Financial services professionals, along with lawyers, accountants, and others, play a pivotal role in safeguarding Mauritius's reputation as a transparent international financial centre that meets all the international standards.
Set against this pivotal role, compliance and reporting officers in Mauritian firms have spent years navigating the intricate landscape of AML/CFT/CPF. Yet, when asked whether they are progressing toward actual effectiveness in curbing financial crime or simply heading toward exhaustion, many are leaning heavily toward the latter.
Why?
Perpetual Evolving Threats and Shifting Laws
- Financial crime evolves rapidly, incorporating sanctions resulting from geopolitical shifts and emerging risks, such as cryptocurrency laundering.
- As a result, Laws such as the FIAMLA are amended frequently, often with tight deadlines, forcing rushed changes that limit strategic planning. Focusing on the period from 2023 to 2025, we have seen the implementation of the new Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Act 2024, which has led to the establishment of the Financial Crimes Commission Act 2023 amendments to FIAMLA, the Companies Act, the Bank of Mauritius Act, and the Banking Act. In May 2025, Mauritius released its Second National Risk Assessment (NRA) on Money Laundering and Terrorist Financing, covering the period from 2018 to 2024. Alongside the NRA, a new National AML/CFT Strategy was launched.
The Never-Ending Cascade of Requirements
- The perpetual evolving global threats, shifting laws, and influx of obligations are draining from enhanced due diligence on high-risk clients to real-time transaction monitoring.
- These changes create a treadmill where many firms divert resources to box-ticking rather than engaging in proactive risk management.
Maintenance of Systems, Controls, Policies, and Procedures
- The never-ending cascade of requirements means that Regulated firms must constantly update and maintain robust systems, controls, policies, and procedures (CONTROLS) to comply with AML/CFT obligations under FIAMLA Section 17A and related regulations.
- Key elements of the controls include, but are not limited to: Board Reporting (regular reports with management information, statistics, and action plans, often via board reports and Excel spreadsheets tracking high-risk clients); Compliance Policies and Operating Procedures (covering CDD, EDD, transaction monitoring, STRs, sanctions screening, and record-keeping, with defined roles for the Compliance Officer and MLRO); Risk Assessments (business-wide and client-specific, reviewed annually); Compliance Monitoring Plans (ongoing real-time and post-event monitoring); Risk Registers (for errors and omissions, conflicts of interest, breaches, complaints, refused businesses, PEPs, STRs, and sanctions matches); Training Plans and Delivery (annual programs for all staff, with records retained for at least seven years). Additional requirements include independent audits to test effectiveness, employee screening (e.g., background checks, reviews of sanctions lists), group-wide programs (if applicable), and swift record retrieval for authorities.
- These must be approved by senior management or the board, and regularly reviewed, updated, and audited at least annually or upon material changes.
Internal Board Reporting
- The MLRO/DMLRO and Compliance officer (CO) must ensure the board is informed of potential money laundering or financing risks through board reports:
- The Compliance Officer is responsible for monitoring compliance with relevant laws, codes, and internal policies and procedures. Key reporting details include compliance monitoring results and highlighting issues that require the board’s attention. This may be supported by input from compliance or internal audit functions.
- The MLRO acts as the primary point for handling STRs and liaising with authorities. Key Reporting to the board focuses on operational aspects of reporting and risk management, including the receipt and consideration of internal and external STRs, records of law enforcement requests, and liaison activities with the FSC, FIU and other agencies.
External Agency Reporting
- Regulated entities in Mauritius face a heavy load of AML/CFT reporting requirements. Here is a breakdown by regulator:
- FSC-regulated entities (e.g., investment firms, insurance companies, management companies) must file annual AML/CFT compliance reports by March 31 each year.
- All reporting persons under FIAMLA 2002 must register with the FIU, submit STRs within five working days of suspicion, and file CTRs for cash transactions over MUR 500,000.
- UN sanctions reporting must be made to the National Sanctions Secretariat for positive matches or attempted transactions.
- Firms are also required to handle annual Common Reporting Standard (CRS) reporting to prevent tax evasion through the automatic exchange of financial account information.
- Under the Data Protection Act 2017, all entities processing personal data must notify the Data Protection Office of breaches within 72 hours.
Scrutiny, Reporting, and Audits
- The controls then must be subject to annual independent AML/CFT audits and routine regulatory visits require planning and managing, and the results trigger lengthy remediations and reporting to the reviewers, adding to the workload.
The Sobering Reality: Crime Persists Despite Our Efforts
- Here is the crux:
- Compliance teams juggle this alongside operations, risking burnout, and despite these exhaustive efforts, endless training, sophisticated systems, and overhauls, financial crime isn't waning; it's growing.
- Global reports highlight the rising trend of illicit flows, with UNODC estimates suggesting that $800 billion to $2 trillion is laundered annually, representing 2% to 5% of global GDP.
Conclusion
In Mauritius, although we have made strides by exiting the FATF grey list in 2021, challenges persist due to enforcement actions against non-compliant entities, as highlighted in the 2025 National Risk Assessment Report. This raises a critical question: Are we truly effective, or just exhausted from a system prioritising volume over impact? While the intent behind AML/CFT regulations is noble, the current approach risks pushing firms to the brink of exhaustion. To shift the balance, we need smarter rules, tech-driven solutions, as well as greater collaboration between regulators and industry, to implement proportionate measures. Until then, compliance officers will advocate for sustainable practices that combat crime without depleting resources.
--
Read the original publication at AXIS
