With the enactment of the Virtual Asset and Initial Token Offering Services Act 2021 (VAITOS Act), the Government of Mauritius has sought to provide a legal framework within which business activities relating to virtual assets (VA) can operate. The Financial Services Commission (FSC) has also issued its AML/CFT Guidance Notes for virtual asset service providers (VASPs) and issuers of initial token offerings, which notes have been updated on 4 July 2022 (the FSC Guidance Notes).
There is no doubt that the enactment of this new piece of legislation is good news for the stakeholders and will create opportunities for the jurisdiction of Mauritius. Nonetheless, we cannot turn a blind eye to the dangers associated with the wrongful use of VA and virtual tokens. Indeed, any new opportunity is also an opportunity for criminals to find ways to engage in illicit activities such as money laundering, tax evasion, cybercrime, drug trafficking, proliferation and arms trafficking.
The adoption of adequate AML/CFT regulations and the implementation of the same is no easy task for the regulator. The quandary remains whether the provisions of the law and regulations are effective enough to circumvent the dangers and risks associated with the operation of business activities related to VA.
The FSC Guidance Notes have clearly set out the indispensable AML/CFT obligations that are required from the VASPs and Issuers of Initial Token Offerings (IITO) upon being licensed or registered under the VAITOS Act which mandatorily requires that in carrying out its respective business activities, the VASPs and IITOs ought to comply with the measures advanced in Applicable Acts.
Therefore, in essence, what is required from these licensed and/or registered financial institutions is to systematically apply an AML/CFT Risk Based Approach (RBA) should they contemplate establishing or continuing business relationships with other VASPs or IITOs; customers involved in virtual assets activities or other outsourced/third parties. In so doing, they ought to identify areas where their products/services could be exposed to ML/TF risks and take appropriate steps to ensure that any identified risks are managed and mitigated through the establishment of appropriate and effective policies, procedures and controls.
The Guidance Notes goes a step further and makes it a precondition for the VASPs and IITOs to maintain accurate and up to date customer information and this entails scrutinising their source of funds and wealth. This being a mandatory requirement, these financial institutions have the obligation to identify their customers and their relevant beneficial owners such that they have to attest to their respective identities so as to prevent financial malevolence such as money laundering and terrorism financing. The rationale behind such precondition is not only to identify customers and their beneficial owners but also to understand the purpose and intended nature of the business relation so as to assess any potential risk situations.
FATF RECOMMENDATIONS
The FATF has since June 2014 started to address the risks associated with VA and considers such risks to be very real and serious. In October 2018, it amended its Recommendation 15 to clarify that its recommendations and AML/CFT requirements apply in the context of VA. In June 2019, an Interpretive Note to Recommendation 15 was adopted to further explain how the FATF requirements should apply in relation to VA and VASPs. In particular, the following are noted:
1. Countries should require VASPs to identify, assess, and take effective action to mitigate their money laundering, terrorist financing and proliferation financing risks.
2. Countries should ensure that VASPs are subject to adequate regulation and supervision or monitoring for AML/CFT and are effectively implementing the relevant FATF Recommendations, to mitigate money laundering and terrorist financing risks emerging from virtual assets.
3. Countries should ensure that there is a range of effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, available to deal with VASPs that fail to comply with AML/CFT requirements.
In relation to VA and VASPs, the FATF has also recommended the following qualifications to its recommendations:
4. The occasional transactions designated threshold above which VASPs are required to conduct CDD is USD/EUR 1 000.
5. Countries should ensure that originating/beneficiary VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to the beneficiary VASP or financial institution (if any) immediately and securely, and make it available on request to appropriate authorities.
DO THE LAWS IN MAURITIUS MEASURE UP?
During the period 2020 – 2021, Mauritius has made exceptional improvements to its AML/CFT regime and in October 2021.It therefore comes as no surprise that in enacting the VAITOS and the FSC Guidance Notes, the legislator and the FSC have sought to follow the FATF recommendations for VA and VASPs.
The following is an analysis of how the above stated requirements of the FATF have been duly put into place in our local laws in Mauritius.
Item 1: Countries should require VASPs to identify, assess, and take effective action to mitigate their money laundering, terrorist financing and proliferation financing risks.
The VAITOS has amended the definition of “financial institution” under the Financial Intelligence and Anti Money Laundering Act (FIAMLA) to include any institution or person licensed under the VAITOS. Therefore all VASPs will be categorized as reporting persons under the FIAMLA and will be subject to the laws and regulations issued thereunder.
Furthermore, the VAITOS provides the following:
• Any person applying for a license of VASP must provide policies and measures to be adopted by it to meet its obligations under the VAITOS, the FIAMLA and the United Nations (Financial Prohibition, Arms Embargo and Travel Ban) Act 2019 relating to anti-money laundering and combatting the financing of terrorism and proliferation;
• A virtual asset service provider and an issuer of initial token offerings must, in carrying out its respective business activities have measures in place to comply with the Financial Services Act, the FIAMLA and the United Nations (Financial Prohibition, Arms Embargo and Travel Ban) Act 2019 (the Applicable Acts);
• An issuer of initial token offerings must ensure that its white paper includes a definition of description of its anti-money laundering procedures.
Item 2: Countries should ensure that VASPs are subject to adequate regulation and supervision or monitoring for AML/CFT and are effectively implementing the relevant FATF Recommendations, to mitigate money laundering and terrorist financing risks emerging from virtual assets.
The VAITOS and Applicable Acts provide adequate regulation, supervision and monitoring tools for the regulators to monitor the activities of licensees to ensure the proper implementation of AML/CFT measures. Such tools include the right to request information from a licensee, the right to conduct an inspection into the business activities of a VASP and an issuer of initial token offerings and the right to investigate such business activities. The FSC also has wide powers including the power to issue a direction requiring action to be taken to a licensee.
Item 3: Countries should ensure that there is a range of effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, available to deal with VASPs that fail to comply with AML/CFT requirements.
By being licensed by the FSC under the VAITOS, a VASP is subject to the laws and regulations under the Applicable Acts and further, as it is a reporting person under the FIAMLA as above stated, the failure to comply with AML/CFT requirements will lead to a contravention of the FIAMLA, the VAITOS and possibly the other Applicable Acts, which will lead to the penalties stated under the said Applicable Acts, including imprisonment.
Furthermore, under the VAITOS, the FSC may:
• suspend the licence of a VASP or registration of an issuer of initial token offerings;
• refer the matter to the enforcement committee set up under the VAITOS for such action as the deemed appropriate;
• with respect to a present or past VASP or issuer of initial token offerings or any person who is a present or past officer, partner, shareholder, or controller of the VASP or issuer of initial token offerings, as the case may be:
o issue a private warning;
o issue a public censure;
o disqualify the VASP or issuer of initial token offerings to be licensed or registered under the VAITOS for a specified period;
o in the case of an officer of the VASP or issuer of initial token offerings, disqualify the officer from a specified office or position in the VASP or issuer of initial token offerings for a specified period;
o impose an administrative penalty;
o revoke the licence of the VASP or the registration of the issuer of initial token offerings.
• where it revokes a licence or registration, it may apply to the court for the VASP or issuer of initial token offerings to be wound up or dissolved.
Item 4: The occasional transactions designated threshold above which VASPs are required to conduct CDD is USD/EUR 1 000.
The VAITOS has amended Section 17C of the FIAMLA to provide that where the reporting person is a VASP, he must apply CDD measures in respect of an occasional transaction in an amount equal to or above 1,000 US dollars or an equivalent amount in foreign currency.
Item 5: Countries should ensure that originating/beneficiary VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to the beneficiary VASP or financial institution (if any) immediately and securely, and make it available on request to appropriate authorities.
The VAITOS has amended Section 17C of the FIAMLA to provide that where the reporting person is a VASP, he must record, in respect to an occasional transaction in an amount below 1,000 US dollars
• the name of the originator and the beneficiary; and
• the virtual asset wallet address for each or a unique transaction reference number.
CONCLUSION
One can conclude safely that the authorities in Mauritius seem to be taking the necessary measures to ensure that Mauritius has the appropriate safeguards to protect the jurisdiction from the AML/CFT risks associated with the business opportunities under the VAITOS. Time will tell whether in practice, our operators have sufficient knowledge and skills to prevent such risks from developing.
For further information, please contact:
Melissa Virahsawmy, Appleby
mvirahsawmy@applebyglobal.com