top of page


ICT and ICT Regulatory Related Risks:
How to Manage Them 

You will learn

  • Areas for improvements in ICT controls

  • Proven practices to manage ICT control environment in organizations 

  • Requirements for ICT and security risk management (CSSF Circular 20/750)

  • Regulatory aspects of telework and ICT (CSSF Circular 22/804, an update of CSSF Circular 21/769) 

  • Outsourcing arrangements (CSSF Circular 22/806)

  • Fraud monitoring and incident handling (CSSF Circulars 9/712-11/504-21/787-15/603)

  • Open Banking API (CSSF Circular 19/720-EBA/OP/2020/10) 

Your training may include

Blond woman checking her ipad.png

Outsourcing Oversight​

  • Analysis of key elements of CSSF Circular 22/806 on outsourcing arrangements

  • Introduction of MAQIT outsourcing management framework, built to meet all regulatory expectations

Duration: up to 3h
Hooded man draws gear.png

ICT Risk Management

  • Analysis of key elements of CSSF Circular 20/750 on ICT requirements and security risk management

  • Introduction of MAQIT's ICT Framework, built to support ISO and compliance teams

  • Review of CSSF Circular on Teleworking 22/804 and update on CSSF Circular 21/769

Duration: up to 3h
One man shows another an important thing on the pc.png

PSD2 and PSD3 IT Regulatory

  • Analysis of key elements of the Payment Services Directives.

  • Presentation of a circular framing Open Banking, fraud monitoring and incident management

Duration: up to 3h

Our trainings suit you if

  • You are a Cloud Officer, an ISO or an Internal Auditor and you must comply with the new Luxembourg regulatory expectations 

  • You want to improve your IT management knowledge and skills

Content blocks

Outsourcing Oversight

  • CSSF Circular 22/806 on Outsourcing Arrangements: introduction, main areas

  • Clear understanding of the client's current situation + review of existing documentation

  • Guidance in the Notification Form process

  • Performance of the Target Operating Model (TOM)

  • Outsourcing Identification

  • Performance of Criticality Assessment

  • Performance of Risk Assessment

  • Performance of the Contractual Gap Analysis

  • Design and implementation of an exit strategy

  • Performance of Due Diligence questionnaire

  • Performance of the Architecture Document 

  • Guidance in maintaining CSSF Outsourcing Register / Cloud Computing Register, if applicable

Information Security and ICT Risk Management

  • CSSF Circular 20/750 on the requirements regarding ICT and security risk management: introduction, main areas

  • Governance and Strategy: the management body

  • ICT and security risk management framework: people and process

  • Information Security Policy

  • ICT operations management

  • ICT project and change management

  • Business continuity management

  • Payment service user relationship management

  • CSSF Circular 21/769 on governance and security requirements for supervised entities to perform tasks or activities through Teleworking (as amended by CSSF Circular 22/804): introductionmain areas

Fraud Monitoring and Incident Management

  • CSSF Circular 11/504: introduction, information to be reported

  • CSSF Circular 15/603: introduction

  • CSSF Circular 19/712: introduction, reporting dimensions

  • CSSF Circular 21/787: introductionincident classificationincident reporting, information to be shared

Open Banking API

  • CSSF Circular 19/720: introduction

  • EBA/OP/2020/10: introduction

Digital Operations Resilience Act 

  • Main pillars of DORA

  • Comparison with existing circulars

Please contact us
to define content of a training tailored to the needs of your company

You will learn from



Managing Partner

Digital Transformation and Regulatory Advisory

Luc guides clients in CSSF regulation, PFS, and licensing enforcement, from the review process to the IT implementation. 



Senior Manager

Regulatory IT Services

Dominic assists clients in their RegTech challenges through his professional experience in software development, data integration, and IT operations. 



Senior Manager

Regulatory IT Services

Cyril supports clients by assessing the potential gap between new technology and financial sector regulation, helping to draft all ICT-related documentation required by the regulator.

To get more information
and discuss training content  tailored to your needs 

bottom of page