• Adaptive Quiz

• Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT)

• Q1. According to the amended Law of 12 November 2004, a person is considered a beneficial owner when their ownership in an entity exceeds:
  10% of the capital or voting rights15% of the capital or voting rights25% of the capital or voting rights50% of the capital or voting rights
• Q2. The AML/CFT activity report submitted to the CSSF by professionals of the financial sector must be:
  Submitted before 30 June each yearSubmitted before 31 March each yearSubmitted only in case of a change in shareholdingSubmitted only upon express request from the CSSF
• Q3. A Suspicious Activity Report (SAR) to the FIU (Financial Intelligence Unit) must be filed:
  Only after confirmation of the offenceBefore executing the suspicious transactionAfter validation by the Compliance Officer (RCC)Within 10 business days following the transaction
• Calculation A
• Back

  Next

• Personal Data Protection (GDPR)

• Q1. Under the GDPR, a Data Protection Officer (DPO) is mandatory for:
  Any company with more than 50 employeesEntities whose core activities involve large-scale regular and systematic monitoringPublic entities onlyFinancial institutions supervised by the CSSF exclusively
• Q2. When transferring personal data to a third country lacking an adequate level of protection, the data controller must:
  Obtain the written consent of the Data Protection Correspondent (CIL)Conclude standard contractual clauses approved by the European CommissionDeclare the transfer to the CNPDNotify the transfer to the CSSF
• Q3. A personal data breach must be notified to the CNPD within a maximum of:
  24 hours48 hours72 hours7 business days
• Calculation B
• Back

  Next

• MiFID II (Markets in Financial Instruments Directive II)

• Q1. Under MiFID II, a marketing communication is compliant when it:
  Mentions only the product’s past performanceIs fair, clear, and not misleadingIs approved by the Board of DirectorsIs addressed to professional clients only
• Q2. The suitability test applies:
  To retail and professional clients receiving investment adviceTo execution-only transactionsTo eligible counterparties onlyTo non-complex products exclusively
• Q3. The obligation to record telephone conversations relating to financial transactions requires a minimum retention period of::
  1 year3 years5 years7 years
• Calculation C
• Back

  Next

• MAR (Market Abuse Regulation – Regulation (EU) No 596/2014)

• Q1. A “permanent insider” under MAR is:
  Any person with occasional access to inside informationA back-office employeeA manager or employee with regular access to inside informationAny retail investor
• Q2. In Luxembourg, the obligation for a Person Discharging Managerial Responsibilities (PDMR) to notify transactions on financial instruments applies once the total annual amount reaches:
  €1,000€5,000€20,000€50,000
• Q3. Inside information must be made public:
  Immediately after its internal creationAs soon as it is sufficiently precise and likely to affect the price of a financial instrumentAt market closeOnly upon the regulator’s instruction
• Calculation D
• Back

  Next

• Anti-Bribery and Corruption (ABC)

• Q1. Under Luxembourg law, passive corruption is defined as:
  Offering an undue advantageAccepting or soliciting an undue advantage in exchange for an actReporting a corruption actWitnessing an offered advantage
• Q2. An effective anti-corruption policy within a financial institution must necessarily include:
  A general ethical statementA donations and sponsorship programmeDue diligence procedures on third parties and intermediariesA professional dress code
• Q3. Failure to comply with anti-corruption prevention obligations within an entity may result in:
  An internal warning onlyAn administrative fine with no criminal effectCriminal liability of the legal entityTemporary suspension from the commercial register
• Calculation E
• Back

  Next

• Whistleblowers (Directive (EU) 2019/1937, Luxembourg Law of 16 May 2023)

• Q1. Whistleblower protection applies when the report concerns:
  A contractual dispute between employeesAn actual or potential breach of EU law or national transposing lawA personal opinion on company strategyA personal conflict of interest
• Q2. Public disclosure (e.g. through the media) is protected:
  Only after notification to the CSSFWhen the internal or external report has remained unansweredIn all circumstancesAfter Board approval
• Q3. A company with more than 250 employees must establish an internal reporting channel:
  OptionalMandatorySubject to regulator approvalRecommended but not binding
• Calculation F
• Back

  Next

• MiCA (Markets in Crypto-Assets Regulation – Regulation (EU) 2023/1114)

• Q1. MiCA mainly applies to:
  Commodity derivativesFinancial instruments as defined by MiFID IIIssuers and service providers of crypto-assetsUCITS management companies
• Q2. Under MiCA, the issuance of e-money tokens requires:
  Prior authorisation as an electronic money institutionSimple notification to the CSSFRegistration as a digital asset service provider (PSAN)Registration on a public blockchain
• Q3. Crypto-asset service providers (CASPs) must:
  Comply with AML/CFT and governance requirementsHold only a general commercial licenceReport their activities to the Central BankBe established in any recognised third country
• Calculation G
• Back

  Next

• EMIR

• Q1. Under EMIR, within what maximum time must a derivative transaction be reported to an authorised Trade Repository?
  On the execution dayOn the next business day after executionWithin three business daysBefore month-end
• Q2. A Luxembourg non-financial counterparty exceeds the clearing threshold for interest rate derivatives. Which additional obligation now automatically applies?
  Daily reporting to the local regulator (CSSF)Mandatory central clearing through an authorised CCPReporting obligation to ESMAExemption from bilateral margin if the counterparty is European
• Q3. When a financial counterparty (FC) and a non-financial counterparty (NFC–) enter into an OTC derivative and the FC delegates reporting to the NFC–, who remains legally responsible for EMIR reporting compliance?
  The NFC–, as it performs the reportingBoth counterparties jointlyThe FC, as the delegating partyESMA, as the supervisory authority
• Calculation H
• Back

  Next

• Beneficial Ownership (BO) Identification

• Q1. Under Luxembourg Law of 13 January 2019, at what ownership threshold is a natural person presumed to be the beneficial owner of a company?
  10% of the capital or voting rights15% of the capital or voting rights25% + 1 share of the capital or voting rights50% of the capital or voting rights
• Q2. A Luxembourg company is 100% owned by a Cypriot holding company, which is itself 100% owned by Ms. Z (a natural person). Who must be declared as the beneficial owner of the Luxembourg company?
  The Cypriot holding companyThe director of the Luxembourg companyMs. Z, as the indirect beneficial ownerNone, as the ownership is foreign
• Q3. In the case of a Luxembourg trust, which of the following parties must be considered beneficial owners under AML/CFT law?
  The trustee onlyThe settlor, trustee(s), designated beneficiaries, any person exercising effective control, and the protector, if applicableThe designated beneficiaries onlyThe settlor and the trust manager only
• Calculation I
• Back

  Next

• Cybersecurity – Introduction

• Q1. What is the main cause of most cybersecurity incidents within organisations?
  Unpatched hardware vulnerabilitiesHuman errorLarge-scale DDoS attacksFailures of external providers
• Q2. During a ransomware attack, which protection measure truly enables a company to recover its operations without paying ransom?
  A well-configured firewallMulti-factor authenticationRegular, tested, and network-isolated backupsA strengthened password policy
• Q3. In a mature cybersecurity governance plan, which role translates technical risks into business impacts and ensures coordination among management, IT, and compliance?
  DPO (Data Protection Officer)CISO (Chief Information Security Officer / RSSI)CIO (Chief Information Officer)Compliance Officer
• Calculation J
• Back

  Next

• DAC6 – Introduction

• Q1. What is the main objective of the European DAC6 Directive (EU 2018/822)?
  Harmonise tax rates among Member StatesEnsure tax transparency and detect aggressive tax planning arrangementsCreate a single European corporate taxAbolish professional secrecy across Member States
• Q2. Which of the following hallmarks belongs to Category C (cross-border arrangements) and is not subject to the main benefit test?
  Deduction of a payment to a zero-tax jurisdictionDeduction of a payment to a non-cooperative jurisdiction (ETNC)Arrangement with a confidentiality clauseConversion of income into lightly taxed capital
• Q3. An intermediary bound by professional secrecy (e.g. a lawyer) identifies a reportable cross-border arrangement but does not obtain the taxpayer’s consent to disclose it. What must they do to comply with DAC6?
  Do nothing and invoke absolute professional secrecyReport the arrangement anonymously to the Tax AdministrationNotify the reporting obligation to another intermediary or, failing that, to the taxpayer concernedWait until the fiscal year-end to submit a consolidated report
• Calculation K
• Back

  Next

• Trusts – Introduction

• Q1. What is the main role of the trustee in a trust?
  Hold the assets for their own benefitManage the assets according to the trust deed, in the interest of the beneficiariesSupervise the protector and the settlorFreely determine the trust’s beneficiaries
• Q2. Under AML/CFT obligations, which natural persons must be considered beneficial owners (BOs) of a trust according to FATF recommendations and Luxembourg law?
  The settlor, the trustee, the beneficiaries, and any person exercising effective controlOnly the beneficiaries named in the trust deedThe trustee and the protector onlyThe settlor and the trustee only
• Q3. In a discretionary trust, beneficiaries are not always named in the trust deed. How should beneficial owners be identified and documented for compliance purposes?
  Wait until the trustee designates the beneficiaries before any identificationIdentify the category of potential beneficiaries (e.g., children, heirs, employees) and apply enhanced due diligenceDo not declare them since they are not yet knownConsider only the settlor as the beneficial owner
• Calculation L
• Back

  Next

• Operational Risk

• Q1. According to the Basel Committee definition, what is operational risk?
  The risk of losses due to market fluctuationsThe risk of losses resulting from inadequate or failed internal processes, people, systems, or from external eventsThe risk related to regulatory non-complianceCounterparty risk in a credit operation
• Q2. In the Caritas Luxembourg (2024) case mentioned in the training, which type of control could have prevented the CFO fraud (fraudulent payments to third parties)?
  A corrective control based on post-incident reportsA preventive control involving segregation of duties and independent payment validationAn automatic detection control after funds transferAn annual internal audit control
• Q3. According to the Basel Committee definition, what is operational risk?
  Maintain a loss register and appoint an IT managerIdentify, measure, monitor, and manage operational risk through an independent risk management function, covering ICT risk and outsourcingCentralise all operational decisions in general managementLimit operational risk management to the compliance department
• Calculation M
• Total Score
• Total Score
• Global Score
• Submit
• Should be Empty: