Limit search to:

Our way to a successful transition

New Circular 22/806 from the Commission de Surveillance du Secteur Financier (CSSF)

On April 22, the Commission de Surveillance du Secteur Financier (CSSF) has published the Circular 22/806, followed by a Q&A Webinar held on June 8, highlighting the key changes.

While general requirements have been updated, ICT requirements are only a collection from several older circulars. In essence, those rules describe the internal governance requirements for planning, implementing, monitoring and managing outsourced activities.

During the Webinar the CSSF pointed out that although all entities are required to fully comply, the principle of proportionality (e. g. size of the company, nature of activity) is always carefully applied.

Key changes at a glance

  • Introduced principle of proportionality
  • Extended scope to all supervised entities
  • Assessment of critical and important functions
  • Outsourcing authorization has been dropped, prior notification is sufficient
  • Requirements for a formal register, a policy and a dedicated outsourcing function

The new circular is based on the EBA recommendations from 2019

The circular is part of the European convergence in financial supervision. In February 2019, the European Banking Authority (EBA), had issued its recommendations on outsourcing arrangements (EBA/GL/2019/02).

The CSSF highlighted during the webinar that the current circular has been amended to include further guidance and to take into account national specifics, and that it should not be regarded separately, but rather in correlation with other guidelines.

The scope has been extended to almost all supervised entities

Originally, the EBA guidelines were intended to apply only to credit, payment and electronic money institutions, whereas the CSSF has chosen to extend their scope to other categories of supervised entities. However, in most cases branches of EEA credit institutions are usually out of scope.

Timing and setting the right priorities are critical to ensure full compliance given time constraints

We have developed a structured approach to achieve full compliance prior to the implementation of the circular. Our approach focuses on identifying all active and planned outsourcing projects at the earliest possible stage. This enables you to inform your service providers in the required time frame. Without good cooperation with your service providers, the review and update of all active outsourcing contracts will not be possible in time.

The deadline for full compliance depends on the status of your outsourcing

  • From June 30, 2022, all outsourcing agreements entered into, under review, or amended must be fully compliant
  • By December 31, 2022, the review and update of all existing outsourcing arrangements should be finalized 
  • The CSSF announced that a template for a preliminary notification will be published shortly

Learn more

Data & AI

Those who correctly evaluate and use their data know their customers better, anticipate needs and opportunities for new services and products, and recognize market changes and risks in time.


insurance companies must be much more consistent in their focus on customer needs and keep pace with agile competition. Hence, it is important to realize your growth potential in this challenging environment and transform yourself into an integrated financial services provider using today's technology.

News & Eraneos Insights

We have compiled reports on our projects, interesting facts from the various competence and customer areas as well as information about our company for you here.

We use cookies to provide you with an optimal user experience. By continuing to use our website, you consent to the use of cookies. Please consult our privacy policy if you wish to learn more about this.