The Development of FinTech Products and Services
Mauritius used to rely mainly on its sugar and tourism industries, but the Government of Mauritius has sought to diversify and remains active in trying to develop new sectors to create growth in the economy. The 1980s created a boom in the textile industry, and the Government of Mauritius has sought to develop its services industry since then. The 1990s called for the development of the financial services sector, and Mauritius has since firmly established itself as a sound and reliable financial services jurisdiction on an international level. Since the early 21st century, Mauritius has sought to develop its Information and Communication Technology (ICT) industry so as to make it one of the pillars of the economy and to position itself as a hub in Africa. Mauritius has therefore sought to implement various laws to cater for the development of the ICT industry, including the Information and Communication Technologies Act 2001, the Computer Misuse and Cybercrime Act 2003, and the Data Protection Act 2004.
The Information and Communication Technologies Authority is the regulatory body and provides guidelines to industry players. It also issues licences, and monitors and supervises the ICT industry in Mauritius.
The Ebene Cybercity in Mauritius was developed with the idea of being a hi-tech hub, and has now developed into a modern financial centre providing high-quality offices and amenities. It is now the second business city of Mauritius after Port Louis, and many businesses have now moved there.
Mauritius has since sought to establish itself as a key player in the ICT African region, and the National Computer Board states that: Some 600 ICT companies presently operate in Mauritius, in a wide range of activities including software development, call centre operations, business process outsourcing (BPO), IT-enabled services, web-enabled services, training, hardware assembly and sales, networking, consultancy, multimedia development, disaster recovery and other support services.
Since 2016, Mauritius has started to look at developing the FinTech sector and providing facilities for the development of this industry. Though still in the early stages, the FinTech industry is slowly developing. As a jurisdiction, Mauritius is friendly to FinTech innovation and is trying to implement the necessary regulations to encourage the development of the FinTech industry.
On 25 January 2017, the Board of Investment collaborated with the British High Commission and the Financial Services Promotion Agency to organise a half-day FinTech conference, which brought together around 90 CEOs who share a common interest in FinTech.
To date, the main products being offered in Mauritius are:
- internet banking, inclusive of online payment and settlement, requests for services such as opening of bank accounts, issuing of cheque books and stopping cheques; and mobile banking.
The Market for FinTech Products and Services
The market for FinTech products and services in Mauritius is still developing, and appears to be more focused on payment activities at the moment.
The Key Market Participants in the Specified Activities
The market is still dominated by traditional banking in Mauritius but there is a lot of interest in the FinTech industry among entrepreneurs. There have also been talks of developing Mauritius as a FinTech hub for Africa – due to the buoyant Information, Communication and Technology sector and the country’s highly qualified bilingual workforce, Mauritius is well placed to develop its FinTech industry further and position itself highly in the African region.
The FinTech industry in Mauritius is still in its budding phase, and new FinTech Technologies/companies have not begun to displace traditional financial service providers. However, it is anticipated that, in the long run, the market in Mauritius will become more and more conversant with the FinTech industry and products offered, with a high likelihood that FinTech technologies and companies will begin to displace traditional service providers.
Partnerships Between Traditional Institutions and FinTech Companies
As far as is known, traditional financial institutions have not yet partnered with FinTech companies for co-development, technology testing or other reasons.
Regulatory Regimes for Specified Activities or FinTech Companies
The Bank of Mauritius has issued the following guidelines which are relevant to FinTech:
- The Guideline on Internet Banking sets out a regulatory framework for providing Internet banking services in Mauritius. It lays down the minimum standards that institutions must observe regarding Internet banking, and prescribes the requirements and processes for obtaining approval from the Bank of Mauritius for establishing Internet banking services. The institutions are free to adopt standards, systems and practices more stringent than those outlined in the guideline to suit their particular circumstances.
- The Guidelines on Mobile Banking and Mobile Banking Systems has the objective of promoting a sound financial system in Mauritius and regulating the mobile banking and mobile payment systems. It is intended for providers of mobile banking and mobile payment services.
Regulatory or Governmental Agencies for Specified Activities or FinTech Companies
Specified Activities in Mauritius are generally offered and regulated by the Bank of Mauritius for all banking activities, and by the Financial Services Commission for all nonbanking activities. The FinTech industry is just developing in Mauritius, with operators just starting to show interest, so there are very few FinTech companies in Mauritius. To date, the regulators have not been conducting examinations of FinTech companies but – should this industry develop further and become fully operational with various operators – it is anticipated that the regulators will conduct regular examinations, as is already the case with other regulated activities in Mauritius.
Capital and Liquidity Requirements
To date, no laws, regulations or guidelines have been issued regarding capital and liquidity requirements, affiliate transaction limitations or other regulatory requirements for FinTech companies, but the FinTech sector is developing in Mauritius and the regulators may soon issue guidelines regarding the sector.
“Sandbox” or Other Regulatory “Neutral Zones”
The Board of Investment has issued a new type of licence: the Regulatory Sandbox Licence, which was announced in the 2016-2017 National Budget in Mauritius and proclaimed on the 20th October 2016. It offers the possibility for an investor to conduct a business activity for which there is no legal framework, nor adequate provisions under existing legislation in Mauritius. The Regulatory Sandbox Licence will be issued by the Board of Investment to eligible companies willing to invest in innovative projects according to an agreed set of terms and conditions for a defined period.
Change of Control Approval Requirements
To date, no laws, regulations or guidelines have been issued regarding change of control approval requirements and processes for FinTech companies, but the FinTech sector is developing in Mauritius and the regulators may soon issue guidelines regarding the sector.
It is anticipated that the authorities will consider each matter on a case-by-case basis, and maintain a strict approach to the development of FinTech companies in Mauritius so as to prevent setbacks. Special conditions may be imposed, as is generally the case for companies that need to be licensed or monitored.
Recent Developments or Notable Proposed/ Forthcoming Regulatory Changes
The above-mentioned Regulatory Sandbox Licence issued by the Board of Investment should facilitate the setting up of FinTech companies, and enable their development.
Burden of Regulatory Framework and Protection of Customers
As explained above, the FinTech industry is still developing in the country but steps have been taken to enable Mauritius to become a jurisdiction that will allow FinTech innovation to thrive. It is anticipated that the industry will be further regulated as developments take place and as interest in FinTech in Mauritius increases.
Regulatory Impediments to FinTech Innovation at Traditional Financial Institutions
To date, there are no regulatory impediments to FinTech innovation. Banking activities are strictly regulated by the Bank of Mauritius, and insurance activities are strictly regulated by the Financial services Commission. Entities engaged in FinTech activities and providing banking or insurance services would need to be licensed by the Bank of Mauritius or the Financial Services Commission.
Regulatory Impediments to FinTech Innovation at Traditional Financial Institutions
The Companies Act has specific provisions for “small private companies” in Mauritius, ie those whose turnover n respect of its last preceding accounting period is less than 50 million rupees or such other amount as may be prescribed, and those that do not hold a Category 1 Global Business Licence.
A “small private company” has less stringent filing and regulatory requirements, as follows:
- it does not need to appoint an auditor;
- it does not need to file financial statements but it needs to file a simpler financial summary with the Registrar of Companies;
- it is not required to prepare and present its accounts in accordance with the International Accounting Standards;
- it may not be required to file an annual return; and
- it does not need to appoint a company secretary
Outreach by Regulators or Government Authorities to Engage with FinTech Innovators
In partnership with the Financial Services Promotion Agency (FSPA) and the Board of Investment (BOI), the British High Commission hosted a conference on FinTech in Mauritius on 25 January 2017.
The conference explored the development of Mauritius as a FinTech hub for the Sub-Saharan Africa region, and included various panel discussions and a panel of experts sharing their views on how the British FinTech model can be applied in Mauritius to implement innovative solutions in the financial services sector and drive economic growth.
The conference programme included a dialogue on British FinTech and panel discussions on Regulations and Compliance and Mauritius as a FinTech Hub for Africa. Key stakeholders attended the conference, such as Government officials, business leaders, regulators and academics.
Foreign FinTech Companies
Foreign FinTech companies would need to apply for a Regulatory Sandbox Licence if they wish to provide services in Mauritius. As explained under 2.7 Burden of Regulatory Framework and Protection of Customers, above, it is anticipated that the industry will be further regulated as developments take place and as the interest in FinTech in Mauritius increases.
Regulatory Enforcement Actions Against FinTech Companies
There have been no regulatory enforcement actions against FinTech companies in Mauritius to date.
The banking industry is highly regulated in Mauritius through the Banking Act and its various regulations. The Bank of Mauritius regulates the banking industry and also issues guidelines and guidance, and takes action against parties that engage in illegal operations such as shadow banking. FinTech companies would be captured by these regulations.
Form of Legal entity
Potential Forms of Charter
There are 3 types of companies in Mauritius:
- domestic companies that may conduct business in Mauritius subject to any licence that may be required for licensed activities;
- companies holding a Global Business Licence of Category 1 which are tax-resident companies but may not conduct business in Mauritius save for certain specific activities; and
- companies holding a Global Business Licence of Category 2 which are non-resident companies for tax purposes but may not conduct business in Mauritius save for certain specific activities.
Key Differences in Form
Domestic companies are liable to income tax at the rate of 15%.
Companies holding a Global Business Licence of Category 1 are liable to income tax at the rate of 15% but are entitled to a deemed foreign tax credit of 80%, meaning an effective tax rate of 3%. These companies can also benefit from the Double Taxation Agreement Agreements that Mauritius has entered into with various countries.
Companies holding a Global Business Licence of Category 2 are tax-exempt entities.
recent legal changes
No recent legal changes in Mauritius have altered the desirability of one form of legal entity over another.
Legal Infrastructure (Non-regulatory)
Desirable Changes to Facilitate Specified Activities
Changes to areas of the law (other than regulatory areas) are not necessary or desirable at this stage.
Access to Real Time Gross Settlement Systems
FinTech companies in Mauritius will need to access realtime gross settlement systems through regulated financial institutions.
Special Insolvency Regimes
There are no special insolvency regimes or other regimes that apply differently to FinTech companies as compared to regulated financial institutions.
The Electronic Transactions Act provides that no signature will be denied legal effect, validity or enforceability solely because it is in electronic form.
An “electronic signature” means an electronic sound, symbol or process attached to or logically associated with an electronic record, and executed or adopted by a person with the intent to sign the electronic record.
The Electronic Transactions Act also provides for secure electronic signatures, which may be useful in the application of a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved. In such a case, an electronic signature will be verified as a secure electronic signature if, at the time it was made, it was:
- unique to the person using it;
- capable of identifying such person;
- created in a manner or using a means under the sole control of the person using it; and
- linked to the electronic record to which it relates in a manner such that the electronic signature would be invalidated had the record been changed.
Standards for Proving Identity in Electronic Transactions
Mauritius has set standards for proving identity in electronic transactions. The Electronic Transactions Act provides that any person relying on a digital signature will also rely on a valid certificate containing the public key by which the digital signature can be verified.
A “digital signature” means an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem such that a person having the initial untransformed electronic record and the signer’s public key can accurately be determined:
- whether the transformation was created using the private key that corresponds to the signer’s public key; and
- whether the initial electronic record has been altered since the transformation was made
Digital signatures also include voice-recognition features, digital fingerprinting and such other biotechnology features or processes as may be prescribed.
Data Privacy and Cybersecurity
Data Privacy and Cybersecurity Regulatory Regimes
The Data Protection Act provides for data privacy and protection in Mauritius, and the majority of its sections were proclaimed in 2009. It was enacted to provide protection for individuals’ privacy rights in view of developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals. It provides an obligation on all persons collecting individuals’ data to register as data controllers, and to keep such data secure. Data controllers have strict limitations as to how they can use and process data that they have collected. Any data subject is strictly protected, and his data cannot be amended or used without his authorisation.
The Computer Misuse and Cybercrime Act was enacted in 2003 and provides for the repression of criminal activities perpetrated though computer systems. It provides for a number of criminal offences, including the following:
- unauthorised access to computer data;
- securing access to any program or data held in a computer system with the intent to commit an offence;
- unauthorised access to a computer service or the interception of a computer service;
- unauthorised modification of computer material;
- directly or indirectly causing a degradation, failure, interruption or obstruction of the operation of a computer system, or denial of access or impairment of any program or date stored in a computer system;
- unauthorised and wrongful disclosure of any password, access code or any other means of access to any program or data held in any computer system;
- unlawful possession of devices and data; and
- electronic fraud.
Recent and Significant Data Privacy Breaches
There have been no recent significant data privacy breaches or other cybersecurity attacks involving FinTech companies.
Companies Utilising Public Key Infrastructures or Other Encryption Systems
The Information and Communication Technologies Authority is the Controller of Certification Authorities (CCA). As the “Root” Authority, the CCA certifies the technologies, infrastructure and practices of all the Certification Authorities (CA) licensed, recognised or approved to issue Digital Signature Certificates.
It is the CCA’s responsibility to monitor that certification service providers comply with the obligations imposed on them by law. In this respect, the CCA will maintain a publicly accessible database containing a CA disclosure record for each licensed/recognised/approved CA.
The CCA is therefore the authority that issues digital certificates to Mauritian end-users, who will in turn use these certificates to secure their online transactions in a comprehensive manner. The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA.
The Information and Communication Technologies Authority has issued an Information Guide for the Mauritian Public Key Infrastructures (PKI) Ecosystem, the purpose of which is to flag out to the public in general the basic information they need to be aware of in order to understand the PKI concepts so as to be able to make full use of this dedicated security infrastructure.
In Mauritius, the only regulatory regime that is applicable to biometric data is the National Identity Card Act, which provides that – subject to the provisions of the Data Protection Act – any person who applies for a national identity card must allow his fingerprints and other biometric information to be taken and recorded. Biometric information in relation to an individual means data about his external characteristics, including his fingerprints.
Intellectual Property Protection Regime
In Mauritius, the Patents, Industrial Designs and Trademarks Act provides for the protection of industrial property rights, being patents, industrial designs or marks. The Copyright Act aims to provide more effective protection of copyright and related rights, namely for works in the artistic, literary or scientific domains.
Under the Patents, Industrial Designs and Trademarks Act, a patent means the title granted to protect an invention, being an inventor’s idea that provides the solution to a specific problem in the field of technology. An invention must be new in order to warrant protection; to be new, it must not be anticipated by prior art, being anything disclosed to the public, anywhere in the world, by publication in tangible form or by oral disclosure, by use or in any other way, prior to the filing or – where applicable – the priority date of the application claiming the invention.
Subject to the payment of an annual fee, a patent shall expire 20 years after the filing date of the application for the patent.
An industrial design is any composition of lines or colours or any three-dimensional form, or any material, whether or not associated with lines or colours, provided that such composition, form or material:
- gives a special appearance to a product of industry or handicraft;
- can serve as a pattern for a product of industry or handicraft; and
- appeals to and is judged by the eye.
An industrial design shall be registrable where it is new, meaning that it has not been disclosed to the public, anywhere in the world, by publication in tangible form or by use or any other way, prior to the filing date or – where applicable – the priority date of the application for registration
The registration of any industrial design shall be for a period of 5 years from the filing date of the application for registration, and renewable for another period of 5 years.
The exclusive right to any mark, either a trade mark or a service mark, is acquired by registration.
No mark shall be registered, where the following applies:
- it is incapable of distinguishing the goods or services of one enterprise from those of other enterprises;
- it is contrary to public order or morality;
- it is likely to mislead any person, particularly as regards the geographical origin of the goods or services concerned or their nature or characteristics;
- it is identical with, or an imitation of, or contains as an element, an armorial bearing, flag or other emblem, a name or abbreviation or initials of the name of – or official sign or hallmark adopted by – any State, intergovernmental organisation or organisation created by an international convention, unless authorised by the competent authority of that State or organisation;
- it is identical with, or confusingly similar to, or constitutes a translation of, a mark or trade name that is well known in Mauritius for identical or similar goods or services of another enterprise;
- • it is registered in Mauritius for goods or services that are not identical or similar to those in respect of which registration is applied for, provided, in the latter case, that use of the mark in relation to those goods or services would indicate a connection between those goods or services and the owner of the well-known mark, and that the interests of the owner of the well-known mark are likely to be damaged by such use; and
- it is identical with a mark belonging to a different proprietor and already on the Register, or with an earlier filing or priority date, in respect of the same goods or services or closely related goods or services, or where it so closely resembles such a mark as to be likely to deceive or cause confusion.
Any application for the registration of a mark must be filed with the Controller and must contain a request, a reproduction of the mark and a list of the goods or services – listed under the applicable class or classes of the International Classification – for which registration of the mark is requested. The registration of a mark will be for a period of 10 years from the filing date of the application for registration.
On 31 July 2014, the Copyright Act 2014 (“Copyright Act”) came into force in Mauritius to provide better protection to copyright and related rights. The Copyright Act repeals the Copyright Act 1997.
The definition of “copyright” has been expressly widened so that it now not only means an economic right but it also captures “moral” rights, ie, the right to claim authorship of a piece of work and the right to prevent any act to be done that would be prejudicial to the honour and reputation of a copyright owner.
Every artistic, literary or scientific work shall be an original intellectual creation in the artistic, literary or scientific domain.
Every author or other owner of copyright has the exclusive right to carry out or to authorise the following:
- reproduction of the work;
- translation of a work;
- adaptation, arrangement or other transformation of a work, including its cinematographic adaption;
- distribution to the public of the original or a fixed copy of a work;
- rental of the original or a fixed copy of a work;
- public performance of a work;
- broadcasting of a work; and
- other forms of communication to the public of a work.
Trade Secret Regime
In Mauritius, trade secrets may be protected in the following ways:
- non-disclosure agreements and confidentiality clauses can be provided in commercial contracts to protect trade secrets;
in cases where there are risks that confidential information might be used and/or disclosed to third parties, an application for an injunction may be made to the Honourable Judge in Chambers, to restrain disclosure of confidential information to third parties and/or use of the confidential information; and
- damages may be claimed by a party aggrieved by disclosure of confidential information and/or the use of such.
Copyrights, Patents, Trade Marks
FinTech technology that falls within the definition of work is copyrightable. “Work” means any artistic, literary or scientific work, or a derivative work. See 6.1 Intellectual Property Protection Regime, above.
FinTech technology would be patentable if it satisfies the requirements of the Patents, Industrial Designs and Trademarks Act, which provides that an invention is patentable if it is new, involves an inventive step, and is capable of industrial application.
Protection of Intellectual Property or Trade Secrets
There are no other ways for FinTech companies to protect their intellectual property.
Joint Development of Intellectual Property
The right to a patent or an industrial design in Mauritius belongs to the inventor. Where two or more persons have jointly made an invention, the rights to the patent or the industrial design belong to them jointly.
Intellectual Property Litigation
FinTech companies are not a significant source of litigation in Mauritius right now but could become so as the sector grows.
Open Source Code
Open source code is not separately regulated or protected in Mauritius; the laws relating to intellectual property apply to open source code. It may be possible for every contributor to the open source code to own the copyright to their contribution, although in practice most contributors are likely to agree to license their material under the same licence as the original work. In such circumstances, it can be difficult to ascertain who should make a legal complaint if someone decides to use the program in a way that violates its licence. To avoid this issue, contributors can explicitly assign the copyright in their contributions to a body that administers the open source project, thus keeping ownership centralised and making enforcement of the licence easier.
Special Tax Issues, Benefits or Detriments
There is no special tax regime for FinTech companies in Mauritius, and the general tax treatment applicable to the type of entity in question will apply to the FinTech entity, depending on whether it is a domestic company to which a flat rate of 15% applies, or a Global Business Company of Category 1 to which a maximum rate of 3% would apply.