Agefi Luxembourg - décembre 2025

Décembre 2025 47 AGEFI Luxembourg Informatique financière By Herwig TEMMERMAN (portrait), partner, Chris-Anthony LAFAGES VITALIS, senior manager and Cédric LALIN, senior business consultant at BearingPoint L uxembourg entered 2025with a banking sector that remains fi- nancially strong yet increasin- gly exposed to a complex set of operational vulnerabili- ties. The country still hosts 120 credit institutions and a combinedbalance sheet close to one trillion euros, confirming the importance of its financial industrywithin Europe. Earningswere once againbuoyedby high interestmar- gins and continued growth in custody and asset-servicing activities—a familiar pattern since the post-pandemic rebound. But this financial strength now coexists with known forms of fragility that have taken root and persist. Banks face rising cost pressures, mounting digital transformationdemandsandregulatoryexpectations that no longer look solely at profitability. Instead, su- pervisorsareturningtheirattentiontoaquestionthat has become central across Europe: howwell can a bank continue to operate when its critical systems or service providers fail? Theeventsof2025broughtthisissueintosharprelief. Severaldisruptionsinvolvingnationalinfrastructures anddigitalserviceproviders—includingauthentica- tion problems at LuxTrust, outages at POST Luxem- bourg, service interruptions affecting the CFL network, and a cyber incident impacting the Loterie Nationale external providers — demonstrated how easily technical failures can ripple across Luxem- bourg’stightlyinterconnectedecosystem.Evenwhen sucheventsoccuroutsidethebankingperimeter,they often stem from IT providers that are widely shared acrossindustries.Thisconcentrationofdigitaldepen- dencies means that resilience failures are rarely con- fined to a single sector, allowingdisruptions to spread rapidly to banking services, frompay- mentprocessingtocustomer-facingplatforms. These episodes occurred against a backdrop of increasingly sophisticated cyber activity. According to the European Union Agency for Cybersecurity,thefinancialsectorwasamong themosttargetedindustriesin2023and 2024, with attackers shifting rapidly toward supply-chain intrusions and ransomware campaignsdesignedtoexploit opaquethird-partydependen- cies. The European Securities andMarketsAuthority’s iden- tification of several systemic ICT providers added another layer of concern, underscoring the risk that the failureof just a fewactors coulddisrupt essential banking functions across the entire EU. Supervisory authorities across Europe have taken note. The European BankingAuthority’s priorities for 2025–2026 place operational resilience, ICTgov- ernance, third-party oversight and incident report- ing at the centre of the supervisory agenda. Banks are expected to demonstrate not simply awareness of their technological dependencies, but concrete progress: clearer mapping of critical processes, more robust testing capabilities and evidence that board-level governance extends to the digital back- bone of the institution. Abroader concept of resilience takes shape This shift reflects a wider redefinition of what “re- silience” means in modern finance. The term now refers to a bank’s capacity to anticipate disruptions, withstand them and recover rapidly—whether the threat arises from a cyberattack, a technology mal- function or a provider outage. In Luxembourg, the entry into force of the Digital Operational Resilience Act(DORA)inJanuary2025hasacceleratedthistrans- formation. The law creates a harmonised European frameworkforICT-riskmanagement,incidentclassi- fication, resilience testingand the supervisionof criti- caltechnologysuppliers.TheCSSFhasreinforcedthis momentum by issuing updated guidance on ICT governance, outsourcing and crisis reporting. Many institutions have already begun reassessing their internal organisation. Legacy systems accumu- lated over decades, fragmented cloud adoption and proliferatingdata platforms all complicate the task of identifyingwhichprocessesaretrulycriticalandhow theyinteractacrossbusinesslinesandinformationas- sets (data, applications, infrastructure). The rapid emergenceofAI-basedtooling—nowusedforfraud detection, portfoliooptimisationor client analytics— adds another dimension, both as an enabler of effi- ciency and as a potential vector for new forms of at- tack such as automated phishing campaigns, deepfake-basedimpersonations,andidentificationof systemvulnerabilities supportedby agenticAI. Fromcompliance to preparedness This growing complexity is pushing banks beyond compliance toward operational realism. Under DORA, Threat-LedPenetrationTesting is no longer a periodic technical exercise but an intelligence-led as- sessmentofaninstitution’sabilitytowithstandsevere but plausible attacks. Building on the TIBER-EU framework,banksmustdefinecrediblethreatscenar- ios, scope tests around critical business services and their supporting ICT and third-party dependencies, and demonstrate effective detection, escalation and response under near-real conditions. The objective is not to certify systems, but to expose structural weak- nesses and improve collective resilience. Regulatorsandbankswantrealistic,multidisciplinary scenariosthatinvolvebothbusinessandcyberteams; communication strategies that address internal and external stakeholders; continuity plans that meet au- thoritative standards such as ISO 22301; and gover- nancemodelsthatallowmanagementtomakerapid, informed decisions under pressure. These pro- grammestypicallycombineoperationalmapping,cri- sis-simulation design, cross-team coordination practice and post-exercise feedback intended to strengthencollectivecapabilities.Theyalsoplaceem- phasisonco-construction—ensuringthatoperational teams do not merely comply with frameworks but genuinely own themechanismsthatwillbemobilised during a crisis. Adecisive year ahead Looking toward 2026, the sector faces a convergence of regulatory deadlines and digital expectations. Su- pervisorswillexpectbankstoshowtangibleprogress in their DORA implementation: more mature ICT- risk frameworks, controlled oversight of third-party providers, improvements in incident-reporting pro- cesses and evidence that resiliencemeasures are em- bedded into strategic planning. At the same time, competitive pressure continues to push banks toward deeper digitalisation. Clients in private banking and cross-border wealth manage- ment increasingly expect seamless digital journeys, real-time information access and high degrees of au- tomation. These innovations, while essential, in- evitably expand the technological perimeter that institutions must secure. Regulators in Luxembourg and across Europe have repeatedlywarned that dig- ital transformation without robust resilience mecha- nisms can create systemic vulnerabilities. A further challenge lies in building the right organi- sational capabilities.While technical expertisewill al- ways matter, the real differentiator is the ability of all staff—notjustspecialists—torecogniserisks,un- derstandtheirroleinmaintainingresilience,andreact appropriately. This requires sustained efforts in awareness, training and upskilling, ensuring that resiliencebecomesaneverydaybehaviourembedded across business lines rather than confined to IT or se- curity teams. Inthiscontext,2026isshapinguptobeadecisiveyear. Luxembourg’s banks have long been defined by strongcapitalpositionsanddiversifiedbusinessmod- els. Their next challenge will be to demonstrate that theycanoperatesecurelyandwithoutinterruptionin a digital environment where threats evolve quickly anddependenciesmultiply.Thosecapableofembed- ding resilience into daily operations — from gover- nance and technology to culture and training—will help set the standards that define the next decade of the financial centre’s stability. A New Stress Test for Luxembourg’s Banking Sector: Resilience in the Digital Age A t LuxembourgBlockchain Week 2025 (24–28 novembre 2025), theABBLbrought to- gether leaders frombanking, law, market infrastructure andEuro- pean institutions for an interactive session titled “BuildingBridges: HowtoShape the Future of To- kenisation andDigitalAssets in Luxembourg?”The discussion – framedby a fireside chat between LaurentMarochini, Headof the ABBLWorkingGrouponTokeni- sation andDLTandCEOat Stan- dardChartered, andAnandaKautz, Member of theManagement Board of theABBL – delivered a clear message: Luxembourghas the foundations, themomentumand the ambition to leadEurope into the tokenised future. Fireside chat—Fromglobal momentumtonational leadership In the opening conversation, moderated by Ananda Kautz, the global landscape was sharply contextualised. Laurent Marochini noted that institutional adop- tion has reached a decisive turning point: “Three years ago themarket was 80% re- tail and 20% institutional. Today it’s the other way around.” Laurent highlighted Asia, particularly Singapore and Hong Kong, as the fastest-moving region, and pointed to a remarkable regulatory accel- erationintheUnitedStates.Europe,heex- plained, is advancing more slowly in stablecoinsandcrypto-assetsadoption,yet leads decisively in tokenisation and regu- latorydevelopment. ForLuxembourg,thiscreatesauniqueop- portunity. Buildingon its role asEurope’s largest fund centre, Laurent argued that the country could become“the first to- kenisedfundcentreinEurope,andpoten- tially in the world.”Ananda summarised the challenge succinctly: “Luxembourg hasthetools.Thequestionnowis:howdo we turn these tools into scale?” Both em- phasisedtheimportanceofresponsiblein- novation, continuous dialogue with the CSSF, and coordinated industry action through theABBL. Looking ahead, Laurent described how successcouldbemeasuredifthecommu- nity reconvened in five years: “Success means more companies in Luxembourg – and more clients and business. The moreplayersweattract, themoreoppor- tunities we create.” Panel discussion: Building bridges across the ecosystem Thepaneldiscussion,moderatedbyGiulia Pescatore, SeniorManager, Strategy&In- novation, Deloitte Luxembourg, brought togetherfourkeyfiguresrepresentingdif- ferent pillars of thefinancial ecosystem: - Nadia Manzari, Avocate à la Cour, FoundingPartner,Manzari Legal - NickAshton, Director, Country Head – Belgium & Luxembourg, Global Pay- ments Solutions, HSBC - Olivier Chapiteau, FundingOfficer, Eu- ropean Investment Bank (EIB) - Olivier Portenseigne, CEO, FundsDLT Together, they explored how Luxembourg can strengthen its position in tokenised finance. Speakers pointed to the rapidglobal rise of institutional activi- ty, real-world-asset tokenisation, and on- chaincashsolutions,alldevelopmentsthat create concrete opportunities for Luxembourg. The country’s regulatory framework, rooted innational blockchain laws and strengthened byMiCA and the DLT Pilot Regime, was cited as a major competitive advantage. The next chal- lenges are operational: ensuring interop- erability,aligningstandards,anddeepen- ingengagementwiththeCSSFtosupport large-scaledeployment.Banksarealready moving from pilots to implementation, includingtokeniseddeposits,on-chainset- tlement and digital-asset custody. Luxembourg’s early involvement posi- tions itwell, but scalingwill require cross- bank connectivity andglobal standards. Incapitalmarkets,digital-bondissuances, some settled using experimental whole- sale CBDC infrastructures, demonstrate boththepotentialandtheneedfortighter integration between on-chain cash and traditional custody channels. The fund industryremainsthelargestWeb3oppor- tunity. Tokenised fund shares and DLT- based distribution models continue to progress, but broader adoption across transfer agents, asset managers and dis- tributors will be essential to unlock full scale. Industry bodies such as the ABBL canacceleratethetransitionthroughedu- cation, standardisation and ecosystem coordination. AsAndreyMartovoy,SeniorAdviser–In- novation & Digital at the ABBL, sum- marised:“Lookingahead,thekeypriority identified is simple: drive adoption.” At- tractingmoreserviceproviders,onboard- inginstitutionalclientsanddeliveringreal tokenisation projects will anchor Luxem- bourg as Europe’s leading hub for digital assets,ensuringitnotonlykeepspacewith globaldevelopmentsbuthelpssettheEu- ropeanbenchmark for innovation. Source :ABBL Building Bridges: Luxembourg’s Path to Leadership in Tokenisation and Digital Assets Abonnement aumensuel (journal + éditiondigitale) 1an(11numéros)=55€abonnementpourLuxembourgetBelgique-65€pourautrespays L’édition digitale du mensuel en ligne sur notre site Internet www.agefi.lu est accessible automatiquement aux souscripteurs de l’éditionpapier. NOM:....................................................................................................................................................................... ADRESSE:.............................................................................................................................................................. LOCALITÉ:............................................................................................................................................................ PAYS:....................................................................................................................................................................... TELEPHONE:...................................................................................................................................................... EMAIL:.................................................................................................................................................................... - Je verse ……€ au compte d’AGEFI Luxembourg à la BIL / LU71 0020 1562 9620 0000 (BIC/Swift : BILLLULL) -Jedésireunefacture :...................................................................................................................................... -N°TVA : ................................................................................................................................................................ Abonnement aumensuel en ligne Sivouspréférezvousabonnerenligne,rendez-vousàlapage‘S’abonner’surnotresiteIn- ternet https://www.agefi.lu/Abonnements.aspx Abonnement à notre newsletter / Le Fax quotidien (5 jours/semaine, du lundi auvendredi) Informations en ligne sur https://www.agefi.lu/Abonnements.aspx Abonnez-vous / Subscribe ©ChambredeCommerce