The Financial Services Commission (FSC) Mauritius has issued new Guidelines on the Frequency of Customer Due Diligence (CDD), providing greater clarity on the timing and frequency of customer reviews that financial institutions and other regulated entities must undertake as part of their AML/CFT obligations.
Issued under the Financial Services Act and the Financial Intelligence and Anti-Money Laundering Act (FIAMLA), the Guidelines become effective on 8 June 2026 and introduce specific minimum review periods for existing customers based on their risk profile.
Why the Guidelines Matter
Customer Due Diligence is a cornerstone of an effective AML/CFT framework. While firms have long been required to maintain up-to-date customer information and conduct ongoing monitoring, the FSC has now formalised minimum review frequencies to ensure that customer information remains accurate, relevant and risk sensitive.
The Guidelines emphasise that relying solely on trigger events is no longer sufficient. Instead, firms are expected to implement periodic reviews of customer information even where no specific event has occurred.
Minimum CDD Review Frequencies
Under the new Guidelines, firms are expected to conduct reviews of existing customer due diligence information at the following minimum frequencies:
| Customer Risk Category | Minimum Review Frequency |
| High Risk | At least once every year |
| Medium Risk | At least once every three years |
| Low Risk | At least once every four years |
These review periods represent minimum requirements and firms may choose to conduct reviews more frequently where justified by their risk assessment.
Trigger Events Still Apply
The FSC has clarified that periodic reviews do not replace event-driven reviews.
CDD reviews must also be undertaken whenever significant events or circumstances arise, including:
- Material changes in ownership or management structures;
- Changes in the risk classification of the customer’s jurisdiction;
- Identification of a Politically Exposed Person (PEP);
- Inconsistencies in customer information or verification documents;
- Expired or invalid identification information;
- Adverse media or negative information identified through screening processes; and
- Requests for new products or services that carry a higher level of risk.
The list is not exhaustive, and firms are expected to exercise professional judgment in identifying circumstances that warrant additional due diligence.
One-Year Implementation Period
The FSC expects licensees to establish and implement appropriate procedures and timelines to comply with the new requirements.
Importantly, reviews of existing customers should be completed within one year from the effective date of the Guidelines. This means firms should begin assessing their customer populations, risk classifications, and existing review schedules without delay.
Practical Considerations for Licensees
The new requirements present an opportunity for regulated entities to reassess the effectiveness of their AML/CFT frameworks. Firms should consider:
- Reviewing customer risk-rating methodologies;
- Ensuring customers are appropriately categorised as low, medium or high risk;
- Implementing automated review reminders and monitoring controls;
- Updating AML/CFT policies and procedures;
- Maintaining clear audit trails of completed reviews; and
- Ensuring adequate compliance resources are available to meet review deadlines.
Particular attention should be given to high-risk customers, where annual reviews will now be a minimum regulatory expectation.
Regulatory Consequences of Non-Compliance
The FSC has indicated that compliance with the Guidelines will be supervised and enforced through its regulatory powers.
Failure to comply with directions issued by the FSC may result in regulatory action and may expose firms to sanctions under the Financial Services Act, including financial penalties and other enforcement measures.
How FiveComply Can Assist
The implementation of risk-based CDD review cycles may require enhancements to compliance frameworks, customer risk assessment methodologies, monitoring procedures and governance arrangements.
FiveComply assists regulated entities in Mauritius and other international financial centres with:
- AML/CFT framework reviews;
- Customer risk assessment methodologies;
- Independent AML audits;
- Compliance monitoring programmes;
- Regulatory gap analyses; and
- Ongoing Compliance support.
For further information on how these Guidelines may affect your business, please contact our team.
Disclaimer: This article is provided for general informational purposes only and does not constitute legal, regulatory, tax, or professional advice. Readers should seek independent professional advice before acting on any information contained herein.
