Mauritius: New FSC Guidelines On Regulatory Sandbox License

The Financial Services Commission (the 'FSC') has recently announced the setting up of FSC Finnovate, the new fintech innovation hub, a measure previously highlighted in the 2021/2022 budget speech. The principle behind it is to improve the competitiveness and to reinforce the position of Mauritius as a leader in fintech and artificial intelligence offerings in Africa.

In its commitment to foster a conducive and efficient regulatory and business environment for investors, the FSC has regrouped several existing regimes, namely peer-to-peer lending, investment-based crowdfunding, payment intermediary services, robotic and artificial intelligence enabled advisory services, and virtual assets under its new fintech and innovation resource hub. With this new initiative, the FSC has a two-fold objective, namely to:

• actively encourage amongst other things open finance innovation aimed at providing customers with better control over their personal and financial data; and
• automated programming interface standardisation to allow the development of financial products and services benefiting participants in the non-banking sector.

Given that the amendments brought about in 2021 to section 14B of the Financial Services Act 2007 empower the FSC to issue regulatory sandbox authorisations ('RSAs'), the FSC has now also published the Regulatory Sandbox Guidelines (the 'FSC RSL Guidelines') to provide clear guidance to applicants.

Although the FSC RSL Guidelines indicate that the requirements set out therein are not exhaustive, the FSC RSL Guidelines do offer rather comprehensive criteria for applicants:

1. Eligibility

Applications must satisfy the eligibility criteria¹, which includes:

• innovation, whereby the applicant's project must be sufficiently innovative in terms of technology, product or service, and/or business model to add significant value to existing financial services products in the non-banking financial services sector;
• a need for support and testing of the solution on real clients and a mismatch between the existing regulatory framework and the solution being proposed;

• testing readiness and the maturity of the project, including adequate resources to support testing in the regulatory sandbox environment and sufficiently developed testing plans with clear objectives, parameters and success criteria;

• identifiable direct or indirect benefits to market participants as well as adequate protection to users or customers of the project;

• sound risk management systems and safeguards to limit any risks that may arise from the testing of the project and to contain any consequences of failure; and

• the ability to scale up and deploy the project, including an adequate exit and transition strategy if the project is discontinued or the RSA is revoked.

2. Application process and timelines²

The application is subject to a preliminary review of a maximum of 15 business days from receipt by the FSC, following which the FSC may request any additional information if required. Within 30 business days of obtaining a complete application pack, the FSC will notify the applicant in writing of its decision to grant the RSA for a maximum of 12 months³ or reject the application. Communiques are published on the website of the FSC where RSAs are granted. The RSA may be extended provided that (i) a renewal request is submitted at least 20 business days before the expiry of the current testing period explaining the rationale for such request⁴ and (ii) the approval of the FSC is obtained⁵.

3. Continuing obligations

Where a RSA is granted, the sandbox entity (the 'SE') is subject to continuing obligations including but not limited to:

• obtaining the prior approval of the FSC before effecting any material changes to the project⁶;

• submitting interim reports on the progress of the testing and on various metrics (such as key performance indicators, key milestones, statistical information, any key issues and operational incidents, and any actions and steps taken to remedy such issues and incidents) and submitting a final report within 20 business days before the expiry of the testing period (or renewed testing period) on similar metrics⁷;

• disclosures towards users and clients on, inter alia the nature and complexity of the product or service being offered, and whether compensation is paid for losses incurred during the testing period, as well as ensuring the informed and formal consent of such users and clients is duly obtained before their onboarding⁸; and

• implementing adequate complaints handling processes, data protection policies and confidentiality policies⁹.

Moreover, the FSC may exempt the SE from certain regulatory requirements in the event of a mismatch between the existing regime and the operations and objectives of the SE¹⁰.

It is apposite to note that the FSC RSL Guidelines are substantially similar in terms of the eligibility criteria and application process in the Regulatory Sandbox Licence Guidelines for Fintech Projects (the 'EDB Guidelines') published by the Economic Development Board (the 'EDB'). A key distinguishing feature however is the clear set of continuing obligations imposed by the FSC on successful SEs. Whilst the EDB does impose a number of obligations on successful applicants under the EDB Guidelines, the FSC RSL Guidelines provides for more granular details and clarity on the applicable regime during the testing period.

Footnotes

1. Paragraph 3.1 of the FSC RSL Guidelines.

2. Paragraphs 3.2, 3.3 and 3.5 of the FSC RSL Guidelines.

3. Paragraph 4.2 of the FSC RSL Guidelines

4. Paragraph 7 of the FSC RSL Guidelines.

5. Paragraph 4.2 of the FSC RSL Guidelines

6. Paragraph 4.3 of the FSC RSL Guidelines

7. Paragraph 5 of the FSC RSL Guidelines

8. Paragraphs 6.1 to 6.2 of the FSC RSL Guidelines

9. Paragraphs 6.3 to 6.4 of the FSC RSL Guidelines

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.