Guideline on Private Banking

BOM/ BSD 38 /February 2017 BANK OF MAURITIUS Guideline on private banking February 2017 Revised July 2017 Revised December 2021

This page is intentionally left blank.

i TABLE OF CONTENTS INTRODUCTION .............................................................................................................................. 1 Purpose ................................................................................................................................................ 1 Authority ............................................................................................................................................. 1 Scope of Application........................................................................................................................... 1 Relation to other guidelines issued by the Bank of Mauritius........................................................ 1 Effective date....................................................................................................................................... 1 Interpretation...................................................................................................................................... 2 Section I: Application process for conducting private banking business in Mauritius............... 6 Section II: Exemptions applicable to banks licensed to carry on exclusively private banking business....................................................................................................................................... 6 Section III: General application of banking laws, guidelines, instructions and directives.......... 8 Section IV: Use of the term “private banking”................................................................................ 8 Section V: Private banking conduct and compliance risks............................................................. 8 Section VI: Risk mitigation measures to address private banking conduct and compliance risks........................................................................................................................................... 10 Section VII: Business conduct with regard to private banking customers.................................. 11 Section VIII: Policies and procedures for private banking business........................................... 12 16.1 Responsibilities of private banking staff ........................................................................... 12 16.2 Internal control environment ............................................................................................ 12 16.3 Background, integrity, fitness and propriety checks on private bankers......................... 12 16.4 Private banking staff conduct and personal securities dealings ...................................... 12 16.5 Customer account transaction processing ........................................................................ 13 16.6 Hold mail service................................................................................................................ 13 16.7 Handling of dormant private banking customers............................................................. 14 16.8 Portfolio performance statements...................................................................................... 14 16.9 Business communication systems...................................................................................... 14 16.10 Risk management and risk control measures ................................................................... 15 16.11 Management Information System..................................................................................... 15 17. Additional control measures for activities permissible under section 7(7D)(b) of the Act.....15 Section IX: Additional business activities....................................................................................... 16 18. Concierge services.............................................................................................................. 16 19. Authorisation for the conduct of additional business activities ....................................... 16 Section X: Supervisory reporting.................................................................................................... 17 Section XI: Regulatory and Supervisory Oversight...................................................................... 17 Section XII: Transitional arrangements......................................................................................... 17

This page is intentionally left blank.

1 INTRODUCTION The Banking Act 2004 provides that a bank may be permitted to carry on private banking business in Mauritius. Private banking business is defined in the Banking Act 2004 as “the business of offering banking and financial services and products to high-net-worth customers including, but not limited to, an all-inclusive money-management relationship”. Further, section 7(7D) of the Banking Act 2004 states that “A bank which has been granted a banking licence to carry on exclusively private banking business by the central bank may be exempted from such provisions of the Act as the central bank may determine and be subject to such terms and conditions and guidelines as the central bank may determine”. Pursuant to section 52(1) of the Banking Act 2004, a bank licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business, may, with the approval of the Bank of Mauritius, carry on its licensed activities solely through digital means or through electronic delivery channels. In such cases, the Guideline for Digital Banks shall also apply to the bank. Purpose This Guideline on private banking (Guideline) gives effect to the abovementioned provisions of the Banking Act 2004 and sets out the regulatory and supervisory framework applicable to banks conducting private banking business. It specifies additional requirements to, or, exemptions from the rules applicable to conventional banking. It sets out the terms under which the Bank of Mauritius is prepared to consider exemptions from the Banking Act 2004 under section 7(7D). Authority This Guideline is issued under the authority of section 50 of the Bank of Mauritius Act 2004 and sections 7(7D) and 100 of the Banking Act 2004. Scope of Application This Guideline applies to banks licensed under the Banking Act 2004 and which engage in private banking business. Section II of this Guideline shall apply only to banks licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business. The other sections apply to both banks carrying on exclusively private banking business and banks offering private banking services as part of their conventional banking services. Relation to other guidelines issued by the Bank of Mauritius As far as it contains specific rules, this Guideline takes precedence regarding private banking business over other guidelines issued by the Bank of Mauritius. All the other guidelines remain entirely applicable to private banking business unless explicitly stated by the Bank of Mauritius. Effective date This revised Guideline shall come into effect on 6 December 2021.

2 Interpretation In this Guideline, “Act” means the Banking Act 2004; “affiliate” has the same meaning as in the Banking Act 2004; “all-inclusive money-management” means a holistic professional money-management service by a bank, which may include but is not limited to, wealth management, distribution of financial products, custodian, insurance agent or such other banking and financial services/products as may be approved by the Bank or the FSC; “assets management” means the provision of financial services in relation to managing a portfolio of investments consisting of assets other than securities, such as real estate, physical commodities or such other assets as may be approved by the FSC, pursuant to an ‘Assets Management’ licence granted under section 14 of the Financial Services Act 2007; “assets under management” or “AUM” means the total market value of investable assets that a bank carrying on private banking business handles on behalf of its private banking customer(s); “Bank” means the Bank of Mauritius established under the Bank of Mauritius Act 2004; “bank” means a bank licensed under the Banking Act 2004 and which carries on private banking business; “beneficial owner” has the same meaning as in the Financial Intelligence and Anti-Money Laundering Act 2002 and the Financial Intelligence and Anti-Money Laundering Regulations 2018. A private banking account/customer may have one or more beneficial owners; “control functions” mean those functions that have a responsibility independent from management to provide objective assessment, reporting and/or assurance. This includes the risk management function, the compliance function and the internal audit function; “custodian” means a person holding a ‘Custodian’ licence or a ‘Custodian Services (non-CIS)’ licence issued by the FSC under section 100 of the Securities Act 2005 or section 14 of the Financial Services Act 2007, as appropriate, for safekeeping the assets of a private banking customer; “digital private bank” refers to a bank licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business solely through digital means or through electronic delivery channels; “discretionary wealth management” means wealth management for and on behalf of a private banking customer whereby the bank has discretion over the investment decisions of the portfolio in accordance with the terms and conditions that exist between the bank and the private banking customer; “distribution of financial products” means the distribution of securities/investment products of third-parties such as fund houses or such other qualifying financial product which may be distributed by the holder of a ‘Distribution of Financial Products’ licence issued by the FSC under section 14 of the Financial Services Act 2007;

3 “FSC” means the Financial Services Commission, Mauritius established under the Financial Services Act 20071 ; “hold mail” means retaining all or selected statements related to the account(s) of a private banking customer with the bank until such time the customer arranges for the collection of the mail; “inactive” has the same meaning as in section 57(9) of the Banking Act 2004, i.e., it refers to an account where there has not been any customer induced transaction during one year or more; “insurance agent” means a person who is the holder of an ‘Insurance agent (Company)’ licence issued by the FSC under section 70 of the Insurance Act 2005, and a person who, with the authority of an insurer and not being an employee of the insurer, acts on behalf of the insurer in the initiation of the insurance business, the receipt of proposals, the issue of policies, the collection of premiums, the settlement of claims or performs such other activities related to insurance as the FSC may approve; “investable assets” include liquid financial assets such as deposits with banks, certificates of deposits, marketable securities, structured products and other investment products, marketable precious metals and cash value of life insurance policies which have a surrender value. Investments in real estate may be included provided that the bank satisfies itself that the investments will be liquidated within a period of three years. Other investments in real estate and investments in collectibles, consumables, consumer durables and claims to occupational pension assets do not qualify as investable assets; “investment adviser” means a person who holds an ‘Investment Adviser (Unrestricted)’ licence or an ‘Investment Adviser (Restricted)’ licence or a ‘Representative of Investment Adviser (Unrestricted)’ licence or a ‘Representative of Investment Adviser (Restricted)’ licence issued by the FSC under section 30 of the Securities Act 2005 to exercise the following financial business activities, as applicable: a. unrestricted – manage, under a mandate, whether discretionary or non-discretionary, portfolios of securities and give advice, guidance or recommendations to enter into securities transactions (other than corporate finance advisory), whether personally or through printed materials or by any other means; b. restricted – give advice, guidance or recommendations to enter into securities transactions (other than corporate finance advisory), whether personally or through printed materials or by any other means; c. representative – an individual who is employed by an investment adviser for the purpose of exercising, on its behalf, securities transactions that the investment adviser is licensed to carry out and includes an officer who carries out securities transactions on behalf of an investment adviser;

1 The FSC is the integrated regulator for the non-bank financial services sector and global business. Established in 2001, the FSC is mandated under the Financial Services Act 2007 and has enabling legislations in the Securities Act 2005, the Insurance Act 2005 and the Private Pension Schemes Act 2012 to license, regulate, monitor and supervise the conduct of business activities in these sectors. FSC website: https://www.fscmauritius.org

4 “non-discretionary wealth management” means wealth management whereby investments are made by the bank for and on behalf of private banking customers with their approval. The execution of these investment orders may be preceded by advice on investments; “non-investment-related transactions” refer to transactions of private banking customers with no apparent link to their investment activity. Examples of non-investment-related transactions include operational transfers to/from the accounts of private banking customers linked to the private banking customers’ commercial activities; “private bank” means a bank licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business; “private banker” is a relationship manager with personal interactions with private banking customers and who is engaged by or acting for a bank carrying on private banking business; “private banking account” means any account held by a private banking customer. This includes an account held: a. in own name; b. jointly with other individuals; and/or c. through legal structures such as trusts, foundations and non-operational companies; “private banking business” has the same meaning as in the Banking Act 2004, that is, “business of offering banking and financial services and products to high-net-worth customers, including but not limited to an all-inclusive money-management relationship” with further specifications in the Interpretation section of this Guideline. It focuses on providing personalised banking and wealth management services to high-net-worth customers through dedicated private bankers. In the case of banks licensed to carry on exclusively private banking business, private banking business also includes the activities defined under section 7(7D)(b) of the Banking Act 2004 which allows a private bank (i) to hold, store or sell gold, silver, platinum and other precious metals as part of the management of its client’s investment portfolio; and (ii) to provide safety vault services to its clients for gold, silver, platinum, precious and semi-precious stones, precious metals, pearls, works of art and collectors’ pieces or antiques and such other high value goods as the Bank may determine; “private banking customer” means: a. a high-net-worth individual possessing investable assets of at least USD 500,000 (or the equivalent value in another currency) or having an annual income of at least USD 150,000 (or the equivalent value in another currency) and availing of products and services falling within the ambit of private banking business carried on by a bank. The investable assets of a high-net-worth individual may include (i) investable assets held jointly with the spouse or child; and (ii) investable assets held under legal structures owned by the high-net-worth individual. The high-net-worth individual may avail of products/services falling under the “private banking business” of the bank in his/her own name, jointly with other individuals and/or through legal structures such as trusts, foundations and non-operational companies set up to manage his/her wealth; or b. a legal structure set up to manage the wealth of beneficial owners, whereby this legal structure possesses investable assets of at least USD 500,000 (or the equivalent value in another currency) and avails of products and services falling within the ambit of private banking business carried on by a bank. A bank should take reasonable measures to verify the value of the investable assets and the annual income using relevant information obtained from reliable sources, to its satisfaction;

5 “private banking staff” comprise: a. all staff forming part of a private bank or a private banking department, as applicable. This would normally include private bankers, private banking managers, investment analysts, portfolio managers and operational staff including back-office/middle-office staff, as applicable; and b. in cases where other departments of a bank service/support private banking customers, staff who have regular interactions with private banking customers and who are substantially exposed to the dealings of private banking customers; “related party” has the same meaning as in the Banking Act 2004 and the Guideline on Related Party Transactions; “securities” has the same meaning as in the Securities Act 2005 and includes shares or stocks in the share capital of a company, shares in or securities of a collective investment scheme, treasury bills, bonds, options, futures, forwards, among others; “senior officer” has the same meaning as in the Banking Act 2004; “significant interest” has the same meaning as in the Banking Act 2004; “voice logging” means the recording of audio information through business landline telephones or other communication systems; “wealth management” means services relating to “investment adviser” or “assets management”.

6 Section I: Application process for conducting private banking business in Mauritius

1. A body corporate wishing to apply for a banking licence to carry on private banking business in Mauritius shall stand guided by section 5 of the Act. Where the applicant intends to provide its private banking business solely through digital means or through electronic delivery channels under section 52(1) of the Act, it shall so specify in its application form and, in such a case, the Guideline for Digital Banks shall also apply to the applicant.
2. In view of the fact that private banking business encompasses activities which fall under the regulatory purview of the FSC, the body corporate shall correspondingly refer to relevant sections of the Financial Services Act 2007, the Securities Act 2005, the Insurance Act 2005 and other relevant Acts for licences required from the FSC, as detailed in the Interpretation section of this Guideline.
3. Applications for a banking licence and for the licences under the purview of the FSC shall be made in such form and manner prescribed by the Bank and the FSC. Section II: Exemptions applicable to banks licensed to carry on exclusively private banking business
4. A private bank, depending on the business model proposed, may be exempted from such provisions of the Act and such guidelines, directives or instructions issued by the Bank, as the Bank may determine.
5. In this respect, private banks may be granted the following exemptions, subject to the approval of the Bank on such terms and conditions it may impose: 5.1 Minimum capital requirement [Section 20 of the Act] 5.1.1 A private bank may start operations with a minimum capital requirement of Rs200 million, in the case where its business model suggests that it would primarily engage in wealth management and would not hold assets bearing significant risks. 5.1.2 The private bank shall increase its minimum capital to Rs400 million in a phased manner within a period of five years, or, within such shorter timeframe, as the Bank may determine, depending on the evolution of its balance sheet and business model. 5.2 Significant ownership [Section 19(b)(ii) of the Act] The shareholders of a private bank may own a significant interest of 10% or more of the private bank’s capital or voting rights provided that: a. the shareholders undertake in writing to the Bank not to influence or impede the prudent management and functioning of the private bank in accordance with sound banking practices;

7 b. the private bank has in place a board of directors chaired by an independent director and which is composed of a majority of independent directors*; c. the board members of the private bank collectively have proven experience in matters of regulatory compliance, risk management and audit; and d. the private bank demonstrates at any point in time that all business transactions with shareholders are conducted at arms-length.

• Condition b. above will not apply to subsidiaries and branches of foreign banks. 5.3 Board sub-committees [Guideline on Corporate Governance] 5.3.1 The Guideline on Corporate Governance requires banks to establish an Audit committee, a Conduct Review Committee, a Risk Management Committee and a Nomination and Remuneration Committee. 5.3.2 A private bank may only establish an Audit Committee and an executive-level Risk Management Committee. In such instances, the private bank’s board of directors shall also be responsible for the tasks assigned to the other board sub-committees and for laying down the risk management strategy, risk appetite and key risk policies. 5.4 Operational existence of at least five years of the applicant’s parent bank [Section 7(3) of the Act] 5.4.1 Where the applicant is a branch or a subsidiary of a bank incorporated abroad and is making an application either singly or in joint venture with a bank incorporated in Mauritius, section 7(3) of the Act requires that the bank incorporated abroad is a reputable international bank, having operated as a bank in the jurisdiction of its head office for at least 5 years, and is subject to consolidated supervision by competent foreign regulatory authorities. 5.4.2 Where the bank incorporated abroad has operated for less than five years, the Bank may consider the application if: a. the applicant is able to, inter alia, demonstrate, to the satisfaction of the Bank, the adequate experience and track record of its shareholders, board members (as applicable) and senior officers including those to be assigned to the bank in Mauritius; and b. the applicant is subject to consolidated supervision by competent foreign regulatory authorities and these authorities have no objection to its proposal to carry on private banking business in Mauritius.

6. In the event that a private bank deems that certain provisions of the banking laws, guidelines, instructions or directives are not applicable to its business model, it may seek the approval of the Bank for a dispensation from the relevant requirements.

8 Section III: General application of banking laws, guidelines, instructions and directives 7. With the exception of an exemption granted under Section II of this Guideline, banks carrying on private banking business shall comply with all applicable provisions of the banking laws2 , guidelines3 , instructions and directives issued by the Bank. Section IV: Use of the term “private banking” 8. Banks conducting private banking business shall use the term “private banking”, “private banking account”, “private banking customer” and “private banking business” only with regard to private banking business relationships falling under the definition of this Guideline. 9. With regard to banks carrying on private banking business prior to the coming into operation of this revised Guideline, the above restriction will not apply to: a. existing customers who have already been on-boarded as a private banking customer before the effective date of this revised Guideline, i.e. 6 December 2021; and b. new customers on-boarded during the transitional period ending 31 December 2022. Section V: Private banking conduct and compliance risks 10. Banks carrying on private banking business shall, with regard to their private banking business and based on their specific risks, size of operations and business model, adequately identify, address and mitigate conduct and compliance risks, with specific thrust on: 10.1 Money Laundering (ML), Terrorism Financing (TF) and Proliferation Financing (PF) Risk that they fail to comply with Anti-Money Laundering/Combating the Financing of Terrorism and Proliferation (AML/CFT) measures, e.g. to properly implement effective AML/CFT control processes or to detect and report illicit assets or transactions; 10.2 Corruption Risk that their staff bribe public officials or that they knowingly or unknowingly assist their private banking customers in acts of bribery, e.g. by processing transactions linked to corruption on their behalf; 10.3 Client Tax non-compliance Risk that they get prosecuted by domestic or foreign tax authorities and criminal prosecutors for, inter alia, aiding and abetting tax fraud committed by their customers, or, not making relevant declarations to the tax authorities;

2 The relevant legislations are accessible at https://www.bom.mu/about-the-bank/legislation. 3 The guidelines issued by the Bank are accessible at https://www.bom.mu/financial-stability/supervision/guideline.

9 10.4 Cross-border regulation violation Risk of enforcement actions by foreign regulators or prosecutors for violation of cross-border supervisory regulation, when they offer cross-border financial services or products to foreign investors without the necessary licences; 10.5 Economic sanctions’ violation Risk of enforcement actions by foreign authorities, e.g. for processing foreign currency transactions for designated parties through foreign correspondent banks or executing securities transactions for designated parties involving foreign securities, foreign broker dealers or foreign custodians; 10.6 Abuse of legal structures Risk that ML/TF/PF-, Corruption-, Client Tax- or Cross-border or other regulatory risks are not detected by them due to an inadequate understanding of complex structures used by the beneficial owners of private banking accounts; 10.7 Business conduct rules violation Risk of: a. breaching business conduct rules which require banks to observe fiduciary duties, to act in best interests of private banking customers, and, breaching other standards of market conduct including treating private banking customers fairly; and b. private banking staff being influenced by gifts, entertainment and other inducements from private banking customers or third-party providers of financial products, thereby affecting the conduct of proper customer due diligence/transaction monitoring and/or the conduct of appropriate suitability assessments in respect of distribution of financial products; 10.8 Fraud Risk of, inter alia, banks’ staff defrauding private banking customers, private banking customers defrauding them or third-parties with or without conspiring with banks’ staff, or external asset managers defrauding private banking customers with or without conspiring with banks’ staff; 10.9 Data protection breaches Risk to have data of private banking customers accessed by unauthorised third￾parties due to, e.g. data thefts or cyber-attacks; and 10.10Corporate Governance failures Risk of failure to identify, address and mitigate excessive risks of all types due to inadequate corporate governance (e.g. failure to identify and manage conflicts of interest).

10 Section VI: Risk mitigation measures to address private banking conduct and compliance risks 11. To adequately identify, address and mitigate conduct and compliance risks, banks carrying on private banking business shall consider and, based on their specific risks, size of operations and business model, implement risk management and risk control measures, including but not limited to: a. setting up, maintaining and enforcing a robust corporate governance framework to create the right compliance culture; b. setting the right tone from the top with regard to compliance; c. introducing, maintaining and enforcing a comprehensive compliance risk management and control environment; d. analysing and documenting the bank’s exposure to all the key risks in function of its business model, product and service offering and client base; e. addressing the risks associated with private banking customers who are also politically exposed persons; f. identifying and verifying the beneficial owner(s) of each private banking account, as well as, duly identifying accounts that are related to one another through common ownership or common control so that they can be monitored on an individual and aggregate basis, in consideration of possible ML/TF/PF risks. The information on beneficial owners of private banking accounts shall be kept up-to-date; g. factoring in conduct and compliance risks in all strategic decisions on new business initiatives; h. defining the risk appetite for the private banking business and setting up a comprehensive risk control framework including effective and documented internal processes and controls; i. adopting and regularly reviewing internal policies covering all the risks and addressing the regulatory requirements in the specific business context; j. training private banking staff on all private banking conduct and compliance risks and monitoring their compliance with internal policies and regulatory requirements; k. proactively investigating possible policy breaches and taking disciplinary sanctions, as appropriate, against non-compliant private banking staff; and l. escalating policy breaches without delay to senior management and the board of directors and, if material, to the Bank. The level of materiality relative to the bank should be established in its board-approved policy for private banking business.

11 Section VII: Business conduct with regard to private banking customers 12. Banks carrying on private banking business shall adopt a Code of Ethics to be observed by their private banking staff to promote fair and ethical actions that are fundamental to good business practices. 13. Treating private banking customers fairly includes, but is not limited to: a. proactively informing private banking customers about the bank and its regulatory status, the services and products offered and their expected costs and risks; b. making the private banking customers aware of the general and specific risks of an investment when advising them; c. adequately identifying the financial background, the risk-bearing capacity, the risk-tolerance/appetite and the investment goals of the private banking customers with discretionary and non-discretionary wealth management mandates, advising them in line with this analysis and ensuring that customer suitability obligations are observed; d. verifying with private banking customers before executing investment orders which are not in line with and considerably riskier than their usual transactions; e. timely and diligently executing private banking customers’ orders in the best possible way; f. avoiding conflicts between the interests of the private banking customer and the interests of the bank acting as an agent of the customer or, if this is not possible, taking appropriate measures to reduce and manage the conflict and disclose the conflict to the private banking customer. In particular, under a discretionary wealth management mandate, private banking customers need to be asked to formally approve in advance investments with the bank’s related parties or affiliates or entities connected directly or indirectly to the bank’s board members/senior officers/officers; g. properly documenting the services, transactions and interactions with the private banking customers; and h. proactively and regularly disclosing necessary information (related to the suitability of the investment portfolio; trade orders such as quantity, pricing and associated costs; and performance reporting, among others) to the private banking customers in accordance with their investment management agreement signed with the bank, either on a non-discretionary or discretionary wealth management mandate. 14. Banks carrying on private banking business shall establish appropriate rules on gifts, entertainment and other inducements from private banking customers or third-party providers of financial products.

12 Section VIII: Policies and procedures for private banking business 15. Banks carrying on private banking business shall introduce, maintain and duly enforce a board-approved policy for private banking business. This policy shall set out the approach, processes and controls for private banking business. A bank may opt to have a separate policy for private banking business or integrate it within its existing policies. 16. This policy shall, as a minimum, cover the following areas with regard to a bank’s private banking business: 16.1 Responsibilities of private banking staff a. The responsibilities of each private banking staff shall be well-defined; and b. The different units within the private bank or private banking department, as applicable, shall be well-demarcated and their functions and responsibilities shall be clearly set out. 16.2 Internal control environment a. The duties and responsibilities of private banking staff shall be properly segregated among the front-office and operational staff (middle-office/back￾office staff, as applicable); b. There shall be dual control on the approval of new private banking relationships. Further, account documentation processing and account activation shall be performed by units independent from the front-office staff; c. Private bankers shall not single-handedly be responsible for the execution of customer instructions without involvement of other control units for checks and controls; and d. Customer complaints, account statements, inactive private banking accounts and dormant private banking customers shall not be handled solely by private bankers and shall be subject to appropriate oversight by the control functions. 16.3 Background, integrity, fitness and propriety checks on private bankers Banks carrying on private banking business shall ensure that private bankers recruited meet the fit and proper person tests and are subject to regular review to assess whether they continue to meet the fit and proper person criteria for the private banking business. 16.4 Private banking staff conduct and personal securities dealings a. The policy for private banking business shall set out rules governing private banking staff conduct and personal securities dealings comprising, among others: i. a requirement for private banking staff to disclose any conflict of interest that may arise in relation to their duties;

13 ii. a requirement to monitor private banking staff personal securities dealings (including in-house securities dealings4 ). This encompasses adequate approval procedures, declaration requirements and proper record-keeping. iii. a requirement for private banking staff to annually submit a duly-signed declaration form with details of: (1) all personal transactions on securities and other investment products, including a consent for the bank to have access to these transactions if warranted; (2) outstanding assets and liabilities; iv. regular independent monitoring of private banking staff personal securities dealings on a random and sample basis; v. prompt investigation on any matter that may give rise to suspicion of misconduct by private banking staff; vi. a Code of Ethics setting out the business conduct rules for private banking staff in line with section VII of this Guideline; and vii. consecutive leave policy of at least 5 working days for all private banking staff. This shall comprise consecutive barred access to the bank’s computers/devices/systems (including business communication systems), as well as, the premises of the bank. 16.5 Customer account transaction processing a. Banks carrying on private banking business shall have in place an internal policy for call-back procedures to confirm transaction orders with the private banking customers. b. As a minimum, call-back shall be performed for irregular, unusual and high-risk/high-value transactions, as determined in the bank’s policy for private banking business. It is recommended that the call-back is performed by a staff who is independent from the receipt and execution of the transaction order. c. The call-backs shall be subject to regular reviews by the control functions. 16.6 Hold mail service Hold mail service shall not be offered to private banking customers in view of high risks of fraud, including concealment of unauthorised transactions.

4 In-house securities dealings comprise securities dealings of private banking staff, in their own name, through the bank as well as through any company within the bank’s corporate group, where applicable.

14 16.7 Handling of dormant private banking customers a. Notwithstanding sections 57(5A), 57(6) and 59 of the Act, banks carrying on private banking business shall comply with the following requirements: i. in cases where all accounts held by a private banking customer have become inactive, the bank carrying on private banking business shall, beyond sending a letter by registered post regarding the inactive accounts to the private banking customer’s last known address, make all other reasonable efforts to establish contact with the client. If the private banking customer cannot be reached despite such efforts undertaken by the bank, the private banking customer shall be classified as dormant; ii. at the time of account opening, private banking customers shall be duly informed of the processes and terms for their accounts becoming inactive and subsequently the private banking customers becoming dormant; iii. control and monitoring processes shall be put in place to prevent the abuse of accounts (including assets under management) of dormant private banking customers. 16.8 Portfolio performance statements a. Private banking customers shall receive statements on the performance of their portfolio of investments with the bank on a periodic basis, i.e. at least quarterly, or, at a more frequent interval as may be requested by the customers. b. Banks carrying on private banking business shall establish rules for: i. proper segregation of duties in generating and delivering account statements; ii. handling customer requests for change of correspondence address; and iii. collecting and following up with returned mail/advice/statements. 16.9 Business communication systems a. There shall be, to the extent possible, use of business communication systems (e.g. e-mails, facsimile, fixed-line phones and business mobile phones, amongst other business communication platforms), for all communication between private banking staff and private banking customers. b. Banks shall establish a list of authorised alternative third-party communication applications which may be used by private banking staff for calls or messaging. c. Banks shall maintain an appropriate audit trail of communications (such as voice logging of calls and call reports) with private banking customers to keep records of all transactions and to facilitate any investigation in the case of disputes or suspected fraudulent transactions. d. There shall be specifications on the storage and data protection of the call recordings as well as on circumstances under which designated persons may access these call recordings.

15 e. The time period, not shorter than seven years, after which the call recordings may be deleted shall be specified. 16.10Risk management and risk control measures Banks carrying on private banking business shall have in place rules for risk management and control in light of sections V and VI of this Guideline. 16.11 Management Information System Banks carrying on private banking business shall establish an appropriate management information system for their private banking business to facilitate regulatory reporting and oversight on the private banking segment. 17. Additional control measures for activities permissible under section 7(7D)(b) of the Act 17.1 A private bank shall incorporate, in its policy for private banking business, appropriate procedures, processes and controls for the following activities performed under section7(7D)(b) of the Act: a. holding, storing or selling gold, silver, platinum, and other precious metals; and b. providing safety vault services for gold, silver, platinum, precious and semi-precious stones, precious metals, pearls, works of art and collectors’ pieces or antiques and such other high value goods as the central bank may determine. 17.2 In this respect, a private bank shall ensure that, at a minimum, the following measures are in place: a. Duly executed agreement / Formal instructions i. The private bank and its private banking customer shall enter into a duly executed agreement for safety vault services and all other activities carried out under section 7(7D)(b) of the Act. The agreement shall incorporate full details of the goods to be stored at time of signature; and ii. Appropriate instructions shall be received from the private banking customer for the buying and selling of such goods. A confirmation for each transaction executed shall be provided to the private banking customer. b. Vault Access Management System i. Dual control principles shall be adopted, at all times, with regard to access to the safety vault and movement of goods into and out of the safety vault; and ii. Advanced security and surveillance systems (including CCTV camera, alarm intrusion systems, among others) shall be put in place to monitor authorised access as well as detect unauthorised access to the safety vaults. The recordings of the CCTV camera shall be kept for a minimum of six months.

16 c. Appropriate Inventory Management System i. Proper records of the quantum and value of goods in the safety vault for each private banking customer shall be kept; ii. Movement of goods into and out of the safety vault shall be duly authorised and recorded. Such movements shall be conducted under dual control; iii. Regular stock-taking exercises as well as surprise checks shall be conducted by independent staff; iv. Periodic statements on goods in the safety vault shall be issued to private banking customers; v. Goods stored in the safety vault shall be duly insured. d. Periodic review by control functions The activities shall be subject to periodic review by the control functions. Section IX: Additional business activities 18. Concierge services 18.1 Banks carrying on private banking business may, subject to prior notification to the Bank, offer concierge services as an ancillary service to their private banking customers. 18.2 As a minimum, the following control measures shall be implemented: a. a comprehensive risk assessment prior to the launch of the concierge services to identify, manage and mitigate all the associated risks; b. a robust due diligence process on the concierge service provider(s), where applicable; c. a suitable clause in the agreement(s) with the concierge service provider(s) clearly establishing the party liable for dealing with issues arising from the concierge services (e.g. complaints and refunds); d. upfront disclosure to private banking customers on all the operational arrangements (including the complaints/dispute resolution mechanism) and risks involved. 19. Authorisation for the conduct of additional business activities 19.1 Banks carrying on private banking business and wishing to engage in additional business activities not covered in this Guideline shall seek the approval of the Bank accordingly.

17 Section X: Supervisory reporting 20. A bank carrying on private banking business shall periodically submit to the Bank and the FSC, information on its private banking business in such form and manner as may be determined by the respective authorities, depending on the type of activities conducted by the bank. Section XI: Regulatory and Supervisory Oversight 21. Banks carrying on private banking business shall be subject to the regulatory and supervisory frameworks of the Bank and the FSC in accordance with their respective licensed/authorised activities. Section XII: Transitional arrangements 22. Banks carrying on private banking business prior to the coming into operation of this revised Guideline shall take necessary measures to be in full compliance therewith by 1 January 2023. Bank of Mauritius 6 December 2021