A New Corporate Crime Regime in Mauritius

The Financial Crimes Commission Act 2023 (“the Act”), in force since 29 March 2024, marks a major evolution in Mauritius’ approach to corporate criminal liability. Among its most significant innovations are sections 52 and 53, which establish a statutory duty for legal persons – including companies, limited partnerships or foundations – to maintain “adequate procedures” to prevent financial crimes committed by persons acting on their behalf. Importantly, the Act introduces a strict-liability mechanism: if certain elements are met, a legal person may be convicted regardless of senior management’s knowledge or involvement. This marks a decisive shift toward proactive corporate governance and accountability.

What Sections 52 and 53 Require

Section 52(1) requires every legal person – meaning any entity, including a private entity, other than a natural person – to implement adequate, reasonably necessary procedures to prevent offences under Part III of the Act. Failure to do so is itself an offence, carrying a maximum fine of up to MUR 20 million.

A legal person becomes liable where:

1. An associated individual – be it a director, senior manager, officer, agent, or representative with authority – commits a Part III offence under the Act;
2. The offence is carried out for the benefit of the legal person; and
3. The organisation or entity cannot, on a balance of probabilities, prove that it had adequate procedures designed to prevent the misconduct.

This therefore places a meaningful burden on organisations to demonstrate not only the existence of compliance policies but also their practical effectiveness.

Lessons from the UK and Australia: How Foreign Regimes Shape Interpretation

The approach closely resembles the Australian Criminal Code’s (“the Code”) requirements that corporations exercise “due diligence” to prevent criminal conduct. The Code defines failure to exercise such diligence broadly to include insufficient corporate supervision, weak controls, or lack of mechanisms for transmitting relevant information internally. The Act’s emphasis on “adequate procedures” has a similar expectation: preventative, embedded and documented compliance.

Section 52(2) empowers the Financial Crimes Commission to issue guidelines on adequate procedures. Though non-prescriptive, these guidelines have quasi-legislative influence, setting out five evidential principles – top-level commitment, risk assessment, control measures, monitoring and review, and communication/training – which closely mirror the UK’s guidance under the Bribery Act 2010 (“BA 2010”).

The structure of sections 52 and 53 bears strong similarity with section 7 of the UK’s BA 2010, which created the corporate offence of failing to prevent bribery. Both regimes:

• Impute criminal liability to organisations for misconduct by associated persons;
• Target white-collar and financial crimes;
• Provide a statutory defence based on “adequate procedures”;
• Are interpreted with reference to official guidance (namely the FCC Guidelines on legal persons and the Secretary of State's guidance on s. 9 of the UK Bribery Act 2010 respectively).

Key lessons from UK prosecutions

Although Mauritius has yet to see a conviction under section 52 of the Act, experience from the UK offers valuable insight. The first conviction under section 7 of BA 2010 occurred in R v Sweett Group plc (2016). Sweett, a construction and professional services firm, pleaded guilty to failing to prevent its subsidiary from bribing a UAE official to secure a Dubai hotel project. The company was fined £ 2.25 million under a DPA^[1], underscoring two core principles: (i) the value of early cooperation with enforcement authorities on their terms and at the earliest stage to secure lighter sentencing and (ii) mere existence of compliance documents is insufficient: Sweett’s asserted reliance on “adequate procedures” failed to persuade the court.

More recently, R v WABGS Ltd and others (2022) revealed how prolonged management failures undermine any adequate-procedures defence. A senior manager at Coca-Cola Enterprises UK Limited manipulated the tendering process for electrical service contracts over nine years, benefitting three corporate contractors. These companies were unable to show “adequate procedures”: two were found to have “a culture of disregard” for internal controls, while the third relied on an outdated ethics policy described as “only paying lip service” to compliance. Combined fines totalled £640,000.

These cases illustrate that courts assess substance over form – policies must be active, current and embedded throughout the organisation.

How the Principles Compare: Mauritius and the UK

The Financial Crimes Commission’s guidelines align closely with the UK’s as shown below:

Table 1. Comparative principles of  ‘Adequate Procedures’

Though labelled differently, both systems emphasise risk-based, proportionate, and well-documented compliance frameworks that reflect an organisation’s operational reality.

Sector impact: How Obligations Play Out in Practice

Although obligations under sections 52 and 53 apply broadly across the Mauritian economy, their impact varies by sectoral exposure to financial-crime risk. Two examples illustrate this:

Tourism

Hotels, resort chains, and corporate tour operators clearly fall within the definition of legal persons and must implement "adequate procedures" to prevent bribery, fraud, and money laundering. A hotel chain engaging suppliers for construction, entertainment, or procurement must implement robust due diligence, anti-corruption controls, and training for staff and agents. If an associated person offers an improper inducement to secure business, the corporate entity may be liable even without senior management’s direct involvement or knowledge. This shift requires tourism operators to move from reactive compliance to proactive governance, requiring documented controls, whistleblower channels, and regular audits to satisfy Section 53 and detect early red flags.

Banking

Banks, trust companies, and global business entities already operate within stringent regulatory frameworks, including obligations under FIAMLA. Sections 52 and 53, however, go further by creating corporate liability for misconduct committed for the organisation’s benefit, irrespective of management awareness. Adequate procedures in this sector demand strong customer due diligence (CDD), transaction monitoring, and internal governance that minimises the risk of internal or third-party wrongdoing.

The UK Standard Bank case under BA 2010 illustrates the risk. The bank was held liable for failing to prevent bribery by a third-party agent in Tanzania, despite no evidence of senior management knowledge. The resulting DPA required profit disgorgement, a substantial fine, and mandatory compliance reforms. A comparable lapse in Mauritius – such as a bank’s inadequate due diligence on an intermediary in a cross-border transaction – could produce liability under Section 53. This underscores the necessity for comprehensive anti-corruption frameworks, continuous training, and effective whistleblowing channels.

Looking Ahead: The Transition to the National Crime Agency Act

Although the Act represents a significant alignment with international standards, its tenure under its current form is likely short-lived. Mauritius is moving towards a more assertive, intelligence-driven enforcement model with the anticipated National Crime Agency (NCA) Act expected to expand supervisory powers and introduce sector-specific guidance. It is likely that sections 52 and 53 will be retained in some way, shape or form so that organisations must continue to shift from basic, reactive compliance to dynamic governance systems capable of detecting, preventing and documenting misconduct. Future reform may introduce harsher penalties and specialised oversight for high-risk sectors and emphasise the requirement for legal persons to adopt real-time reporting, advanced compliance technologies. Investing early in adequate procedures is not merely a statutory defence – it is a strategic necessity.