LUX Banks: Maintain full control over your data while becoming CEDRS-compliant

The Luxembourg ‘Central Register Law’ (Law of 25 March 2020 establishing a central data retrieval system for bank, payment accounts and safe-deposit boxes) is implementing certain provisions of EU Directive 2018/8431 (the “5th AML Directive”) by establishing a central electronic data retrieval system (CEDRS), which enables the identification of any natural or legal person holding or controlling payment accounts, bank accounts identified by an IBAN and safe-deposits boxes in Luxembourg, in a timely manner. The CSSF Circular 20/747 published on 23 July 2020 contains the technical arrangements related to the application of the Law of 25 March 2020.

The system to be set up requires each financial industry professional that is in scope of the Law to create a file on a daily basis containing the whole client data set as defined by the regulator. The CSSF, in its capacity of ‘Central Repository Supervisor’, will access said file by means of a secure procedure to be able to carry out queries on these data sets.

To help banks comply within the tight timeframe set by the circular, Finologee has built a dedicated CEDRS module designed to help banks achieve full compliance with the CSSF Circular 20/747.

Finologee’s CEDRS Module includes three major parts that are required to manage end-to-end processes:

• A connection to the Regulator-CSSF: The API gateway is implemented as required by the Regulator and serves as connection endpoint with the CSSF;
• A connection to the Bank: Clients can alternatively choose to use their existing and enriched PSD2 connector, an SFTP access or any custom API to transfer account and safe-deposit box holders data;
• A data encryption process: With regards to this specific aspect, Finologee’s CEDRS Module can be customised to meet every client’s specific setup and requirements.
  • • As part of its “Reporting Gateway setup” Finologee offers a multi-platform software package to be installed on-premise, enabling the bank to map the data, encrypt and sign the file within its own environment – allowing the financial institution to remain in full control of its data.
    • Alternatively, the bank can choose to encrypt and sign the file using its own tools.

In both cases, the bank shares this file with Finologee which oversees handling of all interactions with the CSSF.

In this setup, data mapping and CEDRS file formatting and encryption remain under the bank’s responsibility. Finologee retrieves the encrypted file through the secure connection established with the bank and manage the entire workflow with the regulator by exposing it on our secure API portal for the CSSF to retrieve it. In order to assist the Bank with the file encryption and signature, Finologee can propose an on-premise module (Alternative 2).

Alternative 1 – SaaS model:

In this setup, data mapping and CEDRS file formatting and encryption remain the bank’s responsibility. Finologee retrieves the encrypted file through the secure connection established with the bank and manages the entire workflow with the regulator by exposing it on its secure API portal for the CSSF to retrieve it.

This setup allows will allow your bank to become compliant in record time as SaaS solutions can be implemented in less time compared to in-house solutions.

Alternative 2 – On-premise model:

In this setup Finologee supports the deployment of an integration module on-premise. This “integration module” is an application responsible for the preparation of the encrypted file in the expected CSSF format based on the set of data prepared by the client. The integration module deployed on-premise will perform the data mapping, pre-validate the file contents and encrypt the file. The on-premise module will also handle errors coming through pre-validation process and fetch errors coming after CSSF feedback.

This setup is the best solution if security compliance of your enterprise does not allow third party hosting and you want to remain in full control of your data.

Finologee’s on-premise CEDRS module can be deployed in various existing infrastructures and Finologee can provide the module in different forms:

• Docker images: The application can be retrieved through a secured access to the Finologee’s registry. The docker images can be run in any environment that supports docker containers (Windows, Linux, Kubernetes, Docker compose, Docker Swarm…).
• Windows installation package: The application package is provided as a windows executable that will install the service to the Windows Service Controller.
• Unix/Linux service: The application package is provided by Finologee through a secured channel and can be deployed on premise on an Unix environment as a service.

SaaS models have many advantages over on-premises solutions, including low upfront costs, scalability, and little participation from the internal IT staff. However, the cloud-computing technology might not be the most suitable option for banks that want complete control over their information and data and plan on deeply customising the software.

Get in touch and let us help you make a more informed decision while evaluating On-premise vs. SaaS (Software-as-a-Service) CEDRS compliance solution.

Finologee can provide a fully outsourced and compliant technical gateway enabling banks to share account and safe-deposit box holder data with the CSSF to finalise this implementation that applies to all banks. Deployment is done strictly in accordance with CSSF Circular 20/747 specifications. We have executed a thorough analysis of the Circular 20/747 and are working in close collaboration with the regulator, CSSF, to have first-hand information on the API.

We believe that our company’s expertise in developing and operating critical financial systems in a Software or Platform-as-a-Service mode, as well as our track-record with deploying similar products over the last 15 years may be considered as strong asset when evaluating our ability to meet your needs and expectations in  a highly qualitative and timely manner.