2026-06-04
Added · Updated
The Financial Services Commission of Mauritius issued these guidelines to mandate periodic Customer Due Diligence reviews for existing clients based on a risk-based approach. Licensees must conduct reviews at least annually for high-risk customers, every three years for medium-risk customers, and every four years for low-risk customers, in addition to triggering events. Non-compliance with these requirements or FSC directions may result in criminal sanctions, including fines and imprisonment, or regulatory disciplinary actions.
GUIDELINES ON FREQUENCY OF CUSTOMER DUE DILIGENCE ISSUED ON 05 JUNE 2026
Issued under Section 7 (1) (a) of the Financial Services Act and Section 17E(2) of the Financial Intelligence and Anti-Money Laundering Act
FSC Mauritius Guidelines on Frequency of Customer Due Diligence 1 Contents 1.0 INTRODUCTION........................................................................................... 2 1.1 Background................................................................................................................ 2 1.2 Customer Due Diligence Obligation .............................................................................. 2 2.0 FREQUENCY OF CUSTOMER DUE DILIGENCE............................................ 4 3.0 SANCTIONS FOR BREACH ........................................................................... 6
FSC Mauritius Guidelines on Frequency of Customer Due Diligence 2 1.0 INTRODUCTION 1.1 Background These Guidelines are being issued by the Financial Services Commission (“the FSC”) under Section 7(1)(a) of the Financial Services Act and Section 17E (2) of the Financial Intelligence and Anti-Money Laundering Act. The purpose of these Guidelines is to provide guidance and set standards for licensees which fall under the definition of Financial Institutions under Financial Intelligence Anti Money Laundering Act (‘FIAMLA’) on the frequency at which they shall apply customer due diligence (‘CDD’) requirements on existing clients, proportionate to the identified risk. The Guidelines shall come into effect on 08 June 2026. Relevant licensees are expected to establish and implement appropriate timelines and procedures to conduct reviews of existing customers in accordance with the Guidelines and their present AML/CFT obligations. Reviews of existing customers in accordance with the Guidelines should be completed within one year from the effective date of the Guidelines. 1.2 Customer Due Diligence Obligation Section 17C of the FIAMLA imposes an obligation on licensees which fall under the categories of ‘reporting persons’ to undertake CDD measures for each customer and business relationship. Section 17C (1) of the FIAMLA provides as follows: - “17C. Customer due diligence requirements (1) A reporting person shall undertake CDD measures as may be prescribed, and in the following circumstances – (a) when opening an account for, or otherwise establishing a business relationship with, a customer; (b) where a customer who is neither an account holder nor in an established business relationship with the reporting person wishes to carry out – (i) a transaction in an amount equal to or above 500, 000 rupees or an equivalent amount in foreign currency or such amount as may be prescribed, whether conducted as a single transaction or several transactions that appear to be linked; or (ii) a domestic or cross-border wire transfer;
FSC Mauritius Guidelines on Frequency of Customer Due Diligence 3 (c) whenever doubts exist about the veracity or adequacy of previously obtained customer identification information; (d) whenever there is a suspicion of money laundering or terrorism financing involving the customer or the customer’s account; (e) where the reporting person is a virtual asset service provider under the Virtual Asset and Initial Token Offering Services Act 2021, he shall – (i) apply CDD measures in respect of an occasional transaction in an amount equal to or above 1,000 US dollars or an equivalent amount in foreign currency where the exchange rate to be used to calculate the US dollar equivalent shall be the selling rate in force at the time of the transaction, whether conducted as a single transaction or several transactions that appear to be linked; (ii) record, in respect to an occasional transaction in an occasional transaction in an amount below 1,000 US dollars – (A) the name of the originator and the beneficiary; and (B) the virtual asset wallet address for each or a unique transaction reference number. (1A) Subject to subsection (1), where a customer is not physically present, the reporting person shall undertake CDD measures, as may be appropriate, by means of such reliable and independent digital identification system.” All reporting persons1 are required to undertake CDD measures in line with the circumstances prescribed in Section 17C of the FIAMLA or any other circumstances as may be required by the FSC. In addition, Section 17E of the FIAMLA provides for requirements for application of CDD measures for existing customers and beneficial owners, as follows: - “17E. Existing customers (1) A reporting person shall apply the CDD requirements to customers and beneficial owners with which it had a business relationship on the commencement of this section. (2) The CDD requirements shall be applied at appropriate times and on the basis of materiality and risk, depending on the type and nature of the customer, the business relationship, products or 1 For the purpose of these Guidelines, reporting persons refer to licensees of the Commission that fall under the definition of Financial Intelligence Anti Money Laundering Act.
FSC Mauritius Guidelines on Frequency of Customer Due Diligence 4 transactions and taking into account whether and when CDD measures have previously been applied and the adequacy of the data obtained, or as may be specified in any guidelines issued under this Act.” Section 17E(2) of FIAMLA empowers the FSC to issue guidelines to provide for CDD requirements on existing customers. In addition, Regulation 3 (1) (e) (ii) of FIAMLR imposes an obligation to update CDD requirements for existing clients, as follows: - “3. (1) A reporting person shall — ... (e) conduct ongoing monitoring of a business relationship, including — i) scrutiny of transactions undertaken throughout the course of the relationship, including, where necessary, the source of funds, to ensure that the transactions are consistent with his knowledge of the customer and the business and risk profile of the customer; (ii) ensuring that documents data or information collected under the Customer Due Diligence (CDD) process are kept up to date and relevant by undertaking reviews of existing records, in particular for higher risk categories of customers.” These Guidelines thus aim to provide guidance and standards regarding the appropriate times at which CDD measures are to be applied with respect to existing customers proportionate to the risk identified. 2.0 FREQUENCY OF CUSTOMER DUE DILIGENCE In line with Section 17C of the FIAMLA and Regulation 3(1)(e) of the FIAMLR, all reporting persons shall undertake CDD measures and conduct ongoing monitoring of a business relationship including ensuring that documents data or information collected under CDD process are kept up to date and relevant by undertaking reviews of existing records, in particular for higher risk categories of customers. The ongoing monitoring ensures that a reporting person keeps due diligence information up-to-date in line with the customer risk profile. The monitoring should be carried out on an ongoing basis or triggered by specific situations or transactions. Thus, reporting persons are expected to conduct periodic CDD reviews and to put in place measures tailored for each risk category.
FSC Mauritius Guidelines on Frequency of Customer Due Diligence 5 As part of a risk-based approach, licensees must have in place clear and well- documented procedures with regards to customer identification and verification. These procedures should be proportionate to the level of risk, in line with the requirements set out under FIAMLA and FIAMLR. To ensure that CDD and BO information remains accurate, up to date, adequate, and support the principle of proportionality under the risk‐based approach, it is necessary to have specific periodic timeframes to review CDD and BO information. This ensures that customers’ information is regularly updated even if there is no trigger event for review of CDD. A purely trigger‐based framework offers insufficient coverage allowing clients go unchecked for extended periods. Therefore, periodic CDD reviews are essential for detecting potential fraud and illicit activities, and for ensuring that customer information remains accurate and up to date. The frequency to review the CDD relating to all customers should be undertaken in accordance with the frequencies listed below: i. At least, once every year for high-risk customers ii. At least, once every three years for medium risk customers iii. At least, once every four years for low-risk customers Notwithstanding the above, CDD reviews must be carried out when there is a trigger event/situation or whenever required by the FSC, as it deems necessary. By way of illustration, a trigger event/situation may include the following: • A material change in ownership and/or management structure; • Reclassification of the jurisdiction, where the customer is based; • The identification or entry of a PEP in the business relationship; • Inconsistencies between customer information and supporting verification evidence; • Invalid identification data; • Identification of adverse information from sources such as media reports or other relevant sources; or • Customer requesting a new or higher risk product. The list provided above is not intended to be exhaustive.
FSC Mauritius Guidelines on Frequency of Customer Due Diligence 6 3.0 SANCTIONS FOR BREACH The obligations for CDD are supervised and enforced by the FSC through dissuasive and proportionate sanctions. In this respect, the FSC may issue a direction pursuant to its powers vested under Section 7(1)(b) of the FSA to ensure compliance with these Guidelines. Failing to comply with a direction issued by the FSC may entail a criminal sanction under Section 90 (1) of the FSA, which provides for the following: - “90. Offences and penalties (1) Any licensee, or present or former controller of a licensee or any employee of a licensee, who fails to comply with any requirement imposed by or under this Act, or a direction, or requirement issued under this Act, shall commit an offence and shall, where no specific penalty is provided, on conviction, be liable to a fine not exceeding 500,000 rupees and to imprisonment for a term not exceeding 5 years.” In addition, any non-compliance with a direction issued by the FSC may entail regulatory sanctions by the Enforcement Committee of the FSC under Section 53 (1) (a), as follows: - “53. Disciplinary proceedings (1) Where the Chief Executive – (a) has reasonable cause to believe that a licensee – (i) has contravened any relevant Act, AML/CFT legislation, direction or order issued under a relevant Act or any condition of his licence; ... he may refer the matter to the Enforcement Committee for such action as the Enforcement Committee may deem appropriate.” Disclaimer: For avoidance of doubt, nothing in these Guidelines shall preclude a licensee from undertaking periodic reviews more frequently than the minimum frequency prescribed under these Guidelines. Financial Services Commission FSC House, 54 Cybercity Ebene, 72201 Mauritius T: (+230) 403-7000 F: (+230) 467-7172 E: mail@fscmauritius.org www.fscmauritius.org