AML/CFT Framework Design for Fintech Businesses

Overview

The FSC Mauritius AML/CFT guidelines impose comprehensive obligations on all licensed fintech entities, from payment intermediaries and investment advisers to virtual asset service providers and crowdfunding platforms. These obligations reflect FATF standards, and the FSC's supervisory approach to AML/CFT has intensified significantly in recent years, with more frequent and more rigorous examinations across the sector.

Fintech businesses present particular AML/CFT challenges. Digital onboarding removes the face-to-face interaction that traditional financial institutions rely on for identity verification, requiring robust digital identity solutions, liveness checks, and document verification technologies. Transaction volumes in fintech businesses can be very high, demanding automated transaction monitoring systems calibrated to detect suspicious patterns at scale without generating unmanageable false-positive rates.

Virtual asset businesses face additional obligations under FATF Recommendations 15 and 16, including travel rule compliance, blockchain analytics, and enhanced due diligence for high-risk transactions involving unhosted wallets. The MLRO function in a fintech business must be capable of overseeing all of these obligations and maintaining the STR reporting programme required by Mauritius's Financial Intelligence and Anti-Money Laundering Act.

Aurevya designs AML/CFT frameworks that are comprehensive without being disproportionate, calibrated to the specific risk profile of the business, the nature of its clients, and the jurisdictions it operates in. We work with you from initial risk assessment through to FSC examination preparation, ensuring your framework is both regulatory-grade and operationally practical.

FATF

Compliant Mauritius Framework

Mauritius's AML/CFT framework fully implements FATF recommendations, including Recommendations 15 (virtual assets) and 16 (travel rule), to international standards.

Increasing

FSC AML Examination Frequency

The FSC has significantly increased the frequency and depth of AML/CFT examinations across licensed fintech entities, making preparation a business-critical priority.

Significant

Non-Compliance Penalties

AML/CFT non-compliance can result in significant fines, licence suspension, and reputational damage, making a well-designed and properly maintained framework an essential investment.

What We Do

Key Features of Our AML/CFT Framework Design Service

01

AML/CFT Policy and Procedure Design

We design a comprehensive AML/CFT policy framework, including the AML/CFT policy statement, risk appetite, business-wide risk assessment, and detailed procedures covering all regulated activities.

02

KYC/CDD/EDD Framework

We design a risk-based customer due diligence framework, including simplified CDD for lower-risk clients, standard CDD for typical onboarding, and enhanced due diligence protocols for higher-risk customers, PEPs, and complex structures.

03

Digital Identity Verification Integration

We advise on the integration of digital identity verification solutions, including eKYC, liveness detection, document verification, and biometric authentication, into your onboarding process in a manner compliant with FSC requirements.

04

Transaction Monitoring System Design

We design transaction monitoring frameworks, including alert rule calibration, threshold setting, false-positive management, case management protocols, and escalation procedures, appropriate to your transaction volumes and risk profile.

05

MLRO Function Establishment and Support

We support the establishment of the MLRO function, including MLRO appointment, terms of reference, reporting lines, operational procedures, and ongoing advisory to support the MLRO in fulfilling their statutory obligations.

06

FSC AML Examination Preparation

We prepare clients for FSC AML/CFT examinations, conducting pre-examination reviews, identifying gaps, preparing remediation, briefing key personnel, and providing examination support.

Process

How We Build Your AML/CFT Framework

01

Risk Assessment

We conduct a comprehensive business-wide risk assessment, evaluating your client base, products, services, delivery channels, and geographic exposure to determine your inherent ML/TF risk profile.

02

Policy Gap Analysis

We review any existing AML/CFT policies and procedures against FSC requirements and FATF standards, identifying gaps and prioritising remediation.

03

Framework Design

We design the complete AML/CFT framework, policies, procedures, CDD standards, transaction monitoring rules, PEP and sanctions screening protocols, STR reporting procedures, and record-keeping requirements.

04

System Implementation and MLRO Support

We support implementation of transaction monitoring and KYC systems, assist with MLRO appointment and briefing, and design the staff training programme required to embed the framework across the business.

05

Testing, Validation, and Ongoing Monitoring

We test and validate the framework, including transaction monitoring calibration testing and CDD process walkthrough, and provide ongoing monitoring, annual framework review, and FSC examination preparation.

Ideal Clients

Who This Service Is For

01

New FSC Licence Applicants

Businesses applying for FSC licences that need a compliant, well-documented AML/CFT framework as part of their application, designed to meet FSC expectations and support the long-term compliance programme.

02

Virtual Asset Service Providers

VASPs facing the most complex AML/CFT obligations in the fintech sector, travel rule compliance, blockchain analytics, unhosted wallet due diligence, and high-volume transaction monitoring.

03

Payment Businesses

Payment intermediaries and e-money institutions handling high transaction volumes, cross-border flows, and diverse client bases, requiring scalable, automated AML/CFT frameworks.

04

Licensed Entities Facing Examination

FSC-licensed fintech entities preparing for AML/CFT examination, requiring a gap analysis, remediation plan, and preparation support to approach the examination with confidence.

FAQ

Frequently Asked Questions

What AML/CFT obligations does an FSC-licensed fintech have?

FSC-licensed fintech entities are subject to the Financial Intelligence and Anti-Money Laundering Act and the FSC's AML/CFT guidelines. Obligations include maintaining a business-wide risk assessment, implementing risk-based CDD, ongoing transaction monitoring, PEP and sanctions screening, appointing an MLRO, maintaining records for at least seven years, reporting suspicious transactions to the FIU, and conducting regular AML/CFT training for staff.

Who must be the MLRO and what do they do?

The MLRO (Money Laundering Reporting Officer) must be a senior employee with sufficient authority and resources to discharge their obligations. The MLRO is responsible for receiving internal suspicion reports from staff, evaluating them, and deciding whether to file STRs with the FIU. The MLRO also oversees the AML/CFT framework, manages the training programme, liaises with the FSC, and reports to the board on AML/CFT matters.

What does KYC/CDD require for digital onboarding?

Digital CDD requires the business to verify the client's identity without face-to-face interaction. This involves document verification (passport, ID), liveness detection to confirm the person is real and present, cross-referencing against PEP and sanctions databases, and source of funds verification for higher-risk clients. The FSC accepts electronic CDD subject to appropriate technology standards and risk management controls.

What transaction monitoring is required?

Transaction monitoring must be proportionate to the business's risk profile and transaction volumes. For high-volume fintech businesses, this typically requires automated monitoring systems with calibrated alert rules, case management workflows, and regular review of rule effectiveness. Monitoring must cover unusual patterns, structuring, threshold breaches, and transactions involving high-risk jurisdictions or counterparties.

When must I file an STR?

A suspicious transaction report (STR) must be filed with the Mauritius FIU as soon as practicable after suspicion of money laundering or terrorist financing arises, before carrying out the transaction where possible. The threshold for suspicion is low: it is not required that you know or believe a transaction is criminal, only that you have reasonable grounds for suspicion. Filing an STR provides a defence against money laundering liability for the reporting entity.

What happens during an FSC AML examination?

An FSC AML examination is a structured supervisory review of the business's AML/CFT framework and operations. Examiners typically review the business-wide risk assessment, policies and procedures, CDD files, transaction monitoring records, STR files, training records, and MLRO reports to the board. Weaknesses identified are communicated in a findings letter, and the business is expected to remediate within specified timeframes. Serious deficiencies can result in enforcement action.

Related Services

Robust Financial Crime Compliance from Day One

Key Features of Our AML/CFT Framework Design Service

How We Build Your AML/CFT Framework

Who This Service Is For

Frequently Asked Questions

Explore Related Fintech Services

Ready to Build Your AML/CFT Framework?