In a , CSSF said, “This fine was imposed following a CSSF on-site inspection that had started in 2021 and targeted the management of IT risks. During this on-site inspection, the CSSF detected infringements relating to internal governance and IT organisation, IT outsourcing and IT risk management. These infringements were generally acknowledged by the Bank’s new authorised management.”
A spokesperson for EDB, the Luxembourg-headquartered provider of banking, depositary and custody solutions, stated: “The fine arose following an on-site inspection carried out between November 2021 and May 2022, and relates to IT governance and oversight in place at the time of the inspection. In response to the CSSF’s findings and as part of our ongoing transformation process, EDB has implemented a comprehensive programme of corrective actions.”
Following the assessments, EDB, which is part of the Apex Group, made changes in the as well as .
“Today, many of the CSSF’s recommendations have been implemented, including the strengthening of the executive management board and board of directors with the appointment of experienced industry leaders. As the largest service provider in Luxembourg, Apex Group takes seriously its commitment to upholding the highest of risk, compliance and governance standards across all our business subsidiaries,” said the spokesperson.
EDB, founded in 1973 in Luxembourg as a subsidiary of Hamburg based private bank M M Warburg & Co, was acquired by Apex Group Ltd in 2019.