This circular, entering into force on 30 September 2021, is addressed to all Supervised Entities of the financial sector and is aimed to frame the governance and security requirements such entities must comply with when employing Telework solutions.
Contrary to previous requirements, the implementation of Telework by Supervised Entities will not necessitate any prior approval by the CSSF. The CSSF will however monitor compliance of these entities with this circular and amend these requirements if necessary.
For further information, the Circular 21/769 is available here.
In more detail
With the circular 21/769, the CSSF defines requirements (both organisational and technical) to ensure an adequate governance and protection level when implementing Telework solutions.
This circular provides guidance on the governance and security requirements to ensure Supervised Entities define appropriate policies, procedures and processes and supply appropriate resource (both human and technical) for Telework management.
Who is impacted?
This circular directly applies to supervised entities including their branches in Luxembourg or abroad. It also applies to Luxembourg branches of entities originating from outside of the European Economic Area.
What are the main aspects?
Below is an abstract of requirements and advice provided by the CSSF in this circular:
Telework solutions have become an integral part of entities operating model, especially given the current sanitary crisis context. The implementation of such solutions, which was previously subject to a prior approval by the regulator, is now to be aligned with the requirements of circular CSSF 21/769, given the inherent risks of remote connections to systems and data of Supervised Entities.
In principle, all staff, regardless of its function, may be allowed to Telework within the limits of circular CSSF 21/769, which are notably related to the robustness of the central administration as well as the security of systems and data.
Our Governance, IT security and IT regulatory experts can support you in ensuring that these requirements are fully understood and complied with when implementing or maintaining your Telework solutions.
1. PwC Luxembourg (www.pwc.lu) is the largest professional services firm in Luxembourg with 2,800 people employed from 77 different countries. PwC Luxembourg provides audit, tax and advisory services including management consulting, transaction, financing and regulatory advice. The firm provides advice to a wide variety of clients from local and middle market entrepreneurs to large multinational companies operating from Luxembourg and the Greater Region. The firm helps its clients create the value they are looking for by contributing to the smooth operation of the capital markets and providing advice through an industry-focused approach.
2. The PwC global network is the largest provider of professional services in the audit, tax and management consultancy sectors. We are a network of independent firms based in 155 countries and employing over 284,000 people. Talk to us about your concerns and find out more by visiting us at www.pwc.com and www.pwc.lu.
Regulatory & Compliance Advisory Services - Banking - Managing Director, PwC Luxembourg
Tel: +352 49 49 48 4169
Regulatory & Compliance Advisory Services - Banking - Partner, PwC Luxembourg
Tel: +352 49 48 48 2245
Cybersecurity Leader, PwC Luxembourg
Tel: +352 49 48 48 2096