Luxembourg Financial Regulatory News:
Circular CSSF 26/909 follows the associated ESMA guidelines regarding the mandatory knowledge and competence for personnel working with crypto-assets. These regulations target crypto-asset service providers (CASPs) to ensure that staff delivering advice or information are properly qualified and experienced. By establishing uniform criteria for professional standards, the authorities aim to enhance investor protection and ensure firms act in the best interests of their clients. The framework includes specific definitions for relevant services and sets organizational requirements for maintaining staff expertise. These rules are scheduled to take effect on July 28, 2026, across the European financial supervision landscape.
Executive Summary
In this article, we outline the regulatory requirements and implementation standards established by the European Securities and Markets Authority (ESMA) and adopted by the Commission de Surveillance du Secteur Financier (CSSF) regarding the assessment of knowledge and competence for staff within Crypto-Asset Service Providers (CASPs).
Under the Markets in Crypto Assets Regulation (MiCA), specifically Articles 68(5) and 81(7), CASPs are mandated to ensure that staff providing advice or information possess the necessary expertise to protect investors and maintain market integrity. The guidelines, which become applicable on July 28, 2026, distinguish between staff providing “information” versus “advice,” with the latter held to a significantly higher standard of qualification and experience. Key organizational mandates include annual management reviews, rigorous continuous professional development (CPD), and a maximum four-year limit for staff to work under supervision before achieving full competency status.
1. Scope and Timeline under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
The guidelines (ESMA35-24871704-2922) establish consistent supervisory practices across the European System of Financial Supervision (ESFS).
- Applicability: Applies to all Crypto-Asset Service Providers as defined in Article 3(1)(15) of MiCAR and relevant competent authorities (e.g., the CSSF in Luxembourg).
- Key Dates:
- Publication: January 28, 2026.
- Application Date: July 28, 2026.
- Regulatory Intent: To promote supervisory convergence, assist CASPs in meeting “best interest of client” obligations, and strengthen investor protection.
2. Core Definitions under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
To ensure uniform application, the guidelines provide specific definitions for the crypto-asset service context:
| Term | Definition |
| Staff | Natural persons providing advice or information on crypto-assets or services to clients on behalf of a CASP. |
| Giving Information | Directly providing information about crypto-assets or services, either upon request or via CASP initiative. |
| Giving Advice | Providing personalized recommendations to a client regarding one or more transactions related to crypto-assets. |
| Appropriate Qualification | A qualification, test, or training course meeting the criteria set out in the guidelines. |
| Appropriate Experience | Successfully demonstrating the ability to perform relevant services through previous work. |
| Under Supervision | Providing services under the responsibility of a staff member who possesses both appropriate qualification and experience. |
3. General Principles (Guideline 1) under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
CASPs are responsible for ensuring staff meet regulatory, legal, and ethical standards.
- Policy Compliance: Staff must understand and apply internal policies designed to ensure MiCA compliance.
- Proportionality: Knowledge requirements should reflect the scope and degree of the services provided.
- Automated Services: For automated or semi-automated advice/information, the guidelines apply to the staff responsible for setting parameters, deciding settings, and determining content.
- Management Responsibility: The CASP management body must assess and review the effectiveness of compliance policies at least annually and address any identified deficiencies.
4. Criteria for Staff Providing Information (Guideline 2) under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
Staff giving information must have a foundational understanding of the crypto-asset ecosystem.
Key Knowledge Areas
- Technical Functioning: Distributed ledger technology (DLT), protocols (consensus mechanisms, validation rules, scalability, interoperability), and the impact of these technologies on transactions.
- Risks: Volatility, cyber security (hacks/theft), inappropriate storage of private keys, software “bugs” (IT programming risks), and DLT network support risks.
- Costs: Total costs of transactions, including CASP fees and DLT-specific costs (e.g., gas fees).
- Market Dynamics: Impact of economic figures, global events, investor sentiment, social media, and “whales” (holders of large amounts) on liquidity and price volatility.
- Regulatory Safeguards: Differences between investor protections under MiCA versus MiFID II.
Qualification Requirements
Staff must pass an assessment (internal or external) and fulfill one of the following:
- A professional qualification of at least 80 hours and 6 months of experience under supervision.
- Appropriate experience of at least 1 year under supervision.
5. Criteria for Staff Providing Advice (Guideline 3) under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
Staff giving advice are held to a higher standard than those only providing information. They must fulfill all requirements of Guideline 2 plus additional specialized knowledge.
Advanced Knowledge Areas
- Suitability: Understanding MiCA Article 81 requirements and the ability to determine why a specific crypto-asset may not be suitable for a client.
- Portfolio Management: Fundamentals of managing a portfolio and the implications of diversification.
- Valuation: Basic and advanced valuation mechanisms applicable to the crypto-assets being advised upon.
Qualification Requirements
Staff must pass an assessment and meet one of the following criteria:
- Tertiary Education: A 3-year relevant degree (e.g., economics, law, business) plus 1 year of experience under supervision.
- Secondary Education + Formation: A secondary degree, a 3-year professional formation, and 1 year of experience under supervision.
- Intensive Formation: A professional formation of at least 160 hours and 1 year of experience under supervision.
- Transitional MiFID/IDD Experience: 2 years of experience providing advice under MiFID II or IDD plus 6 months of crypto-specific experience under supervision.
6. Organizational and Maintenance Requirements (Guideline 4) under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
CASPs must establish robust internal structures to maintain staff competence.
- Role Distinction: Clear descriptions must differentiate between staff roles providing advice versus those only providing information.
- Continuous Professional Development (CPD):
- Information Staff: Minimum of 10 hours of CPD per year.
- Advice Staff: Minimum of 20 hours of CPD per year (this covers the 10 hours required for information).
- CPD must include an exam and cover regulatory changes, market developments, and new technologies.
- Supervision Rules:
- Staff lacking full qualification/experience must work under supervision.
- Maximum duration: 4 years under supervision, unless the competent authority determines a shorter period.
- Supervisors must sign off on suitability reports when advice is provided by a staff member under their charge.
- Record Keeping: CASPs must maintain records enabling competent authorities to verify compliance upon request.
7. Grandfathering and Exemptions under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
Existing Staff
Members of staff providing services on the date the guidelines apply may be deemed competent if they have successfully provided relevant services on a full-time equivalent basis for at least 1 year prior to the application date.
Out-of-Scope Activities
The following activities do not trigger the knowledge and competence requirements:
- Pointing clients to where information is located without discussing content.
- Distributing brochures/leaflets without additional explanation.
- Handing over information at a client’s request without further comment.
- Back-office functions with no direct client contact or relevance (excluding those drafting client-facing information/recommendations).
8. Compliance and Reporting for Authorities under Circular CSSF 26/909 on ESMA Guidelines on Knowledge and Competence under MiCA
Competent authorities (e.g., CSSF) have specific obligations to ESMA:
- Notification: Within two months of the guidelines’ publication in all EU languages, authorities must notify ESMA of their intent to comply.
- Supervisory Integration: Authorities must incorporate these guidelines into their national legal or supervisory frameworks.
- CASP Reporting: Notably, CASPs are not required to report their compliance directly to ESMA; this is handled through the national competent authority’s supervision.
This news related to Circular CSSF 26/909 can be considered beneficial under CSSF-Circulars and Crypto-Assets Service Providers (CASPs) and Virtual Asset Service Providers (VASPs) News.
At https://Ratiofy.Lu/, we defend your hard-earned money with our free daily news platform and expert-vetted templates. Need more help? Request access to our hands-on expert Advisory, Training and Coaching Services (very limited availability) related to CSSF Circulars and EU Regulations.
The pre-filled example templates for many CSSF Circulars should be available at https://ratiofy.lu/templates/ from the summer of 2026.
