When talking about sanctions, it is important to separate prudential measures of a preventive nature from administrative sanctions of a punitive nature. When we talk about prudential supervision, we are referring to a double mission: permanent supervision of all financial sector bodies--by monitoring compliance with the legislative and regulatory provisions in force--and prudential measures which aim at guaranteeing public confidence in the supervised entities and thus financial stability, such as a withdrawal of good repute.

Another prudential supervision mission consists in the supervision of financial asset markets. "All the CSSF's missions are necessarily carried out in the public interest", the CSSF insisted. Besides these two missions, there is also audit supervision and anti-money laundering supervision (AML). The latter, although different from prudential supervision, overlaps somewhat. “There are prudential risks if AML rules are not respected.”

The CSSF said that it applies the principle of legality--"we are only empowered to act when the law asks us to and gives us the possibility to do so”--and the principle of proportionality. And its administrative decisions, which can be appealed, are reviewed by administrative courts.

So how does the CSSF choose to supervise one financial institution rather than another? There is no room for chance in the process. All institutions under the supervision of the financial market watchdog must regularly provide it with information on their organisation and activities as well as various documents (audit, reporting, etc.).

These reports are analysed by what the CSSF calls the "offsite" supervision departments. There are five of them: one for banks, one for investment companies, one for the investment fund sector, one for specialised professional service providers (PSFs) and one for .

"All this information is fed into an analysis system that identifies risks by supervisory topic. These risks are classified into four categories: Low, Moderate, High, Very High". It is on the basis of this classification that the "offsite" departments propose to the "onsite" teams that they carry out on-site checks which they consider to be a priority and which will ultimately define their investigation programme for a year.

This programme can be adjusted or expanded in the event of denunciations or unforeseen events during the year. Since the recognition of the role of whistleblowers, the CSSF has created a team within its legal department which deals with these alerts and transmits them, if relevant, to the competent department. "And this may, if necessary, trigger an onsite inspection".

In addition to the teams that ensure the yearly planning, the CSSF has an ad hoc team--"very experienced inspectors”--that can intervene unexpectedly outside the established annual planning. It has an inspection plan that is not standard but "tailor-made". “Such ‘unannounced’ investigations may also be triggered following the publication of press articles”, according to the CSSF.

Onsite inspections

Once the target has been designated, how are the onsite inspections carried out? First of all, the CSSF teams define what they are looking for via a "risk based approach". Its checks are not always global, but may focus on a particular aspect of the activity of the controlled entity or on its riskiest procedures or on which the CSSF "has indications or doubts".

The CSSF usually sends a "letter of announcement" three weeks in advance in which a number of documents are requested. This is a prelude to a "kick-off meeting" where the audited persons and the auditors meet and where the course of the mission is defined, including the interlocutors the CSSF wishes to meet.

Once the onsite mission is over, the auditors start writing their report. The report will be validated internally before being presented to the audited entity during a "fact validation meeting". This is a key moment in the procedure. This report is in fact the first official communication made by the CSSF on which the institution can take a position.

This marks the beginning of a process during which the latter can formulate its observations in application of the principle of adversarial debate necessary for the protection of the rights of defence. Once this back-and-forth process is complete, the investigation file is closed and the facts are considered established. "A file is compiled for the prosecution and the defence.”

Sanction and education

Then comes the punishment phase. This file is then presented internally to the CSSF's hierarchy, which determines the nature of the regulator's action, which may be either a letter of observation, or a letter of injunction, or the launch of an administrative procedure in the presence of "findings" of a more serious nature.

"The purpose of sanctions is not so much to punish as to prevent, educate and dissuade", the CSSF argued. "Most checks do not lead to a sanction procedure. We have other tools such as observation letters and injunction letters."

For the institution, there is a level of compliance below which one should not go. Using non-contentious tools such as observation letters and injunction letters makes it possible to unify the interpretation of the regulations that the players in the marketplace may have. This is why the CSSF launches thematic monitoring missions with different players at the same time when there are major changes in regulations in order to draw conclusions in terms of best practices.

Only as a last resort is a sanction procedure launched. Of course, whichever route is chosen, any procedure leading to an administrative decision (whether it is a prudential measure or a sanction) is always adversarial and subject to appeal to the administrative court.

The cost of a reputation

The scale of sanctions is wide and can go as far as a ban on operating. But most of the time they are financial. And over time, they have become more substantial. Before various directives specified the elements of assessment to determine the sanction (seriousness of the fault, intentionality...) and a basis (the fine is based on the turnover and can reach up to 410% of it), the CSSF had no scale and could only impose a maximum fine of €250,000.

However, it is not so much the bill as the publicity of the sanction that is the most dissuasive. Under the current system, making all penalties public has become the principle. The CSSF can absolve itself of this principle if such publication would have a disproportionate effect on the sanctioned party. "Such as a risk of liquidation for example or the creation of turbulence in the markets.” These are consequences that the sanctioned entity must demonstrate during an adversarial exchange.

In some cases, the sanction can be anonymised. In particular, when entities have been taken over or have changed management between the establishment of the facts and the pronouncement of the sanction. "We consider that it would be harmful to mention this entity when people often stop at the headlines of the press releases. It would be unfair for newcomers to start their life in the financial market with such a negative image."

Fines represent less than 5% of CSSF’s budget

The publication is made once all legal remedies have been exhausted. This explains why it can often take several months between the pronouncement of the sanction and its publication.

The proceeds of the fines are allocated to the operating budget of the CSSF. This makes sense, as the costs of investigations can rise very quickly.

Due to their nature, their evolution is random, so they do not appear in the provisional budget. Historically, they account for less than 5% of the institution's budget, which is financed by the contributions of the supervised entities.

Read the original French version of this article on the site. This article was published for the Paperjam+Delano Finance newsletter, the weekly source for financial news in Luxembourg. .