LU - CSSF requirements on governance and security in case of teleworking


On 9 April 2021, the Commission de Surveillance du Secteur Financier published circular CSSF 21/769 on governance and security requirements for supervised entities to perform tasks or activities through teleworking.

This circular applies under normal general working conditions and does not apply in a pandemic situation (such as COVID-19). The circular mentions the need to develop a telework policy laying down the framework and limits for authorising telework. Additionally, as part of their internal controls, supervised entities should carry out a risk analysis to identify the risks inherent in the introduction of telework, particularly operational, legal, compliance, as well as information and communication technology (ICT) risks, and take the necessary measures to ensure that the residual risk is kept at acceptable levels.

Head of Knowledge Management Strategy and Market Infrastructure - SGSS