Get ready with Finologee to be compliant with the Central Electronic Data Retrieval System (CEDRS)
The Luxembourg ‘Central Register Law’ (Law of 25 March 2020 establishing a central data retrieval system for bank, payment accounts and safe-deposit boxes) is implementing certain provisions of EU Directive 2018/8431 (the “5th AML Directive”) by establishing a central electronic data retrieval system (CEDRS), which enables the identification of any natural or legal person holding or controlling payment accounts, bank accounts identified by an IBAN and safe-deposits boxes in Luxembourg, in a timely manner. The CSSF Circular 20/747 published on 23 July 2020 contains the technical arrangements related to the application of the Law of 25 March 2020.
The system to be set up requires each financial industry professional that is in scope of the Law to create a file on a daily basis containing the whole client data set as defined by the regulator. The CSSF, in its capacity of ‘Central Repository Supervisor’, will access said file by means of a secure procedure to be able to carry out queries on these data sets. The deadline to implement this technical infrastructure is scheduled on 10 September 2020.
On a daily basis and in a system that is available (24 hours/7-days a week) permanently, each Luxembourg bank needs to make available all required data (IBAN number, account holder’s name, surname, date of birth, nationality, ID document type and number, validity information …, as well as additional information for legal entities) in relation to the accounts and safe-deposit boxes held in its books in a defined format and using a specific protocol. The data to be shared is defined by the CSSF and needs to be up to date, true and accurate.
To be ready by 10 September, 2020, each bank will have to:
- Gather and centralise all required information on accounts and safe-boxes deposits through possibly several systems (if not yet available in a central location/system),
- Prepare the information file in the expected format
- Build the required OpenAPI implementation for file retrieval by the CSSF
- Prepare the enrolment with the CSSF via a secured channel and plan the testing phase
- Process result notifications returned by the CSSF and handle errors
- Operate this infrastructure over time and keep the file up to date for the daily retrieval by the regulator
Finologee can provide a fully outsourced and compliant technical gateway enabling banks to share account and safe-deposit box holder data with the CSSF to be able to meet the rather tight deadline of September 10th 2020 to finalise this implementation that applies to all banks. Deployment is done strictly in accordance with CSSF Circular 20/747 specifications.
As the CEDRS Module is implemented and deployed on Finologee’s Trusted Platform alongside the Finologee ‘PSD2 for Banks’ product, existing clients will be able to benefit from a substantial economy of scale when choosing Finologee as their provider for CEDRS compliance. New clients can benefit from the company’s significant experience in managing such implementations with its highly efficient processes, documentation and project management expertise. Finologee operates under a double Support PFS license by the Luxembourg regulator CSSF making this kind of outsourcing setup a straightforward process for Luxembourg-regulated banks.
KYC Manager enables Luxembourg’s regulated financial institutions to organise, update and manage customer data in a fully compliant hosted environment. It handles data mapping, fully digital update procedures (e.g. identity document retrieval), both legal and natural persons data and document management as well as several user journeys such as a full digital onboarding procedure. It serves a bank’s front and back office roles as well as the compliance department with custom access rights.
For a very quick time-to-market, should data aggregation for CEDRS compliance purposes be unavailable on the bank’s side, the KYC Manager product can be configured for data management and curation. The daily CEDRS file export from KYC Manager will be fully automated to allow for retrieval by the CSSF using Finologee’s secure API portal and platform.
Finologee is able to receive or retrieve reporting data (depending on client’s preference) from client banks using secure connections to the banks’ systems (existing PSD2 connectors, custom API, sFTP…); integrations and connections will be carried out using the proven deployment of Finologee’s ‘PSD2 for Banks’ product. Finologee is handling data mapping and formatting to meet the CSSF’s standards and API definitions based on rules defined with the banks and operated on their behalf under their responsibility, run consistency checks and make sure formatting requirements are met.
In addition to this, Finologee provides the encryption of the CEDRS file according to CSSF Circular 20/747 specifications and expose it on its secure API portal for the CSSF to retrieve using the same proven infrastructure (Trusted Platform) as for the ‘PSD2 for Banks’ product. Subsequent success and error response handling will be carried out according to the specifications and transmitted to the client – Finologee will assist the bank to handle corrections or apply modifications on its own systems.
This setup and expertise ensure an easy and custom implementation to fit each bank’s set up in terms of data management. On top, Finologee’s CEDR Module can retrieve data from different locations if the information required is not stored within a single system (custom implementation). Besides, Finologee can also provide its KYC Manager product to aggregate data or even to manage the encoding of required customer data that is available only on paper or scanned documents.
- Enrolment Management
- Key management (RSA, PGP, TLS certificate)
- Secure channel definition (encryption protocol)
- Day-to-day operations and maintenance
- Data mapping
- File compression
- Error handling
- Workflow management (notification, validation)
- Assistance & service
- Project management
- Customisation, testing, consistency checks
- Compliance validation
- Premium SLA