The Financial Sector Supervisory Commission (CSSF) has set out a wide range of supervisory priorities for the Luxembourg investment funds sector in 2026, announcing a deeper review of governance, third party risks, cyber resilience, liquidity management, valuation practices and costs for investors, as regulators respond to intensifying market and geopolitical uncertainties.
La CSSF that its priorities for 2026 are based on its annual assessment of the risks linked to the main threats weighing on investment funds and their managers, while taking into account the general economic and geopolitical context. The supervisory authority stressed that its program is in line with its fundamental mission, which is to preserve financial stability and protect investors, and is also based on the Union’s strategic supervisory priorities defined by the European Securities and Markets Authority (ESMA) as well as the 2026 work program of the International Organization of Securities Commissions (IOSCO).
The regulatory authority stressed that these priorities are not exhaustive and that they could still be adapted according to emerging risks and regulatory developments. She also clarified that, given current geopolitical tensions, specific risk monitoring aimed at monitoring the impact of these threats on the investment funds sector will continue throughout the year.
Risks related to governance and operations
Governance and operational resilience remain at the heart of the CSSF’s priorities for 2026, particularly with regard to the organizational structures of investment fund managers and the effectiveness of their internal control functions.
The regulator has indicated that follow-up work related to ESMA’s joint supervisory action on internal audit and compliance functions will be a priority in 2026. In addition, the CSSF plans to participate, in close coordination with ESMA and other national authorities competent authorities, to a new joint supervisory action during the second half of 2026, focused on the risk management function.
The CSSF also indicated that it would pay increased attention to third-party risk, an area which is becoming increasingly important as regulated companies rely more on external providers and delegation agreements. She referred to ESMA’s 14 Principles for Third Party Risk Supervision, published on June 12, 2025, which aim to foster a more consistent supervisory approach across the European Union (EU).
In this context, the CSSF plans to launch a study in 2026 on a sample of investment fund managers in order to assess whether they respect both the principles of ESMA and the requirements relating to delegation provided for by Circular CSSF 18/698. This analysis will aim to determine whether companies have integrated, within their general risk management processes, a comprehensive and effective operational framework for managing third-party risks.
Risks related to ICT and cybersecurity
Another major pillar of the surveillance program is technology and cyber resilience. The CSSF has warned that the increasing digitalization of the investment fund value chain exposes managers to increased risks linked to information and communication technologies (ICT) and cyber security.
Its response centers around the Digital Operational Resilience Act (Dora), with the regulatory authority having clearly indicated that the integration of Dora requirements into the supervisory work programs of investment fund managers constitutes a key priority for 2026. The CSSF has clarified that this would involve risk-based monitoring of how companies implement these requirements.
This monitoring will focus on the procedures and reporting systems put in place by fund managers to manage ICT-related risks. It will also take into account major ICT-related incidents reported to the regulatory authority under CSSF Circular 25/893, which deals with the reporting of major ICT-related incidents and significant cyber threats.
The focus on the Dora Directive demonstrates a more structured oversight initiative aimed at verifying whether operational resilience frameworks are fully integrated, rather than being viewed as a simple compliance exercise. For fund managers, this should mean greater scrutiny of technology systems governance, cyber threat preparedness, incident reporting and dependencies on third-party ICT.
Liquidity risks and credit risks
Liquidity management remains one of the primary regulatory concerns, especially as the market for open-ended private asset structures continues to evolve.
The CSSF recalled that, in its “Macroprudential policy considerations relating to investment funds” published on June 10, 2024, the liquidity mismatch had been identified as a major vulnerability of open-ended investment funds. In 2026, this concern will lead to further thematic reviews based on selected samples of investment fund managers overseeing open-ended private asset funds, including semi-liquid funds and open-ended European long-term investment funds (Eltifs).
The regulator said these reviews will look at the liquidity risk management processes implemented by these managers. Where funds have significant exposure to private debt, the reviews will also look at the credit risk management processes, including the provision of credit.
This is an important signal for managers operating under less liquid strategies. As semi-liquid and private asset structures gain momentum, the CSSF appears determined to verify whether repurchase conditions, asset liquidity, valuation assumptions and financing arrangements are being managed in an appropriate manner. consistent and careful.
Risks of spread
The CSSF also intends to closely monitor leverage and interdependence, which it had previously identified as points of vulnerability in the context of its work on macroprudential policy.
Given the geopolitical uncertainties and increased risks in financial markets, the regulator said it would continue targeted supervision of the risks associated with alternative investment funds and UCITS with high debt levels.
This priority reflects a broader concern that shocks can propagate more quickly in the funds industry, where leverage, funding linkages and concentration of exposures amplify tensions. Concretely, this means that highly leveraged structures are likely to be subject to increased scrutiny, particularly where market volatility could lead to repercussions on counterparties, financing channels or redemption requests from investors.
Asset Valuation Risks
Valuation remains one of the areas where prudential pressure is exerted most clearly and in a sustained manner. The CSSF indicated that in recent years it had increased its attention to valuation risk in the asset management sector, in a context marked by repeated crises, geopolitical and economic uncertainties, as well as strong growth in assets under management in alternative investment funds investing in less liquid or illiquid assets.
The regulator highlighted a series of past supervisory initiatives in this area, including feedback reports on supervisory exercises, separate reports and management letters to funds, as well as feedback communicated in its 2024 annual report following on-site checks. This history suggests that the CSSF considers valuation as an area where weaknesses can have direct repercussions on fairness to investors, liquidity management and market confidence.
In 2026, valuation will remain a key supervisory priority, including through on-site inspections focused on the valuation organization at investment fund managers and thematic sample reviews of open-ended private asset funds, including continuation funds.
Finance durable
The CSSF indicated that sustainable finance will continue to be subject to active surveillance. The regulator said it would apply a risk-based approach, combining on-site and remote monitoring, to assess the integration of sustainability risks into the organizational arrangements of investment fund managers. It will also verify the conformity and consistency of information relating to sustainability, in particular through portfolio analyses.
This seems to indicate that the CSSF continues to move away from a simple administrative formality in matters of disclosure towards a more in-depth examination aimed at verifying whether sustainability declarations correspond to internal processes, governance structures and the actual composition of portfolios. For managers, this increases the risk of dispute when the discourse on sustainability, product positioning and the reality of investments diverge.
Costs and Fees
Fees borne by investors remain at the heart of the CSSF’s concerns, with the regulatory authority reaffirming that its supervisory action in this area aims to ensure that fund managers act in the best interests of investors and to prevent undue fees from being passed on to funds and investors. final investors.
The supervisory authority underlined that this issue had already received particular attention in recent years, as evidenced by its annual reports and ESMA’s regular work on costs and performance, including the reports on the total costs of UCITS and FIA as well as on the costs and performance of EU retail investment products in 2025.
Based on data collected through fund self-assessment questionnaires and separate reports, the CSSF indicated that thematic reviews would continue in order to identify funds that deviate from the norm with regard to the overall level of costs and fees, as well as performance fees and transaction fees.
This reflects persistent regulatory pressure on pricing structures, which could prove difficult to justify given the performance of funds, their strategy or industry practices. Managers whose remuneration models stand out from the market could therefore be faced with a more direct challenge.
Risks linked to money laundering and terrorist financing
The fight against money laundering and terrorist financing will remain a fundamental supervisory priority in 2026.
The CSSF stated that it would continue its risk-based supervision in this area, while actively contributing to the development of international standards, notably through the IOSCO AML network, in order to promote supervisory convergence.
This shows that the regulatory authority does not consider financial crime controls as a simple compliance obligation, but as an essential element in maintaining the integrity of the Luxembourg financial center. For the funds sector, this translates into constant pressure on the governance, control and risk assessment systems linked to obligations in the fight against money laundering and terrorist financing.
For the Luxembourg investment funds sector, the year 2026 should not be marked by a single supervisory theme, but by a series of phased regulatory measures covering governance, resilience, pricing and risk management.
