The Anti-Money Laundering and Countering the Financing of Terrorism Handbook 2020 released on 13 January 2020 by the Financial Services Commission of Mauritius (“FSC”) has been updated and amended by the FSC on 31 March 2021. The Handbook is now referred to as the “Anti-Money Laundering and Combatting the Financing of Terrorism Handbook 2020” (the “Handbook”), with replacement of the word “Countering” by the word “Combatting” in its title. References to the Code on Prevention of Money Laundering and Terrorist Financing issued by the FSC have also been deleted from the Handbook following its repeal in November 2020.

The other more significant amendments to the Handbook relate to –

(i) Additional provisions in Chapter 4 – “Risk Based Approach” aiming to assist the financial institutions in implementing an adequate business risk assessment; and

(ii) A new chapter on Independent Audit – “Chapter 13” with the main objective to provide the financial institutions with interpretive guidance on conducting a successful and effective independent audit.

The FSC has set out its expectation on the business risk assessment carried out by financial institutions and has conceded that management, compliance, and risk management should work together when performing the business risk assessment. The responsibility of the board of directors for business risk assessment of a financial institution has been reaffirmed in Handbook yet again. Regarding the frequency of the review of business risk assessment, the amendments now require that the business risk assessment must be reviewed on occurrence of trigger events in addition to the existing requirement of conducting a review at least annually.

Independent Audit is another key area which has been systematically dealt in the updated Handbook. The new chapter 13 provides detailed guidance on ascertaining the scope of the independent audit, selection of the audit professional including competency and skills of the audit professionals, assessing independence of the audit professional, frequency of the independent audit, the outcome of the audit and the content of the audit report.

A number of mandatory elements to be tested in the audit of a financial institution have been enumerated in the Handbook. These include, policies and procedures related to Anti-Money Laundering (“AML”) / Combatting of Financing of Terrorism (“CFT”), risk assessment, effectiveness of mitigating controls including customer due diligence measures and function of compliance officer and money laundering reporting officer, trainings, record keeping, sanction checks and suspicious transaction monitoring and reporting. It is also clarified that independent review may be conducted by an internal or an external audit professional who is not involved in the development of a financial institution’s AML/CFT related program or risk assessment and has no conflict of interest. Additionally, emphasis has been laid on the competency and skills of the auditor. The auditor is now expected to have the necessary skills, qualifications, relevant experience of the audit process and should have a proper understanding of the Financial Intelligence and Anti-Money Laundering Act 2002 (“FIAMLA”) and its supporting regulations as well as sufficient knowledge of the financial institution’s industry.

On the frequency of the audit, FSC has made clear that it should be corresponding with the licensee’s size, nature, context, complexity, and internal risk assessment. However, for a financial institution that is in the process of being wound up, it is recommended that at least one final independent audit is carried out until the financial institution is no more considered as a reporting entity under the FIAMLA.

Further, it is an obligation that the audit report is dated and signed by the auditor. The audit report must include views on whether the AML/CFT risk assessment and the AML/CFT programme of a financial institution comply with the requirement of FIAMLA, the regulations thereunder and the other AML/CFT related legislations and whether the programme is functioning effectively in practice as required, including the course of period of covered in the audit. Lastly, it is important to note that there is no requirement to file the audit report with FSC unless requested by the FSC.

The amendments to the Handbook undoubtedly bring clarity to the conduct of business risk assessment and independent audit and will be of paramount assistance to the financial institutions and compliance professionals to implement these requirements especially for the practice of independent audit which was far from being applied consistently.