Rwanda -- Sanctions Compliance Regulatory Overview

Rwanda's regulatory landscape for cryptocurrencies and Virtual Asset Service Providers (VASPs) is evolving, with an increasing focus on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT), which inherently includes sanctions compliance. While Rwanda does not currently have a dedicated, comprehensive "crypto law" like some jurisdictions, VASPs are expected to comply with existing financial sector laws, particularly those related to AML/CFT, and the implementation of international sanctions.

Here's a breakdown of cryptocurrency sanctions and restrictions in Rwanda:

1. Legal Framework for AML/CFT and Sanctions in Rwanda

The primary legal instruments governing AML/CFT and by extension, sanctions compliance in Rwanda, are:

• Law No. 008/2020 of 08/07/2020 on Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation (AML/CFT-P): This is the cornerstone legislation. It establishes the Financial Intelligence Centre (FIC) as the primary body for receiving and analyzing suspicious transaction reports (STRs) and provides the framework for identifying and sanctioning financial crimes. This law explicitly mandates compliance with international sanctions, particularly those issued by the United Nations Security Council (UNSC).
  • Legal Reference: Law No. 008/2020 of 08/07/2020 on AML/CFT-P (See particularly Articles 2, 3, 22, 23 regarding reporting institutions, financing of terrorism and proliferation, and international cooperation).
• Law No. 008/2021 of 16/02/2021 Governing Payment Systems: This law provides a framework for licensing and oversight of payment service providers. While not specific to crypto, it lays the groundwork for how VASPs might be regulated and licensed, extending AML/CFT obligations to them. The National Bank of Rwanda (BNR) is the primary regulator for payment systems and is actively working on a comprehensive framework for digital assets.
  • Legal Reference: Law No. 008/2021 of 16/02/2021 Governing Payment Systems
• Regulations and Directives from the National Bank of Rwanda (BNR): The BNR, as the central bank, issues directives and regulations that implement the AML/CFT-P law and govern financial institutions. As the regulatory framework for VASPs develops, specific BNR guidance will detail their obligations.
  • BNR Website: National Bank of Rwanda
• Financial Intelligence Centre (FIC) Directives: The FIC provides guidance to reporting institutions on AML/CFT compliance, including sanctions screening.
  • FIC Website: Rwanda Financial Intelligence Centre

2. OFAC/EU/UN Sanctions Compliance Requirements for VASPs

a. UN Sanctions Compliance: Rwanda, as a member state of the United Nations, is obligated to implement UN Security Council Resolutions. The Law No. 008/2020 on AML/CFT-P explicitly incorporates this obligation.

• Requirements for VASPs: Once formally regulated, VASPs in Rwanda (or those dealing with Rwandan entities) must:
  • Screen all customers, beneficial owners, and counterparties against the UN Security Council Consolidated List and other specific UN sanctions lists (e.g., for specific countries or individuals/entities designated for terrorism financing, proliferation, etc.).
  • Immediately freeze funds and other assets of designated individuals and entities.
  • Report any hits or frozen assets to the FIC without delay.
  • Refrain from making funds or economic resources available, directly or indirectly, to sanctioned parties.
• Legal Reference: UN Security Council Sanctions Committees (Lists and Resolutions): https://www.un.org/securitycouncil/sanctions/information

b. OFAC (U.S.) Sanctions Compliance: While OFAC sanctions are not directly Rwandan law, they have significant extraterritorial reach. VASPs operating in Rwanda must comply with OFAC sanctions if they have any U.S. nexus, which includes:

• Dealing with U.S. persons (citizens, residents, entities, branches globally).
• Using U.S. dollar-denominated transactions.
• Utilizing U.S.-based blockchain analytics tools or other U.S. services.
• Operating in whole or in part within the U.S.
• Requirements for VASPs: Due to the risk of secondary sanctions and disruption of international financial services, prudent VASPs operating in Rwanda should:
  • Screen all customers, beneficial owners, and transactions against the OFAC Specially Designated Nationals (SDN) and Blocked Persons List and other relevant OFAC sanctions lists (e.g., for specific countries or programs like Cuba, Iran, North Korea, Syria, Venezuela, Russia/Ukraine).
  • Block transactions and freeze assets of designated individuals and entities.
  • Refrain from engaging in any activity that could be considered a violation or circumvention of OFAC sanctions.
• Legal Reference: U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC): https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information

c. EU Sanctions Compliance: Similar to OFAC, EU sanctions are extraterritorial and apply to:

• Persons and entities incorporated or constituted under the law of an EU Member State.
• Nationals of EU Member States.
• Any person or entity in respect of business done in whole or in part within the European Union.
• Requirements for VASPs: VASPs in Rwanda dealing with EU persons or entities, or otherwise having an EU nexus, should:
  • Screen against the EU Consolidated Financial Sanctions List.
  • Freeze funds and economic resources of designated persons and entities.
  • Prevent funds or economic resources from being made available to them.
• Legal Reference: EU Sanctions Map and Consolidated List: https://www.sanctionsmap.eu/

3. Sanctioned Entity Screening Obligations for VASPs

Once the Rwandan regulatory framework fully encompasses VASPs, they will be considered "reporting institutions" under Law No. 008/2020 on AML/CFT-P. This will impose specific obligations:

• Customer Due Diligence (CDD) and Know Your Customer (KYC): Perform thorough CDD on all customers, including identifying beneficial owners. This is the foundation for effective sanctions screening.
• Real-time and Batch Screening:
  • Onboarding: Screen new customers and their beneficial owners against all relevant sanctions lists (UN, OFAC, EU).
  • Ongoing Monitoring: Regularly re-screen existing customer bases and monitor for changes in sanctions lists.
  • Transaction Monitoring: Screen transaction counterparties and involved entities in real-time or near real-time, especially for high-value or high-risk transactions.
• Tools and Technology: Utilize reputable sanctions screening software that can handle various lists and languages, and integrate with blockchain analytics tools for tracing funds.
• Positive Match Resolution: Establish clear procedures for investigating potential matches, escalating to compliance officers, and taking appropriate action (e.g., blocking funds, filing reports).
• Record-Keeping: Maintain detailed records of all screening activities, hits, investigations, and reports filed.

4. Geographic Restrictions

Geographic restrictions on cryptocurrency transactions arise directly from the various international sanctions regimes:

• UN Sanctions: Countries subject to comprehensive UN sanctions (e.g., North Korea, Iran in certain contexts).
• OFAC Sanctions: Countries subject to comprehensive U.S. embargos (e.g., Cuba, Iran, North Korea, Syria, regions of Ukraine, Venezuela).
• EU Sanctions: Countries or regions subject to EU restrictive measures (e.g., specific regions in Ukraine, Belarus, Myanmar, Syria, North Korea, Iran, Venezuela).

VASPs in Rwanda must implement controls to prevent transactions involving individuals, entities, or wallets located in or associated with these sanctioned jurisdictions. This often requires IP blocking, geo-fencing, and assessing the origin/destination of funds identified through blockchain analytics.

5. Penalties for Violations

The Law No. 008/2020 on AML/CFT-P outlines significant penalties for non-compliance, which would apply to VASPs once regulated:

• Administrative Penalties: The competent supervisory authority (likely the BNR or FIC) can impose administrative fines, revoke licenses, or restrict operations.
• Criminal Penalties: Individuals or entities found guilty of money laundering, financing of terrorism, or proliferation can face severe criminal penalties, including:
  • Imprisonment: For individuals, ranging from several years to life imprisonment, depending on the severity of the offense.
  • Financial Fines: Substantial fines for both individuals and legal entities.
  • Confiscation of Assets: Assets involved in or derived from illicit activities can be confiscated.

Specific articles in Law No. 008/2020 detail these penalties. For instance, Article 39 addresses the failure of reporting institutions to comply with their obligations, including reporting suspicious transactions, carrying a fine of up to RWF 10,000,000 (approx. USD 8,000 - USD 9,000) for legal entities, and RWF 500,000 (approx. USD 400 - USD 500) for natural persons, in addition to potential imprisonment. More severe offenses, such as direct involvement in money laundering or financing of terrorism, carry much harsher penalties.

• Legal Reference: Law No. 008/2020 of 08/07/2020 on AML/CFT-P (Refer to Articles 39-47 for detailed penalties related to various offenses and non-compliance).

6. Country-Specific Sanctions Lists for Crypto in Rwanda

Rwanda does not currently maintain its own specific national sanctions list for crypto or any other sector, distinct from the international UN sanctions.

• Primary Sanctions List: Rwandan financial institutions and, by extension, future licensed VASPs, are primarily required to implement the UN Security Council Consolidated List and other specific UN sanctions regimes as mandated by the Law No. 008/2020 on AML/CFT-P.
• National Terrorist Lists: While Rwanda may maintain internal security-related lists of individuals or groups involved in terrorism, these are generally for domestic law enforcement purposes and are distinct from comprehensive international financial sanctions lists like OFAC's SDN or the EU's Consolidated List. Reporting institutions are expected to refer to the UN lists.

Conclusion

VASPs operating in Rwanda, or looking to enter the market, must build robust compliance programs that integrate AML/CFT and sanctions screening. While Rwanda's own legal framework for crypto is still maturing, the existing AML/CFT-P law provides a clear mandate for implementing UN sanctions. Furthermore, any VASP engaging in international transactions or using global financial infrastructure must account for the extraterritorial reach of OFAC and EU sanctions to mitigate significant legal, financial, and reputational risks. Proactive engagement with the BNR and FIC will be crucial as the specific regulatory framework for digital assets evolves.