Luxembourg 2024: How the Financial Intelligence Unit Shifted to Risk-Focused, Cross‑Border Fighting of Fraud, Money‑Laundering and Terrorist Financing
In 2024 the Luxembourg Financial Intelligence Unit (Cellule de renseignement financier, CRF) continued to sharpen a risk‑based strategy aimed at prioritizing the most significant money‑laundering and terrorist‑financing threats. That strategy rests on a shared understanding of risks between public authorities and the private sector, a stronger analytical capacity inside the CRF, and deeper international cooperation. The CRF supported national and vertical risk assessments driven by the Committee for the Prevention of Money Laundering and Terrorist Financing, and broadened targeted dissemination of a more detailed vertical assessment of terrorist‑financing risks to all professionals registered in the goAML system.
Operational emphasis on quality over quantity
Although the total volume of suspicious transaction and activity reports remained high, the CRF has increasingly concentrated its resources on high‑value, complex cases. Luxembourg’s financial center is inherently international: most reports the CRF receives have at least one foreign element. To cope with thousands of cross‑border exchanges, the CRF automated dissemination to foreign counterparts using FIU.net and FIU Platform rules. That automation and the growing use of standardized exchanges explain a reduction in traditional ad hoc information exchanges and freed analytical capacity for operational work.
Statistics that matter: growth, fraud and cross‑border reporting
In 2024 the CRF received 51,130 suspicious reports, a 15% increase on 2023. Fraud remained the top underlying predicate offense (about 32% of reports), followed by product counterfeiting and piracy (16%) and tax offences (13%). Reports linked to sanctions evasion – particularly related to measures against Russia – also continued to rise.
Two reporting trends stood out.
First, traditional sectors – banks, investment firms, insurers and designated non‑financial professionals – have steadily increased reporting and improved detection of complex laundering patterns.
Second, so‑called “online providers” (payment institutions, e‑banks, electronic‑money institutions and regulated virtual‑asset service providers) continue to submit very large volumes of standardized declarations (SARe / STRe), many of which are cross‑border in substance and are routed via Luxembourg because of the reporting entity’s EU passporting and Luxembourg headquarters.
Terrorist financing: focused capability and sustained cooperation
Reports related to terrorist financing rose slightly to 230 in 2024. The CRF maintained specialist teams for terrorist‑financing analysis and international exchange and participated actively in the “Counter Terrorist Financing Taskforce – Israel” (CTFTI), coordinating responses to the fallout of the October 2023 attacks. The CRF records concrete operational outcomes: six blocking orders for FT‑related assets in 2024 (≈ €1.9 million) and ongoing engagement with domestic counter‑terrorism authorities and reporting entities to raise detection awareness.
Evolving typologies: networks, mules and AI‑enabled documentation fraud
Criminal networks increasingly use sophisticated structures to layer and conceal proceeds: complex corporate vehicles, money mules, virtual IBANs, cross‑jurisdictional transfers and conversion to virtual assets. The CRF noted intensified use of falsified identity documents – now sometimes crafted with AI tools – especially among payment and electronic‑money providers, causing many SARs (suspicious activity reports) where no suspicious transaction is identified but the client fails identity checks or attempts to onboard with forged credentials.
Virtual assets and shifting criminal behavior
Reports from regulated virtual‑asset service providers (VASPs) have declined markedly in recent years. The CRF attributes that fall partly to criminals moving to unregulated or decentralized exchanges and to the increasing compliance resilience of licensed VASPs. The trend underlines the displacement effect: stronger regulation pushes illicit actors toward jurisdictions or platforms with weaker controls.
Stronger domestic partnerships: prosecutors, police and regulators
The CRF deepened operational cooperation with the public prosecutor’s offices of Luxembourg and Diekirch and with judicial police to trace, freeze and pursue embezzled funds – often held on foreign accounts. Complex cases are now handled by pre‑planned joint strategies rather than ad hoc requests, and the CRF routinely supports criminal asset tracing and blocking to preserve assets for judicial seizure. Cooperation with the European Public Prosecutor’s Office (EPPO) increased markedly following a cooperation agreement signed by the CRF in August 2022.
Blocking activity: concentrated values and cross‑border purpose
In 2024 the CRF ordered 208 blocks, securing approximately €162 million in assets. Although the number of fraud‑linked blocking orders was large (136 orders), the highest aggregate values were linked to corruption (three orders totaling roughly €134.6 million). The CRF emphasized that most blocking orders occur in a cross‑border context to allow foreign judicial authorities to pursue seizure through mutual legal assistance.
Digital transformation and capacity building
To strengthen analytical throughput, the CRF continued to expand its workforce in priority domains and recruited data scientists and other IT specialists. The CRF is modernizing its digital capabilities while ensuring compliance with data protection and upcoming standards for AI governance. The CRF’s adoption of automated, standardized cross‑border reporting (XBR) and cross‑border dissemination (XBD) has improved the speed and quality of international information flows and allowed analysts to act faster on complex, multinational schemes.
Sectoral developments: payments, e‑money and online banking dominate reporting volumes
Payment institutions, electronic‑money institutions and e‑banks are the largest reporting groups by volume. For payment institutions, many reports were triggered by forged identity documents and attempted onboarding with fake IDs rather than by transactional anomalies. Electronic‑money institutions saw an increase in reports related to account activity and client‑profile concerns, while online banks’ reporting grew in line with their economic expansion and enhanced monitoring capabilities. Insurers recorded strong growth in reports – largely tied to remediation exercises – while investment sector reporting increased more modestly, reflecting better industry awareness and supervisory outreach.
Quality of reporting and feedback loops
The CRF evaluates the overall quality of incoming reports as generally good. It provides feedback to reporting entities through tailored meetings and, where appropriate, written responses. This feedback loop supports private‑sector compliance maturation and improves the signal‑to‑noise ratio for analysts.
International exchange: automation, XBR/XBD and traditional cooperation coexist
The CRF has scaled use of FIU.net-based XBR for high‑volume, standardized cross‑border reports and XBD for low‑risk cross‑border information where counterparties need limited context. The increase in XBR exchanges explains a modest decline in traditional bilateral or spontaneous exchanges, but total international contact remains high – particularly with neighboring EU partners, France, Germany, Belgium, the Netherlands and the UK. The CRF also stepped up operational exchanges with Europol, notably on sexual exploitation and human‑trafficking cases, and plays a leading role in the Europol Financial Intelligence Public‑Private Partnership.
Regulatory change and the road to 2027 AML reform
With the new EU AML package adopted, most new rules will apply from July 10, 2027. The CRF has begun implementing preparatory steps and is coordinating closely with the European AML Authority (AMLA) to align practices and data exchange expectations ahead of full application.
Conclusions and implications for practitioners
The 2024 CRF report shows Luxembourg’s FIU in transition: it is shifting from coping with large volumes of heterogeneous reports to prioritizing analytical depth, automation of cross‑border dissemination, and specialist capacity to tackle complex international laundering and terrorist‑financing schemes. For reporting entities, the practical implications are clear: improve KYC to detect forged documentation, strengthen transaction‑monitoring to identify atypical layering patterns and money‑mule usage, cooperate promptly with requests for information, and adopt interoperable technical standards that allow efficient, standardized reporting (XBR/XBD). Regulators and prosecutors should continue to coordinate pre‑planned strategies for complex, cross‑border investigations where proactive blocking can preserve assets for judicial resolution.
The CRF’s dual emphasis – focusing limited resources on cases with the greatest risk while automating standardized cross‑border sharing – offers a model for FIUs operating in globally connected financial centres. As regulation tightens and adversaries adapt, the CRF’s combination of specialist analytical capability, technical automation, and broad domestic and international cooperation will be decisive in maintaining Luxembourg’s resilience to financial crime.
Dive deeper
- CRF ¦ Rapport annuel 2024 ¦ Link