Mauritius: How FinTech sits within the existing legal and regulatory framework?
FinTech has become a global phenomenon. Cities such
as London, New York, San Francisco, Shenzhen and Singapore have already
positioned themselves as a leading FinTech Hubs. Near us, South Africa, Nigeria
and Kenya are already at the forefront in the FinTech sector. According to a
recent report, 'Finnovating for Africa: Exploring the African Fintech Ecosystem
Report 2017', released by Disrupt Africa
last month, South Africa is the top destination for FinTech start-ups
activities. As Joseph Lubin, founder of ConsenSys
recently said at a press conference in Mauritius, if "Mauritius puts together a
concerted effort to be a world leader [in the FinTech Ecosystem], it will be."
Given the numerous opportunities which FinTech provide, Mauritius is keen to harness the benefits of the FinTech revolution, in particular to become a FinTech Hub for Africa. Budget Speech 2017-18 identifies FinTech as one of the key economic drivers: a Regional FinTech Association will be established which will act as a think-tank and advise on the regulatory changes to ensure a conducive environment for FinTech start-ups. The association will have tie-ups with international institutions such as Innovate Finance London and the FINTECH Circle.
The adoption of internet technology and innovation in financial activities such as payment, peer-to-peer lending, insurance, wealth management and virtual currency pose significant regulatory challenges - for example, consumer protection, data protection, cyber threats, money laundering and terrorism financing. However, more importantly, the question of supervision and regulation of FinTech operators remain unanswered.
The two main supervisory bodies in the financial services sectors are the Bank of Mauritius (BoM) and the Financial Services Commission (FSC). BoM ensures the stability and soundness of the financial system of the country. It regulates and supervises financial institutions which carry on activities 'in, of from within, Mauritius'. The Banking Act defines a 'financial institution' as "any bank, non-bank deposit taking institution or cash dealer licensed by the central bank" The FSC, on the other hand, ensures that business in the non-bank financial services sector and in the global business sector (also referred to as the 'offshore sector') is carried in a sound manner. It regulates financial services and financial business activities in areas such as captive insurance, insurance and securities, and extends to financial business activities, such as asset management, credit finance and global treasury activities.
Arguably, the nature of the FinTech activity would, in principle, dictate which of two regulators assumes supervisory role over such activity. However, as Ian Dillon, Co-Founder of Now Money recently said the FinTech market in Africa (and in Mauritius) is still in its infancy. It is therefore important that if FinTech is to become huge success in the country and a FinTech Hub in Africa the country must not adopt a prescriptive approach to regulation. The regulatory sandbox regime introduced in the Investment Promotion Act in 2016 could stimulate disrupters in the financial services industry to invest in innovative projects. The Regulatory Sandbox Licence is issued by the Board of Investment (BoI). On 25 May 2017, the BOI issued the first Regulatory Sandbox licence with respect to a crowdfunding platform. It is understood that there are other applications for Regulatory Sandbox licences which are in under considerations, in particular with respect to the application of distributed ledger technology (DLT) in the financial services industry. Examples of applications of DLT are Bitcoin and Ethereum. Both of these virtual currencies are exchanged using the blockchain technology.
Other regulatory concerns relate to data protection and privacy and cyber threats. Technology shortcomings relating to privacy and confidentiality could be daunting roadblocks to the emergence of FinTech. Mauritius has however an adequate data protection law regime conducive for the uptake of FinTech start-ups in the country. With the adoption of the General Data Protection Regulation in Europe recently, the Data Protection Act will be amended in order to align the Mauritian data protection law with the Regulation.
It is undisputed that the future of FinTech and Cybersecurity are interlocked. Cyber threats are a major concern for consumers and business alike. The 'National Cyber Security Strategy 2014-2019' (Guidelines) set out strategic guidelines for cyber security. The development of effective public-private-partnership is identified to ensure the security of the cyberspace. Mauritius will also be reviewing its existing cybercrime law.
Finally, with the rapid growth of FinTech, regulators will have to consider new tools to facilitate the delivery of risk and compliance functions to make informed decisions based on real time information and powered by Artificial Intelligence (AI). Regulatory Technology (RegTech) will help firms better understand and manage their risks. Two areas where RegTech plays a prominent role, in particular in the FinTech industry, are customer identity (KYC) and anti-money laundering (AML). As Marc Andrews, Vice-President at IBM Watson Financial Services Solutions, recently said, RegTech provides an "an opportunity to drive a dramatic step change in how organisations are addressing regulatory compliance, and to transform regulatory compliance, both within financial services organisations and in the industry as a whole."
It is the author's view that the BoI's sandbox regime can help firms to test their products in a safe and lighter regulatory environment without the need for an immediate overhaul of the current regulatory systems. A non-prescriptive approach is a win-win situation for FinTech businesses, consumers and regulators. With the creation of the Economic Development Board (EDB), the BoI will cease to be in existence and applications for Regulatory Sandbox licences will be processed by the EDB. As announced in the Budget 2017-2018, the EDB will, in its quest to promoting Mauritius as an attractive investment and business centre, engage in discussions with all stakeholders, including industry experts, regulators and technology vendors.
 Section 2 of the Banking Act
 Mauritius International Financial Centre â April 2017. Issue 5. Unlocking capital between Africa and Asia at p. 24
 The Investment Promotion Act was amended by the Finance (Miscellaneous Provisions) Act. Act No. 18 of 2016
 The country passed the Data Protection Act (DPA) in 2004
 The Computer Misuse and Cybercrime Act, Act No. 22 of 2003
 https://www.gtreview.com/news/global/ibm-on-regtech-and-the-future-of-compliance/ (Last accessed on 11 July 2017
The Economic Development Board Bill (No. XI of 2017) will be introduced at the National Assembly on 19 July 2017. A copy of the Bill can be obtained at http://mauritiusassembly.govmu.org/English/bills/Documents/intro/ 2017/bill1117.pdf