Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS Luxembourg
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
Capital Markets | Strategic outlook on 2024 insights, recent developments and 2025 horizons
CMS News
Stay up to date with our growth, evolution and our many successes.
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Publication

Customer Due Diligence measures – Key changes you need to know

17 Jun 2026 Luxembourg 3 min read

The Anti-Money Laundering Regulation (AMLR) introduces several important changes to Customer Due Diligence (CDD) requirements. These updates expand the scope of trigger events, deepen the level of information required, and reinforce compliance obligations for obliged entities.

New trigger events for CDD measures

Under the AMLR, the situations triggering CDD measures have been broadened. These include, among others:

  • Any occasional transaction of at least EUR 10,000, compared to EUR 15,000 under the current regime.
  • Participation in the creation of legal entities, including:
    • the setting up of a legal arrangement; or
    • for auditors and legal professionals, participation in the transfer of ownership of a legal entity, regardless of the transaction value.
  • Suspicion of money laundering or terrorist financing, irrespective of applicable thresholds, derogations, or exemptions.
  • The existence of doubts regarding:
    • the veracity or adequacy of previously obtained customer identification data; or
    • whether the person interacting with the obliged entity is indeed the customer or a person authorised to act on their behalf.
  • Any occasional cash transaction of at least EUR 3,000 (whether carried out as a single operation or through linked operations), which triggers an obligation to identify and verify both the customer and the beneficial owner.

Looking ahead, further clarification is expected through Regulatory Technical Standards (RTS) under Article 19(9) AMLR, which will define criteria for identifying business relationships, occasional and linked transactions, as well as lower thresholds.

Broader CDD measures for obliged entities

Beyond trigger events, the AMLR significantly strengthens the depth and scope of CDD requirements.

Extended information requirements

Obliged entities must now collect more detailed information about the purpose and intended nature of a business relationship or occasional transaction, including:

  • the purpose and economic rationale of the contemplated transaction,
  • the estimated value of planned activities,
  • the source and destination of funds, and
  • the customer’s business activity, employment, or occupation.

Sanctions screening obligations

CDD obligations now include stricter targeted financial sanctions screening:

  • Customers and their beneficial owners must be screened against sanctions lists.
  • For legal persons, screening must also cover:
    • any natural or legal person controlling the entity; or
    • any person holding more than 50% of the proprietary rights or majority interest.

Reporting of discrepancies

Obliged entities are required to:

  • Report material discrepancies between:
    • information collected during CDD checks; and
    • information available in central registers of beneficial ownership.

This excludes minor inconsistencies, such as typographical errors or slightly outdated but otherwise reliable information.

  • Follow up by requesting the relevant entity to update their information accordingly.

What if CDD measures cannot be completed?

Failure to complete CDD measures has clear consequences under the AMLR:

Do not proceed: obliged entities must refrain from:

  • carrying out the transaction,
  • establishing the business relationship, or
  • continuing an existing relationship (which must be terminated).

Consider reporting: a suspicious activity report (SAR) should be considered and, where appropriate, submitted to the Financial Intelligence Unit (FIU).

Key takeaways

With these new requirements, preparation is essential. Organisations should act now to ensure compliance:

  • Review your internal policies and procedures;
  • Identify which new CDD requirements apply to your specific business;
  • Anticipate implementation changes ahead of the July 2027 deadline.

Any questions?

If you have any questions or would like to discuss the implications of these changes, feel free to reach out to our key contacts.

More insights
Banking & Finance

Explore more

Publication Luxembourg

New limit to large cash payments and prohibition of anonymous instruments

17 Jun 2026 3 min read
Expert Guide International

CMS Expert Guide for taking security in Luxembourg

29 min read
Event Luxembourg

On the Pulse webinar series 2026 - Spring/Summer

30 Jun 2026
Back to top Back to top
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.