What are you looking for?

Newsfeed
February 17, 2026

CSSF updates crypto-assets FAQ for investment funds following MiCAR implementation.

The Commission de Surveillance du Secteur Financier (“CSSF”) has updated its FAQ – Crypto Assets – Undertakings for collective investments (the “FAQ”) to clarify how UCITS, AIFs, investment fund managers (“IFMs”) and depositaries may engage with crypto-assets, whilst outlining supervisory expectations regarding risk management and AML/CFT controls.

UCITS

UCITS may obtain indirect exposure to crypto-assets up to 10% of their NAV, provided that such indirect exposure is via eligible transferable securities, the instruments do not embed derivatives and the assets qualify as transferable securities under the Law of 17 December 2010 relating to undertakings for collective investment.

The FAQ further highlights that investment in crypto-assets presents considerable risks relating to volatility, potential illiquidity and technological risks and thus exposure to such assets is to be adequately integrated into the investment policy of the UCITS, whilst ensuring the necessary adequate internal control functions, specifically those relating to approving new products/investment strategies.

UCITS management companies are to undertake a case-by-case assessment of the impact of such investments on the risk profile of the UCITS and are to update their risk management policies accordingly. The FAQ further highlights that investors are to be informed in a timely and transparent manner of such foreseen crypto-asset investments, whilst also updating the necessary fund documentation and informing the CSSF in advance of any such plans.

Regulation (EU) 2023/1114 (“MiCAR”) excludes from its scope crypto-assets that qualify as financial instruments (e.g., shares in crypto-related companies), meaning such investments are not subject to the 10% indirect crypto limit.

AIFs

AIFs may invest directly or indirectly into crypto-assets falling within the scope of MiCAR, however should AIFs be marketed to retain investors (other than well-informed investors) a 10% NAV cap applies.

As with UCIT management companies, AIFMs are to conduct detailed risk analysis, update their risk management and valuation policies, ensure adequate internal controls and provide transparent and timely investor disclosures.

IFM Authorisation to manage funds investing in crypto-assets

The FAQs have clarified that each IFM, managing AIFs (whether regulated or not), investing in crypto-assets exceeding 10% of their NAV are required to obtain prior authorisation from the CSSF for the “Other-Other Fund-Crypto-assets” strategy. The CSSF is to receive detailed documentation/information on: i) the investment strategy and service providers; ii) direct vs indirect exposure analysis; iii) updated risk management and valuation frameworks; iv) portfolio manager expertise in crypto-assets; v) custody arrangements and control over cryptographic keys; vi) target investor profile and distribution strategy; and vii) AML/CFT risk assessment on the asset side.

Should the crypto-exposure be achieved through one or several target funds and thus indirect in nature, the above “Other-Other Fund-Crypto-assets” licence extension is not required. However, when the AIF invests more than 20% of its NAV in one or several target funds, the IFM authorisation for the “fund of funds” strategy is required.

AML/CFT Considerations

The FAQs highlight the heightened risk of Money Laundering, Terrorist Financing and Proliferation Financing through the use of investments in crypto-assets. The CSSF highlights that the mitigation measures implemented must be proportionate to such increased risks and that the RC (Responsable du Contrôle) and RR (Responsable du Respect) are to demonstrate adequate understanding of crypto-related risks.

The FAQs further highlight that as per Article 34 of RCSSF 12-02 (as amended), when undertaking an investment, the IFM and fund must complete the necessary ML/FT scoring of the asset and perform an AML/CFT due diligence in line with the computed risk scoring – reference is made to the “Vertical Risk Assessment on Virtual Assets Service Providers” published in December 2020 to assist with such scoring.

Luxembourg Depositaries

The FAQs confirm that Luxembourg based depositaries may act for funds investing directly in crypto-assets subject to such depositaries, implementing the appropriate operational and organisational models, have the necessary arrangements in place to address safekeeping and the applicable technological risk and furthermore they must notify the CSSF in advance before taking on such mandates.

As reflected in the updated FAQ, fund initiators and IFMs seeking exposure to crypto-assets are expected to engage proactively with the CSSF at an early stage to ensure that operational arrangements, risk management and valuation frameworks, custody models, and AML/CFT controls are appropriately calibrated to the specific characteristics and risks of crypto-assets.

Get in touch with our Luxembourg team to discuss how these developments may impact your fund strategy and how we can support you with structuring, regulatory engagement, and compliance readiness.

Share

Go Back

Author

Neil Bezzina

Senior Associate (Luxembourg)
View Profile

Related Articles

More Insights
Newsfeed image
Events
February 17, 2026

Stuart Firman to speak about the role of the company secretary in a digital age
Newsfeed image
Practice news
February 16, 2026

2026 RAIFs AML/CFT Reporting
Newsfeed image
Practice news
February 13, 2026

MiCA & EMTs: EBA advises industry as grace period is ending
01
image

How can we assist?

Contact us