Blog

Being a “Support Professional of the Financial Sector” company: what does it mean?

3min Read · 1 Sep 2025
psf compliance luxembourg

LUXHUB, which was founded in May 2018, is supervised by the financial sector supervisory commission in Luxembourg – the CSSF (Commission de Surveillance du Secteur Financier) – as “Support PFS”, which stands for Support Professional of the Financial Sector. The Support PFS license is crucial to work or partner with a large number of Financial Institutions in Luxembourg. But it is also extremely valuable abroad.

 

The “Support PFS” status only exists in Luxembourg: this “license” is based on the Law of 5 April 1993 on the financial sector. It has been amended several times since then, but the focus always remained the same: making sure that financial sector service providers established in Luxembourg meet certain standards.

Through its different solutions, LUXHUB provides its services to many credit institutions, payment and e-money institutions, etc. (hereinafter “Financial Institutions”), and is therefore subject to strict rules, lying under the Support PFS umbrella.

 

Data flows and professional secrecy

The notion of “professional secrecy” is obviously extremely important in the financial services industry. Here is why it matters for customers.

As a Support PFS, LUXHUB has to keep secret all information provided by its customers. In other words, every single data that flows through the company stemming from or addressed to its customer is subject to professional secrecy. Moreover, this notion applies not only to the company, but also to every single LUXHUB employee.

When a Financial Institution established in Luxembourg outsources certain activities to a Support PFS such as LUXHUB, it does not need to request the consent of its customers in the context of professional secrecy obligations. Such consent would be necessary, in the event the provider is not a so-called Support PFS. It will likely need to do it for data protection reasons, but an information is usually sufficient (unless the processing is grounded on data subject’s consent).

 

Leveraging outsourcing services: notifications and contracts

In Luxembourg, Financial Institutions have to comply with several outsourcing requirements. One of them is related to the supervisory authority’s notification process. As explained by the CSSF in its Circular 22/086, “an in-scope entity that intends to outsource a critical or important function shall notify in advance its plans to the competent authority…”.

In this respect, after having performed an assessment as to whether the function(s) they outsource is/are critical or important, Financial Institutions will need to perform a notification to the CSSF, should their analysis conclude positively. In principle, the submission is to be filed three months before the planned outsourcing comes into effect.

But when the company that will provide the services is a Support PFS, this period is reduced to one month. Working with a Support PFS therefore gives much more flexibility to the Financial Institution, drastically cutting the project timeline, in an industry where deadlines are short, and time is (always) money.

Moreover, at LUXHUB, the legal and compliance team is closely following the requirements evolution in order to adapt the contractual framework, where necessary. In this context, LUXHUB provides its customers as soon as possible with Regulatory Addenda encompassing the new provisions. The team did it for instance for the CSSF Circular 22/806 and more recently in the context of DORA.

 

LUXHUB as an obliged entity has to abide by strict rules

As an entity supervised by the National Competent Authority and subject to several financial sector laws and regulations, LUXHUB has developed a solid experience and excellent knowledge of the framework in which its clients evolve.

The Support PFS status existing for more than 20 years, several financial sector obligations were already applicable – even before EU obligations emerged in the context of EBA’s Guidelines of outsourcing arrangements or the entry into application of DORA. LUXHUB as Support PFS thus had to adapt to these frameworks but did not have to start from scratch, compliance with data security and resilience obligations being part of its DNA.

LUXHUB implemented governance measures and business continuity plans, and follows strict outsourcing policies. From its very first months, it started building a team of seasoned security experts, and now has a dedicated outsourcing officer as well as a data protection officer. A 35-employee company, it rapidly developed a large expertise on regulated activities and is keen on supporting its customers, leveraging its deep knowledge and understanding of requirements and needs.

 

If you want to learn more about Support PFS, you are invited to visit CSSF dedicated section and Finance & Technology Association website.

Useful Resources See All
Press Release Six major banks in Luxembourg select LUXHUB as their VOP service provider
#PAYEE VERIFICATION PLATFORM
4min Read · 8 Apr 2025
Blog Why an Open Banking expert is the ideal partner for VOP
#Payee Verification Platform
3min Read · 6 Feb 2025
Press Release LUXHUB obtains ISO 27001 certification
2min Read · 13 Feb 2025
In the Media How FIDA opens unprecedented opportunities: 5 innovative and concrete use cases
2min Read · 25 Nov 2024