Virtual Asset and Initial Token Offerings Services (Risk Management) Rules 2022

Government Notices 2022 2505 Government Notice No. 178 of 2022 THE VIRTUAL ASSET AND INITIAL TOKEN OFFERINGS SERVICES ACT FSC Rules made by the Financial Services Commission under section 52 of the Virtual Asset and Initial Token Offerings Services Act PART I – GENERAL PROVISIONS

1. Citation These rules may be cited as the Virtual Assets and Initial Token Offerings Services (Risk Management) Rules 2022.
2. Interpretation “Act” means the Virtual Asset and Initial Token Offerings Services Act; “company” means a company incorporated as such under the Companies Act; “financial year” has the same meaning as in section 22 of the Act; “relevant Acts” has the same meaning as in the Financial Services Act;
3. Scope of the Rules (1) These rules shall apply to all virtual asset service providers that carry out business in or from Mauritius. (2) These rules shall be read in conjunction with the Act, applicable Acts, relevant Acts and guidelines which the Commission may issue from time to time.

2506 Government Notices 2022 PART II – GENERAL REQUIREMENTS 4. The general requirements (1) A virtual asset service provider shall have in place sound, effective and comprehensive strategies, processes and risk management systems to assess and maintain, on an ongoing basis, the amounts, types and distribution of financial resources, non-financial resources, own funds and unimpaired capital that it considers adequate to cover – (a) the nature and level of the risks to which it is, or might be, exposed, such that there is no significant risk that its liabilities cannot be met as they fall due, and that in the event of a winding up, its business can be wound up in an orderly manner, minimising harm to consumers, market integrity or to other market participants; (b) the risk that the virtual asset service provider might not be able to meet the obligations under the Virtual Assets and Initial Token Offering (Capital and other financial requirements) Rules 2022 in the future; and (c) the need for liquid assets adequate to cover its liabilities as they fall due. (2) A virtual asset service provider shall document how it has met the general prudential requirement. A virtual asset service provider shall review annually how it is meeting the general prudential requirement, and this review shall be completed within 4 months after the close of every financial year. 5. Types of risk (1) A virtual asset service provider, in identifying and managing the major sources of risks to which they may be exposed,

Government Notices 2022 2507 shall consider the following categories of risks as relevant to the virtual asset service provider, given the nature and scale of its business, including but not limited to – (a) credit and counterparty risk; (b) liquidity risk, being the risk that a virtual asset service provider, although solvent, either does not have available sufficient financial resources to enable it to meet its obligations as they fall due, or can secure such resources only at excessive cost; (c) operational risks; (d) market risk, being the risks that arise from fluctuations in values of, or income from, virtual assets or in interest or exchange rates; (e) interest rate risk, including – (i) risks related to the mismatch of re-pricing of assets and liabilities and off balance sheet short￾and long-term positions (“re-pricing risk”); (ii) risks arising from hedging exposure to one interest rate with exposure to a rate which re￾prices under slightly different conditions; (iii) risk related to the uncertainties of occurrence of transactions, for example, when expected future transactions do not equal the actual transactions; and (iv) risks arising from consumers redeeming fixed rate products when market rates change. (f) the risk that their own funds held by the virtual asset service provider are inadequate having regard to the

2508 Government Notices 2022 economic substance of the transactions the virtual asset service provider is involved in; (g) risks arising from changes in the virtual asset service provider’s business, including: the acute risk to earnings posed by falling or volatile income; the broader risk of a virtual asset service provider’s business model or strategy proving inappropriate due to macro-economic, geopolitical, industry, regulatory or other factors; and the risk that a virtual asset service provider may not be able to carry out its business plan and desired strategy; (h) the remuneration policy in place at the virtual asset service provider; (i) risk of excessive leverage; (j) the risk to the virtual asset service provider caused by its contractual or other liabilities to, or with respect to, any pension scheme (whether established for its employees or those of a related company or otherwise), including the risk that the virtual asset service provider will make payments or other contribution to, or with respect to, a pension scheme because of a moral obligation or because the virtual asset service provider considers that it needs to do so for some other reason; (k) the risk that the virtual asset service provider’s financial position may be adversely affected by its relationships (financial or non-financial) with other entities in the same group or by risks which may affect the financial position of the whole group (e.g. reputational contagion);

Government Notices 2022 2509 (l) concentration risk, being the risk that a combination of risks exposures will cause a loss large enough to threaten the solvency or the financial position in general of the virtual asset service provider; and (m) the risk that the risk mitigation techniques used by the virtual asset service provider prove less effective than expected. (2) A virtual asset service provider shall document their assessment of the major sources of risks to which they may be exposed and how they are managing those risks. 6. Use of insurance (1) In meeting the general requirements, a virtual asset service provider may make use of an insurance policy covering the relevant services to mitigate its risks. (2) When considering utilising insurance, a virtual asset service provider shall consider – (a) the type of cover provided by that insurance; (b) the time taken for the insurer to pay claims (including the potential time taken in disputing cover) and the virtual asset service provider’s funding of operations whilst awaiting payment of claims; (c) the financial strength of the insurer, which may determine its ability to pay claims, particularly where large or numerous small claims are made at the same time; and (d) the effect of any limiting conditions and exclusion clauses or excesses that may restrict cover to a small or limited number of specific losses and may exclude

2510 Government Notices 2022 larger or hard to quantify indirect losses (such as lost business or reputational costs). 7. Commencement These rules shall be deemed to come into operation on 1 July 2022. Made by the Financial Services Commission on 28 June 2022.