The administrative penalty on Abrdn Investments Luxembourg S.A., which was announced by Luxembourg’s Financial Sector Supervisory Commission (CSSF) on 12 July 2024, came after an on-site inspection carried out between 22 April and 19 June 2020. Archive photo: Romain Gamba/Maison Moderne

The administrative penalty on Abrdn Investments Luxembourg S.A., which was announced by Luxembourg’s Financial Sector Supervisory Commission (CSSF) on 12 July 2024, came after an on-site inspection carried out between 22 April and 19 June 2020. Archive photo: Romain Gamba/Maison Moderne

Luxembourg’s Financial Sector Supervisory Commission (CSSF) has imposed an administrative fine of €126,200 on the investment fund manager Abrdn Investments Luxembourg S.A. for non-compliance with professional obligations related to general organisational requirements, oversight of delegates and AML/CFT.

The Financial Sector Supervisory Commission (CSSF) announced in a that it had imposed an administrative sanction of €126,200 on the investment fund manager Abrdn Investments Luxembourg S.A. for non-compliance with professional obligations related to general organisational requirements, oversight of delegates and anti-money laundering/counter financing of terrorism. The fine was imposed on 2 April 2024 and came after an on-site inspection carried out by the CSSF between 22 April and 19 June 2020.

The administrative fine is split into two parts, the CSSF noted in its communiqué. An amount of €109,000 was imposed for failing to comply with a law “regarding the requirements to have sound administrative procedures and adequate internal control mechanisms” and “regarding the supervision of delegates.”

The remaining amount of the fine--€17,200--was imposed for failure to comply with a law on anti-money laundering/counter financing of terrorism (AML/CFT) and customer due diligence obligations.

In determining the type and amount of the sanction, the CSSF said that it took into consideration the “nature, gravity and duration of the breaches existing at the time of the on-site inspection,” the conduct and past record of the manager, and “the fact that the manager provided a detailed action plan and initiated remedial actions in order to resolve the breaches identified.”

Delano contacted Abrdn for comment. In response, an Abrdn spokesperson said: “This relates to a governance inspection undertaken within our Luxembourg business back in March 2020. As acknowledged by the CSSF, we subsequently took action to remedy the issues identified. There has been no impact to any of the funds that our clients invest in.  We are committed to ensuring that we meet all of our regulatory obligations and delivering high standards in our controls and business processes.”

Details of the breaches

The CSSF provided additional information with regards to the non-compliance that it identified. These include:

- “The manager did not have a clear understanding of its distribution network in terms of role and involvement of the entities composing its distribution network.”

- “The manager had not established a cloud register and had not performed a risk assessment for the cloud applications used.”

- “The CSSF identified that no management information was reported to the executive committee with regard to IT continuity management and that the manager did not define any recovery point objectives, evidencing the implementation and maintenance of an effective business continuity plan.”

- “The manager encountered delays in the performance of its periodic due diligences on distributors” and “had not implemented a multi-year due diligence plan.”

- “The manager delegated some IT activities to its group. In that regard, the CSSF observed that the conclusion of the periodic due diligence performed by the manager relied on the ISAE3402 control’s report of the manager’s group. However, this control report covered only a small portion of the applications used by the manager.”

- “The CSSF concluded that, at the date of the inspection, the manager had no sound administrative procedures, internal control, and safeguard arrangements for electronic data processing. In addition, the CSSF concluded that the manager did not perform a proper oversight of its distribution network and delegated IT activities.”

- “For one delegate acting as distributor for the manager, the CSSF observed that the agreement had been signed before the completion of an initial due diligence, including the collection of AML/KYC documentation on the intermediary, its representatives and its beneficial owners.”

- “For two delegates acting as distributors for the manager and for which due diligences should have been performed on a yearly basis as per the manager’s internal policies, the CSSF observed that, after a delay of two years, the due diligences were still not completed.”

- “For five delegates acting as distributors for the manager, the CSSF observed that the manager did not perform initial name screenings controls against international and European financial sanction lists and PEP [politically exposed persons] lists in due time.”

Related articles