The Act has been drafted to provide a framework to protect businesses from the risks of criminal activity. Nonetheless, one cannot turn a blind eye to the dangers associated with the wrongful use of virtual assets and virtual tokens.
The adoption of adequate AML/CFT regulations and the implementation of the same is no easy task for the regulator.
The quandary remains whether the provisions of the law and regulations are effective enough to circumvent the dangers and risks associated with the operation of business activities related to virtual assets.
The Notes have clearly set out the required AML/CFT obligations that are required from VASPs and IITOs upon being licensed or registered under the Act.
Those licensed and/or registered financial institutions must apply an AML/CFT risk‑based approach in order to have business relationships with VASPs or IITOs, customers involved in virtual asset activities or other outsourced/third parties.
The Notes also make it a precondition for VASPs and IITOs to maintain accurate and up‑to‑date customer information; this entails scrutinising their source of funds and wealth and understanding the purpose and intended nature of the business relation. This being a mandatory requirement, financial institutions have an obligation to identify their customers and ultimate beneficial owners, so as to prevent financial malevolence such as money laundering and terrorism financing.
DO THE LAWS IN MAURITIUS MEASURE UP TO THE FATF RECOMMENDATIONS?
The Financial Action Task Force (FATF) has, since June 2014, started to address the risks associated with virtual assets and considers such risks to be serious. In October 2018, it amended its Recommendation 15 to clarify that its Recommendations and AML/CFT requirements apply in the context of virtual assets.² In June 2019, an interpretive note was adopted to further explain how the FATF requirements should apply in relation to virtual assets and VASPs.
In 2020–2021, authorities in Mauritius made significant improvements to the AML/CFT regime to ensure that its laws and regulations are in line with international requirements.
The following is an analysis of whether the requirements of the FATF under its Recommendation 15 have been duly put into place in Mauritius.
VASPs to identify, assess and take action to mitigate AML/CFT risks
The definition of ‘financial institution’ under the Mauritian Financial Intelligence and Anti Money Laundering Act (the AML Act) now includes ‘any institution or person licensed under the [Act]’. VASPs are, therefore, categorised as reporting persons under the AML Act and will be subject to the laws and regulations issued thereunder.
Further, the Act provides the following:
- any person applying for a licence as a VASP must provide policies and measures to be adopted by it to meet
its obligations relating to AML/CFT under the Act, the AML Act and the United Nations (Financial Prohibition,
Arms Embargo and Travel Ban) Sanctions Act 2019 (together, the Applicable Acts);
- a VASP and an IITO must, in carrying out its respective business activities, have measures in place to comply with
its obligations under the Applicable Acts; and
- an IITO must ensure that its white paper includes a definition or description of its AML procedures.
VASPs are subject to adequate regulation and supervision or monitoring
The Applicable Acts provide adequate regulation, supervision and monitoring tools for the regulators to monitor the activities of licensees to ensure the proper implementation of AML/CFT measures.
Such tools include the right to request information from a licensee, the right to conduct an inspection into the business activities of a VASP and an IITO, and the right to investigate such business activities. The Commission also has wide powers, including the power to issue a direction requiring action to be taken to a licensee.
Effective, proportionate and dissuasive sanctions in place
By being licensed by the Commission under the Act, a VASP is subject to the applicable laws and regulations. Further, as it is a reporting person under the AML Act, the failure to comply with AML/CFT requirements will lead to a contravention of the relevant laws, which will lead to the penalties stated thereunder, including imprisonment.
The Commission may also:
- suspend the licence of a VASP or registration of an IITO;
- refer the matter to the enforcement committee for further action;
- with respect to a present or past VASP or IITO or any person who is a present/past officer of the VASP or IITO, as the case may be: issue a private warning;
• issue a public censure;
• disqualify the VASP or IITO from being licensed or registered under the Act for a specified period;
• in the case of an officer of the VASP or IITO, disqualify the officer from a specified office or position in the VASP or IITO for a specified period;
• impose an administrative penalty;
• revoke the licence of the VASP or the registration of the IITO.
- where it revokes a licence or registration, apply to the court for the licensee to be wound up or dissolved.
Customer due diligence measures
The Act has amended the AML Act to provide that where the reporting person is a VASP, they must apply customer due‑diligence measures in respect of an occasional transaction in an amount equal to or above USD1,000 or an equivalent amount in foreign currency.
Obtain and hold required information on virtual asset transfers
The Act has amended the AML Act to provide that, where the reporting person is a VASP, they must record, in respect to an occasional transaction in an amount below USD1,000:
- the name of the originator and the beneficiary; and
- the virtual asset wallet address for each or a unique transaction reference number.
The authorities in Mauritius have taken the necessary measures to ensure that the jurisdiction has the appropriate safeguards to protect the jurisdiction from the AML/CFT risks associated with the business opportunities under the Act. That said, in practice, operators ought to have sufficient knowledge and skills to prevent such risks from developing.