EU states have been slowly implementing the requirements made into law on 20 May 2015 regarding the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, in accordance with the 4th AML/CFT Directive (AMLD 4), Directive 2015/849. The latest is Luxembourg, whose parliament published two draft laws to implement transparency measures on 6 December last year. Both are intended to create central registers of beneficial owners, one of the main thrusts of AMLD 4. They do not cover listed firms in Luxembourg, which are covered by other AML laws, but do cover other business entities.

With Luxembourg becoming a prime location venue for investment firms, banks, and other financial services companies as a result of Brexit, the new laws in Luxembourg become especially relevant. Luxembourg is notoriously against so-called “letter box” offices, where companies merely obtain an address without having an actual operation in the country, so all foreign and domestic companies operating there are required to do so to the fullest extent.

While the new laws provide for transparency, they also provide for some specific safeguards against improper access to the registers. Laurent Thailly, a partner in law firm Ogier’s Luxembourg office, said: “As far as timing goes, it’s very difficult to anticipate at this stage. Each draft bill in principle needs to pass through two rounds of voting, with three months in between. At the moment they are in the revision stage of the Judicial Commission of the Chamber of Deputies and of the Budget and Finance Commission. Both Commissions have the right to suggest amendments.”

Luxembourg, however, is already late in transposing this EU law, as most states have already done so. “A good number of countries have already enacted the law … Denmark, Ireland, France, Hungary, Finland, for example,” Thially says. “Member states have a deadline for transposition of the Directive and the Commission monitors the implementation; if there’s a delay, the country may face a fine. It’s not typical for Luxembourg to be late like this.” Indeed, the country is likely to be in trouble with the European Commission if it does not move quickly.

“There is an infringement procedure launched by the Commission against Luxembourg,” said Thailly, “because Luxembourg is running late in transposing the Directive, and that may put some pressure on the country to accelerate the process.”

The first law establishes a register of beneficial owners of companies and other legal entities, and the second is a register of trusts and their owners.

Bill 7217 puts into place Article 30 of AMLD 4 as well as Financial Action Task Force Recommendation 24 (FATF). It also introduces new obligations on their own beneficial owner(s), along with criminal provisions aimed in particular at ensuring the effectiveness of the new provisions. This register will be managed by Luxembourg’s Registre de Commerce et de Sociétés (RCSL), which already manages the Trade and Companies Register. 

Bill 7216, establishes a “Register of Trusts” in the Registrar and Estate Administration, in which “trustees established in Luxembourg will have to enter information on the identity of beneficial owners of trusts that produce tax consequences,” according to the release. It transposes Article 31 of the AMLD 4.

While these are draft laws and must go through debate, and could therefore be amended, they are in line with AMLD 4 and are unlikely to change that much. Thailly commented: “I would not expect any substantial amendments, but we have seen in Luxembourg recently some comments from the Superior Court and the Auditors Chamber where they criticize a lack of clarity on few technical points. Any changes that may result from this will result in clarifications rather than rewriting the law.”

The beneficial owner register will be referred to as REBECO and will include all entities except for those whose securities are traded on a regulated market in Luxembourg, in an EU Member State, or in the European Economic Area (EEA). Access to the register is open to:

National authorities (including prosecution authorities, supervisory authorities such as the financial sector supervisory authority (Commission de Surveillance du Secteur Financier or “CSSF”) or the insurance supervisory authority (Commissariat aux assurance) and tax authorities)

Self-regulating entities (including the bar counsel, chamber of notaries, and independent auditor institute (Institut des réviseurs d’entreprises or IRE))

Professionals subject to due diligence obligations under the AML/CFT law, notaries, lawyers, accountants, banks, etc.

Resident persons and organisations “demonstrating a legitimate interest”

The information included in REBECO must also be kept current at the entities registered office and must also be available to professionals subject to know your customer (KYC) duties, such as banks, asset managers, etc. Under exceptional circumstances, an entity may request that access to REBECO be limited to the national authorities, if wider access would expose the ultimate beneficial owner(s) to the risks of fraud, kidnapping, blackmail, violence or intimidation, or when the ultimate beneficial owner is a minor or incompetent. “The list of entities and persons who can request restricted access is a good broad coverage,” said Thailly. “A balance is being struck between AML requirements and personal data protection and business freedom. Potential concerns would be identity theft and improper access to the beneficial owner information of an entity where no legitimate reason to access exists.”

Non-compliance will lead to fines ranging from €1,250 (U.S.$1,530) to €1,250,000 (U.S.$1,530,112). Entities will have six months to comply from the date the law is made final. There is also a statutory five-year record retention period following the dissolution of an entity.

The information to be registered in the REBECO includes the name, nationality, place and date of birth, personal address, and identification number (such as a tax identification number) of the beneficial owner(s), as well as the nature and extent of the participation they hold in the relevant entities. Any changes must be filed with the RCSL within one month.

The entities covered by Bill 7217 include:

Public limited companies (sociétés anonymes)

Private limited companies (sociétés à responsabilité limitée)

Partnerships limited by shares (sociétés en commandite par actions)

Common limited partnerships (sociétés en commandite simple)

Special limited partnerships (sociétés en commandite spéciale)


Civil companies

Economic interest groups (Groupement d'intérêt économique, GIE)

European economic interest groups (Groupement européen d'intérêt économique, GEIE)

Investment funds (fonds d’investissement)

Branches of non-Luxembourg companies appear to be excluded, because they will be covered by AML regulations in their home country. Thailly confirmed this, but qualified it: “If you are a foreign company which does incorporate as an entity in Luxembourg, you will be covered by this law. But if it’s just a branch, they will be covered by the laws in their home country.”

Bill 7216, covering the register of trusts, the Registre des Fiducies, is very similar to REBECO. The trust registry, however, will be electronically controlled and supervised by the Luxembourg Administration de l’enregistrement et des domaines (AED). All fiduciary agents must obtain and keep relevant information on the beneficial owners for whom they perform services and will be given an identification number by the AED.

The information in the register includes:

The identity of the settlor (the person(s) who created the trust)

The fiduciary agent

The protector (a third party hired to ensure the settlor(s)’ wishes are fulfilled)

The beneficiaries and any other person effectively controlling the trust

Also, access to the Registry of Trusts is limited to the national authorities.

Non-compliance with Bill 7216 can bring greater sanctions than a mere fine, though a fine of €1,250,000 is also possible. According to Ogier, non-compliance can also result in “a simple warning, a public declaration revealing the identity of the relevant natural person or corporate entity which should have been registered in the Fiduciaries Register, a temporary ban of up to five years on exercising any professional activities within the financial sector … depending on the seriousness of the infringement.”