The national authority for banking regulation, supervision and resolution is the Bank of Mauritius (BoM).

The primary object of the BoM is to maintain price stability and to promote orderly and balanced economic development. The other objects of the BoM are:

(a) to regulate credit and currency in the best interests of the economic development of Mauritius;

(b) to ensure the stability and soundness of the financial system of Mauritius; and

(c) to act as the central bank for Mauritius.

Under the Banking Act 2004 (Banking Act), the following activities trigger the requirement of a banking license:

• banking business
• islamic banking business
• private banking business
• digital banking business

“banking business” means:

(a) the business of accepting sums of money, in the form of deposits or other funds, whether or not such deposits or funds involve the issue of securities or other obligations howsoever described, withdrawable or repayable on demand or after a fixed period or after notice; and

(b) the use of such deposits or funds, either in whole or in part, for:

(i) loans, advances or investments, on the own account and at the risk of the person carrying on such business;

(ii) the business of acquiring, under an agreement with a person, an asset from a supplier for the purpose of letting out the asset to the person, subject to payment of instalments together with an option to retain ownership of the asset at the end of the contractual period;

(iii) paying and collecting cheques drawn by or paid in by customers and making other payment instruments available to customers; and

(c) includes such services as are incidental and necessary to banking.

“Islamic banking business” means any financial business, the aims and operations of which are, in addition to the conventional good governance and risk management rules, in consonance with the ethos and value system of Islam.

“private banking business” means the business of offering banking and financial services and products to high-net-worth customers, including but not limited to an all-inclusive money-management relationship.

“digital banking business” means banking business carried on exclusively through digital means or electronically.

The Banking Act provides for different licences for the different banking services as described under Question 2 above.

A bank with a banking licence for “banking business” can offer Islamic and private banking services as part of its regular banking services without needing additional licences. However, a bank holding an Islamic, private, or digital banking licence is authorized to exclusively conduct the respective business.

Banks licensed exclusively for private or Islamic banking can apply to the BoM to conduct their licensed activities solely through digital means or electronic delivery channels.

A banking licence does not automatically permit activities beyond those specified in the licence. If a bank engages in services not expressly provided in its banking licence, it will need to obtain additional licences under the relevant lawsPlease refer to paragraph 6 below for an example of an additional licence which a bank may apply.

Under section 11C of the Banking Act, a financial institution, including a bank, may apply to the BoM for a regulatory sandbox authorisation. In 2024, the BoM introduced its Guideline on Regulatory Sandbox Authorisation, which allows financial institutions to test fintech, regtech and other innovative financial solutions within a controlled environment under the BoM’s oversight. The goal is to promote technology-driven financial innovations that introduce new business models, processes or products or that facilitate regulatory compliance.

Applicants must meet eligibility criteria and submit applications detailing potential risks, necessary safeguards and required disclosures for users. Testing periods under this authorisation extend up to 12 months, with possible further extensions, supporting innovation while ensuring consumer protection and financial system integrity.

In Mauritius, activities relating to cryptoassets or other digital assets are primarily regulated under the Virtual Asset and Initial Token Offering Services Act 2021 (VAITOS Act), which empowers the Financial Services Commission (FSC) to regulate and supervise Virtual Asset Service Providers (VASPs) and issuers of Initial Token Offerings (ITOs) in the non-bank financial services sector.

In parallel, banks licensed under the Banking Act remain subject to oversight by the BoM. The BoM has issued specific guidance governing banks’ involvement in virtual asset-related activities, reflecting the Basel Committee on Banking Supervision standards on virtual assets exposures.

Authorisation requirements for banks

A bank must obtain the prior written approval of the BoM before engaging, directly or indirectly, in regulated virtual asset activities. In particular, BoM approval is required before:

(a) Direct participation as a VASP, including applying for:

• a Class “R” licence (Virtual Asset Custodian); or
• a Class “I” licence (Virtual Asset Advisory Services).

(b) Indirect participation through a subsidiary, including applying for:

• a Class “M” licence (Virtual Asset Broker-Dealer);
• a Class “O” licence (Virtual Asset Wallet Services); or
• a Class “S” licence (Virtual Asset Marketplace).

Any application for BoM approval must be supported by a board-approved risk assessment, covering:

• the classification of the relevant virtual assets.
• identified risks and potential impact.
• proposed risk-mitigation measures.

Exposure to virtual assets

Banks must notify the BoM at least 60 days in advance before taking exposure to virtual assets that do not qualify as Group 1a or Group 1b virtual assets. The notification must include, among other things:

• a board-approved risk assessment.
• proposed risk limits.
• capital, liquidity and risk-weighting treatment (including LCR run-off rates).

The BoM retains the discretion to override the proposed classification and impose higher capital requirement based on the characteristics of the underlying assets.

Activities not requiring BoM approval

BoM approval is not required where a bank merely provides traditional banking services to:

• VASPs;
• ITO issuers; or
• customers dealing in virtual assets,

including the processing of payment transactions for the purchase, sale or redemption of virtual assets against fiat currency.

Risk management obligations

Where banks engage in virtual asset-related activities (whether directly or indirectly), they are required to maintain robust policies and procedures to identify, assess and mitigate risks on an ongoing basis, including:

• credit, liquidity and concentration risk.
• market risk.
• operational, fraud and cyber risks.
• money laundering, terrorist financing and proliferation risks.
• legal and reputational risks.

Custody of virtual assets

Where a bank (or its subsidiary) acts as a Virtual Asset Custodian under a Class “R” licence, it must comply with the Virtual Asset and Initial Token Offering Services (Custody of Client Assets) Rules 2022 issued by the FSC. These include obligations to:

• properly record legal title and access rights to client assets;
• clearly disclose whether assets are held on a segregated or omnibus basis;
• prohibit the use of client assets without express prior consent; and
• restrict the granting of security interests, liens or rights of set-off over client assets, subject to prescribed conditions.

Issuance

An issuer of ITOs must apply and be registered with the FSC, and must, among other things:

• be fit and proper;
• have adequate financial, technical and human resources;
• ensure proper governance and regulatory compliance arrangements; and
• publish a white paper containing full, fair and accurate disclosures.

Advertising relating to ITOs must be accurate, non-misleading, clearly identifiable as advertising, and consistent with the white paper.

Failure to comply with the VAITOS Act may result in significant regulatory sanctions, including fines and imprisonment.

Under the current legal and regulatory framework in Mauritius, cryptoassets or digital assets are not classified as “deposits” for the purposes of the Banking Act. Consequently, they are not eligible for depositor protection under the existing regime.

Pursuant to Section 20 of the VAITOS Act, a VASP has an obligation to maintain such minimum stated unimpaired capital and such other financial requirements, as prescribed by the FSC.

Pursuant to the Virtual Asset and Initial Token Offerings Services (Capital and Other Financial Requirements) Rules 2022 (Capital Rules) issued by  FSC, a VASP must as a minimum, as unimpaired capital and liquidity resources, have at all times the greater of –

(a) the own funds requirement; or

(b) the prudential requirement; or

(c) such other amount as may be imposed by the FSC.

The Capital Rules explicitly state that intangible assets, such as goodwill, cannot be included in capital calculations and must be deducted before assessing whether the VASP has adequate capital.

Own funding requirement

The own funding capital requirement that a VASP must maintain depends on the specific licence it holds, as outlined in the Capital Rules provided below for reference. If a VASP holds multiple licences, it must comply with the combined capital requirements for all licences it possesses.

It should be noted that banks that have obtained a VASP licence, are subject to additional capital requirements as specified in the BoM’s Guideline for Virtual Asset related Activities.

VASP	Amount
Issuer of ITO	sufficient working capital to be capable of meeting its debts as they fall due.
Virtual Asset Advisory Services	sufficient working capital to be capable of meeting its debts as they fall due.
Virtual Asset  Broker-Dealer	2,000,000 Mauritian Rupees or its equivalent in any other Fiat currency.
Virtual Asset  Wallet Services	sufficient working capital in fiat currency to continue business for a period of 12 months, based on realistic forecasts for the business in different market conditions (both negative and positive scenarios).
Virtual Asset Custodian	5,000,000 Mauritian Rupees or its equivalent in any other fiat currency
Virtual Asset Market Place	6,500,000 Mauritian Rupees or its equivalent in any other fiat currency

Prudential requirement

A virtual asset service provider must, at all times, have in place prudential safeguards equal to an amount of capital which is at least the higher of the following:

(a) one quarter of the fixed overheads of the virtual asset service provider over the preceding year, reviewed annually; and

(b) the financial resources requirements as determined under the Virtual Asset and Initial Token Offerings Services (Risk Management) Rules 2022.

An application for a banking licence is made by submitting a duly filled-out and prescribed application form to the BoM. The application must be accompanied by the relevant supporting documents as required under the Banking Act (including amongst others, a business plan giving the nature of the planned business, organisational structure and internal control and projected financial statements including cash flow statements).

Within 30 days of receipt of the application, the BoM will notify the applicant in writing whether or not the application is complete or if supplementary information or documents are required.

The BoM may grant an in-principle approval, subject to such terms and conditions it deems necessary to make a final determination on the application. However, an in-principle approval must not be construed as an authorisation to conduct banking business or to have any legitimate expectation of a positive final determination of the application. The in-principle approval will automatically lapse if the applicant does not satisfy the terms and conditions attached to such approval.

The BoM will give notice of its determination to the applicant within 60 working days of receipt of a complete application or of the supply of any supplementary information called for by the BoM.

Under the Banking Act, foreign or overseas banks may conduct certain activities into Mauritius without establishing a local presence or obtaining local authorisation, provided that these activities are not deemed to constitute “banking business” carried out in Mauritius. The Banking Act defines banking business as the acceptance of deposits or other repayable funds from the public and the use of such funds, either in whole or in part, for lending or investment. Any entity engaging in such activities in Mauritius must be licensed by the BoM.

This framework means that foreign banks can engage in cross border transactions with Mauritian counterparties – such as lending from abroad, providing trade finance, or offering treasury services – so long as they do not solicit deposits from the Mauritian public or otherwise hold themselves out as conducting banking services locally. Activities that amount to marketing or offering banking services “to the public in Mauritius” would trigger licensing requirements.

There is, however, no defined statutory threshold that determines when cross border activity amounts to “carrying on banking business in Mauritius”. The determination remains within the appreciation and discretion of the BoM. In practice, the regulator would consider factors such as the recurrence of activities and the proportion of Mauritian related business compared to the bank’s global activities. Occasional or incidental transactions with Mauritian clients are less likely to be considered “carrying on business,” whereas repeated or systematic dealings, or a significant share of activity directed at Mauritius, would likely be treated as requiring authorisation.

This pragmatic approach is broadly aligned with international regulatory practice, where supervisors often look at whether activities are regular, targeted, or substantial in scale, rather than applying a bright line quantitative test. The emphasis is on substance over form: if a foreign bank’s activities in Mauritius begin to resemble those of a locally operating institution, authorisation is likely required.

In summary, foreign banks may conduct cross border activities into Mauritius without a licence, provided these do not amount to carrying on banking business locally. The BoM retains discretion in assessing this, with recurrence and proportionality being key practical factors. Where activities become regular, targeted, or significant, local authorisation will be necessary.

In Mauritius, banks may operate in several legal forms, each permitted under the Banking Act and subject to licensing by the BoM. The most common structures are locally incorporated companies, subsidiaries of foreign banks, while branches of foreign banks are permitted but have become less common in recent years. Representative offices are also allowed, but they are restricted to liaison and marketing activities and cannot conduct banking business.

Locally incorporated banks can be established as either public or private companies under the Companies Act. These entities must meet all prudential and governance requirements, including minimum capital thresholds, substance requirements such as maintaining a principal place of business in Mauritius, and board composition rules that require independent directors and separation of the roles of Chairperson and Chief Executive Officer.

Subsidiaries of foreign banks are separate legal entities incorporated in Mauritius. They are subject to the full range of local prudential, governance, and compliance obligations, including capital adequacy and liquidity requirements. Even though they form part of a wider banking group, they must maintain independent boards and control functions locally to ensure that group level decisions do not compromise the soundness of the Mauritian entity.

Branches of foreign banks, by contrast, are not separate legal entities but extensions of the parent bank. Their liabilities are backed by the parent, but they must still comply with local prudential and reporting requirements. The BoM often requires branches to establish local advisory boards or committees, with independent members, to provide oversight and safeguard the interests of stakeholders in Mauritius.

The regulatory considerations associated with each form therefore vary. Locally incorporated banks and subsidiaries must meet full capital and governance obligations, while branches rely more on the strength of the parent but are still required to demonstrate adequate local over-sight. Representative offices face the least regulatory burden but are limited in scope.

In practice, both locally incorporated banks and subsidiaries of foreign banks are widely used in Mauritius. The domestic banking market is characterised by high competition and a high level of penetration, particularly in retail banking and the payment system, where local banks play a dominant role. At the same time, several of these local institutions have expanded their activities into cross-border financing, offering international financial services and becoming significant players in cross border banking. This dual presence reflects Mauritius’ position as both a mature local market with strong retail and payment infrastructure, and an international financial centre attracting global banking groups. Branches of foreign banks remain permitted but have become less common, as regulators and institutions alike favour locally incorporated entities that provide stronger governance and substance.

This framework ensures that whichever legal form is chosen, banks operating in Mauritius are subject to strong governance, prudential oversight, and compliance requirements designed to protect the stability of the financial system.

Mauritius does impose certain structural separation requirements on banks, although not in the form of formal “ring fenced retail banks” as seen in some other jurisdictions. Instead, the framework is designed to ensure clarity of operations, local substance, and strong governance.

One important requirement is the distinction between Segment A and Segment B activities. Banks must separate their domestic banking business (Segment A) from international banking activities that generate foreign source income (Segment B). This separation is intended to provide clear reporting lines and effective regulatory oversight.

The jurisdiction also enforces substance requirements. Shell institutions are prohibited, and banks must maintain a principal place of business in Mauritius. They are required to have adequate staffing and operating costs commensurate with the size and complexity of their activities, ensuring that institutions are not merely nominal presences but have real operational capacity.

There are also local governance ring fencing measures. Subsidiaries and branches of foreign banks must maintain governance arrangements such as independent directors or advisory boards. These structures safeguard the soundness of the Mauritian entity and ensure that local operations are not compromised by decisions taken solely at group level.

Finally, the framework requires independent control functions. Compliance, risk management, and internal audit must operate independently of management and report directly to the board. This separation strengthens oversight and reduces the risk of conflicts of interest.

These requirements create practical challenges for banking groups.

• Groups often face duplication of governance and compliance structures locally, even where similar frameworks already exist at head office.
• The separation of Segment A and Segment B activities can fragment operations and increase reporting complexity.
• Minimum staffing and cost thresholds add to operational expenses, particularly for smaller or niche operations.
• Local independence requirements can constrain group wide integration and centralised oversight.

Overall, Mauritius’ approach reinforces prudential soundness and ensures resilience of the local financial system. However, it does come at the cost of additional compliance obligations and operational burdens for banking groups, particularly those seeking to streamline their structures across multiple jurisdictions.

Banks in Mauritius are subject to the BoM Guideline on Corporate Governance. Key organisational requirements include organisational requirements include:

Board composition:

• Boards must have at least five directors, with 40% independent directors (or non executive directors for subsidiaries of foreign banks).
• The Chairperson must be independent or non executive, and the roles of Chair and CEO must be separated.
• Directors collectively must have appropriate expertise, qualifications and industry knowledge.

Management oversight:

• The board has ultimate responsibility for the safety and soundness of the institution, including approving corporate plans, risk appetite, capital and liquidity policies.
• Senior management must implement board approved strategies, risk management systems, and internal controls, and provide timely information to the board.

Committee structures:

• Mandatory committees include Audit, Conduct Review, Risk Management, and Nomination & Remuneration (with some exemptions for foreign bank subsidiaries/branches).
• Committees must have clear mandates, report regularly to the board, and be composed largely of non executive or independent directors.

Risk management and internal control:

• Banks must maintain a board approved risk appetite framework, effective compliance and internal audit functions, and independent risk oversight.
• Internal audit and compliance must have sufficient authority, independence, and resources, reporting directly to the board or its committees.
• External auditors are appointed and monitored by the board, with oversight from the Audit Committee.

Organisational culture:

• Governance requires integrity, transparency, and accountability.
• Boards must ensure conflicts of interest are managed, remuneration structures do not encourage excessive risk taking, and directors receive induction and ongoing training

Mauritius has established a comprehensive framework for operational resilience through the BoM guidelines on corporate governance, compliance risk management, and cyber and technology risk management. Together, these set out clear expectations for banks in relation to critical business services, impact tolerances, and the management of operational disruptions.

Banks are required to maintain strong governance structures to oversee operational resilience. Boards and senior management must take ultimate responsibility for ensuring that resilience is embedded in strategy, risk appetite, and day to day operations. This includes approving policies on compliance, technology, and risk management, and ensuring that independent control functions such as risk, compliance, and internal audit are properly resourced and empowered.

A key expectation is the identification of critical or important business services. Banks must assess which services, systems, and infrastructures are essential to their operations and to financial stability. These “critical assets” must be protected through robust risk management frameworks, including cyber resilience measures, business continuity planning, and contingency arrangements.

Banks are also expected to establish impact tolerances. Under the cyber and technology risk guideline, boards must approve a risk appetite and tolerance statement that defines the level of disruption the institution is willing to accept. This requires scenario based testing, penetration testing, and red team exercises to challenge assumptions and ensure that institutions can withstand and recover from severe but plausible incidents.

The management of operational disruptions is addressed through requirements for business continuity and incident response. Banks must maintain board approved business continuity plans and cyber/technology incident response plans. These plans must set recovery time objectives and recovery point objectives, ensuring that critical services can be resumed within acceptable timeframes. Institutions must also have forensic readiness, data integrity measures, and escalation protocols to report material incidents promptly to the board and regulator.

Practical measures include:

• Regular monitoring and reporting of operational resilience metrics to the board.
• Independent reviews of resilience frameworks by internal audit and external auditors.
• Ongoing training and awareness programmes for staff and directors to strengthen resilience culture.
• Oversight of third party service providers, including requirements for rotation, cooling off periods, and restrictions on hosting customer information outside Mauritius without approval.

In summary, operational resilience in Mauritius requires banks to identify critical services, set clear impact tolerances, and maintain robust frameworks for managing disruptions. The emphasis is on governance, independence of control functions, cyber and technology resilience, and preparedness through testing and business continuity planning. This ensures that banks can continue to operate safely and soundly even in the face of severe operational shocks.

Banks in Mauritius are subject to specific regulatory expectations when entering into outsourcing arrangements, including the use of cloud service providers and reliance on critical third-party service providers. Outsourcing is recognised as exposing financial institutions to new or increased risks and may impede effective regulatory supervision if not properly managed. Accordingly, banks are required to adopt a sound outsourcing risk management framework and remain fully responsible for all outsourced activities.

The BoM has issued the Guidelines on Outsourcing by Financial Institutions (the “Outsourcing Guideline”), which set out a regulatory framework applicable to outsourcing arrangements. The Outsourcing Guideline classifies activities into three categories: (i) material activities, which require prior authorisation from the BoM; (ii) non-material activities, which do not require authorisation; and (iii) core activities, which may not be outsourced. Financial institutions must establish a comprehensive, documented outsourcing policy covering, inter alia, risk assessment, materiality criteria, service provider selection, concentration risk, regulatory compliance, and contingency planning.

The board of directors and senior management retain ultimate responsibility for outsourcing arrangements. At a minimum, the board is required to approve the outsourcing policy, approve material outsourcing arrangements and exit mechanisms, review material outsourcing activities at least annually, and ensure the maintenance of an overall framework for operational stability.

Banks are also required to conduct stringent due diligence on service providers, both local and foreign, to ensure that they have the operational and financial capacity to perform the outsourced activities. All outsourcing arrangements must be governed by comprehensive written contracts that do not hinder the BoM’s supervisory powers and that grant the BoM equivalent access to information held by the service provider. Where material activities are subcontracted, prior approval of the BoM is required. Outsourcing arrangements must not prejudice customer rights, and the BoM may direct a bank to modify, review or terminate an arrangement where necessary.

Financial institutions must also ensure appropriate business continuity and contingency planning for outsourced activities, including plans addressing service provider failure or premature termination. Prior notification and authorisation from the BoM is required at least 15 working days before entering into an agreement relating to a material outsourced activity.

In addition, the BoM has issued the Guideline on the Use of Cloud Services by Financial Institutions (the “Cloud Guideline”). This guideline sets out general requirements for the use of cloud services, as well as additional minimum requirements where cloud services are material or involve customer information. Banks are expected to apply a risk-based approach, with governance, risk assessment, information security controls, contingency plans, exit strategies and due diligence calibrated to the materiality of the cloud services and the level of reliance on the cloud service provider.

Banks must conduct due diligence on cloud service providers prior to engagement, with the scope of due diligence (including onsite or remote audits) proportionate to the materiality of the services and the associated IT assets. Cloud services must be governed by written agreements containing appropriate access and audit rights for both the bank and the BoM. Where the use of cloud services constitutes outsourcing, banks must also comply with the Outsourcing Guideline, including notification and authorisation requirements.

Where material cloud services are subcontracted, banks must notify the BoM, provide details of subcontractors, remain aware of all subcontracting arrangements, assess and manage the associated risks, apply appropriate due diligence and security controls to subcontractors, and ensure adequate notice of material changes to subcontracting arrangements.

The BoM recognises that climate-related and environmental events give rise to financial risks that may affect the safety and stability of the banking sector. To address these risks, the BoM has issued a guideline on Climate-Related and Environmental Financial Risk Management, which sets out supervisory expectations for banks.

The guideline requires financial institutions to embed climate-related and environmental financial risks within their existing governance, risk management and disclosure frameworks, in a manner commensurate with the nature, scale and complexity of their activities and risk exposures.

Governance

Banks are required to establish sound governance arrangements for climate-related and environmental financial risks. The board of directors must ensure adequate collective understanding and expertise at both board and senior management levels, approve and periodically review the relevant strategy and risk management framework, clearly define roles and responsibilities, ensure timely reporting, and require appropriate training and capacity-building programmes. Senior management is responsible for developing and implementing the framework, reviewing its effectiveness, ensuring adequate resources and expertise, providing at least half-yearly reporting to the board, and addressing material issues in a timely manner.

Risk management

Banks must develop internal frameworks for the identification, assessment, measurement, monitoring, mitigation and management of material climate-related and environmental financial risks across the three lines of defence. Climate-related and environmental risks must be incorporated into existing risk management policies for prudential risks, including credit, liquidity, market and operational risks. Banks are required to identify material risks at counterparty, sectoral and geographical levels; assess short-, medium- and long-term impacts; conduct stress testing and scenario analysis; consider these risks in capital and liquidity adequacy assessments; and integrate them into credit origination and review processes.

Disclosures and reporting

Financial institutions must ensure timely internal reporting to the board and senior management, at least on a half-yearly basis. They are also required to disclose, at least annually in their annual reports, information on their exposure to climate-related and environmental financial risks, the potential impact of material risks, their governance arrangements, and how such risks are identified, assessed and integrated into their overall risk management framework.

Prudential supervision

Through the guideline, the BoM integrates climate-related and environmental financial risks into its prudential supervisory expectations, requiring banks to demonstrate that such risks are adequately governed, managed, monitored and disclosed as part of their overall risk and resilience framework

In Mauritius, banks’ remuneration policies are subject to statutory and governance-based regulatory requirements.

Under section 18 of the Banking Act, no financial institution may employ any person whose remuneration is directly linked to the income of the financial institution or to the level of activity on customers’ accounts.

Except where a dispensation has been granted by the BoM, every financial institution is required to establish a Nomination and Remuneration Committee, the majority of whose members must be non-executive directors. The committee plays a central role in overseeing remuneration governance and is responsible, inter alia, for recommending remuneration and compensation packages for directors, senior management and other key personnel, taking into account risk-taking behaviour, risk outcomes and relevant industry norms. It must also ensure that incentive arrangements do not encourage staff to take excessive risks.

While there are no prescribed numerical bonus caps or mandatory deferral periods, financial institutions are encouraged to structure incentive-based remuneration prudently. In particular, they are encouraged to include contractual provisions allowing the recovery of incentive remuneration (clawback) from executive directors and key management personnel in exceptional circumstances, such as misstatement of financial results or misconduct resulting in financial loss.

Banks are also expected to maintain appropriate levels of transparency and disclosure in relation to remuneration. As a minimum, financial institutions must disclose their remuneration and compensation policies, including performance measurement criteria, as well as the remuneration or fees of directors, senior executives and key employees. Governance disclosures must also cover board composition, committee structures and mandates, enabling stakeholders to assess accountability and oversight.

Enforcement in practice is exercised through the BoM’s supervisory powers. Although there have not yet been instances requiring regulatory intervention to address non-compliance with remuneration policies, the BoM retains the discretion to impose fines or compel compliance where a financial institution fails to adhere to applicable directives, guidelines or instructions.

The BoM implemented Basel III in June 2014 through publication of the Guideline on the scope of application of Basel III and eligible capital (Basel Guideline). When the Basel Guideline was issued, banks faced minimal disruption, as 90% of the banks’ capital base was already Tier 1. Alongside capital adequacy requirements, the BoM introduced a capital conservation buffer, starting at 0.625% in 2017 and increasing annually until reaching 2.5% by 2020.

To control risk in certain high-growth economic sectors, the BoM replaced the Basel III counter-cyclical capital buffer with macro-prudential measures, including additional portfolio provisions, higher risk weights, debt-to-income limits and loan-to-value ratios. Since July 2018, the loan-to-value ratio requirement has been removed.

Banks licensed in Mauritius must meet capital ratio requirements set out in the Basel Guideline at two levels:

(a) the bank standalone (“solo”) level, which measures a bank’s capital adequacy based on its own capital and risk profile; and

(b) the consolidated (“group”) level, which includes the bank’s subsidiaries but excludes insurance or non-financial activities.

Total regulatory capital of banks must consist of the sum of the following elements:

(a) Tier 1 capital (going-concern capital), which comprises of (i) Common Equity Tier 1 and (ii) Additional Tier 1 Capital

(b) Tier 2 Capital (gone-concern capital)

For capital adequacy, banks must maintain:

(a) 6.5% of risk-weighted assets as common equity Tier 1;

(b) 8% of risk-weighted assets as Tier 1 capital; and

(c) 10% total capital (Tier 1 plus Tier 2), exclusive of the capital conservation buffer.

Banks classified as D-SIBs are subject to additional capital requirement. In line with the recommendations of the Basel Committee on Banking Supervision (BCBS), the additional loss absorbency requirement of D-SIBs will have to be met with Common Equity Tier 1 (as defined by the Basel III framework). This additional capital will be in the form of a surcharge for D-SIBs and will be included as a special category in the computation of the capital adequacy ratio under Basel III.

No requirements regarding the BCBS’ leverage ratio have been determined in Mauritius. However, banks are required to comply with other prudential guidelines issued by the BoM.

All banks licensed by the BoM are required to comply with its Guideline on liquidity risk management (LCR Guideline), which includes maintaining a liquidity coverage ratio (LCR). The LCR ensures that banks hold sufficient high-quality liquid assets (HQLA) that consist of cash or assets convertible into cash at little or no loss of value in the market, in order to meet their liquidity requirements for a 30 days’ liquidity stress period – by which time, banks and the BoM will be able to take appropriate corrective action to resolve the stress situation in an orderly manner. The liquidity coverage ratio has two components:

(a) the value of HQLA under stressed conditions; and

(b) total net outflows, as defined by the BoM’s parameters outlined in the guideline.

If a bank’s LCR falls below 100% during financial stress, it must notify the BoM within one business day, justifying the HQLA use and outlining corrective steps.

To complement its LCR Guideline, the BoM introduced the Net Stable Funding Ratio (NSFR) Guideline in 2024. This guideline requires that banks maintain a Net Stable Funding Ratio of at least 100% to promote long-term financial stability. It ensures that banks have adequate stable funding relative to their assets, minimizing dependence on short-term funding and mitigating liquidity risks. The NSFR Guideline outlines the methodology for calculating and monitoring the NSFR, specifying requirements for various types of liabilities and assets.

In Mauritius, banks have access to various funding sources provided by the BoM. These facilities are designed to manage liquidity and ensure financial stability within the banking system.

The primary sources include:

(a) Reserve Requirement: For example, as of 27 January 2023, the computation of the Cash Reserve Ratio on both the Mauritian rupee and foreign currency deposits has been lengthened from 14 to 28 days to enable banks to better manage their liquidity.

(b) Open Market Operations: The main instrument is the 7-Day BoM Bill, which the BoM issues every Friday. The 7-Day BoM Bill is issued at a fixed-rate equal to the “Key Rate” and on full allotment basis. This ensures that the amount of liquidity remaining in the system is in line with the demand for reserve money by banks, thus helping to anchor short-term money market rates at around the “Key Rate”. For information, the “Key Rate” is the principal policy interest rate determined by the Monetary Policy Committee of the BoM.

(c) Treasury Bills and Government Securities: The BoM issues Treasury Bills and other government securities and banks can invest in these instruments for liquidity management and as secure investment options. The BoM may also conduct buybacks of BoM securities in case the liquidity in the system turns short. These buybacks are carried out through competitive auctions.

(d) Interest Rate Corridor and Standing Facilities: The BoM maintains a symmetric interest rate corridor of 200 basis points around the “Key Rate” through standing facilities. Banks with excess liquidity or shortage of liquidity may use the standing facilities to clear their liquidity positions.

(e) Other Operations: The BoM uses other form of instruments, such as foreign currency swaps and bilateral operations, as part of its monetary policy toolkit.

Yes, all financial institutions are required to prepare audited financial statements for the financial year. These statements must be published in the Gazette and on the institution’s website. If the institution does not have a website, the statements must be published in three daily newspapers approved by the BoM.

Furthermore, all financial institutions are also required to submit monthly interim reports in the form of a statement to the BoM, detailing the assets and liabilities of all their offices and branches in Mauritius.

Yes, consolidated supervision exist in our jurisdiction. Aligned with the BCBS, the BoM has taken initiatives to enhance its supervisory process, specifically with the endorsement of risk-based and consolidated supervision, and guidelines have been updated to accord with international best practices.

The Banking Act was also amended to allow for consolidated supervision of banking groups.

There are no reporting or approval requirements for acquiring shares in or gaining control of a bank unless the acquisition or control constitutes obtaining (directly or indirectly) a “significant interest” in the bank. The Banking Act provides that anyone seeking to acquire or increase control in a bank to the level (directly or indirectly) of a “significant interest” must seek the BoM’s prior approval.

A “significant interest” means:

(a) owning, directly or indirectly, alone or together with a related party, or otherwise having a beneficial interest amounting to, 10% or more of the capital or of the voting rights of a financial institution;

(b) having the ability, directly or indirectly, alone or together with a related party, or having the power, to appoint 20% or more of the members of the board of a financial institution; or

(c) directly or indirectly exercising a significant influence over the management of a financial institution as the BoM may determine.

Any acquisition in contravention with the Banking Act will be deemed null and void and not entitled to any voting rights or payment of dividends. The BoM’s Guideline on Corporate Governance requires that banks regularly review and update the BoM on their ownership structures, especially regarding changes to significant shareholders or other influential parties.

As mentioned above, anyone seeking to acquire or increase control in a bank to the level (directly or indirectly) of a “significant interest” must seek the BoM’s prior approval.

Prospective owners of significant interest over a bank must give 30 days’ prior notice to the BoM, including (among other things):

(a) the acquirer’s name, personal history, business background and experience and that of any other person by whom or on whose behalf the acquisition is to be made – this must also be accompanied with a certificate of good conduct issued by a competent authority (or an affidavit duly sworn stating any convictions for crimes and any past or present involvement in a managerial function in a body corporate subject to insolvency proceedings or having declared personal bankruptcy, in respect of each of the persons);

(b) the financial position of that person and any other person by whom or on whose behalf the acquisition is to be made;

(c) the terms and conditions of the proposed acquisition;

(d) the identity, source and amount of the funds or other consideration used or to be used in making the acquisition; and

(e) any plans of the acquirer regarding liquidation, asset sale or merger with any company, or regarding making any other major change in its business, corporate structure or management.

The BoM may request additional information at its discretion.  Approval from the BoM depends on factors such as:

(a) whether the proposed acquisition would create undue influence or a monopoly or would substantially lessen competition;

(b) whether the financial condition of any acquiring person might jeopardise the financial stability of the financial institution or prejudice the interests of its depositors;

(c) whether the competence, experience or integrity of any acquirer, or of any proposed director, chief executive officer or other senior officer, indicates that it would not be in the interest of the depositors of the financial institution or in the interest of the public to permit such person to acquire significant interest in the financial institution;

(d) whether the proposed acquisition will not be conducive to the convenience and needs of the community or market to be served; or

(e) whether any acquiring person fails to furnish the BoM with all the information that it requires.

There are no restrictions on foreign shareholdings in Mauritius.

In June 2014, the BoM introduced a Guideline for dealing with domestic-systemically important banks (D-SiBs), which set out the methodology for assessing the systemic importance of banks.

The Guideline’s objectives are:

(a) to put in place a reference system for assessing the systemic importance of banks;

(b) to assess the systemic importance of banks along the lines of the reference system;

(c) to identify the potential systemically important banks; and

(d) to ensure that the systemically important banks have the capacity to absorb losses through higher capital.

D-SiBs are required to maintain a capital surcharge ranging from 1.0 to 2.5 per cent, in addition to the capital adequacy ratio and the capital conservation buffer.

Depending on the nature of the violation of the banking laws the BoM can (by itself or – where applicable – upon an application to the relevant court) apply fines, sentence of imprisonment, suspension or even revocation of the banking licence.

The BoM has statutory powers under the Banking Act and the Bank of Mauritius Act to supervise banks and take action against institutions and senior individuals who are accountable to the BoM (directives, remedial actions, suspensions, disqualifications, licence actions, penalties). In practice, BoM tends to be more supervisory than punitive. It actively monitors banks (on-site/off-site reviews, guidelines, fit-and-proper assessments) but rarely publicises hard enforcement actions like fines or named sanctions against banks or executives.

High-profile cases involving senior figures tend to arise via criminal investigations, not BoM disciplinary processes.

The Mauritius Deposit Insurance Scheme which was established under the Mauritius Deposit Insurance Scheme Act 2019 to protect insured depositors of a bank by providing insurance against the loss of insured deposits and contribute to the stability of the financial system in Mauritius by ensuring that depositors have prompt access to their insured deposits, in the event of failure by a bank.

The scheme is administered and managed by the Mauritius Deposit Insurance Corporation Ltd, known as the agency. The agency’s powers and functions include, among others:

• the control and management of funds deposited into the deposit insurance fund;
• collecting premium contributions; and
• making payments of compensation in respect of insured deposits or otherwise providing depositors with access to their insured deposits.

Both local and foreign currency deposits are eligible, up to a certain level, to protection under the scheme. They must, however, fall under the following categories:

• deposits in savings accounts both in Mauritian currency and in foreign currencies;
• deposits in a current account both in Mauritian currency and in foreign currencies;
• time deposits both in Mauritian currency and in foreign currencies; and
• such other deposits or amounts as the board of the agency may determine.

Deposits not granted protection under the scheme include:

• where there is a contractual set-off agreement between a bank and a depositor, any deposit up to the amount of any debt owed by a depositor to the bank if such debt is matured or past due, or the maximum amount that would otherwise be eligible for compensation (whichever is lower);
• any deposit of a related party;
• any deposit that is frozen by a court order; and
• such other deposits or amounts as the board may determine.

The coverage limit per insured depositor is MUR 300,000 or such other amount as may be prescribed. If sufficient funds are recovered following the sale of the failing deposit-taking institution’s assets, the insured depositor may recover deposits of more than the coverage limited/insured amount.

The scheme is primarily funded by the premium contributions paid by banks and non-bank deposit-taking institutions. It also derives funding from interests or other income through investments made from the fund, subject to approval of the agency’s board. The financial safety net was reinforced with the setting up of the Mauritius Deposit Insurance Corporation Ltd as a fully owned subsidiary of the BoM in March 2024.

Mauritius does not yet have a full statutory regime that requires banks to prepare formal recovery plans and resolution plans. However, the current framework focuses on conservatorship as the principal crisis intervention tool. The BoM may appoint a conservator for a bank it reasonably suspects is failing or likely to fail, in order to protect assets for depositors and creditors. In addition, there is a deposit insurance scheme under the Mauritius Deposit Insurance Scheme Act, administered by a subsidiary of BoM, which supports depositor protection and financial stability in the event of a bank failure.

While a structured recovery and resolution regime is not fully established, BoM’s prudential supervision implicitly pushes banks toward risk identification, contingency planning, stress testing, and strong governance, which are core elements of good recovery planning. BoM has issued several guidelines that set standards, expectations and reporting which serve as basis for the assessment of banks’ operations including risk frameworks that support resilience

Mauritius has not yet implemented the Financial Stability Board’s “Key Attributes of Effective Resolution Regimes for Financial Institutions”.

Under the current legal regime, conservatorship is the principal means of resolving a failing or a likely-to-fail bank. Also, under the Bank of Mauritius Act 2004, the BoM may, in exceptional circumstances, grant advances to financial institutions – please refer to Question 25 for the conservatorship regime in Mauritius

The BoM has not yet established a TLAC policy; however, banks must adhere to specific guidelines on capital adequacy (refer to Question 14 above), stress testing, and liquidity coverage (refer to Question 16 above). These guidelines align with the Basel Committee’s recommendations and are designed to ensure that banks can absorb losses while continuing to operate.

Every director or senior officer of a bank must, in the exercise of any of his powers and discharging any of his duties act honestly and in good faith and in the best interest of the bank and exercise care, diligence and skill that a reasonable and prudent person would exercise in comparable circumstances. No provision in any contract or in the constitution of a company or any resolution of a company will relieve any director or senior officer from the duty to act in accordance with the banking laws or from liability for breach thereof.

The Banking Act sets out the principles of a fit and proper person, which the BoM must be satisfied of at the time of approving the appointment and reappointment of directors and senior officers. The BoM also issued guidelines detailing the fit and proper criteria for the assessment of the fitness and probity of directors and senior officers.

In addition, Section 64(1) of the Banking Act requires senior officers and directors of banks to be bound by an oath of confidentiality in a form prescribed under the Banking Act.

The BoM will continue its efforts to stability the inflation rate, the depreciation of the Mauritian rupees and the excess liquidity on the market which have remained challenges for the past years.

The development of the legal framework relating to digital transformation and sustainability (from a systemic and a financing perspective) are expected to continue in a bid to further align the jurisdiction with the global practice and recommendations from international agencies.

The main reform which is expected is that of the insolvency legislation, one of the aspects of the reform will be the ranking of security and privileges. Consultations have been on-going for a couple of year but the banking community is pressing for formal steps to be taken.