Banking Regulation 2025

Last Updated November 01, 2024

Mauritius

Law and Practice

Authors



BLC Robert & Associates is the leading independent business law firm in Mauritius. The firm’s membership of Africa Legal Network (ALN) strengthens its position as a leading provider of legal services both locally and into the African continent through the presence of member law firms in 15 African jurisdictions. The firm has seven partners and four main practice areas: corporate and commercial, banking and finance, financial services and regulatory, and dispute resolution. BLC Robert’s banking and finance practice advises DFIs, international and domestic financial institutions, investment funds and corporates in local and cross-border financing transactions. It further provides regulatory advice to banks and financing institution and assists them in the development of new products. The areas of expertise of its banking practice include: syndicated lending; structured finance; trade finance; project finance; corporate finance; secured bonds; capital markets; green and sustainability-linked loans; derivatives; banking regulatory and compliance.

The banking sector in Mauritius is primarily regulated by the Bank of Mauritius Act 2004, the Banking Act 2004 (the “Banking Act”) and regulations/guidelines issued by the Bank of Mauritius (BoM) under those Acts. 

The Bank of Mauritius Act 2004 establishes the BoM as the central bank of Mauritius and provides for its objects, powers and functions. 

The Banking Act sets out the framework for the licensing, operation, regulation and supervision of banks and other financial institutions (non-bank deposit-taking institutions and cash dealers). Under the Banking Act, the BoM has wide discretion and powers to issue instructions or guidelines or impose requirements relating to the operations, activities and standards to be maintained by banks and other financial institutions. To date, several guidelines have been issued, which are regularly updated covering various topics, such as (among others):

  • licensing conditions and description of business activities;
  • use of cloud services;
  • environmental, social and governance (ESG);
  • capital adequacy, outsourcing, liquidity risk management and other prudential measures;
  • application of Basel III;
  • anti-money laundering and countering the financing of terrorism (AML/CFT); and
  • cybersecurity. 

The banking sector is also subject to other legislation, which is described as “banking laws” under the Banking Act and is related to AML/CFT under the supervision of the BoM – namely:

  • the Convention for the Suppression of Financing of Terrorism Act 2003;
  • the Financial Intelligence and Anti-Money Laundering Act 2002;
  • the Prevention of Terrorism Act 2002;
  • the Prevention of Terrorism (International Obligations) Act 2008; and
  • the United Nations (Financial Prohibitions, Arms Embargo and Travel Ban) Sanctions Act 2019, and the regulations and guidelines made thereunder. 

In addition to the general pieces of legislation (such as the Companies Act 2001, the Insolvency Act 2009 and the Income Tax 1995), other legislation is also relevant to the banking section, as set out below. 

The National Payment Systems Act 2018 regulates and places under the BoM’s supervision the national payment systems and payment systems operated in Mauritius, primarily for the purpose of ensuring their safe, secure, efficient and effective operation and accessibility to the public. 

Pursuant to the Public Debt Management Act 2008, the BoM can issue and manage loans issued by the government. 

The Mauritius Deposit Insurance Scheme Act 2019 provides for a scheme to:

  • protect insured depositors of a bank or non-bank deposit-taking institution by providing insurance against the loss of insured deposits; and
  • contribute to the stability of the financial system in Mauritius by ensuring that depositors have prompt access to their insured deposits, in the event of failure by a bank or non-bank deposit-taking institution. 

The Financial Services Act 2007 provides for the establishment of the Office of the Ombudsperson for Financial Services to receive and deal with complaints from consumers of financial services against financial institutions.

The recently proclaimed Virtual Asset and Initial Token Offering Services Act 2021 provides a comprehensive legislative framework for regulating the business activities of virtual assets service providers and initial token offerings. 

In Mauritius, “banking business” (as defined below) is a regulated activity, and an entity intending to conduct such business activities must be licensed to do so by the BoM.   

An applicant may engage either in banking business, Islamic banking business, digital banking business or private banking business.  

“Banking business” means the following.

  • The business of accepting sums of money, in the form of deposits or other funds, whether such deposits or funds involve the issue of securities or other obligations howsoever described, withdrawable or repayable on demand or after a fixed period or after notice.
  • The use of such deposits or funds, either in whole or in part, for: 
    1. loans, advances or investments, on the own account and at the risk of the person carrying on such business; and
    2. the business of acquiring, under an agreement with a person, an asset from a supplier for the purpose of letting out the asset to the person, subject to payment of instalments together with an option to retain ownership of the asset at the end of the contractual period. 
  • Paying and collecting cheques drawn by or paid in by customers and making other payment instruments available to customers – this includes such services as are incidental and necessary to banking.   

“Islamic banking business” means any financial business, the aims and operations of which are – in addition to the conventional good governance and risk management rules – in consonance with the ethos and value system of Islam. 

“Digital banking business” is defined under the Banking Act as “banking business carried on exclusively through digital means or electronically”. 

“Private banking business” means the business of offering banking and financial services and products to high net worth customers, including, but not limited to, an all-inclusive money-management relationship. 

A bank licensed to carry on exclusively private banking business or exclusively Islamic banking business may apply to the BoM to conduct its licensed activities solely through digital means or through electronic delivery channels.  

Accordingly, an applicant may be granted with either:  

  • a banking licence; 
  • an Islamic banking licence; 
  • a digital banking licence; or 
  • a private banking licence.  

Application Process

An applicant for a banking licence must be a body corporate and, in this context, it may take different form. The applicant may be a standalone entity, a branch or a subsidiary of a foreign bank. Depending on the form it wishes to take, the BoM may specify additional requirements to, or exemptions from, the legal, regulatory and supervisory framework applicable to that applicant. 

Every application for a banking licence, irrespective of the category, is made by submitting a duly filled-out and prescribed application form to the BoM together with a non-refundable processing fee, or MUR250,000.  

The application will be reviewed and approved by the BoM. It is therefore recommended that the applicant engages with the BoM to ensure that it is provided with all the information it requires.  

The BoM also has wide discretionary powers to request any information it deems necessary to determine whether the applicant is eligible to a banking licence, and this would normally include extensive information about the applicant’s expertise and ability to meet the applicable licensing criteria. Among others, an applicant must provide a business plan giving the nature of the planned business, organisational structure and internal control, as well as projected financial statements (including projected cash flow statements). 

In terms of administration, the applicant must demonstrate that it has at least ten suitably qualified full-time officers, including the CEO, the deputy CEO and key functional heads. The applicant must also have a principal place of business in Mauritius and its annual operating costs should not be less than MUR25 million.  

A successful applicant will have to demonstrate that it has the required policies, procedures and control in place to meet its licensing criteria, including the prescribed minimum capital and liquidity ratio and other regulatory, statutory and prudential requirements as may be prescribed by the BoM.  

Pending the final determination of the application, the BoM may grant an in-principle approval, subject to such terms and conditions as it may determine. However, an in-principle approval must not be construed by the applicant as an authorisation to conduct banking business or to have any legitimate expectation of a positive final determination of the application. The in-principle approval will automatically lapse if the applicant does not satisfy the terms and conditions attached to such approval. 

Activities and Services Covered

A bank licensed under the Banking Act may conduct banking business as described above. It may also carry out the following services:

  • investment and wealth management services;
  • custody services;
  • foreign exchange;
  • credit and loans;
  • payment processing;
  • cash management; and
  • merchant services.

However, Section 30 of the Banking Act sets out restrictions on investments and non-banking operations for banks. Specifically, it limits the types of investments banks can make. It also prohibits them from engaging in non-banking operations (except in the course of the satisfaction of debts due to it by default of a debtor) that could pose a conflict of interest or distract from its primary functions. Non-banking operations include trading on its own account or on the basis of a commission, in the wholesale or retail trade (such as the import or export trade), or in any business other than the business for which the bank is licensed under the Banking Act.

Under Section 31 of the Banking Act, anyone seeking to acquire or increase control in a bank to the level (directly or indirectly) of a “significant interest” must seek the BoM’s prior approval.  

A “significant interest” means: 

  • owning, directly or indirectly, alone or together with a related party, or otherwise having a beneficial interest amounting to, 10% or more of the capital or of the voting rights of a financial institution;  
  • having the ability, directly or indirectly, alone or together with a related party, or having the power, to appoint 20% or more of the members of the board of a financial institution; or  
  • directly or indirectly exercising a significant influence over the management of a financial institution as the BoM may determine.  

Prospective acquirers of significant interest over a bank must give 30 days’ prior notice to the BoM, including (among other things):  

  • the acquirer’s name, personal history, business background and experience and that of any other person by whom or on whose behalf the acquisition is to be made –this must also be accompanied with a certificate of good conduct issued by a competent authority (or an affidavit duly sworn stating any convictions for crimes and any past or present involvement in a managerial function in a body corporate subject to insolvency proceedings or having declared personal bankruptcy, in respect of each of the persons); 
  • the financial position of that person and any other person by whom or on whose behalf the acquisition is to be made;  
  • the terms and conditions of the proposed acquisition;  
  • the identity, source and amount of the funds or other consideration used or to be used in making the acquisition; and 
  • any plans of the acquirer regarding liquidation, asset sale or merger with any company, or regarding making any other major change in its business, corporate structure or management. 

The BoM may request additional information at its discretion.  Approval from the BoM depends on factors such as:  

  • whether the proposed acquisition would create undue influence or a monopoly or would substantially lessen competition;  
  • whether the financial condition of any acquiring person might jeopardise the financial stability of the financial institution or prejudice the interests of its depositors;  
  • whether the competence, experience or integrity of any acquirer, or of any proposed director, chief executive officer or other senior officer, indicates that it would not be in the interest of the depositors of the financial institution or in the interest of the public to permit such person to acquire significant interest in the financial institution;  
  • whether the proposed acquisition will not be conducive to the convenience and needs of the community or market to be served; or  
  • whether any acquiring person fails to furnish the BoM with all the information that it requires.  

There are no restrictions on foreign shareholders in Mauritius. 

Any acquisition in contravention of Section 31 of the Banking Act will be deemed null and void and not entitled to any voting rights or payment of dividends. The BoM Guideline on Corporate Governance requires that banks regularly review and update the BoM on their ownership structures, especially regarding changes to significant shareholders or other influential parties.

The Banking Act contains general provisions relating to (among other things):

  • supervision;
  • establishment of committees;
  • board of directors;
  • audit;
  • remuneration;
  • senior officers; and
  • disclosure of interests.

In its supervisory role, the BoM issued a Guideline on Corporate Governance, most recently updated in 2017 (the “Guideline”), to provide further guidance on the implementation provisions set out in the Banking Act. The Guideline provides for principles and related requirements that aim at placing reliance on an institution’s internal processes and controls by:

  • an effective board of directors’ oversight;
  • strong risk management;
  • directors’ relationship with the senior management;
  • effective internal and external controls;
  • transparency; and
  • compliance.  

The Guideline provides for some exemptions applicable to banks that are subsidiaries or branches of foreign banks – these exemptions have not been listed in this guide.   

The main features of the Guideline are as follows.  

Board of Directors

The board of directors has a central role in proper governance, as it is responsible for the safety and soundness of the bank; it oversees the business strategy, organisation and governance structure, risk management, compliance and key officers. Some of the salient requirements are set out below. 

Composition

As a matter of principle, a board must collectively possess the necessary qualification and background for a balance of expertise, skills, and adequate knowledge of its business/structure and strengths of the industry, as well as of the regulatory framework.  

The board should consist of at least five natural persons, 40% of whom must be independent directors (the Guideline defines the term “independent director”). If the chairperson is a non-executive director, the board must be 50% composed of independent directors. 

Except with the prior approval of the BoM, a non-executive director may serve for a maximum of six years.  

The chairperson should be an independent director or a non-executive director.  

The CEO must be a board member but must not be the chairperson. 

Responsibilities (non-exhaustive list)

The board is responsible for the bank’s corporate plan in the short- and long-term, and for the related strategy of the bank (in respect of its business objective, policies, risk management, capital adequacy, liquidity, compliance, controls, communication, staff compensation policies, operation budget) and the related supervision. 

It is also responsible for the appointment, monitoring and assessment of the CEO, senior management, subcommittees and/or individual directors in their performance, to achieve the corporate objectives. 

It ensures that policies, practices, controls and systems are in place and are effective, reviewed and assessed periodically, to:

  • achieve prudential balance between risk and return to shareholders; and
  • be compliant with the regulatory framework.  

It should be independent from the management with a clear demarcation of responsibilities. 

It implements policies and procedures to identify, redress and perform ultimate decision-taking in respect of conflict-of-interest situations at all levels of the organisation. 

It protects the interests of the bank, and ensures that decisions of a holding company or head office are not detrimental to the sound and prudent management of the bank and the financial health and legal interests of its stakeholders. 

Board subcommittees

The Banking Act requires the boards of directors of banks to establish committees to effectively discharge their responsibilities. The mandates of each committee must be clearly set out and be publicly available. Proceedings of the subcommittees must be reported periodically to the board. The committees should cover at least the following areas:

  • audit;
  • conduct review;
  • risk management; and
  • nomination and remuneration.  

Senior Management

The CEO is responsible for day-to-day operations and for the implementation of the corporate objectives approved by the board of directors through the senior management. The board sets criteria for measuring the CEO’s performance in achieving the approved objectives on an annual basis. The CEO is in turn responsible for implementing a performance and accountability regime for senior management. 

The senior management should implement business strategies, risk management systems, risk culture, processes and controls for managing the risks to which the financial institution is exposed and concerning which it is responsible for complying with laws, regulations and internal policies. This includes comprehensive and independent risk management, compliance and audit functions, and an effective overall system of internal controls. Senior management should recognise and respect the independent duties of the risk management, compliance and internal audit functions and should not interfere in their exercising of such duties. 

Senior management is responsible for delegating duties to staff. It should establish a management structure that promotes accountability and transparency throughout the financial institution. 

Compliance

While the board has the ultimate responsibility for ensuring compliance, the management must establish the parameters of the compliance policy and its modus operandi. This would include identification of compliance risks and how these must be managed throughout the organisation. The compliance function must be independent from the management to avoid any undue influence or obstruction. To be effective, the compliance function must have adequate authority, resources, independence and importance in the organisation. The compliance function should report directly to the board of directors or to a committee of the board. 

Internal Audit

Every financial institution should set out the mandate of internal audit. The purpose of the internal audit is to provide independent assurance to the board and senior management on:

  • whether the internal control system is effective and adequately mitigates risks; and
  • whether the organisational goals are met and corporate governance processes are efficient.

The head of internal audit department should not be responsible for any other function within the bank.  

External Auditors

Banks must appoint a firm of auditors (approved by the BoM) at each annual meeting. The firm of auditors must be independent, experienced in the auditing of financial institutions and have the adequate resources to carry out its duties. A firm of auditors cannot be responsible for the auditing of a bank for more than five continuous years. The firm of auditors must prepare an annual report. The board of directors should ensure that the external auditors:

  • maintain high standards of professional conduct;
  • have complete independence from the management with no possible influence;
  • have no conflicts of interest with the bank or a related party; and
  • bring to their attention any matters that require urgent action. 

Transparency

Governance practices must be adequately transparent to shareholders, depositors and other market participants. They need complete and timely information on significant activities to hold a financial institution’s board and senior management accountable for the trust placed in them to achieve corporate objectives. The level of disclosure will vary depending on the size, structure, complexity of operations, economic significance and risk profile of a financial institution.

However, as a minimum, a financial institution must disclose the board selection process, including the skills, background and experience essential to guide the financial institution’s affairs and to protect the interests of shareholders. It should also disclose the financial institution’s management infrastructure, including the board committees and their mandates and the number of times they have met. 

Other information for disclosure includes:

  • a description of a financial institution’s objectives;
  • governance structure and policies;
  • major shareholdings and voting rights;
  • related-party transactions;
  • remuneration and compensation policy, including criteria for performance measurement; and
  • remuneration/fees of directors, senior executives and key employees.  

The BoM Guideline on Public Disclosure of Information further provides that a financial institution should disclose its approach to corporate governance in accordance with the requirements of the Guideline on Corporate Governance in its annual report. The financial institution should outline the processes in place for receiving shareholder feedback on its activities and for dealing with shareholder concerns. 

Voluntary Codes and Other Initiatives

The National Code of Corporate Governance 2016

The new National Code of Corporate Governance 2016 (the “Code”), issued by the Ministry of Financial Services, Good Governance and Institutional Reforms, is another tool that reinforces Mauritius’ commitment to upholding its standards and ranking in respect of corporate governance across the African continent. The Code has been designed to guide boards of directors in complying with governance practices. Compliance with concepts of accountability, fairness, transparency and reporting (among others) helps to minimise risks within companies. It also gives an indication of the company’s reputation and reassures stakeholders.

The Code applies to public interest entities, which include banks and non-banking financial institutions, and is in line with the requirements of the BoM’s Guideline. The Code provides for eight principles and guidance that can be uniformly applied and adapted by each organisation concerned. As opposed to the check-box approach used by the previous code, the new methodology allows for more flexibility and enables corporations to adapt each of the principles to their business model and internal structure. The Code recommends that boards have directors from both genders as members of the board – ie, at least one male and one female director. All boards are encouraged to have a non-discrimination policy that covers its senior governance positions, including disability, gender, sexual orientation, gender realignment, race, religion and belief, and age.

The Code of Ethics and Code of Banking Practice

The Code of Ethics and Code of Banking Practice was issued by the Mauritius Bankers Association (MBA), the association regrouping all banks registered in Mauritius. The professional codes that have been issued by the MBA aim at more transparency, respectively by: 

  • setting out a common set of universally acclaimed principles pertinent to all banks, over and above those that they subscribe to as part of their internal Code of Ethics, with a view to further developing the commitment of the banking industry towards its customers and the community at large through best ethical standards, and with the aim of continuing to improve bank-customer relationships; and
  • fostering good banking practices and enhancing the relationship and communication between banks and customers. 

The Codes include a statement of adherence by all members of the MBA to the underlying principles relating to corporate governance in line with the Code of Corporate Governance for Mauritius and the BoM Guidelines. In addition, Section 64(1) of the Banking Act requires senior officers and directors of banks to be bound by an oath of confidentiality in a form prescribed in the Schedule of the Banking Act.

The Banking Act provides for the requirements applicable to the appointment and supervision of directors and of senior officers of banks, as well as to their disqualification. Senior officers include:

  • the CEO;
  • the deputy CEO;
  • the chief operating offer;
  • the chief financial officer;
  • the secretary;
  • the treasurer;
  • the chief internal auditor; and
  • managers of a significant business unit of the bank, or persons with similar positions and responsibilities. 

The Banking Act sets out the principles of a fit and proper person, which the BoM must be satisfied of at the time of approving the appointment and reappointment of directors and senior officers. The BoM must be notified and its approval requested at least 20 days before the date of appointment or re-appointment of the person. The notice must be accompanied by a certificate of good conduct, and the BoM must be satisfied of the fitness and probity of the proposed candidate. 

The BoM issued a Guideline detailing the fit and proper criteria for the assessment of the fitness and probity of directors, senior officers and shareholders holding a significant interest. The Guideline contains a questionnaire, which must be completed by any applicant and submitted to the BoM for its assessment prior to obtaining approval.  

According to the Guideline, a fit and proper person is a person who, when subjected to the criteria of the Guideline together with any other criteria prescribed by the board of directors, presents the likelihood of their being in a position to discharge their responsibilities in a competent, honest and correct manner in the best interests of the institution. 

The key criteria (further detailed in the Guideline) that should apply and be demonstrated over time to the BoM are: 

  • competence and capability; 
  • honesty, integrity, diligence, fairness, reputation and good character; and 
  • financial soundness  

The criteria outlined in the Guideline are to be applied individually, but it is their cumulative effect that will determine whether a person meets the test. A failure to meet one criterion will not, of its own, necessarily mean failure to meet the fit-and-proper-person test. The process will involve a good measure of judgement, which must be exercised in a fair and judicious manner, always in the best interests of the institution and the sound conduct of its business. 

The application of fitness and probity tests may vary depending on the degree of a person’s influence and on the person’s responsibilities in the affairs of the financial institution.  

The Banking Act and the fit and proper criteria contained in the Guideline further set out the responsibilities of the board, the CEO, the persons subject to the tests and external auditors. 

The board of directors must establish a fit-and-proper-person policy as well as implementation processes in line with the Guideline, and must apply the policy to directors, senior officers and shareholders that can exercise significant influence on the institution. The board’s further responsibilities include ensuring that nominations, initiated by the board, of persons for election to the board of directors/senior officer must meet the test of the fit and proper person as set out in the Guideline before such nominations are placed before the shareholders’ meeting or the board of directors.

In the event of the acquisition of shares by persons who are likely to exercise significant influence on the financial institution, they must meet the test of fit and proper persons before their shares are registered in the register of shareholders, and the BoM must be advised if events have occurred that put into question their ability to meet the test.

Providing the requirements of the Banking Act are complied with, including those with respect to prior notice to the Central Bank for the appointment of a senior officer, the notice should be accompanied by a completed questionnaire outlined and annexed to the Guideline along with complete information on any objections or contrary views expressed by any director. It remains the board’s responsibility to keep the fitness and probity of all persons covered under the Guideline under constant review. The board should, on a priority basis, take a decision in the case and initiate whatever action is necessary. The board’s proceedings should be properly documented, and the board should advise the BoM of the relevant matter and its decision. 

The chief executive officer applies the fit-and-proper-person test to other management positions below the senior officer level and reports to the board periodically on the result achieved. 

It is the individual responsibility of senior officers, directors and shareholders with significant influence to demonstrate that they are fit and proper persons. They must, accordingly, complete the fit-and-proper-person questionnaire and provide any additional information that the board of directors may require to complete its investigation. They are further obliged to notify the board of any events or circumstances that have occurred after their initial fit-and-proper-person assessment that might change the assessment or at least have a material bearing on it. The board should investigate the information, on a priority basis, and decide on the individual’s fit-and-proper-person status. 

Should the external auditors become aware of information that points to non-compliance or potential non-compliance by a person with the fit-and-proper-person requirements of the Guideline, they should forthwith advise the board of directors of the matter and provide all relevant information.

Section 18 of Banking Act states that no financial institution should employ any person whose remuneration is linked to the income of the financial institution or to the level of activities on customers’ accounts.  

Except for those financial institutions that have been granted a dispensation from the BoM, every financial institution must appoint a Nomination and Remuneration Committee, consisting of a majority of non-executive directors. Their role will consist of: 

  • recommending to the board candidates for board positions, including the chair of the board and chairs of the board committees; 
  • recommending criteria for the selection of board members and criteria for the evaluation of their performance; 
  • preparing, for the approval of the board, the remuneration and compensation package for directors, senior managers and other key personnel, taking into account the soundness of risk taking and risk outcomes as well as any relevant information available on industry norms; 
  • recommending to the board an incentive package, as necessary, to enhance staff performance, while ensuring that incentives embedded within remuneration structures do not incentivise staff to take excessive risk; 
  • recommending nominees for board committees; and 
  • commenting on the contribution of individual directors to the achievement of corporate objectives as well as on the regularity of their attendance at the board and committee meetings. 

Financial institutions are encouraged to consider the use of contractual provisions to allow them to reclaim incentive components of remuneration from executive directors and key management personnel in exceptional circumstances of misstatement of financial results or of misconduct resulting in financial loss to the financial institution.  

With a view towards promoting transparency to shareholders, depositors and other market participants, the board of directors of a financial institution is recommended to disclose the remuneration/fees of directors, senior executives and key employees; the disclosure should be timely, accurate, clear and easily understandable to inform all stakeholders effectively. 

Mauritius is a founding member of the Eastern and Southern Africa Anti-Money Laundering Group, which is an associate member of the Financial Action Task Force (FATF). Mauritius has also ratified and acceded to numerous international conventions, protocols and treaties to express its commitment towards the international community to combat money laundering and terrorist financing (ML/TF). 

Mauritius’ AML/CFT framework is spread across several pieces of legislation, namely:  

  • the Financial Intelligence and Anti-Money Laundering Act 2002; 
  • the Financial Intelligence and Anti-Money Laundering Regulations 2018; 
  • the United Nations (Financial Prohibitions, Arms Embargo and Travel Ban) Sanctions Act 2019; 
  • the Prevention of Terrorism Act 2002;  
  • the Convention for Suppression of the Financing of Terrorism Act 2003; 
  • the Financial Services Act 2007; and 
  • Part VIIIA of the Banking Act. 

The BoM is the designated AML/CFT supervisory authority over financial institutions under its purview, and is required to supervise financial institutions with respect to the AML/CFT requirements set out under the banking laws. 

To provide guidance and assist banks in complying with their AML/CFT requirements, the BoM has issued a Guideline on “Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation” (the “BOM Guideline”). 

The BOM Guideline sets out the broad parameters within which financial institutions (including their branches and subsidiaries), members of their boards of directors, management and employees should operate to counter and prevent money laundering and terrorism financing (ML/TF). 

The BOM Guideline stresses that financial institutions and their senior management are required to design and implement their own policies, procedures and controls to meet the relevant AML/CFT statutory and regulatory requirements.  

To mention a few, banks are required to conduct risk assessments and to apply a risk-based approach to their customer due diligence protocols, controls and procedures, in order to mitigate and effectively manage the risks of ML/TF.  

The nature and extent of any assessment of ML/TF risks must be appropriate to the nature and size of the business of the bank and the type of transaction or product offered, and must consider all other relevant risk factors such as the nature, scale and location of the customer.  

Banks are also required to report any transactions that give rise to a reasonable suspicion of ML/TF to the Financial Intelligence Unit (established under FIAMLA).  

In terms of corporate governance, banks are also statutorily required to appoint a compliance officer and a money laundering reporting officer (MLRO). The BOM Guideline recommends that the compliance officer and the MLRO be two distinct persons. However, it is left to the financial institutions to decide whether the compliance officer may also assume the functions of the MLRO. 

Non-compliance with the BOM Guideline is punishable, on conviction, with a fine not exceeding MUR1 million and, if not remedied, with a further fine of MUR100,000 for every day or part of a day during which the offence continues. 

The Mauritius Deposit Insurance Scheme was established under the Mauritius Deposit Insurance Scheme Act 2019 to provide protection, up to a certain level, to depositors in the event one of the licensed banks or non-bank deposit-taking institutions fails. 

The scheme is administered and managed by Mauritius Deposit Insurance Corporation Ltd, known as the agency. The agency’s powers and functions include (among others):

  • the control and management of funds deposited into the deposit insurance fund;
  • collecting premium contributions; and
  • making payments of compensation in respect of insured deposits or otherwise providing depositors with access to their insured deposits.  

The depositor protection scheme extends to any individual who is a resident of Mauritius and who is eligible to compensation for an insured deposit in the event of failure of a deposit-taking institution. All deposit-taking institutions are members of the depositor protection scheme.  

Both local and foreign currency deposits are eligible, up to a certain level, to protection under the scheme. They must, however, fall under the following categories: 

  • deposits in savings accounts both in Mauritian currency and in foreign currencies; 
  • deposits in a current account both in Mauritian currency and in foreign currencies; 
  • time deposits both in Mauritian currency and in foreign currencies; and 
  • such other deposits or amounts as the board of the agency may determine. 

Deposits not granted protection under the scheme include: 

  • where there is a contractual set-off agreement between a deposit-taking institution and a depositor, any deposit up to the amount of any debt owed by a depositor to the deposit-taking institution if such debt is matured or past due, or the maximum amount that would otherwise be eligible for compensation (whichever is lower);
  • any deposit of a related party; 
  • any deposit that is frozen by a court order; and 
  • such other deposits or amounts as the board may determine.  

The coverage limit per insured depositor is MUR300,000 or such other amount as may be prescribed. If sufficient funds are recovered following the sale of the failing deposit-taking institution’s assets, the insured depositor may recover deposits of more than the coverage limited/insured amount. 

Payments of insured deposits in foreign currency are made in Mauritian currency and the rate of exchange is determined by the agency. 

The scheme is primarily funded by the premium contributions paid by banks and non-bank deposit-taking institutions. These financial institutions are required to pay into the fund a premium of 20 cents per MUR100 on their insurable deposits or such premium amount as may be prescribed. It also derives funding from interests or other income through investments made from the fund. Any investment made from the fund must fall into the scheme’s investment policy, which is approved by the agency’s board. The investment policy strictly prohibits investments in deposit-taking institutions and high-risk instruments.

In Mauritius, the transition to Basel III (introduced in 2014) has been a gradual process. Prior to its implementation, banks had to maintain a 10% minimum capital adequacy ratio, consisting of 5% each in Tier 1 and Tier 2 capital. 

The BoM implemented Basel III in June 2014 through publication of the Guideline on the scope of application of Basel III and eligible capital. When the Guideline was issued, banks faced minimal disruption, as 90% of the banks’ capital base was already Tier 1. Alongside capital adequacy requirements, the BoM introduced a capital conservation buffer, starting at 0.625% in 2017 and increasing annually until reaching 2.5% by 2020. 

To control risk in certain high-growth economic sectors, the BoM replaced the Basel III counter-cyclical capital buffer with macro-prudential measures, including additional portfolio provisions, higher risk weights, debt-to-income limits and loan-to-value ratios. Since July 2018, the loan-to-value ratio requirement has been removed.

Under Section 100 of the Banking Act, all banks are required to adhere to the BoM’s Basel III Guidelines, with the most recent revision in June 2021.

Risk Management Rules

In Mauritius, the board of directors holds ultimate responsibility for a bank’s soundness, overseeing its capital adequacy, risk management, liquidity and internal controls. Section 18(6) of the Banking Act mandates that boards establish committees for effective governance, including a risk management committee with a publicly accessible mandate. 

The risk committee advises the board on risk appetite, oversees its framework’s implementation and reports on the institution’s risk culture.

The BoM considers robust risk management crucial to corporate governance, addressing potential exposures from direct investments or affiliates. To manage risks, banks must establish a board-approved risk appetite framework, aligning with the institution’s strategic goals and setting benchmarks for acceptable risk limits. All corporate policies should support this forward-looking framework, which is critical to the bank’s risk tolerance and long-term objectives.

With the exception of the CEO, the committee members should be non-executive with familiarity in bank risk management. The committee should have a clear mandate from the board. The board chairperson can be part of the committee, but only as its chairperson. The chairperson of the committee should ideally be an independent director, or, in the case of a subsidiary of a foreign bank, a non-executive director. 

The risk committee’s duties include:

  • identifying major risks;
  • appointing a Chief Risk Officer (CRO) independent from revenue-generating operations; and
  • ensuring the CRO reports regularly to senior management and the board.

The committee also reviews risk exposure reports and makes recommendations on risk issues to the board.

Quantity and Quality of Capital Requirements, Including Rules on Capital Buffers

Banks licensed in Mauritius must meet capital ratio requirements set out in the BoM Guideline at two levels: 

  • the bank standalone (“solo”) level, which measures a bank’s capital adequacy based on its own capital and risk profile; and 
  • the consolidated (“group”) level, which includes the bank’s subsidiaries but excludes insurance or non-financial activities. 

The framework will also apply, on a fully consolidated basis, to any holding company that is the parent entity within a banking group to ensure that it captures the risk of the whole banking group. 

For capital adequacy, banks must maintain:

  • 6.5% of risk-weighted assets as common equity Tier 1;
  • 8% of risk-weighted assets as Tier 1 capital; and
  • 10% total capital (Tier 1 plus Tier 2), exclusive of the capital conservation buffer.

The capital conservation buffer, set at 2.5% of common equity Tier 1, ensures capital availability during stress periods. Banks are expected to maintain capital above the minimum requirement, utilising the buffer only in periods of stress. If a bank’s buffer drops below the required level, it may continue operations but cannot distribute dividends, buy back shares or make discretionary payments until it regains compliance.

Liquidity Requirements

All banks licensed by the BoM are required to comply with its Guideline on liquidity risk management, which includes maintaining a liquidity coverage ratio (LCR). The LCR ensures that banks hold sufficient high-quality liquid assets (HQLA) that consist of cash or assets convertible into cash at little or no loss of value in the market, in order to meet their liquidity requirements for a 30 days’ liquidity stress period – by which time, banks and the BoM will be able to take appropriate corrective action to resolve the stress situation in an orderly manner. The liquidity coverage ratio has two components: 

  • the value of HQLA under stressed conditions; and 
  • total net outflows, as defined by the BoM’s parameters outlined in the guideline. 

If a bank’s LCR falls below 100% during financial stress, it must notify the BoM within one business day, justifying the HQLA use and outlining corrective steps. The LCR helps banks monitor and control liquidity risk, requiring bimonthly reporting to the BoM. During stress, banks must be able to increase reporting frequency to weekly or daily if necessary. Banks must also submit a maturity mismatch profile of assets and liabilities to the BoM and disclose liquidity data through their financial reports, website or regulatory publications. LCR disclosures must follow a common template, including bimonthly averages, number of data points, and daily HQLA averages over the quarter. Qualitative analysis is also required to contextualise the LCR data.

Systemically Important Banks

The BoM’s Domestic-Systemically Important Banks (D-SIB) framework, aligned with the Basel Committee on Banking Supervision (BCBS), aims to assess a bank’s impact on the domestic economy. The BoM evaluates a bank’s systemic importance through indicators such as size, interconnectedness, substitutability, financial infrastructure and complexity. Given Mauritius’ unique economic environment, the BoM includes “exposure to large groups” as an additional indicator. The BoM assesses banks whose Segment A assets represent at least 3.5% of GDP.

In line with the recommendations of the BCBS, the additional loss absorbency requirement of D-SIBs must be met with common equity Tier 1. This additional capital takes the form of a surcharge for D-SIBs. The level of capital surcharge applicable to each D-SIB is then calibrated depending on the category in which that D-SIB is placed. The BoM periodically reviews the list of banks that are determined to be systemically important for Mauritius, with the last review being undertaken in June 2021.  

Mauritius has not yet implemented the Financial Stability Board’s “Key Attributes of Effective Resolution Regimes for Financial Institutions”.  

Under the current legal regime, conservatorship is the principal means of resolving a failing or a likely-to-fail bank.  

Conservatorship

Under Section 65 of the Banking Act, the BoM may – in order to protect the assets of a financial institution for the benefit of its customers and other creditors – appoint a conservator, if it has reasonable cause to suspect that: 

  • the capital of the bank is impaired or there is threat of such impairment; 
  • the financial institution has, or its directors have engaged in, practices detrimental to the interest of its depositors or that the financial institution or its senior management officers have violated any provision of the banking laws, AML/CFT obligations or guidelines; and 
  • the assets of the financial institution are not sufficient to provide adequate protection to the bank’s depositors or creditors.  

When a conservator is appointed, the latter takes full control of the bank and has all powers necessary to preserve, protect and recover any assets of the financial institution, and to collect all sums of money and debts due to the bank. The conservator also has the power to suspend, in whole or in part, the repayment or withdrawal of any liabilities and pre-existing deposits of the financial institution. 

Unless the BoM determines otherwise, there is a time constraint of 180 days on the conservator to rehabilitate the financial institution.  

Compulsory Liquidation

The BoM will appoint a receiver to manage and control a bank where it has evidence that the bank’s:

  • capital is impaired or unsound;
  • capital-to-assets ratio is less than 2%;
  • business is unlawful or unsafe;
  • continuance is detrimental to the interests of its customers; or 
  • licence has been revoked.   

Duties of Receiver

Under Section 77 of the Banking Act, the receiver must commence proceedings leading to the compulsory liquidation of the assets of the financial institution or take such other measures necessary in respect of the financial institution within a period of not more than 30 days, or must terminate the taking of possession.  

Powers of Receiver

During the receivership period, the receiver has a wide array of powers to:

  • manage, control or discontinue the financial institutions’ operation;
  • stop or limit the financial institution’s payment obligations;
  • initiate, defend and conduct any proceedings;
  • suspend, in whole or in part, the repayment or withdrawal of deposits and other liabilities of the financial institution; and
  • suspend or reduce the right of creditors to claim or receive interest on any money owed to them.  

Priority of Claims

Claims against the assets of a financial institution during compulsory liquidation are settled in the following order of priority:  

  • necessary and reasonable costs, charges and expenses incurred by the receiver, including their remuneration; 
  • wages and salaries of officers and employees of the financial institution in liquidation for the three-month period preceding the taking of possession of the financial institution; 
  • taxes, rates and deposits owed to the government of Mauritius; 
  • savings and time deposits not exceeding, in amount, MUR100,000 per account; 
  • other deposits; and
  • other liabilities. 

Winding-Up of Financial Institutions

A financial institution may also be wound up in accordance with the provisions of Sub-Part II of Part III of the Insolvency Act 2009 (the “Insolvency Act”). 

Section 100 of the Insolvency Act states that the winding-up of a company may be:  

  • by way of a winding-up order made by the court; 
  • by way of a voluntary winding-up commenced by a resolution passed by the company; or 
  • by way of a resolution of creditors passed at the watershed meeting. 

Voluntary winding-up may be: 

  • a shareholders’ voluntary winding-up where the company is solvent, and where the liquidator is appointed at a shareholders’ meeting; or 
  • a creditors’ voluntary winding-up where the company is insolvent, and where the liquidator is appointed by a meeting of creditors.  

With effect from the commencement of a voluntary winding-up, a liquidator is appointed and has custody and control of the financial institution’s assets.  

Priority of Claims

Section 91 of the Banking Act provides that, in the event of the winding-up of a financial institution, all assets of the financial institution must be made available to meet all deposit liabilities of the financial institution in the following order of priority:  

  • deposit liabilities incurred by the financial institution with its customers; 
  • deposit liabilities incurred by the financial institution with other financial institutions; and
  • other liabilities of the financial institution. 

Since early 2020, the BoM has taken several initiatives relating to the financial risks associated with climate change and environmental degradation, including the following. 

The BoM has joined the Network of Central Banks and Supervisors for Greening the Financial System (NGFS). 

In 2021, it released a Guide for the Issue of Sustainable Bonds. This Guide was published to provide an overview of the requirements and processes for the issuance of sustainable bonds and the listing of these bonds on exchanges licensed in Mauritius. In the same line, in 2021 the Guidelines for the Issue of Corporate and Green Bonds in Mauritius, issued by the Financial Services Commission, further supplements the Guide by elaborating on various regulatory requirements to be adopted by the issuers in line with international best practices for the issuance of green bonds. 

The BoM launched its Climate Change Centre. The Centre is composed of a main committee, under the chairmanship of the second deputy governor, with four task forces. The objectives are: 

  • to integrate climate-related and environmental financial risks into the BoM’s regulatory, supervisory and monetary policy frameworks; 
  • to review the BoM’s internal operations in view of reducing its carbon footprint and becoming a more sustainable organisation; 
  • to look into enhancing disclosures on climate-related and environmental financial risks; 
  • to support the development of sustainable finance; 
  • to build capacity and raise awareness for climate-related and environmental financial risks; and 
  • to bridge data gaps in relation to climate-related and environmental financial risks. 

Guideline on Climate-Related and Environmental Financial Risk Management

In 2022, the BoM released a Guideline on Climate-Related and Environmental Financial Risk Management, which took into consideration the recommendations of the NGFS in its Guide for Supervisors, “Integrating climate-related and environmental risks into prudential supervision” (issued in May 2020) as well as other related guidance issued by the NGFS, the Financial Stability Board, the Basel Committee on Banking Supervision and other regulators.

The Guideline sets out the expectations of a prudent approach to climate-related and environmental financial risks with a view to enhancing the resilience of the banking sector against these risks. It is intended to assist financial institutions in embedding sound governance and risk management frameworks for climate-related and environmental financial risks within their existing risk management frameworks. Banks will be also in a better position to identify the risks and opportunities arising from the transition to a low-carbon and more circular economy and to consider them in their strategy, engagement with their counterparts and other decision-making processes. 

The Guideline further outlines the broad principles that banks may use to develop their climate-related and environmental financial disclosures. The Guideline requirements apply to various areas of the organisation and operation of banks – namely to:

  • business model and strategy;
  • governance;
  • internal control framework and risk management;
  • implementation of scenario analysis and stress testing; and
  • disclosure of information on climate-related and environmental financial risks to which they are exposed, the potential impact of material risks and their approach to managing these risks.

The disclosure requirement will be effective from the financial year ending 31 December 2023.

The BoM introduced the Guideline on Cyber and Technology Risk Management in 2023, which sets out specific regulatory requirements that financial institutions must meet to enhance their cyber and technology risk management. The Guideline sets out the minimum requirements that banks and payment service providers are expected to implement with respect to cyber and technology risk management, to ensure that the risks are well understood and managed appropriately. The key regulatory requirements within the Guideline that banks and payment service providers should be aware of – as they align with broader cyber-resilience standards in the financial sector – are as follows.

Governance Framework for Cyber-Resilience

Financial institutions must establish a cyber and technology risk governance structure that includes oversight by their board and senior management.

The board of directors of each financial institution is responsible for approving cyber and technology risk strategies and for ensuring that these align with the institution’s overall business objectives.

Financial institutions must designate a Chief Information Security Officer (CISO) or equivalent to oversee cyber-risk and report regularly to senior management and the board on cyber-resilience.

Identification of Critical Assets and Dependencies

The Guideline requires entities to conduct regular risk assessments to identify potential cyber and technology risks across their operations, and to identify and document critical assets, processes and third-party dependencies that are essential to their operations.

Key requirements for managing third-party risk include:

  • conducting thorough due diligence on potential service providers;
  • establishing contractual agreements that include security standards, incident notification obligations and compliance with the financial institution’s cybersecurity requirements; and
  • monitoring third parties for compliance with agreed cybersecurity measures, and conducting periodic reviews or audits.

The assessments should cover:

  • identification of critical assets and systems;
  • evaluation of potential threats and vulnerabilities; and
  • impact analysis to understand how cyber incidents could affect business continuity.

This assessment includes creating and maintaining an inventory of ICT assets that, if compromised, could affect the entity’s ability to deliver critical services. The assessment should also include the maintenance of an inventory of third-party service providers that have access to the information assets of the financial institution together with their critical rating.

Risk and Threat Intelligence Capabilities

Financial institutions are expected to develop and maintain comprehensive threat intelligence and risk assessment capabilities, enabling them to stay informed about potential cyber threats and vulnerabilities.

Regular risk assessments help identify and address potential weaknesses, with a focus on new and emerging threats.

Financial institutions are required to engage in threat intelligence-sharing with the BoM.

Protection of Systems and Data

The Guideline mandates controls to protect critical assets and sensitive information from unauthorised access, disruption or destruction. It emphasises that entities should implement protective measures to ensure the confidentiality, integrity and availability of critical systems and data.

This includes strong access controls, encryption standards and secure coding practices.

Financial institutions should secure their systems against cyber threats through firewalls, antivirus software, intrusion detection/prevention systems and regular updates to protect against vulnerabilities.

Detection Capabilities

Financial institutions are expected to implement advanced monitoring and detection capabilities to identify cyber incidents as early as possible.

Continuous network monitoring and anomaly detection help to identify unusual behaviour that could indicate a cyber threat.

Financial institutions should employ automated systems, such as Security Information and Event Management (SIEM) systems and real-time logging of network activities to detect potential incidents promptly.

Incident Response and Recovery

The Guideline mandates that financial institutions establish robust cyber incident response and recovery plans to minimise the impact of cyber incidents and resume operations quickly.

The incident response plan should:

  • outline procedures for identifying, containing, mitigating and recovering from cyber incidents; and
  • be regularly tested, including through simulation exercises.

Similarly, financial institutions should develop and test business continuity and disaster recovery plans specifically tailored to address cyber incidents.

Testing

The Guideline emphasises the importance of regular testing of cyber-resilience capabilities.

This includes penetration testing, vulnerability assessments and scenario-based testing exercises that simulate cyber threats and measure the institution’s response.

Financial institutions are expected to conduct post-incident reviews to learn from incidents and to adjust their response plans accordingly.

Situational Awareness and Continuous Improvement

Financial institutions are expected to continuously monitor the evolving cyber landscape and to adapt their cyber-resilience strategies accordingly.

The Guideline encourages entities to conduct post-incident reviews to identify lessons learned and to make improvements.

Financial institutions are expected to continually enhance their resilience frameworks by integrating feedback from incidents, simulations and new threat intelligence.

In the dynamic landscape of global banking, Mauritius has recognised the growing importance of digital transformation, environmental, social and governance (ESG) initiatives, and cybersecurity enhancements. Recent efforts by parliament, the BoM and the Financial Services Commission have focused on enhancing frameworks for fintech, digital banking, ESG and sustainable finance. These initiatives aim to modernise the banking sector in line with evolving customer expectations, market demands and international standards.

To define the path forward for the banking sector, the BoM partnered with the Mauritius Bankers Association and an international consulting firm to produce the “Future of Banking in Mauritius” report. This forward-looking vision prioritises:

  • innovative products and services;
  • advanced technology and new business models;
  • compliance with international standards and regulations;
  • commitment to ESG principles; and
  • human capital development.

The BoM envisions creating a modern, secure ecosystem that positions Mauritius as a leader in banking services across the region. To foster this vision, the BoM has actively sought innovative approaches and explored new growth opportunities.

One major initiative was the launch of the Sustainable Finance Framework in August 2023. Developed in collaboration with the government and other stakeholders, this framework governs the issuance of green, social and thematic bonds by the Ministry of Finance, Economic Planning and Development. Its purpose is to solidify Mauritius’ reputation as a key international financial hub in the ESG domain.

The BoM is also focused on advancing digital finance by piloting a retail Central Bank Digital Currency (CBDC), known as the Digital Rupee. The Digital Rupee will aim to encourage digital payments and decrease reliance on cash. Additionally, the BoM is closely monitoring developments in the virtual asset market after the 2022 enactment of the Virtual Asset and Initial Token Offering Services Act. It is working on finalising the BoM Guideline for Virtual Asset-Related Activities, enhancing regulatory oversight based on industry feedback.

In alignment with international standards, Mauritius is also conducting a National Risk Assessment on money laundering and terrorism financing, supported by the World Bank.

In 2024, the BoM introduced its Guideline on Regulatory Sandbox Authorisation. This guideline allows financial institutions to test fintech, regtech and other innovative financial solutions within a controlled environment under the BoM’s oversight. The goal is to promote technology-driven financial innovations that introduce new business models, processes or products or that facilitate regulatory compliance. Applicants must meet eligibility criteria and submit applications detailing potential risks, necessary safeguards and required disclosures for users. Testing periods under this authorisation extend up to 12 months, with possible further extensions, supporting innovation while ensuring consumer protection and financial system integrity.

In conclusion, Mauritius’ banking sector is advancing on a transformative journey, focusing on digital innovation, sustainable finance, cybersecurity enhancement and regulatory modernisation. These initiatives collectively aim to elevate Mauritius as a resilient, future-ready financial centre in the region.

BLC Robert & Associates

2nd Floor, The Axis
26 Bank Street
Cybercity
Ebene 72201
Mauritius

+230 403 2400

+230 403 2401

chambers@blc.mu www.blc.mu
Author Business Card

Law and Practice

Authors



BLC Robert & Associates is the leading independent business law firm in Mauritius. The firm’s membership of Africa Legal Network (ALN) strengthens its position as a leading provider of legal services both locally and into the African continent through the presence of member law firms in 15 African jurisdictions. The firm has seven partners and four main practice areas: corporate and commercial, banking and finance, financial services and regulatory, and dispute resolution. BLC Robert’s banking and finance practice advises DFIs, international and domestic financial institutions, investment funds and corporates in local and cross-border financing transactions. It further provides regulatory advice to banks and financing institution and assists them in the development of new products. The areas of expertise of its banking practice include: syndicated lending; structured finance; trade finance; project finance; corporate finance; secured bonds; capital markets; green and sustainability-linked loans; derivatives; banking regulatory and compliance.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.