support Services are designed to help you be efficient, cost effective and compliant. 


AML Risk & Governance

Improving your Risk & Governance strategies

The fight against ML/TF is carried out by the Three Lines of Defence. The Management and supervisory bodies have a key role to play in the AML/CTF framework. Establishing an adequate reporting line and a systematic oversight function with the different stakeholders is crucial for the alignment of the business strategy; the monitoring of the risk tolerance, and the proper mitigation of the residual risk. The amount and quality of information, data and documentation involved in the reporting process means it is essential that your organisation has the right risk and governance strategies in place.

Your challenges

You need to quickly adapt to regulatory changes impacting your business, and to properly reflect them in your risk & governance strategies. Your organisation is facing the following challenges:

  • Your internal control environment is not properly documented and is not compliant with AML/CTF laws and regulations.

  • Your Risk Appetite does not reflect your strategy.

  • Your Business Wide Risk Assessment is outdated and not aligned with your Risk Appetite.

  • Your Risk Based Approach is not adapted to your business.

  • Your organisation does not have documented roles and responsibilities.

  • Your first line of defense is performing second line functions or vice versa.

  • You are unable to adequately oversee your various branches or majority-owned subsidiaries and have experienced a breakdown in reporting with these business units.

  • Specifically for investment funds and vehicles and investment fund managers, you are willing to implement or confirm the implementation of the oversight mechanism in line with the CSSF Circular 18/698.

How PwC can help

Our team of AML/CTF experts and trustful advisers can help you to comply with your obligations and improve your processes to make them efficient and streamlined throughout your AML/CTF risk management framework. 


AML Transformation

Shifting compliance activities from high costs, painful customer experience and disrupted processes, to value creation, trust and a robust compliance culture supported by technology.


The future of AML compliance will require moving from defense to offense. Today’s model too often focuses on defensive, reactive tasks. We believe a paradigm shift towards value creation and compliance enhancement is required to enable efficient and effective implementation of risk mitigating measures. 

Too many clients are suffering from fragmented, inefficient processes. It is time to start building trust again via a revamped client experience with greater transparency, more effective communication and more efficient procedures supported by the relevant technology.  

It is no secret that finding and retaining competent AML analysts is a challenge. We view the combination of right governance, relevant training, simplified documentation and adequate technology as a catalyst to motivate and retain human capital. 

Are you ready to build the future of AML compliance?

Your challenges

It’s becoming increasingly difficult to navigate the ways in which AML is changing, while also dealing with existing challenges such as:

  • Increased complexity of regulations at EU and local levels.
  • Rising costs of compliance. Sub-optimal KYC quality. 
  • Data volume, breadth, quality, and reporting.
  • Insufficient resources, confusion or overlaps of roles and responsibilities. 
  • Lack of specialist knowledge.
  • Increased regulatory pressure and heavy remediation loads.
  • Increased number of backlogs throughout the AML process.
  • Compliance duties impacting business growth, and 
  • Reliance on systems that are constantly being upgraded but that are still not state-of-the-art and lack of automated processes.
  • Static or difficult to adapt methodologies to risk scoring.

It’s clear that in order to keep up, you will need to transform the way in which you approach AML within your organisation. That means moving away from value preservation and a focus on regulatory compliance, to a more forward-looking strategy of value creation and enhancements to AML compliance and operations supported by technology.

How PwC can help

PwC can assist you by focusing your AML Transformation on 4 key pillars: 

1. Process and Organisation - Find an AML/KYC approach that works

  • Understand where the issues are: analyse current indicators (e.g. QA results) and identify common pitfalls. 

  • Adapt the organisation and Target Operating Model (TOM): set up a Quality / Management Framework and re-organize teams. 

  • Better define requirements: align requirements and their criticality between 1st and 2nd line, and ensure adequate use of a RBA.

  • Improve documentation management: clarify and rationalise guidelines and centralise documentation access.

2. Governance and new ways of assessing risk - Keep your organisation compliant, simplify procedures and enhance efficiency

  • Roles and responsibilities: review and reassess and adapt to current regulatory requirements. 

  • Data: data management (input), sanity checks, maintenance and access rights. 

  • Visualising AML risks and client portfolio structures .

  • Better define requirements: ensure consistency with the current regulations.

  • Policy and procedures: update and simplify, centralise access to relevant stakeholders. 

  • Reporting: appropriate risk metrics, tools and systems to follow up and escalate as appropriate.  

3. Tech and Innovation - Drive compliance efficiency, effectiveness and productivity at scale

  • Assess digitisation opportunities and smart technologies: Critically review the compliance process landscape with an appraisal of the frequency and structure of tasks and available smart technologies, leading to categorization and prioritisation of needs. 

  • Adopt a dynamic technology-enabled approach to risk management: 

  • Automate and streamline compliance processes into intelligent compliance operations for more efficiency and to best manage the costs of compliance. 

  • Build a strong technology and data foundation generating insights at pace and at scale for faster and better-informed decision-making.  

  • Build your next-generation compliance capabilities: reshape the future of compliance with emerging technologies, harness the power of technology in a regulatory environment and prepare organisations to embrace these changes.

4. Outsourcing - Change your operating model to be competitive

  • Assess the current situation: Analyse the current situation and assess a new operational set up (inhouse vs outsourcing vs hybrid solutions). 

  • Provide expertise: Provide resources for backlogs (i.e., framework contract) and provide a Managed Service.  

  • Assess the current IT landscape: Optimise the operational set up with IT-solutions to enable different set ups and propose Managed Service with high end technology (i.e., client outreach functionality). 


Training on Anti-Money Laundering (AML) / Counter Terrorist Financing (CTF) and Counter Proliferation Financing (CPF) 

At PwC, we provide AML/CTF/CPF training sessions to professionals in the Luxembourg market who need to understand their AML/CTF/CPF obligations. Our trainings are tailor-made and given by experts who represent PwC in a client-facing role, such as AML Partners, Directors or Managers. Our training reflects our first-hand experience of AML/CTF legislation and rules: we understand our clients’ challenges and how to resolve them. Our Services are provided through PwC Academy. 


AML/CTF/CPF is an important topic for Luxembourg professionals. Understanding how to comply and ensure an effective fight against criminals using the Luxembourg financial sector is essential. 

In Luxembourg the AML laws and regulations encompass several, significant legal and regulatory texts, including the Law 12 November 2004 as amended; the Grand Ducal Regulation 1 February 2010 as amended; the CSSF Regulation 12-2 as amended, as well as many Circulars. It can be a challenge to keep up to date and understand how these apply to different industries, such as banking; insurance; investment funds; fund management, and more. Each industry is governed by different regulators who are responsible for the adequate supervision of AML/CTF compliance in the market, such as the Commission de Surveillance du Secteur Financier (CSSF), the Administration d’Enregistrement et des Domaines (AED) and the Commissariat aux Assurances (AED), the Financial Intelligence Unit (FIU), the Ministére de Finances. It is important to understand how to engage with each regulator and their respective priorities. 

Navigating the maze of continuous updates at both a national and a supra-national level can be difficult. Currently, the European Union is planning a major overhaul of the European AML supervisory regime as well as the rules. Professionals are obliged by law to undertake adequate and periodic trainings on Luxembourg’s AML/CTF/CPR laws and regulations, and update their organization’s risk-based approach to reflect these changes. 

How PwC can help

Our experts provide tailored AML/CTF trainings for all audiences, including the Board of Directors; Executives Committees; Compliance Functions, and staff. We guide and direct you in understanding the expectations of the Financial Action Task Force (global “AML watchdog”), and the European and the Luxembourg AML rules and regulations in a practical and digestible way. We offer trainings that are dedicated to your company and adapted to learning methods, such as e-learnings, or open sessions where professionals from different companies can connect and follow a training. 

Our PwC Academy is a dedicated platform designed to support all trainings. Please refer to the website for further detail.


AML Remediation

Turn a costly exercise into better operation.

Every day, financial institutions struggle to meet their AML regulatory needs and align their first line Business teams with their second line Risk and Compliance operational needs. Backlog becomes a burden to deal with in addition to Business-as-Usual challenges; in addition you receive pressure from regulators to remediate if problems arise. The Remediation process can be the right moment to improve the operational efficiency of both the first and second lines of defense. We can help you turn a costly exercise into an added value for your day-to-day operations, increasing the compliance effectiveness of your organisation. It is about getting it right instead of just patching it up.

Your challenges

AML Controls used by Financial Institutions can vary for many different reasons (e.g., products offering, internal process and tools, governance) but there are certain challenges that are common, such as:

  • Inefficient processing of customer onboarding and payments. Demonstrating to internal and external stakeholders that its AML programs and processes deliver effective management of risks.

  • Programs and processes that are not aligned to the risk-based approach.

  • Poor oversight of programs and processes due to unclear role and responsibilities between the lines of defense.

  • AML controls from international groups that do not comply with local regulations leading to ineffectiveness.

  • Lack of available trained, expert staff to swiftly tackle the backlog risks or specific points (e.g., Tax AML). 

How PwC can help

Fundamentals of a successful remediation should include technical skills, process and policy experience, enabling harmonisation of first- and second-line teams in implementation of business tailored risk-based programs and added-value when returning to a BAU set-up. This can be achieved by:

  • Quicker and smoother onboarding of customers to promote a competitive business model, while at the same time protecting the institution from ML risks. 

  • Strongly aligning programs and processes to your risk appetite and risk strategies.

  • Creating customer due diligence measures that are commensurate (and transparent for regulators) to the AML risk identified.

  • Embedding a holistic view, by promoting an assessment of risk factors and deployment of proportionate (and business specific) additional due diligence measures.

  • Hands-on experienced professionals working with first line and second line teams to propose solutions that deliver increases in quality and efficiency. 

  • Training relevant staff and reviewing current process and procedures to achieve BAU efficiency at the handover. 

  • Utilizing third line of defense to test and improve the effectiveness of AML controls.

  • Applying a holistic approach and optimising the process rather than having “silo” approaches.

  • Enhancing your team with specialist staff and managing tasks for you.

  • Leveraging technology and automation.


Transaction Monitoring and Screening

Effectiveness combined with efficiency, or doing it right!

Several legal requirements and best practice guidelines have identified certain risk criteria to prevent and detect any suspicious activity, financial sanction breaches or criminal offenses. In line with guidance from the Financial Actions Task Force (FATF), monitoring should be carried out on a continuous basis or triggered by specific transactions. In particular for some types of activity, where large volumes of transactions occur on a regular basis, strong IT systems are the only method of effectively monitoring transactions or screening for financial sanctions, PEP and blacklisted counterparties. Where such systems are used, organisations need to understand their operating rules, verify their integrity on a regular basis and check that they address the identified ML/TF risks. In short, they must be fit for purpose, and be regularly checked to ensure they remain fit for purpose. This applies also in particular to screening their clients, investors and all other related parties against the relevant sanctions / "blacklists".

Your challenges

Several challenges are present when it comes to efficient transaction monitoring and screening, such as: 

  • Systems that are not sufficiently fit for purpose. Where automated systems are being used, organisations should understand their operating rules, verify their integrity on a regular basis, and check that their system effectively addresses the identified ML risks.

  • Standard or group settings are not reflecting Luxembourg business models and target populations for such controls, resulting in blind spots regarding the risks they should identify.

  • Generating volumes of “false positive” alerts, that distracts organisations from the real risks, in addition to having significant costs and resource implications.

  • A risk-based approach to perform monitoring and screening activities that is not in line with regulatory inspections or internal requirements. 

  • The distinctions between ad-hoc screening and transaction monitoring vs. ex-post monitoring scenarios is not easy to integrate in the overall ongoing monitoring requirements.

  • Poor data quality, accuracy or incompleteness. Even if powerful technology is available today to handle large volumes of transaction monitoring and screening, the underlying data often remains a bottleneck, with data completeness and data quality being the biggest reasons for ineffective monitoring and screening activities.

How PwC can help

PwC can assist with in solving these challenges in a variety of different ways, such as: 

  • Health Check / Surveillance Program Diagnostic

    • Defining and assessing the holistic ongoing monitoring requirements consisting of ad-hoc, ex-ante and ex-post control points for transactions monitoring and 

    • Verifying if transaction monitoring and screening is effective and efficient.

    • Performing a thorough analysis of the data for the detection of risk factor situations triggering red flags.

    • Performing data quality assessment for completeness, format,  consistency, and integrity of the data gathered in the transaction monitoring tool.

    • Performing tool testing and identification of weaknesses in internal procedures (e.g., training & controls).

  • Optimisation

    • Performing an assessment of the currently implemented transaction monitoring system to identify areas for improvement. 

    • Assessing the effectiveness of the screening rules and “fuzzy logic” settings.

    • Fine Tuning scenarios/settings and assessing their effectiveness and efficiency.

    • Performing a data quality assessment and data processing (extract, transform and load).

    • Creating a rulebook and evaluating current rules and thresholds.

  • Post Alert Management

    • Performing a transaction monitoring and screening lookback: identifying patterns, risk priorities, and visualisation.

    • Performing backlog management for transaction monitoring and screening through automatization and analysis.

    • Performing SAR process optimization through enabling synergies and standardisation for SAR management and submission.

    • Executing a managed solution. 

    • Performing screening services and review of alerts to handle or remediate backlogs. 

    • One-off or regular assistance. 


Know your Assets - AML/CTF Risk Scoring of Assets

In Luxembourg, Investment Fund Managers and Investment Funds are required to give an AML/CTF risk score to their assets. All investment funds, UCITS and Alternatives (“AIFs”) are required to do so. They must be in a position to explain their AML/CTF risk scoring methodology and demonstrate their AML/CTF risk score to the Luxembourg regulator, the Board of Directors, and others as relevant. This risk scoring must be kept up-to-date. 

AML/CTF Risk Scoring of Investment Fund Assets

CSSF Regulation 12-02, as amended, requires investment funds to carry out an analysis of the ML/TF risk posed by investments and take due diligence measures adapted to the risk assessed. Such analyses must be formalised. The risk analysis on investments must be reviewed annually and when particular events require it.” This AML/CTF asset risk assessment requires that the investment fund/investment fund manager has a methodology in place for each investment strategy. This methodology needs to respect the risk assessment guidelines provided by the Financial Action Task Force, the European Banking Authority and Luxembourg regulators. This task may, at times, be executed by the portfolio manager under the responsibility of the Investment Fund Manager. PwC has developed a digitalized solution for UCITS and all types of alternative investment strategies. 

Your challenges

The investment fund, which is required to understand its AML/CTF asset risk, needs to receive the asset scoring results in a coherent, compliant, and understandable manner on a regular, at least annual, basis. The Responsible du Contrôl (RC) of anti-money laundering compliance is required to have a process in place, collect data and execute the scoring in line with Luxembourg AML/CTF regulations. The key challenges are:

  • Ensuring that a methodology for inherent and residual risk is in place and up to date with the evolving regulatory guidance,

  • Ensuring that the updated AML/CTF risk-based approach of the company is reflected, 

  • Ensuring that data required to do the assessment is collected and collated accurately into the model,

  • Ensuring that the calculation is accurate and in line with the company’s risk appetite, 

  • Producing regular reports that are relevant and telling for the company’s management, the Board of Directors, and the Luxembourg AML regulators (CSSF and AED).  

How PwC can help

At PwC we have developed a digital solution that allows to follow a process, which is compliant, efficient, and effective.  With the help of our digital solution and the support of our AML/CTF experts, you can get this right. Our team helps you to

  • Ensure that the risk factors are kept up to date with regulations, considering the data available at your company and working on a must-have basis,   

  • Incorporate your AML/CTF risk-based approach and AML/CTF risk appetite into our digital solution, 

  • Support you in collecting and inserting the required data accurately and completely, 

  • Give you access on a continuous basis to the asset risk assessment via the PwC platform, and

  • Help you to tailor the output to your specific reporting requirements.


Business Wide Risk Assessment

Luxembourg professionals subject to the AML/CTF laws and regulations are required to understand and assess the AML/CTF inherent and residual risks to their entity on an annual basis, or update it, when significant events, which have an impact on these risks, occur.  

Understanding and assessing your entity’s AML risk

Each professional subject to the AML/CTF laws and regulations must appoint a Responsable du Controle (RC) to ensure that AML/CTF compliance is managed. For the asset management industry, each investment fund manager, each investment fund and each AIF is in scope.  One of the tasks for the RC is the data collection and labor intensive process of creating and maintaining their company’s AML/CTF risk assessment. To start with,  the assessment must consider the evolving risk factors and guidelines provided by the Financial Action Task Force (FATF); European Banking Authority (EBA), and the Luxembourg AML/CTF regulators. Then, the methodology to assess inherent and residual risks must be developed: data and information on internal controls needs to be collected. Finally, the inherent and residual AML/CTF risks of the company are calculated and reported to senior management, the Board of Directors and the regulators. 

Your challenges

It is a continuous challenge for RCs to organise the process and data collection for their organisation’s AML/CTF Business Wide Risk Assessment (BWRA):

  • Ensuring the methodology for inherent and residual risks is in place and reflects the evolving regulatory guidance.

  • Ensuring that the AML/CTF risk-based approach remains effective and proportionate.  

  • Ensuring the relevant data is collected and collated accurately into the model.

  • Ensuring the calculation is accurate and in line with the company’s risk appetite. 

  • Ensuring accurate reporting to the company’s management, the Board of Directors and the Luxembourg AML regulators (CSSF and AED).  

How PwC can help

At PwC we have developed a digital solution to render the process compliant, efficient and effective. Combining our digital solution with the support of our AML/CTF experts, we can help you get this right. Our team of experts:

  • Ensure your inherent and residual risk factors remain up to date with regulations.  

  • Support you in collecting and inserting the required data accurately and completely.

  • Give you access on a continuous basis to the risk assessment via the PwC platform.

  • Integrate your AML/CTF risk-based approach and risk appetite into our digital solution. 

  • Support you to tailor specific outputs for your reporting requirements. 


Contact us

Birgit Goldak

Risk Assurance Partner, AML Services Leader, PwC Luxembourg

Tel: +352 49 48 48 5687

Roxane Haas

Audit Partner, Banking, People Leader, PwC Luxembourg

Tel: +352 49 48 48 2451

Lionel Nicolas

Advisory Partner, Financial Services Consulting Leader, PwC Luxembourg

Tel: +352 49 48 48 4172

Michael Weis

Advisory Partner, Forensics & Anti-Financial Crime Leader, PwC Luxembourg

Tel: +352 49 48 48 4153

Anthony Dault

Audit Partner, Insurance, PwC Luxembourg

Tel: +352 49 48 48 2380

Follow us

Required fields are marked with an asterisk(*)

Please select the service(s) you are interested in and would like to discuss further

Please select the industrie(s) you are interested in and would like to discuss further

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.