Junaid Udhin, Mauritius Africa FinTech Hub

STO guidance note provides robust framework but implementation will be key

Share on:

The jurisdiction continues to strengthen its FinTech regulatory framework to cement the position of the island as a FinTech hub for the region, as demonstrated by the recent issuance of the third guidance note on Security Token Trading Systems by the Financial Services Commission (FSC).

This 15-page document builds on the second guidance note on ‘Security Token Offerings (STOs)’ released by the FSC in April last year, which in turn followed closely on the release of the first guidance note on recognising digital assets as an asset class in September 2018.

In a press release, the regulator said this was the start of a new licensing regime to enable fully regulated security token trading systems in the country. Essentially, the new regime allows a new security token trading systems to become eligible for an FSC license. So far, it effectively authorises a business to put up a security token offering (or an STO) for sale, as well as operate a trading house in the jurisdiction.

In the pipeline for 18 months, the guidance represents a sound start to recognising security tokens, and the broader cryptocurrency bucket, as an asset class in their own right.

MAFH’s Head of Regulation and Compliance, Junaid Udhin, shares his insights on how the regulation can be expected to help the jurisdiction strengthen its positioning as a regional FinTech hub and what is the way forward for FinTech firms seeking to enter the digital asset space.

What does a Security Token Offering entail?

As per the guidelines, an STO fundamentally entails that the offering has to comply with the provisions of the Securities Act 2005, with any Regulations and Rules issued by the FSC including the FSC’s own case-by-case assessment of an STO and the guidelines. In addition, all licencees involved in STO and trading shall be required to ensure strict adherence to Anti Money Laundering / Combatting the Financing of Terrorism (AML/CFT) laws in Mauritius,” emphasises Junaid.

Eligible categories of traders

He goes on to note that only a restricted category of entities can issue security tokens as per the guidance notes, which are as follows:

  • Entities registered as Reporting Issuer defined under section 86(1) of the Securities Act 2005 as an issuer;
  • Collective Investment Schemes authorised as Expert Funds or Professional Collective Investment Schemes (PCIS);
  • Any such other issuer as may be deemed appropriate by the FSC

Licencing and Capital requirements

Next, Junaid notes that in order to establish, maintain and operate a system for the trading of security tokens in Mauritius, a Trading Securities System (TSS) licence will be required, which is to be issued by the FSC.

A TSS licencee shall be required to maintain a minimum stated unimpaired capital of MUR 35 million or an equivalent amount in another currency and such capital must be held in fiat currency.

Regulatory and Compliance criteria

Lastly, Junaid stresses that there are a series of operational requirements regarding Professional Indemnity Insurance cover, Management & Control, IT audit, Cybersecurity, custody services and data protection as well as compliance with the relevant Principles for Financial Market Infrastructure (CPMI) of the International Organisation of Securities Commissions (IOSCO).

How can a firm apply for a TSS licence?

Junaid lists the following rules under various categories that a TSS must comply with, prior to being granted a licence by the FSC:


  • The types of security tokens that will be traded on the TSS
  • The client onboarding process including customer due diligence checks, admission criteria and other procedures to trade on the TSS
  • The listing process and the minimum listing requirements
  • The order execution rules
  • The arrangements put in place for the safekeeping of the security tokens and fiat currency
  • Procedures in cases of trading disruptions

Reporting and investor protection

  • Post trade reporting and publication
  • Details regarding whether access to trading information is equitable for all investors
  • The arrangements made by the TSS for the monitoring, surveillance and supervision of the TSS to ensure fairness, efficiency, transparency and investor protection as well as compliance with the Securities Act 2005


  • Compliance with prudential and other requirements designed to support the operations of the TSS and reduce the risk of non-completion of transactions
  • Arrangements to ensure compliance with applicable laws and regulations of the jurisdiction in which the security tokens will be offered for trading, where appropriate


  • Governance, internal controls and risk management procedures
  • Cybersecurity measures
  • AML/CFT systems

The business plan for anyone who wishes to apply for a TSS licence will have to be well written with clear details in line with the rules mentioned above,” emphasises Junaid.

Substance requirements

In addition, the guidance notes prescribe stringent substance requirements in terms of office premises, resident directors as well as management and control that a firm holding a security token trading licence must adhere to.

Any business that is conducted from within Mauritius is required to show substance. For all such businesses, it is essential to demonstrate that central management and control are being exercised from Mauritius. When assessing the substance requirements, the FSC will consider the nature and level of core income generating activities (including the use of technology) by the company,” notes Junaid.

Moreover, he emphasises that, for a TSS, other than what is mentioned in the general guidelines, it is expected that the following additional substance requirements will also apply:

  • Office space
  • Recruitment of qualified staff
  • Compliance officer and MLRO / Deputy MLRO
  • Reasonable expenditure in Mauritius to run the business

Cybersecurity, AML/CFT and data protection

Junaid goes on to address the cybersecurity, AML/CFT and data protection framework that a TSS must put in place as a regulatory mandate.

At the end of the day, what the regulators are looking for is a safe environment where STOs can be conducted, where investors are comfortable, where money is safe and where the risks of fraud, loss and hacking are low or inexistent,” he emphasises.

With technology having evolved to an unprecedented threshold in the current era, Junaid stresses that precautionary and preventive measures are essential to obviate “FinTech crime”. He cautions that hacking could create significant chaos and damage – with the recent example of banks in Mauritius showing how fraudulent payment instructions were processed because of email hacking.

An STO or a token is a new concept to many. It is obvious that the learning curve could be a steep one and we can expect to see new versions of STOs emerging as technology advances. It is during the progression of the learning curve that FinTech crime is more likely to happen and therefore the necessity of having a robust security framework, a detailed AML/CFT policy, and a sound data protection regime in place. In my opinion, blockchain technology is indeed the best solution to give the required level of comfort,” avers Junaid.

Challenges and missed opportunities

Notwithstanding the necessity of proceeding with caution, Junaid rues that the evolution of STO regulations in Mauritius has been slow.

For the last couple of years, an STO framework has been on the wish list of the industry stakeholders, including FinTech entrepreneurs, and the regulators were fully cognisant of that. However, from a regulatory perspective, it was clearly crucial to have the proper framework in place for STOs to ensure maximum compliance with Mauritius’s current laws and regulations and also, to demonstrate to the international community the willingness of having a sophisticated jurisdiction for STOs,” he explains.

To provide a background, Junaid notes that the FSC launched an internal task force on STOs which culminated in the present guidance notes. Having said that, he cautions that the guidance note is “not as detailed as we would expect – it is simply a guidance.” He goes on to note that it is the implementation of the guidance note that would be “interesting to watch out for, in terms of seeing when the FSC would be processing the applications for such licences.”

Importantly, we do not know yet how banks would react to the TSS licence, for instance, whether they would be comfortable with opening a bank account for such an entity or not.  Banks are simply not entertaining businesses dealing in digital assets for the moment and the banking issue in Mauritius is another debate altogether,” he warns.

Future forward

To sum up, Junaid believes that the delay in Mauritius adopting STOs has been a “blessing in disguise” as it has given the jurisdiction sufficient time to learn lessons from the evolution of STOs on the international stage and to identify the gaps and shortcomings in order to arrive at a better framework.

However, he is quick to point out the other side of the coin, which is that this delay in implementation has also caused Mauritius to lag behind other countries, thus requiring more “aggressiveness and imagination” to attract investors to the jurisdiction in its capacity of a FinTech hub.

He concludes on the note that the main concerns around STOs remain the regulatory and compliance aspects, and that this phenomenon is not unique to Mauritius but a worldwide struggle where all regulatory authorities across jurisdictions must play their part.