The CRD VI Act pursues a dual objective: on the one hand, transposing CRD VI itself and, on the other, transposing Directive (EU) 2024/2994 and implementing Regulation (EU) 2024/2987, relating to the EMIR 3 package.
This alert focuses on the provisions transposing CRD VI through a series of amendments to the act of April 5, 1993 on the financial sector (the Banking Act 1993). This long-awaited reform addresses three key areas:
- The conditions under which third-country firms may operate in Luxembourg (see previous A&O Shearman article on EU law aspects)
- The strengthening of governance requirements, including the integration of environmental, social, and governance (ESG) risks into prudential supervision and governance arrangements
- New notification and approval requirements for M&A transactions involving credit institutions1, financial holding companies and mixed financial holding companies (see previous A&O Shearman article on EU law aspects)
1. Third-country banking access: What changes for non-EU firms?
1.1 Branch Establishment Requirement
Prior to CRD VI, Article 32(5) of the Banking Act 1993 provided for a local licensing regime pursuant to which third-country firms (TCF) had the option of providing banking services in Luxembourg on a purely cross-border basis, without any requirement to establish a local branch, by obtaining a licence from the Commission de Surveillance du Secteur Financier (CSSF).
This national licensing regime will be abolished upon the entry into force of the CRD VI Act. TCF will instead be required to establish a branch licensed by the CSSF in order to commence or continue providing core banking services in Luxembourg (the Branch Requirement)2. In addition, a series of local exemptions from Luxembourg licensing requirements existed in respect of the provision of lending services in Luxembourg. Non-EU banking entities will no longer have the option of relying upon such exemptions.
It should also be noted that the CSSF has not yet issued any guidance regarding the transitional steps to be taken by TCF that previously benefitted from a local licence under Article 32(5) of the Luxembourg Banking Act.
For further detail on the new CRD VI requirements applicable to EU branches of TCF (see previous A&O Shearman article on EU law aspects).
1.2 Exemptions from the Branch Requirement
However, faithfully transposing CRD VI, the CRD VI Act introduces four key exemptions from the Branch Requirement:
- Interbank exemption: Core banking services may be provided between two banks, even where one is established outside the EU.
- Intragroup exemption: Core banking services may be provided between entities within the same group, even where one is established outside the EU.
- MiFID exemption: The Branch Requirement does not apply where the TCF provides core banking services solely on an ancillary basis in the context of the provision of core MiFID investment services or ancillary MiFID services (as listed in Annex II, Sections A and C of the Banking Act 1993).
- Reverse solicitation with follow-on right: No branch is required where a Luxembourg client (whether professional or retail) approaches a TCF on its own exclusive initiative for the provision of core banking services. The TCF may then also provide services that are “necessary for, or closely related to” the initially solicited service, including where provided subsequently. However, the marketing of other categories of products, activities or services, and the solicitation through a third party3, are expressly prohibited without a branch. TCF must be able to provide documents evidencing the client’s initiative in requesting specific services.
1.3 Grandfathering of existing contracts
The CRD VI Act includes the grandfathering provision, preserving clients’ acquired rights under contracts entered into before July 11, 2026. TCF may continue to perform such pre-existing banking contracts without establishing a Luxembourg branch, provided the services remain unchanged.
1.4 Territoriality approach under Luxembourg law
As mentioned in section 1.1 above, the Branch Requirement is only intended to capture activities carried out “in Luxembourg”.
The CRD VI Act does not define what constitutes the provision of a service “in” Luxembourg. However, the accompanying parliamentary commentary (the Commentary) notes, in line with recital 6 of CRD VI, that the Branch Requirement applies only to activities carried out within Luxembourg territory and refers to the “characteristic performance” test as a means of determining whether a TCF is providing services in Luxembourg.
This approach reflects Luxembourg’s long-standing regulatory practice, which draws on the European Commission’s Interpretative Communication 97/C 209/04. The Commentary indicates that a banking activity carried out entirely and exclusively on a remote basis from a third country, without any relevant nexus to Luxembourg, may fall outside the scope of the Branch Requirement.
As a result, the question of whether a TCF’s activities are carried out in Luxembourg must be established on a case-by-case basis, having regard to the specific facts and circumstances of each situation.
The foregoing remains subject to potential further clarifications or guidance from the CSSF that could refine the application of these principles. Therefore, TCF should monitor potential developments on this topic closely.
1.5 Situation of existing Luxembourg branches of TCF
The CSSF may allow existing TCF licences granted under the previous regime by January 10, 2027 to remain valid, provided the branches concerned comply with the requirements of the new regulatory framework.
2. Clarification and strengthening of governance requirements
The CRD VI Act clarifies and strengthens, on several points, the governance of credit institutions and CRR investment firms approved by the ECB or the CSSF (together, CRR Institutions). Further guidance in this respect will be made available when the revised version of the EBA Guidelines on internal governance is published.
2.1 Terminological clarifications
The CRD VI Act adjusts certain concepts in the Banking Act 1993 in order to align the terminology used therein with the CRD VI concepts. In particular, the CRD VI Act replaces the concept of “direction autorisée” (authorised management) with “direction générale” (senior management).
For CRR Institutions and BRRD institutions4, this term designates natural persons exercising executive functions who are not members of the management body and who are responsible for the daily management of the institution under the direction of the management body. It is therefore a new regulatory category which sits between members of the management body in its management function5 and key function holders (as this latter concept is now formally defined in the Banking Act 19936).
2.2 New obligations introduced in respect of internal control governance framework
CRR Institutions are required to maintain (and upon request, provide to the CSSF) up-to-date individual records specifying the roles and responsibilities of all members of the management body in its management function, senior management and key function holders, as well as a function mapping of the governance framework.
Risks related to ESG as well as crypto-asset exposures and the provision of crypto-asset services (as defined in MiCAR (Regulation (EU) 2023/1114)) are added to the risks to be managed through the internal control framework of CRR Institutions. Further details on the obligations regarding the management of ESG risks are provided in section 2.4 below.
Finally, in several provisions, the term “risk control function” is replaced by “internal control function”, thus broadening the scope of certain obligations to all internal control functions.
2.3 Strengthening of requirements regarding notification of appointments and fit and proper assessments
(a) Reinforcement of notification and suitability assessment requirements for management body members (credit institutions and investment firms).
The CRD VI Act amends the Banking Act 1993 to provide for a procedure for the ex-ante suitability assessment of management body members. Credit institutions are required to submit to the CSSF an application for a suitability assessment (together with all supporting documentation as listed in the Banking Act 1993) as soon as possible and in any event when there is a clear intention to appoint a member of the management body, and at the latest 30 working days before the proposed date on which the prospective member is to take up the position. This process is largely aligned with the already existing process which was set out in a CSSF prudential procedure.
For consistency reasons, the Banking Act 1993 is further amended to provide for a similar suitability assessment procedure for members of the management body of investment firms.
(b) “Fit and proper” requirements for the management body and key function holders (CRR Institutions).
The CRD VI Act strengthens the fit and proper requirements applicable to members of the management body and extends them to key function holders. The assessment criteria are specified to explicitly include good repute, honesty, integrity, sufficient knowledge, skills and experience, as well as independence of mind for the management body. It is now expressly provided that the absence of a criminal conviction or of ongoing prosecutions for a criminal offence is not in itself sufficient to satisfy the requirement of good repute.
In accordance with CRD VI, the CRD VI Act strengthens the independence and powers of the CSSF. The CSSF is empowered to verify, on an ongoing basis, the suitability of members of the management body, the heads of internal control functions and the chief financial officer. In case of failure to meet the suitability criteria, the CSSF has the power to prevent ex ante a candidate to one of these positions from taking up the position, to remove the person ex post, or to require additional measures.
2.4 ESG risk management strategies, policies and systems
The CRD VI Act transposes the CRD VI requirements relating to the short, medium, and long-term (at least ten years) consideration by CRR Institutions of ESG risks and factors in their internal governance and risk management frameworks, subject where relevant to the application of a proportionality principle:
- CRR Institutions must have, within their governance framework, robust strategies, policies, processes and systems for identifying and monitoring ESG risks in the short, medium and long term (with a long-term horizon of at least ten years).
- The management body must draw up specific plans containing quantifiable targets and processes for monitoring and addressing financial risks arising from ESG factors (consistent, where applicable, with the transition plans required under the CSRD). The plans must be regularly reviewed (at least every two years).
- CRR Institutions are required to include the long-term adverse effects of ESG factors in the scenarios of the resilience tests (known as “stress tests”) they conduct.
- Remuneration policies and practices must enable and promote sound and effective risk management, taking into account the institution’s risk appetite as regards ESG risks, and the risk committee (without prejudice to the tasks of the remuneration committee) must examine whether the incentives built into the remuneration system properly reflect the risks arising from ESG factors.
- The human and financial resources allocated to the induction and training of the management body must now expressly cover ESG risks and impacts. The management body must collectively possess the knowledge, skills and experience needed to understand the institution’s activities and main risks, including ESG-related impacts.
- The CRD VI Act further specifies the powers conferred on the CSSF in the context of supervising these ESG risks such as the power to require CRR Institutions to reduce the risks arising from ESG factors if necessary.
3. New regime for material transactions
The CRD VI Act implements the new CRD VI comprehensive framework for the notification and assessment of material transactions carried out by credit institutions, financial holding companies and mixed financial holding companies (together the Supervised Entities).
Acquisition or disposal of a material holding: The new regime (Articles 53-46 to 53-49 of the Banking Act 1993) requires a prior written notification to, and assessment by, the CSSF of the direct or indirect acquisition of a material holding by a Supervised Entity7. Disposal of such a holding requires prior notification only (with no assessment). There was no equivalent pre-existing regime under Luxembourg law. Notably, the process for the acquisition or disposal of a qualifying holding in a credit institution is slightly amended for harmonisation purposes with this new notification process.
Material transfers of assets and liabilities: The new regime (Article 53-51 of the Banking Act 1993) requires a prior written notification to the CSSF when a Supervised Entity is involved in a material transfer of assets or liabilities8. There was no equivalent pre-existing regime under Luxembourg law.
Merger or demerger: This new regime (Article 53-53 of the Banking Act 1993) will require a prior notification and (subject to certain exemptions) an assessment of any transfer of all or parts of the assets/liabilities of a Supervised Entity into a single acquiring entity (merger) or one or more entities (demerger). There was no equivalent pre-existing regime under Luxembourg law.
4. Entry into force and next steps
The provisions of the CRD VI Act relating to the new Branch Requirement will enter into force on January 11, 2027, with the exception of the new reporting requirements9 which entered into force on January 11, 2026, and the grandfathering provision10 which enters into force on July 11, 2026. The remaining provisions of the act entered into force on May 10, 2026.
Footnotes
1. Within the meaning of Article 4 (1) (1) of Regulation (EU) No 575/2013 on prudential requirements for credit institutions, as amended (CRR).
2. Core banking services encompass deposit-taking, lending and the provision of guarantees and commitments. The scope of the Branch Requirement varies depending on the type of core banking service at issue and the regulatory characterisation of the TCF concerned. As regards lending and the provision of guarantees and commitments, the Branch Requirement applies only to TCF that would qualify as credit institutions within the meaning of CRR if they were established in the EU. By contrast, as regards deposit-taking, the Branch Requirement applies to all TCF regardless of their regulatory status. The practical consequence of this distinction is that, for example, loan origination by non-bank entities such as third-country investment funds would not trigger the Branch Requirement, whereas any deposit-taking activity by any TCF would fall within its scope.
3. An entity acting on its own account or having close links with that institution, or any other person acting on its behalf.
4. The concept is defined differently for other types of Luxembourg-regulated professional of the financial sector.
5. I.e. the management body acting in its role of directing an institution and including the persons who effectively direct the business of the institution.
6. It refers to persons who exercise a significant influence over the direction of a CRR Institution, but who are not members of the management body (including the heads of internal control functions and the chief financial officer).
7. Notification mentions the amount of the contemplated acquisition and relevant information specified in Article 53-47 (5) of the Banking Act 1993. A holding is considered material where it is equal to or exceeds 15% of the prospective acquirer’s eligible own funds. Only the holding the prospective acquirer intends to acquire is taken into account for the purposes of determining the threshold, to the exclusion of holdings already held. The competent authority has an assessment period of sixty working days and assesses the prospects for sound and prudent management by the prospective acquirer.
8. Each entity participating in the same operation must notify. A transaction is considered material where it represents at least 10% of the entity’s total assets or liabilities, or 15% for intragroup transactions. For (mixed) financial holding companies, the basis for the calculation is the consolidated total assets. Certain transfers are excluded from the calculation, including those involving non-performing assets, assets intended to be securitised, or assets transferred in the context of resolution mechanisms.
9. Articles 32-14 and 32-15 of the Banking Act 1993.
10. Article 73(2) of the Banking Act 1993.
