Rwanda -- AML/CFT Compliance Regulatory Overview

**Law No. 008/2020 of 08/07/2020 on Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation (AML/CFT-P):** This is the cornerstone legislation. It establishes the Financial Intelligence Centre (FIC) as the primary body for receiving and analyzing suspicious transaction reports (STRs) and provides the framework for identifying and sanctioning financial crimes. This law explicitly mandates compliance with international sanctions, particularly those issued by the United Nations Security Council (UNSC).

**Legal Reference:** Law No. 008/2020 of 08/07/2020 on AML/CFT-P (See particularly Articles 2, 3, 22, 23 regarding reporting institutions, financing of terrorism and proliferation, and international cooperation).

**Law No. 008/2021 of 16/02/2021 Governing Payment Systems:** This law provides a framework for licensing and oversight of payment service providers. While not specific to crypto, it lays the groundwork for how VASPs might be regulated and licensed, extending AML/CFT obligations to them. The National Bank of Rwanda (BNR) is the primary regulator for payment systems and is actively working on a comprehensive framework for digital assets.

**Legal Reference:** Law No. 008/2021 of 16/02/2021 Governing Payment Systems

**Regulations and Directives from the National Bank of Rwanda (BNR):** The BNR, as the central bank, issues directives and regulations that implement the AML/CFT-P law and govern financial institutions. As the regulatory framework for VASPs develops, specific BNR guidance will detail their obligations.

**BNR Website:** National Bank of Rwanda

**Financial Intelligence Centre (FIC) Directives:** The FIC provides guidance to reporting institutions on AML/CFT compliance, including sanctions screening.

**FIC Website:** Rwanda Financial Intelligence Centre

**Requirements for VASPs:** Once formally regulated, VASPs in Rwanda (or those dealing with Rwandan entities) must:

Screen all customers, beneficial owners, and counterparties against the **UN Security Council Consolidated List** and other specific UN sanctions lists (e.g., for specific countries or individuals/entities designated for terrorism financing, proliferation, etc.).

Immediately freeze funds and other assets of designated individuals and entities.

Report any hits or frozen assets to the FIC without delay.

Refrain from making funds or economic resources available, directly or indirectly, to sanctioned parties.

**Legal Reference:** UN Security Council Sanctions Committees (Lists and Resolutions): https://www.un.org/securitycouncil/sanctions/information

Dealing with U.S. persons (citizens, residents, entities, branches globally).

Utilizing U.S.-based blockchain analytics tools or other U.S. services.

Operating in whole or in part within the U.S.

**Requirements for VASPs:** Due to the risk of secondary sanctions and disruption of international financial services, prudent VASPs operating in Rwanda should:

Screen all customers, beneficial owners, and transactions against the **OFAC Specially Designated Nationals (SDN) and Blocked Persons List** and other relevant OFAC sanctions lists (e.g., for specific countries or programs like Cuba, Iran, North Korea, Syria, Venezuela, Russia/Ukraine).

Block transactions and freeze assets of designated individuals and entities.

Refrain from engaging in any activity that could be considered a violation or circumvention of OFAC sanctions.

**Legal Reference:** U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC): https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information

Persons and entities incorporated or constituted under the law of an EU Member State.

Any person or entity in respect of business done in whole or in part within the European Union.

**Requirements for VASPs:** VASPs in Rwanda dealing with EU persons or entities, or otherwise having an EU nexus, should:

Screen against the **EU Consolidated Financial Sanctions List**.

Freeze funds and economic resources of designated persons and entities.

Prevent funds or economic resources from being made available to them.

**Legal Reference:** EU Sanctions Map and Consolidated List: https://www.sanctionsmap.eu/

**Customer Due Diligence (CDD) and Know Your Customer (KYC):** Perform thorough CDD on all customers, including identifying beneficial owners. This is the foundation for effective sanctions screening.

**Onboarding:** Screen new customers and their beneficial owners against all relevant sanctions lists (UN, OFAC, EU).

**Ongoing Monitoring:** Regularly re-screen existing customer bases and monitor for changes in sanctions lists.

**Transaction Monitoring:** Screen transaction counterparties and involved entities in real-time or near real-time, especially for high-value or high-risk transactions.

**Tools and Technology:** Utilize reputable sanctions screening software that can handle various lists and languages, and integrate with blockchain analytics tools for tracing funds.

**Positive Match Resolution:** Establish clear procedures for investigating potential matches, escalating to compliance officers, and taking appropriate action (e.g., blocking funds, filing reports).

**Record-Keeping:** Maintain detailed records of all screening activities, hits, investigations, and reports filed.

**UN Sanctions:** Countries subject to comprehensive UN sanctions (e.g., North Korea, Iran in certain contexts).

**OFAC Sanctions:** Countries subject to comprehensive U.S. embargos (e.g., Cuba, Iran, North Korea, Syria, regions of Ukraine, Venezuela).

**EU Sanctions:** Countries or regions subject to EU restrictive measures (e.g., specific regions in Ukraine, Belarus, Myanmar, Syria, North Korea, Iran, Venezuela).

**Administrative Penalties:** The competent supervisory authority (likely the BNR or FIC) can impose administrative fines, revoke licenses, or restrict operations.

**Criminal Penalties:** Individuals or entities found guilty of money laundering, financing of terrorism, or proliferation can face severe criminal penalties, including:

**Imprisonment:** For individuals, ranging from several years to life imprisonment, depending on the severity of the offense.

**Financial Fines:** Substantial fines for both individuals and legal entities.

**Confiscation of Assets:** Assets involved in or derived from illicit activities can be confiscated.

**Primary Sanctions List:** Rwandan financial institutions and, by extension, future licensed VASPs, are primarily required to implement the **UN Security Council Consolidated List** and other specific UN sanctions regimes as mandated by the Law No. 008/2020 on AML/CFT-P.

**Partial/Cautionary:** Rwanda does not have a comprehensive regulatory framework for cryptocurrencies, nor does it impose an outright ban. Instead, it maintains a cautionary stance, primarily through warnings from the central bank, highlighting the risks associated with virtual assets. The focus is currently on consumer protection, financial stability, and leveraging existing AML/CFT legislation.

**Developing:** There is an ongoing recognition of fintech innovation, and discussions are underway regarding future regulatory frameworks that might encompass virtual assets.

**National Bank of Rwanda (BNR):**

**Role:** As the central bank, the BNR is the primary financial regulator responsible for monetary policy, financial stability, and the oversight of financial institutions. It has issued public notices regarding the risks of cryptocurrencies.

**URL:** National Bank of Rwanda Official Website

**Rwanda Financial Intelligence Centre (FIC):**

**Role:** The FIC is Rwanda's anti-money laundering and combating the financing of terrorism (AML/CFT) agency. It is responsible for receiving, analyzing, and disseminating financial intelligence to combat money laundering and terrorist financing. Any future regulation of virtual assets will likely involve the FIC to ensure compliance with AML/CFT standards.

**URL:** While the FIC doesn't have a standalone public website, information on its mandate and operations is typically found on the Ministry of Justice or Ministry of Finance websites.

**Ministry of Finance and Economic Planning (MINECOFIN):**

**Role:** MINECOFIN is responsible for overall fiscal and economic policy, and would play a role in developing any overarching national policy or legislation related to virtual assets.

**URL:** Ministry of Finance and Economic Planning

**BNR Public Notices/Warnings (e.g., December 2017/January 2018):**

**Content:** The National Bank of Rwanda (BNR) issued public warnings against the use of cryptocurrencies, highlighting their volatile nature, potential for fraud, money laundering, and lack of legal tender status. These notices advise the public against investing in or trading virtual currencies, emphasizing that they are not regulated by the BNR and do not fall under its supervision.

**Date:** Circa December 2017 / January 2018 (The exact date might vary slightly depending on the specific publication, but this period marks the BNR's first public cautionary statements).

**Reference:** While a direct, stable URL to the specific 2017/2018 circular can be difficult to find due to website updates, the BNR's official position is consistently maintained in its public communications and can be inferred from news archives and BNR publications. General BNR publications can be found on their website: BNR Publications

**Law N° 19/2013 of 25/03/2013 on Prevention and Punishment of Money Laundering and Financing of Terrorism, amended by Law N° 35/2019 of 24/07/2019:**

**Content:** This law provides the general legal framework for AML/CFT in Rwanda. While it doesn't explicitly mention "virtual assets," its broad definitions and provisions related to financial transactions, reporting obligations for suspicious activities, and asset forfeiture could potentially be interpreted to cover illicit activities involving virtual assets. As FATF recommendations evolve to include VAs, this law serves as the foundation for future specific regulations.

**Date:** Original law from 2013, significant amendment in 2019.

**Reference:** This law is available in the Official Gazette of the Republic of Rwanda. Searching for "Official Gazette Rwanda Law N° 35/2019" would typically lead to its publication. A general source for Rwandan laws is the Ministry of Justice or Rwanda Law Reform Commission portal.

**Unregulated but Not Illegal:** Crypto trading and the operation of crypto exchanges are **not explicitly prohibited** in Rwanda, but they are also **not formally regulated or licensed**. This means they operate in a legal "grey area."

**High Risk Warnings:** The National Bank of Rwanda has consistently advised the public that engaging in virtual asset activities carries significant risks, including price volatility, lack of consumer protection, potential for fraud, and the absence of any regulatory recourse in case of loss.

**No Specific Licensing:** There is currently no specific licensing regime for Virtual Asset Service Providers (VASPs), including exchanges, custodians, or issuers of virtual assets. Entities engaging in such activities do so outside of the formal financial regulatory framework.

**AML/CFT Scrutiny:** Any entity or individual involved in virtual asset transactions would still be subject to general AML/CFT scrutiny under the existing laws, particularly if suspicious activities are detected by traditional financial institutions (which are regulated).

**Law N°003/2020 of 20/02/2020 on Preventing and Laundering and Combating the Financing of Terrorism and Proliferation of Weapons of Mass Destruction.**

**VASP-to-VASP Transfers:** For transfers between two Virtual Asset Service Providers (VASPs), there is **no threshold**. The full originator and beneficiary information must be collected and transmitted regardless of the amount.

**De Minimis Threshold (for certain scenarios):** While the law requires information for all transfers, FATF guidance allows for a de minimis threshold (typically **USD/EUR 1,000**) below which the receiving VASP *may* not need to obtain the originator information *unless* there is suspicion of ML/TF or the transfer is associated with a higher-risk scenario. However, the *originating VASP* still has obligations to collect and transmit this information. Rwanda's Article 23 generally mandates information for *all* transfers, placing the burden on both originating and receiving entities. Further specific implementing regulations or guidance from the National Bank of Rwanda (BNR) or the Financial Intelligence Centre (FIC) would clarify any exact de minimis for specific types of lower-risk transactions, but the default expectation is full compliance.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Name (natural person) or Legal name (legal person)

National identity number (for natural persons) or Legal entity identifier (for legal persons)

Virtual asset wallet address or unique transaction identifier

**Administrative Sanctions:** Imposed by regulatory bodies like the National Bank of Rwanda (BNR) or the Financial Intelligence Centre (FIC), which can include warnings, fines, suspension of licenses, or withdrawal of licenses.

**Fines:** Significant monetary penalties for legal persons, potentially ranging from millions to hundreds of millions of Rwandan Francs (RWF), depending on the severity and nature of the breach.

**Imprisonment:** Individuals found responsible for non-compliance, especially in cases of willful negligence or involvement in money laundering/terrorism financing, can face terms of imprisonment.

Failure to report suspicious transactions.

Failure to implement internal controls and procedures.