KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

permanent addressphotograph

KYC to onboard international persons

permanent addressphotograph

corporate requirements

current&permanent addressnature of applicant's businessfinancial status

National ID card name

Mauritian National Identification Card

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Electronic Transactions Act 2000

E-sig law files

mauritius.pdf

What year did the relevant AML laws and regulations become effective?

2003

Further details on AML regime

The Financial Intelligence and Anti Money Laundering Act 2002 (“FIAMLA”) and the Prevention of Corruption Act 2002 (“POCA”) were enacted in 2002. The FIAMLA Regulations were introduced in 2003.

Who is the regulator for AML controls for Banking

The Bank of Mauritius (“BOM”)

Link to site

https://www.bom.mu/pdf/Legislation_Guidelines_Compliance/Guidelines/GUIDANCE_AML-CFT20140715.pdf)

Other financial Services

The Financial Services Commission (“FSC”)

Website of Regulator

http://www.fscmauritius.org/being-supervised/aml-cft.aspx

Financial Sector regulator

http://www.fiumauritius.org/index.php?option=com_content&view=article&id=29%3Acasinos-gaming-house-a-interactive-gambling-totalisator-or-bookmaker&catid=2&lang=en

Practical Guidance for AML

YES

Practical guidance PDF's

Is there a requirement to verify the identity of customers retroactively?

Retroactive details

Has the country been the subject of FATF mutal evaluation in the last 3 years?

PDF of FATF review

mutualevaluationofmauritius.html

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes, every financial institution, bank or cash dealer is required to carry out customer due diligence for transactions exceeding MUR350,000 or an equivalent amount in foreign currency USD10,000).

What are the requirements for customer identification information for individuals

Where the customer is an individual, the original or a certified copy of an official, valid document containing details of his current permanent address, a recent photograph of him and such other

Details to be Collected on Corporates

Every relevant person shall establish and verify; the identity and the current permanent address of an applicant for business; and the nature of the applicant's business, his financial status and the capacity in which he is entering into the business relationship with the relevant person.

What are the high level requirements around beneficial ownership (identification and verification)?

Financial institutions are required to identify and verify (to the same level as a personal customer) all UBOs who directly or indirectly hold 20% or more of the capital or voting rights of a company. Specific requirements apply to banks and licensees of the FSC. Broadly, financial standing, qualifications and reputation, financial integrity and character would be considered.

What circumstances are enhanced customer due diligence measures required?

Guidance issued by the regulatory authorities provides for specific circumstances where enhanced CDD should be applied. For example, enhanced due diligence must be applied where the ML/TF risk is high or where an applicant to a bank has been rejected by another bank.

How should FI's deal with Politically exposed persons

Enhanced due diligence should be applied by financial institutions in connection with PEPs, including: a) obtaining further customer due diligence information (identification and relationship information) from either the customer or independent sources (such as the internet, public or commercially available databases); b) verifying additional aspects of the customer due diligence information obtained; c) obtaining additional information required to understand the purpose and intended nature of such a business relationship; d) taking appropriate and reasonable measures to establish the source of the funds and source of wealth of the customer, any beneficial owner and underlying principal; and e) carrying out more frequent and more extensive ongoing monitoring on such business relationships including setting lower monitoring thresholds for transactions connected with such business relationships.

What enhanced due diligence must be performed for correspondent banking relationships?

The Licensee should: a) gather sufficient information about their correspondents to understand fully the nature of the correspondent’s business. Factors to consider include information about the correspondent’s management, major business activities, where they are located; their money-laundering prevention and detection efforts; and the identity of any third party entities that use the correspondent services; b) determine from publicly available information the reputation of the institution and quality of the institution’s regulation and supervision, including whether it has been subject to money laundering or terrorist financing investigation or regulatory action; c) assess the institution’s AML/CFT controls and ascertain that they are adequate and effective and establish correspondent relationships with foreign financial institutions only if they are satisfied that the foreign financial institutions are effectively supervised by the relevant authorities and have effective customer acceptance and KYC policies; d) obtain approval from senior management before establishing new correspondent relationships; and e) document the respective AML/CFT responsibilities of each institution.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes, financial institutions should refuse to enter into or continue a correspondent relationship with a financial institution incorporated in a jurisdiction in which the correspondent has no physical presence and which is unaffiliated with a regulated financial group (i.e. it may involve a shell financial institution).

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

In accepting business from non-face to face customers, financial institutions must apply effective customer identification procedures as well as specific and adequate measures to mitigate the high risk posed by non-face-to-face verification of customers. The Code on the Prevention of Money Laundering and Terrorist Financing enacted by the FSC stipulates that for non-face to face business relationships, additional steps (Enhanced Due Diligence) in relation to identification and verification is required.

To whom are SAR's made? (suspicious activity reports)

FIU

Link to website of SAR reporting

http://www.fiumauritius.org/index.php

Other Suspicious or unusual transactions obligations.

The FIAMLA imposes only a duty to report STRs. However, the POCA imposes an obligation upon a public officer to report any act of corruption that he suspects to have happened within or in relation to that public body to the Independent Commission Against Corruption (“ICAC”).

Are there any de-minimis thresholds below which transactions do not need to be reported?

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes. Offences for failing to report an STR and tipping off are punishable by a fine not exceeding MUR1m (approx. USD28,620) and imprisonment for a term not exceeding five years. Supervisory authorities may take regulatory action in the event of non-compliance.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No. As far as we are aware, there is no requirement to use automated suspicious transaction monitoring technology

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

There is no specific provision under domestic law.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Mauritius is a member of the Egmont Group and has signed a number of Memorandum of Understandings on exchange of information with its foreign FIUs.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

Guidelines from the regulatory authority require that the institution review their practices as part of their general external and internal audit processes.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

There is no requirement for an independent external audit report, however financial institutions have to make a report on themselves to the BoM: reports are issued on a yearly basis

To whom should the report on AML systems be submitted?

reports are submitted to the Bank of Mauritius

Is an AML system part of the financial statement audit?

no, the report is not part of the Financial Statement.

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

As above, there is no requirement for an independent external audit report, however financial institutions have to make a report on themselves to the BoM. There are no specific requirements for the content of an external report on a bank’s AML systems and controls: a) yes, sample testing of KYC files is required; b) no, sample testing of SAR reports is not required; and c) this would be part of the review of KYC review.

Data Protection Laws And Personal Data

we are governed by the Data Protection Act 2004. Per the Act, personal data refers to (i) data which relate to an individual who can be identified from those data or; (ii) data or other information including an opinion forming part of a database, whether or not recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the data, information or opinion

Data Protection for Corporate Data

the Data Protection Act 2004 applies only to personal data

Data protection for "sensitive Data" and additional protections.

Yes, “sensitive personal data" means personal information concerning a data subject and consisting of information as to: a. racial or ethnic origin; b. political opinion or adherence; c. religious belief or other belief of a similar nature; d. membership to a trade union; e. physical or mental health; f. sexual preferences or practices; g. the commission or alleged commission of an offence; and h. any proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

Do any restrictions on the transfer of credit reports exist?

Per the Data Protection Act 2004, no data controller shall, except with the written authorisation of the Commissioner, transfer personal data to another country. No personal data shall be processed, unless the data controller has obtained the express consent of the data subject. Notwithstanding the above, personal data may be processed without obtaining the express consent of the data subject where the processing is necessary: a) for the performance of a contract to which the data subject is a party; b) in order to take steps required by the data subject prior to entering into a contract; c) in order to protect the vital interests of the data subject; d) for compliance with any legal obligation to which the data controller is subject; e) for the administration of justice; or f) in the public interest.

Regulator Acronym

BOM, FSC

Year of last FATF mutual evaluation

2014

Field 67

financial institution

Compulsory?

National ID source

http://www.cleverdodo.mu/national-identity-card-mauritius/8

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Yes

Regulator allows for monitoring transactions outside jurisdiction

Requirement to proceed

requirement to use automated suspicious transaction tools

Who are SARS made to?

FIU

shell banks

Yes

EDD for correspondent banking

Yes

PDF of case law

Minimum transactions

MUR 350,000

Min transaction USD

10000

Personal Data protection

Personal Data Protection Act

https://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/Data%20Protection%20Act%202004_Maurice.pdf

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

The FIU

Does the country have a risk based approach?

Yes, for example the guidelines issued by the FSC for Effective Customer Risk Assessment.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Certified copies should be provided.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Yes

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

No. There is a general confidentiality obligation upon banks (s64 Banking Act 2004) to keep the information on their customers confidential. Such an obligation may only be lifted by way of a court order.