Crypto assets have in the recent years emerged as a prominent feature of the global financial system. Bitcoin was revealed in 2009 and since then there has been a drastic expansion in the different types of crypto assets. Regulators face the challenge of finely weighing the opportunities presented by crypto assets and imposing regulatory constraints in their jurisdictions including compliance with applicable framework for anti-money laundering and combating the financing of terrorism (“AML/CFT”). Acknowledging the dynamism of the present moment, this article aims to provide an outline on the legislations relating to Fintech and crypto assets in Mauritius and how the emerging Fintech services intersects with the AML/CFT regime in Mauritius.
Legislations relating to Fintech in Mauritius
The Government of Mauritius has over the last two years undertaken various steps to promote Fintech related initiatives in Mauritius and to establish the Mauritius International Financial Centre as the Fintech hub, in and for, Africa. In September 2018, the Mauritius Financial Services Commission (“FSC”) issued a guidance note titled “Recognition of Digital Assets as an asset-class for investment by Sophisticated and Expert Investors” to provide clarifications on its position concerning investment in digital assets, and by which the FSC has recognized that digital assets, which include crypto currencies, may constitute an asset-class for investment by sophisticated investors, expert investors, expert funds, specialized collective investment schemes (“CIS”) and professional CIS. The FSC has published in April 2019 a second guidance note on securities token offering which establishes securities token as securities under the Securities Act 2005 represented in digital format and as a result all regulations relating to offering of securities are extended to securities tokens.
Last year, the Second Schedule of the Financial Services Act 2007 (the “Second Schedule”) was amended to include Custodian Services (Digital Asset) and Digital Asset Marketplace in the list of financial business activities and the FSC has subsequently issued the Custodian Services (Digital Asset) Rules 2019 (the “Digital Asset Rules”) which apply to any person carrying out custodian services for digital asset. More recently, the Finance (Miscellaneous Provisions) Act 2019 has further amended the Second Schedule to introduce new licences for Fintech Service Providers and Crowdfunding.
AML/CFT regime in Mauritius
In parallel Mauritius has also enacted a spate of legislation, to deal with , the most recent one being the Anti-Money Laundering and Combating of the Financing of Terrorism And Proliferation (Miscellaneous Provisions) Act 2019 (“Act”) which came into force on 29 May 2019 and whose objective was to amend various enactments in Mauritius with a view of meeting international standards of anti-money laundering and combating the financing of terrorism and proliferation and to address threats to international peace and security.
The Financial Intelligence and Anti Money Laundering Act 2002 (“FIAMLA”) is the primary legislation governing the AML/CFT legal framework in Mauritius and it qualifies as “Reporting Persons” a number of FSC licensees including investment vehicles and investment service providers. Expert funds, specialized CIS, professional CIS and holders of a digital asset custody licence, digital asset marketplace licence, fintech service provider licence or crowdfunding licence, as Reporting Persons, have the legal obligation to comply with laws related to AML/CFT. In addition to the FIAMLA, these FSC licensees are also subject to the Financial Intelligence and Anti-Money Laundering Regulations 2018 (the “Regulations”) and the FSC Code on the Prevention of Money Laundering and Terrorist Financing (the “Code”) which details the duties and obligations of a Reporting Person.
The FIAMLA, the Regulations and the Code require a Reporting Person to undertake customer due diligence (“CDD”) on each customer and beneficial owner by means of reliable and independent source documents or information when opening an account for, or otherwise establishing a business relationship with, a customer, whenever doubts exist about the veracity or adequacy of previously obtained customer identification information or whenever there is a suspicion of money laundering or terrorism financing involving the customer or the customer’s account.
Additionally, the Digital Asset Rules provide that an applicant for the custodian licence (digital asset) is required to submit, as part of its application document pack, a detailed report containing an in-depth assessment of the potential money laundering and terrorist financing risks posed by its operations as well as the measures, systems, controls and protocols which will be established in relation to those risks. Once licensed, prior to starting its operations, the custodian of digital asset is required to have those AML/CFT systems and controls in place and procedures to conduct CDD and KYC as well as to ascertain the source of funds/wealth of potential clients prior to on-boarding.
In relation to the offering of securities tokens, only persons licensed as investment dealer or investment adviser or an investment banker by the FSC may solicit other persons to enter into transactions involving securities tokens. These persons are also classified as Reporting Persons and, in addition to the obligation to comply with existing AML/CFT framework, they are also required to ensure, at all times, strict compliance with the applicable regulatory requirements, including, but not limited to conducting appropriate due diligence in view of developing a detailed comprehension of the securities tokens offering, the fitness and propriety of the management of the issuer of the securities tokens as well as its development team and rights and obligations attached to the underlying assets backing the securities tokens.
Given the nature and sophistication of the fintech industry, it is likely to be subject to continuous threats of cyber-attacks. In a bid to meet those risks, the FSC has indicated that it will come out with effective cybersecurity programmes on licensed fintech service providers, including the need to have dedicated in-house cybersecurity personnel.