CoSec and Regulators

Regulatory sanctions do not always stem from complex control failures, sometimes they arise from missed fundamentals.


The CSSF sanction against Premium Capital Management AIFM illustrates how a routine supervisory obligation—the annual AML/CFT questionnaire—can result in enforcement action when governance workflows break down, despite reminders and supervisory engagement. In this context, a proactive Company Secretary (CoSec) can play a decisive supporting role in preventing such lapses through disciplined governance practices, document stewardship and structured follow-up.

Lessons from the Premium Capital Management case

Premium Capital Management failed to submit its 2024 financial crime questionnaire by the 4 April 2025 deadline, notwithstanding two CSSF reminders and the opportunity for further clarification through supervisory interaction. The CSSF ultimately imposed a €10,000 administrative fine under Article 5(1) of the AML/CFT Law for failure to cooperate with the supervisory authority.

The questionnaire itself is not a complex exercise. It is a recurring, structured document intended to provide the CSSF with visibility over an AIFM’s AML/CFT framework, risk assessment, governance and key metrics. The case therefore highlights not a lack of technical AML expertise, but a breakdown in coordination, ownership and escalation—areas where governance support functions are critical, particularly in smaller or leanly resourced AIFMs.

Governance rather than speculation

The CSSF decision does not elaborate on the underlying operational reasons for the non-submission, and it would be inappropriate to speculate. What is clear, however, is that the authority expects supervised entities to respond promptly to formal requests, reminders and supervisory engagement, regardless of size or business complexity.

From a governance perspective, the case underscores that non-submission itself—rather than the content of the questionnaire—was the issue. This is precisely the type of risk that good governance structures are designed to mitigate.

The CoSec as a governance enabler, not a substitute

In Luxembourg AIFMs, the CoSec does not replace the MLRO/RC, compliance function or conducting officers. Instead, the CoSec supports them by ensuring that regulatory obligations are embedded into repeatable, visible and documented processes.

In cases like Premium Capital Management, the CoSec’s role is fundamentally supportive and preventive:

• ensuring that regulatory requests are identified early,

• that responsibility for completion is clearly assigned,

• and that silence, delay or ambiguity does not persist without escalation.

Even where compliance content must come from management or the MLRO, the CoSec can ensure that process failure does not become a regulatory breach.

CoSec as archive, coordinator and continuity function

One often underestimated CoSec function is acting as the institutional memory of the AIFM. This includes maintaining an organised archive of:

• prior AML/CFT questionnaires and submissions,

• CSSF correspondence and reminders,

• board approvals, acknowledgements and follow-ups.

In practice, this allows the CoSec to quickly retrieve prior-year submissions, generate working drafts based on existing information, and support management in responding efficiently—even under time pressure. While final responsibility remains with the AIFM, this continuity materially reduces the risk of missed or delayed submissions.

Practical tools and measures that could prevent similar situations

Through appropriate governance tools and routines, a CoSec can materially reduce the likelihood of “Premium-type” sanctions:

• Regulatory calendar ownership: maintaining a central calendar of CSSF obligations (including annual questionnaires), with deadline-based alerts and escalation protocols following reminders.

• Draft facilitation: preparing initial draft questionnaires based on prior submissions and known updates, allowing MLROs and compliance officers to focus on substance rather than structure.

• Reminder escalation: ensuring that CSSF reminders are logged, tracked and, where unanswered, formally escalated to senior management or the board chair.

• Meeting coordination: promptly organising internal alignment calls or extraordinary board discussions when supervisory pressure increases, with minutes evidencing responsiveness.

• Submission evidence: archiving proof of submission, correspondence and board awareness to demonstrate cooperation during future inspections.

Embedding cooperation into board-level governance

The CSSF consistently emphasises cooperation as a core supervisory expectation. A CoSec can embed this principle into board governance by integrating regulatory responsiveness into routine oversight, for example through:

• periodic “regulatory obligations” dashboards,

• standing agenda items on pending supervisory requests,

• and formal confirmation of completed submissions.

This transforms regulatory compliance from an informal task into a visible governance responsibility, reducing the risk that routine obligations are overlooked amid competing operational priorities.

Turning routine compliance into regulatory resilience

The Premium Capital Management decision is a reminder that sanctions do not always reflect sophisticated failings—sometimes they reflect the absence of structure. By acting as a governance anchor, process coordinator and documentation steward, the CoSec helps ensure that routine regulatory obligations are treated with the same discipline as strategic decisions.

Handled correctly, CoSec support does not dilute accountability—it reinforces it, helping AIFMs demonstrate cooperation, control and credibility in their relationship with the CSSF.