Financial Crime World

Mauritius: Bank Relationships with Shell Companies Raise Concerns

======================================================

A recent report has highlighted concerns over bank relationships with financial institutions that can be considered “shell” companies, lacking substance and physical presence. The Financial Services Commission (FSC) has emphasized the importance of due diligence in correspondent banking relationships to mitigate the risk of money laundering and terrorist financing.

Additional Due Diligence Required for Non-Face-to-Face Transactions

When dealing with non-face-to-face customers, financial institutions must apply effective customer identification procedures and specific measures to mitigate the high risk posed by non-face-to-face verification. The Code on the Prevention of Money Laundering and Terrorist Financing requires enhanced due diligence in such cases.

Suspicious Activity Reports (SARs) and Reporting Requirements

Financial institutions are required to report suspicious transactions to the Financial Intelligence Unit (FIU). The FIU is responsible for receiving, processing, and analyzing reports of suspicious transactions. Failure to report suspicious activity can result in fines and imprisonment.

Automated Suspicious Transaction Monitoring Technology

There is no requirement for financial institutions to use automated suspicious transaction monitoring technology. However, guidelines from the regulatory authority encourage institutions to review their practices as part of their general external and internal audit processes.

AML Systems and Controls Reporting Requirements

Financial institutions are required to submit reports on their AML systems and controls to the Bank of Mauritius on a yearly basis. There is no requirement for an independent external audit report, but financial institutions must conduct internal reviews of their practices.

Data Protection Laws

Mauritius is governed by the Data Protection Act 2004, which regulates the processing of personal data. The act applies only to personal data and does not cover “sensitive” data, which includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, and other sensitive topics.

Restrictions on Transfer of Credit Reports

The Data Protection Act 2004 prohibits the transfer of personal data to another country without written authorization from the Commissioner. Personal data may only be processed with the express consent of the data subject, unless processing is necessary for a legitimate purpose or in the public interest.

Regulatory Framework

Mauritius has implemented a risk-based approach to anti-money laundering and combating the financing of terrorism (AML/CFT) regulations. The FSC allows for monitoring transactions outside the jurisdiction and does not require the use of automated suspicious transaction monitoring tools. The country also has a requirement for enhanced due diligence in correspondent banking relationships with financial institutions incorporated in jurisdictions where there is no physical presence.

Practical Guidance

Financial institutions operating in Mauritius must ensure they comply with the AML/CFT regulations, including:

  • Conducting risk assessments
  • Implementing effective customer identification procedures

Failure to comply can result in serious consequences, including fines and imprisonment.