MIFID2
Introduction
Three tabs are available in the e-file administrator module: Users, Groups and Certificates (Figure 1).
(Figure 1)
Users tab
- Create a new user
- Assign groups to an user
- Force password change
- Lock/ unlock user
- Delete user
- Manage user profiles
- Assign groups to the Sending Service user
- Subscribe the Sending Service user to alerts
Groups tab
- User management at group level
- Add user to a group
- Assign a group to users
- Manage user profiles at group level
Certificates tab
- Order a new Luxtrust certificate
- Renew your Luxtrust certificate
- Activate Luxtrust certificate
Users tab
Create a new e-file user
Step 1:
Connect to e-file.lu with your e-file administrator login (adminXXX) and click the Administration module icon (Figure 2).
(Figure 2)
Step 2:
The Users List screen opens. Click the Create a user button (Figure 3).
(Figure 3)
Step 3:
The Create a user window pops up. Complete the form as shown in the figure below and click the Create button (Figure 4).
(Figure 4)
The Create a user window closes and you return automatically to the Users List screen. At the same time a confirmation window pops up on the top of the screen indicating that the user creation was successful (Figure 5).
(Figure 5)
Explanations
Move the mouse over the user you just created. Five icons will appear allowing to perform the following Actions (Figure 6).
Action 1: Edit user settings
Action 2: Force password change. If you press this icon, an email is sent to the user with a web-link to reset his password.
Action 3: Unlock user. The icon is geyed out if a user never logged in to e-file (e.g. new user).
Action 4: Lock the user.
Action 5: Delete the user.
(Figure 6)
Sort functions in the Users List
The Login, Name, Email and Last connection columns can be sorted (A to Z or smallest number to largest).
Example:
If you want to sort the Name column from A to Z or Z to A, click directly on Name on the top of the column. The direction of the arrow shows whether the sort is ascending or descending (Figure 7).
(Figure 7)
Filter functions in the Users List
Example:
If you want to display in the Users List only the users to whom the Group FATCA and the profile Manager have been assigned, you have to select the filter criteria as shown in the figure below and press the SEARCH button (Figure 8).
(Figure 8)
Assign groups and profiles to users
Example:
If a user has to send FATCA reportings to the authority, the e-file administrator must assign the group Rapport FATCA and the profile Manager to the user.
Step 1:
Open the User management screen in the Users tab and click the Edit icon of the user to whom you want assign groups and a specific profile (Figure 9).
(Figure 9)
Step 2:
The User details screen opens. Click the Groups button (Figure 10).
(Figure 10)
Step 3:
The User details / Groups screen opens. Click the Edit button (Figure 11).
(Figure 11)
Step 4:
The User details / Groups screen opens in Edit mode (Figure 12).
Click the ADD A GROUP button , select the groups and profile you want to assign and click the Validate button.
(Figure 12)
The User details / Groups window closes and you return automatically to the Users List screen.
At the same time a confirmation window pops up on the top of the screen indicating that the group assignement was successfully saved (Figure 13).
(Figure 13)
Please be informed that you can find detailed information on all groups on our Wikipage Product Coverage; column e-file user account: "groupe".
User profiles
Administrator / Administrateur
The Administrator profile allows the e-file administrator to order and activate LuxTrust certificate(s), manage user accounts, groups, user profiles, lock and un lock user account.
Guest / Visitor
- The Guest can consult the information or documents of his affected group(s).
- He can access the follow up tools and open the documents linked to the group(s).
- The Guest cannot submit reports or documents via e-file.
Manager / Responsable
- The Manager can consult the information or documents of his affected group(s).
- He can access the follow up tools and open the documents linked to the group(s).
- The Manager can submit reports linked to his group(s) via e-file.
Operator / Opérateur
- The Operator can consult the information or documents of his affected group(s).
- He can access the follow up tools and open the documents linked to the group(s).
- The Operator submit reports linked to his group(s) to validation by a Validator.
Validator / Valideur
- The Validator can consult the information or documents of his affected group(s).
- He can access the follow up tools and open the documents linked to the group(s).
- He validates or rejects reports awaiting for validation linked to his group(s).
Sending Service management
Select the Users tab of the Administration module and press the Sending Service Management button. The Sending Service List opens (Figure 14)
(Figure 14)
Explanations:
1. Status: the green check mark indicates that the Sending Service is active.
2. Login: it is the login of the Sending Service user.
3. Last connection: date of the last connection of the Sending Service to e-file.
4. Version: when you move the mouse over the icon, the name of the latest Sending Service version available pops up.
5. The number indicates the Sending Service version of your current Sending Service . If you want to update your Sending Service press the download button and download the latest Sending Service version with our Sending Service installer.
6. If you want to close a Sending Service account, press the lock icon Deactivate.
7. Group filter function in the Sending Service List
Example:
If you want to display in the Sending Service List only the Sending Services to which the Group FATCA is assigned, you have to select FATCA in the drop down list and press the SEARCH button.
8. Click the Edit groups icon to get more detailed information on the Sending Service user.
Assign groups and subscribe to alerts
Example:
If you want to submit COREP reportings through the Sending Service, you have to assign the group COREP to your Sending Service.
Please follow the steps below:
Step 1:
Select the Users tab of the Administration module and press the Sending Service Management button. The Sending Service List opens (Figure 14).
Step 2:
Click the Edit groups icon of the Sending Service to which you want to add the COREP group (Figure 15).
(Figure 15)
The Change groups of Sending Service page opens (Figure 15).
(Figure 15)
Explanations:
All Groups assigned to the Sending Service are listed here (1).
The only possible Profile value for a Sending Service is "Sending Service" (2).
If the Alerts checkbox is checked (3), it means that the Sending Service will receive replies (= feedbacks) from the regulator.
These replies will be dropped automatically into the respective replies directory of your Sending Service folder.
Step 3:
(Figure 16)
Step 4:
The Details page of your Sending Service to which you want to add the COREP reporting opens in Edit mode (Figure 17).
Click the ADD A GROUP icon , select the group you want to assign, click the SUBSCRIBE to Alerts button and VALIDATE your changes (Figure 17).
The window closes and you return automatically to the Sending Service List screen.
At the same time a confirmation window pops up on the top of the screen indicating that the group assignement was successfully saved.
(Figure 17)
Groups tab
Certificates tab
LUXTRUST certificate purchase order
All reporting files transmitted to the supervisory authorities must be encrypted.
The only certificate authorised for the file encryption by the reporting entity are SSL certificates from the certification authority LUXTRUST.
Please check the system requirements to run the e-file applications.
Key and Certificate Request generation
Please be informed that during the next steps two files will be generated:
1- the keystore file keystore.ks containing your new keys
2- the certificate request file Certificate Request.csr containing a copy of your new keys. This file must be uploaded on LUXTRUST's website during your purchase order . =>Chapter 3.2 Finalize your purchase order of LUXTRUST e-file SSL certificate
Important note : the Luxtrust SSL certificate purchase order and its activation have to be performed on the same computer workstation.
Step 1:
Connect to e-file.lu with your e-file administrator credentials (adminXXX) and click the Administration module icon (Figure 16).
(Figure 16)
Step 2:
Click the Certificates button (Figure 17)
(Figure 17)
Step 3:
The Certificates Management screen opens. Click the Generate a csr button (Figure 18).
(Figure 18)
Step 4:
The Certificates Management Module opens. Click the Certificate tab and click the Generate a CSR button (Figure 19).
(Figure 19)
Step 5:
The form Generate keys and certificate request opens (Figure 20) :
(Figure 20)
Step 6:
Complete the form
a. Generation / Update of the keystore file
Click the Browse button. A Save As dialog box opens. Complete the required information.
-Select directory:
If you order the certificate for the very first time , select the folder where the keystore file will be stored.
In the case you have to renew your certificate, you must select your current and valid keystore.ks. Normally, the system remembers the path where it has been stored.
Important note : please ensure that you have write access to this folder. We suggest to use a personal folder e.g.: C:\Users\xxx\efile\workdir.
- File name: choose your keystore name, for example keystore.ks
- File type : .ks
Click the Save button.
b. Password
If you order the certificate for the very first time , you have to define a brand-new keystore password.
In the case you have to renew your certificate, e.g. its validity date expired, you must use the keystore password that had been created when you ordered the certificate for the very first time.
Important note : the keystore password has to be shared with all e-file users who have to transmit encrypted documents or decrypt feedback files received from the supervisory authorities. .
Important note : if you loose your keystore password, you will have to generate a new key and order a new certificate.
c. Confirm the password
Re-enter your password
d. Request for the generation of the certificate (.csr)
Click the Browse button. A Save As dialog box opens. Complete the required information.
- Current directory: select the folder where the Certificate Request file will be stored.
Important note : please ensure that you have write access to this folder. We suggest to use a personal folder e.g.: C:\Users\xxx\efile\workdir.
- File name: CertificateRequest.csr
- File type : .csr
e. Name, Department, Entity, City, State (USA only) , Country (ISO code) should be completed as indicated in the print screen above.
f. Generate
Click the Generate button. A window will pop up and confirm that two files have been generated: keystore.ks and CertificateRequest.csr (Figure 21).
(Figure 21)
Important note : if you renew your certificate, please ensure that the modification date of your current kestore.ks has been updated. If it is not the case it is highly probable that Java has no write access to the folder where the keystore.ks is located
Important note : we advise you to back up the keystore.ks and CertificateRequest files.
Finalize your LUXTRUST purchase order
-Open the LUXTRUST easy SSL e-file website.
-Browse to SSL Certificate section and click the E-FILE icon (Figure 22)
(Figure 22)
-Choose the period of validity of your certificate and click the ORDER E-FILE button.
-If you do not have a LUXTRUST easy SSL e-file account you have to get registered.
-Once registered, complete the whole order form, upload your CertificateRequest.crs file, accept the TERMS AND CONDITIONS and click the PLACE ORDER button.
-Shortly afterwards, you will receive an e-mail from LUXTRUST confirming your purchase order.
-Please follow all instructions provided in the e-mail and its PDF attachment (Send signed PDF by post with all required documents to the address indicated inside, process the payment etc.)
Activation of your LUXTRUST certificate
The certificate file will be sent to the e-mail address you provided in your purchase order.
The extension of this file will be .txt, in order to prevent your firewall from blocking the attached file.
Step 1:
Important note: save the file .txt on your computer workstation and replace the .txt extension by .cer
Double-click the .cer file. You should be able to see your certificate as shown below (Figure 23):
(Figure 23)
Step 2:
Important note : the Luxtrust SSL certificate ordering and its activation have to be performed on the same computer workstation.
Connect to e-file.lu with your e-file administrator credentials (adminXXX) and click the Administration module icon (Figure 24).
(Figure 24)
Step 3:
Click the Certificates button (Figure 25).
(Figure 25)
Step 4:
The Certificates Management screen opens. Click the Activate a certificate link (Figure 26).
(Figure 26)
Step 5:
The Certificate Management Module opens. Press the Activate a certificate button (Figure 27).
(Figure 27)
Step 6:
The Certificate Management Module window pops up. Select the Certificate tab. Complete the Activate your certificate form as described in picture below (Figure 28).
(Figure 28)
Certificate upload
Select your certificate file (.cer)
Password
Enter your keystore password
Activate
Click the Activate button (Figure 29).
(Figure 29)
A window will pop up and inform you that the activation has been done successfully.
Your keystore.ks is now activated. It contains your LUXTRUST certificate and your encryption keys.
Important note : we advise you to back up the activated keystore.ks and its password
Important note : if you loose your keystore and/or its password,you will have to generate a new encryption key and order a new certificate. .
Deploying the keystore
The activated keystore, containing your LUXTRUST certificate and your encryption keys must now be provided to the workstations of each e-file user.
=> Installing a new e-file workstation e-file v1 and e-file v2
Sending Service
In the case you are using the Sending Service for your automatic reporting transmission, the activated keystore.ks must be provided as well.
Registration of your LUXTRUST certificate with the CSSF
For some reportings, the LUXTRUST e-file SSL certificate used by the reporting entity must be registered with the CSSF, before sending any files, according to the registration procedure described in the CSSF 08/334.
The LUXTRUST e-file SSL certificate must be registered with the CSSF for the below reportings:
- FINREP (CSSF circular 08/344)
- COFREP (CSSF circular 08/344)
- ESP (Special enquiries; CIRCULAR CSSF 08/344)
- PFS reporting (Other professionals of the financial sector; CIRCULAR CSSF 08/369)
- SICAR (Sociétés d´investissement en capital à risque)
- Bank Reporting (CIRCULAR CSSF 10/457; CIRCULAR CSSF 15/624)
- Management companies (CIRCULAR CSSF 10/467)
- Payment institutions (CIRCULAR CSSF 11/511)
- Electronic money institutions (CIRCULAR CSSF 11/522)
- OTHER reporting
- AIFMD reporting (CIRCULAR CSSF 14/581)
=> e-file User Guide: CSSF Certificate registration - General
=> e-file User Guide: CSSF Certificate registration - AIFMD
Forgot your e-file administrator password?
For security reasons, we are not allowed to reset administrator passwords without following a specific procedure.
Your password reset request must be sent by email and paper mail. The paper can be replaced by a fax to speed up the process => Fax sending to 28 370 491
The request must be submitted on letterhead of your company with the following information
- administrator's login adminXXX
- Email address which is linked to the administrator
- A brief explanation of the reason why you need to change it
- Send your email to cso.desk@fundsquare.net
The email must come from the administrator stated above and include all information specified in the fax. If the administrator has left the company, the fax has to be signed by a legal representative of the company.
Once Fundsquare has received and checked your request, we will send you an email with your new temporary password.
IMPORTANT NOTE: The temporary password has to be changed within 7 days upon receipt.
If you have further questions do not hesitate to contact our Client Support & Operations Desk.
e-file password policy
(Figure 15)
The password you will have to provide must follow the rules below:
- At least one upper and one lower case letter
- At least one number
- At least one special character from this list: ! # $ % & ( ) * + , . /: ; < = > ? ^ _ @ { | } [ ] ~
- At least 8 characters and at most 20
Please note that :
The validity of your password is not limited in time.
Our system blocks the user after 3 incorrect attempts and it is the e-file administrator who has to unblock the account.
Passwords are encrypted in our database and we do not keep them. You may re-use them.