قائمة امتثال KYC وKYB وAML
موريشيوس KYC, KYB & AML
An implementation-focused checklist for fintechs, banks, payment service providers, FSC licensees and other reporting persons operating in Mauritius. It translates the Financial Intelligence and Anti-Money Laundering Act 2002 as currently amended, the FIAML Regulations 2018, current FIU reporting procedures, sector guidance from the Bank of Mauritius and Financial Services Commission, beneficial-ownership rules, targeted-financial-sanctions controls, payment licensing and data-protection requirements into operational actions and audit evidence.
- تاريخ المراجعة
- 15 July 2026
- الإصدار
- 1.0
- مجالات رقابية
- 11
- فحوص تنفيذ
- 58
إجابة مباشرة
ما الذي تغطيه قائمة الامتثال الخاصة بـ موريشيوس؟
تحوّل قائمة موريشيوس قواعد KYC وKYB وAML الأساسية إلى 11 مجالات رقابية و58 فحوص تنفيذ، وتشمل الجهات المختصة وواجبات الإبلاغ والأدلة الواجب الاحتفاظ بها.
حقائق تنظيمية أساسية
- Primary AML law
- FIAMLA 2002, as amended
- Financial intelligence unit
- FIU Mauritius
- Banking and payment supervisor
- Bank of Mauritius
- Non-bank financial supervisor
- Financial Services Commission
- Core AML record period
- At least 7 years
- STR deadline
- Within 5 working days after suspicion arose
- FATF status
- Not under increased monitoring
تفاصيل التنفيذ
متطلبات وإجراءات الامتثال في موريشيوس
افتح كل مجال لمراجعة المتطلب وإجراء التنفيذ المقترح والأدلة الواجب الاحتفاظ بها والمصدر الأساسي.
01Confirm scope, authorities and permissionsStart with the statutory reporting-person perimeter, then apply the rules and guidance of the authority supervising the particular entity and activity.5 عناصر+
Document whether each entity and activity is a reporting person under FIAMLA.
- إجراء التنفيذ
- Map every legal entity, product and customer journey to the FIAMLA definition and Schedule, including financial institutions and the specified designated non-financial businesses and professions. Record the applicable regulatory body or supervisory authority; do not assume that every Mauritius business has identical FIAMLA duties.
- الأدلة الواجب الاحتفاظ بها
- Signed perimeter memorandum; entity-product matrix; reporting-person classification; supervisor map.
- المصدر الأساسي
- FIAMLA, ss. 2 and 14; Schedule, as amended
Recognise FIU Mauritius as the national financial intelligence unit and STR recipient.
- إجراء التنفيذ
- Maintain a controlled channel for FIU registration, electronic STR filing, FIU requests and feedback. FIU is the central agency established under FIAMLA to receive, request, analyse and disseminate relevant financial information.
- الأدلة الواجب الاحتفاظ بها
- FIU registration; goAML organisation profile; nominated contacts; request log.
- المصدر الأساسي
- FIAMLA, ss. 9-10 and 14C; Registration by Reporting Person Regulations 2019
Keep Bank of Mauritius and FSC scopes separate.
- إجراء التنفيذ
- Apply the Bank's AML/CFT/CPF Guideline to banks, non-bank deposit-taking institutions, cash dealers, money lenders and National Payment Systems Act licensees within its stated scope. Apply the FSC AML/CFT Handbook to financial institutions under FSC's non-bank and global-business purview. Treat each as sector guidance issued under supervisory powers, not as a universal replacement for FIAMLA or the Regulations.
- الأدلة الواجب الاحتفاظ بها
- Licence inventory; supervisor-to-obligation matrix; sector-guidance applicability opinion.
- المصدر الأساسي
- Bank of Mauritius AML/CFT/CPF Guideline 2020, paras. 2.01-2.06; FSC AML/CFT Handbook, chs. 1-2
Obtain the required financial-services or payment permission before operating.
- إجراء التنفيذ
- Classify banking, deposit-taking, cash-dealer, money-lending, payment, securities, insurance, global-business, management-company and virtual-asset activities under the relevant enabling law. Verify the licence on the competent authority's current register and map each service to the permission actually granted.
- الأدلة الواجب الاحتفاظ بها
- Licence or authorisation; legal perimeter opinion; service-to-permission map; regulator-register check.
- المصدر الأساسي
- Banking Act 2004; National Payment Systems Act 2018; Financial Services Act 2007; VAITOS Act 2021, where applicable
Assign accountable owners across AML, sanctions, company, payment and privacy regimes.
- إجراء التنفيذ
- Maintain a RACI covering FIU and goAML, Bank or FSC supervision, CBRD beneficial-ownership filings, National Sanctions Secretariat notices, payment licensing and Data Protection Office registration and incident reporting.
- الأدلة الواجب الاحتفاظ بها
- Approved RACI; appointment records; committee terms; regulatory calendar.
- المصدر الأساسي
- FIAMLA; FIAML Regulations 2018; Companies Act 2001; Sanctions Act 2019; NPS Act 2018; Data Protection Act 2017
02Build a risk-based AML/CFT/CPF programmeThe statutory programme must connect documented risk assessment, senior-approved controls, competent officers, training and independent assurance.5 عناصر+
Maintain a written, current business risk assessment.
- إجراء التنفيذ
- Assess customer, country, product, service, transaction, delivery-channel, third-party and technology risks, considering the current national and sector risk assessments. Document methodology, inherent risk, controls, residual risk and action owners; update for material change and before new products or technologies launch.
- الأدلة الواجب الاحتفاظ بها
- Business risk assessment; methodology; data pack; change triggers; mitigation plan.
- المصدر الأساسي
- FIAMLA, s. 17(1)-(4); Mauritius Second National ML/TF Risk Assessment 2025
Establish senior-approved policies, controls and procedures proportionate to the business.
- إجراء التنفيذ
- Cover CDD, beneficial ownership, ongoing monitoring, PEPs, sanctions, STRs, records, reliance, outsourcing, employee screening, training and independent audit. Monitor implementation, review and enhance the controls, and preserve a written record of the policies, changes and internal communication.
- الأدلة الواجب الاحتفاظ بها
- Senior-approved policy suite; control library; version history; communication and training records.
- المصدر الأساسي
- FIAMLA, s. 17A
Appoint the required Compliance Officer, MLRO and Deputy MLRO with suitable seniority and access.
- إجراء التنفيذ
- Document appointments and reporting lines, provide unrestricted access to books, records and staff, and separate compliance oversight from the MLRO's internal-disclosure assessment and external-reporting role. Apply any sector-specific approval or notification requirement imposed by the Bank or FSC.
- الأدلة الواجب الاحتفاظ بها
- Appointment letters; fit-and-proper records; board minutes; access test; succession plan.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 22, 26-27; applicable Bank or FSC requirements
Screen employees, train relevant staff and test the programme independently.
- إجراء التنفيذ
- Apply risk-sensitive recruitment screening and continuing role-based training. Maintain an independent audit function that tests legal compliance and control effectiveness; set scope and frequency according to risk and applicable supervisory guidance rather than assuming a single statutory calendar for all sectors.
- الأدلة الواجب الاحتفاظ بها
- Screening files; training curriculum and attendance; independent audit plan and reports; remediation log.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 22; FSC AML/CFT Handbook, chs. 12-13; Bank AML/CFT/CPF Guideline 2020
Apply group-wide and foreign-branch controls where relevant.
- إجراء التنفيذ
- For a financial group, implement group policies, information-sharing safeguards and consistent controls across branches and majority-owned subsidiaries, subject to local-law constraints. Escalate any host-country impediment to the home supervisor and apply additional risk measures.
- الأدلة الواجب الاحتفاظ بها
- Group policy; jurisdiction gap analysis; information-sharing protocol; supervisor correspondence.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 23-24; applicable Bank or FSC guidance
03Identify and verify individual customersCDD must establish the customer, anyone acting for the customer, the beneficial owner and the intended relationship using reliable, independent evidence.6 عناصر+
Do not establish or maintain anonymous or fictitious-name accounts.
- إجراء التنفيذ
- Configure onboarding and account controls to require a verified legal identity and to block fabricated, placeholder or materially inconsistent identity information.
- الأدلة الواجب الاحتفاظ بها
- Account-opening rules; blocked test cases; exception log.
- المصدر الأساسي
- FIAMLA, s. 17B
Identify and verify the customer and beneficial owner using reliable, independent sources.
- إجراء التنفيذ
- Collect the prescribed natural-person information and verify it through valid official documents, data or information appropriate to the risk and channel. Identify and verify any representative and confirm the representative's authority to act.
- الأدلة الواجب الاحتفاظ بها
- Customer file; identity evidence; verification provenance; mandate or authority record.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 3-4 and 8
Understand the purpose and intended nature of the relationship or occasional transaction.
- إجراء التنفيذ
- Record the expected products, activity, counterparties, source and destination patterns and commercial rationale needed to create a defensible customer-risk and monitoring profile.
- الأدلة الواجب الاحتفاظ بها
- Purpose statement; expected-activity profile; risk score and rationale.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 3(1)(d)
Apply CDD at every statutory trigger.
- إجراء التنفيذ
- Trigger CDD when establishing a business relationship; conducting an occasional transaction at or above the prescribed threshold, including linked transactions, or a wire transfer in the circumstances specified by the Regulations; where ML/TF is suspected; and where there are doubts about previously obtained identification data. Keep any prescribed amount in a controlled legal register rather than hard-coding an unsupported universal threshold.
- الأدلة الواجب الاحتفاظ بها
- CDD trigger matrix; threshold register; workflow configuration; test results.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 8
Verify identity before or during establishment and tightly control any permitted deferral.
- إجراء التنفيذ
- Complete verification before or during establishment of the relationship or the occasional transaction. Defer completion only where the Regulation's conditions are met: it is essential not to interrupt normal business, verification occurs as soon as reasonably practicable and ML/TF risks are effectively managed. Use documented risk limits that prevent unrestricted use before completion.
- الأدلة الواجب الاحتفاظ بها
- Verification timestamps; deferral approval; restricted-service controls; completion monitoring.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 9
Do not proceed where required CDD or EDD cannot be completed.
- إجراء التنفيذ
- Do not open the account, commence the relationship or perform the transaction, or terminate the relationship as applicable, and file an STR where required. Preserve the decision without alerting the customer to an STR or related analysis.
- الأدلة الواجب الاحتفاظ بها
- Decline or exit record; investigation file; STR decision and filing reference; access restrictions.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 12(3) and 13; FIAMLA, ss. 14 and 16
04Verify businesses and beneficial ownersKYB must establish legal existence, governing powers, ownership and control, then trace the customer to the natural persons who ultimately own or control it.5 عناصر+
Verify the legal person's identity, status and authority structure.
- إجراء التنفيذ
- Obtain and verify the name, legal form and proof of existence, constitutional or governing instruments, powers that regulate and bind the entity, registered office and principal place of business, and relevant senior managing persons and authorised signatories.
- الأدلة الواجب الاحتفاظ بها
- Current CBRD or foreign-registry extract; constitutional documents; director and signatory records; address checks.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 3 and 5
Apply the statutory legal-person beneficial-owner cascade accurately.
- إجراء التنفيذ
- Identify and take reasonable measures to verify every natural person who ultimately has an ownership interest of 20 per cent or more. Where ownership does not identify the beneficial owner or there is doubt, identify control through other means; if no natural person is identified, record the relevant senior managing official. Preserve the actions taken and difficulties encountered.
- الأدلة الواجب الاحتفاظ بها
- Layered ownership chart; percentage calculation; control analysis; senior-manager fallback rationale; verification record.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 6
Identify all relevant parties to trusts and similar arrangements.
- إجراء التنفيذ
- For a trust, identify and reasonably verify the settlor, trustee, beneficiaries or class of beneficiaries, and where applicable the protector or enforcer, plus any other natural person exercising ultimate effective control. Identify equivalent persons for other legal arrangements.
- الأدلة الواجب الاحتفاظ بها
- Trust deed; party register; control chart; verified identity files; change undertaking.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 7
Reconcile CBRD information without treating the registry as conclusive CDD.
- إجراء التنفيذ
- Compare registry, constitutional, customer and independent evidence, investigate discrepancies and document why the identified natural persons satisfy the AML cascade. Obtain current information rather than relying only on a certificate or customer declaration.
- الأدلة الواجب الاحتفاظ بها
- CBRD search; discrepancy log; corroborating evidence; approved BO conclusion.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 5-7; Companies Act 2001, ss. 11 and 91
Meet the company's own beneficial-ownership register and filing duties.
- إجراء التنفيذ
- For a Mauritius company, maintain the separate, accurate and up-to-date register required by section 91, including the ownership structure and applicable nominee information; preserve records of identification action and the beneficial owner's written declaration; make information available forthwith to competent authorities. Confirm CBRIS filing events and deadlines, including the current change-filing rules. Companies incorporated before the relevant 2025 amendment had to meet the new declaration requirement by 30 June 2026.
- الأدلة الواجب الاحتفاظ بها
- Section 91 register; written BO or UBO declarations; CBRIS receipts; change log; authority-access procedure.
- المصدر الأساسي
- Companies Act 2001, ss. 11 and 91, as amended by Act 10 of 2024 and Finance Act 2025
05Apply PEP, enhanced and remote due diligenceHigher-risk relationships require stronger information, approval, source and monitoring controls, while remote onboarding must achieve reliable identity assurance.5 عناصر+
Detect foreign, domestic and international-organisation PEPs, including applicable family members and close associates.
- إجراء التنفيذ
- Use risk-based systems to determine whether the customer or beneficial owner is a PEP and establish the connected-person relationship. Do not use database screening as a substitute for customer and ownership analysis.
- الأدلة الواجب الاحتفاظ بها
- PEP screening result; relationship analysis; match disposition; review history.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 2 and 15
Apply the full foreign-PEP measures and risk-based domestic or international-organisation PEP measures.
- إجراء التنفيذ
- For a foreign PEP who is a customer or beneficial owner, obtain senior-management approval, take reasonable measures to establish source of wealth and source of funds, and conduct enhanced ongoing monitoring. Apply those measures to domestic and international-organisation PEPs where the relationship is higher risk, in accordance with regulation 15.
- الأدلة الواجب الاحتفاظ بها
- Senior approval; source-of-wealth and source-of-funds corroboration; enhanced monitoring plan.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 15
Apply enhanced CDD whenever higher ML/TF risk is identified.
- إجراء التنفيذ
- Obtain additional customer, ownership, purpose, source-of-funds or source-of-wealth and transaction information, obtain senior approval where appropriate and increase monitoring in proportion to the identified risk. Apply relevant measures for countries identified by competent authorities or FATF, without treating nationality alone as a conclusion.
- الأدلة الواجب الاحتفاظ بها
- EDD checklist; enhanced evidence; approval; monitoring configuration; review schedule.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 12; applicable Bank or FSC guidance
Use simplified CDD only for a substantiated lower-risk case.
- إجراء التنفيذ
- Document why the lower risk is consistent with the latest national or supervisory risk assessment and apply measures commensurate with that risk. Do not use simplified CDD where there is knowledge, suspicion or reasonable grounds concerning ML/TF or another person acting behind the transaction.
- الأدلة الواجب الاحتفاظ بها
- Lower-risk rationale; NRA mapping; approved simplified measures; exclusion tests.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 11
Control non-face-to-face and new-technology risk before launch.
- إجراء التنفيذ
- Assess impersonation, document fraud, device, cyber, data, outsourcing and transaction risks; implement proportionate authentication, liveness or equivalent presence controls where used, reliable document checks, fraud controls and escalation. Follow the additional Bank or FSC expectations applicable to the licensee.
- الأدلة الواجب الاحتفاظ بها
- Channel risk assessment; vendor due diligence; model and liveness tests; exception and incident logs.
- المصدر الأساسي
- FIAMLA, s. 17(3); FIAML Regulations 2018; Bank AML/CFT/CPF Guideline 2020; FSC AML/CFT Handbook
06Monitor activity and report suspicionMonitoring must stay aligned with current customer information and route suspicious completed, proposed and attempted activity confidentially to FIU through goAML.6 عناصر+
Conduct ongoing monitoring throughout every business relationship.
- إجراء التنفيذ
- Scrutinise transactions, including source of funds where necessary, for consistency with the customer, business and risk profile; keep CDD data current and relevant, with particular attention to higher-risk customers.
- الأدلة الواجب الاحتفاظ بها
- Monitoring scenarios; alert history; customer reviews; profile updates; tuning decisions.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 3(1)(e)
Examine complex, unusually large, unusual-pattern and apparently purposeless activity.
- إجراء التنفيذ
- Investigate background, purpose, parties, source and destination; record the analysis and determine whether an internal disclosure and external STR are required. Calibrate monitoring to the business model rather than relying on generic rules alone.
- الأدلة الواجب الاحتفاظ بها
- Case file; supporting information; analyst rationale; escalation decision.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 12 and 28-29; applicable Bank or FSC guidance
File an STR within 5 working days after suspicion arose.
- إجراء التنفيذ
- The reporting person or auditor must file electronically with FIU through the production goAML environment no later than 5 working days after the suspicion arose. Cover completed, proposed and attempted transactions where the statutory suspicion test is met; do not wait for proof of an offence.
- الأدلة الواجب الاحتفاظ بها
- Suspicion timestamp; MLRO assessment; goAML acknowledgement; deadline-control report.
- المصدر الأساسي
- FIAMLA, s. 14(1); FIU STR reporting page; FIU Guidance Note 4
Register the reporting person and maintain production goAML readiness.
- إجراء التنفيذ
- Complete FIU organisation registration through the MLRO, maintain authorised users, delegation and current contact details, test access and retain a controlled contingency process consistent with FIU instructions.
- الأدلة الواجب الاحتفاظ بها
- Registration acceptance; user register; access test; delegation record; continuity exercise.
- المصدر الأساسي
- FIAMLA, s. 14C; Registration by Reporting Person Regulations 2019; FIU goAML guides
Protect STR confidentiality and prevent tipping off.
- إجراء التنفيذ
- Restrict STR, internal disclosure and FIU-request information to authorised personnel; ensure customer communications, exits and information requests do not reveal that an STR has been or will be made or that an investigation is underway.
- الأدلة الواجب الاحتفاظ بها
- Need-to-know matrix; confidential case repository; disclosure log; staff training.
- المصدر الأساسي
- FIAMLA, ss. 16 and 16A; FIU Guidance Note 4
Respond promptly and completely to lawful FIU and supervisory requests.
- إجراء التنفيذ
- Preserve data lineage, identify an accountable response owner, authenticate the request, provide complete records securely and retain the request, response and approval trail without compromising confidentiality.
- الأدلة الواجب الاحتفاظ بها
- Request register; response package; approval and delivery evidence; legal hold.
- المصدر الأساسي
- FIAMLA, ss. 10, 19E and 19J-19K
07Implement targeted financial sanctionsUN and domestic designations require screening, immediate prohibitions and freezing, prescribed reporting and strict controls against making assets or services available.5 عناصر+
Screen against both listed-party and designated-party information.
- إجراء التنفيذ
- Screen customers, beneficial owners, controllers, counterparties, payees and relevant transaction parties at onboarding, before execution and promptly after list updates. Use the National Sanctions Secretariat and UN lists and record fuzzy-match and ownership-control logic.
- الأدلة الواجب الاحتفاظ بها
- List inventory; screening logs; update timestamps; match procedures; control tests.
- المصدر الأساسي
- Sanctions Act 2019, ss. 7, 18-25 and 41; National Sanctions Secretariat guidance
Apply prohibitions and freezes immediately.
- إجراء التنفيذ
- Where the Act requires a prohibition or freeze, do not deal with the funds or other assets and do not make funds, assets or services available, directly or indirectly, to or for the benefit of the listed or designated party. In the Act, immediately means without delay and no later than 24 hours.
- الأدلة الواجب الاحتفاظ بها
- Freeze timestamp; blocked-transaction record; asset inventory; legal and compliance decision.
- المصدر الأساسي
- Sanctions Act 2019, ss. 18-25 and definition of immediately
Submit the prescribed match and asset reports to the correct authorities.
- إجراء التنفيذ
- Report screening outcomes, including funds or no funds identified where required by the applicable procedure, to the National Sanctions Secretariat and the AML/CFT supervisor. Where information relating to a listed party is known to a reporting person, submit it immediately to FIU under the statutory route and file an STR where required.
- الأدلة الواجب الاحتفاظ بها
- NSSEC report; supervisor report; FIU STR acknowledgement; zero-asset or positive-asset evidence.
- المصدر الأساسي
- Sanctions Act 2019, ss. 25 and 39-41; FIU TFS FAQ; applicable Bank or FSC procedure
Do not release frozen assets without lawful authority.
- إجراء التنفيذ
- Maintain the freeze until delisting, lapse, court or statutory authorisation, and process permitted expenses or other exceptions only through the prescribed procedure. Verify delisting before unfreezing and preserve the approval trail.
- الأدلة الواجب الاحتفاظ بها
- Freeze register; licence or order; delisting verification; unfreeze approval and timestamp.
- المصدر الأساسي
- Sanctions Act 2019, ss. 26-34; National Sanctions Secretariat guidance
Test sanctions controls independently.
- إجراء التنفيذ
- Test list ingestion, aliases, transliteration, ownership and control, rescreening, payment interdiction, case escalation, reporting and unfreezing. Document gaps and remediate without waiting for a live match.
- الأدلة الواجب الاحتفاظ بها
- Sanctions test plan; seeded-match results; issue register; remediation evidence.
- المصدر الأساسي
- Sanctions Act 2019, ss. 40-41; Bank TFS implementation page; FSC TFS guidance
08Retain records and support reconstructionAML records must remain complete, retrievable and sufficient to reconstruct customers, decisions and transactions over the statutory period.5 عناصر+
Retain customer and beneficial-owner records for at least 7 years after the relationship ends.
- إجراء التنفيذ
- Keep identification and verification evidence, ownership and control analysis, customer risk assessments and business correspondence for at least 7 years after termination of the business relationship, subject to any longer lawful hold or sector rule.
- الأدلة الواجب الاحتفاظ بها
- Retention schedule; lifecycle configuration; sample retrieval; legal-hold register.
- المصدر الأساسي
- FIAMLA, s. 17F; FIAML Regulations 2018, reg. 14
Retain domestic and international transaction records for at least 7 years after completion.
- إجراء التنفيذ
- Preserve sufficient originator, beneficiary, amount, currency, date, account, channel, agent, screening and decision data to reconstruct each transaction and answer FIU or supervisory requests swiftly.
- الأدلة الواجب الاحتفاظ بها
- Transaction archive; data-lineage map; reconstruction test; access log.
- المصدر الأساسي
- FIAMLA, s. 17F; FIAML Regulations 2018, reg. 14
Retain each STR and its supporting record for at least 7 years from filing.
- إجراء التنفيذ
- Store the internal disclosure, MLRO assessment, supporting evidence, filed report, acknowledgement and any FIU correspondence in a segregated, access-controlled repository.
- الأدلة الواجب الاحتفاظ بها
- STR archive; goAML receipt; access matrix; retrieval test.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 14 and 27-29; FIU Guidance Note 4
Extend retention when a competent authority requires it.
- إجراء التنفيذ
- Implement legal holds capable of overriding ordinary deletion where FIU, the Bank, FSC, an investigatory authority or another competent authority requires records to be preserved for longer.
- الأدلة الواجب الاحتفاظ بها
- Legal-hold notice; system lock; release approval; audit trail.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 14; applicable FIU, Bank or FSC requirement
Make records swiftly available without weakening confidentiality.
- إجراء التنفيذ
- Index records by customer, beneficial owner, account, transaction and case; test retrieval and controlled export; ensure only authorised persons can access STR and sanctions information.
- الأدلة الواجب الاحتفاظ بها
- Retrieval service levels; access logs; test reports; secure-delivery procedure.
- المصدر الأساسي
- FIAML Regulations 2018, regs. 14 and 22(2); FIAMLA, ss. 16 and 19J-19K
09Protect personal and biometric dataKYC, screening and monitoring data remain subject to the Data Protection Act 2017 even where processing is necessary for a legal AML obligation.6 عناصر+
Register as a controller and, where applicable, as a processor before processing.
- إجراء التنفيذ
- Complete the Data Protection Office registration applicable to each legal role. Registration certificates are valid for 3 years; renew them and notify changes in registered particulars within 14 days. Designate the officer responsible for data-protection compliance.
- الأدلة الواجب الاحتفاظ بها
- Controller or processor certificate; renewal calendar; change notices; DPO appointment.
- المصدر الأساسي
- Data Protection Act 2017, ss. 14-18 and 22(2)(e); Data Protection (Fees) Regulations 2020
Map every KYC processing purpose to a lawful basis and minimise collection.
- إجراء التنفيذ
- Document purposes, lawful grounds, necessity, data categories, recipients, retention, rights and security for identity, biometric, device, transaction, screening and investigation data. Separate mandatory compliance processing from optional analytics and marketing.
- الأدلة الواجب الاحتفاظ بها
- Record of processing; lawful-basis assessment; privacy notice; minimisation review.
- المصدر الأساسي
- Data Protection Act 2017, ss. 22-23 and 27-33
Apply special-category safeguards to biometrics, offences and PEP-related data.
- إجراء التنفيذ
- Treat biometric data uniquely identifying a person and offence or alleged-offence information as special-category data. Document the section 28 lawful basis and the additional section 29 condition, limit access and protect templates and source images throughout their lifecycle.
- الأدلة الواجب الاحتفاظ بها
- Special-category assessment; biometric architecture; access controls; deletion and security tests.
- المصدر الأساسي
- Data Protection Act 2017, ss. 2, 28-29 and 31
Complete a DPIA before high-risk identity or monitoring processing.
- إجراء التنفيذ
- Perform a data-protection impact assessment before processing likely to create high risk, including large-scale special-category processing or systematic and extensive automated evaluation with significant effects. Consult the Office where residual high risk or another consultation trigger remains.
- الأدلة الواجب الاحتفاظ بها
- DPIA; necessity and proportionality assessment; mitigation plan; consultation record.
- المصدر الأساسي
- Data Protection Act 2017, ss. 34-35
Control transfers of personal data outside Mauritius.
- إجراء التنفيذ
- Map every cloud, verification, screening and support location and satisfy one of the section 36 transfer conditions. Where appropriate safeguards cannot be provided, obtain the Office's prior authorisation under section 35 rather than relying on an undisclosed offshore processor.
- الأدلة الواجب الاحتفاظ بها
- Transfer map; safeguards; contracts; explicit-consent record where applicable; DPO authorisation.
- المصدر الأساسي
- Data Protection Act 2017, ss. 35-36
Operate the statutory personal-data-breach workflow.
- إجراء التنفيذ
- Require processors to notify the controller without undue delay. Unless the breach is unlikely to create risk to rights and freedoms, notify the Commissioner no later than 72 hours after awareness, explain delay where applicable and communicate high-risk breaches to affected persons as required.
- الأدلة الواجب الاحتفاظ بها
- Incident log; awareness timestamp; DPO notification; data-subject communication; lessons learned.
- المصدر الأساسي
- Data Protection Act 2017, ss. 25-26
10Operate payment-service controlsPayment products add Bank of Mauritius licensing, governance, security, safeguarding and reporting duties to the general FIAMLA baseline.5 عناصر+
Obtain Bank authorisation or a payment-service-provider licence where required.
- إجراء التنفيذ
- Classify system-operation, clearing, settlement and payment services under the National Payment Systems Act and the 2021 Regulations as amended in 2024. Submit the prescribed application and do not rely on a technology-provider label to conduct a regulated service without permission.
- الأدلة الواجب الاحتفاظ بها
- NPS legal classification; authorisation or licence; application file; conditions register.
- المصدر الأساسي
- National Payment Systems Act 2018; NPS (Authorisation and Licensing) Regulations 2021, as amended in 2024
Provide only the services and functions covered by the permission.
- إجراء التنفيذ
- Map acquiring, payment-account, transfer, card, cash-in or cash-out, payment-initiation, aggregation and other functions to the licence and current Bank framework. Verify counterparties on the Bank's current licensee list.
- الأدلة الواجب الاحتفاظ بها
- Service-to-licence map; regulator-register check; partner due diligence; product approval.
- المصدر الأساسي
- NPS Act 2018; NPS licensing regulations; Bank of Mauritius payment licensee register
Apply the Bank AML/CFT/CPF Guideline to NPS licensees within scope.
- إجراء التنفيذ
- Implement the Guideline's customer-risk, CDD, monitoring, wire-transfer, record, governance and sanctions expectations in addition to FIAMLA and the Regulations. Do not present the Bank Guideline as governing an FSC-only licensee outside the Bank's stated scope.
- الأدلة الواجب الاحتفاظ بها
- Bank-guideline gap analysis; control map; board approval; supervisory-return calendar.
- المصدر الأساسي
- Bank of Mauritius AML/CFT/CPF Guideline 2020, paras. 2.01-2.06
Maintain safe, secure, efficient and resilient payment operations.
- إجراء التنفيذ
- Implement governance, access, fraud, cyber, continuity, reconciliation, incident and customer-protection controls required by the Act, licence conditions and current Bank directives or guidelines. Preserve complete transaction traceability for AML monitoring and authority requests.
- الأدلة الواجب الاحتفاظ بها
- Governance records; security architecture; reconciliations; continuity tests; incident reports.
- المصدر الأساسي
- National Payment Systems Act 2018, including ss. 17 and 24; applicable Bank directives and licence conditions
Apply the July 2026 Payment Aggregator Guideline only where the activity falls within its scope.
- إجراء التنفيذ
- For an aggregator model, assess the current Bank Guideline for Payment Aggregators, licensing position, merchant due diligence, settlement, risk, security and consumer obligations. Record which provisions are binding through the Act, licence or direction and which are supervisory guidance.
- الأدلة الواجب الاحتفاظ بها
- Aggregator perimeter assessment; merchant-control framework; settlement map; Bank correspondence.
- المصدر الأساسي
- Bank of Mauritius Guidelines page; Guideline for Payment Aggregators, 10 July 2026
11Launch, oversee and evidence compliancePublication-ready policies are not enough; every rule needs an owner, tested system implementation and retrievable evidence.5 عناصر+
Run a documented pre-launch regulatory gate.
- إجراء التنفيذ
- Confirm perimeter, licences, FIU and goAML registration, CDD and beneficial-owner rules, PEP and sanctions controls, monitoring, records, CBRD status, Data Protection Office registration and DPIA, payment permission, outsourcing and incident readiness before production.
- الأدلة الواجب الاحتفاظ بها
- Launch checklist; accountable approvals; unresolved-risk register; production decision.
- المصدر الأساسي
- FIAMLA; FIAML Regulations 2018; applicable Bank, FSC, CBRD, NSSEC and DPO instruments
Control reliance and outsourcing without transferring responsibility.
- إجراء التنفيذ
- Use third-party CDD reliance only where the statutory conditions are met, obtain core CDD information immediately and ensure identification documents are available without delay. Assess processors and technology providers, contract security and audit rights and maintain the reporting person's responsibility.
- الأدلة الواجب الاحتفاظ بها
- Third-party assessment; reliance decision; contract; data-access test; exit plan.
- المصدر الأساسي
- FIAMLA, ss. 17D-17F; FIAML Regulations 2018, reg. 21; applicable Bank or FSC outsourcing guidance
Track legal and supervisory change from the primary authorities.
- إجراء التنفيذ
- Monitor FIU, Bank, FSC, CBRD, National Sanctions Secretariat, Data Protection Office and FATF publications. Treat bills and consultation papers as horizon-scanning items until enacted or brought into force, and update controls only against verified legal status.
- الأدلة الواجب الاحتفاظ بها
- Legal inventory; alert subscriptions; impact assessments; implementation tickets.
- المصدر الأساسي
- Official FIU, Bank, FSC, CBRD, NSSEC, DPO and FATF publications
Test control effectiveness and remediate findings.
- إجراء التنفيذ
- Use risk-based compliance monitoring and independent audit to test onboarding, beneficial ownership, PEPs, sanctions, payment, transaction monitoring, STR, privacy and recordkeeping controls. Report material deficiencies to senior management and the board and track them to evidence-based closure.
- الأدلة الواجب الاحتفاظ بها
- Monitoring plan; audit reports; issue register; governance reporting; closure evidence.
- المصدر الأساسي
- FIAML Regulations 2018, reg. 22; Bank AML/CFT/CPF Guideline 2020; FSC AML/CFT Handbook
Preserve a defensible control-to-law record.
- إجراء التنفيذ
- For every material obligation, retain the primary source, interpretation, scope, configuration, test, owner, approval and effective date. Label Bank and FSC guidance as guidance and the VOVE article as contextual implementation material, not legal authority.
- الأدلة الواجب الاحتفاظ بها
- Obligations register; control-to-law map; source archive; approvals; release and test history.
- المصدر الأساسي
- FIAMLA, ss. 17 and 17A; applicable primary and sector sources

11 مجال رقابي و58 فحص تنفيذ مع روابط مباشرة للمصادر التنظيمية.
حمّل قائمة KYC وKYB وAML الخاصة بـ موريشيوس
شارك بيانات العمل للوصول الفوري إلى قائمة التنفيذ الموثقة بالمصادر لـ موريشيوس. تاريخ المراجعة التنظيمية: 15 July 2026.
احصل على ملف PDF فورًا
أرسل بياناتك ليبدأ التنزيل تلقائيًا
مراجعة وموثقة بالمصادر
الإصدار 1.0، تمت المراجعة في 15 July 2026
موثوق به من فرق الامتثال الرائدة
سجل المصادر الأساسية
28 مصدرًا مستخدمًا في هذه القائمة
استخدم هذه الروابط للتحقق من التشريعات وإرشادات الجهات الرقابية وإجراءات الإبلاغ والبيانات الدولية.
- Financial Intelligence and Anti-Money Laundering Act 2002, current Bank of Mauritius publicationBank of Mauritius · Primary legislation
- FIAMLA consolidation updated as at 2024Financial Intelligence Unit Mauritius · Primary legislation consolidation
- Financial Intelligence and Anti-Money Laundering Regulations 2018Bank of Mauritius · Primary regulation
- Financial Intelligence and Anti-Money Laundering (Registration by Reporting Person) Regulations 2019Bank of Mauritius · Primary regulation
- Financial Intelligence and Anti-Money Laundering (Administrative Penalties) Regulations 2025Financial Intelligence Unit Mauritius · Primary regulation
- Report a Suspicious Transaction: 5-working-day deadline and electronic filingFinancial Intelligence Unit Mauritius · Official reporting procedure
- goAML production environment and registration resourcesFinancial Intelligence Unit Mauritius · Official reporting portal
- Guidance Note 4 on suspicious transaction reportingFinancial Intelligence Unit Mauritius · Official FIU guidance
- AML/CFT/CPF framework, 2025 national risk assessment and 2026-2029 strategyBank of Mauritius · Official AML portal
- Guideline on AML/CFT and Proliferation, January 2020Bank of Mauritius · Sector supervisory guidance
- Current FSC AML/CFT Handbook landing pageFinancial Services Commission Mauritius · Official sector guidance portal
- FSC AML/CFT Handbook, current published PDFFinancial Services Commission Mauritius · Sector supervisory guidance
- Companies Act 2001, amended through the Finance Act 2025Corporate and Business Registration Department · Primary legislation
- AML/CFT/CPF (Miscellaneous Provisions) Act 2024, including company beneficial-ownership amendmentsNational Assembly of Mauritius · Primary amending legislation
- United Nations Sanctions Act 2019, current 2026 consolidationNational Sanctions Secretariat · Primary legislation
- National Sanctions Secretariat legislation and current list resourcesNational Sanctions Secretariat · Official sanctions portal
- Guidelines on implementation of targeted financial sanctionsGovernment of Mauritius · Official sanctions guidance
- Implementation of targeted sanctions and reporting expectationsBank of Mauritius · Official supervisory procedure
- National Payment Systems Act 2018, current Bank of Mauritius publicationBank of Mauritius · Primary legislation
- National Payment Systems (Authorisation and Licensing) Regulations 2021Bank of Mauritius · Primary regulation
- National Payment Systems licensing and current licensee registerBank of Mauritius · Official licensing portal
- Payment-system guidelines, including Guideline for Payment Aggregators dated 10 July 2026Bank of Mauritius · Official sector guidance portal
- Data Protection Act 2017Data Protection Office Mauritius · Primary legislation
- Registration and renewal of controllers and processorsData Protection Office Mauritius · Official registration procedure
- Data Protection (Fees) Regulations 2020 and registration formsData Protection Office Mauritius · Primary regulation and official forms
- Jurisdictions under increased monitoring, 19 June 2026FATF · Official FATF statement
- Mauritius removed from increased monitoring, October 2021FATF · Official FATF statement
- AML Compliance in Mauritius 2026VOVE ID · Contextual implementation guide; not legal authority
إجابات مباشرة
أسئلة KYC وKYB وAML في موريشيوس
Who supervises AML compliance in Mauritius?+
FIU Mauritius receives and analyses STRs and directly regulates specified professions and occupations within its remit. The Bank of Mauritius supervises banks, non-bank deposit-taking institutions, cash dealers, money lenders and National Payment Systems Act licensees within its scope. FSC supervises the non-bank financial-services and global-business sectors under its purview. The statutory FIAMLA baseline applies according to reporting-person status, while Bank and FSC handbooks or guidelines remain sector-specific.
When must a suspicious transaction report be filed?+
FIAMLA section 14(1) and FIU's official reporting page require the reporting person or auditor to file with FIU within 5 working days after the suspicion arose. The obligation covers suspicious completed, proposed and attempted transactions. Filing is electronic through the production goAML environment, and the customer must not be tipped off.
What beneficial-owner threshold applies for AML customer due diligence?+
FIAML Regulations 2018 regulation 6 requires identification and reasonable verification of every natural person who ultimately has an ownership interest of 20 per cent or more in a legal-person customer. If ownership does not identify the beneficial owner or there is doubt, identify control through other means; if no natural person is identified, use the relevant senior-managing-official fallback. This AML cascade is distinct from, and must be reconciled with, the company's own Companies Act section 91 register and filing duties.
How long must AML records be kept?+
Core FIAMLA and FIAML Regulations records are generally retained for at least 7 years: customer and beneficial-owner identification and business correspondence after the relationship ends, transaction records after completion, and STR records from filing. A competent authority, legal hold or applicable sector rule may require longer retention.
Can a fintech onboard customers fully online?+
The law does not create a blanket prohibition on remote onboarding, but the reporting person must reliably identify and verify the customer and beneficial owner, assess new-technology and non-face-to-face risks, and apply controls proportionate to those risks. Any permitted deferred verification must meet regulation 9's conditions and be completed as soon as reasonably practicable. Bank- and FSC-supervised firms must also follow their own sector guidance.
What must be done for a sanctions match?+
Screen against current UN listed-party and Mauritius designated-party information. Where the Sanctions Act requires it, prohibit dealings and freeze immediately, meaning without delay and no later than 24 hours; do not make assets or services available; report through the prescribed National Sanctions Secretariat and supervisory channels; and immediately submit known listed-party information to FIU, including an STR where required. Do not unfreeze without lawful authority or verified delisting.
Must KYC data controllers and processors register with the Data Protection Office?+
Yes, section 14 of the Data Protection Act 2017 requires controllers and processors to register. Certificates are valid for 3 years, registered changes must be notified within 14 days, and an officer responsible for data-protection compliance must be designated. High-risk biometric or automated processing may also require a DPIA and consultation, and cross-border transfers must meet section 36.
Is Mauritius on the FATF grey list?+
No. FATF removed Mauritius from increased monitoring in October 2021, and Mauritius is not named on the FATF increased-monitoring list dated 19 June 2026. This does not eliminate domestic risk-based CDD, enhanced due diligence, sanctions or reporting obligations.
منهجية البحث والمراجعة
تحدد VOVE ID Compliance Research النطاق التنظيمي، وتحول الالتزامات إلى ضوابط تشغيلية، وتربط الادعاءات الجوهرية بالمصادر، وتسجل تاريخ وإصدار كل مراجعة.
VOVE ID Compliance Research · تاريخ المراجعة 15 July 2026 · الإصدار 1.0
This checklist is general information, not legal advice. It reflects official materials available on 15 July 2026. Applicability depends on the entity, licence, product, customer and sector. Confirm current requirements, reporting formats, supervisory expectations, payment permissions, sanctions notices and privacy filings with FIU Mauritius, the Bank of Mauritius, the Financial Services Commission, the National Sanctions Secretariat, the Corporate and Business Registration Department, the Data Protection Office and qualified Mauritian counsel before launch.