Last updated
CSSF Chapter 15 Management Company Authorisation in Luxembourg: Application and Substance Guide
Direct answer
Use CSSF Chapter 15 Management Company Authorisation in Luxembourg: Application and Substance Guide when a CSSF-facing question needs a structured file rather than a loose policy summary. It explains understanding the Luxembourg regulatory obligation, supervisory evidence, internal ownership, and escalation points in CSSF Chapter 15 Management Company Authorisation in Luxembourg: Application and Substance Guide, then shows how to map the controlling rule, prepare board or compliance evidence, and know when a CSSF-facing specialist should review the file. The later sections connect quick scan, official sources used, and start with the chapter 15 perimeter so the next step is easier to judge. Read it before assigning owners or responding to a supervisory request, so the evidence file matches the regulatory question.
The CSSF Chapter 15 authorisation page states that Articles 101 to 124 of the 2010 Law establish the requirements for authorisation, that capital must be at least EUR 125,000 and fully paid up in cash, that appropriate Luxembourg infrastructure is required, and that the application file must include information on shareholders, capitalisation, bodies and dirigeants, structure and organisation, delegated activities and controls.
This guide is for founders, fund groups, existing IFMs, boards, dirigeants, compliance officers, risk managers, operations teams and advisers preparing a Chapter 15 management company application. It is not legal advice. Source check date: 20 May 2026.
Quick scan
- Check the Chapter 15 perimeter, including any Article 101(3) services, before building the file.
- Gather capital, shareholding, dirigeants, infrastructure and delegation evidence in separate workstreams.
- Verify that Luxembourg substance, depositary independence and operating readiness are documented, not assumed.
- Save the budget, programme of activities, change register and board approvals in one archive.
- Stop filing if the applicant cannot evidence readiness to operate after authorisation.
| Control question | Why it matters | Evidence to keep |
|---|---|---|
| Legal form and capital | The CSSF page sets legal form and capital expectations | Draft articles, cash-paid capital evidence and own funds model |
| Luxembourg infrastructure | The ManCo must perform and oversee activities from Luxembourg | Office, staff, systems, procedures and control map |
| Dirigeants | At least two dirigeants and suitable bodies are core evidence | CVs, declarations, contracts, availability and responsibility split |
| Delegation oversight | Delegation does not remove ManCo accountability | Delegatee list, contracts, controls and reporting |
Official sources used
- CSSF: Authorisation of a management company - Chapter 15
- CSSF: Management Companies - Chapter 15
- CSSF: Circular CSSF 18/698
- CSSF: Circular CSSF 11/512
- CSSF UCI authorisation guide
- CSSF UCI reporting guide
Start with the Chapter 15 perimeter
The application should identify whether the management company will provide only collective portfolio management or also services under Article 101(3), such as discretionary management, investment advice or safekeeping and administration of units where relevant. This perimeter affects capital, organisation, conduct rules, investor-compensation participation and operating controls.
The file should identify expected UCITS or other UCIs, delegation model, distribution countries, administration activities and whether the company seeks authorisation as UCI administrator. A perimeter memo prevents the application from becoming a generic ManCo file that does not match intended services. The memo should also identify activities outside scope so future teams do not assume implied permissions.
Legal form and registered shares
The CSSF page lists permissible legal forms and states that capital must be represented by registered shares. The file should include draft articles and explain why the selected form fits ownership and governance. Legal form affects governance, shareholder rights, capital increases, transfers, board structure and group control.
The application should also show that incorporation happens only after CSSF authorisation where applicable, as the CSSF page states applications must be filed prior to incorporation and incorporation can only take place after notification of authorisation. The project timeline should therefore separate drafting, CSSF filing, authorisation, incorporation and activity start. This sequencing prevents commercial pressure from overtaking regulatory order.
Capital and own funds controls
The CSSF page states that authorisation requires share capital of at least EUR 125,000, fully paid up in cash, and that contributions in kind or loans are generally not permitted at constitution or subsequent capital increases. The file should include bank evidence, source of funds, capital plan, own funds calculation, operating-expense forecast and treatment of additional own funds where assets under management require it.
If the applicant intends to rely on a permitted guarantee for part of additional own funds, the draft guarantee and provider eligibility should be evidenced. Own funds must remain continuously available to the management company and invested in its own interest. The file should therefore explain treasury policy and prohibition of shareholder financing use. Capital evidence should be operational after authorisation, with monitoring owner and board reporting.
| Readiness question | What the file should prove | Evidence to keep |
|---|---|---|
| Is the perimeter precise? | The services, Article 101(3) activities, UCI administration role and delegated activities are named clearly | Perimeter memo, programme of activities and board approval |
| Is capital usable after authorisation? | Paid-in cash, own funds and treasury rules support the supervised activity | Bank evidence, own funds calculation, forecast and treasury policy |
| Is Luxembourg substance real? | People, systems, procedures and records allow local control of the ManCo and delegatees | Organisation chart, job descriptions, procedure inventory and oversight logs |
| Are dirigeants credible and available? | Senior managers can effectively direct the company and cover their responsibilities | CVs, declarations, mandate list, responsibility split and availability evidence |
| Can delegation be supervised? | Outsourcing improves execution without moving accountability away from the ManCo | Contracts, due diligence, reports, incident logs, reviews and exit plans |
Luxembourg infrastructure and substance
The CSSF page requires appropriate infrastructure in Luxembourg for envisaged activities, including administrative and accounting procedures, control and safeguard arrangements for electronic data processing and internal control mechanisms. The application should describe office, staff, systems, policies, procedures, accounting, IT, records, controls, business continuity and supervisory infrastructure. If activities are delegated, infrastructure must still allow continuous control of delegatees.
A small management company can be proportionate, but proportionality does not mean empty. The file should prove that Luxembourg personnel can understand, challenge and monitor the activity. Infrastructure evidence should include organisation chart, job descriptions, systems access, reporting lines and procedure inventory.
Shareholders and qualifying holdings
The CSSF page requires communication of direct and indirect shareholders or members with qualifying holdings and states that they must have requisite qualities for sound and prudent management. The ownership file should include group presentation, organisation chart, beneficial owners, regulatory authorities of supervised entities, audited accounts or balance-sheet evidence and qualifying holding analysis. Transparency should allow prudential supervision to be exercised unhindered and effectively.
A complex ownership chain should be explained in plain language, with control rights, funding and governance influence visible. Changes in shareholding after authorisation should be captured in a regulated-change register.
Professional standing and dirigeants experience
The CSSF page states that natural and legal persons in relevant bodies, dirigeants and qualifying shareholders must have adequate professional standing. It also states that dirigeants must effectively determine the direction of the company and have adequate senior experience. Evidence includes declarations of honour, identity documents, CVs, police records where available, legal-person documents, annual reports, responsibility split and availability arrangements.
A minimum of two dirigeants is required, and the application should describe their areas of responsibility and experience. If dirigeants work for several companies, proof should show that they can fulfil all tasks at all times. The file should not only submit biographies; it should explain why each person fits the specific ManCo model.
Independence from depositary
The CSSF page states that the principle of independence of the management company from the depositary bank of UCITS or UCIs under management implies that dirigeants of the management company cannot be employees of the depositary bank. The file should include employment and mandate checks, conflict analysis, group relationship review and depositary independence confirmation. Independence should also be considered operationally.
Even where employment independence is clear, commercial or group dependencies should be understood. The board should know how depositary interactions are governed and how disagreements are escalated. This control protects investor interests because management and depositary oversight roles must not collapse into one dependent structure.
External audit and SIIL participation
The CSSF page states that annual accounting documents must be audited by approved statutory auditors with adequate professional experience. It also states that management companies providing discretionary management services under Article 101(3) must participate in SIIL. The application file should include auditor selection, independence, experience, engagement scope, audit calendar and board approval.
If Article 101(3) services are in scope, SIIL participation should be addressed explicitly, with responsibility and evidence. Audit and investor compensation should be integrated into operating readiness, not left as post-authorisation administration. The board should understand how these obligations affect budget, policies and client communication.
Programme of activities and three-year budget
The CSSF page requests a programme of activities, reasons for establishing business in Luxembourg and provisional three-year budget. The programme should describe services, target funds, distribution network, internal activities, delegated activities, staff, systems, controls and growth assumptions. The budget should be realistic. It should include staff, systems, office, audit, compliance, risk, legal, delegation oversight, reporting, insurance and contingency costs.
A budget that shows profitability but underfunds control functions is weak evidence. The board should approve the business plan as an operating plan, not only as commercial forecast.
Delegation and delegatee controls
The CSSF page asks for detailed description of activities performed internally and those delegated to professionals, with list of delegatees, draft contracts and controls performed on delegatees. The file should include delegatee due diligence, regulatory status, contracts, service levels, reporting, monitoring, onsite or remote reviews, incident handling and exit plans. Delegation should be mapped to each UCI or service. A generic list does not prove control.
Controls should be proportionate but real. A monthly report nobody reads is not oversight. Delegatee oversight should feed board reporting and internal audit where relevant.
Risk management method
Article 42(1) of the 2010 Law requires a risk management method, and the CSSF page points to CSSF Regulation 10-04, Circular 18/698 and Circular 11/512. The application should include risk policy, risk measurement, permanent risk management function, reporting, escalation, stress testing, derivative controls, liquidity and valuation interfaces. The risk method should match the UCIs to be managed.
A plain equity UCITS and a derivatives-heavy strategy require different evidence. The management company should also have a process to update the risk management method after new funds, new strategies or significant changes. The internal CSSF UCITS risk management guide can support deeper process design.
Administration and accounting procedures
A management company needs sound administrative and accounting procedures. The file should show how company accounting, UCI administration oversight, regulatory reporting, records and financial controls work. If the management company performs UCI administration, the application must include the relevant information under CSSF forms. If administration is delegated, oversight controls must still be described. Accounting procedures should include segregation, reconciliation, access controls, approval limits and board reporting.
Weak accounting controls can affect capital monitoring, reporting, budgeting and supervision.
Distribution network and client base
The CSSF page asks for information on distribution network: countries of distribution, intermediaries and target client base. The file should identify distribution jurisdictions, intermediaries, target investors, product governance, due diligence, marketing controls, complaints route and investor communication. Distribution should align with fund documents and regulatory notifications. A ManCo cannot allow distribution plans to outpace legal and operational readiness. Intermediary oversight should be documented.
The management company should know who sells or makes funds available and what controls exist. Target client base matters because investor protection controls differ for retail, professional and well-informed investors.
Common Chapter 15 failure patterns
The first failure pattern is underestimating substance. The applicant has documents but not enough people, systems or local control. The second is weak dirigeant availability. Senior people are named but cannot prove sufficient time. The third is delegation overreach. Too much is delegated without a credible oversight model. The fourth is capital planning weakness. The application meets initial numbers but lacks ongoing own funds governance.
The fifth is inconsistent service scope. The company seeks broad services without matching conduct, SIIL, systems and staff evidence.
Application control map
Before filing, convert the Chapter 15 application into a control map that the board and project owner can read quickly. The map should show the authorisation sequence, paid-in capital evidence, dirigeants, delegatees, conflicts, conduct controls, financial information owner, and post-authorisation change register.
Each item needs four fields: owner, evidence, current status, and next decision. That is enough to expose weak points without repeating the same control language across every topic.
| Control area | Evidence to keep | Question before filing |
|---|---|---|
| Application sequencing | Timeline from draft, filing, CSSF review, authorisation, incorporation and activity start | Can the board explain what must happen before activity begins? |
| Capital and own funds | Bank confirmation, shareholder funding, source-of-funds analysis, own funds forecast and treasury policy | Are funds available for the supervised activity rather than only documented on paper? |
| Dirigeant responsibility | Responsibility matrix, availability evidence, mandate list and board approval | Does each senior person have enough time and a clear area of accountability? |
| Delegatee supervision | Delegatee inventory, due diligence, contracts, reporting, KPIs, meeting minutes and exit plans | Can the ManCo prove effective oversight of outsourced activity? |
| Conflicts and conduct | Conflict register, procedures, training, monitoring, client communication controls and complaint routing | Do policies identify real conflicts and conduct risks rather than broad intentions? |
| Financial information and changes | Named finance owner, reporting pack, capital monitoring, budget updates and change register | Will shareholder, capital, delegatee, service or activity changes be screened before implementation? |
The file should separate facts, judgement and open dependencies. Facts name the entity, people, roles, systems, capital, delegatees, products and controls. Judgement explains why the applicant considers each requirement met. Open dependencies identify what must still happen before the activity begins.
The management body should receive the conclusion in plain language. If the board cannot explain why the applicant is ready, the package is not yet an institutional decision; it is only a technical filing.
Scenario: ManCo providing only collective management
A ManCo limited to collective management should still prove a complete operating model. The narrower scope does not remove the need for capital, infrastructure, dirigeants, risk management, delegation oversight and conflict controls. The file should explain which UCIs are expected, what internal functions exist and which functions are delegated. The budget should match the activity. A collective-management-only model can be lean, but it cannot be empty.
The board should understand how the ManCo monitors funds, service providers, risk and investor-facing obligations. A narrow scope should be an intentional design choice, not a way to avoid documenting substance.
Scenario: ManCo adding Article 101(3) services
When discretionary management, investment advice or related services are included, the control perimeter changes. Conduct rules, capital requirements and SIIL participation may become relevant. The file should identify services, target clients, staff competence, systems, conflicts, suitability or advisory controls where applicable, complaints and investor-compensation implications.
The CSSF page specifically notes SIIL participation for management companies whose authorisation covers Article 101(3) services and that therefore provide discretionary management services. A service-expansion plan should not be filed as a small add-on if it changes staffing, systems, client communication or capital adequacy. The board should approve service expansion with a risk and resource memo.
Scenario: existing group converts to Luxembourg ManCo
A group converting activities into a Luxembourg ManCo should map legacy functions to local controls. Existing group policies may be useful but need local adaptation. The file should identify which policies are adopted, which are amended, which local procedures are new and who owns local implementation. Substance should be demonstrated with Luxembourg staff, decision rights, systems access and oversight evidence.
The application should explain why the group structure allows effective CSSF supervision. A group conversion often fails when the project copies policies but does not prove local operating capability.
Scenario: dirigeant availability challenge
A dirigeant who works for several companies must prove availability. The CSSF page asks for proof that each such person can fulfil tasks at all times. The file should include mandate lists, employment contracts, time allocation, backup arrangements, crisis availability and responsibility split. Availability should be tested against actual workload: funds under management, delegatees, committees, reporting, incidents, investor issues and CSSF correspondence.
The board should not accept ceremonial availability. The dirigeant must be able to direct and control. If a dirigeant's other roles change, the ManCo should reassess availability as a new fact.
Scenario: UCI administration performed internally
If the ManCo intends to perform UCI administration, the application should include the relevant information required under CSSF forms for authorisation as UCI administrator. The file should show accounting, NAV calculation, transfer agency, investor register, reconciliation, reporting, systems, controls, staffing and segregation. Administration capability should be tested with sample NAV and investor workflows. The ManCo should identify what remains internal and what is supported by vendors.
Internal administration can strengthen control if properly resourced, but it can create serious risk if treated as a side function.
Scenario: distribution network expansion
The CSSF page asks for countries of distribution, intermediaries and target client base. A ManCo should therefore treat distribution as a supervised operating topic. The file should identify distributors, due diligence, agreements, marketing controls, target investors, complaint routing and jurisdiction monitoring. Distribution expansion after authorisation should be screened against fund documents, notification requirements and ManCo oversight capacity. The board should receive distribution oversight reporting, including incidents and complaints.
A ManCo that cannot explain who distributes its funds and to whom has a weak investor-protection control.
Scenario: conflict between ManCo and group distributor
A group distributor can create conflicts if commercial targets pressure product governance, investor communication or complaint handling. The ManCo should map the conflict, define oversight, approve marketing materials where relevant, monitor complaints and maintain escalation independence. The conflict policy should include real examples from the group's model, not only generic categories. Board reporting should include distribution conflicts and remediation.
This scenario tests whether the ManCo acts as investor-protection control or simply supports group sales.
Scenario: IT platform operated by group
A group-operated IT platform should be documented as a dependency. The ManCo needs access controls, incident reporting, data protection, business continuity and oversight of the group provider. The file should describe systems used for portfolio oversight, risk, compliance, accounting, reporting, document management and investor records. DORA and ICT resilience considerations should be mapped where relevant.
The ManCo should preserve local ability to obtain records and evidence during inspection or incident. A group IT dependency is acceptable only if local governance understands and controls the risk.
Scenario: first year after authorisation
The first year after authorisation should have a heightened control calendar. The ManCo should test whether application promises are functioning in practice. The calendar should include board meetings, compliance monitoring, risk reports, delegatee reviews, capital monitoring, audit planning, reporting deadlines, conflict reviews and policy attestations. Any gap between application design and live operations should be logged and remediated.
The first annual review should compare actual staffing, budget and activity against the application business plan. This review closes the loop between authorisation and continuous supervision.
Questions before submitting the Chapter 15 file
- Can the applicant explain why the chosen legal form, capital plan and shareholder structure allow sound and prudent management?
- Can the two dirigeants explain their responsibility split, time commitment, availability and escalation route without relying on external counsel?
- Can the ManCo show which activities are internal, which are delegated and how delegatees are controlled?
- Can the company prove that its Luxembourg infrastructure exists or will exist before activity begins, including systems, records, staff and procedures?
- Can the board identify which obligations change if Article 101(3) services are included?
Evidence archive for Chapter 15 authorisation
The archive should include legal form, draft articles, capital evidence, own funds model, shareholders, dirigeants, organisation, infrastructure, programme of activities, budget, delegatees, risk method, conflicts, conduct, audit, SIIL and distribution. Each folder should identify source, owner, status, review date and CSSF submission relationship. The archive should include all assumptions behind the three-year budget. Cost assumptions for control functions, systems and delegation oversight should be visible.
The ManCo should keep a post-authorisation action log. Some controls begin immediately after approval, and evidence should not be lost between filing and live operations. A good archive makes the first inspection easier because the ManCo can show how authorisation facts became operating controls.
Red flags that should pause filing
Pause filing if dirigeants are named but availability is not evidenced. Pause filing if delegatee contracts are draft but oversight procedures assume final service levels. Pause filing if the budget depends on unrealistically low control costs. Pause filing if distribution plans are broad but intermediary oversight and target-client controls are thin. Pause filing if risk management method is generic and not mapped to the UCIs the ManCo expects to manage.
First 100 days after Chapter 15 authorisation
The first 100 days should activate board reporting, capital monitoring, risk process, delegatee reviews, compliance monitoring, distribution oversight and reporting calendars. Management should compare live staffing and systems against the authorisation file. Gaps should be documented and remediated. The ManCo should test one complete fund oversight cycle: NAV or administration oversight, risk report, delegatee report, board escalation, compliance review and investor communication route.
If Article 101(3) services are included, conduct and SIIL-related controls should be operational before services begin. The board should receive a first-100-days implementation report that shows whether authorisation promises are live.
How fund sponsors can use Chapter 15 authorisation discipline
A fund sponsor selecting a Chapter 15 ManCo can use the authorisation logic as a due diligence framework. Ask about dirigeants, infrastructure, delegation oversight, risk method, distribution controls and service-provider monitoring. A large brand is not enough. The ManCo should be able to explain how it oversees the specific fund strategy and investor population.
Sponsors should ask how the ManCo handles changes: new compartments, new delegatees, new distribution markets, investment policy changes and service-provider incidents. The best ManCo relationship is transparent. The sponsor understands which decisions the ManCo owns and which evidence it needs. This protects both sides: the sponsor gets a credible platform, and the ManCo protects its supervised responsibilities.
Application file quality checklist
The Chapter 15 quality checklist should verify that the legal form, capital evidence, shareholding chart, beneficial ownership, dirigeants, contracts, availability evidence, organisation chart, infrastructure description, budget and programme of activities all align. The reviewer should compare internal activities and delegated activities. If an activity is delegated, the delegatee, contract, oversight control and reporting line should be visible.
The checklist should verify that Article 101(3) services are either clearly out of scope or fully supported by conduct, capital and SIIL analysis where relevant. The reviewer should test whether CSSF source references are current and whether internal policies cite the right law, circular or procedure. The final checklist should be signed off before filing and archived with the application.
It becomes evidence that the ManCo controlled file quality before approaching the CSSF.
Standing governance after approval
After authorisation, the management company should maintain a standing governance calendar for own funds monitoring, board meetings, risk management method review, compliance monitoring, delegatee reviews, conflict register review, audit planning, distribution oversight and reporting deadlines. The calendar should also include review of dirigeants' availability and mandate changes. A person who was available at authorisation may become overcommitted later.
The ManCo should keep a regulated-change register for shareholders, dirigeants, delegatees, Article 101(3) services, administration activities, distribution countries, capital changes and major system changes. Management should compare actual first-year operations with the three-year budget and programme of activities. Differences should be explained and, where relevant, remediated. This turns the authorisation file into a living supervisory control rather than a historical archive.
Management body briefing note
Before a Chapter 15 application is submitted, the management body should receive a briefing note covering legal form, capital, own funds, shareholders, dirigeants, infrastructure, delegated activities, risk method, distribution network, Article 101(3) scope and first-year governance calendar. The note should identify which controls are already operational and which become operational only after authorisation. Conditional items should have owners and deadlines.
The briefing should also explain the consequences of the scope selected. Collective management only, discretionary management services, UCI administration and distribution oversight do not create the same control burden. The management body should record challenge in minutes. Questions about capital, dirigeant availability, delegation, systems or distribution are not delays; they are evidence of prudent governance. The briefing note becomes the bridge between application drafting and live supervision.
It helps future directors understand what the CSSF-facing operating model promised.
Operational evidence that should exist before activity starts
Before activity starts, the ManCo should be able to show final policies, signed service-provider agreements, live systems access, staff onboarding, board calendar, risk reporting calendar, compliance monitoring plan, capital monitoring file and escalation contacts. It should also show how records will be kept and retrieved.
A management company cannot supervise effectively if key documents sit in adviser inboxes, group folders with unclear access or service-provider portals without local ownership. The first live fund or mandate should have a dedicated readiness confirmation. That confirmation should state that the ManCo understands the fund documents, risk profile, delegatees, reporting obligations, investor communication route and depositary interaction.
If any readiness item is incomplete, the management body should decide whether activity can start with interim controls or must wait. This discipline keeps the gap between authorisation and operation narrow. The CSSF authorises an entity that can operate, not a project that will work someday. The readiness confirmation should be repeated when the ManCo materially expands activity.
A first UCITS, first Part II UCI, first delegated portfolio manager, first new distribution market or first Article 101(3) service can each change the evidence needed for safe operation.
Practical next steps
- Gather a Chapter 15 perimeter memo before completing the application.
- Check services, target UCIs, Article 101(3) activities, administration activity, distribution countries and delegatees against that memo.
- Build evidence workstreams for legal form, capital, shareholders, dirigeants, infrastructure, risk method, delegation, conflicts, conduct, audit, SIIL and reporting.
- Ask the board to approve substance and readiness, not merely application filing.
- Run a consistency review across articles, business plan, budget, organisation chart, delegatee contracts, risk policy, distribution plan and CSSF forms before submission.
- Stop and escalate if the file still depends on draft assumptions about substance, dirigeants availability or delegatee oversight.