CSSF 2026 Supervisory Priorities: What investment fund managers in Luxembourg need to know
On 31 March 2026, the CSSF published its supervisory priorities for the investment fund sector. Aligned with ESMA's Union Strategic Supervisory Priorities and the IOSCO 2026 Work Program, the message is consistent: the expectation has shifted from awareness to demonstrable implementation.
The 2026 agenda does not introduce new topics but rather intensifies scrutiny in areas where the framework is mature and implementation gaps remain.
1. Governance and Third-Party Risk
The CSSF will follow up on ESMA's CSA on internal audit and compliance functions, and launch a new CSA on the risk management function in H2 2026. A dedicated sample-based study will assess Investment Fund Managers’ (IFM) compliance with ESMA's 14 principles on third-party risk supervision and the delegation requirements under Circular CSSF 18/698
2. ICT and Cyber Risk (DORA)
DORA compliance is now firmly embedded in IFM supervisory programmes. The CSSF will monitor implementation quality on a risk-based basis, focusing on ICT risk management procedures, incident response frameworks, and major incident notifications under Circular CSSF 25/893. Firms whose DORA processes exist on paper rather than in practice are likely to face increased scrutiny.
3. Liquidity Risk, Credit Risk, and Interconnectedness
Liquidity management is receiving heightened attention, particularly for semi-liquid funds and open-ended ELTIFs. Thematic, sample-based reviews will cover liquidity risk management processes and credit risk management, for funds with private debt exposure. The selection and operational implementation of liquidity management tools (LMTs) by open-ended fund managers will also be assessed. Separately, the CSSF will continue monitoring AIFs and UCITS with elevated leverage, reflecting structural vulnerabilities identified in its macroprudential framework.
4. Asset Valuation
Valuation governance remains a sustained priority. On-site controls will focus on the valuation organisation of IFMs, with thematic reviews of open-ended private asset funds including continuation funds. Correct implementation of Circular CSSF 24/856 — covering NAV calculation errors and investment rule breaches — will be actively monitored.
5. ESG, Costs, and Investor Protection
The CSSF's sustainable finance programme covers both the integration of sustainability risks into IFMs' organisational arrangements and the consistency of sustainability-related disclosures, including portfolio-level analyses. On costs, thematic reviews will continue to identify fund outliers on overall fee levels, performance fees, and transaction costs. Investor protection and the principle of avoiding undue costs remaining central to supervisor.
How Fenion can support you
Fenion is a DORA-compliant and ISO 27001-certified partner, supporting investment fund managers in building resilient, secure, and regulatory-ready operating frameworks.
Get in touch to discuss how we can support your regulatory readiness.
