Virtual Asset and Initial Token Offerings Services (Statutory Returns) Rules 2022

Government Notices 2022 2511 Government Notice No. 179 of 2022 THE VIRTUAL ASSET AND INITIAL TOKEN OFFERINGS SERVICES ACT FSC Rules made by the Financial Services Commission under Section 52 of the Virtual Asset and Initial Token Offerings Services Act PART I – GENERAL PROVISIONS

1. Citation These rules may be cited as the Virtual Asset and Initial Token Offerings Services (Statutory Returns) Rules 2022.
2. Interpretation “Act” means the Virtual Asset and Initial Token Offerings Services Act; “beneficial owner” has the same meaning as prescribed under the Financial Intelligence and Anti-Money Laundering Act; “business continuity plan” means the business continuity plan created under Part III of the Virtual Asset and Initial Token Offerings Services (Cybersecurity) Rules 2022; “financial year” has the same meaning as in section 22 of the Act; “Financial Intelligence Unit” has the same meaning as in the Financial Intelligence and Anti-Money Laundering Act; “relevant Acts” has the same meaning as in the Financial Services Act;
3. Scope of the Rules (1) These rules shall apply to all virtual asset service providers that carry out business in or from Mauritius.

2512 Government Notices 2022 (2) These rules shall be read in conjunction with the Act, applicable Acts, relevant Acts and guidelines which the Commission may issue from time to time. PART II – GENERAL REQUIREMENTS 4. The general principle (1) A virtual asset service provider shall deal with the Commission in an open and cooperative way, and shall disclose to the Commission appropriately anything of which the Commission expects notice. (2) Other matters of which the Commission expects immediate notice include, but are not limited to – (a) any breach or likely breach of the Act or the FSC Rules, including any condition for obtaining a licence under the Act; (b) any changes in relation to any licence(s)/registration(s) held the virtual asset service provider in any jurisdiction; (c) any actual, suspected or likely failure to ensure confidentiality and reliability of clients’ data/ information; (d) any material changes to the business continuity plan in place at the virtual asset service provider; (e) any material changes to the outsourcing arrangements of the virtual asset service provider. 5. Requirement for approval (1) A virtual asset service provider shall not, without the prior approval of the Commission, make the material changes to its business activities set out in Section 13 of the Act.

Government Notices 2022 2513 (2) Any application for approval shall be made using the Virtual Assets and ITO (Material change of business) Form. (3) After receiving the approval of the Commission – (a) the virtual asset service provider shall have 12 months (or such other period as the Commission may specify in providing approval) in which to implement the change, after which the virtual asset service provider will have to reapply for approval if the change has not been made and the virtual asset service provider still wishes to make it; and (b) when the virtual asset service provider has implemented the relevant change, the virtual asset service provider shall promptly inform the Commission. 6. Annual reporting requirements (1) A virtual asset service provider shall provide the following information to the Commission within 4 months after the close of its financial year – (a) the number of prospective clients which the virtual asset service provider has rejected during the reporting period; (b) the number of clients which were off boarded during the reporting period; (c) the number of clients where enhanced due diligence was applied; (d) the total number of the virtual asset service provider’s clients;

2514 Government Notices 2022 (e) the number of the virtual asset service provider’s clients originating from high-risk jurisdictions; (f) the number of the virtual asset service provider’s clients on-boarded on a face-to-face basis; (g) a description of any changes to the client on-boarding process, including information on how the decision to accept a client is taken; (h) the number of suspicious transaction reports filed with the Financial Intelligence Unit during the reporting period; (i) the number of individuals supporting the MLRO, and a description of any changes to the internal and external staff supporting the MLRO; (j) when the virtual asset service provider’s business risk assessment was last updated, and any additional risks identified by the latest risk assessment; (k) whether private keys for virtual asset wallet services are held by the virtual asset service provider and, if so, the number of private keys held; (l) whether the virtual asset service provider holds clients’ virtual assets with a third party custodian; (m) whether the virtual asset service provider forms part of a group, and if so, the group structure; (n) whether the virtual asset service provider has entered into a resource sharing agreement and, if so, the names of the counterparty / counterparties;

Government Notices 2022 2515 (o) whether the virtual asset service provider outsources any of its functions and, if so, any changes to the functions outsourced and to which companies; (p) the number of board meetings held during the reporting period; (q) an overview of any involvement of the virtual asset service provider’s shareholders in the day-to-day operations of the of the virtual asset service provider during the reporting period; (r) whether there were any changes to senior management roles during the reporting period; (s) whether there was any unplanned downtime of critical IT systems and, if so, details of any disruption caused by this downtime; (t) the number of hours of planned downtime of critical IT systems during the reporting period; (u) an overview of any instances of market abuse encountered by the virtual asset service provider during the reporting period; (v) details of any changes to the controls in place to monitor potential market abuse; (w) the number of marketing campaign(s) issued during the reporting period; (x) the results of the review of its cybersecurity strategy and framework and operational resilience performed in accordance with the Virtual Asset and Initial Token Offerings Services (Cybersecurity) Rules 2022;

2516 Government Notices 2022 (y) the results of the review of how it meets the general prudential requirement in accordance with the Virtual Asset and Initial Token Offerings Services (Risk Management) Rules 2022; (z) any material changes to the assessment of the major sources of risks to which the virtual asset provider may be exposed and how the virtual asset provider is managing those risks, in accordance with the Virtual Asset and Initial Token Offerings Services (Risk management) Rules 2022; or (aa) any other information as may be required. 7. Commencement These rules shall be deemed to come into operation on 1 July 2022. Made by the Financial Services Commission on 28 June 2022. By Authority: Government Printing Department, La Tour Koenig 99/07/2022 – 1049