Crypto License in Mauritius
Mauritius as a Fintech Gateway to Africa and Asia
Mauritius, strategically positioned as an international financial centre (IFC) linking Africa, Asia, and the rest of the world, has swiftly cemented its role in the global FinTech landscape. The enactment of the Virtual Asset and Initial Token Offering Services Act 2021 (VAITOS Act) established one of the most comprehensive and FATF-compliant regulatory frameworks for digital assets globally. Obtaining a Mauritius Crypto License is now mandatory for any entity conducting virtual asset services in or from the jurisdiction, signalling high commitment to investor protection and financial integrity.
This definitive guide provides an exhaustive analysis of the licensing process, covering the specific classes of Virtual Asset Service Provider (VASP) licenses, stringent AML/CFT requirements, mandatory economic substance, and the regulatory expectations set by the Financial Services Commission (FSC) of Mauritius.
Defining the Mauritius Crypto Regulatory Landscape
The Financial Services Commission (FSC) is the principal regulator responsible for licensing, supervising, and enforcing the VAITOS Act. The Act ensures that Mauritius’s digital asset sector adheres strictly to international standards, particularly those set by the Financial Action Task Force (FATF).
The Cornerstone: The VAITOS Act 2021
The Virtual Asset and Initial Token Offering Services Act 2021 (VAITOS Act) came into force in February 2022. Its primary goal is two-fold: to foster innovation in the FinTech sector and to safeguard against money laundering and terrorism financing (AML/CFT) associated with virtual assets.
The VAITOS Act distinguishes Mauritius as a progressive jurisdiction by offering regulatory certainty across five distinct classes of VASP activities and providing a clear framework for Initial Token Offerings (ITOs).
Defining Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs)
A Virtual Asset (VA) is defined broadly as a digital representation of value that can be digitally traded or transferred and may be used for payment or investment purposes. Importantly, this excludes digital representations of fiat currencies, securities, or other financial assets that fall under existing securities legislation.
A Virtual Asset Service Provider (VASP) is a person who, as a business, conducts one or more of the following activities for, or on behalf of, another person:
Exchange between VAs and fiat currencies.
Exchange between one or more forms of VAs.
Transfer of VAs.
Safekeeping/administration of VAs or instruments enabling control over VAs (i.e., crypto custody services).
Participation in, and provision of, financial services related to an issuer’s offer and/or sale of a VA.
Classes of Mauritius Crypto Licenses
The FSC has established five distinct classes of licenses, allowing applicants to precisely match their regulatory scope to their business model. This multi-class approach ensures that regulatory burdens are proportional to the risks involved in the VASP’s activities.
Class M: Virtual Asset Broker-Dealer
This is the most common class for standard exchange operations.
Activities: Facilitating the exchange between virtual assets and fiat currencies; or exchange between one or more forms of virtual assets.
Target Audience: Brokerage houses, small to medium-sized centralized exchanges.
Class S: Virtual Asset Market Place (Exchange)
This is the most regulated class for platform operators.
Activities: Operating a centralized or decentralized Virtual Asset Exchange platform (VATP) which facilitates the exchange of VAs for fiat currency or other VAs on behalf of third parties.
Enhanced Requirements: Subject to the highest capital requirements and the most stringent operational and market abuse prevention controls.
Class R: Virtual Asset Custodian (Digital Asset Custodian)
Mauritius was one of the first jurisdictions globally to introduce a specific digital asset custodian framework.
Activities: Safekeeping and administration of virtual assets or instruments enabling control over virtual assets (e.g., providing key management/cold storage solutions).
Focus: The core focus here is on the technical security and the robust segregation of client assets, requiring advanced cybersecurity and key management protocols.
Class O: Virtual Asset Wallet Services
This class applies to VASP activities focused solely on asset transfer.
Activities: Transfer of virtual assets on behalf of another person.
Note: Often combined with other classes (e.g., a Custodian or Broker-Dealer license).
Class I: Virtual Asset Advisory Services
This class addresses the advisory and intermediary role in the digital asset space.
Activities: Participation in and provision of financial services related to an issuer’s offer and/or sale of a VA.
Target Audience: Firms advising on the structure, marketing, or compliance of an Initial Token Offering (ITO).
Financial Requirements: Minimum Capital and Operational Solvency
The FSC imposes specific minimum capital requirements for the different VASP license classes, demonstrating that the VASP has adequate financial backing to operate responsibly and absorb operational losses.
VASP License Classes and Minimum Required Capital (FSC Mauritius)
This table demonstrates the direct link between the type of VASP activity and the minimum financial requirement set by the Financial Services Commission (FSC).
| VASP License Class | Primary Activity and Focus | Minimum Required Capital (MUR) |
| Class S (Market Place) | Operating a Virtual Asset Exchange (VATP), brokerage. | MUR 6,500,000 |
| Class R (Custodian) | Safekeeping and administration of virtual assets (key control). | MUR 5,000,000 |
| Class M (Broker-Dealer) | Exchange between VA and Fiat or VA and VA. | MUR 2,000,000 |
| Class O (Wallet Services) | Transfer of virtual assets (wallets). | Sufficient Working Capital (for 12 months) |
| Class I (Advisory Services) | Advising on ITOs and provision of related financial services. | Sufficient Working Capital (to meet debts as due) |
Note: The working capital requirement for Class O and I ensures the business model is financially viable over the short-to-medium term, with realistic financial forecasts submitted to the FSC.
Ongoing Solvency and Audits
Financial Reporting: All licensed VASPs must maintain proper books of accounts and submit annual audited financial statements to the FSC.
Insurance: The FSC may mandate that VASPs, particularly Class R Custodians, secure adequate professional indemnity insurance (PII) or other coverage against risks such as cyber breaches or operational errors, further safeguarding client assets.
The Cornerstone of Compliance: AML/CFT Requirements
Mauritius has fully embraced the FATF standards for the digital asset sector. Compliance with the Financial Intelligence and Anti-Money Laundering Act (FIAMLA) and the specific AML/CFT Guidance Notes for VASPs issued by the FSC is non-negotiable and represents the most intensive part of the application and ongoing supervision.
Core AML/CFT Obligations
All VASPs are designated as ‘reporting persons’ under FIAMLA and must implement a risk-based approach (RBA).
Enterprise-Wide Risk Assessment (EWRA): Mandatory documented assessment of the inherent risks posed by the VASP’s business model, technology, geographical exposure, and client base.
Customer Due Diligence (CDD) / KYC: Rigorous procedures for verifying the identity of all customers and their Ultimate Beneficial Owners (UBOs) using reliable, independent source documents.
Enhanced Due Diligence (EDD): Applied to high-risk customers, including Politically Exposed Persons (PEPs) and customers from high-risk jurisdictions. CDD must be applied to any occasional transaction equal to or above USD 1,000 or its equivalent.
Implementation of the FATF Travel Rule
The VAITOS Act enforces the FATF Travel Rule (Recommendation 16) for transfers of virtual assets.
Obligation: VASPs must obtain, hold, and transmit specific originator and beneficiary information for all VA transfers above a specified de minimis threshold.
Data Required: The VASP must obtain and hold the name of the originator and the beneficiary, along with the virtual asset wallet address for each or a unique transaction reference number.
Compliance Solution: VASPs must deploy a compliant technical solution (e.g., a Travel Rule Solution Provider – TRSP) to securely facilitate the required data exchange with counterparty VASPs.
AML/CFT Requirements and Compliance Roles
This table details the key functions and procedures mandatory for all VASPs in accordance with the VAITOS Act and FATF requirements.
| Role or Requirement | Duties and Key Focus |
| MLRO (Reporting Officer) | Receiving internal SARs, assessment, and filing STRs with the Financial Intelligence Unit (FIU) of Mauritius. |
| AML/CFT Compliance Officer | Managing the AML/CFT program, policy development, staff training, and oversight of internal procedures (KYC/CDD/EDD). |
| FATF Travel Rule | Obtaining, holding, and transmitting Originator and Beneficiary data for VA transactions above $1,000. |
| CDD/KYC | Applying Customer Due Diligence and verifying UBOs for all customers and occasional transactions $\ge$ $1,000. |
| EWRA | Conducting and documenting an Enterprise-Wide Risk Assessment to identify and mitigate business vulnerabilities. |
Governance, Key Personnel, and Local Substance
The FSC demands clear demonstration of genuine local mind and control and adherence to the Fit and Proper Person criteria for all key individuals.
Fit and Proper Criteria
All directors, shareholders holding 20% or more, and key officers (MLRO, Compliance Officer) must satisfy the FSC’s Fit and Proper Person test, which assesses:
Integrity and Honesty: Proven track record, no criminal record, and clear financial integrity.
Competence and Experience: Relevant education, qualifications, and experience in finance, technology, or regulatory compliance appropriate to the VASP’s activities.
Financial Standing: A sound financial position and evidence of Source of Wealth/Funds (SoW/SoF) for capital contribution.
Mandatory Governance and Local Presence
This table summarizes the core requirements for the VASP’s management structure and physical presence (substance) in Mauritius.
| Requirement | Description and FSC Criteria |
| Legal Entity | VASP must be incorporated as a legal entity in Mauritius (typically a Global Business Company – GBC). |
| Local Directors | Minimum of two directors, one of whom must be resident in Mauritius to demonstrate “local mind and control.” |
| Fit and Proper Test | Assessment of the honesty, competence, and financial standing of all directors, UBOs, and key functionaries (MLRO/Compliance Officer). |
| Office and Records | Mandatory maintenance of a registered office in Mauritius for storing all corporate, operational, and regulatory records. |
| Prior Approval | Mandatory prior written approval from the FSC for significant changes (shareholders, directors, business plan, IT systems). |
At least one director must be resident in Mauritius to ensure a local point of contact and control and demonstrate central management and control.
Key Documents for Fit & Proper Submission
| Document Category | Required for Directors/UBOs |
| Identity Verification | Certified Passport Copy, Certified Proof of Address (within last 3 months). |
| Integrity & Honesty | Police Clearance Certificate or Certificate of No Criminal Record (CNCR), Detailed CV/Resume. |
| Financial Standing | Personal Bank Reference Letter, Source of Wealth/Funds (SoW/SoF) Declaration and supporting documentation. |
| Professional Competence | Academic Certificates, Professional Reference Letter(s) from a lawyer or accountant. |
Technology, Cyber Security, and Client Asset Protection
For classes involving platform operation (S) and custody (R), the VASP must adhere to stringent technological and operational requirements to ensure system integrity and client protection.
IT Governance and Cyber Resilience
The FSC requires the submission of detailed IT policies that cover the entire technology stack:
IT Risk Management: Comprehensive policy identifying, assessing, and mitigating technology risks, particularly in hot and cold wallet infrastructure.
Business Continuity and Disaster Recovery (BCP/DR): Mandatory and regularly tested plans for restoring operations and data integrity in the event of a system failure or cyberattack.
Third-Party Vetting: Robust due diligence on all outsourced technology providers, including blockchain analytics tools and core platform operators.
Custody and Asset Segregation (Class R)
The core principle for the Virtual Asset Custodian (Class R) is the absolute separation of client and proprietary funds.
Segregation Mandate: The VASP must ensure client virtual assets are strictly segregated from the VASP’s own assets at all times, through multi-signature, multi-party computation (MPC), or other verifiable methods.
Key Management: Detailed, auditable procedures must be in place for the generation, storage (preferably cold storage), retrieval, and destruction of private keys, managed by appropriate internal controls.
Disclosure: Clear disclosure of the risks associated with the custody arrangements and the VASP’s legal liabilities in case of loss.
Request more information
The VASP License Application Process (REEFS Submission)
The application for a Mauritius Crypto License is made to the FSC and involves submitting a detailed dossier through the official channels. The timeline typically ranges from 4 to 6 months from initial submission to final approval, assuming all documentation is complete and accurate.
Step-by-Step VASP Licensing Journey
Pre-Application: Legal review to confirm the applicable license class(es) under the VAITOS Act.
Incorporation & Corporate Setup: Incorporation of the GBC entity in Mauritius and appointment of local directors and the MLRO/Compliance Officer.
Documentation Assembly: Finalizing the comprehensive Business Plan, AML/CFT Manual, financial projections, and all Fit and Proper forms.
Submission and Fee Payment: Formal submission of the complete application dossier to the FSC, along with payment of the non-refundable processing fee.
FSC Review and RFI: The FSC conducts due diligence, often issuing Requests for Information (RFIs) requiring prompt and detailed responses. Failure to respond comprehensively and quickly to RFIs is the leading cause of application delays.
Interview and Conditional Approval: FSC may request interviews with key personnel. Conditional approval is granted, subject to the satisfaction of final pre-licensing conditions (e.g., final office setup, proof of capital).
Final License Grant: Upon meeting all conditions, the VASP license is officially granted.
Processing and Annual Fees (USD Equivalent)
The FSC imposes a non-refundable processing fee upon application and an annual fixed fee upon license grant.
| VASP License Class | Processing Fee (Approx. USD) | Fixed Annual Fee (Approx. USD) |
| Class M (Broker-Dealer) | 2,000 USD | 2,000 USD |
| Class S (Market Place) | 3,000 USD | 5,000 USD |
| Class R (Custodian) | 1,500 USD | 2,500 USD |
| Class I (Advisory Services) | 3,000 USD | 5,000 USD |
| Class O (Wallet Services) | 1,000 USD | 1,900 USD |
Ongoing Compliance and Enforcement
Obtaining the license is the start of continuous regulatory engagement. The FSC rigorously monitors licensed VASPs to ensure ongoing adherence to the VAITOS Act.
Periodic Regulatory Filings
VASPs must adhere to continuous reporting standards:
Annual Returns: Submission of annual audited financial statements and regulatory returns to the FSC.
AML/CFT Reports: Regular submission of compliance reports and immediate filing of STRs with the FIU upon suspicion.
Prior Approval: Mandatory requirement to seek prior approval from the FSC for any material changes, including changes in directors, shareholding (above a 5% threshold), technology systems, or the business plan itself.
FSC Supervision and Enforcement
The FSC employs both off-site monitoring and on-site inspections.
On-Site Inspections: FSC representatives will conduct site visits to verify the Economic Substance (physical office, local staffing, genuine management control) and to test the functional effectiveness of the AML/CFT policies and IT security controls. The VASP must be able to demonstrate that its compliance procedures work in practice, not just on paper.
Penalties: Failure to comply with the VAITOS Act and associated regulations can lead to substantial administrative penalties, license suspension, or, in severe cases of misconduct or persistent AML/CFT breaches, revocation of the Mauritius Crypto License.
Initial Token Offerings (ITOs) and the VAITOS Act
The VAITOS Act also established a clear registration regime for Issuers of Initial Token Offerings (ITOs), providing further regulatory certainty.
ITO Registration Requirements
Any entity issuing a Virtual Token (VT) from or within Mauritius must register with the FSC.
White Paper: Issuers must publish a detailed, accurate, and non-misleading White Paper that adheres to the specifications laid out in the Fourth Schedule of the VAITOS Act. This paper must include clear risk disclosures, information about the project team, and the intended use of funds.
Disclosure and Marketing: All advertisements must be clear, identifiable, and consistent with the White Paper. The issuer must ensure high standards of professional conduct and due diligence in all marketing and disclosure practices.
Investor Protection: The Act requires the issuer to publish a detailed whitelist containing verified data for potential investors, enhancing transparency and compliance.
Distinction from Securities Law
A critical component of the VAITOS framework is its clear demarcation of tokens from regulated securities. Tokens classified as securities would fall under the existing Securities Act 2005, requiring compliance with different regulatory obligations. The FSC’s clarity on what constitutes a ‘Virtual Token’ under VAITOS simplifies the regulatory pathway for utility and payment tokens.
Deep Dive: IT Security and Operational Resilience
The stringent requirements for Class S (Market Place) and Class R (Custodian) demand more than just policy documents; they require demonstrable, functional resilience.
Network and System Audits
The FSC may require an independent, certified third-party audit of the VASP’s systems, including penetration testing and vulnerability assessments, prior to granting a license.
Security Control Assessment: This audit must confirm that the VASP’s infrastructure, cryptographic protocols, hot/cold wallet management, and access controls meet global best practices and the specific requirements outlined in the FSC’s guidance.
Separation of Duties: Operational controls must enforce a strict separation of duties between the IT team, the compliance team, and the key management personnel, mitigating the risk of insider fraud.
Protocol for Virtual Asset Transfers
VASPs must have detailed, documented procedures for all incoming and outgoing virtual asset transfers, ensuring compliance not only with the Travel Rule but also with transaction monitoring best practices.
Transaction Monitoring System: Implementation of an automated, real-time transaction monitoring system (TMS) using blockchain analytics tools to identify patterns indicative of potential money laundering, such as structuring, unusual volume, or known addresses associated with illicit activity.
Sanctions Screening: Immediate and continuous screening of all originator and beneficiary wallet addresses and associated names against global sanctions lists (OFAC, UN, etc.).
The Strategic Value of the Mauritius License
The Mauritius Crypto License under the VAITOS Act 2021 is a powerful strategic tool, signifying to the global market that the VASP is committed to the highest standards of regulatory compliance and financial integrity. The FSC’s rigorous vetting process ensures that only credible and well-capitalized entities can operate, distinguishing licensed Mauritian VASPs in the competitive global FinTech landscape. Successfully navigating the capital requirements, the Fit and Proper test, and the intensive AML/CFT framework provides a robust foundation for a globally competitive digital asset business.
FAQ
The primary regulation is the Financial Services (Virtual Asset and Initial Token Offering Services) Rules 2021 (VAITOS Rules), overseen by the Financial Services Commission (FSC).
The Financial Services Commission (FSC) is the sole regulator responsible for licensing and supervising all Virtual Asset Service Providers (VASPs).
Mauritius offers specialized licenses, including the VA Exchange License, the Digital Asset Custodian License, and the VA Broker-Dealer License, each governed by the FSC VAITOS Rules.
Yes. The VASP must demonstrate genuine economic substance, including maintaining a physical office and proving that Core Income Generating Activities (CIGA) are conducted within Mauritius.
The Minimum Capital Requirements FSC Mauritius are set by the FSC and vary significantly based on the type of license sought (e.g., Custodian and Exchange licenses require higher capital).
The Timeline for Mauritius crypto license approval usually ranges from 6 to 9 months, depending heavily on the complexity of the business model and the completeness of the initial submission.
Yes. Mauritius, as an FATF-compliant jurisdiction, strictly enforces the FATF Travel Rule for all licensed VASPs to ensure robust Mauritius AML compliance.
The license positions the VASP as a regulated financial institution in a premier African financial centre, serving as a strategic gateway for accessing high-growth African markets.
Yes, firms providing safekeeping or administration of virtual assets must obtain the specific Digital Asset Custodian License Mauritius, which has stringent asset protection requirements.