Mauritius FCC Guidelines for Legal Persons of any size and industry

The Financial Crimes Commission (the “Commission”) is issuing these guidelines on Legal Persons according to Section 52(2) of the Financial Crimes Commission Act 2023 (“FCCA”).

This document is intended to guide Legal Persons in putting up adequate procedures which are reasonably necessary to prevent them or any person acting on their behalf from committing an offence under Part III of the FCCA. For the guidelines, offences under Part III, which include corruption offences, money laundering offences, fraud offences, financing of drug dealing offences and other offences under sub-Part V are hereinafter referred to as “Part III FCCA Offences.

These guidelines apply to:

• • A Legal Person, which is defined under section 2 of the FCCA as “any entity, including a private entity, other than a natural person” (the “Legal Person”).

It is to be noted that “Person” has been defined under section 2 of the FCC Act as: “person” means a natural person or legal person.

The guidelines:

1. 1. 1. 1. Complement the existing legal requirements under any other legislation and any guideline issued by any relevant regulatory body; and
         2. Do not absolve the Legal Person from abiding by existing legal requirements purporting to their regulatory obligations or other statutory obligations.

These guidelines have been drafted based on five (5) principles.

• • • Principle 1: Commitment at “Top level Management”
    • Principle 2: Conduct of risk assessment
    • Principle 3: Implementation of control measures
    • Principle 4: Systematic review, monitoring and enforcement
    • Principle 5: Training and communication

Concerning the above five principles, the guidelines:

• • Recommend that a Legal Person or a person acting on its behalf should consider, when implementing measures, procedures and controls, the effort to prevent it from being used as a conduit for the commission of Part III FCCA Offences.

The guidelines:-

• • Have been prepared in consideration of the best international practices;
  • Are designed to be principle-based and for general application by any Legal Person of any size and industry;
  • They are not intended to be prescriptive, and it should not be assumed that they are “one-size-fits-all”;
  • Should be applied in practical proportion to the scale, nature, industry, risk, and complexity of the entity; and
  • Aim to foster the growth of a business environment which is free from corruption, money laundering, fraud and all other offences mentioned under Part III of the FCCA and to encourage all Legal Persons to take the reasonable and proportionate measures to ensure their businesses do not participate in criminal activities for their advantage or benefit.

The FCC states

• • It is recommended that these measures be formalised through policies and procedures to ensure their effectiveness.

Read more

A. Introduction

1. The guidelines are issued by the Financial Crimes Commission (FCC) under the Financial Crimes Commission Act 2023 (FCCA). They apply to Legal Persons, as defined under Section 2 of the FCCA (entities other than natural persons), and aim to prevent offences under Part III of the FCCA, including corruption, money laundering, fraud, and the financing of drug dealing.

2. These guidelines are principle-based, non-prescriptive, and designed to be proportionate to the size, nature, industry, risk and complexity of the Legal Person. They complement existing legal and regulatory obligations, promoting a business environment free from financial crimes through formal policies and procedures.

3. Under section 53(1) of the FCCA, a Legal Person is guilty of an offence under Part III if any of its directors, senior managers, officers, agents or representatives with authority commit such an offence for the Legal Person’s benefit.

B. Adequate Procedures Based on the Five Principles

4. Legal Persons are required to develop adequate procedures based on the following principles:

• • • Principle 1: Commitment at Top-Level Management
    • Principle 2: Conduct of Risk Assessment
    • Principle 3: Implementation of Control Measures
    • Principle 4: Systematic Review, Monitoring, and Enforcement
    • Principle 5: Training and Communication

5. Adequate procedures should:

• • Be universally applied for consistent implementation across all levels;
  • Align with the Legal Person’s culture and values for effective communication and embedding;
  • Be proportionate to the Legal Person’s size, resources, and risk profile, prioritising higher-risk areas;
  • Account for existing and evolving industry or sector requirements to meet or exceed minimum standards sustainably;
  • Be documented and monitored to demonstrate practical application; and
  • Encourage integrity, openness, transparency and accountability to promote ethical behaviour.

Principle 1: Commitment at Top-Level Management

6. Top-level management must foster a culture of integrity and prevent Part III FCCA offences by persons associated with the Legal Person. Examples include organising mandatory ethics training for officers.

7. Responsibilities of top-level management include:

• • Practising the highest level of integrity and ethical leadership;
  • Ensuring compliance with applicable laws and regulatory requirements on Part III FCCA offences; and
  • Effectively managing key risks related to Part III FCCA offences.

8. Top-level management should assure stakeholders that the Legal Person operates in compliance with policies, regulations and statutory obligations by:

• • Enhancing the governance framework;
  • Strengthening the internal control system; and
  • Building staff capacity through training and communication.

9. The Legal Person should:

• • Formulate adequate internal policies and procedures;
  • Raise staff awareness of these procedures;
  • Impose disciplinary measures for violations of the code of conduct/ethics or acts qualifying as Part III FCCA offences;
  • Establish, maintain, and review a compliance program addressing Part III FCCA offence risks; and
  • Inform clients (e.g., agents, vendors, contractors, suppliers) of these procedures and ensure their adherence.

10. Additional measures include:

• • Assigning a competent person to oversee compliance matters and provide guidance;
  • Defining clear lines of authority for compliance personnel; and
  • Reporting audit results, risk assessments, and performance to top-level management, including the Board of Directors, for action.

Principle 2: Conduct of Risk Assessment

11. A risk assessment should form the basis for combating Part III FCCA offences. Legal Persons should conduct and document risk assessments at intervals appropriate to their sector or when laws or business circumstances change. This identifies, analyses, assesses, and prioritises internal and external risks to establish effective mitigation measures.

12. Factors to consider in the assessment include:

• • Opportunities for offences due to weaknesses in governance or internal systems/procedures;
  • Financial transactions that may disguise Part III FCCA offences;
  • Business activities in high-risk countries or sectors;
  • Non-compliance by external parties acting on behalf of the Legal Person; and
  • Relationships with third parties (e.g., agents, vendors, contractors, suppliers) that increase offence risks.

13.The risk assessment may address:

• • Countries of operation;
  • Local business conditions and customs;
  • Business sectors, including competitors’ practices;
  • Dependence on critical licenses;
  • Business practices and operational functions (e.g., marketing, sales);
  • Employee-related risks (e.g., untrained staff, new hires);
  • Processes (e.g., time pressures, contract variations); and
  • Nature of local business relationships with agents, distributors, suppliers, joint ventures, or public officials.

Principle 3: Implementation of Control Measures

14. Legal Persons should implement reasonable and proportionate controls to address risks arising from weaknesses in governance, processes, and procedures. These include:

(a) Due Diligence

1. 1. 1. 1. 1. Establish criteria for conducting due diligence on relevant parties (e.g., Board members, employees, agents, vendors, contractors, suppliers, consultants, senior public officials) before formalising relationships. Methods include background checks, document verification, and interviews for high-risk roles.

(b) Reporting Channel

1. 1. 1. 1. 1. Legal Persons should:

• • • • • • Establish an accessible, confidential, and anonymous whistleblowing channel for internal and external parties to report suspected or actual Part III FCCA offences;
          • Encourage good-faith reporting to the FCC;
          • Maintain a secure information management system to protect whistleblower confidentiality; and
          • Prohibit retaliation against good-faith reporters.

(c) Beneficial Ownership Transparency

1. 1. 1. 1. 1. Legal Persons should:

• • • • • • Implement Beneficial Ownership Procedures aligned with Financial Action Task Force (FATF) recommendations for AML/CFT compliance;
          • Identify, verify, and monitor individuals who ultimately own or control the Legal Person;
          • Regularly update and securely store beneficial ownership information, filing it accurately with the Corporate and Business Registration Department; and
          • Document the verification process.

(d) Transaction Monitoring and Reporting

1. 1. 1. 1. 1. Legal Persons should:

• • • • • • Implement systems (e.g., machine-learning fraud analytics, where appropriate) to detect suspicious transactions indicating money laundering, fraud or other financial crimes, especially in high-risk jurisdictions;
          • Comply with reporting laws, such as filing Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit under the Financial Intelligence and Anti-Money Laundering Act 2002; and
          • Maintain comprehensive, accessible records of financial transactions, including parties, amounts, purposes and dates.

Principle 4: Systematic Review, Monitoring, and Enforcement

15. Top-level management should ensure regular reviews to assess the performance, efficiency and effectiveness of adequate procedures. Reviews may include Part III FCCA risk assessments, internal audits or third-party audits.

16. Reviews should drive improvements to existing procedures. Legal Persons should:

• • Plan and maintain a monitoring program defining scope, frequency, and methods;
  • Appoint competent persons or a compliance function to perform risk assessments and audits;
  • Continually evaluate and improve policies and procedures;
  • Monitor personnel performance to ensure compliance with procedures; and
  • Conduct disciplinary proceedings for non-compliance.

Principle 5: Training and Communication

17. Legal Persons should develop and conduct training and communication programs proportionate to their operations, covering:

• • Policies;
  • Training;
  • Reporting channels; and
  • Consequences of non-compliance.

Communication of Policies

18. Policies should be publicly available and communicated to all personnel and business associates. Consider:

• • Key points to communicate, target audience, methods, and timeframe;
  • Appropriate languages for communication materials; and
  • Formats such as intranet messages, emails, newsletters, posters, code of conduct, employee handbooks, or video seminars.

Training

19. Provide employees and business associates with training to ensure understanding of adequate procedures, particularly their roles. Training should cover reporting lines, transaction approval hierarchies, and compliance procedures, and be provided before business is conducted.

Gifts, Hospitality & Promotional Expenditure Policy (GHPE Policy)

20. The five principles guide measures to prevent Part III FCCA offences. The GHPE Policy applies to anyone working for the Legal Person (e.g., corporate officers, employees, temporary staff, interns and volunteers) who gives or receives gifts, hospitality or promotional expenditures.

21. Gifts, hospitality and promotional expenditure must be reasonable, proportionate and made in good faith to avoid being perceived as bribes. The policy should be clear and accessible to all.

22. Criteria to ensure gifts, hospitality or promotional expenditure are not bribes:

• • Made for the right reason (e.g., appreciation or bona fide business purpose);
  • No attached obligation or expectation of favour;
  • Made openly, not secretly or undocumented;
  • Fully documented, including purpose and approvals, and recorded in the books;
  • Recorded in a gift register and reported to management;
  • Not viewed unfavourably by stakeholders if disclosed;
  • Of reasonable value relative to the context;
  • Conforms to the recipient’s rules; and
  • Infrequent between the giver and the recipient.

Source

https://fcc.mu/guidelines-on-legal-persons-issued-by-the-fcc/