ASK MAT = “What financial crime risk am I exposed to as a regulated Bank of Mauritius [BOM] bank and employee

MAT SAYS

• As a key Banking employee in a BOM-regulated Mauritian bank, you are a reporting person under the Financial Intelligence and Anti-Money Laundering Act (FIAMLA) with frontline responsibility for CDD, EDD, ongoing monitoring, sanctions screening and the timely filing of Suspicious Transaction Reports (STRs).
• You therefore sit at a high-exposure point for financial crime risk, especially when dealing with African (East/Southern Africa) and other overseas clients who operate through complex, multi-layered structures introduced by FSC-regulated TCSPs and fund administrators.
• Failure to identify, escalate or report suspected money laundering (ML), terrorist financing (TF), proliferation financing (PF), United Nations sanctions breaches, secondary overseas sanctions (e.g. OFAC, UK, EU) or associated criminal activities (corruption, bribery, tax evasion, fraud, etc.) can expose

• You personally to disciplinary action, regulatory sanctions, dismissal, fitness & propriety restrictions, and criminal liability.
• The bank to severe institutional consequences, including large fines, licence conditions, public censure and “failure to prevent” liability under the Financial Crimes Commission Act (FCCA) 2023.

MORE SPECIFICALLY,

• East/Southern Africa clients carry elevated inherent risks of ML, TF, PF, UN and secondary sanctions evasion, as well as associated criminal activities

• (Corruption, IFFs via trade mis-invoicing, PEPs, cash economies, Al-Shabaab/IS-linked TF).

• Complex structures (trusts, foundations, layered companies and partnerships) frequently obscure beneficial ownership, making it harder to detect layering or integration of illicit funds.
• Introduced business from FSC TCSPs still requires your independent verification.
• Failure to report whether to the FIU, National Sanctions Secretariat or BOM is one of the most serious breaches for both individuals and institutions.

Recent Illustrations of Personal & Extraterritorial Liability

• HRDC Fraud & Money Laundering Conviction (March 2026):

• The FCC secured the conviction of company director Leeneshwar Mohes on 33 counts of money laundering. His company (KDDN Co. Ltd.) submitted fraudulent training refund claims for non-existent training.
• Mohes was held personally liable and fined MUR 1,836,500. The case underscores that individuals cannot hide behind the corporate veil.

• US Extradition – Operation Wire Wire (2018):

• US authorities extradited Stanley Hugochukwu Nwoke (Nigerian national based in Mauritius) for his role in a business email compromise (BEC) scheme involving wire fraud and money laundering that victimised US businesses.

• US Prosecution of Mauritian National (2018):

• Arvinsingh “Vinesh” Canaye (Mauritian citizen and General Manager of Beaufort Management (Mauritius)) was charged in the United States as part of a major securities fraud and money laundering conspiracy linked to Mauritian structures and banks.

These cases show that personal liability and cross-border enforcement (including secondary sanctions) are very real.

LET ME EXPLAIN

1. Your Core Obligations as a Reporting Person – Including Dual Reporting Responsibilities Under FIAMLA, the United Nations Sanctions Act 2019 and BOM Guidelines you must:

• Conduct thorough CDD/EDD on clients, beneficial owners and complex structures.
• Perform ongoing monitoring of transactions and relationships for ML, TF, PF, sanctions breaches and associated criminal activities.
• Screen for UN sanctions, secondary sanctions (OFAC, UK, EU etc.), PEPs, TF/PF red flags.

Dual (and sometimes triple) Reporting Obligations

• Sanctions Matches (UN Targeted Financial Sanctions / TFS and secondary sanctions):

• Any positive (or potentially positive) name match must be reported immediately (within 24 hours, without delay) to the National Sanctions Secretariat (NSSEC) and the Bank of Mauritius. Assets must be frozen promptly.

• Parallel AML/CFT Reporting:

• Any suspicion of ML, TF, PF, sanctions evasion or associated predicate offences must trigger a Suspicious Transaction Report (STR) to the Financial Intelligence Unit (FIU) under FIAMLA section 14.

Failure to Report Risks

• For you personally:

• Internal disciplinary action or dismissal, BOM fitness & propriety sanctions (possible debarment), FCC or FIU investigation, and potential criminal liability for wilful neglect, aiding ML/TF/PF or breaching reporting obligations.

• For the bank:

• BOM administrative penalties, FCCA 2023 corporate liability (Sections 52–53 – fine up to MUR 20 million), loss of correspondent banking relationships, reputational damage and possible licence restrictions.

2. Requirement for Adequate Policies and Procedures (BOM & FCC Rules)

• Both the Bank of Mauritius and the Financial Crimes Commission place heavy emphasis on adequate policies, procedures and controls as the cornerstone of financial crime compliance.

• BOM AML/CFT Guideline requires a comprehensive, risk-based programme covering ML, TF, PF, sanctions (UN and secondary) screening, staff training, internal controls, and independent auditing.
• FCCA 2023 (Sections 52–53) creates a “failure to prevent” offence for ML, TF, PF, corruption and other Part III offences unless adequate procedures are proven.

3. UBO/BO Risk – Upstream and Downstream Exposure

• Complex client structures amplify Beneficial Ownership (BO) and Ultimate Beneficial Owner (UBO) risks. You must look both upstream (who ultimately owns/controls the client) and downstream (what the structure owns or controls).

• Upstream Risk & Due Diligence Triggers (per FIAMLA Regulations 2018, Regulation 6): 20% ownership threshold + control test (including shadow/puppet directors and non-shareholder controllers).
• Downstream Risk: Illicit activity in African subsidiaries (e.g. corruption, TF links) can taint flows into Mauritius.
• Risk Appetite Nuance: Follow your bank’s policy, which may apply lower thresholds for high-risk African clients.

4. Risks of Reliance on Introducers (FSC-Regulated TCSPs and Other Obliged Persons)

• You may rely on FSC TCSPs under Regulation 21, but you and the bank remain fully liable for deficiencies. Independent verification is mandatory for ML, TF, PF, sanctions and associated risks.

5. The Single Criminality Test –

• “Criminal Property” under Mauritian Law, Mauritius applies a single criminality test: conduct that would be criminal if committed in Mauritius makes the property “criminal property” even if not treated as such in Africa.
• This captures upstream ML, TF, PF, corruption, tax evasion etc.

6. Source of Funds (SoF) and Source of Wealth (SoW) –

• Heightened Importance for African Clients and Virtual Assets Robust SoF/SoW verification is mandatory in EDD, especially where virtual assets are used in Africa (remittances, trade, wealth storage). These introduce extra ML/TF/PF and sanctions evasion risks.

7. Challenges with Corporate Records and Data in Africa

• Paper-based registries and
• limited coverage of global tools (e.g. World-Check) on Africa-specific risks requires supplementary Africa-focused due diligence.

8. Specific Risks Linked to Your Clients’ Structures & African Footprint

• Money Laundering (ML): Upstreamed proceeds from any predicate offence.
• Terrorist Financing (TF) & Proliferation Financing (PF): Al-Shabaab/IS links and trade networks.
• Sanctions (UN and Secondary – e.g. OFAC): Evasion through complex structures.
• Associated Criminal Activities: Corruption/bribery (public procurement), tax evasion/BEPS, IFFs via trade mis-invoicing, fraud.

Illustrative Use Case

• A Kenyan/Tanzanian/Zambian corporate client, introduced by an FSC TCSP, operates through layered trusts and foundations with virtual asset flows.
• Signs of export under-invoicing, possible TF/PF links or OFAC exposure, and inadequate SoF/SoW. If you fail to address ML, TF, PF, sanctions and associated risks through proper EDD, independent verification, monitoring or dual reporting, consequences include:

• Bank ML/TF/PF/sanctions investigation + FCCA liability (up to MUR 20M fine);
• Personal accountability (similar to HRDC, Nwoke or Canaye cases);
• Regulatory fines, career damage, debarment, de-risking, or extraterritorial enforcement.

Mitigation – Your Practical Defence

1. Rigorous EDD focused on ML, TF, PF, UN & secondary sanctions, and associated criminal activities.
2. Robust SoF/SoW verification, especially with virtual assets.
3. Independent checks beyond introducers and global databases.
4. Apply the single criminality test and dual reporting.
5. Full audit trails and escalation to MLRO.
6. Exit unmitigable relationships.

In Summary

• As a key employee, you are the bank's first line of defence against money laundering (ML), terrorist financing (TF), proliferation financing (PF), UN and secondary sanctions (e.g. OFAC) breaches, and associated criminal activities flowing through complex African structures.
• Failing in any of these areas is one of the fastest routes to serious personal and institutional liability.
• Documented vigilance, prompt dual reporting, robust due diligence and adherence to BOM/FCCA standards are your strongest protection.

This is not legal advice.

• Consult your bank's MLRO, Compliance team or an external Mauritian financial crime specialist immediately if you have concerns about any relationship.
• Or contact mathew@comsuregroup.com.

Stay sharp, strong, individual compliance protects you, your bank and Mauritius's international financial centre reputation.

Key Sources (as of May 2026)

• FIAMLA (Financial Intelligence and Anti-Money Laundering Act) & FIAML Regulations 2018 https://www.fiumauritius.org/fiu/wp-content/uploads/2026/04/FIAMLA-2002-updated-2025.pdf https://www.bom.mu/about-bank/legislations/financial-intelligence-and-anti-money-laundering-regulations-2018
• BOM AML/CFT/CPF Guideline https://www.bom.mu/sites/default/files/guideline_on_aml-cft_jan_2020_15.01.2020_0.pdf https://www.bom.mu/financial-stability/amlcft
• United Nations Sanctions Act 2019 https://www.bom.mu/about-bank/legislations/united-nations-financial-prohibitions-arms-embargo-and-travel-ban-sanctions-act-2019 https://www.fscmauritius.org/media/112391/united-nations-financial-prohibitions-arms-embargo-and-travel-ban-sanctions-act-2019-amended.pdf
• Financial Crimes Commission Act 2023 (FCCA) – especially Sections 52–53 https://fcc.mu/wp-content/uploads/2025/05/FCCA-amended-as-at-May-2025.pdf https://fcc.mu/financial-crimes-commission-act-2023/
• HRDC Conviction (March 2026) – Leeneshwar Mohes case https://fcc.mu/director-of-company-found-guilty-of-money-laundering-over-fraudulent-hrdc-claims/ http://www.comsuregroup.com/news/33-counts-of-money-laundering-mauritian-fcc-secures-conviction-march-18-2026/
• Nwoke & Canaye cases (extraterritorial enforcement examples) (Public enforcement references – detailed in court and media reports)
• FATF & Regional Risk Assessments on East/Southern Africa https://www.fatf-gafi.org/en/countries/global-network/eastern-and-southern-africa-anti-money-laundering-group--esaamlg.html

Stay sharp, strong, individual compliance protects you, your bank and Mauritius's international financial centre reputation.

End

I would like to write an ask mat blog that follows the blog below

• ASK MAT = as director of a Mauritian HOLDCO [not FSC/BOM regulated] with operating subs in EAST/SOUTHERN AFRICA - what financial crime risk am I exposed to?

This new blog

• ASK MAT = what financial crime risk am I exposed to? as a key Corporate & Investment Banking (CIB) employee of a Mauritian bank [SB] that is regulated by the bank of Mauritius [BOM] and is defined as a reporting person has clients in Africa (including EAST/SOUTHERN AFRICA) and elsewhere overseas–

• Many of these clients are legal persons who start structures and, in many cases, complex structures. - THE STRUCTURES ARE MADE UP OF

• COMPANIES, FOUNDATIONS, TRUSTS, PARTNERSHIPS

• And in many cases, the structures are introduced by Mauritian FSC-regulated trust company services providers, fund services business  

The following needs to be updated based on the new question

ASK MAT = as director of a Mauritian HOLDCO [not FSC/BOM regulated] with operating subs in EAST/SOUTHERN AFRICA - what financial crime risk am I exposed to?

ASK MAT = as a director of a Mauritian HOLDCO [NOT FSC/BOM REGULATED] with operating subsidiaries in EAST/SOUTHERN AFRICA [Kenya, Uganda, Tanzania and Zambia] -what financial crime risk am I EXPOSED?

MAT SAYS

• As a director of an unregulated Mauritian HOLDCO with operating subsidiaries in Kenya, Uganda, Tanzania, and Zambia (East/Southern Africa), you face significant layered financial crime and compliance risks.
• These stem from Mauritius's strengthened domestic framework (particularly the Financial Crimes Commission Act 2023 – FCCA), group-level oversight and control responsibilities, cross-border funding flows, and the high inherent risks in your operating jurisdictions (corruption, illicit financial flows (IFFs), politically exposed persons (PEPs), terrorist financing (TF), proliferation financing (PF), sanctions evasion, and more).

MORE SPECIFICALLY,

• East/Southern Africa presents high inherent risks (corruption, IFFs, PEPs, cash economies, TF, PF, sanctions evasion) with varying local enforcement, increasing the chance that issues surface in Mauritius via banks, MRA, FCC, or international cooperation (including US/UK requests).
• Directors bear personal liability (criminal, civil, and disqualification) for oversight failures, especially under the "failure to prevent" regime in FCCA Sections 52–53.

• Upstreamed proceeds from subsidiary offences (tax evasion, bribery, fraud, TF) can trigger money laundering (ML) liability at the HOLDCO level.
• Recent enforcement actions, including US extraditions and prosecutions of individuals linked to Mauritian structures, demonstrate active pursuit of both corporate and personal director liability, as well as strong extraterritorial reach by US authorities.

• Proactive implementation of "adequate procedures," robust group-wide policies, and proper documentation is your primary defence.
• With strong compliance, these risks are manageable. Still, inaction can result in substantial fines (up to MUR 20 million for corporations), imprisonment, reputational damage, de-risking of banking relationships, asset freezes, and parallel proceedings.

LET ME EXPLAIN

1. Crimes in Mauritius (FCCA and Related Offences)

The FCCA 2023 consolidates and strengthens rules on

• Corruption, money laundering, fraud, financing of drug dealing, terrorist financing, and
• Other offences.

It applies to all legal persons (including HOLDCOs) and establishes corporate criminal liability.

• Corporate Criminal Liability (Sections 52–53):

• Every legal person must implement "adequate procedures" to prevent Part III offences by directors, senior managers, agents, or representatives.
• Failure (Section 52) is itself an offence (fine up to MUR 20 million). Under Section 53, the HOLDCO is liable if an offence is committed for its benefit (e.g., via subsidiary flows).
• Defence: prove adequate procedures on the balance of probabilities (risk assessments, due diligence, training, monitoring, etc.).

• Tax Evasion / Fraud:

• Predicate offence. Mauritius Revenue Authority (MRA) can challenge non-arm's-length transactions.
• The Finance Act 2025 introduced mandatory transfer pricing documentation for related-party dealings.

• Round-Tripping:

• Routing funds (e.g., Africa/India → Mauritius → origin) to disguise ownership or exploit tax/FDI benefits.
• Risks ML, tax fraud charges, and scrutiny from source countries.
• Red flags: circular flows lacking substance or mismatched beneficial owners.

• Bribery/Corruption (Private & Public Sector):

• Explicitly criminalised (Section 32). Intra-group payments, subsidiary procurement, or PEP dealings expose the HOLDCO.

• Money Laundering & Terrorist Financing:

• Proceeds from any predicate offence (including TF) laundered via dividends, loans, management fees, etc.

• Mauritius maintains standalone TF offences aligned with FATF standards.

• Other:

• Financing of drug trafficking,
• False accounting,
• Cyber-enabled fraud, etc.

• Use Case:

• HOLDCO receives large "management fees" or dividends from a Zambian subsidiary engaged in export under-invoicing (tax evasion).
• This can trigger an FCC ML investigation and Section 53 corporate liability if adequate procedures are absent.

2. Regulatory Risks in Mauritius

Even unregulated HOLDCOs face governance, data, and transparency requirements, as well as indirect AML/CFT/CPF obligations. Breaches create indirect exposure (banking relationships, reputation, and director disqualification).

• National Code of Corporate Governance (2016):

• Mandatory for public interest entities (including qualifying groups) and strongly encouraged otherwise.
• Emphasises board responsibility for risk management, internal controls, group oversight (parent + subsidiaries), and transparency.
• Failures bolster FCCA or fiduciary breach claims.

• Data Protection Act 2017 (DPA):

• GDPR-aligned. Applies to processing personal data from subsidiaries.
• Requires lawful basis, security measures, cross-border transfer safeguards (adequacy or contracts), and Data Protection Impact Assessments (DPIAs).
• Breaches attract fines and director liability.

• AML/CFT/CPF Obligations:

• Triggered by banking or financial activity.
• Accurate Beneficial Ownership (BO) registers are mandatory; inaccuracies attract penalties.
• Mauritius exited the FATF grey list but faces ongoing scrutiny and has enhanced counter-proliferation financing (CPF) rules.

• Companies Act 2001:

• Strict fiduciary duties (good faith, skill/care, avoid conflicts – Sections 143–146).
• Wrongful trading in insolvency creates personal liability.

• Use Case:

• Sharing Kenyan subsidiary employee data with the Mauritian HOLDCO without proper contracts or safeguards breaches the DPA, triggering complaints and signalling broader compliance failures.

3. Secondary/Indirect Exposure Through Subsidiaries

• The HOLDCO and its directors are exposed to subsidiary risks in Kenya, Uganda, Tanzania, and Zambia through control, benefit, and oversight mechanisms, even though the HOLDCO itself is unregulated.

Core Channels of Exposure

• Consolidated Oversight & Group Responsibility:

• HOLDCO directors owe fiduciary duties to oversee material risks in controlled subsidiaries (via shareholding, board appointments, funding, and strategy).

• Consolidated Accounts & Reporting:

• Group financials must accurately reflect subsidiary performance; misstatements or hidden illicit flows can trigger false accounting or ML issues at the HOLDCO level.

• Funding Flows:

• Dividends, loans, management fees, or guarantees may constitute proceeds of crime if tainted.

• "Failure to Prevent" under FCCA 2023 (Sections 52–53):

• The strongest hook HOLDCO is liable for offences by associated persons (including subsidiary personnel) committed for the HOLDCOs benefit.

• Director Personal Liability:

• Knowing participation, wilful blindness, breach of fiduciary duties (civil claims/disqualification), or veil piercing in fraud cases.
• Overlapping directorships create joint exposure with subsidiary directors.

Recent Illustration of Personal Liability (March 2026):

• In the HRDC Fraud Case, the FCC secured the conviction of company director Leeneshwar Mohes on 33 counts of money laundering.
• His company (KDDN Co. Ltd.) submitted fraudulent training refund claims for non-existent training.
• Mohes was held personally liable and fined a total of MUR 1,836,500. The case highlights that directors cannot hide behind the corporate veil.

US Extradition Example Demonstrating Extraterritorial Reach (2018):

• In Operation Wire Wire, US authorities extradited Stanley Hugochukwu Nwoke (a Nigerian national based in Mauritius) from Mauritius to the United States

• For his role in a business email compromise (BEC) scheme involving

• Wire fraud and money laundering that victimised US businesses.

• This was the first extradition from Mauritius to the US in over 15 years and illustrates how

• Mauritius-based individuals and structures can face direct US enforcement when US victims or financial systems are impacted.

US Prosecution of Mauritian National (2018):

• Arvinsingh "Vinesh" Canaye (Mauritian citizen and General Manager of Beaufort Management (Mauritius))

• Was charged in the United States as part of a major securities fraud and money laundering conspiracy.
• He was linked to offshore structures in Mauritius used to facilitate the scheme, including moving funds through UK brokerages, offshore vehicles, and banks such as Loyal Bank.
• Canaye was arrested in the US in March 2018 and later pleaded guilty to money laundering conspiracy.

OTHER RISKS

Specific Risks

• Tax Evasion / Transfer Pricing / BEPS:

• Subsidiaries may engage in profit shifting (mispricing, thin capitalisation, excessive Mauritius fees, IP migration).

• Why directors are exposed: Flows benefit the HOLDCO → FCCA liability + ML. Failure to maintain TP documentation breaches adequate procedures and fiduciary duties.

• Sanctions / Proliferation Financing (PF) / Terrorist Financing (TF):

• Notable regional exposure to TF (Al-Shabaab, IS affiliates) and PF risks from manufacturing/trade networks.

• Why exposed: Inadequate group-wide screening risks indirect violations, ML at HOLDCO (Section 53), asset freezes, and personal liability. US/UK authorities may pursue secondary enforcement.

• Corruption / Bribery:

• High risk in public procurement and licensing.

• Extraterritorial reach: UK Bribery Act and US FCPA/OFAC can apply with a relevant nexus.

• Beneficial Ownership / Transparency: Opaque chains enable misuse.
• Illicit Financial Flows (IFFs):

• Trade misinvoicing is a major channel. Cash-intensive operations, PEPs, corruption, and TF proceeds flow upward.

·         Use Case:

• A Kenyan subsidiary engages in systematic export under-invoicing or has indirect links to high-risk trade networks (potential TF/PF red flags).
• Profits upstreamed as fees/dividends. A HOLDCO director ignores red flags without group-wide policies.

• Consequences:

• Back taxes/penalties;
• FCC ML/TF investigation (Section 53 conviction);
• personal director liability (as in HRDC, Nwoke, or Canaye cases);
• group-wide banking de-risking;
• potential UK/US enforcement or extradition.

• Other Subsidiary Risks: Fraud, cyber risks, ESG-linked crimes.

Broader / Emerging Risks

• Director's personal exposure (fines, imprisonment, disqualification) actively enforced, including via international cooperation.
• Reputational damage and de-risking.
• Inadequate group-wide controls.
• Evolving international standards (FATF, OECD BEPS, CPF, extraterritorial laws).

Mitigation Recommendations

1. Implement FCCA-compliant "adequate procedures" (including TF/PF).
2. Robust TP documentation and arm's-length policies.
3. Group-wide AML/CFT/CPF and sanctions screening with subsidiary reporting.
4. Board-level oversight with regular audits.
5. DPA-compliant data flows and governance code adherence.
6. Specialist legal/tax/compliance advice, monitor UK/US nexus, and consider D&O insurance.

In summary,

• As HOLDCO directors, you sit at the apex of control and benefit.
• Cases like the HRDC conviction, the extradition of Stanley Nwoke, and the prosecution of Vinesh Canaye underscore that both corporate/personal liability and extraterritorial enforcement are current realities.
• Robust, documented compliance is essential.

This is not legal advice.

• Consult a Mauritian financial crime and compliance lawyer for a tailored gap analysis. Or
• Contact mathew@comsuregroup.com

Key Sources (as of May 2026)

• Financial Crimes Commission Act 2023 (FCCA): https://fcc.mu/wp-content/uploads/2025/05/FCCA-amended-as-at-May-2025.pdf
• HRDC Fraud & Money Laundering Conviction (March 2026): https://fcc.mu/director-of-company-found-guilty-of-money-laundering-over-fraudulent-hrdc-claims/
• Stanley Hugochukwu Nwoke – US Extradition (Operation Wire Wire, 2018): https://www.justice.gov/archives/opa/pr/74-arrested-coordinated-international-enforcement-operation-targeting-hundreds-individuals. Additional report: https://thewillnews.com/email-scam-us-arrests-30-nigerians-in-massive-crackdown/
• Arvinsingh "Vinesh" Canaye – Mauritian National US Prosecution (2018): https://www.justice.gov/usao-edny/pr/four-individuals-charged-conspiring-defraud-united-states-failing-comply-foreign
• Finance Act 2025 (Transfer Pricing Rules): Official PDF: https://mauritiusassembly.govmu.org/mauritiusassembly/wp-content/uploads/2025/08/18_THE-FINANCE-ACT-2025-.pdf Summary: https://tpa-global.com/2025/11/24/mauritius-officially-publishes-the-finance-act-2025/
• National Code of Corporate Governance for Mauritius (2016): https://nccg.mu/sites/default/files/2021-01/the-national-code-of-corporate-governance-for-mauritius_2016.pdf
• Data Protection Act 2017 (DPA): https://dataprotection.govmu.org/Documents/DPA_2017.pdf
• FATF Reports on Terrorist Financing & Proliferation Financing Risks: https://www.fatf-gafi.org/en/publications/Methodsandtrends/comprehensive-update-terrorist-financing-risks-2025.html