The Financial Services Commission (FSC), the integrated regulator for non-banking financial services and global business sectors, which is highly supportive of Fintech-related initiatives, issued on 15 June 2020, pursuant to section 7(1)(a) of the Financial Services Act 2007, guidance notes on a common set of standards for Security Token Offerings (STO) and the licensing of Security Token Trading Systems (STTS). Failure to comply with these Guidance Notes may entail regulatory sanctions and would constitute a contravention of the law and may lead to prosecution.
Whilst commenting this guidance note, the Chief Executive of the FSC has stated that “As part of our core strategy, the FSC is aiming at positioning Mauritius as a regional hub of sound repute in the field of Fintech. The publication of a Guidance Note on Security Tokens Offering (STO) and Security Tokens Trading Systems is a another stepping stone in building an open and transparent regulatory regime for Fintech in Mauritius. We already have a growing interest for these specific licences and are expecting to receive several applications in the upcoming months”.
Security Tokens are captured under the definition of “securities” under the Securities Act 2005. To determine whether a particular digital asset falls within the definition of “securities”, the FSC will adopt a look through approach and consider the structure, characteristics and rights attached thereto. An STO is the issue of Security Tokens, as a method of raising funds from investors, in exchange for the ownership or economic rights in relation to assets. An STO is subject to the provision of the Securities Act and regulations or FSC Rules issued thereunder, including the requirement for a prospectus.
Those entities who may issue Security Tokens are (a) entities registered as a Reporting Issuer under section 86(1) of the Securities Act, or (b) professional collective investment schemes and expert funds where an investor makes an initial investment of no less than USD 100,000 or a sophisticated investor as defined in securities legislations, or (c) any other issuer as may be deemed appropriate by the FSC. The offers of Security Tokens are subject to the same regulatory regime as offers of securities made through traditional means, including the requirement to have a prospectus.
STTS are trading systems which are designed to allow for the trading of Security Tokens. These trading systems are different from traditional exchanges inasmuch as they do not require any clearing and settlement facilities. The transactions are cleared automatically in real time using a distributed ledger technology. Such trading platforms are usually accessed directly by the clients to execute their transactions without the need to go through a third party intermediary. However, should a clearing and settlement facility be used, same has to have adequate systems and controls in place for the transfer of Security Tokens and/or fiat currency on the platform.
These trading platforms will be licensed by the FSC under section 11 of the Securities Act as a Trading Securities System. Such platforms should inter alia have:
- a client onboarding process which includes customer due diligence checks, admission criteria and procedures to trade on the platform;
- the listing process and the minimum listing requirements together with order execution rules;
- arrangements for the safekeeping of both the Security Token and fiat currency;
- post trade reporting and publication;
- compliance with prudential and other requirements;
- procedures in cases of trade disruptions;
- arrangements for monitoring, surveillance and supervision to ensure fairness, efficiency, transparency and investor protection;
- governance, internal controls and risk management procedures;
- cybersecurity measures;
The trading securities system shall at all times maintain a minimum stated unimpaired capital of MUR 35million in fiat currency. It should also subscribe to adequate professional indemnity insurance against liability for any act, error or omission in the conduct of its operations. It has to be managed and controlled from Mauritius besides demonstrating adequate office premises and IT infrastructure from which it shall perform its core functions in Mauritius. Its board should be composed of a minimum of 3 directors of which at least 30% shall be independent directors and one shall be resident in Mauritius.
It is expected to publish daily and periodic information, indices and averages of its activities in order to ensure transparency and equity to investors. It is also required to submit trading logs to the FSC. Other obligations include compliance with applicable data protection legislations, and anti-money laundering and countering the financing of terrorism (AML/CFT) laws and regulations.
The trading securities system will also need to appoint external and independent third parties to undertake an audit of its IT systems and processes at least once every year. Such a third party must be fit and proper to undertake such an audit. Records of such audits and any remedial actions implemented shall be maintained and made available to the FSC, upon request.
Cybersecurity is key to the operation of such a platform. As such, a Chief Technology Officer has to be designated, who shall be responsible for establishing, maintaining and overseeing the cybersecurity architecture of the trading system. He bears the responsibility to carry out self- assessments and examine the probability of cyberattacks and other threats besides assessing the cyber risk appetite of the platform including its strong and weak points. Moreover, proper safeguards to ensure that the systems and networks are fully protected to contain and limit a possible cybersecurity breach.
To conclude the FSC urges all prospective investors to fully ascertain the related risks prior to committing any funds for investments in Security Tokens inasmuch as such investments are at the investor’s own risks and they are not protected by any statutory compensation arrangements in Mauritius.