Rwanda -- Travel Rule Implementation Regulatory Overview

Rwanda has officially adopted and implemented the FATF Travel Rule through its domestic Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) framework. As a member of the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG), an FATF-Style Regional Body, Rwanda is committed to adhering to FATF Standards.

Here's a breakdown of the implementation:

1. Adoption Status

Adopted: Yes, the FATF Travel Rule (FATF Recommendation 16) is enshrined in Rwandan law. The primary legislative instrument for this is:

• Law N°003/2020 of 20/02/2020 on Preventing and Laundering and Combating the Financing of Terrorism and Proliferation of Weapons of Mass Destruction.
  • URL (Official Gazette): https://www.justice.gov.rw/fileadmin/user_upload/documents/laws/LAW_N%C2%B0003-2020_OF_20-02-2020_ON_PREVENTING_AND_LAUNDERING_AND_COMBATING_THE_FINANCING_OF_TERRORISM_AND_PROLIFERATION_OF_WEAPONS_OF_MASS_DESTRUCTION..pdf

Specifically, Article 23 of this law directly implements the Travel Rule by mandating the collection and transmission of originator and beneficiary information for wire transfers and virtual asset transfers.

2. Effective Date

The Law N°003/2020 came into effect on February 20, 2020, the date of its publication in the Official Gazette. This means the legal obligation for VASPs to comply with the Travel Rule has been in place since that date.

3. Threshold Amounts

Rwanda's Law N°003/2020 aligns with FATF Recommendation 16 for wire transfers and, by extension, virtual asset transfers.

• VASP-to-VASP Transfers: For transfers between two Virtual Asset Service Providers (VASPs), there is no threshold. The full originator and beneficiary information must be collected and transmitted regardless of the amount.
• De Minimis Threshold (for certain scenarios): While the law requires information for all transfers, FATF guidance allows for a de minimis threshold (typically USD/EUR 1,000) below which the receiving VASP may not need to obtain the originator information unless there is suspicion of ML/TF or the transfer is associated with a higher-risk scenario. However, the originating VASP still has obligations to collect and transmit this information. Rwanda's Article 23 generally mandates information for all transfers, placing the burden on both originating and receiving entities. Further specific implementing regulations or guidance from the National Bank of Rwanda (BNR) or the Financial Intelligence Centre (FIC) would clarify any exact de minimis for specific types of lower-risk transactions, but the default expectation is full compliance.

4. Which VASPs Are Covered

Article 1 (33) of Law N°003/2020 defines "Virtual Asset Service Provider" (VASP) broadly, consistent with the FATF definition, to include any natural or legal person who conducts as a business one or more of the following activities or operations for or on behalf of another natural or legal person:

• Exchange between virtual assets and fiat currencies.
• Exchange between one or more forms of virtual assets.
• Transfer of virtual assets.
• Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.
• Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

This comprehensive definition covers all typical entities involved in providing virtual asset services, including cryptocurrency exchanges, custodians, wallet providers, and other similar service providers.

5. Technical Implementation Requirements

The Law N°003/2020 specifies what information must be collected and transmitted, rather than prescribing specific technical protocols. Article 23 (2) states that:

"The information of the originator includes his or her full name, identity card, address and account number. The information of the beneficiary includes his or her full name, identity card, address and account number."

For virtual asset transfers, this would translate to:

• Originator Information:
  • Name (natural person) or Legal name (legal person)
  • Physical address
  • National identity number (for natural persons) or Legal entity identifier (for legal persons)
  • Virtual asset wallet address or unique transaction identifier
• Beneficiary Information:
  • Name (natural person) or Legal name (legal person)
  • Physical address
  • National identity number (for natural persons) or Legal entity identifier (for legal persons)
  • Virtual asset wallet address or unique transaction identifier

VASPs are expected to implement technical solutions that enable them to securely collect, store, and transmit this required information with the virtual asset transfer. While the law does not mandate a specific solution (e.g., TRISA, OpenVASP, Sygna), it implicitly requires VASPs to adopt interoperable solutions that allow for the exchange of this data between them.

6. Penalties for Non-Compliance

Law N°003/2020 establishes a range of severe penalties for non-compliance with AML/CFT obligations, including those related to the Travel Rule. These penalties can apply to both legal persons (VASPs) and their responsible individuals (directors, managers).

General penalties for failure to comply with AML/CFT measures, including due diligence and record-keeping (which the Travel Rule falls under), can be found in Articles 74-81 of the law. Examples of penalties include:

• Administrative Sanctions: Imposed by regulatory bodies like the National Bank of Rwanda (BNR) or the Financial Intelligence Centre (FIC), which can include warnings, fines, suspension of licenses, or withdrawal of licenses.
• Fines: Significant monetary penalties for legal persons, potentially ranging from millions to hundreds of millions of Rwandan Francs (RWF), depending on the severity and nature of the breach.
• Imprisonment: Individuals found responsible for non-compliance, especially in cases of willful negligence or involvement in money laundering/terrorism financing, can face terms of imprisonment.

For instance, specific articles deal with offenses related to:

• Failure to report suspicious transactions.
• Failure to implement internal controls and procedures.
• Failure to retain records.
• Obstruction of regulatory inspections.

Non-compliance with the Travel Rule, being a core part of due diligence and record-keeping for virtual asset transfers, would fall under these provisions and could lead to substantial legal and financial repercussions for VASPs operating in Rwanda.

In summary, Rwanda has a robust legal framework in place for the FATF Travel Rule, and VASPs operating within or with Rwandan customers are expected to be fully compliant with these requirements.