The New Era of Corporate Compliance: FCC Guidelines and Legal Person obligations in Mauritius

Introduction

Mauritius has taken a significant step forward in the fight against financial crimes with the enactment of the Financial Crimes Commission Act 2023 (“FCC Act”) and recent publication of the Guidelines (“Guidelines”) on legal persons (“Legal Persons”) by the Financial Crimes Commission (“FCC”).

These developments introduce a robust compliance framework for Legal Persons operating in Mauritius, fundamentally reshaping the landscape of corporate governance, risk management, and accountability.

No matter your size, sector, or structure—whether you are a multinational corporation, a partnership, a trust, an association, or even a one-person company—this new law directly impacts you.

For the first time, every legal person operating in Mauritius is now required to implement robust compliance procedures to prevent corruption, money laundering, fraud, and other financial crimes.

Why does this matter? The FCC Act not only aligns Mauritius with the world’s highest international standards, but it also fundamentally reshapes the responsibilities and expectations placed on all legal entities.

Notably, it further brings the obligations of all Legal Persons closer to those traditionally imposed on “Reporting Persons” under the Financial Intelligence and Anti-Money Laundering Act (“FIAMLA”).

The days when only banks and financial institutions bore the brunt of anti-money laundering obligations are over. Today, every business and organization must take proactive steps to assess risk, implement controls, and foster a culture of integrity.

Whether you are a director, manager, or business owner, understanding these changes is not just a matter of compliance—it is essential for protecting your reputation, your operations, and the integrity of Mauritius as a trusted business hub.

Redefining Legal Person obligations: The FCC Act 2023 

The FCC Act 2023 establishes the Financial Crimes Commission as the apex agency for detecting, investigating, and prosecuting financial crimes in Mauritius.

Part III of the Act targets a wide array of offences, including corruption, money laundering, fraud, and the financing of drug dealing. Crucially, the Act imposes direct obligations on Legal Persons—entities other than natural persons—to implement “adequate procedures” to prevent the commission of these offences by anyone acting on their behalf.

Section 52(1) of the FCC Act mandates that every Legal Person must ensure it has in place procedures reasonably necessary to prevent itself or any person acting on its behalf from committing a Part III offence.

Failure to do so constitutes an offence, punishable by a fine of up to 20 million rupees.

Section 53(1) further establishes vicarious liability: if a director, senior manager, officer, agent, or representative commits a Part III offence for the benefit of the Legal Person, the entity itself is deemed guilty unless it can prove it had adequate preventive procedures in place.

Who is a Legal Person under the FCC Act?

The FCC Act adopts a broad definition of Legal Person, encompassing “any entity, including a private entity, other than a natural person.”

This includes companies (public and private), partnerships, foundations, limited liability partnerships, sociétés, trusts, associations, and any other body corporate or unincorporated body operating in Mauritius.

The definition is intentionally wide to ensure that all forms of business and organizational structures are captured.

Does the FCC Regime apply to all Legal Persons?

Yes, the obligations and Guidelines apply to all Legal Persons in Mauritius, regardless of size, industry, or structure. This includes one-person private companies, which, despite their simplicity, are still considered legal persons under the FCC Act.

The FCC’s Guidelines are principle-based and designed for universal application, but they are to be implemented in a manner proportionate to the entity’s size, resources, risk profile, and complexity.

While all Legal Persons are subject to the same core obligations, the Guidelines recognize that it is not a “one-size-fits-all” approach but rather a practical one. Instead, entities are expected to tailor their compliance measures to their specific circumstances, ensuring that higher-risk areas receive greater attention and resources.

For one-person private companies, this would entail that while the compliance burden may be lighter in practice, the obligation to assess risk, implement controls, and maintain records still applies. Even the smallest entities will have to demonstrate awareness of their obligations and take reasonable steps to prevent financial crime.

This means that while a large multinational and a one-person company are both subject to the same core obligations, the scale and detail of their compliance measures may differ.

What are the five key principles that Legal Persons are required to develop as adequate procedures?

The FCC’s Guidelines on Legal Persons, issued under section 52(2) of the Act, set out five core principles that every Legal Person must consider when designing and implementing their compliance framework:

1. Commitment at top-level management

• Senior management must actively foster a culture of integrity and zero tolerance for financial crime. This includes setting the “tone from the top,” ensuring robust governance, and providing clear leadership on compliance matters.

2. Conduct of risk assessment

• Legal persons must regularly assess and document the risks of financial crime relevant to their operations, considering factors such as business activities, geographic exposure, third-party relationships, and sector-specific vulnerabilities.

3. Implementation of control measures

• Proportionate controls must be established to address identified risks. This includes due diligence on key personnel and business partners, secure and confidential whistleblowing channels, beneficial ownership transparency, and transaction monitoring systems.

4. Systematic review, monitoring, and enforcement

• Procedures must be subject to regular review and audit to ensure effectiveness. Non-compliance should trigger disciplinary action, and continuous improvement of policies is encouraged.

5. Training and communication

• Employees and business associates must receive adequate training on compliance procedures, reporting lines, and the consequences of non-compliance. Policies should be clearly communicated and made accessible

Special focus: Gifts, hospitality, and promotional expenditure

The Guidelines also address the risk of gifts, hospitality, and promotional expenditures being used as a cover for bribery. Legal Persons are required to have clear, accessible policies to ensure such expenditures are reasonable, proportionate, and transparent, with appropriate documentation and oversight.

The role of “Reporting Persons” under FIAMLA

Under FIAMLA, the term Reporting Persons encompasses banks, financial institutions, and designated non-financial businesses—including dealers in jewelry, precious stones and metals, and real estate agents—as well as a range of professionals such as accountants, auditors, attorneys, barristers, notaries, and others. These entities are required to implement robust anti-money laundering (AML) and counter-financing of terrorism (CFT) measures, such as:

• Conducting customer due diligence (CDD) and ongoing monitoring;
• Reporting suspicious transactions to the Financial Intelligence Unit (FIU);
• Maintaining records of transactions and customer identification;
• Implementing internal controls, training, and compliance programmes.

These obligations are designed to ensure that entities most exposed to financial crime risks act as the first line of defence in detecting and reporting illicit activities.

The FCC Act: Extending the compliance net to all Legal Persons

The FCC Act introduces a paradigm shift by imposing similar, though not identical, obligations on all Legal Persons in Mauritius—not just those classified as Reporting Persons under FIAMLA.

Section 52 of the FCC Act requires every Legal Person to have “adequate procedures” in place to prevent itself or anyone acting on its behalf from committing offences such as corruption, money laundering, fraud, and the financing of drug dealing. Failure to do so constitutes an offence, with severe penalties.

The FCC’s Guidelines on Legal Persons further elaborate on these obligations, requiring all Legal Persons to:

• Conduct risk assessments;
• Implement proportionate control measures (including due diligence, whistleblowing channels, and beneficial ownership transparency);
• Monitor and review compliance programmes;
• Provide training and clear communication to staff and associates.

Do all Legal Persons now have the same obligations as “Reporting Persons” under the FIAMLA?

While the obligations under the FCC Act and FIAMLA are not identical, there is a clear convergence in their core requirements. Both regimes demand:

• A proactive approach to risk identification and mitigation;
• The establishment of internal controls and reporting mechanisms;
• Ongoing training and awareness;
• Record-keeping and transparency regarding ownership and transactions.

The key difference lies in the scope: FIAMLA targets entities most vulnerable to money laundering and terrorist financing, while the FCC Act casts a much wider net, covering every Legal Person in Mauritius, regardless of size or sector. This includes one-person private companies, partnerships, associations, and trusts.

In effect, the FCC Act elevates the baseline of corporate compliance across the entire economy, ensuring that all Legal Persons—not just those in the financial sector—adopt a culture of integrity and vigilance against financial crime.

Rationale and International Context: Why such a provision?

The decision to extend these obligations to all Legal Persons is rooted in both domestic priorities and international commitments. Mauritius, as a member of the Financial Action Task Force (FATF), the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG), and the Organisation for Economic Co-operation and Development (OECD), is bound by international standards that require comprehensive measures to prevent the misuse of legal persons for illicit purposes.

Key international instruments and standards influencing the FCC Act include:

• FATF Recommendations: FATF calls for countries to ensure that Legal Persons are not misused for money laundering or terrorist financing, and that there is adequate, accurate, and timely information on beneficial ownership. The FCC Act’s requirements for risk assessment, beneficial ownership transparency, and internal controls directly reflect these standards.
• United Nations Convention against Corruption (UNCAC): Mauritius is a signatory to UNCAC, which obliges States to take measures to prevent corruption in both the public and private sectors, including the establishment of effective internal controls, ethics, and compliance programmes for Legal Persons.
• OECD Anti-Bribery Convention: This convention requires signatory countries to hold Legal Persons liable for bribery of foreign public officials and to implement preventive compliance measures.
• ESAAMLG Mutual Evaluations: As a member, Mauritius is subject to periodic peer reviews of its AML/CFT framework, which assess the effectiveness of measures to prevent the misuse of Legal Persons.

By aligning the obligations of all Legal Persons with these international standards, Mauritius demonstrates its commitment to maintaining its reputation as a clean and transparent jurisdiction, while also addressing the vulnerabilities identified in past mutual evaluations and international assessments.

The basis of section 52: embedding international best practices

Section 52 of the FCC Act, which mandates “adequate procedures” for all legal persons, is explicitly designed to operationalise these international obligations. The FCC’s Guidelines on Legal Persons are principle-based and draw on best practices from leading global compliance frameworks. The five key principles mirror the core elements of effective compliance programmes recommended by FATF, UNCAC, and the OECD.

Conclusion

The FCC Act and its Guidelines on Legal Persons represent a decisive move towards a holistic, economy-wide approach to combating financial crime in Mauritius.

By imposing clear, principle-based obligations on all Legal Persons, the regime aims to foster a business environment characterized by integrity, transparency, and robust defences against financial crime.

Whether a multinational corporation or a one-person company, every Legal Person in Mauritius must now take proactive steps to assess risk, implement controls, and cultivate a culture of compliance.

By requiring all Legal Persons to adopt compliance measures akin to those of “reporting persons” under FIAMLA, Mauritius not only strengthens its domestic legal framework but also fulfils its international obligations as a responsible member of the global community.

The message is clear: in the fight against financial crime, every Legal Person—regardless of size, sector, or structure—must play its part in safeguarding the integrity of Mauritius’s business environment. No legal entity is too small or too simple to be exempt from responsibility.

If you find yourself uncertain about how to comply with the new legal obligations under section 52 of the FCC Act, or if you do not know where to start, do not hesitate to contact us at PwC Legal.

Our team is equipped to guide you through every step of the compliance process—from risk assessment and policy development to training and ongoing monitoring—ensuring that your organisation meets both the letter and the spirit of the law.

Taking proactive steps now will not only protect your business from legal and reputational risks but will also demonstrate your commitment to integrity and best practice in Mauritius’s evolving regulatory landscape.