CryptaCount
EN
EnglishENDeutschDEEspañolESFrançaisFRItalianoIT日本語JA한국어KONederlandsNLPolskiPLPortuguêsPT
Log in Start Free

CSSF Warning: tresorwacht.com Fraudulently Cites Luxembourg Entities

CryptaCount Editorial · · 4 min read
AML / KYC / LICENSING CSSF Warning: tresorwacht.comFraudulently Cites Luxembourg Entities

The Commission de Surveillance du Secteur Financier (CSSF) published a public warning on 29 June 2026 against the website www.tresorwacht.com, which fraudulently associates itself with two Luxembourg-regulated companies: Indylux Capital S.à r.l and Kherty Finance S.à r.l. Neither entity has any connection to the activities promoted on the site. For compliance officers, auditors, and accounting firms working with Luxembourg or EU-domiciled counterparties, this alert demands immediate attention.

CSSF Warning: tresorwacht.com Fraudulently Cites Luxembourg Entities

What the CSSF Warning States

The core allegation

The CSSF states plainly that tresorwacht.com makes fraudulent reference to Indylux Capital S.à r.l and Kherty Finance S.à r.l. The regulator confirms that these two legitimate Luxembourg entities have no involvement whatsoever in the website or any services it offers. The site also lists addresses in Haarlem (Netherlands) and London (UK) under the names of apparent operators, details the CSSF flags as part of the deceptive presentation.

Why two entity names appear

Fraudulent websites frequently cite real, licensed firms to lend credibility. By invoking the names of CSSF-supervised entities, the operators of tresorwacht.com likely aimed to create a false impression of regulatory standing, a tactic designed to deceive prospective clients or counterparties conducting superficial due diligence checks.

Compliance Risks for Firms and Auditors

Counterparty verification gaps

This warning is a live reminder that entity names alone are not sufficient for counterparty verification. A firm name appearing on a CSSF-supervised list does not mean that every website invoking that name is authorised. Robust onboarding procedures must cross-reference the CSSF's official register directly, confirm the registered office address from the regulator's own records, and obtain documents that cannot be replicated from a public company filing alone.

AML and KYC exposure

Firms subject to the EU's Anti-Money Laundering Directive framework face a concrete risk: transacting with or channelling funds through an impersonating entity could, depending on circumstances, constitute a failure of customer due diligence obligations. The CSSF warning effectively puts supervised entities on notice. Continuing to engage with tresorwacht.com after this publication would be difficult to defend in any subsequent regulatory review. Compliance teams should screen their existing counterparty lists against this warning without delay.

This is not the first time the CSSF has had to act against sites that appropriate the identity of Luxembourg-regulated firms. The earlier CSSF identity-theft alert targeting Luxembourg fund managers showed a consistent pattern: fraudsters exploit the reputational weight of the Grand Duchy's financial sector to target investors and business partners across the EU.

Immediate Steps for Compliance Teams

Actions to take now

Three practical steps apply directly from this warning:

Check the CSSF register. Verify that any counterparty you associate with Indylux Capital S.à r.l or Kherty Finance S.à r.l corresponds precisely to the authorised entity on the CSSF's published register, not to any website invoking those names.

Block and document. If tresorwacht.com appears in any client file, investment memo, or fund documentation, flag it immediately, record the date of discovery, and escalate through your firm's suspicious activity reporting chain as appropriate under national AML transposition rules.

Update your negative-news screening. Add the site domain and the addresses listed by the CSSF to your internal watchlists. Adverse media and regulatory warning databases should pick this up quickly, but manual supplementation is good practice for tier-one alerts like this one.

Firms that have updated their internal procedures in line with CSSF notification rules for fund managers providing ancillary services will already have escalation channels in place. Apply those channels here.

CSSF Warning: tresorwacht.com Fraudulently Cites Luxembourg Entities

Frequently Asked Questions

What exactly did the CSSF say about tresorwacht.com?

The CSSF stated that the website fraudulently references two Luxembourg companies, Indylux Capital S.à r.l and Kherty Finance S.à r.l, and confirmed that neither company has any link to the site or its activities.

Are Indylux Capital S.à r.l and Kherty Finance S.à r.l themselves under investigation?

No. The CSSF warning makes clear that both entities are legitimate and have no connection to tresorwacht.com. The warning protects them from reputational harm caused by the fraudulent use of their names.

What should a firm do if it has already dealt with tresorwacht.com?

Review all transactions or communications involving the site, assess whether a suspicious transaction report is required under your jurisdiction's AML rules, and consult your compliance officer or legal counsel without delay.

Does this warning apply only in Luxembourg?

The CSSF's jurisdiction is Luxembourg, but the warning is publicly accessible and EU-wide AML obligations mean that any supervised firm in the EU that transacts with a fraudulent entity after a regulator has issued a warning faces potential supervisory scrutiny, regardless of where it is based.

How can firms verify whether a Luxembourg entity is genuinely authorised?

Search the CSSF's official public register at cssf.lu, confirm the entity's registered office and authorisation scope, and never rely solely on information provided by the counterparty itself or on a third-party website.

Source: CSSF Luxembourg

LUEUGeneralEnforcementAML/KYC & Licensing

FAQ

What exactly did the CSSF say about tresorwacht.com?

The CSSF stated that the website fraudulently references two Luxembourg companies, Indylux Capital S.à r.l and Kherty Finance S.à r.l, and confirmed that neither company has any link to the site or its activities.

Are Indylux Capital S.à r.l and Kherty Finance S.à r.l themselves under investigation?

No. The CSSF warning makes clear that both entities are legitimate and have no connection to tresorwacht.com. The warning protects them from reputational harm caused by the fraudulent use of their names.

What should a firm do if it has already dealt with tresorwacht.com?

Review all transactions or communications involving the site, assess whether a suspicious transaction report is required under your jurisdiction's AML rules, and consult your compliance officer or legal counsel without delay.

Does this warning apply only in Luxembourg?

The CSSF's jurisdiction is Luxembourg, but the warning is publicly accessible and EU-wide AML obligations mean that any supervised firm in the EU that transacts with a fraudulent entity after a regulator has issued a warning faces potential supervisory scrutiny, regardless of where it is based.

How can firms verify whether a Luxembourg entity is genuinely authorised?

Search the CSSF's official public register at cssf.lu, confirm the entity's registered office and authorisation scope, and never rely solely on information provided by the counterparty itself or on a third-party website.

Related articles

AML/KYC & Licensing
Sygnum Europe AG Authorized as CASP Under MiCAR
AML/KYC & Licensing
MiCA Transitional Period Expires July 1 2026: CASP Authorization Is Now Mandatory
AML/KYC & Licensing
Sygnum Europe AG Receives MiCAR CASP Licence from FMA Liechtenstein
AML/KYC & Licensing
Ripple Wins Preliminary MiCA Approval: Implications for Crypto Compliance