Second Round Mutual Evaluation Report of Rwanda – July 2024

1 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Anti-Money Laundering and counter terrorist financing measures Rwanda Mutual Evaluation Report July 2024

2 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 The Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) was officially established in 1999 in Arusha, Tanzania through a Memorandum of Understanding (MOU). As at the date of this Report, ESAAMLG membership comprises of 21 countries and includes a number of regional and international observers such as Portugal, United Kingdom, United States of America, COMESA, Commonwealth Secretariat, EAC, Egmont Group of Financial Intelligence Units, FATF, GIZ, IMF, SADC, United Nations, UNODC, World Bank and World Customs Organization. ESAAMLG members and observers are committed to the effective implementation and enforcement of internationally accepted standards against money laundering and the financing of terrorism and proliferation, in particular the FATF Recommendations. For more information about the ESAAMLG, please visit the website: www.esaamlg.org This document and/or any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. This assessment was conducted under the responsibility of the ESAAMLG, adopted by the Council of Ministers through a round robin process in July 2024. Citing reference: © 2024 ESAAMLG. All rights reserved. No reproduction or translation of this publication may be made without prior written permission. Applications for such permission, for all or part of this publication, should be made to the ESAAMLG Secretariat, P. O. Box 9923, Dar es Salaam-United Republic of Tanzania. Tel: +255-22-2221350/51 Email: executivesec@esaamlg.org ESAAMLG (2024), Anti-money laundering and counter-terrorist financing measures - Rwanda, Second Round Mutual Evaluation Report, ESAAMLG, Dar es Salaam http://www.esaamlg.org/reports/me.php

3 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 MUTUAL EVALUATION REPORT (MER) OF THE REPUBLIC OF RWANDA

4 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Table Of Contents MUTUAL EVALUATION REPORT OF THE REPUBLIC OF RWANDA .................................. 8 Key Findings........................................................................................................................................ 8 Risks and General Situation................................................................................................................. 9 Overall Level of Compliance and Effectiveness................................................................................ 10 Priority Actions.................................................................................................................................. 13 Effectiveness & Technical Compliance Ratings................................................................................ 15 MUTUAL EVALUATION REPORT................................................................................................ 16 Preface ............................................................................................................................................... 16 Chapter 1. ML/TF RISKS AND CONTEXT.................................................................................... 17 1.1. ML/TF Risks and Scoping of Higher Risk Issues............................................................. 18 1.1.1. Overview of ML/TF Risks ................................................................................................ 18 1.1.2. Country’s Risk Assessment & Scoping of Higher Risk Issues............................................ 18 1.2. Materiality................................................................................................................................... 21 1.3. Structural Elements..................................................................................................................... 21 1.4. Background and Other Contextual Factors................................................................................. 21 1.4.1 AML/CFT strategy................................................................................................................ 22 1.4.2 Legal & institutional framework ........................................................................................... 22 1.4.3. Financial sector and DNFBPs .............................................................................................. 24 1.4.4. Preventive measures............................................................................................................. 28 1.4.5. Legal persons and arrangements .......................................................................................... 28 1.4.6. Supervisory arrangements.................................................................................................... 29 1.4.7. International cooperation...................................................................................................... 29 Chapter 2. NATIONAL AML/CFT POLICIES AND COORDINATION.................................... 31 2.1. Key Findings and Recommended Actions.................................................................................. 31 2.2 Immediate Outcome 1 (Risk, Policy and Coordination).............................................................. 32 2.2.1. Country’s understanding of its ML/TF risks........................................................................ 32 2.2.2. National policies to address identified ML/TF risks............................................................ 34 2.2.3. Exemptions, enhanced and simplified measures.................................................................. 36 2.2.4. Objectives and activities of competent authorities............................................................... 37 2.2.5. National coordination and cooperation ................................................................................ 38 2.2.6. Private sector’s awareness of risks....................................................................................... 39 Chapter 3. LEGAL SYSTEM AND OPERATIONAL ISSUES ..................................................... 41 3.1. Key Findings and Recommended Actions.................................................................................. 41 3.2. Immediate Outcome 6 (Financial Intelligence ML/TF).............................................................. 44 3.2.1. Use of financial intelligence and other information ............................................................ 44 3.2.2. STRs received and requested by competent authorities ...................................................... 48 3.2.3. Operational needs supported by FIU analysis and dissemination........................................ 49 3.2.4. Cooperation and exchange of information/financial intelligence ........................................ 51 3.3. Immediate Outcome 7 (ML investigation and prosecution) ....................................................... 52 3.3.1. ML identification and investigation.................................................................................... 53

5 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 3.3.2. Consistency of ML investigations and prosecutions with threats and risk profile, and national AML policies………………………………………………………………………….…53 3.3.3. Types of ML cases pursued ................................................................................................. 60 3.3.4. Effectiveness, proportionality and dissuasiveness of sanctions........................................... 61 3.3.5. Use of alternative measures................................................................................................. 62 3.4. Immediate Outcome 8 (Confiscation)......................................................................................... 62 3.4.1. Confiscation of proceeds, instrumentalities and property of equivalent value as a policy objective.......................................................................................................................................62 3.4.2. Confiscation of proceeds from proceeds from foreign and domestic predicates, and proceeds located abroad…………………………………………………………………………………. 72 3.4.3. Confiscation of falsely or undeclared cross-border transaction of currency/BNI………. 77 3.4.4. Consistency of confiscation results with ML/TF risks and national AML/CFT policies and priorities……………………………………………………………………………………….. 80 Chapter 4. TERRORIST FINANCING AND FINANCING OF PROLIFERATION ................. 74 4.1. Key Findings and Recommended Actions.................................................................................. 74 4.2. Immediate Outcome 9 (TF investigation and prosecution) ........................................................ 76 4.2.1 Prosecution/conviction of types of TF activity consistent with the country’s risk-profile ... 77 4.2.2 TF identification and investigation....................................................................................... 78 4.2.3 TF investigation integrated with and supportive of national strategies................................ 81 4.2.4 Effectiveness, proportionality and dissuasiveness of sanctions............................................ 81 4.2.5. Alternative measures used where TF conviction is not possible (e.g., disruption).............. 82 4.3. Immediate Outcome 10 (TF preventive measures and financial sanctions) ............................... 83 4.3.1. Implementation of targeted financial sanctions for TF without delay ................................. 83 4.3.2. Targeted approach, outreach and oversight of at-risk non-profit organisations .................. 84 4.3.3. Deprivation of TF assets and instrumentalities.................................................................... 85 4.3.4 Consistency of measures with overall TF risk profile .......................................................... 85 4.4. Immediate Outcome 11 (PF financial sanctions)........................................................................ 86 4.4.1. Implementation of targeted financial sanctions related to proliferation financing without delay............................................................................................................................................... 87 4.4.2. Identification of assets and funds held by designated persons/entities and prohibitions..... 87 4.4.3. FIs and DNFBPs’ understanding of and compliance with obligations................................ 87 4.4.4. Competent authorities ensuring and monitoring compliance .............................................. 88 Chapter 5. PREVENTIVE MEASURES........................................................................................... 89 5.1. Key Findings and Recommended Actions.................................................................................. 89 5.2. Immediate Outcome 4 (Preventive Measures) ........................................................................... 91 5.2.1. Understanding of ML/TF risks and AML/CFT obligations ................................................ 92 5.2.2. Application of risk mitigating measures.............................................................................. 95 5.2.3. Application of CDD and record-keeping requirements....................................................... 96 5.2.4. Application of EDD measures.............................................................................................. 99 5.2.5. Reporting obligations and tipping off ................................................................................ 101 5.2.6. Internal controls and legal/regulatory requirements impending implementation............... 104 Chapter 6. SUPERVISION……………………………....................................................................118 6.1. Key Findings and Recommended Action……………………………........................................118 6.2. Immediate Outcome 3 (Supervision)......................................................................................... 107 6.2.1. Licensing, registration and controls preventing criminals and associates from entering the market........................................................................................................................................108 6.2.2. Supervisors’ understanding and identification of ML/TF risks......................................... 112 6.2.3. Risk-based supervision of compliance with AML/CFT requirements .............................. 114

6 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 6.2.4. Remedial actions and effective, proportionate, and dissuasive sanctions.......................... 117 6.2.5 Impact of supervisory actions on compliance..................................................................... 119 6.2.6 Promoting a clear understanding of AML/CFT obligations and ML/TF risks................... 120 Chapter 7. LEGAL PERSONS AND ARRANGEMENTS ........................................................... 123 7.1. Key findings and recommended actions.................................................................................... 123 7.2. Immediate Outcome 5 (Legal Persons and Arrangements) ....................................................... 124 7.2.1 Public availability of information on the creation and types of legal persons and arrangements............................................................................................................................. 124 7.2.2. Identification, assessment and understanding of ML/TF risks and vulnerabilities of legal entities....................................................................................................................................... 124 7.2.3. Mitigating measures to prevent the misuse of legal persons and arrangements............. 125 7.2.4. Timely access to adequate, accurate and current basic and beneficial ownership information on legal persons..................................................................................................... 127 7.2.5 Timely access to adequate, accurate and current basic and beneficial ownership information on legal arrangements............................................................................................ 128 7.2.6. Effectiveness, proportionality and dissuasiveness of sanctions..................................... 128 Chapter 8. INTERNATIONAL COOPERATION 8.1. Key Findings and recommended actions ............................................................................................................................................................. 130 8.1 Key Findings and Recommended Actions.................................................................................. 130 8.2 Immediate Outcome 2 (International Cooperation).................................................................... 130 8.2.1. Providing constructive and timely MLA and extradition .................................................. 131 8.2.2. Seeking timely legal assistance to pursue domestic ML, associated predicates and TF cases with transnational elements ......................................................................................................... 132 8.2.3. Seeking and providing other forms of international cooperation for AML/CFT purposes135 8.2.4. International exchange of basic and beneficial ownership information of legal persons and arrangements................................................................................................................................ 136 TECHNICAL COMPLIANCE ANNEX..................................................................................... 138 Recommendation 1 – Assessing risks and applying a risk-based approach ................................ 138 Recommendation 2 - National Cooperation and Coordination.................................................... 140 Recommendation 3 - Money laundering offence ........................................................................ 141 Recommendation 4 - Confiscation and provisional measures..................................................... 143 Recommendation 5 - Terrorist financing offence........................................................................ 144 Recommendation 6 - Targeted financial sanctions related to terrorism and terrorist financing.. 147 Recommendation 7 – Targeted financial sanctions related to proliferation ................................ 151 Recommendation 8 – Non-Profit Organisations…………………………………………………151 Recommendation 9 – Financial Institutions Secrecy laws………………………………………151 Recommendation 10 – Customer due diligence .......................................................................... 157 Recommendation 11 – Record-keeping....................................................................................... 162 Recommendation 12 – Politically exposed persons……………………………………………..162 Recommendation 13 – Correspondent banking........................................................................... 165 Recommendation 14 – Money or value transfer services............................................................ 166 Recommendation 15 – New technologies ................................................................................... 167 Recommendation 16 – Wire transfers ......................................................................................... 168 Recommendation 17 – Reliance on third parties......................................................................... 171 Recommendation 18 – Internal controls and foreign branches and subsidiaries......................... 171 Recommendation 19 – Higher-risk countries.............................................................................. 173 Recommendation 20 – Reporting of suspicious transaction........................................................ 174 Recommendation 21 – Tipping-off and confidentiality............................................................... 175

7 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 22 – DNFBPs: Customer due diligence.......................................................... 175 Recommendation 23 – DNFBPs: Other measures....................................................................... 178 Recommendation 24 – Transparency and beneficial ownership of legal persons....................... 179 Recommendation 25 – Transparency and beneficial ownership of legal arrangements.............. 183 Recommendation 26 – Regulation and supervision of financial institutions............................... 186 Recommendation 27 – Powers of supervisors............................................................................. 190 Recommendation 28 – Regulation and supervision of DNFBPs................................................. 192 Recommendation 29 - Financial intelligence units...................................................................... 196 Recommendation 30 – Responsibilities of law enforcement and investigative authorities......... 198 Recommendation 31 - Powers of law enforcement and investigative authorities....................... 199 Recommendation 32 – Cash Couriers………………………………………….…………….….200 Recommendation 33 – Statistics.................................................................................................. 206 Recommendation 34 – Guidance and feedback........................................................................... 207 Recommendation 35 – Sanctions................................................................................................. 208 Recommendation 36 – International instruments........................................................................ 211 Recommendation 37 - Mutual legal assistance............................................................................ 212 Recommendation 38 – Mutual legal assistance: freezing and confiscation................................. 214 Recommendation 39 – Extradition .............................................................................................. 215 Recommendation 40 – Other forms of international cooperation................................................ 216 Summary of Technical Compliance – Key Deficiencies............................................................. 222 Glossary of Acronyms................................................................................................................... 226

8 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 MUTUAL EVALUATION REPORT OF THE REPUBLIC OF RWANDA

1. This report summarises the AML/CFT measures in place in the Republic of Rwanda as at the date of the on-site visit conducted from 26th June to 7th July 2023. It analyses the level of compliance with the FATF 40 Recommendations and the level of effectiveness of Rwanda’s AML/CFT system and provides recommendations on how the system could be strengthened. Key Findings a) Rwanda has made improvements in establishing and implementing its AML/CFT regime through significant reforms in legislative and institutional frameworks. The improvements are underpinned by the ML/TF risk assessment approved in May 2019, along with relevant policies & strategies. Additionally, Rwanda has enhanced domestic cooperation, and built the capacity of key institutions. However, effectiveness remains a challenge due to the recency of the measures to implement the latest national policy approved in March 2023. b) Rwanda has some understanding of its ML risks based on the results of the NRA, desk review, and the sectoral risk assessments. These assessments identified the major proceeds generating crimes as tax evasion, embezzlement of public funds, illegal award of public tenders, embezzlement of cooperative funds and embezzlement of bank funds. However, in respect of TF, there is a limited understanding of TF risks as the scope of the NRA was limited to the implementation of TFS. c) Rwanda has an operational FIU which is improving its capacity for receipt and analysis of STRs, which mostly emanate from banks and MVTS providers. Reporting from NBFIs and DNFBPs is negligible. The FIU produces financial intelligence reports capable of supporting the operational needs of the LEAs in respect of tracing assets and developing evidence for ML investigations. However, the LEAs do not routinely access and use this financial intelligence, resulting in low ML investigations. d) Rwanda to a limited extent pursues confiscation of proceeds and instrumentalities of crime as a policy objective. Similarly, Rwanda also pursues confiscation of property of corresponding value to a limited extent. The number of detections and sanctions pertaining to non-declaration of cross border movement of cash and BNI is not consistent with the risk profile of the country. e) Rwanda has demonstrated a commitment to investigating and prosecuting predicate offences at the policy level and has, to some extent, identified and carried out investigations and prosecutions of potential cases of ML. Although parallel financial investigations are being carried out, the authorities could only identify and investigate ML, to some extent. f) Rwanda has the legal and institutional framework in place to identify and investigate TF activities. Rwanda has also introduced a legal and institutional framework on TFS related to TF and PF. However, the legal framework does not provide for the obligations to be implemented without delay. g) The FIs in Rwanda have a varied understanding of ML risks and AML/CFT obligations including measures for CDD, EDD, record keeping, and suspicious transaction reporting. Banks demonstrated a robust understanding of the ML risks and AML/CFT obligations compared with

9 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 NBFIs. FIs appreciation of TF risks is, however, less developed. Risk understanding among DNFBPs is still at a developmental stage and they face challenges implementing AML/CFT obligations. There is no legal framework for regulating VASPs in Rwanda. h) BNR and CMA have demonstrated some level of understanding of the ML risks. However, DNFBP supervisors have limited understanding. TF risk is not well understood by BNR, CMA, and DNFBP supervisors. VASPs are neither regulated nor supervised. Supervisory activities for FIs, NBFIs, and DNFBPs are not conducted on a risk sensitive basis. Although BNR has applied administrative sanctions and some remedial actions, there has been limited impact on FIs compliance. CMA and the DNFBP supervisors have yet to apply sanctions where breaches are identified. i) Basic information on the creation, types, and other relevant information on legal persons and legal arrangements is publicly available in Rwanda. Rwanda’s understanding of risks associated with legal persons is, however, limited as it has not assessed such risks. There is limited understanding of the concept of BO in Rwanda and the RDB has only started collecting BO information and raising awareness. j) Rwanda has put in place a legal and institutional framework to collaborate and exchange information with foreign countries on matters related to mutual legal assistance, extradition and other forms of international cooperation. However, the manner in which Rwanda is receiving and seeking international cooperation is not in line with the risk profile of the country. Risks and General Situation 2. Rwanda faces ML threats from proceeds of crime generated both domestically and internationally, particularly through its financial system, real estate and cross-border trade. While Rwanda has low general crime rates, a few crimes generate the most proceeds. Rwanda is an open economy, with a free flow of capital and people, and substantial ease of access to legal persons and arrangements. Rwanda has a growing financial system, with the introduction of new services and products, coexisting with significant use of cash and the presence of an informal economy1 . Given its geographical position and economic development, the country is also at risk of being used as a transit route for illegal cross- border cash transportation and smuggling of minerals and precious stones from neighbouring countries. The 2019 NRA identified illicit proceeds from tax evasion, embezzlement of public funds, illegal award of public funds, embezzlement of cooperative funds and embezzlement of bank funds. Based on the findings of the NRA, most of the proceeds generated in Rwanda are laundered within the country. The criminal proceeds are mostly laundered through channels that have a low level of supervisory oversight. 3. Rwanda is exposed to TF arising from outside perpetrators wishing to use the country for moving and storing funds, and to a lesser extent, for raising funds. This exposure is due to its proximity to neighbouring conflict zones and the presence of terrorist organisations within those zones. The current strategy for CFT does not prioritize this risk. Rwanda is yet to identify the scale/magnitude of the TF threats. The rating of medium low in the NRA does not appear to be well supported based on the discussion and cases presented by the authorities. 1 Finscope survey Rwanda 2020

10 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Overall Level of Compliance and Effectiveness 4. Rwanda has made significant legislative and institutional reforms that have strengthened its AML/CFT system since the 2014 mutual evaluation report (MER). These reforms have led to the confiscation of criminal proceeds, access and use of financial intelligence and secured a terrorism conviction. However, the degree of implementation has been hampered by insufficient capacity and enforcement in key competent authorities. In addition to the NRA 2019, Rwanda carried out a desk review in 2023 to update the understanding of its ML/TF risks which is expected to inform future AML/CFT strategies, policies and implementation. However, the scope of the desk review was limited as it only examined the trend of the most proceeds generating offences that were identified in the 2019 NRA. There are major improvements which are required in the use of financial intelligence while there are fundamental improvements required in the understanding of ML/TF risks, ML and TF investigations and prosecution, the implementation of risk-based supervision and some elements of preventive measures, international cooperation, and the dissemination of targeted financial sanctions for TF and PF. 5. In respect of technical compliance, Rwanda amended a number of statutes in order to establish its international financial centre and brought changes to the AML/CFT Act which assisted in improving preventive measures and transparency requirements. The most notable changes were made prior to the on￾site which enhanced market entry requirements, broadened the scope of ML/TF offences, expanded the scope of key preventive measures, improving the powers and functions of the LEAs and the completion of the ML/TF risk assessment at national level. These changes have significantly improved the level of technical compliance. However, some deficiencies remain. 6. The authorities have demonstrated an understanding of the vulnerabilities within the AML/CFT system, especially the regulated sectors. However, several important factors, particularly legal persons and arrangements, new technologies, targeted financial sanctions related to TF and PF, risk-based supervision and NPOs appear to be insufficiently analysed and understood. 7. A moderate level of effectiveness has been achieved in Rwanda’s use of financial intelligence. A low level of effectiveness has been achieved in all other areas covered by the FATF Standards. Assessment of risk, coordination and policy setting (Chapter 2; IO.1, R.1, 2, 33 & 34) 8. Rwanda has taken a range of steps since its last MER to increase its national ML/TF risk understanding. This understanding is based on the NRA 2019 and various recent sectoral risk assessments carried out by the respective supervisory authorities. There is a general understanding of the highest proceeds generating crimes by the competent authorities. However, the understanding of the ML threats across competent authorities and supervisors are varied. With a view to update its understanding of its ML/TF risks, Rwanda carried out a desk review to follow up on the findings of the NRA. However, the scope of the desk review was limited as the authorities only considered the highest proceeds generating offences identified in the NRA 2019 and did not consider emerging risks associated with, the operations of the IFC. Furthermore, the competent authorities’ objectives and activities were not adequately aligned with the ML/TF risks indicating a lack of prioritisation and policy direction to mitigate the risks posed by these threats. 9. There is a low understanding of TF risks and there was no consideration of the different channels which can be exploited for TF purposes. 10. Rwanda developed and implemented a Strategic Plan 2019-2022 based on the NRA 2019 results. Most competent authorities have been strengthening their activities and priorities to align with the Strategic Plan, especially in relation to capacity building, although there are resource constraints that hinder achieving the desired outcomes. Several agencies have revised, their operations and priorities to take into account the vulnerabilities in their framework as a result of the NRA. Policy and operational coordination mechanisms

11 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 driven by the recently established NCC (National Coordination Committee) and the NTCCC (National Technical Committee to Coordination Committee), has brought some positive outcomes in coordination and cooperation. This includes the approval of a National AML/CFT Policy in 2023, with priority to align the AML/CFT legislative framework with international standards. While the initial indications are positive on the technical compliance side, it is too early to assess whether the items of the Action Plan derived from the National Policy 2023 are, or will be effective. Financial intelligence, ML investigations, prosecutions and confiscation (Chapter 3; IO.6, 7, 8; R.1, 3, 4, 29–32) 11. The FIC is the designated agency for receipt and analysis of suspicious transactions reports and dissemination of financial intelligence and other information to RIB. The FIC effectively accesses and disseminates a range of financial intelligence in relation to predicate offences and ML. RIB, to some extent, accessed and used the FIC intelligence in supporting investigations of predicate crimes and ML. Similarly, RRA made use of the intelligence to detect and confiscate proceeds related to tax offences. In addition, Rwanda has demonstrated a measure of coordination and collaboration through sharing of information among the competent authorities. However, the FIC does not benefit from financial information held by most DNFBPs, as the sector has low levels of STR reporting. Furthermore, access and use of intelligence to investigate TF was to a limited extent. 12. Rwanda has a comprehensive legal and institutional framework that empowers competent authorities to identify, investigate and prosecute ML and predicate offences. Rwanda has pursued predicate offences to a large extent and ML to some extent with more focus on prosecuting self-laundering, stand-alone cases and third party but no foreign predicate ML offences have been pursued in the country. ML activities in Rwanda are identified and investigated, particularly in major proceeds generating offences to some extent, consistent with Rwanda’s risk profile. However, due to limited human resources, the prosecuting authority gives less priority to ML prosecution. Rwanda’s competent authorities frequently employ special investigative techniques during ML identification and investigation and are able to conduct parallel financial investigations in cases that have asset recovery potential. Sanctions implemented against natural persons convicted of ML offences are to a large extent effective and proportionate but no sanctions are yet to be imposed on legal persons, despite having large number of tax related cases identified and investigated by authorities. Rwanda applies alternative criminal justice measures in ML cases when it is not possible to secure a ML conviction to some extent in particular for tax crimes, environmental crimes and illicit enrichment cases. 13. Rwanda, has to some extent, used provisional measures to prevent the flight or dissipation of proceeds. However, it has, to a negligible extent, confiscated the proceeds and instrumentalities of crime. The NPPA has not developed or implemented standard operating procedures for pursuing confiscation of proceeds of crime, undermining efforts by RIB to identify, trace and preserve proceeds of crime pending confiscation. Further, the NPPA does not regularly pursue confiscation upon securing conviction. Additionally, mechanisms for managing seized and confiscated property are under resourced and still in the early stages of development. Further, Rwanda does not pursue confiscation of property of corresponding value. Terrorist and proliferation financing (Chapter 4; IO.9, 10, 11; R. 1, 4, 5–8, 30, 31 & 39.) 14. Rwanda has the legal and institutional framework in place to investigate and prosecute TF activities, but the TF offence is not fully criminalised in a manner consistent with FATF Standards. Rwanda’s understanding of TF risk is to a limited extent. Amongst LEAs, only the NISS has a reasonable understanding of the TF risk. LEAs focus more on terrorism and identification and investigation of the different types of TF activities are done to a limited extent. Rwanda’s CFT Strategy has dedicated pillars for dealing with TF matters, which is aligned with the Action Plan, and there is a priority to investigate and prosecute TF cases, which has resulted in several cases (21) being investigated, with 19 of these cases

12 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 pending in court, and a conviction secured, but the number of cases in court at the time of assessment does not correspond with the convictions currently secured. The sanctions regime in Rwanda against natural and legal persons is effective and dissuasive to the extent of even confiscating assets involved in terrorist financing activities. However, the sanctions regime is yet to be imposed. 15. Rwanda has the legal and institutional frameworks to implement TFS relating to TF and PF. Guidance has also been issued by the FIC to assist FIs and DNFBPs in understanding their TFS obligations. However, the existing legal framework and guidance are not in line with the requirements of the FATF Standards largely in respect of the implementation of ‘without delay’ element. There has not been any designation pursuant to UNSCR 1373 which appear to be consistent with its TF risk profile. Preventive measures (Chapter 5; IO.4; R.9–23) 16. The primary legal and regulatory framework prescribing AML/CFT obligations for FIs and DNFBPs are set out in the AML/CFT Law Nº 028/2023 of 19/05/2023 and AML/CFT Regulations 002/FIC/2023 of 26/06/2023. The AML/CFT laws have undergone a series of amendments, with the most recent revisions made in May 2023 and the AML/CFT Regulations were issued while the assessment team was on site. The laws cover all FIs and DNFBPs as required by the FATF. Currently, there is no regulation or supervision of VASPs activities, the BNR has issued a notice warning people about the risk of dealing with VASPs. 17. Generally, there is a varied understanding of ML risks and AML/CFT obligations across reporting persons with the banks and MVTS providers having a better understanding of the ML risks and the AML/CFT obligations as compared to the NBFIs. Banks and MVTS providers which have an international nexus have developed and applied appropriate AML/CFT controls and processes to mitigate risks, including CDD and transaction monitoring and EDD on a risk sensitive basis based on their group policies and procedures. FIs have a varying understanding and application of identification of BO. The obligation to file STRs is well understood by the banks and MVTS providers, this is less so for the NBFIs and DNFBPs which have filed negligible number of STRs for the period under review. 18. On the other hand, there is little to no understanding of ML/TF risks and AML/CFT obligations among the DNFBPs with the exception of casinos. The low level of understanding could be attributed to the low level of awareness and AML/CFT supervision. 19. All reporting persons demonstrated little to no understanding of TF risks. Supervision (Chapter 6; IO.3; R.14, R.26–28, 34, 35) 20. In general, the FIs regulators apply market entry controls, albeit with some deficiencies. There are gaps in identifying and verifying beneficial owners. The DNFBPs’ supervisors apply licensing and screening measures to varying degrees, with focus on compliance with professional standards and code of conduct, while information on beneficial owners is not sought and assessed. The real estate sector is not subject to any market entry controls. 21. Supervisors have demonstrated varied level of understanding of ML/TF risks in their respective sectors. The BNR has demonstrated a relatively better understanding with respect to banks. CMA and the DNFBPs’ supervisors have demonstrated a basic understanding of the ML/TF risks in their sectors, having only recently developed supervisory frameworks that are at an early stage of implementation. BNR, CMA and some of the DNFBPs supervisors have conducted sectoral risk assessment but the scope was limited and the ML/TF risks were not adequately assessed. None of the supervisors are yet to apply a proper risk￾based supervision at the entity level. Inspections conducted focused mainly on the existence of AML/CFT controls rather than the effectiveness of those AML/CFT programs. The ML/TF risks associated with the Payment Service Providers providing mobile payment and e-money services are not well understood or mitigated by BNR.

13 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 22. The supervisory bodies have powers to impose mostly administrative sanctions under the current AML/CFT legislative framework. Rwanda needs to broaden the range of sanctions available in law. BNR has applied sanctions for AML/CFT purposes but they were not proportionate, dissuasive and effective. CMA and the DNFBP supervisors have not imposed any sanctions. Consequently, the impact of remedial actions and sanctions have limited impact on the overall level of compliance. 23. The supervisors have provided some level of AML/CFT guidance and conducted outreach to a limited extent to promote an understanding of AML/CFT obligations. Transparency and beneficial ownership (Chapter 7; IO.5; R.24, 25) 24. Rwanda has not identified, assessed and understood the vulnerabilities, and the extent to which legal persons created in the country can be, or are being misused for ML/TF. The understanding of the concept of beneficial ownership is at an early stage in Rwanda. The concept was introduced into the various laws for legal persons and legal arrangements in 2021, and its implementation by the company registry only commenced in late March 2023 for companies. There is limited to no compliance by trustees and partners. Additionally, there is a varied and limited understanding by competent authorities and reporting entities of what beneficial ownership means with focus placed on beneficial ownership through legal ownership and limited emphasis on determining BO by considering control by other means. International cooperation (Chapter 8; IO.2; R.36–40) 25. Rwanda has a legal framework for international cooperation and several bilateral and multilateral agreements on the provision of international cooperation and exchange of information. However, Rwanda does not proactively seek or provide constructive and timely MLA and extradition. There is no comprehensive case management system to monitor and track requests for MLA and extradition. Priority Actions a) Rwanda should improve its ML/TF risks understanding by updating the NRA and aligning the priorities, objectives and activities of the competent authorities, as well as the resources allocated to them, with the risks identified. Rwanda should re-focus its national AML/CFT policy, enhance domestic coordination and align strategic objectives to proactively address the ML/TF threats and vulnerabilities in a risk sensitive manner. b) Rwanda should strengthen the capacity of the LEAs to ensure access to and use of financial intelligence to support ML and TF investigations by designated LEAs. In addition, Rwanda should implement stronger cooperation mechanisms between the FIC and LEAs to facilitate the prioritisation of cases in line with its risk profile. c) Rwanda should prioritise the investigation and prosecution of the most prevalent ML types and major proceeds generating crimes and ensure asset recovery is consistent with its risk profile. The competent authorities should maintain comprehensive statistics by categorising the different types of ML cases (stand-alone, third party and self-laundering) and whether they are domestic or foreign cooperation. They should also apply dissuasive, effective and proportionate sanctions. In addition, Rwanda should strengthen cross-border measures on BNI and transportation of cash, particularly at high-risk ports of entry and exit. d) Rwanda should develop capacity and coordinate its efforts to detect, investigate, mitigate and disrupt TF through coordination and collaboration in joint operations. Moreover, Rwanda should operationalise the mechanism and coordination to implement UNSCRs relating to TF and PF without delay.

14 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 e) Rwanda should enhance the application of preventive measures by FIs (except banks and MVTS providers) and DNFBPs through the development and implementation of mechanisms that promote and enhance understanding of ML/TF risks and AML/CFT obligations. Rwanda should provide guidance to regulated entities on when and how to apply EDD, file STRs and implement TFS (UNSCRs). Supervisors should also provide guidance on the obligations to maintain adequate and accurate BO information and the correct application of a risk-based approach by reporting entities. f) Rwanda should improve the ML/TF risk understanding of supervisors of FIs and DNFBPs at entity and sectoral level in order to inform an effective risk-based supervision and apply proportionate, dissuasive and effective enforcement actions. Further, the supervisors should develop and implement monitoring tools for ensuring that remedial actions and sanctions are complied with and are positively changing compliance behaviour. g) Rwanda should develop an understanding of the ML/TF risks posed by the types of legal persons and arrangements created in the country. The authorities should improve their understanding of BO take the necessary measures so that accurate and up to date BO information is maintained and made available to competent authorities when requested. h) Rwanda should actively seek formal and timely MLA for all ML, associated predicate offences and TF and actively follow up on such requests in a timely manner, through the development of a case management system within the central authority for international cooperation in order to streamline and monitor all incoming MLA and extradition requests.

15 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Effectiveness & Technical Compliance Ratings Effectiveness Ratings2 IO.1 IO.2 IO.3 IO.4 IO.5 IO.6 IO.7 IO.8 IO.9 IO.10 IO.11 Low Moderate Low Technical Compliance Ratings3 R.1 R.2 R.3 R.4 R.5 R.6 R.7 R.8 R.9 R.10 LC PC LC LC PC NC C LC R.11 R.12 R.13 R.14 R.15 R.16 R.17 R.18 R.19 R.20 LC PC LC PC PC LC C R.21 R.22 R.23 R.24 R.25 R.26 R.27 R.28 R.29 R.30 C PC LC PC LC PC LC C R.31 R.32 R.33 R.34 R.35 R.36 R.37 R.38 R.39 R.40 PC C PC LC PC PC 2 Effectiveness ratings can be either a High- HE, Substantial- SE, Moderate- ME, or Low – LE, level of effectiveness. 3 Technical compliance ratings can be either a C – compliant, LC – largely compliant, PC – partially compliant or NC – non compliant.

16 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 MUTUAL EVALUATION REPORT Preface 26. This report summarises the AML/CFT measures in place as at the date of the on-site visit. It analyses the level of compliance with the FATF 40 Recommendations and the level of effectiveness of the AML/CFT system, and recommends how the system could be strengthened. 27. This evaluation was based on the 2012 FATF Recommendations, and was prepared using the 2013 Methodology. The evaluation was based on information provided by the country, and information obtained by the evaluation team during its on-site visit to the country from 26th June – 7 th July 2023. 28. The evaluation was conducted by an assessment team consisting of: Assessment Team • Lilian Kafiti, Prevention and Combating of Corruption Bureau, Tanzania (Law Enforcement Expert) • Sudha Hurrymun, Bank of Mauritius, Mauritius (Financial Sector Expert) • Kidney Chimphango, Reserve Bank of Malawi, Malawi (Financial Sector Expert) • Tyron Mokgathong, Master of High Court Botswana, Botswana (Legal Expert) • Bheki Khumalo, FIU Eswatini, Eswatini (FIU Expert) Observers • Katuna Sinyangwe, FIC Zambia, Zambia (Financial Sector Expert) • Kudakwashe Ncube, FIU Zimbabwe, Zimbabwe (Financial Sector Expert) • Phephile Dlamini, Central Bank Eswatini, Eswatini (Financial Sector Expert) With the support from the ESAAMLG Secretariat of Messrs Bhushan Jomadar (Team Leader), Joseph Jagada (Principal Expert), Tom Malikebu (Senior Financial sector Expert), Valdane Joao (Law Enforcement Expert). The Report was reviewed by Edwin Mtonga, Malawi; Velika Mpundu, Zambia; Motsisi Mongati, Botswana, and the FATF Secretariat. 29. Rwanda previously underwent an IMF Mutual Evaluation in 2014, conducted according to the 2004 FATF Methodology. The 2014 Mutual Evaluation Report has been published and is available at: https://www.esaamlg.org/index.php/Mutual_Evaluations/readmore_me/26. 30. The 2014 Mutual Evaluation concluded that the country was Compliant with two Recommendation; Largely Compliant with 5 Recommendations; Partially Compliant with 14 Recommendation and Non￾Compliant with 26 Recommendations. Two Recommendations were rated Not Applicable. Rwanda was rated Largely Compliant with 3 of the 16 Core and Key Recommendations. 31. Rwanda entered the follow-up process soon after the adoption of its MER in 2014 and exited the follow-up process in September 2022 since it has started its mutual evaluation process under the ESAAMLG 2nd Round of Mutual Evaluations. By September 2022, Rwanda had not addressed all the core or key Recommendations which were rated PC and NC.

17 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 1. ML/TF RISKS AND CONTEXT 32. Rwanda is a low-income jurisdiction4 and is landlocked in the Great Rift Valley of Central Africa, where the African Great Lakes region and Southeast Africa converge. Located a few degrees south of the Equator, Rwanda is bordered by Burundi, Democratic Republic of Congo, Tanzania and Uganda and is among one of the smallest countries in the African continent in terms of surface area. Rwanda leading sectors include energy, agriculture, trade and hospitality and financial services. Rwanda economy is overwhelmingly rural and heavily dependent on agriculture, however, strong growth in the services sector over the last decade with focus on construction and tourism has contributed to overall economic growth. The government has embarked into various efforts to bring more impetus to the economy, the GDP growth reached 10.9% in 2021 before declining to 8.2% in 2022 due to climate shocks on domestic food production5 ; high energy, food and fertilizer prices and weak external demand on export. The National Institute of Statistics of Rwanda indicated that the unemployment rate for 2022 was 16.7% which was an increase from the previous year6 . 33. Rwanda has a population of about 13.2 million living on 26,338 square kilometres, making it one of the most densely populated country in Africa. Rwanda is a member of several regional and international organisations namely the African Union, the Francophonie, the COMESA, the International Conference for the Great Lakes Region, East Africa Community and the Commonwealth amongst others. The official languages are Kinyarwanda, French, English and Swahili and its capital and largest city is Kigali. 34. In 2022, the GDP of Rwanda stood at USD 13.31 billion7 , with a GDP per capita of USD 940. Coffee, tea, mate and spices are the major cash crops for export and the mining industry is an important contributor to the economy, generating USD 202 million in 20228 , minerals include cassiterite, wolframite, gold and coltan. The main sectors contributing to the GDP are services sector (49%), agriculture (26%) and mining industry (21%). The local currency is the Rwandan Franc (RWF). 35. Rwanda is a constitutional democracy with the President as the Head of State. The Constitution of the Republic of Rwanda of 2003, revised in 2015, requires that elections are held every five years for the election of the President, once elected and after the swearing in of the President of the Republic, he appoints the Prime Minister within 15 days. Other Cabinet members are appointed by the President after consultation with the Prime Minister within fifteen (15) days following the appointment of the Prime Minister. In terms of the Constitution, the parliament of Rwanda consists of two chambers, the Chamber of Deputies and the Senate of Rwanda. The Parliament debates and passes laws. It legislates and exercises control over the Executive in accordance with procedures determined by the Constitution. The Senate has power to approve the appointment of officials as per Article 86 of the Constitution (Art 64, 98, 101, 116 of the 2003 Constitution revised in 2015). 36. Rwanda’s legal system is largely based on German and Belgian civil law systems and customary law. The judiciary is independent of the executive branch. The Constitution empowers the President and Senate to appoint Supreme Court judges. The Constitution of the Republic of Rwanda of 2003 revised in 2015 provides for two types of courts: ordinary and specialised courts. Ordinary Courts are comprised of the Supreme Court, the High Court, Intermediate Courts and Primary Courts. Specialised Courts are comprised of Commercial Courts and Military Courts. Judicial decisions of the Supreme court which is the highest court in Rwanda are authoritative and constitute legal precedents, which means that decisions of the Supreme court are binding on the lower courts. 4 https://www.imf.org/en/Countries/RWA#featured 5 AfDB 2023 Rwanda Economic outlook 6 https://www.minecofin.gov.rw/news-detail/national-institute-of-statistics-releases-labor-force-survey 7 https://data.worldbank.org/indicator/NY.GDP.MKTP.CD?locations=RW 8 https://tradingeconomics.com/rwanda/exports/coffee-tea-mate-spices

18 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 1.1. ML/TF Risks and Scoping of Higher Risk Issues 1.1.1. Overview of ML/TF Risks 37. Rwanda is more vulnerable to domestic ML threats, rather than from proceeds generated outside the jurisdiction. The major proceeds generating crimes are tax evasion, embezzlement of public funds, illegal award of public tenders, embezzlement of cooperative funds and embezzlement of bank funds. Proceeds generated from these crimes are mostly laundered through the banking and real estate sector. There is also indication that some of this involves misuse of legal persons for the predicate offence which is a major concern due to the low understanding of the risks associated with legal persons and the concealment of the natural persons behind those entities. Rwanda is exposed to cross border threat from proceeds of illegal mining in DRC9 being laundered through Rwanda. The authorities are yet to assess the existence and misuse of virtual assets for ML/TF although there is indication that transactions are occurring within Rwanda. 38. The NRA 2019 informed of the vulnerabilities in Rwanda institutional and legal framework with focus on the insufficient expertise of LEAs to support investigations, prosecutions and asset recovery which translate into the low level of convictions, confiscation, and lack of national coordination. Lawyers, TCSPs, securities sector and real estate were also considered vulnerable due to the nature of the services and lack of regulation and AML/CFT supervision. The NRA provides for a Strategic Plan to address the above vulnerabilities. 39. Rwanda is exposed to higher TF risks due to its geographical location and the presence of terrorist organisations and sympathisers across the borders. Rwanda faces threats, including domestic risks, this was evidenced through the case that successfully secured a conviction on grounds of terrorism linked to FDLR listed under UNSCR 2078. The LEAs, informed that Rwanda could be potentially used for moving and storing funds and to a lesser extent for raising funds for terrorism and the highest-risk TF channels are MVTS. The NPO sector has not been assessed for purposes of determining those NPOs at risk of TF abuse. 1.1.2. Country’s Risk Assessment & Scoping of Higher Risk Issues 40. Rwanda carried out it’s NRA using the ML/TF risk Assessment tool developed by the World Bank from 2017 to 2018. It established a NRA Working Group which was chaired by the NPPA with the BNR acting as secretariat. The Working Group was composed of all relevant AML/CFT public sector institutions and attracted participants from the private sector as well. The NRA exercise was completed in December 2018 the report published in May 2019. Rwanda further, updated its understanding of ML/TF risks by carrying out a desk review which started from January 2023 to May 2023 and was approved in June 2023. 41. The NRA exercise involved the analysis and review of the ML/TF threats, vulnerabilities and consequences based on available data and information provided by the various relevant government agencies such as the BNR, FIC, NPPA, NISS, RDB, RGB, RIB, other supervisory authorities, etc. The NRA analysed risk associated with transactions, customers, regions, products and services and measures to mitigate those risks, number of investigations, prosecutions and concluded cases based of fifty cases sampled by the authorities. The NRA examined Rwanda’s ML/TF combating ability in both the public and private sectors particularly the vulnerabilities of the financial sector and DNFBPs. 42. In deciding what issues to prioritise for increased focus, the Assessment team reviewed, TC and Effectiveness information/reports as provided by the Rwanda authorities as well as open-source information from reliable organisations/institutions, the MER 2014 and the post-evaluation progress reports 9 https://www.ft.com/content/ecf89818-949b-4de7-9e8a-89f119c23a69

19 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 in the context of the ESAAMLG Follow-up Process. Notwithstanding the ML/TF risks, the Assessment team also focused on elements which it considered critical in order to determine the efficacy of the Rwanda’s AML/CFT system. The Assessment team looked at the following issues: (a) Understanding of ML/TF risks –The Team sought to establish the authorities’ understanding of the main ML and TF threats and vulnerabilities, and which activities, sectors, type of FIs/DNFBPs presented higher ML or TF risks. The team sought to explore the understanding of risks posed by the actors in the international financial centre, the real estate sector and the implications of the latter not being regulated and supervised for AML/CFT purposes and their potential abuse for ML/TF purposes. (b) High proceeds generating crimes - the Assessment team sought to understand whether the authorities have an appreciation of the threats coming from within and outside Rwanda including looking at the prevailing predicate offences identified in the NRA namely tax evasion and embezzlement of funds as the prevailing offences in term of generating proceeds for ML. The Team focused on the methods used by criminals and the capacity and expertise of LEAs to effectively detect, investigate, and prosecute ML/TF high proceeds generating crimes as identified in the NRA and whether there are any parallel financial investigations being undertaken. (c) Rwanda international financial centre – Rwanda has established an international financial centre, the Assessment team looked at how the competent authorities are expanding financial services including looking at the appropriate controls and mechanisms in place for licensing and regulating businesses operating within the financial centre. This was not limited to the creation and setting up of businesses but also looked at the various actors operating and providing facilitation services. (d) Use of cash and cross-border illegal cash couriers – The Assessment team focused on financial inclusion, including discussing with the authorities existing financial inclusion strategies, policies, and priorities. The AT explored the preventive measures used by the competent authorities to combat ML/TF in the informal sector and how well financial inclusion products/services are used to promote usage of the formal financial sector. There was similarly an increased focus on how cash flows through the MVTS and mobile money services sectors, their materiality and the effectiveness of control measures in these sectors. Given its geographical location there was an increased focus on the effectiveness of customs and border controls to detect and deter cash and illegal goods smuggling in and outside Rwanda demonstrated by specific cases that have been handled by the authorities. (e) Tax evasion – The NRA identified tax evasion as among the crimes that are generating more proceeds than other offences. The Assessment team looked at the preventive measures being implemented by the competent authority with specific focus on control measures in place for the prevention of such high value crimes and the means used and the prevalence of the use of natural person or corporate structures to facilitate those crimes. (f) Terrorism Financing- Given the geographical location of Rwanda, the Assessment team explored the extent to which the authorities have an understanding of TF risks and the channels that can be abused namely mobile money providers and the existence of hawala system, NPO vulnerabilities, migrants from neighbouring conflict zones and porous borders and domestic and foreign terrorist group raising funds within and outside Rwanda. The Assessment Team established that there is an overall low level of understanding of TF risks within the banking sector and the DNFBPs sector. (g) Financial Intelligence, Investigation, Prosecution of Complex ML cases and Confiscation – The Assessment team looked at the number of cases investigated, prosecuted and convicted for money laundering and predicate offences resulting from the financial intelligence disseminated, notwithstanding strategic products shared with LEAs to understand patterns and trends to inform operational priorities and assess the cooperation and coordination mechanisms of competent authorities at domestic and international level. Furthermore, the assessors sought to assess the effectiveness of the multi-disciplinary team employed by LEAs for recovery of assets that are within and outside of Rwanda. In addition, the Team focused on how well the Authorities apply special investigation and prosecution measures proportionate to the magnitude and extent of the ML cases.

20 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 (h) Misuse of legal persons and legal arrangements – The NRA 2019 did not assess the ML/TF risks associated with legal persons and arrangements. The Assessors wanted to determine whether BO information is maintained in Rwanda and, if so, whether it is accessible and can be used by competent authorities and supervisors Since Rwanda has established an IFC, the assessors explored the possibility of foreign trusts to be registered, or a legal or natural person in Rwanda acting as a trustee or providing services to a foreign trust. Specific sectors with Significant ML/TF Vulnerabilities: • The Banking Sector – Given its central role in facilitating and overseeing financial flows in and out of Rwanda, vulnerabilities may be exploited by criminals for ML/TF purposes. • The Money and Value Transfer Service Sector (MVTS) – MVTS products and services can be potentially exploited by criminals, the MVTS sector remains vulnerable to abuse for ML/TF. • The Real Estate Sector – Given that the sector remains unregulated and the low level of supervision and the involvement of cash transactions occurring within that sector, vulnerabilities may exist that can be exploited for criminal purposes, including ML and TF. • Lawyers –lawyers are involved in the creation and setting up of legal persons and arrangements operating within Rwanda and the IFC. There is low level of supervision within the profession, vulnerabilities may exist and can be exploited for ML and TF. • Precious Stones and Metals Dealers- There is low level of supervision within the sector and Rwanda is located close to conflict zones which are abundant with precious stones and metals and criminals which makes Rwanda vulnerable to ML/TF risks as well. • VASPs- VASPs are neither regulated nor supervised in Rwanda, although the BNR has issues a communique on the risk posed by transacting with VASPs, Rwanda is still to take a concrete position on the matter. The assessors determined the extent to which the Authorities understand these sectors’ exposure to ML/TF risks and whether the competent authorities implement effective AML/CFT monitoring and supervision to mitigate the risks. The Assessors also sought to determine the extent to which the above sectors’ supervisory authorities apply risk-based supervision and take enforcement measures against non￾compliance with AML/CFT obligations. Areas of Less Focus The assessment team paid less attention to insurance and pension schemes since they are not materially important in size with the insurance sector representing 1.6 percent of the GDP of Rwanda10. Most of the schemes proposed in life insurance and pension are mainly from employees of the public and private sector and the premiums are primarily sourced from salaries. In addition, the non-deposit credit institutions providers whose sources of funds are from participants and government funding, those are in terms of loans deducted at source. Their vulnerabilities to ML/TF were therefore considered low. 10 https://documents1.worldbank.org/curated/en/213521577693532915/pdf/Insurance-that-Works-What￾Drives-Insurance-Sector-Development-in-the-Republic-of-Rwanda-and-What-are-the-Opportunities￾Ahead.pdf

21 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 1.2. Materiality 43. Rwanda economy rests mostly on agriculture, trade, energy, hospitality and financial services. The banking sector represents 67.4% of the total assets of the financial sector, while the rest is shared amongst insurance, securities and pension firms. The banking sector represents around 47.8 per cent of Rwanda’s GDP with an asset base of USD 5.49 billion as at June 2022. The banking sector consists of 15 banks with majority of them having an international nexus (i.e., 10 commercial banks, 3 microfinance banks, 1 development bank and 1 cooperative bank) and is relatively more vulnerable to ML/TF risks than the others. 44. All categories of DNFBPs as defined by the FATF operate in Rwanda and are subject to AML/CFT requirements with most of them being monitoring (real estate agents). Given that Rwanda has established an international financial centre, TCSPs are in existence and provide a range of services from the creation of legal persons and arrangements to the provision of secretarial services to those entities as well. TCSPs are under the supervision of the BNR. Accountants (395), lawyers (1368) and notaries (325) are among the largest group among the independent professions in the country. There are also some international and domestic legal firms that represents international customers. There are 132 license holders carrying out mining and dealing and the latest risk assessment of the sector indicated the presence of illegal actors mining precious metals and stones amounting to USD 300 million annually. There are only two casinos operating in Kigali City and online gaming is not permissible. The real estate sector is currently unregulated and there is low level of supervision within that sector. At the time of the on-site VASPs were neither regulated nor supervised in Rwanda. BNR has issued a communique on warning the public on dealing with VASPs and the Assessment team was not provided with information on the presence of VASPs or VASPs related transactions. 1.3. Structural Elements 45. Rwanda has all the key structural elements generally required for an efficient AML/CFT framework. The country has established the necessary institutions which are supported by adequate legal framework and is politically stable. There was a strong commitment to combat financial crime with a particular focus on ML/TF related crimes by the executive. This was witnessed by the passing of new set of laws (including the AML/CFT Act) to address the deficiencies in the previous MER. Rwanda also has an independent and capable judicial system that handle ML/TF cases. However, Rwanda has resources constraints which has impacted on implementation an effective AML/CFT system. 1.4. Background and Other Contextual Factors 46. Rwanda has made efforts to strengthen its AML/CFT institutional and legal framework to address the 2014 MER deficiencies. The key institutional arrangements include the setting up of the FIC, RIB (an investigative body for all criminal offences – ML/TF), and asset management unit within the NPPA. Since the key changes were recent, the effectiveness of the AML/CFT regime is seen to be improving. 47. Rwanda has made considerable efforts to financially include its population with the implementation of new financial products and services including services through mobile operators. Based on the Finscope Survey 202011, the percentage of adults with access/use formal financial product is 77%, there is a clear gap from Kigali City (with 99%) with the rural areas which are mostly below the 60% mark. 11 https://www.bnr.rw/financial-inclusion/financial-inclusion-surveys/ - Finscope Rwanda 2020

22 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 1.4.1 AML/CFT strategy 48. Rwanda started with implementation of its 2023 National AML/CFT Policy which comprises seven broad objectives in the AML/CFT which are aimed at strengthening: the AML/CFT legal and regulatory framework; domestic cooperation on AML/CFT matters; capacity of stakeholders in complying with AML/CFT obligations; regional and international cooperation on AML/CFT; investigation, prosecution and adjudication on ML/TF/PF matters; implementation of targeted financial sanctions on TF and PF; compliance with FATF standards (see Chapter 2 for details). The Policy includes some measures to be implement by the relevant authorities to promote financial inclusion in order to suppress and prevent efforts to combat ML/TF in the informal sector. The NRA 2019 sets out an AML/CFT Strategic Action plan covering the period 2019 to 2022. However, the information provided was that there was no authority in charge of overseeing the implementation of the actions items which practically left to each competent authority to action on their own items. The relevant authorities informed that they prioritise the item based on their own institution needs and capacity resulting in some action items not to be prioritised or completed. The authorities could not demonstrate that the strategic objectives were based on the current risks or the findings of the NRA since some of the high-risk sectors were not being prioritised, e.g., real estate sector. 49. Rwanda has set up a dedicated asset management unit called the Seized and Confiscated Assets Unit since 2020 to administer confiscation and management of proceeds of predicate offences. 1.4.2 Legal & institutional framework 50. Since the 2014 MER, Rwanda has taken reasonable steps to strengthen its institutional and legal arrangements, though resources challenges prevail. The new acts namely, the AML/CFT Act 2023 and the amendment to the Companies Act and Partnership Act enhanced the confiscation measures and introduced more dissuasive sanctions for natural and legal persons. For a natural person, the sentence ranges from 10 to 15 years imprisonment and the confiscation of all the assets involved. For the legal person, the fine ranges from 10 to 20 times the value involved in ML and TF activities. It also provides for the implementation of UNSCRs by FIs and DNFBPs on TF and the procedures thereto. The laws empower the supervisory authorities to impose administrative sanctions for failure to comply with AML/CFT/CPF requirements including those supervising FIs, NPOs, NBFIs and DNFBPs. 51. Rwanda has several competent authorities/institutions responsible for ensuring the effective implementation of AML/CFT/CPF measures in the country. The following ministries and agencies dedicated to implementing AML/CFT matters are as follows:

23 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Policy Coordination Bodies 52. The National Coordination Council (NCC): is the highest AML/CFT/CPF policy making and coordinating body in Rwanda established in 2021 through the Presidential Order N° 100/01 of 6/08/2021 as a governing council responsible for developing, monitoring and coordinating policies, strategies and actions related to combating ML/TF/PF. The Council is chaired by the Minister of Finance and Economic Planning and co-chaired by Deputy Governor of National Bank of Rwanda. It comprises of all key agencies/institutions. 53. The National Technical Committee to the Coordination Council (NTCCC): is the body that advises the NCC on the implementation of the strategies and policies and other technical matters. It comprises of all institutions/agencies that represented in the NCC and chaired by the Director General of the FIC and the FIC acts as the Secretariat and is an administrative body. 54. National Counter Terrorism Committee (NCTC): It was established under N° 039/2021 of 28/07/2021 amending Law nº 46/2018 and the Prime Ministers Order No.018/03 as a Competent Authority for purpose of proposing person for the designation to the relevant United Nations Sanctions as well as identifying person that meets the listing criteria for designation on the United Nations Sanctions list. Ministries 55. Ministry of Finance and Economic Planning: Is responsible for overseeing the FIC and holds responsibility for all Policy and Strategy issues related to AML/CFT/CPF in the country. 56. Ministry of Justice: is the Competent Authority that prepare requests for mutual legal assistance to a foreign State in conformity with the relevant laws of Rwanda and have it sent to the Central Authority. It has also a role of enacting and amending all legislations and AML/CFT supervision of Notaries. 57. Ministry in charge of Foreign Affairs and International Cooperation: is the Central Authority responsible for the handling of incoming and outgoing Mutual Legal Assistance and Extradition requests and circulation of UN sanction lists to competent authorities. 58. Ministry of Trade and Industry: is responsible for the licensing and supervision of casino operators by virtue of 2023 AML/CFT Law and Regulations No 002/FIC/ 2023. Criminal Justice and Operational Agencies 59. The Financial Intelligence Centre (FIC): It was established under the law No.045/2021 as a national authority with mandate to receive and analyse suspicious transaction reports and other information related to money laundering and associated predicate offences, terrorism financing and financing of proliferation of weapons of mass destruction and disseminating the results of such an analysis to relevant authorities. 60. The National Public Prosecution Authority (NPPA): It was established under Article 142 of the Rwandan Constitution responsible for investigating and prosecuting offences throughout the country and ensure that money laundering and associated predicate offence, terrorist financing or financing of proliferation of weapons of mass destruction offences are properly investigated, within the framework of national policies. It has a role of initiating freezing and seizing of funds or other assets that may become subject to confiscation, or is suspected of being proceeds of crime. 61. Rwanda Investigation Bureau (RIB): It was established under the Law Nº12/2017 mainly to investigate all types of offences and order for information and take statements from any person suspected of having information that can help an investigation; to search a person, enter a building or premises linked to information with or without a warrant; search any person or property and to recover stolen objects and seize any properties that may be useful for conducting criminal investigations. 62. The Rwandan National Police (RNP): It was established under Article 160 of the Constitution to ensure security of persons and property throughout the country. It has power to arrest a person who is

24 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 suspected of an offence, a fugitive or a wanted person by security or judicial organs, and hands over him or her to the Investigation Bureau, seize property and investigate offences relating to road, railways and waterways accidents and traffic offences. It checks compliance on cash or BNI’s declarations or where there is suspicion of ML/TF. 63. The Office of Ombudsman: By virtue of Law N° 54/2021 of 29/08/2021) is responsible for preventing of corruption, receiving and analysing information on corruption and submit the findings to other competent authorities for investigation and to follow up on corruption complaints referred to other competent authorities for investigation or resolution. 64. National Intelligence Security Service (NISS): is responsible for gathering and analysing domestic and foreign intelligence and applying counter-intelligence security measures to safeguard Rwanda as well as submits intelligence information related to ML/TF/PF offences once detected to competent authorities. 65. The Rwanda Revenue Authority (RRA): is responsible for administering tax laws and customs and exercises matters, detecting ML and TF offences and to verify if there is a cash or BNI hidden within imports and exports under the customs bonded warehouse. Financial Sector Competent Authorities 66. National Bank of Rwanda (BNR): is responsible for licensing banks, forex bureaus, microfinances, Non-Deposit Finance Institutions, insurance companies, pension funds/schemes, and payment systems providers and AML/CFT supervision. It also supervises TCSPs for AML/CFT purposes. 67. Capital Market Authority (CMA): is responsible for licensing the stock exchange, commodity exchange, securities brokers, investment banks, investment managers, collective investment schemes, investment advisors and AML/CFT supervision. DNFBP Competent Authorities and Self-Regulating Bodies 68. Rwanda Bar Association: is responsible for licensing and regulating advocates and law firms. 69. Rwanda Mines, Petroleum and Gas Board (RMB): is responsible for AML/CFT supervision of dealers in precious stones and metals. 70. The Institute of Certified Public Accountants of Rwanda (ICPAR): is responsible for AML/CFT supervision of accountant, accounting firms and audit firms. Legal Persons and Arrangements Competent Authorities 71. The Rwanda Governance Board (RGB): by virtue of the law N° 56/2016 of 16/12/2016, RGB is responsible for registration and monitoring of the operations of non-profit organizations (NPO) including; National NGOs, International NGOs, Faith Based Organizations and Common Benefit Foundations and AML/CFT supervision. 72. The Rwanda Development Board (RDB): is responsible for registration of companies, partnerships and trusts and obtain beneficial ownership information and maintains records thereto. 1.4.3. Financial sector and DNFBPs 73. The Rwanda financial system has developed considerably over the past years with the emergence of new types of non-bank financial institutions. The financial sector is more dominant than the DNFBPs. Banks dominate financial services sector when measured in terms of assets under management. The sector has contributed around 47.8 per cent of GDP as at end June 2022. The financial sector comprises other ranges of financial services such as Insurance, microfinance, payment service, MVTS, Foreign Exchange Bureaus, pension funds. Based on this, the banking sector is key to the AML/CFT system of Rwanda given the risk exposure it has relative to the other sectors.

25 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 74. As of end of June 2022, there were 624 financial institutions regulated by the BNR. which includes, amongst others, 15 commercial banks with 843 branches and 78 foreign exchange bureaus. The banking sector assets represented 67.4 percent of total financial sector’s assets. The banking sector in Rwanda is closely tied to the banks operating within the Eastern Africa banking sector, with two out of the three largest banks having links with Kenya. The three largest commercial banks in descending order of market share (in terms of assets) are: Bank of Kigali, BPR Bank Rwanda, and I&M Bank. Other banks present in Rwanda are: Ecobank, GT Bank, Equity Bank, NCBA (formerly the Commercial Bank of Africa (CBA)), Access Bank, Bank of Africa, Cogebanque, Urwego, Development Bank of Rwanda and microfinance banks AB Bank, Zigama, and Unguka. 75. The assets of the pensions sector accounted for 17 percent whilst the assets of insurance sector represented 9.2 percent of total assets of the financial sector. The assets of the microfinance sector represented 5.8 percent of financial sector assets as at end June 2022. Other NBFIs that include Forex bureaus, payment services providers and non-deposit taking lending institutions remain relatively small and accounted for about 0.5 percent of the total assets of the financial sector. The MVTS providers, the NBFIs, the e-money and Payment Systems Providers have been heavily weighted on account of higher risks for ML/TF, such as transactions involving cross border payments etc. The remaining NBFIs, the insurance and the pension sector have been less heavily weighted mainly due to their size and the level of ML/TF risks in the sector. 76. In view of the materiality, size of business and ML/TF risk exposure of the banking sector, the banking sector has been weighted most heavily. From the year 2018 to 2023, the total assets of the banking sector have more than doubled. The interconnectedness of the banking sector with the NBFIs exposes it to high ML and TF risks. Further, the banking sector facilitates transactions for foreign investors that want to access the International Financial Centre. Table1.1: FIs under the purview of BNR as at end of 2022 Types of Financial institutions No of licensed/regulated /registered entities Total assets (USD million) Locally Majority owned Foreign Majority owned FIs No of branches Banks 15 5,992.90 4 11 843 Lending 19 6,74 8 11 0 Leasing (NDFIs) 4 6.8 4 0 0 Other NDFIs 14 75.46 14 0 0 TCSPs 5 0 1 4 0 Microfinance 456 421 454 2 19 MVTS (remittances) 6 1.20 2 4 2 Mobile Money (E-money issuers) 2 1.92 0 2 0 Other E-money issuers 5 0 2 3 0 Payment System operators 1 0 0 1 0 Money aggregators 13 0 9 4 0 Money changers 78 8.7 76 2 12 Life Insurance 3 76.8 3 0 0 General Insurance 12 667.5 9 6 56 Insurance brokers 16 0 11 5 0 Insurance agents 1363 0 1218 145 0 Pension Funds 13 131.5 11 2 30 77. Rwanda is modernizing its national payment system with rising use of digital payment channels as demonstrated by a significant increase in total values. In terms of fund transfers through mobile payment channels, the number of transactions increased by 58 per cent in one year, i.e. from 196 million to 310

26 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 million and in terms of total value, the amount rose from RWF 4,707 billion (USD 3.8 million) to RWF 6,616 billion (USD 5.3 million). For mobile banking channels, the number of transactions rose from 6 million to 8 million (growth of 35 percent) and the value of transactions rose by 140 per cent, i.e., from USD 305.9 million to USD 736.2 million (RWF 381 billion to RWF 917 billion) in one year. The digital payment channels are used for cross-border payments which has a higher ML/TF risk exposure than local channels as demonstrated by the use of agents, cash deposits and cross border transactions. Legislative and oversight mechanisms for the digital payment system is evolving and lagging behind innovation. 78. The securities sector- is heavily weighted. The securities sector consists of the stock exchange, commodities exchange and related contracts, collective investment schemes, securities brokers, investment banks, investment managers, and custodians. Table 1.2: FIs under the purview of CMA as at end of 2022 Type of FIs No of licensed /regulated/regist ered Foreign Majority owned Locally Majority Owned Total Assets (RWF) Total Assets (USD) Stock Exchange 1 0 1 1.597 bn 1.24 million Collective Investment Scheme 2 0 2 34.2 bn 29.2 million Investment Banks 2 1.26 bn 1.1 million Investment Managers 7 1.9bn 1.6 million Commodity Exchange 1 0 1 6.854bn 5.82 million Securities brokers 7 3 4 1.6 bn 1.4 million Investment Advisers 1 0 1 173.6 mn 0.15 million Custodians (banks) 3 1 2 2,726 bn 2.4 million 79. In view of developing its financial sector and attracting international investors one of the strategies of Rwanda is to develop and promote itself as an International Financial Centre, and to position itself to be a financial services hub in the region. This has entailed the introduction of enabling legislation. The IFC enables promotion and connects entities with competent authorities and regulators. During the period under review there were around 126 entities registered in Rwanda, out of the 126 registered entities, the assessment team was provided information on only 33 entities that have assets of RWF 153,616,434,951 (USD 120 million). The assessment team was informed that due to the nature of the operations/services these remaining 93 entities are yet required to be licensed or to be under the supervisory purview of a competent authority. 80. The Designated Non-Financial Businesses and Professions (DNFBPs) in Rwanda includes Real Estate agents, Casino, Dealers in Precious metal and Stones, Accountants and Lawyers & Notaries. TCSPs are regulated and supervised by BNR and attracts high risks due to the nature of the services being provided. The real estate sector has the highest ML risk exposure. The sector is not yet fully supervised due to the recency of the AML/CFT supervisory framework. Most of the DNFBPs sector has been heavily risk rated mainly based on the nature and the level of risks of the transactions performed and the lack of proper AML/CFT regulation in the sector. Table 1.3: Overview of the DNFBP sector Type of DNFBPs Number of Total Assets (USD AML/CFT Supervisor

27 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 entities Million) Casinos 2 89.4 Mins of Trade and Industry Real Estate Agents 7412 Unknown Financial Intelligence Centre Dealers in Precious Stones and Metals 132 84 Rwanda Mines, Petroleum and Gas Board Lawyers 1368 Unknown Rwanda Bar Association Notaries 325 Unknown Ministry of Justice Accountants 395 Unknown Institute of Certified Public Accountants of Rwanda TCSPs 5 Unknown National Bank of Rwanda 81. Dealers in Precious Metals and Stones: The sector is heavily weighted. The Rwanda Mines, Petroleum and Gas Board (RMB) is designated as the AML/CFT supervisor of dealers in precious stones and metals. There were 132 dealers the dealers can carry out mining and dealing (20 are large scale, 71 are medium scale and 41 are small scale). Rwanda is exposed to the risks of being used as a transit for smuggling of minerals from the neighbouring countries. The sector risk assessment conducted in April 2023 revealed that illicit assets relating to illegal mining on average amounted to USD 300 million annually. 82. Legal Practitioners – The sector is heavily weighted. The Rwanda Bar Association is the designated AML/CFT supervisor of advocates. The legal practitioners provide services to private sector, including foreign investors that want to access the International Financial Centre. As at the time of the onsite, the Rwanda Bar Association had 1368 members. 83. Real Estate Sector- The sector is heavily weighted. The real estate agents are not licenced or registered by any regulatory authority, though the general company incorporation requirements apply. Since the RDB only issue a registration certificate there is no requirement to disclose the activity to be carried out and hence the sector could potentially have the risk of unregistered/unlicensed real estate agents. The official statistics of the total number of real estate agents operating in Rwanda was 74. During the 2017/2018 NRA, the total number of real estate agents were 119. The FIC is the designated AML/CFT supervisor for the sector. The sector risk assessment conducted in February 2023 revealed that the sector still operates in a disorganised manner due to lack of legal and regulatory framework. Further, though there is a Rwanda Association of Real Estate Brokers established in 2012, it was not mandatory to be a member to operate in the sector. In respect of the few real estate agents that had been subjected to AML/CFT supervisory interventions, the assessments revealed weak AML/CFT controls in place. Hence the sector is highly vulnerable to ML risk. 84. Accountants- The sector is heavily weighted. The Institute of Certified Public Accountants of Rwanda (ICPAR) is the designated AML/CFT supervisor of accountant, accounting firms and audit firms. 12 The figure represent real estate agents that voluntarily disclosed as providing real estate agency to the authorities.

28 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 The Institute of Certified Public Accountants of Rwanda (ICPAR) is a self-regulatory body (SRB) which regulates the activities of all certified public accountants in the country. 85. Trusts and Company Services Providers (TCSPs) – The sector is heavily weighted. The TCSPs are supervised by the National Bank of Rwanda. At the time of the onsite, there were 5 TCSPs licensed by the National Bank of Rwanda. However, only two out of five TCSPs were operational. 86. Casinos: The sector is less heavily weighted. The Ministry of Trade and Industry (MINICOM) is designated as the AML/CFT supervisor of casinos by virtue of 2023 AML/CFT Law and Regulations No 002/FIC/ 2023. At the time of the onsite, the casino sector comprised of only two casinos. 87. Notary – The sector is less heavily weighted. The Ministry of Justice (MINIJUST) is the designated supervisory authority of notaries for AML/CFT purposes. There are 325 private notaries registered with MINIJUST. The sector was at a very early stage of monitoring for AML/CFT purposes. The ML/TF risks posed by the sector was considered relatively low as the notaries’ services was quite limited. 88. Virtual Asset Service Providers - Rwanda has no regulatory frameworks for licensing/registration and carrying out AML/CFT supervision or monitoring of VASPs. BNR had issued a notice to the general public in 2023 to sensitise them of the relative risks relating to crypto assets and requested them not to get involved in such activities until a regulatory framework has been put in place. 89. Considering the risks and context of Rwanda, the assessment team weighted the banking sector most heavily, heavily for MVTS, e-money and Payment Systems Providers, securities sectors, asset management companies, real estate agents, legal practitioners, accountants, DPMS, TCSPs and less heavily for casinos, notaries and life insurance and pension schemes. 1.4.4. Preventive measures 90. The primary legal and regulatory framework prescribing AML/CFT obligations for FIs and DNFBPs are set out in the Law Nº 028/2023 of 19/05/2023 on the Prevention and Punishment of Money Laundering, Terrorist Financing and the Financing of Proliferation of Weapons of Mass Destruction and FIC Regulations 002/FIC/2023 of 26/06/2023. The AML/CFT laws have been subjected to a series of amendments to the extent that the FIC Regulations were issued while the assessment team was on site. Consequently, the regulatory framework is quite recent and has addressed most of the Technical Compliance gaps and is largely in compliant with the requirements of the AML/CFT international standards (See TC Annex Recs 9-23). The preventive measures provided for under the regulatory framework include obligations of reporting entities to undertake risk assessment, CDD, STR reporting obligations, tipping off and record retention. The laws cover all FIs and DNFBPs including TCSPs as required by the FATF. However, the regulatory framework does not extend to VASPs. The AML/CFT obligations for FIs generally also apply to DNFBPs. Notaries are designated as reporting entities in Rwanda. According to the information received during the onsite, notaries activities are limited to legalisation of contracts. Nonetheless, this is not informed by a comprehensive ML/TF risk assessment. 1.4.5. Legal persons and arrangements 91. There are three categories of legal persons in Rwanda, namely Companies, Non-Governmental Organisations (NGOs), Foundations and Limited Liability Partnerships. Companies and Limited Liability Partnerships are registered by the Rwanda Development Board (RDB) whilst NGOs are registered by the Rwanda Governance Board (RGB). There are five types of companies that can be incorporated in Rwanda: (a) a company limited by shares; (b) a company limited by guarantee; (c) a company limited by shares and by guarantee; (d) an unlimited company; and (e) a protected cell company. A company limited by shares and by guarantee may be public or private. However, a company limited by guarantee or an unlimited company cannot be a public company. The RDB has registered 150,000 companies as at the time of onsite visit. Information on the creation and types of companies that can be created in Rwanda is publicly

29 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 available on website of the Rwandan Development Board (RDB) at https://brs.rdb.rw/busregonline. NGOs are classified into three types: Public Interest Organisations; Common Interest Organisations; and Foundations. Information on the creation and types of NGOs that can be created in Rwanda is available on the RGB website at https://www.rgb.rw/1/civil-society-faith-based-and-political-organisations. As regards Foundations, there are three types, namely: a private benefit foundation, common benefit foundation and mixed benefit foundations. RDB is responsible for registering Private Benefit Foundations and Mixed Benefit Foundations whilst RGB registers Common Benefit Foundations. International non-governmental are required to register with the RGB. 92. Legal arrangements can take the form of trusts or partnerships. Prior to passing laws on trusts and partnerships in 2021, Rwanda did not recognize the legal concept of trusts and partnerships. Due to its ambitions to become an IFC, Rwanda enacted the law governing trusts and partnerships in 2021. The RDB now registers both trusts and partnerships and as at the time of the onsite visit, there were eight trusts and two partnerships registered with the RDB. 1.4.6. Supervisory arrangements 93. BNR and CMA have been designated as the AML/CFT supervisors for the financial sector in Rwanda under the Law No 028/2023. • BNR supervises the banks, MVTS providers, forex bureaus, microfinance, Non-Deposit Finance Institutions, insurance companies, pension funds/schemes and payment systems providers, life insurance companies, amongst others. Where there is no direct supervisory authority for a particular financial institution, it falls under the supervision of BNR. • CMA supervises stock exchange, capital markets industry, fund managers, commodities exchange and related contracts, collective investment schemes, securities brokers, investment banks, investment managers and custodians. 94. For the DNFBP sectors, the designated AML/CFT supervisors are Ministry of Trade and Industry for casinos, Rwanda Mines Petroleum and Gas Board for dealers in precious metal and stones, Rwanda Bar Association for advocates and law firms, ICPAR for public accountants, FIC for real estate agents and Ministry of Justice for the notaries. They are all governed by their respective laws and are designated as reporting persons under the 2023 AML/CFT Act. All the DNFBP supervisors have the responsibility to monitor and ensure compliance with AML/CFT obligations by DNFBPs. The TCSPs are licensed and supervised by the National Bank of Rwanda. FIC is also designated as the AML/CFT supervisor for any DNFBPs which do not have a supervisory authority. 95. VASPs are not subject to prudential and AML/CFT supervision in Rwanda. 96. The Rwanda Development Board is responsible for the creation, registration and supervision of legal persons and arrangements in Rwanda. 1.4.7. International cooperation 97. Rwanda has a legal and institutional framework to cooperate and exchange information with foreign counterparts. Rwanda has ratified all the international instruments (Vienna, Palermo, Geneva and UNCAC) relevant to AML/CFT, which it has domesticated to support its international cooperation requirements. In addition, Rwanda has entered into bilateral and multilateral agreements to facilitate international cooperation. ML and TF are extraditable offences in Rwanda. 98. The Ministry of Foreign Affairs is the central authority for all MLAs in Rwanda. RIB and NPPA (handles MLA requests) have made and received requests on cases with their foreign counterparts but few cases are related to ML and one case was on TF. The FIC has entered into bilateral MoUs with several of

30 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 its foreign counterparts to facilitate exchange of information. However, as at the date of the onsite visit, the FIU had exchanged information with counterparts such as Botswana, Kenya, Mozambique, Singapore, United Kingdom and United States of America. Supervisory authorities and other competent authorities can cooperate and exchange information with foreign counterparts.

31 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 2. NATIONAL AML/CFT POLICIES AND COORDINATION 2.1. Key Findings and Recommended Actions Immediate Outcome 1 Key Findings a) Rwanda has demonstrated some understanding of its national ML risks and threats from tax evasion, embezzlement of public funds, illegal award of public fund tenders, embezzlement of cooperative funds and embezzlement of bank funds. The ML/TF risks from legal persons and arrangements, VASPs and TF risk from NPOs are not well understood. Competent authorities have limited TF risk understanding, with the exception of the NISS and FIC. Rwanda is yet to determine the relative scale/magnitude of its ML/TF threats. b) The National Coordination Council (NCC) has been successful in promoting coordination and collaboration for AML/CFT purposes between competent authorities as demonstrated by the development of the National Policy 2023. c) There is no proper alignment of the objectives and activities of the competent authorities with the ML/TF risks identified in the NRA and the national priorities and objectives set out in the National AML/CFT Policy 2023 embedded with the national AML/CFT strategy. The National AML/CFT Policy focuses more on RBA and implementation of TFS rather than TF, while the supervisors RBA to AML/CFT supervisory activities are still at an embryonic stage. d) Rwanda has started to implement inter-agency cooperation and coordination mechanisms on AML/CFT matters, the setting up of the NCC has boosted the need for agencies to collaborate. Rwanda is yet to collaborate on complex financial investigations and TF cases, this is due to resources and capacity challenges. e) Rwanda National Policy 2023 provides for CFT strategy and policies, however, the policies do not prioritise TF. Rwanda does not have clear focus on TF investigation and prosecution, implementation of targeted financial sanctions and monitoring of high risk NPOs. f) The NRA and the sectoral risks assessment identified the various ML/TF risks within the financial sector. There is no coordination by the financial sector supervisors on policies and priorities for supervision and preventive measures in order to mitigate and manage the risks. There is limited cooperation and coordination among the Supervisors for AML/CFT purposes. g) Rwanda has no coordination and cooperation by the relevant authorities on PF operational matters. h) Rwanda has adequately promoted ML/TF risk awareness among FIs and to some extent to DNFBPs using the findings of the NRA and other risk assessments through awareness to the relevant stakeholder and the discussion of the prevailing risks through the different forums. Although Rwanda has approved a desk review in May 2024 to update the findings of the NRA, the report was not shared at the time of the onsite.

32 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommended Actions a) Rwanda should enhance understanding of ML/TF risks by: (i) considering emerging and TF risks in order to keep the risks up to date, (ii) expanding the scope of the ML threats by focusing on commonly used methods and channels including the vulnerable sectors, (iii) improving a shared understanding of TF risks to inform policies to prevent and combat TF, (iv) prioritising TF policies in the context of Rwanda. b) The NCC should establish a mechanism to oversee the level of implementation of the National AML/CFT Policy and ensure that the competent authorities action plans are consistent with the identified ML/TF risks and the National AML/CFT Policy. c) Rwanda should introduce mechanisms to improve cooperation and coordination within the current structures with focus on supervision, TF and PF at operational level. d) Rwanda should allocate adequate resources (human, financial and technical) to supervisory and investigative authorities informed by the ML/TF risks identified and the objectives of the National Policy. 99. The relevant Immediate Outcome considered and assessed in this chapter is IO.1. The Recommendations relevant for the assessment of effectiveness under this section are R.1, 2, 33 and 34. 2.2 Immediate Outcome 1 (Risk, Policy and Coordination) 2.2.1. Country’s understanding of its ML/TF risks 100. Rwanda has made efforts to promote and deepen the understanding of its ML/TF risks by carrying out a National Risk Assessment (NRA) approved in 2019 and through a desk review from January 2023 to May 2023. In undertaking the NRA exercise in December 2017, Rwanda established a working group to take the lead of the process and the exercise was coordinated by the NPPA. The working group comprises of major public and private sector stakeholders (see c.1.1 for more details). The NRA working group was not comprehensively constituted due to the fact that it did not include some regulators of DNFBPs (MINICOM and ICPAR). Based on the discussions some stakeholders were only invited for comments on the draft report while some were only requested to fill in a questionnaire for collecting data, which may have impacted on the analysis part and subsequent findings of those sectors. 101. The NRA includes input from the financial sectors supervisors through the various SRAs which was included into the NRA. Some FIs and DNFBPs participated in the NRA through responses to questionnaires, resulting in some of the data provided, not being adequately analysed during the exercise. Key statistics such as investigations, prosecutions and convictions of predicate offences were considered, the NRA took a quantitative approach since the authorities considered 50 cases where the value of the offence was above USD 20,000. This may have resulted in not having a holistic overview of the ML/TF risks in Rwanda, more specifically with regards to TF since Rwanda had a case financing of terrorist act (see IO.9 for more details), given the threshold approach the case was not considered and this would have assisted the country to have a comprehensive understanding of the prevailing risks that it might be facing. Moreover, the Assessment Team is not convinced that Rwanda has fully assessed the risks associated with the informal and underground channels that could be used to launder proceeds in the absence of the information in the NRA as well as the desk review.

33 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 102. With a view to update the understanding of its ML/TF risks, Rwanda carried out a desk review from January to May 2023 to follow up on the findings of the NRA and this report was validated by the relevant authorities in June 2023. The desk review indicates that for the last period (2018-2023) there has not been much change in the most proceeds generating offences with the exception of illegal award of public fund tenders as identified by Rwanda. The authorities informed the Assessment team that the deficiencies identified during the NRA has been addressed, however, the desk review informs that the trend with regards to the most proceeds generating offences was the same although the proceeds seem to have declined due to COVID-19 pandemic. In addition, emerging risks were not considered which may not fairly represent current level of risks existing in Rwanda. At the time of the on-site, the desk review was recently finalised and the report was not disseminated to competent authorities and reporting entities. 103. The competent authorities have a good understanding of the main domestic ML threats, tax evasion, embezzlement of public funds, illegal award of public fund tenders, embezzlement of cooperative funds and bank funds, however the understanding of the vulnerabilities or channels that can be exploited is limited. Based on the discussions during the on-site, the Assessment team noted that the illegal proceeds generated are mainly used within Rwanda for the purchase of services and tangible property. The authorities informed the assessment team that some of the proceeds are laundered cross￾border through trade-based schemes (e.g., mis-invoicing), cash smuggling and overseas expenditure. The authorities could not demonstrate a thorough understanding of the specific vulnerabilities or channels exploited, e.g., role of enablers, types of structures most misused or vulnerable. In addition, given that Rwanda has established an international financial centre, the authorities could not demonstrate having an understanding of emerging risks or sophisticated schemes that could be established through the IFC. 104. The understanding of ML risks is varied among supervisory authorities with the BNR demonstrating a higher understanding of the risks within the banking sector. The understanding of the risks was primarily developed through the annual sectoral risk assessment of the supervised entities. The banking supervision directorate displayed a more in-depth understanding of the vulnerabilities in its supervised sectors than was evidenced in the NRA. The CMA demonstrated it understood the ML risks identified in the NRA and used the findings of the NRA to carry out a sectoral risk assessment. However, in view of the new products and services that is being supervised by the CMA the risks could have evolved. Although the FIC is well aware of the ML risks identified in the NRA, it was only recently empowered as a supervisory authority. 105. The authorities’ understanding of ML vulnerabilities in the DNFBPs sector is limited. The authorities’ understanding of ML vulnerabilities of DNFBPs sector is primarily informed by the sector ML risk assessment carried out by the relevant regulatory body which do not seem aligned with prevailing risks. Some of the vulnerabilities have not been adequately assessed since the focus of the sector assessment was mostly related to compliance with the relevant regulatory requirements. DPMS was rated with low ML risk, however, the assessment team noted the lack of implementation of AML/CFT obligations. TCSPs have been in operation since 2021 and the vulnerability of the sector has not been properly looked at given the range of services that they are permitted to provide within Rwanda. 106. LEAs understanding of ML risks is limited and hampered by several factors. There are information gaps with regards to statistics provided by LEAs that were observed to be inconsistent. The LEAs focused more on the predicate offences than on ML, e.g., in general there is limited appreciation on how complex corporate structures could be used for ML since the authorities tend to focus on the natural persons limiting the information available for appropriately assessing risks. 107. The understanding of threats from foreign predicates or vulnerabilities exploited to launder the proceeds could not be demonstrated by the authorities. The NRA informs that the financial system revolves around the banking sector which is rated as highest risk for ML. With the development of the IFC

34 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 this sector will be a gateway for facilitating the flow of funds through the financial system and to the rest of the world, which may include potential foreign criminal proceeds. This is witnessed in the NRA13 whereby funds were transferred from international financial centres through the Rwanda IFC and back without any economic value and there is no acknowledgement that such risks need to be improved at the national level. 108. Rwanda does not have a shared understanding of TF risks and is reactive in pursuit of TF cases, although the country is situated close to known terrorist groups and organisations (FDLR & ADF). The NISS and the FIC demonstrated a good understanding of the possible sources of TF risks that are likely to emanate from terrorist activities in Rwanda such as raising, moving cash and remittances through illegal means. The TF cases shared with the assessment team reveal that Rwanda applied a reactive and conversative approach to detecting and investigating potential domestic and foreign linked TF cases. Overall, Rwanda has determined TF as medium low. There was no information on mechanisms for sharing information of TF threats with the other competent authorities such as NPO regulators, supervisors and customs which has led to an underdeveloped understanding of TF risks in Rwanda. 109. NISS works with the FIC and the other relevant authorities to share information on screening potential high-risk individuals which are outside of Rwanda, but this is done as part of the vetting process and not as part of an established CFT strategy. The authorities were of the view that the TF risk is medium low, however, the competent authorities could not demonstrate the basis of this since their understanding of TF risks was varied (see IO.9 for more details). 110. The supervisory authorities understanding of vulnerabilities related to TF by FIs and DNFBPs is limited. The vulnerabilities associated with Rwanda include informal remittances, porous borders, potential links between terrorist groups, new financial technologies such as VASPs. Neither the NRA nor the Desk Review of 2023 touches on these vulnerabilities in the AML/CFT system that can be exploited by terrorist groups. The supervisors understanding of TF risks is limited to the implementation of TFS obligations and none of the sector risk assessments differentiate between ML and TF vulnerabilities or specifically address TF risks. Rwanda made efforts to conduct an assessment of the risks in the NPO sector. However, the country has not yet addressed the requirement to identify which subset of organizations fall within the FATF definition of an NPO and nor has it identified the features and types of NPOs that, by virtue of their activities or characteristics, are likely to be at risk of TF abuse. The risk assessment did not focus on identifying the nature of threats posed by terrorist entities to the NPOs that are at risk, as well as how terrorist actors abuse those NPOs. 2.2.2. National policies to address identified ML/TF risks 111. Rwanda has developed a national AML/CFT policy informed by the findings of the NRA 2019 and as demonstrated by continuing the post-2014 MER changes to key legislation and institutional arrangements. The reforms mainly focused on aligning the objectives and priorities of the competent authorities (e.g., risk-based approach by supervisors and asset recovery by LEAs) with the risks identified. Some competent authorities (e.g., FIC, BNR and RIB) have implemented robust strategies and policies in place which assisted them to combat ML/TF better than the others (some LEAs). Rwanda noted the risks posed by limited domestic cooperation and coordination at operational level (e.g., LEAs) and capacity/resource constraints in order to effectively implement its AML/CFT policies and activities to address the risks identified. This impacted on Rwanda’s ability to implement a comprehensive and effective AML/CFT approach at the national level. In order to improve the flow of information from the intelligence dissemination, investigation and prosecution Rwanda established the Integrated Electronic Case Management 13 Pg 24 and 25 of the NRA 2019

35 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 System (IECMS) where RIB, NPPA and the FIC are connected to the system in order to tackle resources and prioritization of investigation and prosecution of predicate offences (see IO.7&8 for further details). 112. Following the findings of the NRA the priority for Rwanda was to (a) enhance the legal and institutional framework; (b) strengthen the capacity and resources for key institutions in charge of ML investigations, prosecutions and adjudication; (c) establish a comprehensive asset freezing and confiscation measures; (d) strengthen domestic coordination and communication between LEAs. The assessment team noted that the policies and activities were mainly focused on pursuing proceeds of predicate offences rather than ML and TF to a negligible extent. 113. Rwanda issued a National AML/CFT Policy in March 2023 in a revitalized effort to guide the coordination and enhancement of the AML/CFT regime. Rwanda has a holistic and coordinated approach to policymaking and oversight under the Ministry of Finance and Economic Planning (MINECOFIN). The Ministry is responsible for oversight of the AML/CFT policies and activities which is overseen by the National Coordination Committee (NCC) established in August 2021. The NCC is chaired by the Minister of MINECOFIN and the Deputy Governor of the BNR, with the FIC acting as the secretariat and chair of the National Technical Committee to Coordination Committee (NTCCC). The National AML/CFT Policy 2023 has been developed by the National Coordination Council in collaboration with key stakeholders in view of filing in the items that could not be fully implemented in the previous strategy emanating from the NRA 2019. The current national AML/CFT strategy which is embedded in the National AML/CFT Policy 2023 has seven strategic objectives namely: (a) strengthen the AML/CFT/CFP legal and regulatory framework; (b) enhance national coordination efforts and cooperation on AML/CFT/CPF matters; (c) strengthen the capacity of stakeholders to implement the AML/CFT/CPF requirements; (d) promoting regional and international cooperation on AML/CFT/CPF matters; (e) enhancing the investigation, prosecution, and adjudication of ML/TF/PF matters; (f) implementing targeted financial sanctions related to terrorist financing and financing of proliferation without delay; and (g) enhancing compliance with the FATF Standards. On a positive note, some items of the Policy items have already been completed, including strengthening of the AML/CFT legal framework to align with International Standards and enhancing national coordination and cooperation with the setting up of consultative forum/mechanism to facilitate communication between stakeholders (FIC, supervisors, private sector and reporting persons). 114. The cooperation and coordination mechanisms have seen major successful AML/CFT developments since the last assessment and the NRA: Rwanda has been enhancing its legal framework and amended the AML/CFT law on a few occasions in order to align with the FATF standards and enacted a completely revised AML/CFT law in 2023. The revision expanded the scope of preventive measures and introduced risk-based approach to supervision for FIs and DNFBPs. Rwanda has established the Rwanda Investigation Bureau (RIB) as the central authority for investigation of all predicate offences within the country. Rwanda has revised the FIC law and operationalized the FIC through enhancing the capacity through amendment to the FIC law by extending the mandate of the FIC to also coordinate on

36 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 AML/CFT matters. In addition, human and capital resources were provided for the FIC to carry out its new mandate as per the revised law. Rwanda brought risky sectors identified in the NRA into the AML/CFT framework, DPMS and real estate agents are now supervised by the RMB and FIC respectively under the new AML/CFT law 2023 Rwanda operationalized the Seized and Confiscated Assets Unit a dedicated asset management unit in the office of the NPPA to administer confiscation and management of proceeds of predicate offences. The Unit is in the process of strengthening capacity to enable effective confiscation and management of proceeds. Rwanda has established the Rwanda Development Board (RDB) which is the central authority for registering legal person and legal arrangements. Since the mandate of the RDB with regards to legal person and arrangements are new, the RDB lacks capacity to fulfil its mandate including obtaining and maintaining accurate and up to date BO information. Rwanda has established the Rwanda Governance Board (RGB) for registration of all NPOs within the country. All NGOs are required to be registered by the RGB and are now required to be under the supervisory purview of the RGB. 115. Overall, Rwanda has AML/CFT policy direction for addressing the ML/TF risks identified in the NRA. While these changes have led to some successes and have contributed to the efforts to strengthen the AML/CFT framework of Rwanda, some of their recent nature made it difficult to assess the extent to which their implementation has contributed to achieving the desired outcomes. Moreover, Rwanda is facing shortage of resources which have, to large extent, undermined the implementation of the AML/CFT policies. 116. Rwanda’s approach to combating TF is not proactive enough to address the TF risks. The National Policy and strategy adopted in 2023 pays little attention to TF. Further to the discussions held with the Authorities and the terrorism cases provided gives a clear indication that TF is not encapsulated in the operations of the LEAs with the exception of the NISS and FIC. The measures put in place in the strategy now includes the implementation of TFS measures and makes it difficult to assess its implementation due to its recentness. 2.2.3. Exemptions, enhanced and simplified measures 117. Rwanda AML/CFT law provides for the application of risk-based approach in which simplified and enhanced measures can be applied to low risk and high-risk situations based on the customers, products/services, delivery channels and jurisdictional risks. Rwanda AML/CFT legislation has covered all FIs and DNFBPs consistent with the activities subject to the FATF Standards. 118. The AML/CFT legislation as part of a risk-based approach to CDD application permits the application of simplified and enhanced measures based on risk-based outcome in relation to customers, products, transactions and delivery channels. This indicates that the current framework allows FIs and DNFBPs to apply simplified measures only in circumstances where they are able to demonstrate that an adequate risk assessment has been taken. In addition, the AML/CFT law requires FIs and DNFBPs to apply enhanced due diligence (EDD) requirements when dealing with high-risk customers and apply commensurate mitigating controls. The AML/CFT law sets out the business transactions which pose inherently higher risks (transactions carried out by PEPs, cross-

37 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 border wire transfers, etc.) where FIs and DNFBPs are required to apply EDD. The assessment team noted that as a matter of practice, the application of SDD and EDD measures are implemented differently by FIs and DNFBPs with the latter being less developed. Due to the recent enactment of the AML/CFT law, Rwanda has not issued any guidance on specific high and low risk scenarios to reporting institutions to promote a uniform application of the simplified and enhanced measures. At the time of the onsite visit, the financial supervisors had just started the application of risk-based approach to monitor compliance and apply proportionate enforcement actions to ensure compliance and there was low level of AML/CFT supervision in the DNFBP sector. 2.2.4. Objectives and activities of competent authorities 119. National policies have been developed to address key threat and vulnerabilities but these activities lack sufficiently targeted focus on combating ML and TF. Rwanda developed a strategic action plan based on the results of the NRA in May 2019 as the basis for competent authorities to develop and implement their own priorities and activities to combat ML and TF risks identified in the NRA at the level of various agencies and at national level. The NRA 2019 has Strategic Action Plan component which set out the priority areas for competent authorities to combat ML/TF. The Assessment team noted that the Action Plan 2023 were following from the 2019 Action Plan and the items were found to sustain the previous recommended actions. The initial 2019 Action Plan set out a four-year target for competent authorities to address the recommended actions, each competent authority was independently overseeing their own implementation since there were no coordinator. The 2023 Action Plan sets out clear strategic activities, expected outcome and timelines for the respective competent authority to address the action items and submit progress report to the FIC for onward submission to the NCC. Due to the recent nature of the 2023 Action Plan, the assessment team could not make a determination of the progress achieved, however, one of the action items were completed with the enactment of the new AML/CFT law at the time of the on-site visit. 120. The LEAs have identified some ML cases, but RIB and NPPA mainly focus on the predicate offences rather than ML (see IO.7). Rwanda has not demonstrated that its competent authorities have used a risk-based approach for allocation of resources to combat ML/TF by supervisors and LEAs. RIB was established in 2017 and has the mandate to investigate all criminal offences and has not demonstrated that its priorities, objectives and activities are informed by the ML/TF identified in the NRA. Based on discussion with RIB and the cases that was presented to the Assessment team, there were indications that it needs to build capacity in identifying both ML and TF cases since it is placing more emphasis on the investigation of predicate offences than identification and investigation of ML. The NPPA has a Strategic Plan for prosecutors on how to identify and prosecute predicate offences. This is aimed to fast-track handling of cases at the level of the NPPA. Based on the statistics and discussion with NPPA, it is noted that the main focus is on prosecuting the predicate offences rather than on ML. 121. The FIC has developed and implemented objectives and activities which prioritise analysis and dissemination of financial intelligence and other information related to predicate offences. In addition, majority of the financial intelligence are being used to pursue predicate offences, ML to some extent and to a limited extent TF. The FIC has been capacitated to some extent in line with the priorities of the FIC, though additional resources is required to fully capacitate the analysis function and to train LEAs on the use of financial intelligence emanating from the FIC.

38 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 122. At the time of the on-site, the supervisors were at the early stages of implementation of RBA to AML/CFT supervision. However, the implementation of which were affected by low resource allocation while there were minimal to no implementation of RBA to AML/CFT supervision in the DNFBPs sector. 123. RDB priorities was more geared towards facilitation of business while the RGB was setting the ground for a thematic review of its population. RDB does not prioritise BO transparency of legal persons and arrangements. This is attributed to the limited understanding of BO concept. The RDB is still to develop and implement the required infrastructure for accurate and up-to-date BO information registry. 124. The authorities’ objectives and activities are not focused on high ML risks posed by real estate, MVTS providers or by potential foreign proceeds passing through the IFC. Since the NRA 2019, there has been very little development by relevant authorities directed towards mitigating the risks associated with the real estate sector. The FIC has recently been appointed as the default AML/CFT supervisor for this sector and as at date there is no licensing/regulatory authority with little information on the actual number of real estate agents operating within this sector. The BNR has made efforts to look into the risks of cross border MVTS activity which has exponentially grown over the review period and has only introduced threshold reporting as a precautionary measure. The IFC enables investment promotion and connect entities with competent authorities and regulators and all supervisory authorities are required to carry out to undertake risk assessment, however, the regulators and supervisors are yet to have an understanding of the ML/TF risks within these activities/services. 2.2.5. National coordination and cooperation 125. Rwanda has successfully established national coordination and cooperation mechanisms especially at policy and operational level. The National Coordination Council (NCC), is the highest policy making body on AML/CFT/CPF matters. It consists of the Minister of Finance and Economic Development (who chairs the Committee), the Deputy Governor of BNR, the Chief Executive officer of RGB, the Executive Director of CMA, the Deputy Prosecutor General, the Director of the FIC, the Director of Immigration and Emigration, the Director of RIB, the Commissioner for Anti-Smuggling and Organised Crime of RNP, the Commissioner for Customs and the Registrar General of RDB. The secretariat to the NCC is under the FIC and the above institutions are also members of the National Technical Committee to the Coordination Council (NTCCC). The NTCCC is chaired by the Director General of the FIC or a designated representative, who can invite any other agencies to participate based on the expertise that is being required during the discussion. The members of the NTCCC are technicians appointed by the head of their own institutions. 126. Since its setting up the NCC’s primary objective was to have a clear strategy on implementing AML/CFT/CPF requirements and it has been successful to a large extent in the legislative reviews of the AML/CFT law, the Companies Act and Partnership Act and the approval of the latest National Policy and Strategy. The setback is the recent nature of the legislative frameworks and the AML/CFT policy developed, this has a direct impact on the implementation of those policies and strategies at institutional and national level. 127. Competent authorities have been successful to promote cooperation and collaboration with each other through MoUs at bilateral level and multi-agency levels. There are different

39 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 cooperation platforms/mechanisms for policy makers and operations involving LEAs, supervisors and key competent authorities (such as the FIC, RRA) to share information at the domestic level. The FIC found that this platform is an effective means of sharing information with other stakeholders while it is still implementing its goAML platform. There are also MOUs which are both bilateral and multilateral between competent authorities. 128. The FIC and the LEAs informed that they collaborate at the operational level through the Joint Task Force where they meet and discuss matters related to ML/TF or major issues, however, there were no information provided to demonstrate how it has effectively been used for specific cases pursued by the relevant competent authorities. The cooperation and coordination among RIB, NPPA, NISS and customs relating to financial intelligence disseminated was not clearly explained. There were often conflicting information/statistics related to the distribution of the reports by the NPPA and RIB, although all the relevant competent authorities informed that they have access to the Integrated Electronic Case Management System. The only cooperation that could be demonstrated relates to manning of the entry and exit points, at major airports and border controls where the RNP, DGIE & RRA collaborate to fight contraband and cross border transportation of currency. 129. Although, Rwanda has established the National Counter Terrorism Committee which is responsible to oversee the coordination and collaboration on TF and PF matters, there is little to no coordination and collaboration for TF purposes (see IO.9). The lack of coordination for TF purposes which includes TF investigations, prosecutions and prevention, is an issue that should be addressed by the main operational body that coordinates the handling of TF cases. 130. Rwanda has established the Supervisory authorities Forum and the Forum for AML/CFT Compliance/Reporting officers where the supervisory authorities share information and discuss issues that are of interest with the FIs as well. Although there is a mechanism to cooperate between the FIC and supervisors which acts mostly as a forum to debate issues that are of relevance, apart from the awareness on the findings of the NRA, there has not been much development in the issuance of sector specific guidance that would assist the private sector in implementing risk-based preventive measures. 131. Due to the recency of its establishment and the frequency of the meetings of the NCC (twice per calendar year), the monitoring mechanisms by the NCC to ensure that institutions responsible for various sectors are implementing their AML/CFT obligations are still at an early stage. Based on the minutes of the NCC, the priority was to develop a comprehensive National Policy that would address all the gaps identified in the NRA with the first item being the alignment of the AML/CFT legislative framework with the FATF international standards which was enacted in May 2023. 132. Rwanda has not demonstrated that it has operational structures which promote on a regular basis coordination and collaboration on PF and on intelligence gathering, investigation and prosecution of TF. The authorities informed that the relevant competent agencies work together when the need arises. 2.2.6. Private sector’s awareness of risks 133. Rwanda has successfully undertaken outreach activities after the publication of the NRA 2019 to the private sector in order to promote awareness of the ML/TF risks identified

40 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 in the NRA. Some of the activities came to a standstill due to COVID-19 pandemic, however, the FIC continued with the communication of the results of the NRA through virtual forums and ultimately published the report on its website for access by the public. FIs demonstrated a good level of awareness of the ML risks in Rwanda while some DNFBPs demonstrated an emerging awareness, the real sectors demonstrated poor level of awareness. BNR disseminated information on the findings of the NRA and conducted awareness programme to its licensed entities, the findings of the NRA were also discussed during the various forums that have been established. Rwanda has issued guidelines to promote risk awareness specifically to the real estate sector and preventive measures covering beneficial ownership. Although the results of the NRA were shared with FIs and DNFBPs, overall, there is a low level of awareness of TF risks and implementation of TFS. The Desk Review was completed and approved in May 2023 and was presented to the assessment team while on-site. The assessment team was not provided with the information that the results of the Desk Review has been disseminated to the private sector. Overall Conclusion on IO.1 134. Rwanda has taken steps to increase its understanding of ML/TF risks through its NRA 2019 and Desk Review of 2023. Based on the findings of the NRA, Rwanda has been able to develop the National AML/CFT Policy. The NRA identified tax evasion, embezzlement of public funds, illegal award of public fund tenders, embezzlement of cooperative funds and bank funds as the most proceeds generating predicate offences, however, it has failed to identity the channels for misuse since there were limitation in the assessment of the ML/TF threats. There is a low understanding of TF risk, with the exception of the NISS and the FIC. As a result, Rwanda National Policy does not properly focus on TF. To some extent, the priorities and activities of competent authorities are aligned to the risks identified, though allocation of resources is a challenge across the board for implementation. While Rwanda has a good policymaking coordination and collaboration mechanism for PF and TF through the NCC, there is little evidence that same exists at operational levels through the responsible agencies. Rwanda has been successful to raise awareness for the promotion of risk understanding by the private sector since there has been dissemination of the NRA and outreach on the findings of the NRA. 135. Rwanda is rated as having a Low level of effectiveness for IO.1.

41 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 3. LEGAL SYSTEM AND OPERATIONAL ISSUES 3.1. Key Findings and Recommended Actions Key Findings Immediate Outcome 6 a) The FIC has capacity to exercise its core functions on receipt and analysis of suspicious transaction reports, and dissemination of financial intelligence and other information to competent authorities to identify potential cases of ML, TF and associated predicate offences. b) RIB access and use financial intelligence and other information to develop evidence and trace proceeds of crime for ML and associated predicate offences, to some extent. However, competent authorities have not used financial intelligence effectively to identify TF. c) RIB does not routinely request for information from FIC to support its operational needs although it receives majority of financial intelligence reports and is the main investigative authority and holds information on all crimes in Rwanda. d) FIC has access to all Government databases. It also has access to some information online and through correspondence. The other sources of financial intelligence are STRs, mostly submitted by banks and remitters, with a limited number from DNFBPs some of which were identified as high risk for ML. The FIC does not access commercially held databases. e) The FIC has issued one strategic analysis report, which was used by both competent and reporting entities. This number is low considering the number of reports received by FIC namely STRs, CTRs, Cross Border Declaration Reports, Wire Transfers, which could have been used to come up with more strategic analysis reports. f) Rwandan authorities participate in various multi-agency groups to co-operate and exchange information and financial intelligence, including a public-private partnership with Customs, Police, and immigration. g) The FIC offices have adequate measures for physical, personnel and information security but has inadequate financial and human resources which hampers performance of its core functions- given that the FIC has an added mandate of AML/CFT supervision of some DNFBPs. Immediate outcome 7 a) The Rwanda Investigation Bureau (RIB) has identified potential cases of money laundering (ML), particularly focusing on embezzlement and corruption-related ML offenses in line with Rwanda's risk profile. Some cases undergo parallel financial investigations and utilize special investigation techniques. b) The number of prosecuted ML cases remains relatively low compared to prosecuted predicate cases during the same period. This is primarily attributed to capacity constraints within the National

42 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Public Prosecution Authority (NPPA) in terms of both resources and skills. c) Three types of ML—self-laundering, stand-alone, and third-party laundering—have been identified during investigations, resulting in convictions. However, recent trends show a shift towards prioritizing self-laundering and third-party laundering cases. Notably, authorities have not pursued foreign predicate offenses despite their high-risk nature. d) Limited investigation and prosecution of legal persons have resulted in no sanctions being applied against them. e) Rwanda has implemented an Integrated Electronic Case Management System to track ML/TF investigations and prosecutions, along with associated predicate offenses. However, inconsistencies in statistics provided by RIB and NPPA reflect ineffective utilization of the Case Management System. Immediate Outcome 8 a) Rwanda, to a limited extent, pursues confiscation of proceeds, instrumentalities and property of corresponding value as a policy objective. b) Although provisional confiscation measures are fairly used by the authorities, lack of SOPs for the NPPA and the under resourced Seized and Confiscated Assets Unit undermines the effort resulting in failure to preserve value of seized assets and failure to regularly confiscate proceeds upon securing conviction. c) To a limited extent, Rwanda pursues confiscation of proceeds and instrumentalities of domestic predicate offence but has not confiscated property of corresponding value. d) Rwanda does not prioritise locating and recovery of proceeds moved to other countries. e) Confiscation is not being used as an effective, proportionate and dissuasive sanction in falsely and non-declared or disclosed cross border currencies and bearer negotiable instruments. Recommended Actions Immediate Outcome 6 a) FIC and supervisory authorities should conduct outreach and training activities to target non-banking financial institutions and DNFBPs which have been underreporting STRs. The activities should start with high-risk sectors, focussing on detection of suspicious transactions and on improving STRs quality. b) RIB should access and make use of the financial intelligence held by the FIC to support its operational needs for identifying and developing evidence of ML and tracing proceeds of crime. c) The FIC should enhance its information-sharing activities with competent authorities and reporting entities by conducting more Strategic Analyses whose outcome will raise awareness of possible techniques and methods that criminals use in laundering proceeds of crime, and inform operational and policy direction. d) FIC should speed up the process of fully implementing the Go-AML system to improve the receipt, analysis and dissemination process. The key staff should be trained so that they are able to use the system effectively.

43 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 e) The FIC should speed up process of joining Egmont Group so that it has access to a wide range of information from foreign counterparts. Immediate Outcome 7 Rwanda should: a) Ensure LEAs prioritise identification, investigation and prosecution of all types of ML cases in particular stand-alone, and foreign predicate offences since Rwanda is developing a financial centre with global reach increasing potential exposure to foreign proceeds. b) Strengthen the capacity of RIB and NPPA by allocating additional resources, particularly in terms of human resources, to enhance efficiency and effectiveness to ensure it produces positive outcomes on ML cases. This also includes providing a specialized training to investigators on advanced financial investigation techniques and turning intelligence into evidence. c) The RIB should strengthen coordination and cooperation with relevant stakeholders, including the National Public Prosecution Authority (NPPA) and other relevant agencies, to improve the effectiveness of its investigations. d) Implement measures to improve the investigation and prosecution of legal persons involved in money laundering. This includes providing training to investigators and prosecutors on the identification, investigation and prosecution of money laundering offenses committed by legal entities. e) Address inconsistencies in data reporting by RIB and NPPA through regular audits and quality assurance measures to ensure accurate and reliable statistics. It should also provide training to relevant personnel on the effective use of the Integrated Electronic Case Management System to track money laundering investigations, prosecutions, and associated predicate offenses. f) Provide training to judges on handling complex ML cases and develop sentencing guidelines, which will assist magistrate and judges to guide and refer when determining appropriate sentences in accordance with the law. g) Ensure NPPA fully implements its role of controlling and supervising criminal investigations in Rwanda by developing Standard Operating Procedures to guide investigators and prosecutors on how to investigate and prosecute ML cases. Immediate Outcome 8 a) The NPPA should develop and implement Standard Operating Procedures (SOPs) to ensure consistency in seeking confiscation upon securing conviction. RIB should expand their SOPs to include guidance on locating and recovering proceeds moved to other jurisdictions. b) The authorities should strengthen asset management systems to facilitate tracking the confiscation process by carrying out the inventory of all seized, frozen and confiscated assets and conducting timely auctions thereof. c) Authorities should expand human resource for the Seized and Confiscated Assets Unit and develop asset management system to enable preservation of value of seized property and timely auction of confiscated property. d) Rwanda should pursue recovery of property of equivalent value, where direct recovery

44 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 of tainted property is not possible or realisable. e) Rwanda should apply confiscation as an effective, proportionate and dissuasive sanction in falsely and non-declared or disclosed cross border currency and BNI. 136. The relevant Immediate Outcomes considered and assessed in this chapter are IO.6-8. The Recommendations relevant for the assessment of effectiveness under this section are R.1, R. 3, R.4 and R.29-32. 3.2. Immediate Outcome 6 (Financial Intelligence ML/TF) Background 137. Rwanda established an administrative-type Financial Intelligence Unit (FIU), known as Financial Intelligence Centre (FIC) in February 2020. Prior to this, Rwanda had established the Financial Investigation Unit which was under the Ministry of Internal Security. Although it was intended to perform the functions of an FIU, it was not adequately resourced and not much was done in term of core functions of an FIU. During that time, reporting entities were filing STRs to the Police and the National Bank of Rwanda, which created confusion amongst the reporting institutions. After the establishment of FIC, the country appointed top management, namely Director and Heads of Departments, who, in turn, recruited additional staff for the Departments. The official handover between the Unit and the Centre took place on 26th March 2021. The authorities explained that all outstanding STRs were transferred to the FIC, however, the actual number of STRs were not provided to the Assessment Team. Furthermore, the authorities explained that the STRs which were handed over to FIC were used for reference only. Therefore, assessment of the core issues concentrated from March 2021 until the end of the onsite date, which is less than the normal 5 years. It is noteworthy that all FIC disseminations are sent to RIB, which is the only Competent Authority given powers to investigate financial crimes including ML/TF/PF. In some cases, FIC submits copies of the disseminations to other agencies such as RGB for information. The FIC has capacity to exercise its core functions on receipt and analysis of transaction reports, and dissemination of financial intelligence and other information to competent authorities to identify potential cases of ML, TF and associated predicate offences. There are financial intelligence reports which have been sent to RIB for investigation, as shown in table 3.3. 138. The FIC is yet to apply to become a member of Egmont Group of FIUs, although it has identified sponsors to assist them in the application process. 3.2.1. Use of financial intelligence and other information 139. Competent authorities in Rwanda (RIB, RRA, FIC) access and use financial intelligence to identify potential cases of ML, TF and associated predicate offences and the identification of criminal assets to some extent. LEAs, mainly RIB make use of spontaneous disclosures from FIC and other sources to initiate new cases or support existing investigations of ML, various predicate offenses to some extent and TF to a negligible extent. Access and Use of Financial Intelligence by the FIC 140. The FIC receives suspicious transaction reports (STRs) from reporting entities which it uses to produce financial intelligence for dissemination to other competent authorities. At the time of onsite, the FIC had just started receiving reports on wire transfers. In addition, the FIC also receives reports of cash transactions exceeding USD 10,000 or its equivalent in any other

45 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 currency on a daily basis, and cross-border currency declaration reports in excess of USD 10,000 or its equivalent. The FIC shared a sample of a case that demonstrates how it used the financial intelligence contained in a cross-border currency declaration report. Since this is the only case shared, it was not deemed sufficient for the assessment team to conclude that the FIC makes effective use of financial intelligence contained in these reports. 141. STRs are the main source of financial intelligence, majority of which come from the banking sector. However, some of the DNFBP sectors which were identified in the NRA as highly vulnerable to ML such as the real estate sector have not yet started implementing the requirement to submit STRs. In addition, the FIC has not requested any information from these sectors. While the number of obliged reports the FIC can rely on to draw financial intelligence are numerous, the fact that very few reports are received from some high-risk sectors within the DNFBPs means some useful intelligence is being missed out in the value chain. 142. In order to enrich the financial intelligence, the FIC has also access to both administrative and law enforcement information either directly (online access) or through requests submitted using an email or a letter as shown by Table 3.1. The turnaround time for these requests is on average 72 hours. In addition to this, the FIC also uses open source to harvest various types of information. Table 3.1: FIC’s Access to External Domestic Databases Source/ Institution Type of Information Mode of Access National Land Authority Properties Registered Request via email Rwanda Revenue Authority Tax Information and Vehicles Request via a letter IECMS Court Judgements Online access Office of Ombudsman Assets Declaration Request via a letter Interpol Criminal records Online access Immigration Travel Records Request via a letter Rwanda Development Board Basic and BO information Request via a Focal person Rwanda Investigation Bureau Criminal records Online Access Open Source Various Online access Case Box 1: Summary of the Case on Declaration of Bearer Negotiable Instrument Connected to an STR On 10 June 2022, a cheque of USD 310,000 was declared at Kigali International Airport. It was sent through courier by a Rwandan residing in Canada. Afterwards, the filled declaration was sent to FIC. FIC carried out searches in its data against the parties involved and it was noticed that the beneficiary of the cheque was involved in suspicious transactions. Therefore, FIC through intelligence gathering exercise against the beneficiary, consequently, noticed the reasonable ground that beneficiary of the cheque was operating illegal forex bureau and evading taxes. The case was disseminated to Rwanda Investigation Bureau (RIB) and investigations were under way as at the end of the onsite.

46 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 143. Information shared with the Assessment Team shows that the FIC routinely make use of financial information held by the main investigative body, RIB through Integrated Electronic Case Management system (IECMS) and Interpol database, which would justify the number of requests sent to RIB as contained in Table 3.2. Hence, the AT concluded that FIC makes use of financial information from RIB to a large extent. 144. On other Competent Authorities namely Directorate General of immigration and Emigration, Rwanda Development Board, Rwanda Revenue Authority, Office of Ombudsman, National Land Registry, National Bank of Rwanda, the FIC also access their information as seen from table 3.2 to strengthen disseminated intelligence reports. Table 3.2: Number of Request sent by FIC to Domestic Competent Authorities Institutions Number of requests sent Number of Requests responded to Number of Request not Responded to Directorate General of Immigration and Emigration 23 23 0 Rwanda Development Board (RDB) 70 70 0 Rwanda Revenue Authority 14 14 0 Office of Ombudsman 2 2 0 National Land Authority 20 20 0 National Bank of Rwanda 6 6 0 Rwanda Investigation Bureau (RIB) 1 1 0 145. FIC also uses information obtained either on request or spontaneously from foreign counterparts to support its financial intelligence work. Between 2020 and July 2023, the FIC made 20 requests for information to foreign FIUs and 14 of those requests were responded to representing 70 percent in responses, which is majority. 146. The FIC further send requests to reporting persons namely Banks, MVTS and Insurance Companies to enhance its analysis. From the year 2021 to June 2023, FIC sent out 1378 requests and 1374 requests were responded to within 48 hours. Urgent requests take less. 147. Although FIC accessed all the above information, at the time of the onsite, they had not started accessing commercially held data sources. 148. After analysis of the reports and information received, the FIC develops financial intelligence packages and disseminates these reports to competent authorities. Majority of the reports were submitted to RIB and some of them were also jointly submitted to NISS (2), BNR (1) and RGB (1) for further consideration as shown on table 3.3. The reports provide an indication of suspected predicate offences. The total number of disseminations for the period 2020-2023 amounted to 40 of which 11 were for suspected tax evasion, 10 suspected fraud, 7 suspected embezzlement and 5 on suspected corruption, which is mostly in line with Rwanda NRA. A summary is provided in Table 3.3: Table 3.3 below: Number of FIC Disseminations to Domestic Competent Authorities 2021 2022 June 2023 RIB 7 26 7 NISS 1 1 BNR 1 RGB 1

47 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 149. The FIC provided statistics demonstrating how financial intelligence generated based on STRs and other reports complemented by additional information from obliged entities or information from international co-operation was used by LEAs and investigative authorities (see Table 3.4 and IO.7). In addition, based on the financial intelligence received, the FIC froze EUR 28,391 and USD 313,425.59 in 2021. Considering that the statistics provided cover 2 and half years, the Assessors concluded that the FIC uses the financial intelligence to identify potential ML cases and trace criminal proceeds to some extent. On the other hand, the Assessors do not think that this is the case with identification of potential TF. Table 3.4: Status of Cases arising from FIU Disseminations (Dec 2020 – May 2023 Disseminated/Feedback Number of Cases Cases Pending in RIB 26 Cases in Prosecution 5 Cases Closed 9 Access and use of financial Intelligence by Other Competent Authorities 150. Competent authorities in Rwanda (RIB, REMA, RRA, NISS, Ombudsman and RNP) access and use financial intelligence to help investigate predicate crimes, ML to some extent. However, there was limited use of the financial intelligence in the identification of criminal assets and investigation of TF. 151. In Rwanda, RIB is the only investigative body empowered to investigate all types of crimes including ML and TF. Hence, majority of financial disclosures from the FIC were sent to RIB. In view of this, the analysis of this Core Issue places significant weight on what RIB had done with financial intelligence over the period under review. 152. As explained above, RIB accesses financial intelligence reports and other financial information from FIC. In the period under review RIB received 40 intelligence reports from the FIC. In addition, RIB accesses information from Office of Ombudsman, Rwanda Revenue Authority (RRA), Rwanda National Police (RNP) and National Intelligence Security Service (NISS). Since 2020, RIB has accessed 482 reports from RNP, 60 reports from RRA, 56 reports from Ombudsman and 16 from REMA. The information obtained was used to gather evidence which led to case files which were submitted to NPPA for prosecution and current ongoing investigations (see Table 3.4 above). In addition, the information accessed from Rwanda Revenue Authority led to freezing of assets worth RWF 270,291,513 (USD 232 180.41) and RWF 234,202,466 (USD 201 179.92) in 2021 and 2022 respectively. No assets were under caveat in 2023, which shows use of information received from RRA by RIB to a certain extent. Furthermore, none of the provided financial intelligence led to identification of potential TF offences (See Table 3.5). For further information see IO7 and IO9. Table 3.5: Number of Reports received by RIB from other competent Authorities Period REMA RRA NISS Ombudsman RNP 2020 177 2021 20 (Assets/funds worth RWF 270,291,513 (USD 225, 728) were confiscated) 142 2022 22 (Assets/funds worth RWF 234,202,466 (USD 195,589) were confiscated) 103

48 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 2023 16 cases from 2021 18 (no assets under caveat) No cases sent 56 cases sent to RIB from 2020 60 153. Overall, the FIC and RIB regularly access and use financial intelligence and other information to develop evidence and trace proceeds of crime for ML and associated predicate offences to some extent. Apart from these agencies, Rwanda has not provided information on use of financial intelligence by other competent authorities. It was observed from the interactions with authorities in Rwanda that TF is another area that has not benefitted from the use of financial intelligence. 3.2.2. STRs received and requested by competent authorities 154. The FIC is the central authority for the receipt of STRs and CTRs from reporting entities and Cross￾Border Declarations from RRA. STRs are reported to the FIC through an encrypted email, accessed by the Director and Head of Analysis. Banks, insurance, MVTS providers and some DNFBPs uses this platform, while a good number of the DNFBPs are yet to use it. The FIC has purchased Go-AML, although it is not yet operational. The Go-AML system is likely to optimise submission of reports. 155. In the past two years, namely 2021/22 and 2022/23, the FIC received 789 STRs, of which 84 percent came from banks, distantly followed Money Value Transfers Services (MVTS) providers, whose reports accounted for 15 percent of total reports received over the period. The number of STRs have dropped by 28% between 2022 and 2023 and this was as a result of significant drop in STRs filed by banks. FIC indicated that most STRs reported were tax evasion, fraud, embezzlement, corruption and wild life crimes. On the quality and relevancy of information, FIC stated that it varied across the reporting institutions, generally with banks filing better reports (50% of STRs filed by banks are of good quality) than the other reporting institutions. In cases where the FIC noted lack of pertinent information in the STRs, it contacted the concerned institution to provide the missing information and this on average takes 2 days. Considering that most of the reporting institutions, including DNFBPs, have not submitted STRs, the assessment of quality and relevancy of information provided in the STRs is very limited. It is not possible to determine the average quality of STRs for all reporting institutions (see Table 5.1 in IO.4). 156. In general, the FIC gives feedback to FIs and DNFBPs on general STRs where the usefulness of actionable intelligence was shared by competent authorities. Together with the trainings, the FIC indicated that this feedback has resulted in improvements to the quality of STRs, which includes the description of the grounds for the reports. 157. In addition to STRs, the FIC receives other mandatory reports, namely, Cash transaction Reports (CTRs), Wire Transfers, Cross Border Currency and BNI Reports (CBCRs). These reports serve as a reservoir of transactional information for analysts to use for enriching the quality of financial intelligence reports produced, in addition, the FIC has used the CTRs to come up with a typology report (which is in essence a strategic analysis reports). On the other hand, CTRs have not been analysed independent of STRs, as potential sources of suspicious transactions or for detection of tax evasion. Table 3.6: Threshold Reports and Wire Transfer reports Reports Period Number Cash Threshold Reports 2021-2022 95369 2022-2023 93,777 Wire Transfer Declaration May-June 2023 127, 887

49 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 158. In the period under review, the FIC received declarations/disclosures for incoming and outgoing cross-border transportation of currency and BNIs (see R.32). Table 3.7 shows the number of declarations between 2017 and June 2023. In 2023, Rwanda introduced requirements for both declaration and disclosure of cross border currency. Except for 7 disclosures in 2023, all the reports, including 406 in 2023, were received from Kigali International Airport and 6 (in 2023) emanated from 4 other border points following an MOU between the FIC and RRA signed in 2023. However, the authorities have not provided any statistics on violations. Except the case study in Case Box 6, it does not appear that the FIC carried out additional analysis on the rest of cross-border currency reports based on other available databases, or requests from other competent authorities, incoming and outgoing requests to/from foreign counterparts, although during face to face the authorities indicated that the declarations were of good quality. Table 3.7: Number of Disclosures/ Declarations: 2017-2023 Period 2017/18 2018/19 2019/20 2020/21 2021/22 2022/23 Declarations 198 209 196 501 722 407 Disclosure 7 3.2.3. Operational needs supported by FIU analysis and dissemination 159. The FIC’s analysis and disseminations supported the operational needs of competent authorities to some extent. The FIC made proactive disclosures arising from its analysis and also provided information to LEAs in response to their requests. Resources and Technical Skills 160. The FIC has 9 officers in the Analysis Department, including the Head of Department, one IT person dedicated to the department and one officer dedicated to Strategic Analysis which currently supports its mandate adequately., However, in the absence of analytical tools should the number of STRs increases, the FIC may not be able to handle its workload effectively. 161. The FIC staff in the Analysis Department has attended various training programmes conducted within and outside the country. The training programmes included operational analysis, strategic analysis, trade-based money laundering, ML and Virtual Assets, financial investigations, understanding transnational organised crime, best mechanisms & practices of quality financial intelligence, enhancing the capacity of FIUs, etc. The Assessment Team believes that these training programmes assisted the Analysts in their work as well as meeting the operational needs of competent authorities. It was also noted that during the period under review, the FIC provided training on AML/CFT matters to other competent authorities and the reporting entities. Operational Analysis 162. The FIC currently receives STRs through encrypted emails and conducts operational analysis, which is done manually, as there was no analysis tool during the onsite. Authorities did indicate though that they were in the process of operationalising Go-AML which would facilitate the STR receipt process and also dissemination process of financial intelligence reports. This will also assist in reducing the amount of time taken on analysis. Currently, when conducting analysis, first there is a brain￾storming session done on a weekly basis, where Analysts present their initial thoughts on allocated STRs and a decision is made on which STR to analyse. At this stage, there is no risk ranking of STRs. However, the STRs are categorised in terms of low, medium and high priority, the categorisation may

50 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 change depending on the nature of additional information the FIC has received from reporting entities or other competent authorities. 163. During the period under review, the FIC disseminated its intelligence mostly to RIB, using encrypted emails to a dedicated officer. The disseminated intelligence reports were on suspected ML, tax evasion, embezzlement, bribery, fraud and forgery, which is mostly consistent with the NRA findings on the highest proceeds generating predicate offences. However, there were no disseminations on TF. 164. The FIC made proactive disclosures to LEAs based on their own analysis of reports from reporting entities and other sources namely CTRs, Cross Border Declaration Reports and Wire Transfers. During the period under review, the FIC intelligence was used by LEAs to identify 40 cases for investigations - 26 cases are still under investigations, 6 were sent for prosecution, while 9 were closed due to lack of criminality by Rwanda Investigating Bureau. Table 3.8: Outcome of Financial Disclosures of FIC- 2021-2023 Years No of Financial Intelligence Reports Cases Under RIB Investigation Closed By RIB 2021 7 2 2 2022 26 17 7 2023 7 7 0 Total 40 26 9 165. The FIC received written feedback twice from RIB concerning the progress on the 40 reports sent by FIC, in the period under review. The Authorities informed the Assessment team that in addition to that, they meet quarterly, but during these meetings and on written feedback, the quality of reports is not discussed which is an issue of concern to the assessment team. It might reduce the opportunities for FIC to learn on the usage and quality of financial intelligence disseminated. 166. The FIC received requests for information from domestic LEAs to support investigations and had been able to respond to all the requests and exchanged information with these agencies. 167. However, the number of requests to the FIC from the Competent Authorities is not impressive, especially RIB, where four request were sent to FIC in the period under review. Other Competent Authorities sent requests to the FIC which were responded to all by providing the required information by the LEAs. Table 3.9: Number of Requests made by Competent Authorities to FIC Requesting Institutions Number of requests received Number of requests responded Number of requests not yet responded Rwanda National Police 12 12 0 National Public Prosecution Authority (NPPA) 2 2 0 Office of Ombudsman 2 2 0 Rwanda Investigation Bureau (RIB) 4 4 0

51 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Strategic Analysis 168. The FIC carried out one study during the period under review which involved analysis of cash transaction reports (CTRs) and Suspicious Transaction Reports (STRs) received from July 2021 up to June 2022, which was distributed to over 26 Competent Authorities and Reporting Entities. The objective of the study was to understand the trends in the use of personal accounts either by making cash deposits or cash withdrawals of amounts equal to or exceeding RWF 50,000,000 (USD 42,453) and its equivalence in foreign currency. The findings revealed that several transactions were frequently conducted on personal accounts for business purposes and in other cases, children’s accounts were used for business purposes. The report recommended actions to be taken to curb the increased use of personal accounts for business-related transactions. This would in effect close the loopholes for money laundering, terrorism financing and most importantly tax evasion and to raise awareness on possible techniques and methods criminals may use in laundering illegally obtained funds, wealth, and assets. 169. During the Onsite visit, the authorities indicated that as a result of the report Competent Authorities have come up with policies with regards to introduction of cashless economy, infra￾structure upgrade where Rwanda Integrated Payment and Processing Systems (RIPPS) was upgraded to work 24/7 and also accommodating other financial institutions like microfinance institutions, launch of wide network instant transaction: second phase of E-KASH on 29 September 2023, the Rwanda National Digital Payment System (RNDPS). eKash is a secure, seamless, and lightning-fast method that makes sending and receiving money between Mobile Network Operators (MNOs), Banks, Microfinance Institutions (MFIs) etc. 170. Overall, FIC’s analysis and disseminations supported RIB. Authorities met during on-site confirmed the strong co-operation ties with the FIC and its ability to disseminate reports of good quality, However, RIB and other competent authorities did not routinely seek financial and other information from the FIC to support their operational needs. 3.2.4. Cooperation and exchange of information/financial intelligence 171. The FIC and the LEAs cooperate and exchange financial intelligence and other relevant information effectively to identify investigative leads, develop evidence in support of investigations, and trace criminal proceeds related to ML/TF and associated predicate offenses. The FIC collaborates with other competent authorities in terms of meetings and joint task force. They meet on ad-hoc basis with RIB, but they are also part of the Border Management committee, where an MOU was signed in 2022 to that effect, where undeclared cash is reported to them to verify in their databases if cash is from clean or unclean sources. The assessment team also noted the level of cooperation as reflected in the NRA process as well as during the on-site visit. 172. The FIC has secured premises including security of information, as there are levels of access to information. Access to the server room is restricted and biometric fingerprint machine is installed on the doors, which reports to head of IT whenever someone access the server room and also there are cameras around. Access to the analysis department is restricted. 173. Cooperation between FIC and LEAs along with the secure exchange of financial intelligence is effective. Operational intelligence is shared securely between the FIC and LEAs through the encrypted email application and where necessary, physical delivery of the reports

52 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 via a dedicated resource. All information is approved by the Director General, before dissemination and dedicated resources utilize a secure mechanism to disseminate information to competent authorities upon request and spontaneously. 174. Exchange of information with other FIUs upon request and spontaneously is through the same mechanism of encrypted emails. Overall Conclusion on IO.6 175. Rwanda has an operational FIC which is able to produce financial intelligence of good quality. To some extent, the FIC and RIB regularly access and use financial intelligence and other information to develop evidence and trace proceeds of crime for ML and associated predicate offences. The FIC’s analysis and disseminations supported RIB which was able to carry out successful ML investigations. However, RIB, which is the main recipient of financial intelligence reports from FIC, did not routinely seek financial and other information from the FIC to support its operational needs. The FIC did not benefit from financial intelligence held by DNFBPs since they filed a limited to negligible number of STRs. There is room for improvement in the FIC’s use of cross border currency declarations, CTRs and wire transfers in order to widen the source of financial intelligence and also produce more strategic analysis reports which limits impact of feedback on reporting institutions. On the other hand, Rwanda has established effective coordination and cooperation mechanisms which facilitate exchange of information at a bilateral level and in inter-agency forums.

176. Rwanda is rated as having a Moderate Level of effectiveness for IO.6. 3.3. Immediate Outcome 7 (ML investigation and prosecution) Background
177. Rwanda enacted the new AML/CFT Law (No.028 of 2023) in May 2023, mainly to provide a comprehensive legal and institutional framework for the investigation and prosecution of money laundering, terrorist financing and financing of proliferation of weapons of mass destruction.
178. RIB is capacitated to investigate ML and has a dedicated Unit, namely the Anti-Financial Crime Division (Division), allocated with thirty-eight (38) personnel, of which nine (9) officers are dedicated to handling ML cases. A total number of 146 investigators within RIB have received training (domestic and international) on money laundering, economic and financial crimes, asset identification, tracing, recovery, and document examination, among others. These trainings have assisted in enhancing the officers’ skills and capacity to identify and investigate ML offences. Furthermore, RIB conducts parallel financial investigations in all investigations of predicate offences.
179. The RIB and NPPA (Office of the Prosecutor General) are the lead agencies responsible for investigating ML and predicate offences. Additionally, the NPPA has the overall mandate, amongst others, to institute ML criminal proceedings against offenders.

53 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 3.3.1. ML identification and investigation 180. Rwanda identifies and investigates ML cases to some extent through the investigation of predicate offence. Additionally, LEAs identify ML offences through different sources, including reports from FIC, referrals from other government institutions, company registries, informants, media, in person complaints, whistleblowers, and suggestion boxes, amongst others. 181. During the period under review, LEAs identified two hundred and fifty-two (252) ML cases originating from the investigation of one thousand, eight hundred and forty-six (1,846) cases of predicate offences which also includes dissemination from the FIC. Moreover, they conducted parallel financial investigations and apply special investigative techniques such as undercover operations (14), surveillance, controlled delivery (1), and communication (4) interception to identify persons involved in major proceeds generating offences (refer to Table 3.10). 182. As highlighted above, the authorities managed to identify a total of 252 ML cases resulting from high major proceeds generating offences. Out of these, 74 ML cases were identified from corruption/bribery cases; 66 ML from the embezzlement of public funds cases; 9 ML cases from embezzlement of bank funds, 18 ML cases from embezzlement of cooperative funds and 68 ML cases from tax evasion and 17 from Narcotic drugs cases. Therefore, LEAs to some extent demonstrated their capacity to identify ML activities emerging from major proceeds generating predicate offences in Rwanda as illustrated under Table 3.10. 183. Out of the 1,846 cases of predicate offences, Rwanda only identified 252 ML cases. In practice, ML cases are investigated alongside predicate offences. However, when ML cannot be established due to the nature and circumstances of the case as mentioned in Paragraph above, authorities stop pursuing the ML investigation and instead pursue the predicate or illicit enrichment offences depending on the period of interest by RIB and whether the asset was acquired before or after the commission of an offence. This approach is implemented during the investigation of ML cases through the deployment of parallel financial investigations, whereby the Anti-Financial Crime Division within RIB responsible for ML investigations gathers evidence. The elimination of a case is done through different levels. It commences with the financial investigators who carry out the ML inquiry and initial investigation at the first level, it is then referred to the ML specialists for further scrutiny (the unit has 4 specialists) of the evidences gathered, after which it is further referred to the third level, where the Director in charge of ML investigations, approves the closing of the ML investigation. However, if it meets the investigation threshold or qualifies to be referred to NPPA as a ML case then it would be referred for further review. If the case does not qualify as an ML case, then a decision is made on whether to pursue predicate offences connected to the case. In some cases, the authorities were also able to distinguish between legitimate assets and those derived from proceeds of crime. A case was provided where the authorities had suspected someone of owning movable property believed to be tainted at the time that ML was suspected only to realise through further investigation that the person had acquired the property through a bank loan, leading to the investigation being terminated. The number of predicate offences exceeded the number of ML cases identified in some of the instances due to a number of reasons, including some of the predicate offences not having

54 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 generated any substantial proceeds which could be laundered, people being caught in the act in some of the cases, like in bribery cases and in some of the cases, the proceeds could not be traced despite the substantial efforts made.

55 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Table 3.10: Number of ML and predicate offences identified, investigated and prosecuted

56 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024

57 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 184. Moreover, RIB was able to investigate 51 ML cases arising from 252 different predicate offences generating high proceeds identified under para 180 above. Out of these, 5 ML cases were investigated for corruption/bribery cases; 26 ML cases from the embezzlement of public funds; 4 ML from Embezzlement of Bank funds, 7 ML case from Embezzlement of cooperative funds, 7 ML from the tax evasion cases and 2 from Narcotic Drugs. 185. Although the Division has 38 financial investigators, only 9 are dedicated to handling ML cases. There is a need for the Division to be capacitated with more staff to handle ML cases. Given the number of ML cases identified, the number of resources allocated is not proportionate with the number of cases investigated, in particular only 4 specialists review ML cases being investigated. The performance of this Division can be further strengthened by allocating more resources which would mean more time to produce good quality cases to take for prosecution. Intelligence information shared by other LEAs 186. LEAs, such as RNP, Office of Ombudsman, RRA, and FIC, are also responsible for identifying ML activities and once ML is detected, they submit the same to RIB to pursue a ML investigation. These agencies play a complimentary role in identifying and investigating ML cases. As a result, a number of ML investigations have been effectively commenced due to identifications emanating from these agencies. 187. During the period under review, the FIC submitted 40 financial intelligence reports to RIB. RIB found the reports to be of good quality and to have actionable intelligence that led to further inquiries and subsequent investigations. Of these investigations, 17 were closed for lack of ML evidence, whereas 8 ML cases had been referred to NPPA for prosecution and 15 cases were under investigation at the time of the on-site visit. The mere fact that all the disseminations which had been received had resulted in investigations served to show that on average they were good quality reports. 188. Money-laundering cases have also been identified based on information submitted to the RIB by the Office of Ombudsman. As a result, 18 ML cases were identified and investigated by RIB during the period under review. Among these cases, 13 originated from predicate offenses of bribery cases and embezzlement generating high proceeds. 189. The Rwanda Revenue Authority (RRA) has power as judicial police to investigate Taxation offences and refer ML cases to RIB for investigation. Between the year 2021 to 2023, the RRA referred sixty-two (62) cases to RIB and forty-three (43) of these cases involved tax evasions, 12 related to uncustomed goods, 5 on use of forged documents and 1 on corruption. RIB was able to identify and investigate 7 ML offences originating from tax evasion, which involved companies alleged to have submitted fictitious invoices to claim tax refunds and evade taxes.

58 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Intelligence information shared by other LEAs 190. The NPPA is mandated to identify and initiate investigation of all offences, including ML. During the period under review, of the cases referred to it particularly by RIB, it was able to identify 13 cases of potential ML which it initiated investigations on. To some extent this serves to confirm that the NPPA, when reviewing cases referred to it, prioritizes identification of ML. 3.3.2 Consistency of ML investigations and prosecutions with threats and risk profile, and national AML policies 191. Investigation of ML activity in Rwanda is to some extent consistent with the risk profile of the country. ML investigations are being prioritized in line with the identified high risk predicate offences, whereby the other elements of value and size of the assets involved are also considered. Based on the findings of the NRA, Rwanda developed a National AML/CFT Policy in 2023. Prior to the development of the National AML/CFT Policy, LEAs, based on the NRA 2019, developed their own internal Action Plans/Strategies to combat economic crimes, including ML. Further, Rwanda also developed a Criminal Justice Policy in 2020, which is mainly to guide policies and practices of institutions in the criminal justice chain from the crime detection, prevention, investigation, prosecution, court proceedings, and sentencing, among others. These policies have assisted law enforcement agencies in focusing their ML activities on detection, investigation and prosecution. As a result, the Authorities were able to demonstrate the number of ML cases pursued as reflected in table 3.10 above. 192. Additionally, since the approval of the national policy in March 2023, the authorities have successfully implemented numerous activities outlined under strategic objective 5. These activities include, but not limited to, the training of 219 LEAs officers on economic and financial crimes, encompassing ML, asset recovery, and international cooperation. They have also developed an Advanced Criminal Investigation Course for investigators in managerial positions, incorporating modules on ML, asset tracing, and international cooperation. 193. Furthermore, RIB Strategic Plan has undergone revision to include prioritization of ML investigations. A Memorandum of Understanding (MoU) has been signed between LEAs for joint investigations, and LEAs have enhanced their operations by conducting regular meetings with prosecutors to strengthen joint investigations, with a specific focus on ML. 194. ML investigations in Rwanda are mainly conducted by RIB as the leading agency, but they are complemented by NPPA, whose mandate for investigating criminal cases emanates from the Constitution. In practice, NPPA executes this mandate only when investigation files submitted by RIB require additional evidence or further investigation for ML offences. Additionally, if there is any case that RIB cannot pursue for any reason, NPPA can take up the matter and investigate it. 195. ML cases investigated by RIB and the NPPA, and later prosecuted by the NPPA are related to the predicate offences of corruption/bribery, embezzlement of public funds, embezzlement of bank funds, embezzlement of cooperative funds, tax evasion (see Table 3.10 above) which have been identified as the major proceeds-generating crimes. 196. The NPPA enhanced its capacity to prosecute ML by setting up an Economic and Financial Crimes Unit. The Unit is decentralized to all provinces in the country. In total, Rwanda has 24 prosecutors who handle ML prosecutions in the country. 12 are stationed at the Head Office and

59 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 the other 12 are placed in the country’s provinces. Each province has one prosecutor dedicated to ML prosecution, in addition to the prosecution of other cases as part of their normal duties. In practice, when the NPPA receive ML case from RIB, the Head of the Unit assesses the file and assigns it to an experienced prosecutor for review of the evidence. At times, less experienced prosecutors are called upon to work alongside experienced ones to gain knowledge, and some are relocated from the Head Office to the provinces to provide assistance. 197. Once the file is assigned, the prosecutor independently works on it, after which the Unit convenes as a team to discuss, analyse, and evaluate the evidence to determine whether it qualifies the cases as a ML case or not. Such discussions occur for all cases. If the evidence meets the criteria for ML charges, the team formulates ML charges based on the collected evidence and recommends them to the Head of the Unit for final assessment and decision assisted by the team’s recommendations. Consequently, NPPA filed 22 ML cases in court (still awaiting trial) with 4 others still under review at the NPPA (See Table 3.10 above). 198. However, for cases lacking sufficient evidence to qualify for ML charges, NPPA opts to pursue the predicate offences. This approach, being a common practice, has led the NPPA to initiate 13 ML cases independently from files submitted by RIB. It is therefore, evident that with this mechanism in place, NPPA prioritizes ML cases as its primary objective. 199. The country has also managed to obtain convictions on 4 ML cases originating from high￾risk offenses. Case Box 1, describes one of the cases: 200. LEAs are also increasingly focused on combating ML such activities particularly those emerging from high risk predicate offences, resulting in an increase in the number of investigations with 51 ML cases investigated during the period under review originated from 252 ML identified under CI 7.1 above and 22 ML cases on trial originated from 51 ML cases. 201. Rwanda demonstrates that the number of ML prosecutions has been increasing but not necessarily the resultant convictions from the same cases. More still needs to be done to improve in the investigation and prosecution of ML cases. 202. This is demonstrated by the number of ML cases being investigated, prosecuted, reviewed at the prosecution office and other pending in court. Despite some ending up in convictions on predicate offences (as illustrated under Table 3.10 above). Authorities, during discussions with the Assessment Team, did not report any challenges of the court interpretation of those ML cases because at some incidences ML convictions were obtained at the lower courts but the aggrieved persons appealed to the Supreme Court, they lost but only for evidential issues. One Case Box 1 The accused person faced charges of ML after collecting a sum of RWF 4,754,497 (USD 4,036) while in the USA from a particular company engaged in financial transactions. In an attempt to conceal the source, he conducted numerous transactions through 14 different individuals who withdrew the funds in their names, using their identity cards, and returned the money to him. As reward, each individual received an amount of RWF 20,000 (USD 17). Consequently, he was convicted of money laundering and sentenced to four (4) years of imprisonment, along with a fine.

60 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 of the identified challenges is the delay in MLA requests, which hampers both ML investigations and prosecutions. However, in an effort to remedy this situation, the Authorities decided to cooperate with the judiciary in formulating a forum known as Forum Inspection which is composed of Inspections of different institutions in criminal justice chain, namely National Public Prosecution Authority, Judiciary, Rwanda Investigation Bureau, Rwanda Correctional Service and Rwanda Bar Association aiming at facilitating collaboration of those institutions in order to effectively investigate and prosecute offences include ML cases. The Forum meets periodically (once in a quarter) and they discuss issues related to the work of respective institutions and make recommendations for the purpose of quality improvement. 203. Despite the efforts made by Rwanda to effectively investigate and prosecute ML cases, and despite obtaining convictions in three cases, ML investigations and prosecutions in Rwanda are low compared to the predicate offences identified. Based on the statistics provided by the authorities, it was clear that there is more focus in prosecuting predicate offences than pursuing ML. The assessors observe that the efforts to effectively enforce ML in Rwanda could be strengthened by ensuring collaboration between RIB and NPPA during ML investigations. Developing a culture of conducting roundtable discussions on ML matters would help ensure that cases with strong evidence are prosecuted in court. Additionally, the lack of resources (12 prosecutors) in the Economic and Financial Crimes Unit within NPPA at the Head Office may be negatively impacting its effectiveness. Authorities should establish proper policies or Standard Operating Procedures to guide both RIB and NPPA in prioritizing investigations and prosecuting ML cases based on identified risks. 3.3.3. Types of ML cases pursued 204. Rwanda provided three cases where self-laundering, standalone, and third-party laundering had been successfully pursued. However, based on the provided statistics, it is evident that the authorities have focused more on prosecuting self-laundering cases. The authorities indicated that this was mostly because suspects are not comfortable having the property acquired through the proceeds in other people's names for fear of losing the properties and the people sharing the information with the authorities. Consequently, self-laundering supersedes other types of ML, Case Box 2. Although the statistics also indicate an increase in third-party laundering investigations from 2019/2020, there still has been low numbers of prosecution of such offences and standalone ML with no foreign predicates investigated or prosecuted, Case Box 3. Nevertheless, this demonstrates that agencies are capable of investigating various types of ML. During the on-site visit, it was observed that both the NPPA and RIB did not classify ML cases according to the types of ML investigated. 205. At the same time, Rwanda had not pursued any ML case arising from a foreign predicate offence. The Authorities explained that one of the reasons for not having cases of foreign predicate offenses was that most of the proceeds generating crimes were being committed in Rwanda and the proceeds laundered locally. However, it was noted that there was potential for Rwanda to be exposed to foreign predicate offences due to the international financial centre it was developing which has global outreach. Case Box 2 - Self Laundering The accused, an employee of X company (the platform used for online government service requests) and responsible for assisting x company in tourism services to issue permits for gorilla visits, faced charges related to unauthorized access to computer data, illicit enrichment, embezzlement, forgery, and money laundering. He acquired USD 478,086 in cash from tourists, which he did not deposit into x company’s account. The accused was convicted and sentenced to ten years of imprisonment, along with a fine of USD 2,390,430. The court also ordered him to refund the embezzled USD 478,086 to x company. Additionally, the court mandated the confiscation and sale of four houses, seven plots, and a car, considered proceeds of crimes valued at USD 185,500,000. The

61 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 3.3.4. Effectiveness, proportionality and dissuasiveness of sanctions 206. Rwanda has recorded sanctions on ML cases ranging from four (4) years, six (6) years, and ten (10) years imprisonment. The sanctions applied are to some extent effective and dissuasive. However, Rwanda has not secured any conviction of a legal person. Despite the authorities having investigated and prosecuted legal persons on ML charges originating from tax evasion they did not secure any convictions on the ML offences against them. Instead, the principals of the companies (individual owners) were convicted for predicate offences and some companies related to those individuals were sanctioned to pay fines for the tax related offences as well as ordered to refund the Rwanda Revenue Authority the amounts it had been prejudiced. 207. Furthermore, when going through the sanctions, assessors noted that there was no consistency of the sanctions in terms of proportionality for the same type of ML offences with similar circumstances committed. In those 4 ML cases, where more or less sanctions similar to that of a predicate offence have been provided, consideration of ML being a separate offence from the predicate crime seem not to have been given much consideration by the courts in aggravating sanctions. (See the summarized case box 4 below). 208. Sanctions applied against natural persons convicted of ML offenses are to some extent effective, and dissuasive. The highest sentence which has been handed down in a ML case was 10 years which, in itself, is the minimum sentence for an ML offence and due to the amount Case Box 3: Standalone The accused faced accusations of money laundering. He visited USA on 2 January 2020, and on 8 January 2020, he collected money sent by the company XOOM. XOOM, sent an amount totalling RWF 4,754,497 (USD 3,970). Between 3 January and 7 January 2020, the accused used the funds sent by XOOM to deposit money into a Bank. The accused engaged 14 different individuals to make these deposits, and they withdrew the funds using their own names and identity cards. In return, each individual received a reward of RWF 20,000 (USD17). The prosecution urged the court to find the accused guilty and impose a sentence of 10 years in prison, along with a fine of RWF 23,772,497 (USD 19,855) (five times the amount involved). Following the hearing, in the accused absence, as he was considered a fugitive from justice, the court validated the prosecution's claim. The accused was convicted of money laundering, and the court sentenced him to four (4) years of imprisonment, coupled with a fine of RWF 5,000,000 (USD 4,176).

62 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 involved this is not seen as dissuasive. The cases in Case Box 2 above illustrated the sanctions imposed against natural persons convicted with ML. 3.3.5. Use of alternative measures 209. With regards to other alternative measures where the authorities are not able to secure ML convictions; Rwanda applies administrative measures. The authorities impose administrative fines where ML cases cannot be pursued, especially on illegal exemption from taxes, tax evasion cases and environmental crimes, particularly illegal mining. These measures have been applied to a large extent. These included prosecution for predicate offences, on prosecutions initiated in court alongside a ML prosecution but failed to secure a ML conviction due to insufficient evidence. An example, is a case where an accused was initially charged with illicit enrichment, corruption and money laundering but only convicted of illicit enrichment, summarised (see Case Box 4, below). 210. Furthermore, there are also potential ML cases investigated and prosecuted by the authorities where convictions were secured on predicate offences originating from major generating proceeds but could not be secured on ML (refer Table 3.10 above). 211. The administrative measures therefore have been applied to a large extent. Overall Conclusion on IO.7 212. Rwanda has adequate legal and institutional framework to pursue ML and its associated predicate offences. ML activities, are identified and investigated to some extent. Rwanda has been able to employ alternative criminal justice measures in ML cases when it is not possible to secure a ML conviction by pursuing to a negligible extent other alternative measures, in particular by pursuing tax, environmental and illicit enrichment cases. The sentences imposed on the convicted persons were not proportionate and dissuasive along with direct confiscation orders being issued by the court. The authorities align their ML activities in line with their National AML/CFT Policy as some of the activities outlined in the Policy have been implemented since the approval of the policy in March 2023. The authorities have to negligible extent investigated ML cases but not much of these cases have been successfully prosecuted and convictions secured as only four (4) ML cases had been finalised at the time of the on-site visit. Identification of the different types of ML at the time of investigation and prosecution could not be adequately demonstrated. There is less emphasis on stand-alone laundering with no foreign predicate offences having been investigated or prosecuted. 213. Rwanda is rated as having a Low level of effectiveness for IO.7. 3.4. Immediate Outcome 8 (Confiscation) 3.4.1. Confiscation of proceeds, instrumentalities and property of equivalent value as a policy objective 214. Rwanda to a limited extent, pursues confiscation of proceeds, instrumentalities of crime and property of corresponding value as a policy objective. The competent authorities involved in the asset recovery process include the RNP, RIB, FIC, MINIJUST and NPPA. Identification of criminal assets and seizures is primarily done by RIB who are able to administratively freeze,

63 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 seize and put caveats on immovable property until the conclusion of the criminal proceedings. With respect to movable property, more specifically bank accounts, business shares or interests therefrom, the RIB is able to administratively freeze them for purposes of collecting evidence for specific periods set out in the law (see R. 31). The RNP have similar powers although they can only freeze, seize and put caveats on criminal property subject to referring the matter to RIB for further action to be taken. However, the RNP was only entrusted with these powers in May 2023, consequently, for the review period, the RNP did not seize or freeze any proceeds of crime. 215. The RIB in October 2020 developed and implemented standard operating procedures as a tool to guide RIB investigators in the course of their duties. The guidance includes steps on conducting parallel financial investigations including a checklist on identifying and tracing proceeds of crime. Table 3.11, reflects a steady increase in identifying and tracing proceeds of crime together with ensuring preservation of traced proceeds through the use of provisional measures of freezing and seizing. Table 3.11: Statistics of frozen and seized properties PROPERTIES Year Accounts Immovable Assets Movable Assets Shares Charges Estimated Value (USD) 2019- 2020 58 06 04 4 Embezzlement, tax evasion, forgery and ML 210,421 2020- 2021 71 17 12 5 Embezzlement, illegal tender award and ML 380,013 2021- 2022 88 25 15 3 Forgery, corruption, illicit enrichment, embezzlement and ML 3,140,726 2022- 2023 167 97 58 40 Embezzlement, fraud and ML 1,514,085 216. However, the RIB and NPPA do not have a mechanism to track when administrative seizures by RIB are lapsing and when NPPA has to obtain preservation orders from court. Consequently, the NPPA has failed to approach the courts to extend the administrative seizures by RIB thus undermining efforts to identify, trace and preserve proceeds of crime pending confiscation. 217. The NPPA, does not have standard operating procedures for pursuing proceeds of crime. Following securing of a conviction, it is the prerogative of the prosecutor whether to apply for forfeiture of the proceeds or not, or to pursue property of corresponding value. This has resulted in instances where frozen/seized assets are not always confiscated at the conclusion of the prosecution and the failure to confiscate property of corresponding value. The Case Box 4, case

64 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 study demonstrates instances where the NPPA did not pursue confiscation of proceeds of crime or property of corresponding value after obtaining a conviction: Case box 4 A Kenyan national came to Rwanda under the disguise of visiting his sister. RIB got information from informers that the subject recruited people to withdraw money from a X bank that were sent through Xoom money transfer. The subject used stolen financial instruments (bank accounts, credit cards) of victims in the United States and Germany to send transactions to recipients in Rwanda. He managed to withdraw 4,754,497 RWF (USD 3,970) via 14 people. the court convicted the subject over money laundering and sentenced him to 4 years of imprisonment and a fine of 5,000,000RWF (USD 4,176). Confiscation was not pursued in this case. 218. Additionally, mechanisms for managing seized and confiscated property are under resourced and still at early stages of development. In this regard, the NPPA has established the Seized and Confiscated Assets Unit as a dedicated unit, set up to facilitate confiscation of proceeds and instrumentalities of crime. It consists of three (3) officers including the Director and two officers. The unit was established in 2020 and prior to that, there was no mechanism for managing seized and confiscated property. At the time of the onsite visit, there was no guidance on how the Seized and Confiscated Unit coordinates and collaborates with other prosecutors and relevant stakeholders in managing seized and confiscated property. 219. The Seized and Confiscated Assets Unit lacks adequate resources, in terms of staff to enhance its confiscation capacity, carrying out the inventory of all seized, frozen and confiscated assets and conducting auctions, thereof. During the review period, Rwanda was able to hold only one auction in 2022 for assets that were under preservation, that is, had been seized and frozen. The authorities could not provide comprehensive data to demonstrate which of the assets identified in table 3.11 had been sold during the said auction. Rather, the authorities during the face-to-face, provided a list which was not reconcilable to Table 3.10 above on confiscated property during the review period, demonstrating that Rwanda has challenges with keeping an inventory of preserved and confiscated properties. Further, Rwanda has not been able to auction confiscated property during the review period. The AT attributes the failure to the lack of coordination between the NPPA and the Ministry of Justice. The NPPA through its Seized and Confiscated Assets Unit is responsible for auctioning property under preservation (seized and frozen) whilst the Ministry of Justice is responsible for executing confiscation orders. Further, the Ministry of Justice does not have SOPs on managing confiscated property, contributing to the lapse to execute confiscation orders. 220. In an effort to pursue confiscation of proceeds of crime as a policy objective, Rwanda has incorporated in some policy documents (NPPA Strategy 2018/2024 and 2023 National AML/CFT/CPF Policy), objectives intended to enhance confiscation mechanisms. In this regard, Output Six (6) of NPPA 2018/2024 Strategy requires the Seized and Confiscated Assets Unit to follow up the cases with seized assets to assess if prosecutors requested the judge to decide on seized assets. By the time of the onsite visit, the authorities could not demonstrate implementation of Output Six of the NPPA 2018/2024 strategy, demonstrating failure to implement thereof. 221. Strategic Objective 5 of 2023 AML/CFT/CPF National Policy focuses on improving the effectiveness of ML/TF & PF investigations, prosecutions, adjudication and asset recovery.

65 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 However, at the time of the on-site visit, Rwanda was still to implement this objective. In order to achieve Strategic Objective 5, Rwanda intends amongst others to train investigators and prosecutors on financial investigation, confiscation and asset recovery. Further, Rwanda intends to strengthen asset management systems and develop and implement operating standards to enhance the confiscation of proceeds of crime.14 222. Implementation of Strategic Objective 5 of 2023 AML/CFT/CPF National Policy and Output Six of NPPA 2018/2024 Strategy will ensure that Rwanda has adequately staffed and skilled investigators and prosecutors, and management system of seized properties and thus manage to enhance the capacity to identify, trace and confiscate proceeds of crime, instrumentalities and property of corresponding value as a policy objective. 3.4.2. Confiscation of proceeds from foreign and domestic predicates, and proceeds located abroad 223. Confiscation in Rwanda is conviction-based and primarily supported by different laws providing for measures ranging from identification, tracing, seizure, freezing and confiscation (see R. 4). Rwanda has to a limited extent used provisional measures to prevent the flight or dissipation of proceeds of crime as evidenced by the statistics highlighted in Table 3.11 above, representing 38.3% of the total proceeds for the top five high-risk predicate offences during the period under review. 224. During the period under review, Rwanda had a total of 24 confiscation cases, 19 related to proceeds of crime and five concerned contrabands. To that end, Rwanda was only able to confiscate 16.7% of the frozen/seized proceeds. Rwanda’s efforts to implement confiscation measures are undermined by the failure of NPPA to approach courts to extend the professional administrative seizures (refer to C.I 8.1) as required by law and to regularly pursue confiscation upon securing conviction. 225. In addition, Rwanda’s confiscation regime has been limited to proceeds of crime with limited confiscation of instrumentalities and no confiscation of property of corresponding value. Further, there were only three convictions of ML cases during the period under review and confiscation was ordered in two of the cases. The table 3.12 reflects the limited confiscation of proceeds arising from domestic predicate and money laundering offences: Table 3.12: Provisional measures 14 During the face-to-face meeting, the Authorities made the Assessment Team aware of the Instructions of the Prosecutor General, No.01 of 03/01/2024, that govern how seized, under caveat and confiscated assets are managed by the Prosecutor General's Office including coordination amongst the prosecutors. The instructions came into force on the 3rd of January 2024.

66 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Offence No. of Cases Proceeds (USD) Value of Administrative seizure (immovable) Value of administrative seizure (movable) Value of NPPA provisional seizure Value of lapsed seizure Tax evasion 209 5,865,362 0 Embezzlement of Public funds 305 4,604,461 0 Embezzlement of Bank funds 298 839,592 0 Embezzlement of Cooperative funds 834 589,062 0 Illegal exemption 121 543,050 Non-payment of withholding tax 11 524,696 0 Corruption/bri bery 917 205,251 0 Money laundering 51 0 Table 3.13: Confiscation of Proceeds linked to domestic offences Offence Number of cases Proceeds confiscated (USD) Solicit/accept or offer illegal benefit 12 14,312 Embezzlement, forgery, solicit/accept or offer illegal benefit 1 98,781 Carrying acts related to the use of narcotic drugs or psychotropic substances 3 269 Illicit enrichment, forgery, embezzlement and ML 2 585,827 Access to a computer or computer system data, illicit enrichment, embezzlement, forgery, money laundering 1 148,124 226. Developing and implementing standard operating procedures at the NPPA to guide prosecutors on confiscation would increase chances of prosecutors regularly applying for

67 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 confiscation upon securing conviction. Such SOPs would also provide clarity on the application of the fragmented and procedurally still developing confiscation framework. The Case Box 5, case study highlights the need to adequately guide and train prosecutors on Rwanda’s confiscation regime, particularly confiscation of property of corresponding value and proceeds held by third parties. 227. During the period under review, Rwanda confiscated a total of 11 immovable properties and four motor vehicles. However, none of the properties have been auctioned in line with the requirements of article 11 of the Ministerial Order Determining Modalities for the Administration of Confiscated Property. The AT attributes the failure to the limited resources by the Seized and Confiscated Assets Unit of the NPPA, and poor asset management systems including poor coordination with relevant stakeholders. 228. Further, Rwanda has identified 132 cases during the period 2018-2022 in which proceeds of crime amounting to USD 15,859,528 had been moved to 35 countries but has only managed to obtain freezing orders in four cases amounting to USD 3,948,201. Rwanda has not managed to recover any of the said proceeds of crimes. Further, Rwanda has not sought MLA assistance to identify, restrain and recover the proceeds in the remaining 128 cases, as a result the authorities could not demonstrate that they prioritize asset recovery. RIB which is mandated to carry out most of the financial investigations, its SOPs do not contain guidance on pursuing proceeds moved to other countries. Again, at the time of the on-site visit, RIB could not demonstrate that it has sufficiently tried to pursue the recovery of assets which have since transcended into other jurisdictions. Table 3.14, indicates the value of assets which are extra￾territorial and have not been adequately pursued. Table 3.14: Proceeds moved to other countries Country Offence Proceeds Freezing Confiscation Case box 5 The Public Prosecution pursued Mr. MJ who was the former accountant of a Cooperative, together with his wife as his co-accused on a charge of money laundering, after he had been sentenced by the Nyarugenge Intermediate Court to a six-year imprisonment for the crime of embezzling the Cooperative's funds amounting to RWF 46,981,136 (USD 39,890). The embezzlement case was decided in 2017. The Intermediate Court had ordered Mr. MJ to return the embezzled money and to pay a fine of RWF 93,962,272 (USD 79,780). No confiscation order was made. The same penalty was confirmed by the High Court on appeal. Following confirmation of the conviction and sentence on the predicate offence by the appeal court, the NPPA launched money laundering proceedings at Based on that sentence, the prosecution seized the NYARUGENGE Intermediate Court on the charge of money laundering against Mr. MJ and his wife. The two had bought a house in the City of Kigali, worth RWF11 million (USD 9,340); and had registered it to Mr. MJ’s mother-in-law. The Court dismissed the money laundering charges against Mr. MJ and his wife in 2022 on account of the double jeopardy rule as Mr. MJ had already been convicted of the predicate offence in 2017. Consequently, the proceeds remain in the hands of the third party.

68 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 (USD) orders Belgium Unauthorized access to a computer system (compromised email) Fraud 128,174 0 0 Canada Unauthorized access to a computer system (compromised email) Fraud 1,341,277 0 0 China Unauthorized access to a computer system (compromised email) Fraud 2,298,331 0 0 Comoros Unauthorized access to a computer system (compromised email) Fraud 232,602 0 0 DRC Breach of trust 1,680,260 1,193,081 0 England Unauthorized access to a computer system (compromised email) Fraud 1,304,706 1,275,700 0 Japan Unauthorized access to a computer system (compromised email) Fraud 111,825 0 0 Kenya Fraud 341,499 0 0 Malaysia Unauthorized access to a computer system (compromised email) Fraud 892,000 Netherlands Unauthorized access to a computer system (compromised email) Fraud 328,400 286,331 0 Switzerland Unauthorized access to a computer system (compromised email) Fraud 2,932,961 0 0 Tanzania Unauthorized access to a computer system (compromised email) Fraud 718,221 0 0 Turkey Unauthorized access to a computer system 123,133 0 0

69 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 (compromised email) Fraud United Arab Emirates Breach of trust 1,125,612 0 0 USA Unauthorized access to a computer system (compromised email) Fraud 1,316,877 1,193,089 0 Total 14,975,878 3,948,201 0 229. In addition to the reasonably high amounts indicated in table 3.14 above, Rwanda did not pursue the following proceeds of high-risk predicate offences: Benin - USD 1,200; Brazil - USD 61,600; Burundi - USD 57,943; Cameroon - USD 11,530; Germany -USD 26,288; India - USD 3,710; Indonesia – USD 20,653; Mexico – USD 94,730; Mozambique - USD 98,173; Nigeria - USD 52,865; Pakistan – USD 40,000; Poland – USD 78,478; Russia – USD 89,068; South Africa – USD 3,360; Sweden - USD 3,640; Thailand - USD 32,000; Uganda – USD 48,569; Ukraine – USD 82,775; and Zimbabwe - USD 27,068, all arising from fraud. Therefore, the total amount not pursued was USD 15,859,528 with an amount of USD 3,948,201 frozen. 230. However, Rwanda has during the same period, received five (5) requests to repatriate proceeds from other countries and has only managed to respond to one request with respect to a trailer. Table 3.15: Asset Recovery Requests received by Rwanda Date of receiving request Request received from (Country) Asset involved Asset returned (yes/no) Asset returned date 10 Jun 2019 FRANCE vehicle in progress 22 Jun 2020 SOUTH AFRICA trailer Yes 8 September 2021 20 Sept 2020 MALAWI USD 15,007 No 23 Oct 2022 DRC vehicle in progress 9 Dec 2022 UGANDA vehicle In progress 231. Four of the requests for repatriation relate to vehicles, a factor not considered in the NRA or the desk review as an area of possible ML risk. Accordingly, the risk associated with Rwanda receiving proceeds of crime related to theft of motor vehicles or acquisition of vehicles to launder proceeds, has not been adequately assessed and is not known or understood to enable such proceeds to be sufficiently pursued and confiscated. Further, Rwanda has not confiscated any proceeds related to a foreign predicate crime. 232. Notwithstanding the shortcomings of pursuing confiscation of proceeds of crime, Rwanda has demonstrated to a lesser extent success in confiscating proceeds of domestic offences where

70 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 money laundering offences have been pursued. Case Box 6, is a case study demonstrating how during the limited occasions where Rwanda has pursued money laundering offences, it has assisted Rwanda to identify and confiscate proceeds of crime: 3.4.3. Confiscation of falsely or undeclared cross-border transaction of currency/BNI 233. Rwanda has a legislative framework to prevent the cross-border movement of cash and BNIs that are falsely or not declared or disclosed at the point of entry or exit, if they are equal to or exceed the set threshold of RWF 10,000,000 (USD 8,351) or its equivalent in other currencies. Rwanda has implemented both the disclosure and declaration systems. Declaration is mandatory for all persons in transit through or departing from the territory of Rwanda (see R. 32 for the threshold). Disclosure is applicable upon request by competent authority to any person who enters into the territory of Rwanda with physical transportation of cash or negotiable instrument (see R. 32 for the thresholds). The authorities indicated that they have decided to implement both the disclosure and declaration system because in their view, the risk of outflows is higher than the risk of inflows and have considered a disclosure system as best placed to mitigate the risk of inbound proceeds of cash and BNIs. The legal framework requiring the disclosure system was introduced on the 27th of June 2023, prior to that, the legal framework provided for the declaration system only. Notwithstanding the absence of the legal framework for disclosure system, the authorities through an MOU entered into between FIC and other competent authorities, started implementing the disclosure system for inbound travellers and declaration system for outbound travellers before June 2023, as depicted by Tables 3.16 & 3.17. The tables also show a fairly high number of declarations compared to disclosures, particularly for the period June 2022- 2023. Table 3.16: Statistics showing the number of declarations from 2017 to May-2022 Before MoU is in force AIRPORT 2017/2018 2018/2019 2019/2020 2020/2021 2021 May/2022 Declarations KIA 198 209 196 501 722 Case Box 6 The subject served as coordinator of the customized online booking and payment system for RDB services and products which include tourism products. The subject fraudulently gave himself access using help desk credentials and sold tourism products and managed to embezzle money amounting to USD 478,486. The subject bought different items from the proceeds including houses, plots, and a vehicle. The court convicted the subject over embezzlement and money laundering. The court sentenced him to 10 years of imprisonment and a fine of USD 2,390,430. The court ordered the subject to pay back the embezzled money worth USD 478,486. The court also confiscated all assets that were seized by RIB that include 5 houses, 3 plots and a vehicle.

71 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Table 3.17: Statistics that shows number of declarations/disclosures done from June/2022 to June-2023 After MoU is in force June 2022-2023 Border/airport Declaration Disclosure KIA 405 1 NEMBA 2 GATUNA 2 2 CYANIKA 1 KAGITUMBA 1 Total 407 7 234. To facilitate detection of falsely or undeclared cross-border conveyance of cash and BNI, Rwanda has deployed scanners, e-gates and sniffer dogs for luggage and cargo. The described mechanisms have not been effectively used by the authorities to detect incidences of unlawful transportation of currency/BNIs. This is the case when one looks at the volume of traffic at Kigali International Airport, which is the busiest entry and exit point of Rwanda and that there has not been a reported incident of cross-border false or non-declaration of currency at all other operational border posts. 235. During the period under review, there were three cases of detection through scanners as depicted in the Case Box 7: Case Box 7 Case (i) - Rwanda National Police at Kigali International Airport intercepted a Kenyan lady who arrived from Bujumbura transiting to Nairobi carrying bags full of the following foreign currencies: EUR 1,100,000, KES 2,000,000, USD 640,000. The suspect was taken to Rwanda Investigation Bureau (RIB) for investigations and later it was confirmed that the transported cash belonged to her employer being a commercial bank in Kenya which has presence in Kigali. Case (ii) - Through luggage scanner at Kigali International Airport, Rwanda National Police intercepted a Burundian national with undeclared cash equivalent to USD 55,100. The suspect was exiting from Kigali to Bujumbura and he hid the money in a bag with the intention to take it undeclared to be used in construction activities. The suspect was interviewed and later sanctioned with administrative fines of 5% of the whole amount intended to be taken out. The reason for administrative sanctions was that there was no suspicion of any other criminal activity Case (iii) -Rwandan National Police at Kigali International Airport through a luggage scanner was able to detect a falsely declared cargo bound for London, England. The courier wanted to send BIF 1,200 (Burundi Francs) which was wrapped in 12 small parcels of 100 notes and since postal regulations prohibit the transportation of money in postal parcels, he bribed the postal officer with RWF 15,000 to falsely declare that the package contained books instead of money. Upon detection by RNP of the falsely declared parcel, investigations were undertaken and the courier and postal officer were arrested. The duo was jointly prosecuted and convicted on corruption related offence and counterfeiting or use of a counterfeit document. They were both sentenced to 5 years imprisonment of which 3 years and 6 months were suspended for 2 years and each ordered to pay a fine of RWF 150,000. The falsely declared cargo of BIF 1,200 was confiscated.

72 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 236. Rwanda has accordingly, detected limited cases (three) of falsely or undeclared cross￾border transportation of currency and has not applied confiscation measures in two of the three said cases citing the absence of criminal activity linked to the concerned cash. Where confiscation measures were applied, the underlying criminal activity of corruption was a decisive factor. The focus on the providence of the source of funds negates the effectiveness of using confiscation of falsely/not declared or disclosed cross-border cash/BNI as an effective and dissuasive sanction to such activity and fails to recognise the intrinsic difficulties of linking smuggled cash/BNI to any criminality given the transnational element and lack of sufficient intelligence/information on the subjects. 3.4.4. Consistency of confiscation results with ML/TF risks and national AML/CFT policies and priorities 237. An evaluation of the statistics relating to seizures and freezing measures by Rwanda indicates to a limited extent, consistency with Rwanda's profile of high-risk predicate offences underlying the ML offence. The top five high proceeds generating offences in Rwanda are tax evasion, embezzlement of public funds, illegal award of public tenders, embezzlement of cooperatives funds and embezzlement of bank funds. Of these top five high proceeds generating offences, provisional confiscation was obtained with respect to embezzlement, tax evasion and corruption. The AT however could not determine the value of proceeds seized/frozen for each of the offences due to lack of comprehensive data provided by the authorities. 238. The confiscations were in relation to the following offences: embezzlement, forgery, solicit/accept or offer illegal benefit, unlawful use of narcotic drugs and psychotropic substances, hunting/selling/injuring/killing a protected animal species, carrying out acts related to the use of narcotic drugs or psychotropic substances, illicit enrichment, access to a computer or computer system data, forgery and money laundering. 239. During the period under review, no confiscations were obtained in relation to the most proceeds generating offence in Rwanda, that is tax evasion. The RRA has referred 62 cases of tax related offences to RIB for criminal investigation, however no conviction had been secured at the time of the onsite visit. Further, preservation measures were applied only in relation to one of the 62 tax cases. The authorities appear to prefer to recover tax owed through compounded payment of tax. In this regard, four cases were concluded leading to recovery of USD 404,443. Accordingly, Rwanda’s confiscation results are not entirely consistent with the identified ML risks. Overall Conclusion on IO.8 240. Rwanda does not pursue confiscation of proceeds, instrumentalities and property of corresponding value as a policy objective. Although Rwanda has demonstrated some desire to deprive criminals of ill-gotten property through preservation measures relating to some high proceeds generating predicate offences, lack of SOPs for the NPPA and the under resourced Seized and Confiscated Assets Unit undermines the effort. Additionally, lack of management system for seized property affects Rwanda’s ability to preserve the value of seized property. Rwanda does not prioritise confiscation of proceeds of money laundering and crime located abroad. The country has also not confiscated property of corresponding value. Further, Rwanda has not demonstrated that it is able to effectively use its tax system to recover proceeds of

73 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 crime. The declaration system for cross border movement of currency and BNIs has not been used optimally to deter criminals as there has been a limited number of interceptions and no seizures. The focus on the providence of source of funds negates the effectiveness of using confiscation of falsely or not declared or disclosed cash conveyance as a dissuasive sanction. Additionally, Rwanda’s confiscation results are not entirely consistent with the identified ML risks. These deficiencies warrant fundamental improvements of the confiscation regime. 241. Rwanda is rated as having a Low level of effectiveness for IO.8.

74 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 4. TERRORIST FINANCING AND FINANCING OF PROLIFERATION 4.1. Key Findings and Recommended Actions Key Findings Immediate Outcome 9 a) Rwanda has not fully criminalized terrorist financing (TF) in alignment with the FATF Standards. Consequently, Rwanda lacks the capacity to fully implement measures ensuring effective investigation and prosecution of the entire spectrum of TF and related predicate offenses. b) There exists a general lack of understanding of TF risks and on how to treat TF separately from terrorism across authorities, with exceptions such as the Financial Intelligence Centre (FIC) and the National Intelligence and Security Services (NISS). This deficiency hampers the ability to effectively investigate and combat TF. c) Rwanda has established an institutional framework involving law enforcement agencies (LEAs) like the National Public Prosecution Authority (NPPA), Rwanda National Police (RNP), NISS, and Rwanda Investigation Bureau (RIB) to identify and investigate TF activities. However, there is a need for improved coordination among these entities. Despite challenges, LEAs have trained dedicated investigation teams and have made some progress in identifying and investigating various forms of TF, including financing individuals joining terror groups and tracking associated fund movements. d) While Rwanda has prosecuted TF to some extent, its counterterrorism strategy lacks comprehensive coverage of all TF elements. The integration of TF investigation and prosecution with the counterterrorism strategy remains uncertain due to pending cases. Moreover, while competent authorities possess knowledge of terrorism, understanding of TF is not uniformly established, hindering the country's ability to effectively combat TF. e) The Rwanda Investigation Bureau (RIB) and National Public Prosecution Authority (NPPA) lack adequate capacity and resources to coordinate and conduct potential TF investigations and prosecutions. f) Rwanda has not prosecuted any TF cases under the new sanctions regime, making it difficult to assess the proportionality, dissuasiveness, and effectiveness of the sanctions. Immediate Outcome 10 a) Rwanda does not effectively implement targeted financial sanctions (TFS) without-delay in terms of UNSCRs 1267, due to a long internal process within the Ministry of Foreign Affairs which hampers the effective implementation of TFS. Therefore, effectiveness of the current structure in implementation of UNSCRs could not be determined. This results in the reporting entities not implementing systematically UNSCRs without nor does Rwanda have delisting mechanism in place. b) Rwanda has not yet conducted a comprehensive TF risk assessment related to the NPOs sector in terms of organisations, objectives, activities and possibility of being misused for TF purposes. It also did not identify the subset of the NPOs that fall under the definition of FATF. This has affected Rwanda’s

75 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 understanding of NPOs TF risks. c) There are no comprehensive outreach programs in place for NPOs, and the sector appears to have taken to self-regulation. Immediate Outcome 11 a) Rwanda’s legal framework allows for implementation of TFS related to PF UNSCRs without delay. However, the National Counter-Terrorism Committee has not developed a comprehensive process to implement the counter-proliferation TFS without delay. Furthermore, designations by the UNSC do not immediately trigger the obligation for all natural and legal persons to freeze the funds of the person or entity designated without delay. There are no provisions addressing freezing of funds or other assets whether owned or controlled directly or indirectly or otherwise by designated persons or entities. b) At the time of the on-site visit, there was no process in operation to notify reporting entities of updates on Iran and DPRK TFS lists. Some reporting persons use commercial databases/ software to get notifications on PF. c) AML/CFT supervisors have not issued instructions and guidelines and have not established mechanisms to implement the relevant TFS, nor do they monitor the entities under their supervision. d) Reporting entities have a general understanding of their obligations to implement UNSCRs, but did not demonstrate an understanding of PF-related sanctions. Recommended Actions Immediate Outcome 9 Rwanda should: a) Amend existing legislation or enact new laws to criminalize terrorist financing in accordance with FATF Standards. b) Conduct awareness-raising campaigns and specialized training sessions for relevant authorities to enhance their understanding of terrorist financing risks. c) Allocate additional resources to the Rwanda Investigation Bureau (RIB) and National Public Prosecution Authority (NPPA) to strengthen their capacity to coordinate and conduct terrorist financing investigations and prosecutions. d) Strengthen collaboration between the Financial Intelligence Centre (FIC), National Intelligence and Security Services (NISS), and other relevant authorities to share expertise and best practices in combating terrorist financing e) Integrate terrorist financing investigation and prosecution into the broader counterterrorism strategy to ensure comprehensive coverage. It should also conduct regular reviews and assessments of the counterterrorism strategy to identify gaps and areas for improvement in addressing terrorist financing elements. f) Enhance implementation and enforcement of the new sanctions’ regime by prioritizing investigations and prosecutions of terrorist financing cases. It should also provide training to relevant

76 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 authorities on the application of the new sanctions’ regime and its role in combating terrorist financing. (a) The authorities should pay much attention to conducting TF investigations as standalone offences rather than correlating them with terrorism investigations Immediate Outcome 10 a) Put in place effective communication channels to expedite the implementation of the UNSCRs without delay. b) Rwanda should consider expediting and finalizing the process of designating domestic persons under UNSCR 1373. c) Establish a framework for comprehensive monitoring or supervision of FIs and DNFBPs to ensure compliance with targeted financial sanctions requirements. d) Conduct a comprehensive analysis of the entire NPO sector and apply focused and proportionate measures to NPOs identified as being vulnerable to TF abuse, including providing guidance to the sector and conducting outreach and sensitization programmes. e) Provide substantial resources for RGB to monitor and regulate NPOs in order to ascertain the source and use of funds received by NPOs to determine possible abuses of NPOs. Immediate Outcome 11 a) Rwanda should develop a comprehensive process to implement TFS for PF without delay. The process should immediately trigger the obligation for all natural and legal persons to freeze the funds of the person or entity designated without delay. The process should also provide guidance to FI and DNFBPs with respect to the implementation of PF obligations. Furthermore, to ensure compliance with the implementation of TFS, Rwanda should introduce communication and dissemination mechanisms. b) Competent authorities should embark on awareness programs that will ensure that FIs and DNFBPs understand their obligations regarding TFS relating to PF and that they comply with the obligations and should also be monitored for compliance. c) Rwanda should enhance efforts to identify any funds or assets, and to propose target for designations related to PF. d) AML/CFT supervisors should monitor compliance of FIs and DNFBPs with regards to the implementation of the requirements related to PF. 242. The relevant Immediate Outcomes considered and assessed in this chapter are IO.9-11. The Recommendations relevant for the assessment of effectiveness under this section are R. 1, 4, 5–8, 30, 31 and 39. 4.2. Immediate Outcome 9 (TF investigation and prosecution) Background and Context 243. Rwanda has to some extent criminalized TF in accordance with the International Standards. The country has enacted various laws to counter terrorist financing and terrorism (see R. 5). These laws empower the RIB and NPPA to investigate and prosecute TF. The other key agencies such as

77 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 FIC, Rwanda National Police, NISS, RRA and Ombudsman are also designated to deal with issues related to TF, and they operate especially on intelligence gathering to aid the RIB and NPPA to investigate and prosecute TF cases. Moreover, Rwanda has to a large extent ratified the relevant UN instruments in relation to the countering of terrorism and financing. 244. The risk of TF in Rwanda was assessed as part of the NRA conducted in 2019, and the risk was rated as medium-low. The desk review conducted in 2023, also maintained the same rating. Rwanda has a high threat of TF due to its geographical location as it shares borders with countries that are exposed to different terrorist groups and organizations, in particular groups such as the FDLR and ADF. The activities of these groups have a direct impact on the TF risks which Rwanda is exposed to as some of them, like collection and movement of the funds take place inside and outside the country’s borders. 4.2.1 Prosecution/conviction of types of TF activity consistent with the country’s risk-profile 245. Rwanda prosecutes TF to a limited extent. At the time of the on-site visit, Rwanda had secured one TF conviction which to some extent was in line with the country’s risk profile (see Case Box 7). During the period under review, NPPA took twenty-one (21) TF cases to court for trial. Of these cases, nineteen (19) were still pending in court. On the other two, NPPA had secured one TF conviction, whilst the other one (1) resulted in a terrorism conviction due to lack of evidence to support a TF conviction. From these cases, the Authorities were able to identify various types of TF activities, including financing of individuals to join terror groups, tracking fund movements to identify associated assets, and fundraising to finance terror groups. For instance, in one case where the TF activity involved fundraising, the authorities were able to arrest an individual. He mobilized people to raise money to be sent to a terror group operating in neighbouring countries to Rwanda. As a means of raising these funds, he created a WhatsApp group in which he provided training and outlined goals for raising money to support the terror group. 246. The NPPA, which is the institution that has the legal mandate to prosecute TF has allocated nine (9) prosecutors to handle TF matters and other offences. The nine (9) Prosecutors received basic training on TF matters to aid on prosecution of TF cases. The Deputy Prosecutor General assigns additional prosecutors when the need arises. 247. The National Risk Assessment (NRA) indicates that the TF risk is medium-low, so does the Desk Review which was done shortly before the on-site visit. However, based on discussions carried out during the on-site visit combined with other factors outlined below, Rwanda has a higher threat of TF risk as opposed to the findings of the NRA, due to its geographical location as it shares borders with countries that are exposed to different terrorist groups and organizations, in particular groups such as the FDLR and ADF. The activities of these groups have a direct impact on the TF risks which Rwanda is exposed to as some of them, like collection and movement of the funds take place inside and outside the country’s borders. 248. Overall, the understanding of TF risk with the exception of NISS and FIC, is still limited, as a result prosecution has been able to institute twenty-one (21) TF cases in court, resulting in one (1) conviction for TF, one (1) for terrorism and the other nineteen (19) cases still pending in court. Despite the low number of TF convictions, the assessors noted that the TF cases pending in court are in-line with the country’s TF risk-profile as most of the TF activities were identified. The cases

78 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 have the cross-border element related to fundraising and movement associated with terror groups operating in the DRC with allegiance to the FDLR. In the one case where there was conviction (see Case box 7), civilians in the rural areas were being targeted for recruitment in raising funds. The case outlines that the suspects were required to pay subscription fees of RWF 5,000 (USD 4) in order to join FDLR. 249. The assessment team noted that there is no consistency in prioritisation of pursuing trials of TF cases, which explains why it has taken long to finalise the nineteen (19) TF cases which are still pending in court. Moreover, from the analysis of statistics provided, it was clear that NPPA focuses more on prosecuting terrorism than TF, which could explain why there is only one (1) TF conviction. During the period under review, the authorities were able to prosecute twenty-four (24) terrorism and secured conviction on twenty (20). On the contrary, twenty-one (21) TF cases were submitted to court and only one (1) conviction were secured and the other one (1) case on terrorism. Therefore, nineteen (19) cases still pending in court. 250. In order to address some of the challenges relating to dealing with TF, the Authorities developed a strategic plan to prioritize their allocation of resources to mitigate TF risks by capacitating LEAs on mechanisms to prevent, detect, report and prosecute such cases. Rwanda had also developed a National Policy for combating financing of terrorism. The Policy has a strategic objective that deals with the enhance of the investigation, prosecution and adjudication on TF matters. However, the Strategic Plan and National Policy for combating financing of terrorism had been recently approved and it had only started being implemented by LEAs by the time of the on-site visit, including training 219 officers on TF matters, conducting awareness programmes for public and private sector to sensitize them on TF threats the country was exposed to and the measures to prevent TF. Therefore, the assessment team could not establish the effectiveness of the policies. 4.2.2 TF identification and investigation 251. Rwanda has to some extent been able to identify and investigate TF cases. During the period under review, Rwanda managed to identify twenty-one (21) TF cases arising from the investigation of twenty-six (26) terrorism cases, of which five (5) of them, the authorities could not establish the TF element. The TF cases were identified from various sources including seven (7) through special investigation techniques such as extracting information from devices, eight (8) through parallel financial investigations while four (4) through international cooperation from foreign jurisdictions, and 1 referral from the Department of Intelligence. CASE Box 8- Involving TF The case involves five suspects who were arrested on suspicion of terrorism financing. The suspects were recruited by elements of the FDLR. They were recruited to join the FDLR during the meetings they attended hosted by the organisation and were also urged to mobilize fellow Rwandans to join the terror group. The suspects also financed terrorism by paying subscription fees of RWF 5,000 (USD 4). During investigation, parallel financial investigations were conducted to profile the assets registered in their names. There were no assets frozen because the suspects did not have any assets worth freezing. The case was successfully prosecuted and 4 suspects were convicted on charges of terrorism financing and 2 sentenced to 7 years’ imprisonment, one sentenced to 5 years imprisonment, other 4 years imprisonment while one accused was acquitted

79 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 252. Based on the TF cases identified by the Authorities, it’s clear that the authorities are able to some extent identify TF cases from the terrorism investigation. This is clearly demonstrated in Table 4.1. However, the assessment team noted that Rwanda still has challenges in identifying TF compared to terrorism cases, which was confirmed by the authorities having only one TF conviction compared to twenty (20) terrorism cases despite the cases having been filed in court during the same period. The authorities did not satisfactorily explain why there was a slow pace in securing TF convictions compared to terrorism. The results of these cases showed that the authorities’ prioritisation of identifying, investigating and prosecuting of other predicate offences, in particular terrorism offences over TF cases. 253. RIB is responsible for identification and investigation of TF cases. The RIB has a specialized Unit, with trained officers to identify and investigate TF. Other Security Organs such as NISS, Rwanda National Police and FIC play key roles in gathering intelligence that assist RIB in identifying terrorism and TF cases for investigation. Both, the NISS and RNP, have dedicated units to work on the intelligence that is shared with RIB for investigation. Collectively, LEAs in Rwanda rely on human intelligence, (interaction with the community and sensitization), informants, open source, undercover operations, surveillance, tools extended by INTERPOL, Electronic Devices, UNSCR Sanctions, scanners and Anti-Crime Clubs (Youth Volunteers) amongst others to identify TF cases for investigations. 254. RNP has signed various MOUs with other foreign counterparts for intelligence sharing information on terrorism and TF, as a result intelligence information has been shared which led to TF Investigations. For instance, the Authorities secured evidential materials in USA and Belgium that was used to prove TF cases in court. Table 4.1: Statistics of TF cases for the period 2018-June 2023 CASE Box 9 - The Police arrested the group of five suspects suspected to have mobilizing people to join their group titled HIZB-UT-TAHRIR, translated as Liberation Party. The suspects were self-radicalized through social media (YouTube). They organized and conducted meetings recruiting more people to join them. In the meetings they were preaching Jihadism and showing people why they need to join their group and execute their mission.

80 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024

81 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 255. At the time of the on-site visit, no financial intelligence reports on TF had been generated by the FIC. The lack of STRs reported on suspected TF indicated challenges with the reporting entities, in particular banks in identifying such suspicious transactions. This had resulted with the FIC failing to produce any intelligence reports on suspected TF. Again, the capacity of the FIC to gather financial intelligence to assist RIB with the identification of TF could not be demonstrated as it had not worked on such STRs. This has limited the capacity of RIB to identify TF cases arising from financial intelligence disseminated from FIC. 4.2.3 TF investigation integrated with and supportive of national strategies 256. TF investigation in Rwanda is integrated and used to support the National CFT Strategy. Each Agency (NPPA, RIB and RNP) has its own internal strategy to support TF investigation. In March 2023, the Country approved the National Strategy which addresses the risks identified in the NRA report. The TF matters have been fairly addressed under Strategic Objective 5, which stipulates among other objectives, the enhancement of investigations, prosecutions and adjudication of TF matters. The Strategy is intelligence driven and is supported by coordination among relevant national authorities and cooperation at international level. LEAs are able to share intelligence information, arrested perpetrators and conduct TF investigations to the extent of identifying and investigating. However, the policy under this Strategy did not take into account identification of TF activity, which to the views of assessors have a serious cascading effect on the other objectives, as they heavily depend on this objective. 257. In terms of national coordination on TF investigations, the authority mentioned the existence of high-level forum knowns as Joint Operational Centre (JOC) which comprising the RIB, NISS, Military and Rwanda National Police. The forum meets every morning to deliberate on matter related to internal security and to formulate strategies to take appropriate and effective actions to address the risk identified. At the time of the onsite, the forum was yet to be seized of any matter involving TF activity. The assessment team noted that this platform can also be used in the future to prioritize TF identification. 258. In May 2023, Rwanda signed an operational memorandum of understanding comprising the FIC, RIB, NPPA, NISS, RNP and other LEAs with a mandate to cooperate domestically on TF investigations and other matters. The MoU was signed mainly to share information, carry out joint investigations and undertake joint crime preventive programmes, as well as technical assistance and capacity building, among others. 259. At the operational level through various MoUs that the Rwanda National Police has signed with over 10 countries. The MoUs signed includes sharing of intelligence, capacity building, and other resources to proactively prevent TF activities. 4.2.4 Effectiveness, proportionality and dissuasiveness of sanctions 260. The maximum sanctions against natural persons who commit the offence of TF is liable to imprisonment for a term of not less than 10 years but not more than 15 years and there is direct confiscation of assets involved in the relevant terrorist financing activities. While the punishment for legal persons is liable to a fine of 10 to 20 times the value of the financing provided. In addition to these penalties, the legal person is also liable for dissolution, permanent closure and

82 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 publication in the newspaper or through any other means through the media. The Assessors noted that this sanctions regime is new in terms of AML/CFT Laws of 2023 and is yet to be tested in court and hence could not establish the proportionality and dissuasiveness of the sanctions under the new law. However, with the previous sanctions’ regime, Rwanda secured one TF conviction within which 4 suspects were convicted on charges of terrorism financing and 2 sentenced to 7 years’ imprisonment, one to 5 years imprisonment, and the other one to 4 years imprisonment while one accused was acquitted. The sanctions on the 1 case of conviction compared to the sanctions imposed by the courts on other statutory offences, are considered to be reasonably effective, proportionate and dissuasive. 4.2.5. Alternative measures used where TF conviction is not possible (e.g., disruption) 261. The criminal legal framework of Rwanda provides for general application of freezing of any proceeds of crime or criminal assets. This should also apply where the funds intended to finance terrorism is concerned, however, during the period under review the authorities have not used freezing as a disruptive measure for TF. Rwanda is able to apply alternative measures to disrupt TF activity where it is impossible to obtain adequate evidence to prove a TF case. A case in point is discussed in Box 8 the authorities were able to disrupt a planned attack and seized the materials that were planned to be used by the suspects to attack the cities. Further, the Authorities had established a national program to rehabilitate Radicals through Civic Trainings, enlightening them on the dangers of being engaged, trained on artisan skills and given employment in Government as well as being provided with scholarships to study abroad. Overall conclusions on IO.9 262. Rwanda’s understanding of TF is to some extent established amongst LEAs, which have reasonably been able to identify such cases. However, this has not resulted in more successful prosecutions and convictions for TF. TF cases take unnecessarily long to be prosecuted in courts compared to prosecution of other predicate crimes, particularly terrorism cases. Therefore, it could not be clearly determined that the NPPA prioritises the prosecution of TF. Rwanda has just come up with a CT Strategy, however there was relatively limited implementation of the Strategy as it was still new. In some cases, the Authorities have been able to deploy disruptive measures against TF activities. 263. Rwanda is rated as having a Low level of effectiveness for IO.9. CASE Box 10- In 2021 through intelligence information, the Authorities arrested 13 persons alleged to have allegiance to ADF (Allied Democratic Forces) planning to attack Rwanda. The plan was disrupted through the interventions made by the Authorities. The Authorities were able to seize materials for making Improvised Explosives Devices (IEDs) such as commercial explosives/TNT: 24 pieces, detonating cord (15m), time fuse (15m), nails: 5 kgs and 3 phones and 3 Sim cards. During investigation, it was established that suspects had received videos from ADF elements based in DRC to train them on how to assemble IEDs

83 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 4.3. Immediate Outcome 10 (TF preventive measures and financial sanctions) Background 264. In Rwanda, the National Counter Terrorism Committee is the competent authority with the mandate to implement TFS pursuant to UNSCRs 1267 and 1373 in terms of Article 40bis of Law No.46/2018 read together with article 4(4) of the Prime Minister’s Order No.018/03. It has the statutory responsibility for designating individuals, implementing relevant sanctions measures and circulated the UNSC list against individuals and entities who meet the criteria for designation. The NCTC deal with listing, de-listing and providing access to frozen funds or other assets. However, the TFS related to TF implementation is not in line with the UNSCRs. In Rwanda the regulation does not require the freezing obligation to be implemented from the time of dissemination by UNSC. The without delay requirement is only implemented after the FIC disseminate the notification to reporting persons and another relevant public or private institution. Moreover, Rwanda has no publicly known procedures to submit for de-listing, unfreezing requests to the relevant UN sanctions Committee in the case of persons and entities designated pursuant to the UN Sanctions Regime which do not, or no longer meet the designation criteria nor does have mechanism in place to allow for the listed persons or entities to petition for the same. Moreover, FIC does not provide guidance to financial institutions and other persons or entities, on how to comply with the obligation related to TFS on TF. 4.3.1. Implementation of targeted financial sanctions for TF without delay 265. The implementation of TFS pursuant to UNSCR 1267 in Rwanda is not without delay. The context of without delay as provided for under the FATF Glossary (i.e., ideally, within a matter of hours of a designation by the United Nations Security Council or its relevant Sanctions Committee). The lists of designated persons under UNSCR 1267 are not promptly sent to reporting entities by FIC due to a long internal process. On receipt of the UN list from New York, the Ministry of Foreign Affairs, takes at least two days of reviewing before dispatching to FIC for dissemination to the supervisory authorities and the financial institutions. From the time of the dissemination reporting persons and another relevant public or private institution have no more than 24 hours to implement the obligation. The notification is sent via email to all relevant institutions and the implementation starts from that time. FIC is mandated to grant a pre-emptive asset freeze on funds or other assets of the designees. The freezing order, including the list of designees is disseminated to competent authorities, Supervisory authorities transmit the list to reporting entities. 266. The Assessors noted that most of the FIs typically check the UN lists through their own websites as confirmed by them during the on-site visit, however, DNFBPs demonstrated little to no understanding and implementation of TFS requirements (see IO.4 for details). The Assessors noted that the last updates of the UN Sanctions list through FIC website were on 1st February 2022. However, while onsite, on 5th July 2023, FIC through a Public Notice, issued an update of the UNSCR to all reporting entities to ensure compliance of not dealing with designated individuals and entities. The assessment team noted that FIC has not issued any guidance to help reporting institutions to implement the obligations related to TFS on TF. 267. Rwanda has an adequate framework to implement UNSCR 1373. The National Counter Terrorism Committee is the competent authority with the mandate to propose person and entities

84 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 to the relevant United Nations Sanctions Committee. The Ministry in charge of foreign affairs upon receipt of a request for designation made by a foreign country, should immediately submit the request to the National Counter-Terrorist Committee for analysis. Therefore, the decision of designation is made based on reasonable grounds of whether such person meets the criteria for designation under UNSCR 1373. Despite the existence of the process, Rwanda has not yet designated any target under UNSCR 1373, or propose a target for designation pursuant to UNSCR 1267 and successor resolutions. The Authorities informed the assessment team that the process of designating domestic persons under UNSCR 1373 was underway. 268. Regulation 001/FIC/2021 sets down to some extent provisions to guide the implementation of freezing and de-freezing measures to be followed when the name of a designated person is removed from either the domestic list or a United Nations Security Council Sanctions list. And when such a removal occurs, any seizure, freezing order, or prohibition against the designated person automatically ceases immediately. However, Rwanda does not have a legal framework that requires natural and legal persons to freeze, without delay and without prior notice, the funds or other assets of designated persons and entities. Consequently, any reporting person or entity holding, controlling, or having custody or possession of funds or other assets belonging to the designated person is not required to unfreeze those funds or assets without delay and report the same to FIC. However, there are no other detailed guidelines or more specific guidance to facilitate its implementation. The regulation provides no obligation to provide clear guidance to other persons or entities that may also be holding targeted funds or assets on their obligations to take action under the freezing mechanism. 269. Despite having a legal framework for the implementation of TFS, the country has not designated or proposed any designations to the UN Security Council pursuant to Resolution 1373. This makes it difficult to assess the level of its effectiveness. 4.3.2. Targeted approach, outreach and oversight of at-risk non-profit organisations 270. The Rwanda Governance Board by virtue of the law N° 56/2016 of 16/12/2016 mandated among other duties, to register and monitor National Non-Governmental Organisations, International Non-Governmental Organisations, Faith Based Organisations and Political Organisations operating in Rwanda. In addition, it’s the supervisory authority to ensure the compliance of TF obligations. Assessment team noted that Rwanda has registered over 3088 NPOs including 2085 Local, 206 International, 776 Faith Based Organizations and 21 Foundations. These organizations operate in fields such as health, education, training, agriculture, water, sanitation, youth development, and social welfare amongst others. 271. In Rwanda, NPOs are required to conduct CDD, maintain records and report suspicious transactions, provide report of activities and file annual returns. In January, 2022, Rwanda Governance Board conducted the NPOs sectoral risk assessment on TF targeting 57 organizations including 34 national, 7 international nongovernmental, and 16 faith-based organizations' operations. The NPOs sectoral risk assessment on TF focused on evaluating how NPOs are implementing AML/CFT/CPF measures, relating to reporting STRs, the sources of funds and donors of the organizations (internal or external sources), bookkeeping records, and the use of bank accounts.

85 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 272. As result, the NPOs sectoral risk assessment on TF informed authorities that many NPOs were not in compliance with measures established by Law. NPOs were not filing STRs and were using bank accounts. Moreover, the Risk assessment failed to identified NPOs that are vulnerable to Terrorist Financing abuse by terrorist actors. Rwanda has not yet addressed the requirement to identify which subset of organizations fall within the FATF definition of an NPO and identify the features and types of NPOs that, by virtue of their activities or characteristics, are likely to be at risk of TF abuse. The NPOs sectoral risk assessment did not provided recommendation measures to commensurate the risk. 273. Rwanda has measures in place to oversee NPOs operations and all NGOs, regardless of their level of TF risks. These measures include submission of operational and financial returns in every six months, self-regulatory initiatives and outreach designed by FIC and RGB. However, given the absence of requisite supervisory and monitoring, these measures have limited impact and the RGB has limited knowledge about the TF risks. The assessment Team noted the absence of supervision and monitoring of the activities carried out by the NPOs. The activities reports were not revised, no information about the annual returns, and no guidance were given to NPOs. 274. FIC and RGB jointly conducted several outreach programs. FIC had developed a supervisory framework for conducting inspections and monitoring the accountable institutions’ compliance with their AML/CFT obligations which it aimed to apply on NPOs since they also fall within the reporting entities parameter. However, the assessment team noted that Rwanda is missing an effective approach in identifying, preventing and combating terrorist finance abuse of NPOs. Overall, the Authorities did not provide information evidencing imposition of sanctions on NPOs for failure to comply with regulatory requirements consistent with R.8. 4.3.3. Deprivation of TF assets and instrumentalities 275. Rwanda has adequate and sound legal regime for confiscation which it can use to potentially deprive terrorists of assets, unfortunately this has not been applied to TF cases. The legal regime contains provisions that would allow both criminal and administrative deprivation of assets relating to TF. The implementation of this regime is not effective, as Rwanda has not frozen assets or instrumentalities associated with designated individuals and organisations. According to the information availed at the time of the onsite, there was no case that warranted freezing action on assets or instrumentalities relating to TF. Nevertheless, the assessors observed 19 TF cases that are currently pending in court. If the authorities had identified assets and concluded these cases in court, it would have been pertinent to assess the presence in Rwanda of assets or instrumentalities that could become subject to confiscation. In the absence of any freezing and/ or confiscation of funds, financial assets or properties or any freezing, seizure or confiscation pursuant to the UNSCRs 1267 and 1373, the regime has not been tested and the Assessors could not at this stage determine its overall effectiveness. 4.3.4 Consistency of measures with overall TF risk profile 276. Rwanda has not demonstrated that the measures in place are consistent with its overall risk profile. This is attributed by the fact that the authorities have not assessed the subset of the NPOs at risk of TF nor determine the TF threat to which NPOs could be exposed. The existing measures are not targeted nor proportionate to the risk as well as the supervisory activities and outreach to the NPOs sector is not in line with the risk profile of the country. The measures taken by the

86 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 authorities are not consistent with the overall TF risk profile. In addition, the country has not designated or proposed any domestic designations pursuant to Resolution 1373, which hinders the implementation of such resolution. Rwanda has a limited understanding of the terrorist financing risk, the country has not used targeted financial sanctions to respond to the terrorist threats. Furthermore, RGB as regulator of NPOs sector, has a limited understanding and resources to sustain outreach, targeted risk-based supervision and monitoring, effective investigate and gather information, and effective mechanism for international cooperation. Overall conclusions on IO.10 277. Rwanda does not implement TFS on TF adequately and without-delay due to long internal process within the Government Institutions to coordinate the same. Rwanda lacks clear mechanism and coordination to implement the UNSCRs, a situation that has resulted in delays in circulating the UNSC Sanctions Lists to FIs and DNFBPs and other relevant entities without delay. The current freezing mechanism of funds or other assets of designated person and entities are considered ineffective because the determination of the criteria for making the decision to unfreeze is unclear as well as the means of reporting to FIC without delay is also uncertain. Most of the authorities and reporting entities do not seem to have sufficient awareness to the procedures that should apply with respect to UNSCR 1267 and 1373. Authorities have not adequately assessed the entire NPO sector to identify members, which are at risk of abuse for TF purposes and have not applied focus monitoring and supervision measures on high TF risk NPOs identified. 278. Rwanda is rated as having a Low level of effectiveness for IO.10. 4.4. Immediate Outcome 11 (PF financial sanctions) Background 279. Rwanda has a new legal framework, enacted 26 August 2021, to implement UNSCRs on proliferation of weapons mass destruction (WMD), such that some competent authorities and reporting persons were unable to describe their obligations with regards to TFS on Proliferation Financing. Rwanda does not have a legal framework that requires natural and legal persons to freeze, without delay and without prior notice, the funds or other assets of designated persons and entities. There are no provisions addressing freezing of funds or other assets whether owned or controlled directly or indirectly or otherwise by designated persons or entities. There are no publicly known procedures to submit de-listing requests in Rwanda and the authorities have not established a mechanism to allow for the listed persons or entities to petition for the same. It lacks publicly known procedures to unfreeze the funds or other assets with the same or similar name as designated persons or entities. Rwanda has no mechanisms for communicating de-listing and unfreezing immediately to the financial sector and the DNFBPs nor have guidance and obligations to financial institutions and other persons or entities, including DNFBPs that may be holding targeted funds or other assets, to respect a de-listing or unfreezing action. Based on the information provided and discussion with the authorities, the assessment team could not establish any economic or commercial activities linked to Rwanda and the Democratic People republic of Korea. 280. This newness of the legal framework and the gaps has led to no effective institutional framework for implementation of TFS on Proliferation Financing, as the National Counter

87 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Terrorism Committee has not met regularly to draw up an implementation plan. There is little to no awareness by competent authorities and reporting entities on how to implement their obligations in relation to proliferation financing. 4.4.1. Implementation of targeted financial sanctions related to proliferation financing without delay 281. Rwanda's legal framework provides provisions that enable the implementation of targeted financial sanctions related to proliferation financing. However, the process is not done without delay and does not require all the natural and legal persons within the country to freeze, without delay and without prior notice, the funds or other assets of designated persons and entities. Rwanda has no provision to freeze funds or other assets derived or generated from funds or other assets owned or controlled directly or indirectly by designated persons or entities. 282. Although there is a National Counter Terrorism Committee (NCTC) established by the Prime Minister order, there was no clear mechanism on how they work, such that there were no disseminations by the committee as they stated it should be done by the FIC, which is part of the NCTC. The Assessment team noted a deficiency in terms of understanding by Authorities on the role of FIC in the NCTC. The FIC as empowered by their Law no 45/21, has issued REGULATIONS N° 001/FIC/2021, which covers both TFS on TF and PF, nothing more, which has resulted to zero investigations conducted or intervention made by the authorities to enforce any sanctions. 4.4.2. Identification of assets and funds held by designated persons/entities and prohibitions 283. Based on the understanding that the legal framework or mechanism to implement TFS relating to PF is new, Rwanda’s capability to identify assets or funds associated with designated persons/entities and prohibitions under TFS relating to PF could not be determined. The assessment team noted that FIs are mostly concerned with TFS related to TF, and, the DNFBPs sector is completely unaware of their freezing obligations. There has been no report of them holding funds of a designated person or entity as pertaining to TFS relating to PF. Rwanda has not identified any person who or entities which match with the UNSCRs designated persons and entities. There has been no report of them holding funds of a designated person or entity as about TFS relating to PF. The none identification might be highly linked to the limited understanding of the TFS obligation and delay on the circulation of the freezing notice. 4.4.3. FIs and DNFBPs’ understanding of and compliance with obligations 284. There is a varied understanding and implementation by FIs with their obligations to apply TFS without delay related to PF with big FIs being more advanced. Financial institutions do not appear to have sufficient awareness of their obligations to implement PF-related sanctions. Further, the DNFBPs’ understanding of proliferation risks and the TFS related to proliferation is quite limited. This is due to the newness of the legal framework or mechanisms to enable compliance with the implementation of TFS relating to PF. This seems to be as a result of the authorities’ approach to PF TFS, as they have not carried out any activity targeted at FIs and DNFBPs to help them understand their TFS obligations on PF.

88 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 285. In the case of VASPs, the compliance situation could not be determined due to lack of registered VASPs in the country. The assessors therefore concluded that the understanding of FIs and DNFBPs of their TFS obligations is limited. 4.4.4. Competent authorities ensuring and monitoring compliance 286. Rwanda lacks measures to ensure and monitor the level of compliance with PF obligations. The National Counter-Terrorism Committee has never discussed or issued any measures or guidelines related to PF. Moreover, there is no clear, comprehensive mechanism to assist FIs, DNFBPs, and VASPs with the implementation of TFS related to PF obligations. Overall Conclusion on IO.11 287. Rwanda has a legal framework for TFS on Proliferation Financing. Despite this effort, much still needs to be done. The assessment team noted that there is no comprehensive process to implement the counter-proliferation TFS related to PF without delay. The UNSC designation does not immediately trigger the obligation for all natural and legal persons to freeze the funds of the person or entity designated without delay, and without prior notice, the funds or other assets of designated persons and entities. Furthermore, there is no guidance nor obligations to financial institutions and other persons or entities, including DNFBPs that may be holding targeted funds or other assets, to respect the freezing and the unfreezing notice. Rwanda has not undertaken any enforcement actions related to PF. There were no investigations or sanctions related to TFS on PF. Both financial supervisors for FIs and DNFBPs have not conducted inspections which covered TFS on PF. 288. Rwanda is rated as having a Low level of effectiveness for IO.11.

89 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 5. PREVENTIVE MEASURES 5.1. Key Findings and Recommended Actions Immediate Outcome 4 Key Findings Financial Institutions a) Generally, banks demonstrated a fairly good understanding of the inherent ML/TF risks and the application of AML/CFT obligations to business relationships and transactions with their customers. Securities and life insurance entities demonstrated a fairly moderate understanding of ML/TF risks and AML/CFT obligations while mobile or money value transfer operators, microfinance and foreign exchange bureaus demonstrated a fairly limited understanding of their ML risks and AML/CFT obligations. The understanding of obligations related to TFS (freezing without delay) and TF is low across the board. b) The banking sector which includes MVTS providers seem to have a fair appreciation of mitigating controls commensurate with the identified risks with the rest of the FIs generally apply mitigating controls to a lesser extent while the application of mitigating measures for high-risk situations was deemed inadequate across all FIs. c) The FIs showed a good understanding of general CDD obligations and record keeping requirements for business relationships and transactions. The FIs in general have a varying understanding and application of BO requirements as most could not distinguish between shareholding and beneficial ownership. In the absence of a framework for obtaining and maintaining BO information at the time of the on-site, there was an over-reliance on the customer’s self-declaration information. d) The FIs did not demonstrate effective application of EDD measures on high-risk situations including on establishment of customer sources of funds and wealth. The application of EDD measures is insufficient on all higher risk customers and products, PEPs, TFS, higher risk countries and new technologies. Some FIs had difficulties in the identification of close associates of domestic PEPs. e) Generally, banks (including micro finance) and MVTS report suspicious transactions to some extent. Reporting by non-bank FIs was very low (1%) during the period under review. In view of the materiality of the banking sector and the exposure of the IFC, reporting by banks is considered low. In addition, there is minimal reporting of by all FIs of STR relating to TF. FIs are not filing STRs promptly to the FIC since there has not been any guidance on the promptness requirement for filing of STRs. f) The requirement of prohibition of tipping-off is well understood and applied to a large extent by large and medium size FIs. However, other smaller financial institutions like the forex bureaus, MVTS, fund managers report STRs to the FIC and also submit them monthly to the BNR which may potentially lead to tipping off. g) There is generally adequate internal controls, policies and procedures by FIs with more robust controls and adequate policies and procedures being applied by banks due their exposure to the international financial system.

90 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 DNFBPs a) DNFBPs demonstrated a low to non-existent level of understanding of ML risks and AML/CFT obligations with the exception of casinos that demonstrated a fairly better understanding of ML risks and AML/CFT obligations. This is attributed to the lack of awareness of AML/CFT obligations by the regulators and the inadequate AML/CFT compliance monitoring by the designated supervisors. DNFBPs demonstrated little to no understanding of TF risks and application of TFS obligations. b) The TCSPs, real estate agents, accounting firms, DPMS and legal professionals demonstrated a low application of the AML/CFT obligations on their customers and transactions. The measures and mitigating controls were not commensurate with the existing risk within the DNFBP sector. c) DNFBPs have no common understanding of the concept of BO nor do they identify or verify beneficial ownership. In addition, there is no even application of EDD measures when dealing with high￾risk customers. This is attributable to the fact that lawyers, accountants had recently established compliance functions and were in the process of developing AML/CFT policies, procedures and processes, while the real estate sector is yet to establish relevant controls. Further, the real estate sector was yet to establish the stated internal controls. d) There is little to no STRs being reported by the DNFBPs on either ML or TF for the period under review. This may be associated to inadequate or absence of AML/CFT supervision by the relevant supervisors. Moreover, tipping off is not well understood by the DNFBPs, and some of DNFBPs report STRs to their associations or RIB that could potentially lead to tipping off. e) The application of internal controls and procedures is little to non-existent by DNFBPs with the exception of casinos. Recommended Actions Financial Institutions Rwanda should: a) Ensure that the non-bank FIs conduct institutional ML/TF risk assessments, based on the risks prevailing within the sector to enable them to improve their understanding of ML/TF risks and apply commensurate mitigating controls as informed by the identified risks. b) Enhance the understanding of TF and implementation of procedures to effectively implement the UNSCRs on targeted financial sanctions on TF and proliferation financing through targeted awareness and issuance of appropriate guidance. c) Ensure that the FIs should conduct training in order to enhance understanding and effective application of AML/CFT obligations as per the new AML/CFT Act and Regulations including the understanding and applications of obligations related to BO, EDD for high-risk situations, TFS and new technologies. d) Ensure that FIs understand their obligations with regards to reporting of STRs and also require FIs to put in place procedures in order to effectively enable detection and reporting of STRs to the FIC. e) Ensure all non-bank FIs have adequate compliance functions and apply other internal control measures commensurate to risks and size of the business.

91 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 DNFBPs a) Ensure that all DNFBPs except casinos conduct ML/TF risk assessments, based on the prevailing risk, to enhance their understanding of their ML/TF risks and apply mitigating measures based on the risks identified. b) Enhance understanding of TF by the DNFBPs and the implementation of the UNSCRs on targeted financial sanctions on TF and proliferation financing through focused awareness and issuance of appropriate guidance. c) Ensure that DNFBP sector should, without delay, start training in order to enhance understanding and effective application of AML/CFT obligations as per the new AML/CFT Act and Regulations including the understanding and applications of obligations related to BO, EDD for high-risk situations, TFS and new technologies. d) Require DNFBP sector to put in place systems and procedures in order to effectively enable detection and reporting of STRs to the FIC. e) Ensure that the DNFBP sector have adequate compliance functions and apply other internal control measures commensurate to risks and size of business. 289. The relevant Immediate Outcome considered and assessed in this chapter is IO.4 15 . The Recommendations relevant for the assessment of effectiveness under this section are R.9-23. 5.2. Immediate Outcome 4 (Preventive Measures) 16 290. The financial services sector in Rwanda consists a variety of sub-sectors of which the banking sector is the largest and is comprised of both local and internationally owned institutions with foreign owned banks in majority. As at December 2022, Rwanda had 15 banks, of which 13 were large and medium size in terms of asset size. The total asset size of the banking sector was USD 5.49 billion17. In Rwanda, 6 MVTS providers are licensed by BNR and most of the services are provided under the banking licence. The key product offered in the banking sector include SME deposits, international trade, corporate loans and wire transfer of which all assume a heightened level of ML/TF risk. 15 When assessing effectiveness under Immediate Outcome 4, assessors should take into consideration the risk, context and materiality of the country being assessed. Assessors should clearly explain these factors in Chapter One of the mutual evaluation report under the heading of Financial Institutions and DNFBPs, as required by page 131 of the Methodology. 16 The first paragraph should give a short summary of what relative importance assessors have given to the different types of financial institutions and designated non-financial businesses and professions, taking into account the risk, context and materiality of the country being assessed. This should be supplemented by a cross-reference to the more detailed information in Chapter One on how each sector has been weighted (based on risk, context and materiality) (as required by page 131 of the Methodology). 17 Refer to the paragraph 43 on Materiality under ML/TF risks and context

92 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 291. The country has established its International Financial Centre (IFC) which among others aims at attracting foreign investors to consolidate their assets in Rwanda and ensuring the country is a financial destination for international investment and cross-border transactions in Africa. With the implementation of the IFC, which elevated the ML/TF risks due to the nature of the services that are provided by key players, including banks, TCSPs, Lawyers, securities. 292. All DNFBPs under the FATF Standards are present in Rwanda. The number of real estate agents was 74 (refer to Table 1.3 for details of DNFBPs). Based on the relative materiality and risk in the context of Rwanda as explained under chapter 1, the implementation of preventive measures by the relevant sectors was weighted as follows: a) Most heavily weighted for banks b) Heavily weighted for MVTS, real estate agents, casinos, TCSPs, dealers in precious stones and metals, Securities sector, legal practitioners, e-money and Payment Systems Providers and accountants. c) Less heavily weighted for casino, notaries, Life Insurance and pensions. 5.2.1. Understanding of ML/TF risks and AML/CFT obligations 293. The Rwanda’s AML/CFT legal and regulatory framework was enhanced in May 2023 with enactment of the Law Nº 028/2023 of 19/05/2023 on The Prevention and Punishment of Money Laundering, Terrorist Financing and the Financing of Proliferation of Weapons of Mass Destruction (AML/CFT law 2023). The AML/CFT law 2023 which was introduced 3 weeks prior to the on-site visit introduced new requirements for reporting persons to undertake enterprise-wide risk assessment, to consider all relevant risk factors and to keep the assessment up to date. The FIC who is the supervisor for the real estate sector has also introduced guidelines for the real estate sector and general guidelines for implementation of BO requirements and the reporting of STRs for reporting institutions. 294. The FIs displayed varying levels of understanding of their exposure to ML/TF risks and AML/CFT obligations as set out in the AML/CFT Act 2023 and regulations. It was noted that understanding of TF was low across the sectors. In respect of appreciation of ML/TF risks, the assessors observed that the large FIs had started conducting institutional risk assessments. Within the financial sector, there was varied level of understanding of ML/TF risks by the FIs with the banks demonstrating a better understanding of ML/TF risks and AML/CFT obligations. The Securities and insurance sectors demonstrated a fairly moderate understanding of ML/TF risks and AML/CFT obligations while foreign exchange bureaus, microfinance, and mobile or money value transfer operators demonstrated a fairly limited understanding of ML/TF risks and AML/CFT obligations. As for the DNFBPs including TCSPs, it was found that all the institutions except for Casinos demonstrated little to no understanding of ML/TF risks and obligations. The above was largely attributed to implementation of the risk-based approach to AML/CFT across most of the regulated sectors which is still at a nascent stage. Banks 295. The large and medium banks including money remitters which are mostly offered by banking institutions (as agents of Western Union and Money Gram) (local and foreign owned or controlled) demonstrated a good understanding of ML/TF risks and AML/CFT requirements to

93 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 business relationships and transactions with their customers. The understanding is mainly informed by the ML/TF institutional risk assessments and can be attributed to the development and implementation of internal procedures and programmes to identify, assess and document the ML/TF risks. The risk assessment is done periodically or more frequently depending on the group compliance requirements, e.g., if new products or services are being rolled out. The banks that were interviewed identified high risk countries, products or services, delivery channels, and customers in their institutional risk assessments. The banks have also considered other qualitative risk factors including corruption index for Rwanda, length of relationship, exposure to sanctioned persons and adverse media. In addition, the banks implemented automated customer risk profiling systems or software at onboarding stage to facilitate their understanding of the appropriate level of customer risks. However, the large and medium banks did not demonstrate how the findings of the NRA were integrated into the institution’s ML/TF risk assessment processes. For instance, the country’s NRA identified SME deposits, and corporate loans as the most vulnerable products with respect to money laundering risks in the banking sector. FIs are yet to include the findings of the SRA from the relevant supervisors since the supervisors are yet to carry out awareness on the results of the respective SRAs (refer to IO.3). 296. In general, the large and medium banks portrayed a good understanding of their AML/CFT obligations as set out in the legislative framework including the need to implement internal systems and controls despite the recent amendments to the AML/CFT law which they are still getting familiar with. The foreign- owned or controlled banks have over the years benefitted from their group system whose policies require regular risk assessment at the group level in order to develop mitigating measures commensurate with the identified risks. Other Financial Institutions 297. Securities and life insurance entities demonstrated a fairly moderate understanding of ML/TF risks and their obligations. This is mainly attributed to the fact that most securities entities conducted initial institutional risk assessments to facilitate their understanding of ML/TF risks and implemented manual excel -based customer risk profiling processes at the onboarding stage. Similarly, life insurance entities conducted institutional risk assessments and dynamic risk assessments on an annual and ongoing basis, respectively to facilitate their understanding of ML/TF risks. The dynamic risk assessments are manual excel -based and the institutional risk assessments take into consideration various factors. However, some insurance entities have risk assessments which were last updated in 2019 hence casting doubts on their understanding of current ML/TF risks. Further, there was a varied understanding of obligations relating to the identification of beneficial owners in cases where the beneficiary is a legal person. 298. Mobile money service providers (MMPS) and MVTS operators, microfinance and foreign exchange bureaus demonstrated a fairly limited understanding of their ML/TF risks and obligations. This may be attributed to the fact that risk-based AML/CFT inspection of the microfinance sector was yet to be implemented at the time of the onsite. Further, MVTS provider and foreign exchange bureau had not undertaken adequate ML/TF risk assessments. The stand￾alone Mobile Money Service Providers (MMSP), often mistook risk assessment with carrier network certification and compliance requirement at the time of onboarding clients which has a small component of AML/CFT for CDD measures. The MMSP informed that every individual can register 3 SIM cards on their own name and be used for the different products and services provided. In addition, the MMSPs could not demonstrate that they understand the risk posed by

94 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 the different agents in the various regions within Rwanda. The MMPS operators categorised “cash in” product as high risk, however, the factors leading to the risk assessment were based on business factors bordering on agents’ commissions. Nonetheless, the institution implemented automated systems for monitoring and risk profiling agents’ transactions and identification of PEP customers which is mostly based on the platform system requirements. 299. Similarly, the microfinance institutions interviewed during the onsite conducted institutional risk assessment to understand ML/TF risks arising from core risk categories including high risk geographical locations. However, other factors such as the products risk assessment did not majorly border on ML/TF risks. 300. On the other hand, foreign exchange bureaus met during the onsite were in the process of conducting institutional risk assessment to understand risks arising from its customers, products or services, delivery channels and geographical locations and country risks hence could not demonstrate an understanding of their ML/TF risks. The institution nonetheless utilises automated systems, such as AML Compass, which is used for screening both money transfers and money changers against UNSCR sanctions lists and PEP lists. DNFBPs 301. Generally, the DNFBPs demonstrated a low to non-existent level of understanding of ML/TF risks and obligations with the exception of Casino that demonstrated a fair understanding of the ML/TF risks and AML/CFT obligations that apply to them. The level of understanding particularly for TCSPs is concerning in view of the country’s implementation of the IFC which the institutions play a critical gate keeping role in providing various services including facilitating the creation of legal persons and arrangements. The TCSPs that were interviewed informed the assessment team that they had not conducted institutional ML/TF risk assessment nor they did demonstrate an understanding of ML/TF risks including implementation of AML/CFT obligations in general. The limited understanding of the TCSPs sector is mainly attributed to inadequate supervision of the sector by the supervisory authority. 302. The other DNFBP sectors including lawyers, dealers in precious stones and metals and accountants demonstrated low to non-existent level of understanding of ML/TF risks and obligations. This was mostly attributed to lack of adequate supervision of the sectors, lack of institutional ML/TF risk assessments and product specific assessments. Lawyers are involved in the creation of legal persons and the facilitation for the setting up of legal arrangements including being involved in the sale of real estate, however, the risk arising of misusing an escrow account was not well understood by the legal practitioners. The real estate sector was rated as high risk in the NRA. Despite the fact that the NRA was concluded in May 2019, real estate agents are yet to be regulated and there is little to no supervision within the sector. As a result, the FIC who is the supervisor for the real estate sector only issued a guideline informing the players of the AML/CFT obligations for the sector since October 2022. Further, dealers in precious stones and metals did not demonstrate their understanding of ML/TF risks. 303. The low level of understanding of the AML/CFT obligations by the DNFBP sector might be associated with lack of awareness and training on their obligations and the absence of adequate compliance monitoring by the designated DNFBP supervisors (refer to IO.3 for further details). There is also a low level of understanding of TF risk and TFS requirements across the DNFBP sector.

95 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 5.2.2. Application of risk mitigating measures 304. The banks and other large FIs have to some extent established internal systems and controls to mitigate ML/TF risks. They have implemented risk mitigation measures into their day-to-day operations and have developed and implemented AML/CFT policies and procedures commensurate with the identified risks. However, the application of the risk mitigation measures significantly varies between FIs and DNFBPs, as well as within FIs. 305. FIs apply risk mitigating measures on the basis of documented and ongoing ML/TF risks assessments albeit at varying levels. The banks implemented better controls to mitigate and manage the risks using different approval layers of business relationships and transactions and automated on-going/enhanced monitoring on customers or transactions considered high risk. These controls are applied on non-resident customers, cash-intensive industries and cross-border wire transfers. However, FIs demonstrated inadequate application of enhanced due diligence measures on PEPs. 306. DNFBPs with the exception of casinos, do not apply risk mitigation measures. Despite the fact that the NRA 2019 informs that although the real estate sector and DPMS present within Rwanda were rated as carrying higher risk, none of them have carried out risk assessments and applied the relevant risk mitigation measures and did not have AML/CFT programmes, policies and procedures. Financial institutions 307. The large and medium banks (domestic and foreign owned or controlled) with internal ML/TF risk assessments in place demonstrated a good application of the AML/CFT control measures, they are well resourced and apply robust mitigating measures taking into account the risk profile of the customers and transactions. They risk profile their clients as low risk, medium risk and high-risk customers based on the profiling exercise at the time of onboarding and they update their KYC information every three years, two years and one year interval, respectively. On the other hand, review of such KYC information across the rest of the financial institutions is not informed by the level of the identified customer risks. However, the implementation of mitigating measures for PEPs and other high-risk customers across all FIs was deemed inadequate. For instance, all financial institutions did not demonstrate effective implementation of enhanced customer due diligence measures including on establishment of sources of funds and wealth for PEPs. 308. Banks have developed and implemented AML/CFT policies and procedures to identify and manage risks which are periodically reviewed. On the other hand, other FIs including securities have recently put in place AML/CFT policies in response to initial onsite inspections on the institutions by their respective supervisory authorities. Banks and other large financial institutions implemented automated ongoing monitoring systems or software for identification of suspicious transactions, PEPs, adverse media and sanctioned entities. Most banks and other large FIs rely on international databases to identify PEPs which do not incorporate all types of domestic PEPs. On the other hand, small and medium sized financial institutions relied on manual monitoring processes for screening of customers against sanctions lists. 309. Some banks and other large financial institutions have direct access to National Identification Authority (NIDA) and Rwanda Development Board (RDB) registries for verification basic and shareholding information, respectively. On the other hand, Small and medium sized financial

96 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 institutions can have access to such registries upon written communication to the relevant authority. Moreover, the assessment team was informed that prior to March 2023, although the legal framework was already established, RDB was not collecting beneficial ownership information on companies and consequently reporting persons could not access BO information for identification or verification purposes (see IO.5 for further details). DNFBPs 310. Generally, the DNFBP sector except for Casinos are not fully aware of the AML/CFT obligations that apply to them. Despite the fact that the NRA rated most real estate sector and DPMS in the DNFBPs sector as high risk, neither risk assessment was conducted nor have they applied risk mitigation measures. In addition, the sector lacks the implementation of AML/CFT programmes, policies and procedures for risk mitigation and only apply basic CDD measures whereby there is heavy reliance on the information submitted without carrying out independent verification of the documents or information provided. The TCSPs, real estate agents, accounting firms and legal professionals demonstrated a low application of the AML/CFT obligations on their customers and transactions. Moreover, the lawyers did not have measures in place to monitor escrow accounts and to obtain information on nominator, director or shareholder in cases where they deal with nominees. Further, the TCSPs did not have measures in place on dealing with high￾risk relationships and did not understand their obligations on reporting of STRs. However, this is not in line with the risk profile of the sectors which poses high risk based on the NRA and in view of the services that they provide within the IFC. The real estate agent met during the on-site informed the assessment team that it had just started putting in place AML/CFT compliance programs with the appointment of the compliance officer. This is of particular concern especially considering that real estate agents are deemed high risk in the NRA. 311. Lawyers, accountants with the assistance of their regulatory bodies had just established compliance functions and were in the process of developing AML/CFT policies, procedures and processes. The Assessors are of the view that this is attributed to little or no understanding of the ML/TF risks and the AML/CFT obligations by the DNFBP sector and absence of awareness and inadequate supervisory activities. 5.2.3. Application of CDD and record-keeping requirements Customer Due Diligence 312. FIs apply basic CDD measures to a large extent in order to establish and verify the identity of customers and on occasional transactions above the designated threshold, whilst BO requirements are being applied to a limited extent. Banks demonstrated better application of basic CDD measures which are applied before the establishment of the business relationship and on an ongoing basis by having periodic review of basic CDD information which is done at the time of onboarding of the customer and when carrying out transactions. For identification of natural persons, for locals, information on the name, national identification number which includes the date of birth, physical address is required and the basic KYC documents for verification of identity are the national ID issued by NIDA, driver’s licence, passport where there is a requirement for additional information such as letter from employer. For foreigners (non-resident), a valid passport, valid work/residence permit, letter from employer, lease agreement for proof of residence. With respect to legal persons, identification and verification is done through the

97 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 information that are submitted to the RDB, certificate of incorporation, memorandum and articles of associations, business licence and TIN, list of directors and shareholders. 313. Verification of basic information using independent sources is being conducted to a large extent by FIs as they have access to government agencies that include NIDA which is the central registry for national ID, RDB for legal persons and arrangements and RGB for NGOs, larger FIs have direct access to NIDA and RDB databases through Application Programming Interface (API) systems that allows for instant verification of the National Identity information for local individuals clients. With regards to legal persons and arrangements, verification is done through the RDB whereby the FIs write to the RDB and receive the information for a fee of RWF 5000 (USD 4.2) or RGB to obtain the required information. Prior to March 2023, the RDB was not collecting BO information for companies and at the time of the on-site, the Assessment team was informed that about 704 companies out of 150, 000 registered companies had provided BO information (see IO.5 for further details). Insurance companies indicated that they obtain beneficiary details both at onboarding and payout. Occasional transactions that are equal to or exceed RWF 1,000,000 (USD 835) are subject to CDD requirements by all FIs. The FIs (banks and insurance companies) with international nexus indicated that they look for information such as list of directors and shareholders. However, there is a disparity in the FIs interpretation of BO or the person effectively having control as they normally refer to the person with shareholding threshold (15-25%). Most of the FIs have recently introduced a BO declaration form that should be completed by customers at on boarding stage. The verification of BO information is being conducted to a limited extent by all FIs. 314. Banks, securities, and insurance companies risk rate customers at onboarding stage, however, from the interviews conducted, the institutions do not revise risk ratings on an ongoing basis in line with changes in risk profiles of customers. MVTS and foreign exchange do not risk rate customers at onboarding, however, customers are segmented based on client or product type. 315. FIs are largely aware of the obligations with respect to use of third parties, FIs are required to immediately obtain the necessary information concerning customer due diligence measures from the third party including the identity of each customer and beneficial owner. Further, reliance on a third party does not relieve a reporting person from the obligation to apply customer due diligence measures. 316. The verification of documents provided by non–resident entities is being conducted to a limited extent by all FIs. Some of the FIs that are part of regional or international groups and place reliance on CDD conducted by the group entity based in the home country without considering the requirements under Rwanda AML/CFT legal framework including referrals from jurisdictions with strategic AML/CFT deficiencies. The reliance is mostly based on practice at the level of the Group that uses introducers/facilitators and provide self-declaration information/statement on the proposed customer. 317. FIs interviewed indicated that they refuse or terminate business relationships and occasional transactions if CDD is incomplete. However, some FIs indicated that where the missing CDD information is not very significant, the customer commits to submit the information within a specific timeline and if that information is not provided, they do not proceed with the business relationship. In both instances, the FIs could not outline the circumstances that would result in such customers being reported to the FIC.

98 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Transaction monitoring 318. Banks utilize automated transaction monitoring systems to monitor customer transactions on an ongoing basis, however some of the banks are unable to effectively detect ML/TF related transactions as they have not customized the automated transaction monitoring detection scenario rules to suit the ML/TF risks faced by the entity and domestic legal requirements. As a result, the banks were unable to effectively detect ML/TF related transactions. In terms of on-going transaction monitoring, the banks and MVTS have in place adequate automated transaction monitoring systems that detect and identify unusual transactions pattern or where the profile of the client has changed. However, the automated transaction monitoring systems used by some of the banks do not cover all products and bank payment systems, to mitigate the risk, some banks still make use of manual transaction monitoring controls. Non-bank FIs that do not have automated transaction monitoring systems are still using manual systems and have not yet deployed mechanisms to review customer transactions on an ongoing basis. Record keeping 319. In relation to record keeping requirements, the FIs appear to maintain adequate records including keeping documents collected through the CDD process and all transactions records in both soft and hard copies. The records are kept at the premises and depending on the policy of the FIs, it can be moved to a designated archive centre, however, all records are made available in soft copies at all times at the registered office address. Transaction records are kept for a minimum period of ten years from the date the business relationship is terminated or the last transaction date for occasional transactions in line with the AML/CFT Act and the Companies Act. DNFBPs 320. The implementation of CDD measures in the DNFBP sector varies from the application of basic CDD requirements and those that implement to a limited extent. Real estate agents, lawyers, DPMS and TCSPs have only recently started collecting basic CDD information and the measures are not being applied consistently. Real estate agents who were rated as high risk in the NRA informed that they facilitate real estate business and since the sale deed would have to be done with the assistance of a public notary, they only carry out basic KYC at this stage. The casino interviewed demonstrated better understanding of CDD requirements and implemented measures that enable customers who transact an equal to or above RWF 3,000,000 (USD 2,505) to be identified and verified. 321. DNFBPs linked to international networks have requirements to obtain basic CDD and BO information. There is no shared understanding on BO by DNFBPs as some of the DNFBPs interviewed referred to basic CDD information on shareholders and were not conversant with other ways of determining BOs besides the threshold mechanism. DNFBPs do not verify BO information. DNFBPs do not risk rate customers at onboarding and on an ongoing basis and do not monitor customer transactions on an ongoing basis. During the onsite only one (1) DNFBP, a law firm, indicated that they refuse business when CDD is incomplete. The extent to which business relationship is refused varied with the majority of the DNFBPs more inclined to accept business, when CDD is incomplete, due to profit making motives.

99 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 5.2.4. Application of EDD measures Application of EDD measures – Politically Exposed Persons (PEPs) Financial Institutions 322. Although the AML/CFT Act 2023 require reporting persons to identify and treat PEPs relationship as high-risk, there is a mixed understanding and application of EDD measures by FIs and the NBFIs in Rwanda. All FIs generally regards all types of PEPs as high-risk customers and understood the risks associated with PEPs but were not able to demonstrate application of mitigation measures and controls. The risk management systems that have been deployed by FIs to establish whether a customer or BO is a PEP are not effective, this is coupled by the low understanding of the concept of BO (see IO.5 for further details). On the other hand, NBFIs do not identify family members and close associates of PEPs. Banks and insurance companies exclusively rely on automated screening systems that are embedded into their screening system to identify PEPs. The automated screening systems uses commercial databases to source the information on PEPs, however, these databases do not have a comprehensive list of domestic PEPs, which may result in the non-identification of PEPs that are not easily identifiable including close associates and family members of PEPs. 323. The banks and securities brokerage companies demonstrated inadequate implementation of measures in cases where the institution knows or suspect ML/TF or PF. Banks and securities, in particular, highlighted that in cases where there is suspicion on ML/TF, enhanced due diligence measures would be applied which include establishment of beneficial ownership. In such cases, the expectation is for the institutions to file suspicious transactions reports to the FIC which is not being carried out. This gap emanates from the provisions of Article 17(3) of the AML/CFT law which provides requirements for enhanced due diligence in cases where reporting persons knows or suspects ML/TF or PF. 324. FIs treat all PEPs as high risk and all FIs interviewed indicated that PEPs are approved by senior management prior to onboarding. Larger FIs apply EDD measures and on-going transaction monitoring measures using adequate mechanisms to monitor transaction on PEPs to a large extent and small to medium FIs to a lesser extent. All FIs do not apply adequate measures of legal persons and legal arrangements owned or controlled by PEPs. Some FIs, especially small to medium FIs, do not establish source of funds and source of wealth of customers and BOs identified as PEPs. The Assessment team was informed that the challenges with regards identification and management of PEPs is due to inadequate guidance on PEPs by the relevant supervisors and there has been limited to no outreach activities related to identification and risk management of PEPs. DNFBPs 325. DNFBPs have limited to no understanding of risks associated with PEPs and have not put in place adequate measures to identify and apply EDD measures on PEPs. Most of the DNFBPs interviewed indicated that they would treat a PEP as any other customer and will carry on the same CDD measures. There was low level of understanding of the term close associates and the risks that they could entail. Most DNFBPs informed that do not have PEP as customers, this could be attributed to lack of systems that assist in the identification of PEPs and internal risk management systems to identify PEPs especially BOs who are PEPs. The DNFBPs informed that

100 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 due to the absence of having a system whereby the regulatory/supervisory can have a compiled list of PEPs (domestic and international) would assist them in mitigating the risks that can be posed by those high-risk relationships. Targeted Financial Sanctions (TFS) 326. FIs have a varied understanding of their TFS obligations relating to identification, freezing and unfreezing. Large FIs that rely on automated screening systems were able to explain the obligations better than small to medium sized FIs. Larger FIs utilize automated screening systems namely Dow Jones and Lexis Nexis that have UNSCR lists embedded in these systems. The small and medium FIs that manually screen names for TFS demonstrated low level of implementation of TFS obligations. All FIs referred to the UNSCR list that is uploaded on FIC’s website, however the FIs could not demonstrate how they utilise the list at onboarding and ongoing basis. At the time of the on-site there was only one UNSCR list on the FIC website which was outdated (2022). Moreover, a review of the information provided by the FIC does not guide the FIs or DNFBPs on how to use the lists or provide the appropriate link for referring to the designated UNSCRs lists. All FIs demonstrated little understanding and implementation of TFS requirements. FIs indicated that in case of a true match against the lists, they would report to FIC. However, requirements for freezing of the assets was not highlighted by most of the reporting persons. All FIs indicated that have not had a true match nor false positive matches that warranted reporting to the FIC. 327. DNFBPs demonstrated little to no understanding and implementation of TFS requirements. All DNFBPs rely on the UNSCR list uploaded on the FIC’s website with exception of an internationally affiliated accounting firm that provides corporate services which benefit from group policy and resources in implementing these obligations. The Assessment team noted the limited understanding across the DNFBPs population on targeted financial sanctions relating to TF. There is no clear guidance to the reporting persons on TFS (see IO.10). Wire Transfers 328. Banks and MVTS providers interviewed demonstrated a good application of the AML/CFT specific and enhanced measures associated with domestic and cross border wire transfers. They apply EDD measures and additional controls required to mitigate the relevant risks. Most of the banks informed that they use SWIFT for cross-border wire transfers while some act as agents to internationally recognised money remittance companies (Western Union, etc.) Banks and MVTS have systems that have mandatory fields that ensure the completeness and accuracy of the originator and beneficiary information. In addition to system controls, banks and MVTS request for supporting documents for originator and beneficiary information. Banks indicated that they have incorporated a maker and checker arrangement for all wire transfers that verifies originator and beneficiary information submitted by customers. While mobile money service providers make use of the mobile money platforms to transfer money across the border, they do rely on the group mechanisms and software for mitigating the risks. Across the board, the Assessment team was informed that where information is incomplete, they do not execute the wire transfer and where the transaction is suspicious, they do not proceed with the transaction and request for further information and ultimately report to the FIC. High Risk- Jurisdictions 329. Larger FIs who have an international nexus tap on their group policies and mechanisms to proactively identify high risk countries and apply EDD measures and assign higher-risk ratings to

101 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 customers or transactions associated with those countries for ongoing monitoring. They even provided information on the countries namely, Iran, North Korea and Sudan. Although, the FIC has published on its website a link that directs reporting person to the FATF’s website there was no guidance on the measures to be taken by them. Apart from banks, the remaining FIs demonstrated limited understanding of application of EDD measures on customers or transactions to or from higher risk countries. DNFBPs demonstrated lack or limited understanding of higher risk countries. Correspondent Banking 330. Banks in Rwanda with correspondent banking relationships (CBRs) were able to demonstrate a good understanding of the risks involved in such transactions, they apply adequate EDD and relevant controls to mitigate the relevant risks. These banks have adequate procedures and group wide policies for conducting due diligence prior to onboarding and approving a correspondent banking relationship and during the whole course of the relationship. The banks informed the assessment team that they have written service level agreements with respondent banks which outline the different responsibilities and roles. Prior to onboarding, the respondent banks are required to complete the Wolfsburg questionnaire as a mandatory requirement and other open sources information as part of the EDD process. The banks are also mandated to inform BNR and require senior management approval for each CBR relationship they are establishing. The banks informed that CBRs are monitored and reviewed when there are material changes and so far, there has not been any termination as at date. New Technologies 331. Banks and MVTS apply EDD measures in relation to the use of new technologies which is based on the outcome of the risk assessment carried out by the institutions. They indicated that they carry out a risk assessment prior to the launch of the product or services to determine the threat and vulnerabilities. The mobile money service provider met onsite indicated that they perform a risk assessment before the launch of a new product or service, the results determine the level of controls to be applied, for example, setting the transaction limits for each category of customers. The prior approval of senior management and the BNR is required before the product is rolled out. The banks further informed that for some products or services the risk assessment is also done at the level of the group and undergo strict internal processes prior to their launch. Other FIs, like insurance companies, securities have not carried out any risk assessment of new technologies while the use of new technologies is less common with the DNFBPs. 332. Since VASPs are not regulated in Rwanda, banks have taken a position not to onboard them and this is also in conjunction of the public notice issued by BNR on VASPs. Banks in Rwanda are not aware of VASPs operating in Rwanda, nor of clients engaging in VAs. In general, banks have adopted a no risk exposure to VASPs in the absence of prudential regulation and AML/CFT supervision of VASPs in Rwanda. 5.2.5. Reporting obligations and tipping off 333. Generally, banks and MVTS have a good understanding of their obligation to report suspicious transactions to the FIC. Reporting by non-bank FIs and DNFBPs was low to negligible reporting of suspicious transactions to the FIC over the period under review. STRs are currently being reported through an encrypted email system, although the FIC has purchased the GoAML

102 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 tool which is yet to go operational. The understanding of reporting obligations is elementary by FIs since they confuse cash transaction reporting and STRs. While the DNFBP sector has generally little to no understanding of their obligation to report suspicious transaction. Banks, generally had a better understanding of their obligations however, the level of reporting is low when considering their activities and number of STRs reported to the FIC. The low level of STR reporting is mainly due to their inability to identify reportable suspicious transactions. Other small FIs reporting is still low this is mainly due to lack of knowledge of their reporting obligation and failure to identify suspicious transactions especially for those that do not have automated systems. Although the filing pattern of the FIs is somewhat in line due to the materiality of the sector, the DNFBPs that have been rated as high risk are yet to report any STRs while the whole sector only reported 5 STRs for the period under review. 334. The interviewed banks, other large financial institutions and MVTS institutions indicated the nature of proceeds reported in STRs were heavily on suspected embezzlement, fraud and corruption among the other high-risk predicate offences identified in the NRA report. All FIs and DNFBPs indicated they do not carry on with a business relationship/transaction if incomplete CDD information is provided by the customer, however such incidents were generally not reported to the FIC as required. Most of the smaller FIs in the insurance and securities sectors indicated to have knowledge of their STR reporting obligation but were not sure on how and to whom they are to report STRs. The insurance sector did not report any STR in the period under review while securities only reported one STR. Other financial institutions like the forex bureaus, MVTS, fund managers regulated by the BNR indicated that they are required to report their STRs to the FIC and also submit them monthly to the BNR. 335. Some DNFBPs including lawyers, real estate agents, dealers in precious stones and metals that were interviewed during the onsite were not aware as to where to report STRs with some indicating that they report to their associations or the Rwanda Investigation Bureau. The institute of accountants’ report indicated that only 52% of registered accountants have set up reporting mechanisms, however, the interviewed accountant firms indicated that they have filed only one STR for the period under review. Table 5.1: Number of STRs submitted by FIs and DNFBPs Reporting Institutions 2018/2019 2019/2020 2020/2021 2021/2022 2022/2023 Banks 22 10 121 329 214 MVTS 0 32 55 Microfinance 0 Investment Managers 0 Securities 0 Insurance companies 0 1 Forex Bureaus 0

103 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 TCSPs 0 Real estate agents 0 Dealers in Precious metals and stones 0 Accountants 0 1 Lawyers 0 3 0 Casinos 0 1 336. This could be attributable to lack of guidance on STR by supervisory authorities. Moreover, the FIC only issued a guidance on STR reporting on 6th July 2023 while the onsite was underway. Large Banks and FIs that are part of international groups have demonstrated a better understanding of reporting obligations and have put in place automated transactions detection and monitoring systems for transactions reporting to the FIC. Further the understanding of the STR reporting obligation among small to medium FIs and DNFBPs is on suspected ML, but not so much in relation to TF. 337. There is generally no consistency by all reporting persons on the timeline to report an STR. This is attributed to the fact that the legislation requires reporting entities to report STRs promptly to the FIC and guidance on what promptly means was only defined in the FIC regulations which was issued while the Assessment team was on-site. All reporting entities interviewed indicated that FIC does not give enough feedback on STRs filed, and indicated that they only receive acknowledgement of receipt. 338. The requirement for disclosing information related to the filing of an STR or related information is well understood by large FIs which is embedded in their internal procedures. However, other FIs, such as forex bureaus, MVTS, fund managers indicated that they report their STRs to the FIC and BNR. In addition, some DNFBPs indicated that they report STRs to their regulatory bodies or RIB which could potentially breach the confidentiality of the report. 339. Overall, there is low understanding across FIs and DNFBPs to file STRs related to TF as a consequence, none of the reporting persons met indicated that they filed STRs related to TF although the FIC informed it has received information related to TF. The no reporting of TF related STRs could be attributed to the low awareness by supervisors on TF red flags. 340. The requirement of prohibition of tipping-off is well understood and applied to a large extent by large and medium size FIs owing to incorporation of confidentiality clauses in policies and training program. However, other smaller financial institutions like the forex bureaus, MVTS, fund managers interviewed during the onsite indicated that they report their STRs to the FIC and also submit them monthly to the BNR which may resultantly lead to tipping off. This was also the case for some DNFBPs that also reports STRs to their respective associations, the FIC and Rwanda investigation unit with the same outcome as above.

104 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 5.2.6. Internal controls and legal/regulatory requirements impending implementation 341. Banks demonstrated a better application of internal control programmes and policies measures than the rest of the reporting entities. The non-bank FIs (excluding larger MVTS) and DNFBPs, did not have adequate internal controls that were commensurate with their ML/TF risk profiles. This impacted on their ability to effectively implement AML/CFT obligations. Financial institutions 342. Banks including microfinance to some extent, have internal controls and procedures to comply with AML/CFT requirements, whilst MVTS and forex bureaus’ implementation of internal controls is still at an infancy stage. Inspection reports by the BNR indicate that banks and microfinance still have gaps in their AML/CFT programs. 343. Non-banks FIs applied, to a limited extent, AML/CFT internal control measures however, these are not commensurate with their sizes and nature of transactions they conduct. The CMA has just started conducting AML/CFT inspections and a majority of the reporting persons in the sector are still developing internal controls. 344. Banks, microfinance and larger investment managers and securities interviewed had internal compliance functions which implement AML/CFT obligations. They all had compliance officers at senior level. Large FIs with dedicated compliance functions organized and conducted AML/CFT related training for all their staff periodically with a compulsory AML/CFT training at onboarding. Only banks and the insurance sector indicated that senior management and the board members also receive training. The MVTS sector indicated that they train their agents as part of their compliance program, as well as introductory training for all new staff. 345. Smaller FIs did not seem to provide adequate training to their staff. They also did not conduct training on an on-going basis or where there was a significant change in regulatory requirements. 346. All FIs stated that they screened their employees mainly during the recruitment process though the application was not consistent across the FIs. Banks and larger FIs applied stricter screening measures including requiring the employee to obtain a police clearance and referral letters from former employers, all institutions seen indicated to only conduct employee due diligence only at onboarding and as such they do not conduct ongoing due diligence on their employees. DNFBPs 347. Generally, most DNFBPs excluding casinos have just started to put up AML/CFT internal control programmes and establishment of compliance functions. DNFBPs excluding casinos do not have a compulsory AML/CFT training for all staff at onboarding. 348. Lawyers, accountants and DPMS with the assistance of their regulatory bodies have established compliance functions and are at a developmental stage of implementing AML/CFT policies, procedures and processes. Real estate agents classified as high risk as per the NRA, are yet to start developing AML/CFT programs. 349. The real estate sector, does not have adequate AML/CFT internal control programmes. The real estate sector has recently been trained on AML/CFT obligations by the FIC, this is attributable to the lack of supervisory purview and regulatory requirements for the real estate

105 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 sector. TCSPs are yet to come up with AML/CFT programs and demonstrated low level of understanding of their AML/CFT obligations as reporting entities. 350. Casinos, to some extent, apply internal control programmes which included AML/CFT policies, appointment of compliance officer at senior management level, provided training and refresher training to all staff including new employees and senior management. However, the Assessment team was informed that board members were not subjected to training. Casinos also screened new staff for fit and probity, criminal background checks, etc., during the recruitment process. Overall conclusions on IO.4 351. Overall, banks and MVTS providers demonstrated a fairly good understanding of their ML/TF risks and AML/CFT obligations relating to their operations. They have adequate mitigating controls commensurate to their risk profile. This cannot be said for the rest of the FIs and the DNFBPs which portrayed a low level of understanding of ML/TF risks and the relevant AML/CFT obligations related to them, in addition, there are also inadequate application of preventive and mitigating measures by those entities. The banks and MVTS have implemented risk-based approach to a large extent while the rest of the FIs and DNFBPs focus on compliance with the controls. CDD, EDD and ongoing monitoring are fairly understood and applied by the banks and MVTS on high-risk clients and transactions such as high-risk countries, however, the concept of BO is a challenge. Banks and MVTS apply adequate measures against high-risk relationship aided by automated systems although there are some limitations on the application to domestic PEPs and close associates of domestic PEPs. Generally, there is a low understanding across FIs and DNFBPs of their obligations to report STRs to the FIC given that some FIs and DNFBPs report STRs to their regulatory bodies or RIB. All reporting entities have demonstrated a limited understanding of TF risks and limited implementation of the TFS measures. DNFBPs could not effectively demonstrate that they do understand the ML/TF risks which impacts on the implementation of AML/CFT preventive measures. In addition, there are little to no regulatory overview and supervision to the real estate sector which was identified as high risk in the NRA which impacts on implementing AML/CFT obligations. 352. Rwanda is rated as having a Low level of effectiveness for IO.4.

106 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 6. Supervision 6.1. Keys findings and recommended actions Immediate Outcome 3 Key Findings (a) Rwanda has designated competent authorities responsible for monitoring compliance with AML/CFT requirements by financial institutions and designated non-financial businesses and professions (DNFBPs) in all sectors designated by the FATF. However, except for the BNR, most of the supervisory authorities have only recently developed supervisory frameworks which are in the process of implementation. In view of this, the Assessment Team could not determine the effectiveness and the impact of their supervisory activities. The human and financial resources capacity of the supervisory authorities is not commensurate with the population and risk profile of the institutions under supervision. (b) In general, the financial sector supervisory authorities apply licensing/registration measures, albeit with some deficiencies. Licensing/registering bodies of DNFBP apply licensing and screening measures to a varying degree. The real estate agents are, however, not subject to market entry requirements and this impacts the ability to supervise this sector since the supervisory authorities do not know the total population of the sector (see table 1.3). This renders the sector vulnerable to ML and TF risks. None of the supervisors identify and verify beneficial owners. (c) Supervisors have some understanding of the ML/TF risks at sector levels derived mainly from the NRA and sector risk assessments (albeit with some shortcomings) but have limited understanding of TF risks in the sectors or within institutions under their purview. BNR has developed an understanding of the inherent ML and TF risks for banks based on entity risk assessments. However, the frequency and scope of inspections of banks were not commensurate with the level of ML/TF risks in the sector. The rest of the supervisors are yet to develop and implement RBS. (d) BNR has to some extent taken remedial actions and has imposed administrative sanctions for non￾compliance with AML/CFT requirements. However, the Assessment Team is of the view that the sanctions applied were not proportionate, dissuasive and effective. CMA and the DNFBPs’ supervisors have so far not imposed any sanctions in relation to breaches of AML/CFT requirements. (e) The impact of supervisory actions on the behaviour of the entities is limited as the level of AML/CFT compliance monitoring remains low across the financial sector, particularly at the level of CMA and the DNFBP supervisors whose engagement with the sectors was minimal. Recommended Actions (a) Supervisors should enhance market entry requirements by obtaining and verifying beneficial owners to ensure that criminals and their associates do not own or control FIs, DNFBPs. Appropriate regulatory framework should be put in place to license/ register real estate agents, identify unlicensed/unregistered ones and apply appropriate sanctions. (b) Supervisors should develop and implement a comprehensive risk assessment of the reporting persons and based on the understanding of the ML/TF risks, develop an informed risk-based supervision framework. (c) Supervisors should implement an appropriate enforcement strategy with the application of proportionate, dissuasive and effective remedial actions and sanctions in a timely manner to promote

107 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 353. The relevant Immediate Outcome considered and assessed in this chapter is IO.3. The Recommendations relevant for the assessment of effectiveness under this section are R.14, R. 26- 28, R.34, and R.35 and elements of R1 and 40. 6.2. Immediate Outcome 3 (Supervision) Background 354. Bank of Rwanda (BNR) and Capital Market Authority (CMA) are the two designated authorities for AML/CFT supervision of financial institutions while there are various other authorities or SRBs which have been designated as supervisory authorities for monitoring and ensuring compliance of DNFBPs with AML/CFT requirements. BNR licenses and supervises FIs (banks, micro finance institutions, non-deposit taking lending institutions, finance-lease institutions, insurance institutions, social security institutions, pension funds/schemes institutions, discount houses, payment systems – (624 institutions). CMA licenses and supervises the securities market, commodity exchange, securities brokers, investment banks, investment managers, collective investment schemes, investment advisors. DNFBPs are licensed and supervised by various competent authorities and SRBs. See Chapter 1 for an overview and description of the licensing/registration authority and relevant supervisor for each sector. Rwanda does not have regulatory frameworks for licensing/registration and carrying out AML/CFT supervision or monitoring of VASPs. On 9 February 2023, BNR issued a notice to the general public requesting them to take note of risks relating to crypto assets and to refrain from being lured into crypto asset related investments including promoting them, buying them, selling them or accepting them for payment until a regulatory framework has been put in place. 355. When assessing the effectiveness of Rwanda’s supervision system, positive and negative aspects were weighted most heavily for banks, heavily for MVTS, e-money and Payment Systems Providers, securities sectors including asset management companies, real estate agents, legal practitioners, accountants, DPMS and TCSPs and less heavily on casinos, notaries, life insurance and pensions schemes. This weighting is based on the relative importance of each sector and Rwanda’s risks and context, as outlined in Chapter 1. 356. The conclusions in IO.3 are based on statistics and examples of supervisory activities and actions provided by Rwanda; regulations and guidelines issued by the supervisors, documents used to monitor the different reporting sectors; sample reports and discussions with BNR, CMA, FIC and all DNFBP supervisors and SRBs. compliance levels of FIs and DNFBPs. Rwanda should consider broadening the range of sanctions available in law. (d) Supervisory authorities should enhance guidance including outreach activities with a wide coverage of AML/CFT/CPF, specific to the sector to promote a good understanding of AML/CFT/CPF obligations. (e) Rwanda should determine whether VASPs should be regulated or prohibited. If it should be regulated, Rwanda should take steps to conduct an ML/TF risk assessment and develop appropriate legal and supervisory framework for licensing/registration and monitoring compliance for AML/CFT purposes. (f) Rwanda should provide supervisors with sufficient resources to supervise and monitor compliance with AML/CFT/CPF requirements in an effective manner.

108 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 6.2.1. Licensing, registration and controls preventing criminals and associates from entering the market 357. Rwanda has frameworks for licensing and registering new market players in the financial sector and most of the DNFBP sectors. In general, the financial sector supervisory authorities conduct standard ‘fit and proper’ reviews which include verification of criminal records and professional background for shareholders, directors and management of FIs. Breaches of licensing or registration requirements are however, not detected in an effective manner for all FIs. Licensing/registration of DNFBPs are carried out by different regulatory agencies/SRBs and they apply licensing and screening measures to a varying degree. Financial holding companies have been set up in Rwanda to operate within the IFC. However, they are not subject to any licensing requirement but merely need to be registered by RDB. For some DNFBP sectors, the market entry controls focus mainly on compliance with professional standards and code of conduct. The real estate agents are not subjected to market entry requirements. Further, none of the supervisors identify and verify beneficial owners. BNR 358. The licensing requirements applied by BNR are similar for all institutions under its purview. BNR requires applicants to submit: details of directors, shareholders (owning 5% or more shareholding) and senior management, source of funds, proposed capital structure, detailed curriculum vitae, educational qualifications of directors and senior management, security policy, audited financial statements of the proposed shareholders for past three years and risk management framework. The applicants have to demonstrate that the directors and senior managers are fit and proper by completing a standard fit and proper questionnaire in which they provide details of their qualifications, experience, source of funds and declarations as to whether they have not been convicted of any criminal offence in Rwanda or in any other country. They are also required to indicate whether they have been liable for any fraud or misconduct, or been associated as a director, shareholder or manager in a company which has been wound up. The self￾declarations are supported by a police clearance certificate. BNR did not, however, demonstrate that the legitimacy of the source of funds is counter-verified. BNR also consults its foreign counterparts whenever the shareholder and/or the directors/senior management are non-resident to establish their good standing. BNR also seek information from the NISS on the suitability of the shareholders, senior executives and board members as part of the requirement to check the fitness and propriety of these persons. However, BNR does not identify and verify the ultimate beneficial owner. Further, during the onsite visit, BNR did not demonstrate a proper understanding of beneficial ownership requirements. 359. BNR requires approval of new senior management, directors and shareholders with 5% or more of the share capital on an ongoing basis. The fit and proper criteria are applied as part of the bank’s corporate governance and information is sought accordingly from NISS. BNR shared examples to demonstrate that it rejected shareholders because they did not meet the fit and propriety criteria. However, ongoing application of fit and propriety test does not apply to BO.

109 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 The Table 6.1 provides statistics of licence and registration applications received, approved and rejected by the BNR over the period 2019 to 2022. Table 6.1: Summary of Licensing Applications and Outcomes- 2019-2022 2019 2020 2021 2022 License/Registration Application received PSP 3 NDFI 6 9Insurance brokers 3TCSP 2 NDFI 1 3TCSPs 3 Insurance brokers12 PSPs 3 NDFIs 9 27 License/Registration Approved PSPs 2 NDFI 3 5 Insurance brokers 3TCSP 2 NDFI 1 3*TCSPs 3 Insurance brokers12 PSPs 3 NDFIs 7 25 License/Registration Rejected PSP 1 delayed info NDFI 3 Delayed KYC doc 4 Nil NilNDFI 2 Delayed to provide KYC docs 2 CMA 360. In processing applications for a license, CMA obtains particulars of shareholders, directors, senior management and performs fit and proper which takes into consideration their honesty, integrity and reputation; competence and capability and financial soundness. The application is supported by all relevant documents, including a criminal record certificate confirming that they have not been convicted for any crime. All documents submitted are notarised. CMA requests information on the suitability of the applicants, directors and senior management from the NISS. However, during the licensing process, information on beneficial owners is not sought and assessed. Further, during the onsite visit, CMA did not demonstrate an understanding of BO. 361. CMA does not obtain information on source of funds and does not assess suitability of new directors or senior management on an ongoing basis- post the licensing stage. The regulated entities inform CMA rather than seek prior approval of new, director and senior management. Further, CMA could not demonstrate how it monitors any breaches thereof. Table 6.2 provides statistics of licence and registration applications received, approved and rejected by the CMA over the period 2019 to 2021.

110 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Table 6.2: Summary of Licensing Applications and Outcomes- 2019-2021 Individual and Collective Portfolio Management Safekeeping and Admin of cash or securities CIS Investment Manager 2019 2020 2020 2021 2021 License/Registration Application received￾3 2 1 License/Registration Approved 2 2 1 1 nil License/Registration Rejected* 1 Nil 1 *Both applications which were rejected in 2019 and 2021 were due to unsuitability of key persons who did not have experience in activities for which the license was sought. DNFBPs sector 362. The market entry controls to prevent criminals from operating in the DNFBP sectors vary from one authority to another. The fit and proper criteria are applied to some extent. Beneficial owners are not identified and verified as the concept of BO is not well understood across the DNFBP sectors. All DNFBP regulators did not provide statistics on number of applications processed over the period under review and reasons for rejection, if any. Hence, Assessors could not assess how the licensing/ registration process is conducted in practice. Casino 363. Ministry of Trade and Industry (MINICOM) is responsible for licensing casino operators. The license application requirements for a casino include, amongst others: completed application forms, article of association, certificate of incorporation, proof of citizenship of directors, character references for directors. The Ministry also requests for statements from 5 persons who are not relatives of the applicant vouching for the good moral character and financial responsibility of the proposed directors and shareholders. However, the assessment process does not include the identification and assessment of beneficial owners. While the Ministry of Trade and Industry indicated that it carries out applicant’s background investigations and vetting including the sources of funds in collaboration with competent authorities, the application form or the checklist provided to assessors do not include submission of any criminal clearance certificate by the shareholders, directors or senior management. Hence, MINICOM has not been able to demonstrate how fitness and propriety of casino operators is carried out both at licensing stage and on an ongoing basis. Rwanda Mines, Petroleum and Gas Board (RMB) 364. The Rwanda Mines, Petroleum and Gas Board licenses and regulates trade in minerals. Applicants must submit a set of documents including amongst others, the business registration certificate, feasibility study, tax clearance certificate, proof of financial capacity issued by financial institution or audited financial statements for the past two (2) recent consecutive years, proof of technical capacity including applicant’s proficiency and curriculum vitae of key personnel. However, as evidence of its licensing requirements, Rwanda Mines, Petroleum and Gas Board has merely provided registration documents at RDB level indicating that no proper controls are exercised on assessing fitness and probity of shareholders, beneficial owners, directors and senior management and verifying that criminals do not enter the market.

111 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Advocates 365. Rwanda Bar Association (RBA) licenses and regulates advocates and legal firms. The RBA checks the fitness and propriety of the applying advocates by reviewing the following documents, amongst others, a copy of identity card or passport, a detailed applicant full identification, criminal record certificate, written statement confirming that the applicant has never been convicted of any disciplinary or administrative sanctions due to gross misconduct or criminal offence. The legal provision only requires that a person cannot be admitted as an advocate if he was convicted for a period equal to or more than 6 months or he was convicted for genocide. RBA has however not been able to demonstrate how controls are exercised in ascertaining that criminals do not enter the market as it has not provided any sample of licensing of advocates. ICPAR 366. The ICPAR licenses accountants that wish to engage in public practice of accountancy. When considering new entrants, ICPAR focuses on compliance with professional standards, such as proven experience and competence in independent auditing. In line with the law, ICPAR looks at the criminal record of the applicant. A person is disqualified for membership if he/she is convicted with an offence involving fraud or dishonesty, money laundering or corruption. The vetting standards applied are also applicable for AML/CFT purposes. The Assessors could not access the adequacy of the licensing process as samples for licensing of accountants were not provided. Real Estate Agents 367. There are no market entry controls to prevent criminals from operating as real estate agents given that there is no sector specific licensing or registration requirement for them. They are only required to be registered as companies and hence no control is exercised to ensure that criminals do not enter the market. This is of concern considering that the sector was rated as medium high risk in the NRA 2019 report. The company registration process does not include assessment of criminal background of the applicants. The risk of having shareholders or directors/ senior management in real estate agents who are not fit and proper therefore remains high and this renders the sector vulnerable to ML. This also impacts the ability of FIC to properly supervise the sector. Despite the existence of Rwanda Association of Real Estate Brokers (RWAREB) which was established in 2012, it is not mandatory to be a member in order to operate in the sector Trusts and Company Services Providers (TCSPs) – 368. The TCSPs are licensed by the BNR. The market entry controls applied for TCSPs are similar to those applied for FIs under the purview of BNR. As at date of the onsite visit, there are 5 TCSPs which have been licensed by BNR. Notaries 369. The Ministry of Justice (MINIJUST) determines modalities for access to and practice of the office of notary by private persons. MINIJUST applies appropriate fit and proper procedures of the applying notary by reviewing information on educational and legal practice background duly supported by criminal record certificate, a certificate of good conduct and a certificate of good standing from the Rwanda Bar Association. A sample of an application for notary was provided which assisted Assessors appreciate the process. There are 325 private notaries registered with MINIJUST. The MINIJUST removes a notary from office if they commit any fraud.

112 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 6.2.2. Supervisors’ understanding and identification of ML/TF risks 370. The level of identification and understanding of ML/TF risks in the financial sector and within institutions varies across different supervisors. BNR, CMA and some of the DNFBP supervisors have demonstrated some level of understanding of the ML/TF risks, albeit with some shortcomings. They build their understanding through a range of information including the results of the NRA, the desk-based reviews and sectoral ML/TF risk assessments (SRAs). BNR and FIC have some understanding of the ML/TF risks at entity level for banks and real estate agents respectively. However, other information such as STRs, ML/TF cases, typologies report were not considered by supervisors to obtain a better understanding of the sectoral and institutional risk assessment. 371. All the sector risk assessments treated ML and TF as one risk despite their unique differences. Given that the TF threats and vulnerabilities of these sectors were not assessed separately, the Assessors concluded that FIs and DNFBPs supervisors’ TF understanding may not be appropriate. Financial Institutions 372. BNR has some understanding of ML/TF risks in the banking sector based on the results of the NRA, a sector risk assessment that it conducted in 2022, and its supervisory activities. However, BNR did not separate analysis of ML and TF and the resultant findings are the same for ML and TF. Considering that ML and TF have different characteristics in some respects, the existing threats, vulnerabilities, and resultant risk levels could be different. In addition, this exercise was not extended to the other sectors under the purview of BNR including MVTS providers, other Payment Service Providers, and foreign exchange bureaus despite the fact that they face high ML/TF risks, for example, Rwanda sharing borders with countries which have active terrorist groups. BNR has also some level of understanding of the inherent ML/TF risks faced by individual banks through the risk assessment conducted at the entity level for them. It has come up with a risk profiling of these institutions in December 2021 and June 2022. As per its plan, BNR will be updating the risk profiling of banks on a yearly basis. However, BNR has not conducted any ML/TF risk assessment at the firm’s level for all the rest of the sectors beyond the banking sector. It has merely conducted a sector compliance assessment in 2019/2020, i.e., a self￾assessment of the controls in place at these entities without ensuring a proper understanding of the inherent risks faced by them and assigning a risk rating to them. 373. BNR maintains its understanding through onsite inspections, and offsite monitoring, which includes a review of quantitative data in relation to customer risk, product/service risk, geographical risk, and delivery channel risk for the determination of the risk profile of banks. 374. CMA has some understanding of ML/TF risks in the securities sector through the NRA, a sector risk assessment conducted in December 2021, and its supervisory activities. The SRA took into consideration the assessment that was undertaken during the NRA 2019 and its recommendations. The assessed securities firms included 6 stockbrokers, 3 Investment Managers, and 1 investment bank. CMA found the ML/TF risk for the securities brokers to be medium- low while for the investment managers and investment banks was low. The exercise looked into the ML/TF risks arising from the customer base, geographical location, range of products and services offered in the market, and delivery channels. Overall, the assessment concluded that the ML risk within the securities market was still low given that the market was still emerging but there was a need to strengthen the AML/CFT practices and defences among the regulated firms as the market

113 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 faces insufficient resources and limited knowledge on ML/TF. The SRA did not assess the ML and TF risks separately. Further, the ratings were not supported by appropriate data and information to justify the low rating assigned to this sector. CMA indicated that it conducted an entity risk assessment on FIs under its purview. However, it has not been able to demonstrate an understanding of the ML/TF risks at individual FI levels as its entity risk assessment framework was largely flawed. The entity risk assessment was not adequate as the ratings of the various risk drivers were determined solely on the basis of the size of transactions irrespective of other factors. DNFBPs’ Supervisors Casino 375. MINICOM demonstrated some level of understanding of the ML/TF risks faced by casinos, largely based on a sectoral risk assessment it carried out in May 2023 with threats and vulnerabilities being assessed as low and very low and overall ML/TF risk as low. MINICOM started to carry out AML/CFT inspections of casinos only from the above date. Therefore, its supervisory activities were not fed into the sectoral risk assessment. There are only 2 casinos in Rwanda. However, given that it has not yet carried out an entity ML/TF risk assessment of the two casinos, it does not have an understanding of the ML/TF risks at the individual firm level. Dealers in Precious Stones and Metals 376. Rwanda Mines, Petroleum and Gas Board (RMB) demonstrated some level of understanding of ML/TF risks which was based on the results of the NRA 2019, a sector risk assessment of the mining sector which was conducted in April 2023, and ongoing monitoring. The primary information used in the sector risk assessment consisted of interviews targeted at the main stakeholders in the sector and surveys. The overall ML/TF risk of the mining sector in Rwanda was rated as low. However, this was not supported by appropriate data and information to substantiate this rating. Further, the ML threat for illegal mining of precious stones and metals and other minerals was rated as medium despite the fact that on average the illegal assets under illicit mining amounted to around USD 300 million annually. RMB demonstrated a low level of understanding of the ML/TF risks at the individual level as it has yet to conduct an ML/TF risks assessment at the entity level. Real Estate sector 377. The FIC has demonstrated some level of understanding of ML/TF risks in the real estate sector. The understanding is mostly based on the outcome of the NRA and a sectoral risk assessment that the FIC conducted in February 2023. The assessment was carried out for only 24 out of 74 real estate operators that have so far voluntarily registered with the FIC, on the basis of the volume of their transactions, time of existence, their influence, their categories and geographical distribution in some districts. This was not supported by data and information to substantiate whether 24 real estate agents were indicative of the overall population. Further, the sector risk assessment did not consider the threats and vulnerabilities of the sector thereby compromising the overall understanding of the level of ML/TF risk faced in the sector. The assessment revealed weak AML/CFT control measures in place. The overall risk for the sector was decreased from medium high (NRA) to medium despite the fact that the sectoral risk assessment in February 2023 established that the sector still operates in a disorganised manner due to lack of legal and regulatory framework. FIC has demonstrated a limited level of understanding

114 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 of the ML/TF risks at individual real estate agents level given that it was only recently that it started supervising this sector. Despite Real Estates Agents being rated as Medium High in the NRA 2019 report, they are not subjected to licensing requirements and this impacts the ability of FIC to properly supervise the sector. Rwanda Bar Association 378. The Rwanda Bar Association demonstrated limited level of ML/TF risk understanding in its sector derived mainly through the NRA 2019. Furthermore, the Association did not demonstrate any understanding of ML/TF risks at individual firm level as it has not yet conducted a risk assessment at entity level. The Association indicated its plans to conduct a sectoral risk assessment and informed the Assessors that it had already sent a questionnaire to its members for the purpose of conducting this exercise. ICPAR 379. The Institute of Certified Public Accountants of Rwanda (ICPAR) has some understanding of ML/TF risks in the sector based on the NRA, a sectoral risk assessment, and supervisory activities. ICPAR conducted a sector risk assessment in August 2022 in the accounting sector and has started to monitor and supervise its members for AML/CFT purposes. The risk factors assessed were sector client base, services offered, geography, delivery channels and transactions/payment channels. The overall threats, vulnerabilities, and risk rating were assessed as medium. In April 2023, ICPAR appointed an independent accounting firm to carry out an independent AML/CFT compliance review of the accountancy sector. The sector risk assessment and the compliance reviews allowed ICPAR to have some level of understanding of the ML/TF risks in the accounting sector, albeit with some shortcomings. However, it did not demonstrate an understanding of the ML/TF risk at individual firm level. TCSPs 380. BNR did not demonstrate an understanding of ML/TF risks both at sectoral and entity levels for the TCSPs. The NRA 2019 exercise and the desk-based review conducted in May 2023 did not cover TCSPs. As at the end of the onsite, BNR was yet to conduct a risk assessment to understand and identify the ML/TF risks that TCSPs are exposed to. Notary 381. MINIJUST has recently been designated AML/CFT supervisor for notaries. The Ministry did not demonstrate an understanding of ML/TF risks either at sectoral level or at entity level as it has yet to conduct a risk assessment in order to develop an understanding of the ML/TF risks faced by them. 6.2.3. Risk-based supervision of compliance with AML/CFT requirements 382. The financial sector supervisors informed that they had developed AML/CFT risk-based supervision, however, from information provided BNR has not implemented it yet while CMA’s risk assessment at entity level was flawed. However, it could not demonstrate that the outcome of the risk assessments was used to determine the frequency, depth and scope of the supervisory activities. Similarly, FIC has conducted an entity risk assessment of less than half of the real estate agents and its supervisory activities were not risk based as inspections carried out had the same scope for all institutions.

115 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 383. BNR and CMA lack resources to properly carry out their supervisory mandate. BNR has only twelve staff earmarked for AML/CFT supervisory activities for nearly 624 institutions under its purview while CMA has only three staffs for 24 licensees. BNR 384. BNR has developed a risk-based supervision manual approved on 30 December 2021. Prior to 2021, generally, AML/CFT supervisions were covered as part of prudential onsite inspections. BNR has classified banks into the following risk categories: high, medium high, moderate, medium low and low. As per the RBS supervision manual, high and medium high banks are subjected to yearly onsite inspections. However, from the supervision plan for June 2022 to July 2023, banks which were classified as medium high were not subjected to onsite inspections as per the inspection cycle. Further, BNR did not demonstrate that it also uses the findings of the onsite inspections when reviewing the risk profiling of the banks. For the other entities falling under BNR, it is yet to develop institutional risk assessment, which will be the basis of risk-based supervision. From the onsite inspection reports provided for banks, BNR focused on the following areas, availability of an AML/CFT Compliance Program, conduct of Annual risk assessment, whether EDD was conducted on high-risk clients, particularly PEPs, availability of beneficial owners’ registry, availability of training and awareness program and whether internal audit’s scope covered AML/CFT requirements. However, the inspections’ scope was quite limited as they focused mainly on compliance controls rather than assessing the adequacy of the controls in place. The sample of onsite examinations were not supported by information substantiating the basis of the scope of the areas examined along with their relevant ratings. Hence, the AT could not assess whether higher risk areas were subject to higher intensity. Some areas, such as sanctions screening were not generally part of the scope of examination. BNR is yet to start on-site supervision on the TCSP sector as evidenced in Table 6.3 The table below provides statistics on the number of onsite and offsite inspections carried by BNR from 2019 to 2023. The scope of some of the onsite inspections included an assessment of both prudential and AML/CFT requirements. Table 6.3: BNR Statistics on Onsite and Offsite Supervision No of entities 2019/2020 2020/2021 2021/2022 2022/2023 License Category Onsite Offsite Onsite Offsite Onsite Offsite Onsite offsite Banks 15 14 20 9 11 6 20 6 7 MVTS 6 1 4 2 4 2 4 2 4 PSPs 29 2 0 0 1 4 9 NDFIs 17 0 2 4 Life Insurance 3 1 3 1 3 1 3 2 3 Forex Bureaus 78 19 120 18 189 21 142 28 86 Note: In 2019/2020, BNR carried out 4 onsite inspections and conducted a thematic review covering 10 banks

116 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 385. BNR has not been able to demonstrate that the number of inspections carried out over the years were commensurate with the riskiness and materiality of the sectors as it has not conducted an entity risk assessment of all institutions falling under its purview, except the banking sector. Though an entity risk assessment was conducted for the banking sector, big banks which were risk rated as medium- high for ML/TF were not subject to annual onsite inspections as per the inspection cycle. BNR explained that for the period 2020/2021, the prevalence of COVID-19 limited the number of supervisory activities including onsite. During the year 2021/2022, only two AML/CFT inspections were conducted for banks and the other 4 banks were combined with prudential inspections. Further, it is only recently that BNR has started to conduct onsite inspections of non-deposit financial institutions (NDFIs). This could be due to the low level of dedicated staff for AML/CFT purposes, i.e., 12 staff for around 624 FIs. 386. CMA is in the process of developing and implementing risk-based supervision and is yet to come up with a risk-based supervision manual. In the past, CMA was looking at AML/CFT supervision as part of the prudential supervision. CMA did not demonstrate that the frequency and scope of its supervisory activities is risk-based. The sample of onsite inspection reports submitted were not supported by an indication of the risk profile of the entity and the relative scope of the onsite inspection. Hence, it could not be determined whether the depth/intensity of the inspections were risk- based. Further, all inspections conducted covered the same limited scope and the findings were quite general in nature. Table 6.4 outlines the number of desk-based reviews and inspections conducted in 2021 and 2022. CMA did not conduct any inspections or desk-based reviews from 2018 to 2020. CMA has not been able to demonstrate that the number of desk-based reviews and inspections carried out between 2021 and 2022 were commensurate with the riskiness and materiality of the sector. Three persons were responsible for AML/CFT supervision at CMA. Table 6.4: CMA Statistics on desk-based reviews and onsite inspections No of Entities in the Sector Desk Based Reviews Onsite Inspection Licence Category 2021 2022 2021 2022 Stockbrokers 7 5 6 6 5 Investment Managers 7 2 3 1 3 Investment Bank 2 1 Custodian 3 0 2 0 3 DNFBPs 387. The DNFBP supervisors are at an early stage of developing supervisory frameworks. FIC has provided all DNFBP supervisors with a manual on the conduct of inspections for assessing compliance with AML/CFT obligations. The manual provides guidance on onsite and offsite supervision including the conduct of risk-based supervision. However, the manual is quite high-

117 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 level. There is need to tailor make it for each DNFBP supervisor taking into consideration the diverse activities undertaken by various DNFBPs. Only FIC has conducted an entity risk assessment for 24 real estate agents. Following the risk assessment, FIC inspected 10 real estate agents and produced 1 report. The report provided overall findings and not institution- specific findings FIC did not demonstrate that the selection of the entities for inspections were informed by their risk profiles or that the scope of the areas examined was risk- based. Further, FIC did not demonstrate that the risk profile of the entities was reviewed subsequent to the findings of the onsite inspections. 388. RMB conducted 10 onsite inspections in the mining sector (out of 27 dealers of precious metals) from 12 to 19 June 2013, the scope of which included both AML/CFT and prudential requirements. MINICOM carried out inspections of both licensed casinos, in May 2023. The Bar Association and ICPAR have not yet started any onsite inspections for advocates and accountants. None of the inspections conducted at the level of these DNFBPs were risk based as they have not carried out any ML/TF risk assessment at firm’s level. 6.2.4. Remedial actions and effective, proportionate, and dissuasive sanctions 389. The supervisory bodies have powers to impose mostly administrative sanctions under the current AML/CFT legislative framework. However, sanctions have been imposed only by BNR to a limited extent. These limited financial sanctions do not seem to be proportionate, dissuasive and effective. Regarding the other supervisory authorities, in view of the fact that they have only recently put in place an AML/CFT supervisory frameworks, no sanctions have been applied. BNR 390. During the period under review, BNR has imposed monetary penalties on banks for an amount of RWF100,000 (USD 85) for each repetitive breach of AML/CFT requirements observed during onsite examinations (both prudential and AML/CFT), irrespective of the seriousness of the breach. The amount of RWF 100,000 (USD 85) for each breach is considered too low. Hence, the sanctions imposed were not proportionate and dissuasive. From the sample of sanctions provided, BNR imposed an approximate aggregate monetary penalty of RWF 2,100,000 (USD 1,783) for 21 breaches of AML/CFT requirements in 2021 while in 2022, it imposed an approximate amount of RWF 700,000 (USD 595) for 7 breaches. The breaches relate mostly to deficiencies pertaining to non-adherence to BO requirements, CDD, customer risk rating, customer regular reviews, absence of risk assessment, absence of internal audit review on AML/CFT requirements, non-reporting of cash transactions to FIC, absence of AML/CFT policies, staff training, etc. 391. In addition, from the sample of documents provided, assessors observed that following a self￾assessment questionnaire sent to some of its licensees on 31 May 2022, BNR has issued warning letters to them on lapses noted from the responses. The warning letters (9) were issued to banks on 8 December 2022 and 9 December 2022 and all of them had the same shortcomings (BO requirements and data quality issues on cash backed loans, trade finance and delivery channels) and they were given up to 23 January 2023 to address all deficiencies failing which sanctions would be applicable. Similarly, on 12 January2023, warning letters were issued to non-bank financial institutions for shortcomings observed (non-adherence to BO requirements, lack of AML/CFT policies and procedures, insufficient training, no policy for periodic AML/CFT risk assessment) and they were given up to end of February 2023 to address them, failing which,

118 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 sanctions would be applicable. Warning letters were also issued to mobile phone operators on 3 May 2023 and they were required to address all of them with immediate effect. The deficiencies noted therein relate mainly to lack of policies and procedures for AML/CFT, including CDD and KYC procedures, no analytical process for reporting STRs, non-adherence to BO requirements and no record keeping procedures. Warning letters were also issued to life insurance companies and they were given up to February 2023 to address all shortcomings and if not done, sanctions would be applicable. 392. Serious deficiencies were noted in relation to an onsite inspection conducted at a mobile operator particularly with respect to agents and merchant management. The deficiencies concerned due diligence process for agent recruitment and their ongoing monitoring. The agent did not have appropriate manual covering AML/CFT requirements including KYC and account opening procedures. Shortcomings were also noted in relation to SIM swaps by agents which increase the risks of fraud and there was also lack of fraud management policy among agents. The report contained remedial actions to be taken with set deadlines and BNR confirmed that the deficiencies had been addressed. In order to curb fraudulent activities associated with SIM swaps, the authorities introduced Regulation No 004/R/ICT/RURA/2018 on 26 April 2018. 393. In July 2022, BNR also suspended the license of one Payment Service Provider for AML/CFT violations, particularly CDD, transfer of funds to an account of related company which was connected with ML allegations in another country, transfer of funds to a company involved in crypto-asset business whose source had not been clearly identified, inability to explain the business conducted by company’s merchant base, of which some were involved in crypto-assets and forex trading business. 394. BNR has provided the statistics as outlined in Table 6.5 regarding sanctions applied. Rwanda clarified that eleven forex bureaus were sanctioned an amount of RWF 3,900,000 (USD 3,311) in 2019/2020, seven forex bureaus were sanctioned an amount of RWF 5,800,000 (USD 4,925) in 2020/2021 and five were sanctioned an amount of RWF 4,170,000 (USD 3,540) in 2021/2022 for deficiencies regarding AML/CFT matters. Monetary penalties were also imposed on other type of licensees for AML/CFT matters. The authorities confirmed that 4 banks were sanctioned for AML/CFT matters in 2019/2020, 9 banks in 2020/2021 and 5 banks in 2021/2022. Table 6.5: Statistics on Sanctions Imposed Type of sanction 2019/2020 (USD) 2020/2021 2021/2022 Administrative fine 29,292 13,840 41,264 Administrative fine for money and currency changing 4,976 3,540 Warning 34 76* Suspension of license nil -nil 395. BNR has provided the following statistics regarding warnings issued: - • Fourteen warning on BO requirements letters were issued to Banks in 2022/2023. • Twenty warning letters were issued to Banks in 2021 • Three warning letters were issued to life insurance companies in 2022/2023. • Four warning letters were issued to E-money issuers in 2021 and three in 2022/2023. • Two warning letters were issued to TCSPs in 2022/2023

119 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 • Ten warning letters were issued to NDFIs in 2022/2023. • Fourteen and Forty-five warning letters were issued to forex bureaux in 2021 and 2022 respectively • Fifteen warning letters were issued to microfinance institutions in 2022/2023 • Four warnings letters each in 2021 and 2022 were issued to MVTS. 396. Seventy-six (76) warning letters were issued to different institutions in 2022 while thirty-two warning letters were issued in 2023 with one license suspended in 2022/2023 by BNR. 397. The type of breaches against which sanctions were imposed in 2021 and 2022 by BNR is highlighted in the table 6.6. Table 6.6: Type of Sanctions Imposed Period 2021 2022 Types of breaches AML/CFT screening system, Customer Due Diligence, AML/CFT policy and procedure, Suspicious Transaction Reporting, AML/CFT training, Lack of beneficial ownership information. Lack of inadequate measures on UNSCRs. AML/CFT screening system, Customer Due Diligence, AML/CFT policy and procedure, Suspicious Transaction Reporting, AML/CFT training. Lack of inadequate measures on UNSCRs. 398. CMA and DNFBP Supervisors have not applied any sanctions to entities under their purview. The scope of the inspections carried out by CMA was quite limited and the onsite inspection reports contained recommendations with set timeline for addressing same. However, CMA did not demonstrate that any remedial letters were issued to the entities for addressing shortcomings within a set deadline nor that any follow up actions were taken. An independent audit firm, mandated by ICPAR, carried out compliance reviews on 42 licensed accounting firms to assess their AML/CFT programs and came out with a single report with recommendations. Major gaps were observed but no actions were taken by ICPAR. FIC issued a single report in February 2023 after conducting onsite inspections of 10 real estate agents. However, FIC did not demonstrate that it issued remedial letters despite major deficiencies noted. MINICOM also conducted two onsite inspections in June 2023 and issued two reports to the two casinos with recommendations but there was no set deadline or any follow up actions for addressing them. 6.2.5 Impact of supervisory actions on compliance 399. The supervisory authorities explained that the reporting persons’ level of compliance with AML/CFT standards has improved as a result of their offsite and onsite supervisory activities, namely, remediation, instructions issued and sanctions imposed. They further explained that they verify compliance with AML/CFT measures through onsite and offsite inspections, both general and targeted, assessing data and information on a regular basis and holding periodic meetings with internal audit, compliance and risk management. However, the Assessment Team found that the impact of supervisory actions was limited mainly because of limited supervisory actions.

120 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 BNR 400. BNR carried out inspections of some FIs and imposed sanctions and remedial actions which according to it have had an impact on the compliance culture of its entities. Among other interventions, it issued a General Guideline (No 3160/2021) to FIs on AML/CFT/PF in August 2021 on annual risk assessments. However, the deficiencies observed in the onsite inspection reports, the thematic and compliance reviews for banks and other regulated entities indicate that BNR’ actions had limited impact on the level of compliance. This can also be explained by the relatively low level of onsite and offsite inspections conducted by BNR in relation the number and the riskiness of the entities under its purview and sanctions imposed by it which were not dissuasive, persuasive and effective to provide adequate incentive for supervised entities to address the deficiencies. CMA 401. CMA was unable to demonstrate that inspections had an impact on the general level of compliance of its reporting entities since it was only recently that it has put in place supervisory frameworks for monitoring and ensuring compliance with AML/CFT requirements. Further, inspections were recently conducted and it has not imposed any sanctions to demonstrate enforcement of AML/CFT compliance. Taking into consideration the growth rate in some of the sectors supervised by it, namely, the assets managed by collective investment schemes which shot from RWF 1.4 billion in 2017/2018 to RWF 31.3 billion in 2021/2022 and the assets managed by the custodians which increased substantially from RWF 41 billion in 2018 to RWF 225.7 billion in 2022, onsite and offsite supervision conducted by CMA are viewed as largely insufficient to create an impact on the level of compliance. Further, it had a low level of resources, i.e., 3 staff for 24 reporting persons. 402. There is no indication that CMA followed up on the deficiencies noted during inspections, conducted awareness program or provided feedback to improve compliance. Further, lack of application of sanctions does not promote a compliance culture. DNFBP Supervisors 403. DNFBP supervisors were unable to demonstrate that supervisory activities impacted compliance of the institutions under their purview. Further, though some of the supervisors had recently started onsite examinations, the impact of such activities on the level of compliance couldn’t be determined as generally supervisors were not monitoring compliance, particularly in the high-risk sectors such as the real estate agents where risk of unregistered operators was very high and the ability of FIC to properly supervise the sector was compromised by the fact that there were no licensing requirements for real estate agents. Further, no sanctions have been imposed by DNFBPs’ supervisors to promote compliance of AML/CFT obligations. 6.2.6 Promoting a clear understanding of AML/CFT obligations and ML/TF risks 404. The supervisory authorities have undertaken some sessions to create awareness among reporting entities about ML/TF risks and their obligations. They promoted an understanding of the AML/CFT obligations by the FIs and DNFBPs through awareness campaigns, meetings with reporting persons, shows, trainings/workshops, establishment of ad hoc forum between supervisory authorities and reporting persons. However, the limited trainings conducted did not

121 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 cover a wide range of AML/CFT obligations, particularly TFS on TF and PF, BO requirements, transaction monitoring system, risk-based application of AML/CFT requirements etc. Awareness on the results of the NRA exercise was carried out to a limited extent while no awareness was conducted on the desk-based review (follow-up to the NRA). Hence, insufficient actions were taken to promote a proper understanding of ML/TF risks. 405. BNR conducted limited outreach sessions, as outlined in table 6.7 . The areas covered, amongst others, were the general introduction on AML/CFT, dissemination of the findings of the last MER in 2014, the NRA, the SRA and the AML/CFT obligations of FIs. Table 6.7: Outreach by BNR Date Institutions Targeted Institution No. of Participants 13/12/2022 Forex Bureaus 80 74 14/12/2022 Insurance 45 44 24/12/2022 NDFIs 30 26 16/01/2023 MFIs and SACCOs 509 496 17/02/2023 Banks 20 19 406. CMA also conducted one training session in 2021, two in 2022 and one in 2023. Given that the sectors under the purview of CMA were growing very fast with some sectors having high ML/TF risk, the number of trainings conducted by CMA is considered too low to enhance the understanding of AML/CFT obligations and ML/TF risks. Sensitisation at the level of the DNFBPs regarding AML/CFT obligations, done mostly at the level of FIC, was also considered as low to allow the DNFBPs to have a proper understanding of the risks faced by their respective sectors. Further, there was no indication that sensitisation done by BNR and the DNFBPs’ supervisors was targeted at the high-risk sectors. 407. BNR issued a guideline to all FIs under its purview in August 2021. CMA also recently issued an AML/CFT Guideline in 2023 to capital markets and this is yet to show impact on the implementation of AML/CFT obligations. Some of the DNFBP supervisors, namely, Ministry of Justice, Rwanda Mines and Petroleum Gas Board and FIC issued guidelines to the notaries, dealers in precious metals and stones and real estate agents respectively, highlighting their AML/CFT obligations. FIC also issued a guideline on STRs and beneficial owners which are applicable to all reporting persons. The above initiatives were taken only recently and hence it was too early to determine whether these initiatives have indeed promoted understanding of the AML/CFT obligations and ML/TF risks. Overall conclusions on IO.3 408. The financial sector of Rwanda has been growing very fast over the past five years. However, the supervisors have not kept pace in the enhancement of the AML/CFT risk management framework in line with the growth momentum. The supervisory activities are recent and their full effectiveness is yet to be seen, particularly for the securities market and DNFBPs. Though the

122 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 financial sector supervisors have market entry requirements, this is not extended to beneficial owners. The supervisors’ understanding of ML/TF risks varies among different supervisors. While BNR demonstrated some understanding of the ML/TF risks, the same could not be said for DNFBP supervisors. BNR and FIC have made efforts to put in place AML/CFT risk-based supervisory frameworks at entity level but are yet to fully implement them. The inspections which have been carried out show that the scope of the onsite inspections was generally inadequate and not commensurate with the risk profile of the institutions. Sanctions have been applied to a very limited extent and they are not proportionate, dissuasive and effective. Across the DNFBPs, AML/CFT supervision has just started and no sanctions have been applied to foster compliance. Further, as a result of the limited supervisory actions (which started quite recently), the impact on compliance of both the FIs and DNFBPs was low. Rwanda has not identified the ML/TF risks associated with VASPs and has not put in place adequate controls for mitigating the risks related to this area. 409. Rwanda is rated as having a low level of effectiveness for IO.3

123 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 7. LEGAL PERSONS AND ARRANGEMENTS 7.1. Key findings and recommended actions Immediate Outcome 5 Key Findings a) Information on the creation and types of legal persons and arrangements is publicly available at the front desk offices of the RDB and RGB and their respective websites. b) Measures to prevent the misuse of legal persons and legal arrangements in Rwanda are inadequate, more particularly, due to risks relating to legal persons and arrangements not having been identified, assessed and understood. c) Despite the RDB issuing guidance on identifying, maintaining and updating BO information, some relevant competent authorities and reporting entities still confuse legal ownership as beneficial ownership and have inconsistent thresholds of shareholding as basis for determining beneficial owners. Further, the concept of control by other means is barely considered in determining BO. d) Although the legal requirement to collect BO information has existed since 2021, RDB is still at an early stage of collecting BO information. e) To facilitate timely access to basic and BO information, RDB has granted direct access to some of the competent authorities and reporting entities, however there remains limited use of the information by the competent authorities. f) Reporting entities rely heavily on information held by RDB to verify basic and beneficial ownership information. Verification measures of both basic and beneficial ownership measures by RDB are inadequate, and as such, basic and beneficial ownership information accessed by competent authorities may not be up to date and accurate. g) Rwanda has not applied dissuasive and proportionate penalties for non-compliance with the requirements to keep basic and BO information accurate and updated. Recommended Actions a) Rwanda should conduct a ML/TF risk assessment of legal persons and arrangements in order to identify, assess, and understand the vulnerabilities, and the extent to which, legal persons and arrangements created in the country can be, or are being misused for ML/TF. b) Rwanda should implement measures to prevent the misuse of legal persons and arrangements for ML/TF purposes. c) RDB should expedite the process of collecting BO information on existing companies. d) RDB should continue with its efforts to determine the levels of compliance with requirements to hold accurate, adequate, and up- to- date basic and beneficial ownership information and take action to improve compliance levels, including by conducting further awareness activities to reporting entities and the public on compliance with transparency measures. e) RDB and RGB should monitor compliance relating to BO information requirements and obligations to identify non-compliance and apply dissuasive and proportionate sanctions for any identified

124 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 violations. 410. The relevant Immediate Outcome considered and assessed in this chapter is IO.5. The Recommendations relevant for the assessment of effectiveness under this section are R.24-25. 18 7.2. Immediate Outcome 5 (Legal Persons and Arrangements) 7.2.1 Public availability of information on the creation and types of legal persons and arrangements 411. Different types of legal persons can be created in Rwanda. Information on the creation and types of companies that can be created in Rwanda is publicly available on the website of the Rwandan Development Board (RDB) (https://brs.rdb.rw/busregonline). The RDB website has information on the creation of private companies, public companies, company limited by shares, company limited by guarantee and an unlimited company. Information on the creation and types of non-profit organisations (NPOs) including obtaining legal personality for them is available on the Rwanda Governance Board (RGB) website (https://www .rgb.rw/1/civil-society-faith-based￾and-political-organisations). The RGB is responsible for registration and monitoring of the operations of non-profit organizations (NPO), including foundations. Accordingly, the RDB and RGB websites provide information on the types of legal persons that can be created in Rwanda, guidance on how to set them up and information on obligations after incorporation. 412. Further, information on the creation and types of partnerships and trusts that can be created in Rwanda is publicly available on the website of RDB. The RDB website has information on the creation of the different types of partnerships recognised in Rwanda (General Partnership, Limited Partnership and Limited Liability Partnership). The RDB website also contains information on the creation and registration of foundations, particularly private and mixed foundations. Information on the creation and registration requirements for trusts is also available on the RDB website. Relevant supporting forms for registration of partnerships, foundation and trusts are also available on the RDB website. Further, RDB has a front desk unit at its premises where the public can obtain information on the creation and types of legal persons and arrangements. 7.2.2. Identification, assessment and understanding of ML/TF risks and vulnerabilities of legal entities 413. Rwanda has not conducted an ML/TF risk assessment in respect to legal persons and legal arrangements. 414. Further, the authorities have not demonstrated that they have an understanding of the vulnerabilities and the extent to which legal persons are or can be abused for ML/TF in Rwanda. When challenged during the onsite visit on the potential risks associated with nominee and 18 The availability of accurate and up-to-date basic and beneficial ownership information is also assessed by the OECD Global Forum on Transparency and Exchange of Information for Tax Purposes. In some cases, the findings may differ due to differences in the FATF and Global Forum’s respective Methodologies, objectives and scope of the standards.

125 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 fictitious shareholders on account of non-face to face registration process, the authorities indicated that there were no risks associated with that. However, intelligence reports from FIC provide some overview of some of the ML risks pertaining to fictitious shareholders and unreliable company certificates issued by RDB. In one of the reports, C was a holder of 3 national ID Cards and he used them interchangeably to register four different companies. Given the lack of verification measures by RDB, this presents a significant risk of inaccurate basic and beneficial ownership information being held by RDB and non-existent people being identified as the beneficial owners of legal persons. The risk presented by the unreliability of basic and beneficial ownership information held by RDB is heightened by the fact that RDB had in the same case issued different company registration codes with respect to one company related to C. An indication that with the complicity of officers from RDB, criminals may abuse legal persons by creating a network of non￾existent companies with certificates issued by RDB in relation to non-existent natural persons. The extent of this risk is not known as there was no risk assessment carried out by the authorities. 7.2.3. Mitigating measures to prevent the misuse of legal persons and arrangements 415. In the absence of a risk assessment and clear demonstration of understanding the risks that legal persons and arrangements can be exposed to, the assessors could not determine whether the authorities have put in place effective mitigation measures specifically intended to prevent their misuse. This is particularly so as Rwanda has a deliberate plan to become an IFC and thus attract foreigners to invest in Rwanda through the use of legal persons and legal arrangements. In this regard, Rwanda has since 2021 introduced registration and creation of partnerships and re-enacted the law on trusts in an effort to accommodate foreign investors. The concept of trusts and partnerships are consequently at an early stage of being understood by competent authorities and reporting entities. Coupled with the limited understanding of the structures introduced to attract foreign direct investment, it is the obvious intention to promote ease of doing business and balancing that with compliance of measures implemented to prevent the misuse of legal persons and legal arrangements. These measures include efforts to promote the transparency of legal structures by collecting basic and beneficial ownership information; assessing compliance levels with transparency requirements; undertaking awareness activities; and introducing laws prohibiting the use of bearer shares and requiring nominee shareholders and directors to disclose their nominator. 416. With respect to promoting transparency, all legal persons created in Rwanda are required to be registered. In order to facilitate ease of registration, all registrations are done online. This on its own, encourages most of the companies created in Rwanda to be formally registered which provides the RDB with both basic and BO information on the legal person. Further a consent form by the directors and shareholders is required to be part of the uploading documents during the registration process. Registration of partnerships and trusts is done physically at the headquarters of RDB in Kigali. 417. However, with respect to online registration, there are limited verification mechanisms for citizens as they only need to input their identification numbers and are not required to submit a notarized copy of their identity card. Whilst a consent form by directors and shareholders is required to be uploaded, there are no measures to verify its accuracy, for example, requiring the consent form to be notarized. The absence of physical interaction between the registry bodies and

126 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 the applicants together with accepting non-notarised documents, enables the use of multiple IDs by one person to set up different companies as highlighted at paragraph 416 above. 418. In relation to risk posed by registering companies for foreigners, RDB indicated that there is an administrative requirement for foreigners to upload notarised copies of the relevant documents including passport copies. RDB indicated that prior to registration the documents are inspected by officers of RDB to satisfy themselves that the copies are notarised and consistent with information captured in the online application. However, when the Assessors conducted an online test run of the system by registering an account which enables one to register a company, they used a non￾notarised copy of the passport and the account was active within a few minutes, indicating that the administrative measure may not exist or has lapses in application. 419. During the application for registration, there is a requirement to indicate that a person is not disqualified from holding the directorship or management and this includes confirming whether one has a criminal record. There is no requirement however to provide relevant documents indicating clean criminal record and there is no independent check by the authorities. This may enable having unfit people as shareholders or directors of legal persons. 420. The concept of beneficial ownership is at an early stage of being developed in Rwanda as by law, it was introduced into the various laws for legal persons and legal arrangements in 2021 and its implementation only commenced in late March 2023 for companies, whilst there is limited to no compliance by trustees and partners. Additionally, there is varied and limited understanding of what beneficial ownership means with focus placed on beneficial ownership through legal ownership and at a very low level, to control by other means. Particularly, some of the competent authorities and reporting entities still confuse legal ownership as beneficial ownership, or have inconsistent thresholds of shareholding as basis for determining beneficial owners. Consequently, reliance on beneficial ownership information by competent authorities for AML/CFT purposes is at an early stage and limited. The RDB had however of recent issued guidance (March 2023) to legal persons and legal arrangements on their obligation to identify, maintain and update beneficial ownership requirements. By the time of the on-site visit, it was still too early to determine the impact of the guidance on the understanding of the concept of BO by both competent authorities and reporting entities. 421. RDB in March 2023 issued a self-assessment questionnaire to 149,321 companies in order to determine the level of compliance with the Company Law including BO obligations. The report indicated that 2,794 companies completed the self-assessment questionnaire and out of that number 34 per cent had been complying with their annual returns’ obligation. It further indicated the need to re-enforce education in compliance, especially on BO related obligations. To this end, RDB deployed 40 officers on 26 April 2023 to support companies with the compliance exercise and 17,773 companies were assisted through this measure. Additionally, RDB has conducted a number of awareness activities including 11 trainings to company managers, Irembo agents, tax advisors, advocates, professional bailiffs, tax advisors, certified public accounts, BDA (Business Development Advisors) and cybercafe owners from 13 districts. Other awareness activities included appearances on television and radio programmes and publishing of articles in newspapers. The assessment team could not determine the impact of these awareness activities and self-assessment measures given that they were implemented just prior to the onsite visit. However, sustaining these awareness activities is key to ensuring improved compliance with measures meant to prevent the misuse of legal persons and arrangements for ML/TF purposes.

127 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 422. With respect to the measures to remove obstacles to transparency, Rwanda on the 30th of March 2023 introduced laws prohibiting the issuance of bearer shares and requiring nominee shareholders and directors to disclose their nominator. However, at the time of the onsite, the authorities did not demonstrate mechanisms introduced to remove obstacles to transparency. Overall, Rwanda has not adequately demonstrated how well it has implemented measures to prevent the misuse of legal persons and arrangements for ML/TF purposes. 7.2.4. Timely access to adequate, accurate and current basic and beneficial ownership information on legal persons 423. Basic information on legal persons and legal arrangements is publicly available and can be accessed by the public and competent authorities through written requests to the RDB. For the public, access is made upon payment of RWF 5000 (USD 4) but is freely available to competent authorities. From 1 January to 31 May 2023, 543 basic company information search requests were received in total by RDB. However, the lack/inadequacy of verification measures by RDB (paragraphs 418, 419 and 420 above) and the low levels of compliance with requirements for submission of annual returns by companies (paragraph 422 above), means the public and competent authorities are likely to access basic information that is not accurate and current, albeit adequate. 424. In an effort to avail basic information in a timely manner, RDB has granted direct access to some competent authorities and reporting entities. However, only four competent authorities have used the direct access link being the Directorate General of Immigration & Emigration, Rwanda Revenue Authority, Rwanda Mining Board and Office of the Ombudsman. The RIB and the NPPA, which are the only investigative authorities in Rwanda, have not used the link to access basic information on companies from the RDB. The FIC has however, since 1 January to 31 May, 2023 made 174 requests for basic information from RDB. Requests for information are typically responded to within 3 days of the receipt by RDB. Similar process to obtain basic information on legal persons is used to access beneficial ownership information from RDB. However, prior to March 2023, RDB was not collecting beneficial ownership information for companies and consequently competent authorities could not access it either through written or direct access. At the time of the onsite, about 704 companies out of 150, 000 companies had provided BO information to RDB. Consequently, competent authorities are only likely to access adequate, accurate and current beneficial ownership information from RDB to a limited extent in a timely manner. 425. The understanding of beneficial ownership by reporting entities is varied and not consistently implemented. Further, reporting entities are at an early stage of implementing beneficial ownership requirements in the CDD obligations. FIs compared to other reporting entities demonstrated a better understanding of BO obligations although they rarely consider the concept of control by other means. In addition to that, most FIs started implementing their BO obligations in 2022 and some are yet to link the data collected to the core banking system. Consequently, competent authorities are only likely to access adequate, accurate and current beneficial ownership information from reporting entities to a limited extent in a timely manner.

128 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 7.2.5 Timely access to adequate, accurate and current basic and beneficial ownership information on legal arrangements 426. RDB is responsible for the registration of partnerships and trusts and currently conducts registration manually, unlike for companies. Partners and trustees are required to collect adequate, accurate and current beneficial ownership information of partnerships and trusts, respectively, through maintaining an internal register of beneficial owners. They are required to feed the national register of BO for partnerships and trusts by filing the information with RDB within 14 days of collecting or updating the information. RDB has issued guidelines to partners and trustees on what BO information is and how to collect and maintain it. Further, RDB has issued a template that partners and trustees can use to create their internal BO registers. However, Rwanda is at an early stage of collecting adequate, accurate and current beneficial ownership information on legal arrangements and compliance with the requirements is still low. 427. RDB on 8 March 2023 issued a self-assessment questionnaire to partners and trustees in order to assess the level of understanding and compliance with BO obligations. The analysis of the responses to the questionnaire indicated that the partners and trustees are still at an early stage of understanding and implementing BO obligations. Additionally, reporting entities are still at an early stage of understanding the concept of partnership and trusts. Further, RDB has not applied verification processes to ensure that the information provided by the partners and trustees is accurate and current. Consequently, competent authorities are only to a limited extent likely to access adequate, accurate and current BO information from RDB, reporting entities, partners and trustees. 7.2.6. Effectiveness, proportionality and dissuasiveness of sanctions 428. The Rwandan laws provide a wide variety of sanctions for failure to comply with information requirements (see c. 24.13, 25.8). The sanctions provided in these laws compared to other criminal sanctions applied in Rwanda are considered to be proportionate and dissuasive. RDB has so far issued one administrative sanction of RWF 500,000 (USD 425) to one company for providing false accounting information in an annual return which cannot be considered to be proportionate and dissuasive looking at the conduct of the company. Additionally, in March 2023 Rwanda removed 7810 companies from its register for failure to submit annual returns and dormancy, that is, for having de-registered as taxpayers from the Rwanda Revenue Authority without having applied for removal from the register of companies in RDB. Given the recent and limited use of the removal/striking off from the companies register sanction, the assessors could not determine the effectiveness of its application. Overall, there has been very limited application of the sanctions in practice. Therefore, to a large extent no effective, proportionate and dissuasive sanctions have been applied for non-compliance with basic and BO information requirements. Overall conclusions on IO.5 429. Information on the creation of legal persons and similar arrangements that can be created in Rwanda is publicly available. Further, Rwanda has not identified, assessed and understood the vulnerabilities, and the extent to which legal persons and arrangements created in the country can be, or are being misused for ML/TF. Rwanda has also not demonstrated how well it has implemented measures to prevent the misuse of legal persons and arrangements for ML/TF purposes. Whilst some competent authorities have direct access to adequate, accurate and current

129 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 basic and beneficial ownership information on legal persons, the access has its limitations as there are issues with its accuracy and RDB is at an early stage of collecting BO information. RDB has sanctioned only one company for providing false information in its annual return and the sanctions was not dissuasive enough. Rwanda has also used removal from the company register as a sanctioning tool, however the effectiveness of this could not be assessed due to the recency of use and limited use. Fundamental improvements are needed and therefore Rwanda is rated as having a low level of effectiveness for IO5. Overall, no effective, proportionate and dissuasive sanctions have been applied. Fundamental improvements are needed and therefore Rwanda is rated as having a low level of effectiveness for IO5. 430. Rwanda is rated as having a Low level of effectiveness for IO.5.

130 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Chapter 8. INTERNATIONAL COOPERATION Immediate Outcome 2 Key Findings a) Rwanda has a legal framework on international cooperation and has several bilateral and multilateral agreements on the provision of international cooperation and exchange of information. b) Rwanda is facing challenges in providing and seeking timely and appropriate MLA and extradition assistance since there is no mechanisms to prioritise the requests for freezing or recovery of the proceeds identified through the initial MLA request. c) Rwanda does not have a proper case management system to monitor progress on MLA and extradition leading to inadequacies in tracking and making follow ups on MLAs and extradition sought. d) Although mechanisms for international exchange of basic and beneficial ownership information of legal persons and arrangements are in place, and Rwanda has not yet exchanged information on BO. Recommended Actions a) Rwanda should establish an efficient case management system in the central and competent authorities for the collection and dissemination of MLA and extradition information including requests made, requests received, actions taken, and quality of the information obtained as well as the duration of the response to improve collection of statistics on international cooperation. b) Competent authorities in Rwanda should proactively seek MLA and extradition in line with the ML risk profile of the jurisdiction including for purposes of asset recovery. c) The LEAs and other competent authorities should develop and implement proper processes, procedures and case management system and maintain proper AML/CFT statistics in relation to other forms of international cooperation necessary to review the effectiveness of the measures relating to provision of international cooperation and exchange of information. 431. The relevant Immediate Outcome considered and assessed in this chapter is IO.2. The Recommendations relevant for the assessment of effectiveness under this section are R.36-40. Immediate Outcome 2 (International Cooperation) Background and Context 432. Rwanda is a landlocked country situated in the Great Lakes Region in Central Africa and shares borders with Uganda, Tanzania, Burundi and Democratic Republic of Congo. Owing to the presence of terrorist organisations in the Great Lakes Region, Rwanda is exposed to transnational ML/TF risks emanating from the Region. Rwanda has, to some extent, enabling legal and institutional frameworks to support provision and seeking of international cooperation. The Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters and Law N° 8.1. Key Findings and recommended actions

131 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 69/2013 of 02/09/2013 on extradition provides for MLA and Extradition respectively. There are also other arrangements through signed MoUs, bilateral agreements and multilateral arrangements. 8.2.1. Providing constructive and timely MLA and extradition MLA 433. Rwanda uses the Ministry in charge of Foreign Affairs as the Central Authority in the transmission and execution of requests for MLA. The requests are received by the Unit in charge of records management for immediate attention by the Legal Officer at the Ministry of Foreign Affairs. The legal officer after analysing the request, prepares a transmission letter for signature by the Permanent Secretary and onward transmission to the NPPA as the competent authority and Ministry of Justice for noting. It is general practice for correspondences by the Ministry of Foreign affairs to be attended to within the same day, however where receipt was after hours, action will be taken by close of business on the next day. 434. At the NPPA, the request is marked for the attention of the Prosecutor General who then assigns it to the International Crimes Unit (ICU) within the International Crimes Department. The unit has nine National Prosecutors and one Assistant Prosecutor who have been appropriately trained to handle international cooperation Upon receipt of the MLA request, the ICU performs an analysis to verify whether the request satisfies the legal requirements. All requests and their annexes must be in, or accompanied by, a translation in Kinyarwanda, English, or French (Article 6 of the MLA Law). They must specify all the following necessary elements to enable their execution according to the type of assistance requested: • the nature of the mutual legal assistance requested; • the purpose of the mutual legal assistance sought; • the link between the criminal matter that took place in Rwanda and the mutual legal assistance sought; • the details of any procedure that requires to be followed by law in Rwanda; • the time limit within which compliance with the request is desired, stating reasons for the suggested time limit; • the nature of the criminal matter, and indicating whether proceedings have been instituted or not; • a reasonable cause to believe that an offence has been or is being committed, with a summary of facts in case proceedings have not been instituted; • the details of the court exercising jurisdiction in the proceedings; • the identity of the suspect; • the offence(s) of which the person is suspected to have committed, a summary of the facts and the penalties which may be imposed; • the stage reached in the proceedings, and any date fixed for further stages in the proceedings in case criminal proceedings have been instituted; and • any other relevant information that may assist in giving effect to the request. 435. There is a requirement (Article 11 of Law on MLA) for the authorities to respond to foreign MLA requests within three months but depending on the type or complexity of the issues underlying the request received, the authorities may take longer, in which case, they provide an update every three months to the requesting state. The NPPA has investigative powers and decides

132 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 on a case-by-case basis whether to undertake investigation by itself or refer the investigations to RIB in order to respond to the MLA request. Where investigations are referred to RIB, the Prosecutor General makes the request for investigation through a letter to the Secretary General of RIB. The letter from the Prosecutor General will include the MLA request and timelines to conclude the investigations as the law requires the MLA request to be responded within three months. 436. During the review period Rwanda received one MLA request on forgery which was received on 12 December 2017 and responded to on 4 November 2019. The authorities attributed the delay to lack of sufficient particularities on the request which necessitated carrying out investigations. However, the assessors are of the view that the delay is attributable to the lack of mechanisms to assess and/or monitor the quality of the request received and measures to deal with poor quality requests. Extradition 437. Incoming extradition requests are received by the Ministry of Foreign Affairs and forwarded to the Ministry of Justice in a similar process for attending to incoming MLA requests. The Ministry of Justice as the competent authority attends to the request where the treaty between the countries does not require court process. In such a case, the Ministry of Justice administratively issues an extradition order in accordance with Article 11 of Law of Extradition. However, the Ministry of Justice must first consider if the request meets the legal requirements before surrendering the subject. Where the treaty between Rwanda and the requesting state requires court process, the Ministry of Justice forwards the request to the NPPA for action. The Prosecutor General assigns the request to the International Crimes Unit for action and prosecution of the extradition request at court. During the review period, Rwanda received one extradition request in relation to the offence of issuing a bouncing check which was received on 6 May 2019 and the subject was surrendered on 19 May 2019 through an administrative order issued by the Ministry of Justice. 438. Rwanda to some extent is able to provide timely extradition given that the subject, in the single request received during the review period, was surrendered within two weeks of receipt of the request. However, Rwanda has not provided timely and constructive MLA assistance given the duration of nearly two years to respond to a single MLA request that it received during the review period. The lack of mechanisms to assess and/or monitor the quality of the requests received and measures to deal with poor quality requests is affecting the ability of Rwanda to provide timely and constructive MLA assistance. 8.2.2. Seeking timely legal assistance to pursue domestic ML, associated predicates and TF cases with transnational elements Outgoing MLA 439. For outgoing requests, the NPPA as the competent authority and through the International Crimes Unit, formulates and drafts MLA requests for consideration by the Ministry of Justice, another competent authority. The Ministry of Justice upon being satisfied that the requests comply with law on MLA, the relevant bilateral or multilateral treaty and the domestic law of the requested State, forwards the request to the Ministry of Foreign Affairs for onward transmission to the requested state.

133 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Table 8.1: Rwanda has made MLA requests as depicted by the table below Offence Country Requested Date of Request Status Fraud Nigeria and Spain 20/02/2017 Response from Nigeria received on 15/04/2018 and response from Spain received on 22/11/2017 however the authorities did not consider the response useful to the investigations Forgery Belgium 03/02/2017 Request still pending with no feedback provided and no follow up made by Rwanda Fraud USA and Canda 05/02/2017 to both countries Joint response received on 24/11/2020 and no follow up was done prior to receiving response. Proceeds identified in Canada but no further assistance to freeze and recover proceeds undertaken. Fraud Uganda 29/05/2017 Request still pending with no feedback provided and no follow up made by Rwanda Fraud Switzerland 17/01/2019 Response received on 03/06/2019 and was useful to investigations Fraud Belgium 17/01/2019 Response received on 4/10/2019 Fraud Japan 20/10/2020 No feedback received and no follow up done Money Laundering Uganda and Kenya 29/10/2022 Request still pending with no feedback provided and no follow up made by Rwanda Fraud USA and Belgium 02/02/2022 Request still pending with no feedback provided and no follow up made by Rwanda Fraud UAE 06/03/2022 Request still pending with no feedback provided and no follow up made by Rwanda Fraud Senegal Guinee Conakry 18/08/2022 Request still pending with no feedback provided and no follow up made by Rwanda Fraud Belgium 02/02/2022 Request still pending with no feedback provided and no follow up made by Rwanda Money Laundering/ TF Belgium 18/5/23 Request still pending with no feedback provided and no follow up made by Rwanda Money Laundering and TF Kenya 18/5/23 Request still pending with no feedback provided and no follow up made by Rwanda Money Laundering and TF France 18/5/23 Request still pending with no feedback provided and no follow up made by Rwanda 440. In addition to the above table of 15 MLA requests, the NPPA indicated that there was another MLA request made to Tanzania based on the predicate offence of fraud but failed to provide details of when the request was made, the status and usefulness of the information received, if any. Further, the said MLA request to Tanzania was not corroborated by information received from the Ministry of Justice, indicating lack of proper case management system. However, of the 16 MLA

134 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 requests, 12 are related to predicate offences and four to ML/TF of which three requests included both ML and TF offences in the same request and were with respect to one criminal investigation. The authorities have not submitted comprehensive evidence of the timeliness of the MLA requests and it is unclear when the offences occurred, when investigations commenced and the time it took for MLA request to be made. For some of the MLA requests done, the authorities provided samples of the MLA requests and it was possible in some of them to deduce the timeliness of such requests. The analysis indicates varied timeliness with some MLA requests made within two months of the offence while for others, it took over 34 months. Of the 16 MLA requests, only two have been responded to with varied response time of one year in one request and almost three years in another. The authorities indicated that in some instances, the MLA was useful and assisted the authorities to secure convictions and identify proceeds moved to other jurisdictions. However, Rwanda did not follow up with a request for freezing or recovery of the proceeds identified through the initial MLA request. Rwanda has not submitted reasons for the delayed responses or non-response to the other 14 requests. Further, Rwanda does not make follow ups on the delayed responses, suggesting that the lack of proper case management is hampering its ability to track MLA requests. The AT is of the view that the International Crimes Unit within the NPPA is not adequately staffed to prepare and follow up on outgoing MLA requests. Consequently, Rwanda is not proactive in seeking MLA. Based on the foregoing, it can be concluded that Rwanda is facing challenges in seeking mutual legal assistance in an appropriate and timely manner. Extradition 441. Outbound extradition requests are prepared by the Ministry of Justice in collaboration with NPPA and forwarded to the Ministry of Foreign Affairs for transmission to the requested country. Table 8.2 reflects Rwanda’s extradition requests: Table 8.2: Extradition requests by Rwanda Offence Country requested Date of request Status Fraud Forgery South Africa 17/05/2018 Pending execution with no feedback and no follow up made by Rwanda Forgery Kenya 04/02/2020 Pending execution with no feedback and no follow up made by Rwanda Fraud and deceit UAE 14/06/2021 Pending execution with no feedback and no follow up made by Rwanda Fraud and deceit Kenya 02/01/2022 Pending execution with no feedback and no follow up made by Rwanda Terrorism USA Pending execution with no feedback and no follow up made by Rwanda Issuing a bouncing check Ethiopia 28/09/2022 Pending execution with no feedback and no follow up made by Rwanda 442. Rwanda has made six extradition requests all of which are based on predicate offences with no request related to ML/TF. Rwanda has not been successful in extraditing any of its fugitives and the authorities could not provide reasons on why the requests are still pending. At the time of the onsite visit, the IECMS, being the electronic records system used by Rwanda did not include MLA and extradition requests. The lack of a proper case management system for MLA and

135 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 extradition is contributing to the failure by the authorities to adequately track and make follow up on pending extradition executions. Consequently, Rwanda is facing challenges in seeking extradition in an appropriate and timely manner. 8.2.3. Seeking and providing other forms of international cooperation for AML/CFT purposes 443. The competent authorities in Rwanda have enabling provisions to provide and seek international cooperation with their counterparts (see Rec 40). They have bilateral and informal arrangements with several jurisdictions on the exchange of information and rendering assistance to each other in matters of mutual interest. Further, competent authorities in Rwanda have, to some extent, sought and provided other forms of international cooperation to exchange financial intelligence, supervisory, law enforcement, and other information with their foreign counterparts for AML/CFT purposes. FIU to FIU 444. During the review period, the FIC sought other forms of international cooperation with its foreign counterparts, making a total of 20 requests of which, 14 were responded to. FIC has not signed MOUs with its counterparts and is not a member of EGMONT Group, affecting its ability to exchange information with its other counterparts. Exchange of information with foreign counterparts made possible by MLA law and undertaking by FIC in its request for information to honour any future request by its foreign counterpart. From the data provided by the authorities, the assessors could not determine the purpose of the requests and whether FIC sought assistance in a timely manner. Table 8.3: FIC requests for Information with foreign counterparts Country requested Total amounts involved (USD) Number of requests Number of requests responded Number of requests not responded Botswana 313,425 1 1 0 Kenya 1,229,928 2 2 0 Mozambique 3 0 3 Mauritius 959,077 1 0 1 Singapore 959,077 1 1 0 Tanzania 180,000 2 2 0 United Kingdom 959,077 8,920 3 2 1 United States of America 959,077 1 0 1 Zambia 4,787 5 5 0 Denmark 142,000 1 1 0

136 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Requests received by FIC 445. During the review period, FIC received two requests from its foreign counterparts and provided responses to all of them. However, it is not clear how long FIC took to respond to the requests and whether the foreign counterparts provided feedback. Table 8.4: Requests received by the FIC from foreign counterparts Country Total requests received Number of requests responded Number of requests pending Ethiopia 1 1 0 Botswana 1 1 0 RIB 446. The RIB has entered into MoUs with several foreign investigative agencies. Additionally, RIB through its domestic cooperation and MoU with RNB, utilizes Interpol to exchange information with foreign counterparts. In this regard, RIB has made 51 requests through Interpol and received six (6) requests through the same channel. Whilst RIB has responded to all requests, it received feedback on only seven (7) outgoing requests with three (3) of them requesting formal MLAs in order to provide the information requested. RRA 447. The RRA has entered into 13 bilateral double tax agreements in order to collaborate with foreign jurisdictions to tackle tax evasion by exchanging information for tax purposes. Additionally, Rwanda is a party to the Convention on Mutual Administrative Assistance in Tax Matters (MAAC) which took effect in Rwanda in December 2022. The MAAC has been signed by at least 147 countries and provides for all possible forms of administrative cooperation between states in the assessment and collection of taxes. This cooperation ranges from the exchange of information [on request (EOIR), automatic exchange of information (AEOI)], to the recovery of foreign tax claims. The RRA using its international cooperation mechanisms has made eight (8) outgoing requests, received five (5) incoming requests, and three (3) collaborations. BNR 448. The BNR has entered into a number of MoUs with its foreign counterparts and has conducted joint inspections on a bank with its foreign counterpart. Additionally, BNR has sought and provided information to its foreign counterparts on beneficial owners of the banks when conducting fit and proper assessments. 8.2.4. International exchange of basic and beneficial ownership information of legal persons and arrangements 449. Rwanda has neither made nor received requests for BO information for the period under review. Similarly, competent authorities have not requested and obtained basic BO information on behalf of their foreign counterparts. The AT is of the view that the challenges relating to the accuracy of basic and beneficial ownership information together with the fact that RDB is at an early stage of collecting BO information have a cascading effect on this core issue and likely

137 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 negatively affect Rwanda’s capability to respond to a request for basic and BO information requests. Overall conclusions on IO.2 450. Rwanda has legal and institutional frameworks to execute MLA and extradition requests as well as to provide other forms of international cooperation. To some extent, Rwanda has successfully provided and sought international cooperation through both formal channels and other forms of cooperation to pursue criminals and the proceeds in other jurisdictions. However, Rwanda does not have a mechanism to assess and/or monitor the quality of the requests received and measures to deal with poor- quality requests. Additionally, Rwanda is facing challenges in seeking MLA and extradition in an appropriate and timely manner given the delayed responses, lack of follow- up, and the failure to initiate asset recovery where prior MLA assistance has led to the identification of proceeds that have been moved to other jurisdictions. Further, the lack of proper case management is hampering Rwanda’s ability to track MLA and extradition requests. 451. Rwanda is rated as having a Low level of effectiveness for IO.2.

138 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 TECHNICAL COMPLIANCE ANNEX

1. This annex provides detailed analysis of the level of compliance with the FATF 40 Recommendations in their numerical order. It does not include descriptive text on the country situation or risks, and is limited to the analysis of technical criteria for each Recommendation. It should be read in conjunction with the Mutual Evaluation Report.
2. Where both the FATF requirements and national laws or regulations remain the same, this report refers to analysis conducted as part of the previous Mutual Evaluation in 2014. This report is available from https://www.esaamlg.org/index.php/Mutual_Evaluations/readmore_me/26. Recommendation 1 – Assessing risks and applying a risk-based approach This is a new Recommendation which came into force in 2012 after completion of the First Round of MEs and therefore Rwanda was not assessed on this in the 2014 MER. Criterion 1.1 – (Met) - Rwanda conducted its NRA on ML/TF in 2017-2018 using the World Bank Assessment Tool. The report was published in December 2018. Participants in the Assessment were drawn from a diverse field of government officials and some participants of the private sector and civil society. The NRA used a wide range of information, including analysis of the legal framework and data on predicate crimes. Among other things, the NRA report indicates the ML and TF risks and highlights the highest proceeds generating crimes and their ranking as well as the ML risk ratings of various key sectors of the country. Criterion 1.2 – (Met) – The 2017-2018 National Risk Assessment was conducted under the coordination of the National Public Prosecution Authority and the National Bank of Rwanda assumed the secretariat role. However, since the publication of the NRA report, Rwanda has enacted the Law N° 045/2021 of 18/08/2021 governing the Financial Intelligence Centre and article 7 (9°) of the same Law has designated the Financial Intelligence Centre (FIC) as the competent authority to coordinate the assessment of risks likely to arise from money laundering, terrorism financing and proliferation financing at national level. Criterion 1.3 – (Met) –Rwanda has carried out a desk review of the NRA in order to update the findings of the NRA 2019 Criterion 1.4 – (Partly Met) – Rwanda provided information on the results of the national risk assessment to all relevant competent authorities, SRBs, FIs and DNFBPs through publication of NRA on the FIC and BNR websites. Rwanda further shared the results of the NRA through one day workshops to competent authorities but limited participation of private sector stakeholders. Moreover, the results were shared on the FIC website on 08.08.2019 about five months after the adoption of the NRA, and there were no other mechanisms for providing information on the results of the NRA to the relevant private sector stakeholders. Rwanda carried out a one-day workshop informing the relevant private sector stakeholders of the results of the NRA in 2023.

139 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 1.6(a)&(b) – (N/A) – Rwanda applies full range of AML/CFT obligations on FIs and DNFBPs covered under the FATF Standards. Criterion 1.7(Met) – (a) Art 8(e)(iii) of the AML/CFT law 2023 requires reporting person to take enhanced measures to manage and mitigate the risks if higher risks have been identified. (b) Art 8(b)(i) of the AML/CFT law 2023 requires reporting persons to undertake the risk assessment that is proportionate to the nature and size of the reporting person’s business and to also highlight the higher risks of the NRA. Criterion 1.8 (Met) - Rwanda’s AML/CFT regime (Articles 8(e)(iv) and 17(2) of AML/CFT Law No 028/ 2023 allows simplified due diligence provided a low risk has been identified. Criterion 1.9 (Met) - Supervisors and SRBs are required to ensure that FIs and DNFBPs are implementing their obligations under R1 (Art 41(b) and Art 42 of AML/CFT Law No 028/ 2023). Criterion 1.10 (a)– (Met) - Article 8 of the AML/CFT Law No 028 /2023 imposes obligations on reporting persons to conduct ML/TF risk assessment related to customers, countries or geographic areas and products, services, transactions and delivery channels, The risk assessment needs to be documented by virtue of Article 8 (ii) of the law. Criterion 1.10 (b)– (Met) – Article 8(d) of the 2023 AML/CFT Law requires FIs and DNFBPs to consider all relevant risk factors before determining the level of their overall risk and develop and maintain programmes to mitigate risk of ML/TF/PF. Criterion 1.10 (c)– (Met) – Article 8(b)(ii) of 2023 AML/CFT Law requires FIs and DNFBPs to keep their risk assessments up to date. Criterion 1.10 (d)– (Met) –Article 8(b) (iv) requires FIs and DNFBPs to have appropriate mechanism in place to provide risk assessment information to supervisory authorities. Criterion 1.11 (a) – (Met) –FIs and DNFBPs are required to develop and maintain programmes to mitigate ML/TF/PF risks, including policies, controls and procedures approved by senior management to enable them to manage and mitigate the risks that have been identified (Article 8 (e) (i) of 2023 AML/CFT law). Criterion 1.11 (b) – (Met) –Article 8(e) (ii) of the 2023 AML/CFT Law requires FIs and DNFBPs to monitor the implementation of the controls and to enhance them if necessary. Criterion 1.11 (c) – (Met) Article 8(e)(iii) of 2023 AML/CFT Law requires FIs and DNFBPs to take enhanced measures if higher risks have been identified at institutional, sectorial and national levels. Criterion 1.12 – (Met) Article 8(e)(iv) of the 2023 AML/CFT Law allows FIs and DNFBPs to take simplified measures to manage and mitigate risks, if lower risks have been identified. Criterion 1.5 – (Partly Met) – The authorities have not demonstrated that Rwanda allocates its resources and implements AML/CFT measures based on the authorities understanding of ML/TF risks. While it is noted that Rwanda had developed an Action Plan, the activities and the specific timelines by each authority for implementation was not provided.

140 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Furthermore, Article 7 (2) of FIC Regulations No 002/FIC/2023 requires that simplified measures should not be undertaken whenever there is suspicion of ML/TF/PF. Weighting and Conclusion There are some minor deficiencies with regards to the mechanisms for providing information on the NRA and risk-based approach to allocation of resources in Rwanda Rwanda is rated Largely Compliant with the Recommendation 1. Recommendation 2 - National Cooperation and Coordination In its 1st Round MER, Rwanda was rated partially compliant (formerly R31). The main technical deficiencies were that there was lack of a mechanism to ensure cooperation amongst all relevant authorities and coordination of the development and implementation of AML/CFT policies and activities and there was no bilateral exchange of information between the FIU, LEAs, and supervisory authorities. The new requirements relate to cooperation in the context of proliferation financing and compatibility of AML/CFT requirements and data protection and private rules. Criterion 2.1 – (Met) Rwanda adopted its National Policy for Combatting Money Laundering, Financing of Terrorism and Financing of Proliferation of Weapons of Mass Destruction in March 2023. The policy describes the priorities and strategic objectives in preventing and fighting financial crimes, and assists Rwanda to meet its international AML/CFT/CFP obligations and it is informed by the risks identified in the 2017-2018 NRA on ML/TF. The Policy informs that the National Policy will be reviewed every four years. Criterion 2.2 – (Met) – Art 3 of the Presidential Order No 100/01 of 26/08/2021 provides that the National Coordination Council has been designated as an authority that is responsible for developing, monitoring and coordinating national AML/CFT policies within Rwanda. Criterion 2.3 – (Met) – The National Coordination Council (NCC) established under Art 3 of the Presidential Order No 100/01 of 26/08/2021 provides for platform for the FIC, LEAs, supervisors and other relevant authorities to interact on issues related to AML/CFT policies. At the operational level, the technical committee of the Coordination council constituted under Art 10 of the same Presidential order that guides the NCC on the implementation of the policies. While there are various cooperation platforms/forums for policy makers and operations involving LEAs, supervisors and key competent authorities cooperate and coordinate at their respective forum. Criterion 2.4 – (Partly Met) - The National Coordination Council (NCC) and the National Technical Committee to Coordination Committee (NTCCC) are responsible for cooperation on proliferation financing matters at policy level. However, authorities that are directly related to PF are not constituted under the NCC or the NTCCC. Criterion 2.5 – (Partly met) - While Rwanda has mechanisms for cooperation and coordination on AML/CFT/CPF, including laws on Data privacy and protection. Rwanda has not provided evidence that such cooperation and coordination includes ensuring the compatibility of AML/CFT requirements with Data Protection and Privacy rules and other similar provisions (e.g., data security/localisation).

141 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Weighting and Conclusion Rwanda has designated the National Coordination Council (NCC) as an authority that is responsible for national AML/CFT policies and the National Technical Committee to the Coordination Council (NTCCC) to assist in the formulation of the policies and strategies. Rwanda has a national AML/CFT policy adopted in 2023 which was informed by the NRA of 2019. There various mechanisms exist to enable inter-agency cooperation at both policy and operational levels albeit with some gaps. However, not all authorities related to PF within Rwanda forms part of the NCC or the NTCCC which limits the coordination mechanisms related to PF. Rwanda does not have coordination and cooperation between competent authorities to ensure compatibility of the AML/CFT requirements with Data Protection and Privacy rules. Rwanda is rated Partially Compliant with Recommendation 2 Recommendation 3 - Money laundering offence In its 1st Round MER, Rwanda was rated largely compliant and partially compliant respectively with these requirements (formerly R. 1 and R.2). The main technical deficiencies were: lack of clarity as to whether prior conviction for the predicate offense is required to prove that property is the proceeds of crime, and authorities are of the view that it is a necessary requirement. The ML offense does not cover the concealment or disguise of the movement of property. Moreover, there was lack of effectiveness of the money laundering offense. Low level of clarity as to whether the intentional element of the offense can be inferred from objective factual circumstances, and authorities are of the view that it cannot and no sanctions and effective implementation of the money laundering offense. Criterion 3.1 – (Partly Met) - Rwanda has criminalized ML in line with the relevant provisions of the Vienna and Palermo Conventions under Article 2 (q) of the Law nº 028/2023 of 19/05/2023 on the prevention and punishment of money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. However, the Act does not fully cover the elements of concealing or disguising the illicit origin of the property or of helping any person who is involved in the commission of the predicate offence to evade the legal consequences of his or her action. Criterion 3.2 – (Met) – Rwanda adopts all-crimes approach for the purpose of predicate offence to ML pursuant to Article 2(i) of the Law nº 028/2023 of 19/05/2023 on the prevention and punishment of money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. A predicate offence is defined as “any offense generating illicit funds which can be laundered to become a money laundering offence.”. Criterion 3.3 – (N/A) – Rwanda applies all crimes approach for predicate offenses. Criterion 3.4 – (Met) – The offence of ML extends to any property in Rwanda, regardless of its value. Rwanda has defined predicate offence as any offense generating illicit funds which can be laundered to become a money laundering offence (Article 2 (i) of 2023 AML/CFT law). Moreover, proceeds of crime means funds or other assets derived from or obtained, directly or indirectly, through the commission of an offence including economic gains converted or

142 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 transformed in whole or in part, into other funds or other assets (Article 2 (n) of 2023 AML/CFT law). Criterion 3.5 – (Met)– In terms of Article 69 of the Law Nº 028/2023 of 19/05/2023 on prevention and punishment of money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction, it is not required that the suspect to be first convicted of a predicate offence when prosecuting the offence of money laundering. Criterion 3.6 – (Met) – Predicate offences for money laundering extend to conduct that occurred in another country, which constitutes an offence in that country, and which would have constituted a predicate offence in Rwanda, had it occurred in Rwanda. Art 54 as read with Article 2 (q) of Law No. o28/2023 provides for the offence of money laundering as including the commission of any of the acts listed in Art 2(q) either by a person who commits a predicate offence or by a third party in Rwanda or on the territory of another country Criterion 3.7 – (Met) – The ML offence applies to persons who commit the predicate offence, see Article 2(q) of 2023 AML/CFT evidencing the same. Criterion 3.8 – (Met) – Article 68 of Law No. o28/2023 provides for knowledge, intent and purpose required to prove offences of ML to be inferred form objective factual circumstances. Criterion 3.9 – (Met) – Pursuant to Article 54 (1) of Law No. 028/2023 AML/CFT law read together with Article 2(q) of the same Act, the offence of ML is punishable by a term of imprisonment for not less than 10 years but not more than 15 years together with a fine of 3 to 5 times the value of proceeds of crime laundered. Further, in terms of Article 66 of the 2023 AML/CFT Law the court shall confiscate tainted property or funds held by the criminal defendant or a third party. The sanctions therefore are adequately proportionate and dissuasive. Criterion 3.10 – (Met) – The provisions of Article 60 of Law No. 028/2023 AML/CFT law provides for criminal liability and sanctions in respect of legal persons without prejudice to the criminal liability of natural persons. The sanctions range from a fine of 10 to 20 times the value of proceeds of crime laundered or the value of the financing given. In addition to that, a legal person is also liable to one or more of the following penalties:(a) dissolution; (b) permanent closure of establishments in which incriminated acts have been committed or which have been used to commit such acts; (c) publication of the court decision in the newspaper or through any other means used by the media. The sanctions seem to be proportionate and dissuasive. Criterion 3.11 – (Met) - Rwandan law recognizes the concept of ancillary offences including participation in, association with or conspiracy, incitement, attempts, aiding and abetting, facilitating and counselling the commission applicable to the ML offences under Article 2 (q) (iv) of Law No. 028/2023. Weighting and Conclusion Rwanda’s ML regime is to a large extent compliant with the FATF Standards save for criteria 3.1 which is not fully within the domain of the Standards as the ML Act does not cover the elements of concealing or disguising the illicit origin of the property or of helping any person who is involved in the commission of the predicate offence to evade the legal consequences of his or her action. Rwanda is rated Largely Compliant with Recommendation 3.

143 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 4 - Confiscation and provisional measures In its 1st Round MER, Rwanda was rated largely compliant with these requirements. The main technical deficiencies were that the rights of bona fide third parties not ensured in the criminal process and a lack of effectiveness whereby no funds or assets have been confiscated in application of the AML/CFT Law and the PC; limited use of the provisional measures and powers to identify and trace the proceeds of crimes. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 4.1 – (Met) - Rwanda has measures, including legislative measures, that enable the confiscation of the following, whether held by criminal defendants or by third parties: Criterion 4.1(a) – (Met) - Article 66 (1) (a) of 2023 AML/CFT law provides for the confiscation of laundered property, post-conviction. Criterion 4.1(b) – (Met) - Article 66 (1) (b)&(c) of 2023 AML/CFT law, article 5 of the Law N° 42/2014 of 27/01/2015 and article 8 Law N° 42/2014 of 27/01/2015 provides for confiscation of proceeds of (including income or other benefits derived from such proceeds), or instrumentalities used or intended for use in, ML or predicate offences. Criterion 4.1(c) – (Met) - Article 66 (1) (d) of 2023 AML/CFT law, Article 5 of the Law N° 42/2014 of 27/01/2015 and Article 8 of Law N° 42/2014 of 27/01/2015 provides for confiscation of property that is the proceeds of, or used in, or intended to be used in the financing of terrorism, terrorist acts or terrorist organisations. Criterion 4.1(d) – (Met) - Article 66 (1) (e) of 2023 AML/CFT law, further read with Article 5 of the Law N° 42/2014 of 27/01/2015 and further read with Articles 8 of Law N° 42/2014 of 27/01/2015 provides for confiscation of property of corresponding value. Criterion 4.2 – (Mostly Met) Criterion 4.2(a) – (Met)- Article 4(3)(a) of 2023 AML/CFT law requires competent authorities in Rwanda to identify, trace and evaluate property that is subject to confiscation. Article 10 of the Law Nº12/2017 OF 07/04/2017 establishing the Rwanda Investigation Bureau and determining its mission, powers, organization, and functioning provides for all the powers of investigators, including power to order for information and take statements from any person suspected of having information that can help an investigation; to search a person, enter a building or premises linked to information with or without a warrant; search any person or property and to recover stolen objects and seize any properties that may be useful for conducting criminal investigations. Accordingly, Rwanda has legislative measures enabling competent authorities to trace, identify and evaluate property that is subject to confiscation. Criterion 4.2(b) – (Mostly Met) - Article 4(3)(a) of 2023 AML/CFT law as read with articles 6 and 14 of Law N° 42/2014 of 27/01/2015 governing recovery of offence-related assets together with article 57 of the Law Nº 027/2019 of 19/09/2019 Law relating to the criminal procedure, enables competent authorities in Rwanda to carry out provisional measures, such as freezing or seizing, to prevent any dealing, transfer or disposal of property subject to confiscation. Rwanda has not provided evidence that its provisional measures can be made ex-parte or without prior

144 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 notice or whether implementing such ex parte or without prior notice measures, is inconsistent with the fundamental principles of Rwandan law. Criterion 4.2(c) – (Met) - Article 4(3)(c) of 2023 AML/CFT law requires competent authorities to take steps that will prevent or avoid actions that prejudice the country’s ability to freeze or seize or recover property that is subject to confiscation. Criterion 4.2(d) – (Met) - Rwanda has measures, including legislative measures, that enable competent authorities to take any appropriate investigative measures. Refer to R31.1 for detailed analysis. Criterion 4.3 – (Met) - Article 66 of the 2023 AML/CFT law, amongst others, provides for the protection of the rights of bona fide third parties by excluding confiscation where the third party has established that he/she has acquired the property in good faith. Criterion 4.4 – (Met) - Article 15 of the Law N° 42/2014 of 27/01/2015 designates the National Public Prosecution Authority and Military Prosecution Department as the authorities responsible for the daily management of the seized and confiscated assets throughout the national territory. Articles 7, 8 & 9 of the Law N° 42/2014 of 27/01/2015, read together, also deals with the disposal of seized and confiscated assets. The NPPA also set up a Unit that is in charge of management of the seized assets and confiscated assets. The Ministerial Order Determining Modalities for the Administration of Confiscated Property describes the process of asset management and disposal: article 4 on transferring confiscated property to the Seized and Confiscated Property Unit; Article 5 on action that must be taken by the officer receiving confiscated property; Article 6 on where confiscated property must be stored; Article 7 on measures to take to preserve value of perishable or depreciating confiscated property; Article 10 on managing confiscated immovable property; and Article 11 on disposing through auction confiscated property. Weighting and Conclusion Rwanda has measures in place to identify, trace, evaluate, seize, freeze and confiscate the following, without prejudicing the rights of bona fide third parties: (a) property laundered, (b) proceeds from, or instrumentalities used in or intended for use in money laundering or predicate offences, (c) property that is the proceeds of, or used in, or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organisations, or (d) property of corresponding value. However, Rwanda has not submitted evidence that it has steps that will prevent or void actions that prejudice the country’s ability to freeze or seize or recover property that is subject to confiscation. Rwanda is rated Largely Compliant with Recommendation 4. Recommendation 5 - Terrorist financing offence In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly SR II). The main technical deficiency were that The provision and collection of funds to individual terrorists and to terrorist organizations are not criminalized; direct and indirect collection and provision of funds is not covered under the FT offense; funding of terrorist acts is limited to acts defined in the treaties to which Rwanda is party, and therefore not all financing of terrorist acts are covered in the FT offense; lack of clarity as to whether the intentional element of the

145 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 offense of FT can be inferred from objective factual circumstances and lack of effectiveness of the FT offense. Criterion 5.1 (Mostly Met) – Pursuant to Article 55 (1) of the Law Nº 028/2023 of the AML/CFT read together with Article 2(g) of the same Act, Rwanda criminalises TF based on Article 2(1)(a) of the Convention. It is an offence for any person who by any means wilfully commit any terrorist financing acts as defined under Article 2(g) of the AML/CFT Law and upon conviction such person is liable to imprisonment for a term of not less than 20 years but not more than 25years and a fine of 3 to 5 times the value of the financing given. Rwanda has ratified the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf; however, it has not domesticated the Protocol. Since Rwanda is a landlocked country, the Protocols would not have a significant impact in terms of materiality. Criterion 5.2 (Met) - Article 2(g)(i) and Art 55 of Law No. 028/2023 of the AML/CFT meets this criterion as it extends TF offences to any who by any means wilfully provides, collects or manages any funds or other assets whether from legitimate or illegitimate source, directly or indirectly, or attempts to do so, with the unlawful intention that they should be used or in the knowledge that they are to be used in whole or in part to carry out a terrorist act; or by an individual terrorist or by a terrorist organization. Criterion 5.2bis (Met) - The provision of Article 2(g) (ii) and Art 55 of Law No. 028/2023 of AML/CFT broadly consistent within the domain of the Convention and the text of this criterion as it criminalizes TF offence extends to any person who by any means wilfully offers advice, finances, teaching or training in order to acquire skills and knowledge knowing or having reasonable grounds to know that they may be used, or intended to be used for terrorism act and the financing of travelling of individuals who travel to States other than their States or their States of residence for the purpose of the perpetration, planning or preparation of, or participation in terrorist acts, or the providing or receiving of terrorist training. Criterion 5.3 (Met) - The provisions of Article 2 (g) (i) of the Law No.028/2023 of AML/CFT extend TF offences to any funds or other assets whether from a legitimate or illegitimate source. Criterion 5.4 (a) (Met) – The provision of Article 55 (4) of the Law No. 028/2023 of AML/CFT categorically states that TF offence is committed even if the funds were not actually used to commit or attempt a terrorist act.” Criterion 5.4 (b) (Met) - Under Rwandan Law No. 028/2023 of AML/CFT in terms of Article 55 (4) (b) TF offence is committed even if a terrorist act does not occur or is not attempted. Criterion 5.5 (Met) - Under Rwandan Law No. 028/2023 of AML/CFT in terms of Article 68, it is possible for the intent and knowledge required to prove TF offence to be inferred from objective factual circumstances.

146 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 5.6 (Met) - Rwanda applies proportionate and dissuasive criminal sanctions to natural persons who convicted of TF in terms of Article 55 (1) of the Law No.028/2023 of AML/CFT ranging between 20 and 25 years of imprisonment and a fine of 3 to 5 times the value of the financing given. Criterion 5.7 (Met) - In terms of Article 60 of the Law No.028/2023 of the AML/CFT, allows Rwanda to apply criminal liability and sanctions to legal persons convicted of TF to a fine of 10 to 20 times the value of the financing given. Further to that the Court may also order dissolution or permanent closure of the establishments and the publication of the court decision in the newspaper or through any other means used by the media. Hence, the sanctions are considered both dissuasive and proportionate. Criterion 5.8 (Partly Met) Criterion 5.8 (a)(Met) -Rwanda criminalises attempt to commit the TF offences in terms of Article 62 of the Law No.028/ 2023 of AML/CFT. Criterion 5.8(b) (Met) – Rwanda criminalises an accomplice in a TF offence in terms of Article 84 of the Act No.68/2018 on determining offences and penalties in general. Criterion 5.8(c) (Not Met) – The legal framework in Rwanda does not have an express provision that criminalises organising or directing others to commit a TF offence in line with this sub-criterion. The provision of Articles cited by the Authorities does not appear to have covered the elements of this sub-criterion. Criterion 5.8(d) (Not Met) – The legal framework in Rwanda does not have a clear provision that criminalises the contribution to the commission of one or more TF offences by a group of persons acting with a common purpose. The provisions of Articles 20, 21 and 84 cited by the Authorities do not appear to have fully covered this sub-criterion. Criterion 5.9 (Met) Article 2(i) 2023 AML/CFT Law makes TF a predicate offence to ML. The definition of predicate offences in terms of Article 2(i) clearly states that any offense generating illicit funds which can be laundered to become a money laundering offence. Criterion 5.10 (Met)- Pursuant to Article 55 (4) (c) of 2023 AML/CFT law allows the authorities to exercise jurisdiction over a TF offence regardless of whether the person alleged to have committed the offence(s) is in the same country or a different country from the one in which the terrorist(s)/terrorist organisation(s) is located or the terrorist act(s) occurred/will occur. Weighting and Conclusion Rwanda has largely addressed the criteria in this recommendation as it criminalized TF offence in line with the international standards. Although Rwanda has ratified the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf, it is still to domesticate the Protocol. However, the non-domestication does not have a significant impact in terms of materiality as Rwanda is a landlocked country. In addition, the

147 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 legal framework does not criminalize organising and directing others to commit a TF offence and the contribution to the commission of one or more TF offences by a group of persons acting with a common purpose. The deficiencies in Recommendation 5 are considered to be moderate based on the risk and context of Rwanda. Rwanda is rated Partially Compliant with Recommendation 5 Recommendation 6 - Targeted financial sanctions related to terrorism and terrorist financing In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly SR III). The main technical deficiency was that there were no measures to freeze without delay funds or other assets of terrorists, those who finance terrorism, and terrorist organizations in accordance with the UNSCRs relating to the prevention and suppression of the financing of terrorist acts. Moreover, there were no measures, including legislative ones, which would enable the competent authorities to seize and confiscate property that is the proceeds of, or used in, or intended or allocated for use, in the financing of terrorism, terrorist acts, or terrorist organizations. Identifying and designating Criterion 6.1(Partly Met) Criterion 6.1(a) (Met) - The National Counter Terrorism Committee is the competent authority with the mandate to propose person and entities to the relevant United Nations Sanctions Committee for the designation of a person (Article 40bis of Law No.46/2018 read together with article 4(4) of the Prime Minister’s Order No.018/03). Furthermore, the term person covers both legal and natural person (Article 1(16) of Law No.46/2018). Criterion 6.1(b) (Partly Met) – The Committee is responsible for identifying a person who meets the criteria to be designated on a United Nations Sanctions List. However, Rwanda does not have a mechanism for identifying targets for designation, based on the designation criteria set out in the relevant United Nations Security Council resolutions (UNSCRs). Criterion 6.1 (c) (Met) – Rwanda applies an evidentiary standard of proof of “reasonable grounds” when deciding whether or not to make a proposal for designation (Article 8 and 15(4) of the Prime Minister Order No 018/03 Of 26/08/2021). Furthermore, a proposal for designation is not conditional upon the existence of any criminal proceedings and operates without prior notice to the proposed person to be designated. Criterion 6.1 (d) (Met) - Article 15 Paragraph 15(1) of the Prime Minister Order No.018/03 of 26/08/2021 set out procedures and use standard forms as adopted by the relevant UN Sanctions Committees when making its designation proposals. Criterion 6.1 (e) (Mostly Met) – Article 15 para. 5 (2) (b) of the Prime Minister Order No 018/03 Of 26/08/2021 requires Rwanda when proposing a person for designation, must provide relevant information including a statement of case which contains details on the basis of the designation, including specific information supporting a determination that the person meets

148 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 the relevant designation criteria, the nature of the information, supporting information or documents that can be provided, and details of any connection between the proposed person and any currently designated person. However, the act does not specify whether their status as a designating state may be made known. Criterion 6.2 (a) (Met) – Article 4(4) of the Prime Minister Order No.018/03 of 26/08/2021 gives the National Counter Terrorism Committee responsibility for designating persons or entities that meet the specific criteria for designation set forth in UNSCR 1373. Moreover, Article 4(6) of the Prime Minister Order No.018/03 provides whether put forward on Rwanda’s own motion or after examining and giving effect to the request of another country. Criterion 6.2(b) (Partly Met) - The Committee has the legal power for the identification of a person who meets the criteria to be designated on a United Nations Sanctions List. Moreover, article 8 of the same order establish the designations criteria. However, Rwanda does not have mechanisms in place for identifying targets for designation pursuant to UNSCR 1373. Criterion 6.2(c) (Met) – Pursuant to Article 9 para 2 of the Prime Minister Order No.018/03, the Ministry in charge of foreign affairs upon receipt of a request for designation made by a foreign country should immediately submit the request to the National Counter-Terrorist Committee for analysis and decision based on reasonable grounds if such person meets the criteria for designation in UNSCR 1373. Criterion 6.2 (d) (Met) – Articles 8 and 15 of the Prime Minister Order No 018/03 Of 26/08/2021, allow Rwanda to apply an evidentiary standard of proof of “reasonable grounds” when deciding whether or not to make a designation. Furthermore, a proposal for designation is not conditional upon the existence of a criminal proceeding and operates without prior notice to the proposed person to be designated. Criterion 6.2 (e) (Not Met) - Rwanda has no clear provision on identifying information and specific information required to be considered for designation when requesting another country to do so. Criterion 6.3 (Met) Criterion 6.3(a) (Met) - The National Counter-Terrorism Committee has responsibility to identify a person that meets the listing criteria for designation on the United Nations Sanctions. Criterion 6.3(b) (Met) -The National Counter-Terrorism Committee under Article 8 paragraph 3 of the Prime Minister’s Order No.018/03 operates ex parte against a person or entity who has been identified and whose (proposal for) designation is being considered. Freezing Criterion 6.4 (Not Met) – Under Article 5 and 6 of Regulations N° 001/FIC/2021 of 26/08/2021, Rwanda has a regulation that provides a basis for implementation of TFS related to TF. However, the regulation does not describe the process from the time of the designation. The process in place explains that the Centre disseminates in a circular form or another form,

149 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 without delay, to the supervisory authority, the reporting persons and another relevant public or private institution, the domestic list of designated persons and the Security Council sanctions list received in accordance with the relevant laws. Moreover, the regulation does not require relevant public or private institution to implement the obligation without delay. The word without delay is define as immediately or not later than 24 hours. Criterion 6.5 (Partly Met) Criterion 6.5 (a) (Not Met) – Rwanda does not require all the natural and legal persons within the country to freeze, without delay and without prior notice, the funds or other assets of designated person and entities. Article 7 Para 1 of Regulation 001/Fic/2021, covers only reporting person. Criterion 6.5 (b) (i)(ii)(ii) (Partly Met) - Rwanda has no specific provision to freeze all funds or other assets that are owned or controlled by the designated person or entity in line with this criterion). (ii) Rwanda has provision under Article 7 paragraph 1 of the Regulation 001/FIC/2021 to freeze funds or other assets that are held directly or indirectly by the designated persons or entities but the same does not extend to funds or other assets that are wholly or jointly owned or controlled by designated persons or entities. (iii) Rwanda has no provision to freeze funds or other assets derived or generated from funds or other assets owned or controlled directly or indirectly by designated persons or entities. (iv) In accordance with Article 7 paragraph 1 of the Regulations No 001/FIC/2021, allow Rwanda to freeze funds or other assets of persons and entities acting on behalf of or at the direction of, designated persons or entities. Criterion 6.5 (c) (Met) – Pursuant to Articles 57 and 58 of 2023 AML/CFT law gives Rwanda to prohibit its nationals, or any persons and entities within its jurisdiction, from making any funds or other assets, economic resources, or financial or other related services, available, directly or indirectly, wholly or jointly, for the benefit of designated persons and entities; entities owned or controlled, directly or indirectly, by designated persons or entities; and persons and entities acting on behalf of, or at the direction of, designated persons or entities, unless licensed, authorized or otherwise notified in accordance with the relevant UNSCRs. Criterion 6.5(d) (Partly Met) - Article 5 of Regulation 001/fic/2021 provides the circulation, without delay, to supervisory Authority, the reporting persons and another relevant public or private institution of the domestic list of designated persons and the Security Council sanctions lists received in accordance with relevant laws. However, there is no mechanism in place to guide reporting persons on how to take action to freeze and report the same to the Centre. Criterion 6.5(e) (Partly Met) - Article 7 Paragraph 3 of the Regulations N° 001/Fic/2021 of 26/08/2021 provides for reporting person or another relevant institution to notify the Centre without delay any attempted dealing with funds or other assets which a seizure or freezing order has been issued. However, there is no mechanism in place to guide reporting persons on how to take action to freeze and report the same to the Centre. Criterion 6.5(f) (Partly Met) – Under Article 11 of the Regulations N° 001/Fic/2021 of 26/08/2021, Rwanda applies freezing of funds without prejudice to the rights of third parties acting in good faith. However, the protection of bona fide third party is limited to the freezing

150 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 obligation and there is no protection of the same party against other obligations under Recommendation 6. De-listing, unfreezing and providing access to frozen funds or other assets Criterion 6.6(Not Met) Criterion 6.6(a) (Not Met) – Rwanda has no publicly known procedures to submit for de￾listing requests to the relevant UN sanctions Committee in the case of persons and entities designated pursuant to the UN Sanctions Regime which do not, or no longer meet the designation criteria. Furthermore, article 17 of the Prime Minister’s Order No 018/03 of 26/08/2021, only explains the options available for designated person to start the process of de￾listing. Criterion 6.6(b) (Not Met) – Rwanda has a legal authority to provide for unfreezing and delisting under Article 5 of the Prime Minister’s Order). However, Rwanda lacks publicly known procedures to submit for de-listing requests. Criterion 6.6(c) (Not Met)- Pursuant to UNSCR 1373, Rwanda has no clear procedures to allow any court or other independent competent authority to review the designation decisions. Criterion 6.6(d) (Not Met) – Pursuant to UNSCR 1988, Rwanda has no clear procedures to facilitate a review by the 1988 Committee in accordance with any applicable guidelines or procedures adopted by the 1988 Committee, including those of the Focal Point mechanism established under UNSCR 1730. Criterion 6.6(e) (Not Met)– Rwanda has no clear procedures to inform the designated persons and entities about petitioning for de-listing to the Ombudsperson of the United Nations Office or Focal Point. Article 17 of the Prime Minister’s Order No.018/03 appears to provide a legal basis but does not clearly addressing the required procedures for the designated persons and entities when undertaking such petition. Criterion 6.6(f) (Not Met) –Rwanda has no clear procedures to unfreeze the funds and other assets of persons or entities with the same or similar names as designated persons or entities when there are false positives nor does have procedures in place for verifying such persons or entities involved are not designated persons or entities. Article 12 of Regulations N° 001/Fic/2021 Of 26/08/2021 provides no procedures to be followed when such incidences had occurred thereto. Criterion 6.6(g) (Not Met) – Rwanda has no mechanisms for communicating de-listing and unfreezing immediately to the financial sector and the DNFBPs. Furthermore, there is no guidance nor obligations to financial institutions and other persons or entities, including DNFBPs that may be holding targeted funds or other assets, to respect a de-listing or unfreezing action. However, Article 13 of the Prime Minister’s Order of 018/03 and Article 16 of Law No.001/FIC/2021 does not provide clear mechanisms nor guidance to the financial institutions and DNFBPs to take such action.

151 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 6.7 (Met) - Article 14 of the Regulations N° 001/Fic/2021 of 26/08/2021 which is relevant for both 1267(1999) and 1373 resolutions, provides for access to frozen funds in special circumstances such as where the property is necessary to cover the basic and necessary expenses or where the person or entity has applied and obtained authorization in accordance with the Regulations. Weighting and Conclusion Rwanda has met to some extent few of the criterion on recommendation 6. The National Counter Terrorism Committee is the competent authority with the mandate to propose person and entities to the relevant United Nations Sanctions Committee. Moreover, Rwanda provides for access to frozen funds in special circumstances such as where the property is necessary to cover the basic and necessary expenses or where the person or entity has applied and obtained authorization in accordance with the Regulations. Despite this progress, the legal framework is not comprehensive enough and mechanisms of freezing obligation does not cover all natural and legal person. Rwanda does not implement TFS related to PF without delay. The requirement of without delay starts from the time that FIC disseminate the list to competent authority and private sector. Moreover, FIC does not provide guidance to financial institutions and other persons or entities, on how to comply with the obligation. Rwanda is rated Partially Compliant with Recommendation 6. Recommendation 7 – Targeted financial sanctions related to proliferation This is a new Recommendation that was not assessed in Rwanda’s 1st Round MER. Criterion 7.1 (Not Met) - Under Article 5 and 6 of Regulations N° 001/FIC/2021 of 26/08/2021, Rwanda has a regulation that provides a basis for the implementation of TFS on PF. However, the regulation does not require the freezing obligation to be implemented from the time of dissemination by the UNSC. The without delay requirement is only implemented after the FIC disseminate the notification to reporting persons and another relevant public or private institution. The process in place explains that the Centre disseminates in a circular form or another form, without delay, to the supervisory authority, the reporting persons and another relevant public or private institution, the domestic list of designated persons and the Security Council sanctions list received in accordance with the relevant laws. The word without delay is define as immediately or not later than 24 hours. Criterion 7.2 (Partly Met) Criterion 7.2(a) (Not Met) – Rwanda does not require all the natural and legal persons within the country to freeze, without delay and without prior notice, the funds or other assets of designated persons and entities. Criterion 7.2(b) Partly Met) - (i) Rwanda has no specific provision to freeze all funds or other assets that are owned or controlled by the designated person or entity in line with this criterion. (ii) Rwanda has provision under Article 7 paragraph 1 of the Regulation 001/FIC/2021 to freeze funds or other assets that are held directly or indirectly by the designated persons or entities but the same does not extend to funds or other assets that are wholly or jointly owned or controlled by designated persons or entities. (iii) Rwanda has no provision to freeze funds or

152 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 other assets derived or generated from funds or other assets owned or controlled directly or indirectly by designated persons or entities. (iv) In accordance with Article 7 paragraph 1 of the Regulations No 001/FIC/2021, allow Rwanda to freeze funds or other assets of persons and entities acting on behalf of or at the direction of, designated persons or entities. Criterion 7.2(c)(Met) - Pursuant to Articles 8, 9 and 10 of the Regulation No.001/FIC/2021 gives Rwanda to prohibit its nationals, or any persons and entities within its jurisdiction, from making any funds or other assets, economic resources, or financial or other related services, available, directly or indirectly, wholly or jointly, for the benefit of designated persons and entities; entities owned or controlled, directly or indirectly, by designated persons or entities; and persons and entities acting on behalf of, or at the direction of, designated persons or entities, unless licensed, authorized or otherwise notified in accordance with the relevant UNSCRs. Criterion 7.2(d) (Partly Met) - Article 5 of Regulation 001/fic/2021 provides the circulation, without delay, to supervisory Authority, the reporting persons and another relevant public or private institution of the domestic list of designated persons and the Security Council sanctions lists received in accordance with relevant laws. The regulation provides no obligation to provide clear guidance to other persons or entities that may also be holding targeted funds or assets on their obligations to take action under the freezing mechanism. Criterion 7.2 (e) (Partly Met) - Article 7 Paragraph 3 of the Regulations N° 001/Fic/2021 of 26/08/2021 provides for reporting person or another relevant institution to notify the Centre without delay any attempted dealing with funds or other assets which a seizure or freezing order has been issued. However, there is no mechanism in place to guide the reporting persons on how to take action to freeze and report the same to the Centre. Criterion 7.2 (f) (Partly Met)- Under Article 11 of the No.001/FIC/2021 Rwanda has a legal framework for protecting the rights of third parties acting in good faith. However, the protection of bona fide third party is limited to the freezing obligation and there is no protection of the same party against other obligations under Recommendation 7. Criterion 7.3 (Met) - Rwanda has adopted measures for monitoring and ensuring compliance by reporting persons under Article 21 of the Act No.001/FIC/2021. Article 26 of the same Regulations provides for an administrative fine of not less than One Million Rwandan Francs (RWF 1,000,000) and not more than ten Million Rwandan Francs (RWF 10,000,000) against a reporting person for non-compliance. Criterion 7.4 (Partly Met) Criterion 7.4(a) (Not Met) - Rwanda has no publicly known procedures to submit for de-listing requests to the relevant UN sanctions Committee in the case of persons and entities designated pursuant to the UN Sanctions Regime which do not, or no longer meet the designation criteria nor does have mechanism in place to allow for the listed persons or entities to petition for the same. Criterion 7.4(b) (Not Met) – Rwanda has no publicly known procedures to unfreeze the funds or other persons or entities with the same or similar name as designated persons or entities, who

153 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 are inadvertently affected by a freezing mechanism upon verification that the person or entity involved is not a designated person or entity. Criterion 7.4 (c) (Met) –Rwanda has legal framework in terms of Article 14 of the Regulations 001/FIC/2021 to provide for access to the funds or other assets under freezing order to cater for basic necessary expenses upon request by a designated person to the Centre Criterion 7.4(d) (Not Met)- Rwanda has no mechanisms for communicating de-listing and unfreezing immediately to the financial sector and the DNFBPs. Furthermore, there is no guidance nor obligations to financial institutions and other persons or entities, including DNFBPs that may be holding targeted funds or other assets, to respect a de-listing or unfreezing action. Criterion 7.5 (Met) Criterion 7.5(a) (Met) – Rwanda has legal framework under Article 8 Para 2 of the Regulation No.001/FIC/2021 that do not prevent interests which may accrue or other earnings due on the accounts of a designated person or payments due under a contract or an agreement or obligations that arose prior to the date on which those accounts became subject to the prohibition, provided that such interests, earnings and payments continue to be subject to the prohibition. Criterion 7.5(b)(i)(ii)(iii) (Met)- Under Article 8 (1) (2) (3) and (4) of the Regulation No.001/FIC/2021 its prohibited to deal with any funds or assets belonging to the designated person, including funds or other assets wholly owned or controlled by him or her, funds or other assets jointly owned or directly or indirectly controlled by him or her, funds or other assets derived or generated from funds or other assets owned or controlled, directly or indirectly by him or her, and funds or other assets of a person acting on behalf of or at the direction of a designated person. Weighting and Conclusion Rwanda has met to some extent few of the criterion on recommendation 7. The National Counter Terrorism Committee is the competent authority with the mandate to propose person and entities to the relevant United Nations Sanctions Committee. However, the regulation does not require the freezing obligation to be implemented from the time of dissemination. The without delay requirement is only implemented after the FIC disseminate the notification to reporting persons and another relevant public or private institution. There are no publicly known procedures to submit for de-listing requests nor does have mechanism to allow for the listed persons or entities to petition for the same. It lacks publicly known procedures to unfreeze the funds or other assets with the same or similar name as designated persons or entities. Rwanda has no mechanisms for communicating de-listing and unfreezing immediately to the financial sector and the DNFBPs nor have guidance and obligations to financial institutions and other persons or entities, including DNFBPs that may be holding targeted funds or other assets, to respect a de-listing or unfreezing action. Rwanda is rated Partially Compliant with Recommendation 7. Recommendation 8 – Non-profit organisations

154 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly SR VIII). The main technical deficiencies were: no requirement for reporting entities conducting wire transfers both domestic and international of amounts equivalent to EUR/US$1000 or more to obtain and maintain full originator information; no requirement for ordering financial institutions to verify the identity of the originator in accordance with Recommendation 5; lack of clarity as to whether originator information should be included in domestic wire transfers; no requirement on intermediaries and beneficiary financial institutions in the payment chain to ensure that all originator information that accompanies a wire transfer is transmitted with the transfer. Criterion 8.1(Partly Met) Criterion 8.1 - (a) (Partly Met) - Rwanda had conducted a risk assessment of national, international nongovernmental, and faith-based organizations' operations in January 2022. The risk assessment focused on evaluating how NPOs are implementing AML/CFT/CPF measures, how often they are reporting SRTs, the sources of funds and donors of your organization (internal or external sources), bookkeeping records, and the use of bank accounts. However, the country has not yet addressed the requirement to identify which subset of organizations fall within the FATF definition of an NPO and identify the features and types of NPOs that, by virtue of their activities or characteristics, are likely to be at risk of TF abuse. Criterion 8.1 - (b) (Partly Met) - Article 44 (b) of 2023 AML/CFT law provides legal basis for the authority in charge of regulating, supervising, or monitoring non-profit organizations to identify the nature of threats posed by terrorist entities to non-profit organisations which are at risk as well as how terrorist actors abuse those non- profit organisations. However, Rwanda has not yet identified the nature of the threats posed by terrorist entities to the NPOs that are at risk, as well as how terrorist actors may abuse those NPOs. Criterion 8.1 - (c) (Partly Met) - Rwanda has mostly reviewed the adequacy of measures, including laws and regulations that relate to NPO sector. However, the revision was no based on the NPOs that are at risk, as well as how terrorist actors abuse those NPOs. Criterion 8.1 - (d)(Met) - Article 44 (d) of 2023 AML/CFT law provides legal basis for the authority in charge of regulating, supervising, or monitoring non-profit organizations to periodically reassess the sector by reviewing new information on the sector’s potential vulnerabilities to terrorist activities to ensure effective implementation of measures. Criterion 8.2 (Partly Met) Criterion 8.2(a) – (Partly Met) – Article 45 (a) of 2023 AML/CFT law stipulating that “in the context of countering terrorist financing, the authority in charge of regulating, supervising or monitoring non-profit organisations must have clear policies to promote accountability, integrity and public confidence in the administration and management of non-profit organisations. However, the authority had not provided any evidence on the policy implemented to promote accountability, integrity, and public confidence in the administration and management of the NPOs. Criterion 8.2(b) – (Met) - FIC and RGB undertook outreach and educational programmes to raise and deepen awareness among NPOs as well as the donor community about the potential

155 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 vulnerabilities of NPOs to terrorist financing abuse and terrorist financing risks, and the measures that NPOs can take to protect themselves against such abuse. Criterion 8.2(c) – (Not Met) –Article 45 (c) of 2023 AML/CFT law stipulating that in the context of countering terrorist financing, the authority in charge of regulating, supervising or monitoring non-profit organisations must assist non-profit organisations in developing and refining best practices to address terrorist financing risk and vulnerabilities to protect them from terrorist financing abuse. However, Rwanda has not worked with NPOs to develop and refine best practices to address terrorist financing risk and vulnerabilities and thus protect them from terrorist financing abuse. Criterion 8.2(d) – (Met) – Under article 45 (d) of 2023 AML/CFT, Rwanda requires the authority in charge of regulating, supervising or monitoring non-profit organisations to encourage NPOs to conduct transactions via regulated financial channels, wherever feasible, keeping in mind the varying capacities of financial sectors in different countries and in different areas of urgent charitable and humanitarian concerns.” Criterion 8.3 (Partly Met) - Article 46 (a) of 2023 AML/CFT law, requires the authority in charge of regulating, supervising or monitoring non-profit organisations must apply risk-based measures to non-profit organisations at risk of terrorist financing abuse. However, Rwanda has not taken steps to promote effective supervision or monitoring such that they are able to demonstrate that risk-based measures apply to NPOs at risk of terrorist financing abuse. Criterion 8.4(Partly Met) Criterion 8.4 (a) – (Partly Met) –The authority in charge of regulating, supervising or monitoring non-profit organisations is required to monitor the compliance of non-profit organisations with the requirements of this Law and regulations of the competent authority (Article 46 (b) of 2023 AML/CFT). However, Rwanda has not started monitoring the compliance of NPOs with the requirements of Recommendation 8, including the risk-based measures being applied to them under criterion 8.3. Criterion 8.4 (b) – (Not Met) –Rwanda has not applied any effective dissuasive or proportionate sanctions for violations by NPOs and or persons acting on their behalf of those NPOs. Criterion 8.5 (Partly Met) Criterion 8.5 (a) – (Partly Met) – Under article 47 (1) of 2023 AML/CFT, the authority in charge of regulating, supervising or monitoring non-profit organisations is required to establish cooperation mechanisms among authorities in the context of information sharing. However, there is no indication of how the relevant authorities cooperate, coordinate or share information on NPOs, although the NIS provide a vetting Service for new applicants. Criterion 8.5 (b) – (Not Met) – There has not been specific examination of NPOs suspected of either being exploited or actively supporting terrorist activity or terrorist organisation as a subset of NPOs posing such risks have not been identified. Any suspicions on NPOs are pursued as criminal matters and investigated by the RIB. Criterion 8.5 (c) – (Partly Met) - Generally, competent authorities have access to information in Rwanda. The RIB has access to information as indicated under c31.1. It is, however, not clear whether this access extends to information on the administration and management of

156 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 particular NPOs (including financial and programmatic information) may be obtained during the course of an investigation. Criterion 8.5 (d) – (Not Met) - Rwanda has not demonstrated that it has established appropriate mechanisms to ensure that, when there is suspicion or reasonable grounds to suspect a particular NPO, that information is promptly shared with competent authorities, in order to take preventive or investigative action. Criterion 8.6 (Not Met) - Rwanda has not yet identified point of contact nor are their procedures in place to respond to international requests for information on NPOs suspected of FT or involvement in other forms of terrorist support. Weighting and Conclusion Rwanda had conducted a sectoral risk assessment on national, nongovernmental, and faith￾based organizations in January 2022. The risk assessment focused on evaluating how NPOs are implementing AML/CFT/CPF measures, and how often they are reporting SRTs. Despite the progress made, Rwanda has not yet addressed the requirement to identify which subset of organizations fall within the FATF definition of an NPO and identify the features and types of NPOs that, by virtue of their activities or characteristics, are likely to be at risk of TF abuse. Rwanda has not taken steps to promote effective supervision or monitoring such that they are able to demonstrate that risk-based measures apply to NPOs at risk of terrorist financing abuse. Rwanda has not applied any effective dissuasive or proportionate sanctions for violations by NPOs and or persons acting on their behalf of those NPOs. Rwanda has not demonstrated that it has established appropriate mechanisms to ensure that, when there is suspicion or reasonable grounds to suspect a particular NPO, that information is promptly shared with competent authorities, in order to take preventive or investigative action. Rwanda has not yet identified point of contact nor are their procedures in place to respond to international requests for information on NPOs suspected of FT or involvement in other forms of terrorist support. Rwanda is rated Non-Compliant with Recommendation 8. Recommendation 9 – Financial institution secrecy laws In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R.4). The main technical deficiencies were scope limitation as insurance companies and intermediaries were not subject to the AML/CFT Law. Further, the mechanisms for exchanging and sharing information among competent authorities in place at the time were not addressing AML/CFT matters. In addition, a recommendation was issued to the country to ensure that reporting entities are allowed to share information as required under R.7, R.9, or SR.VII (now R13,16 or 17). Criterion 9.1 – (Met) Article 9 (1) of 2023 AML/CFT law requires reporting persons without consideration of an obligation of professional secrecy or restrictions on divulging information imposed by a law or under contractual agreement to share information with competent authorities, other reporting persons, another member of the group where this is required. In addition, Article 9 (2) of 2023 AML/CFT law provides that the information referred in (1) includes for compliance with a requirement under the AML/CFT Law or any other law for ML/TF/PF for enabling a supervisory authority or other competent authority to carry out its functions; for preventing and detecting an offence; and for discharging an international

157 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 obligation to which Rwanda is subject. Furthermore, Article 9 (2) of 2023 AML/CFT law provides that a reporting person, a member of the board of directors, senior manager or other employee of a reporting person are not liable for a breach of a secrecy or confidentiality provisions in any law or contract where they are fulfilling an obligation under AML/CFT law. Weighting and Conclusion Implementation of AML/CFT measures are not inhibited by any laws in Rwanda. There is a legal basis for access to information from FIs to competent authorities, sharing of information between FIs and between competent authorities. Rwanda is rated Compliant with Recommendation 9. Recommendation 10 – Customer due diligence In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R.5). The main technical deficiencies were: Scope limitation as insurance companies and intermediaries were not subject to the AML/CFT Law; Banks were not prohibited from keeping anonymous accounts or accounts in fictitious names; no requirement to undertake CDD measures when carrying out occasional transactions that are wire transfers in the circumstances covered by the Interpretative Note to SR.VII (now R16); no requirement to undertake CDD measures when there is suspicion of terrorist financing; no mechanisms in place for verifying the power to bind the legal person or arrangement: no requirement to identify the customer and verify the customer’s identity using reliable, independent source documents, data, or information; no requirement to identify the beneficial owner in line with the standard; no requirement to understand the control structure of the customer and identify those natural persons who ultimately own or control the customer, including those with a controlling interest and those who comprise the mind and management of the company; no requirement to undertake ongoing due diligence on the business relationship; no requirement to ensure that documents, data, or information collected under the CDD process is kept up to date, particularly for higher risk categories of customers or business relationships. no obligation to establish the purpose and intended nature of the business relationship; no requirement to undertake enhanced CDD for high-risk customers, business relationships, or transactions; no requirement to reject opening an account/commencing a business relationship/performing the transaction when unable to comply with the CDD measures and to consider making an STR; no requirement to terminate the business relationship and consider filing an STR in the event that the financial institution can no longer be satisfied that it knows the genuine identity of the customer for whom it has already opened an account; no requirement to apply CDD measures to existing customers that predate the AML/CFT Law on the basis of materiality and risk and to conduct due diligence on such existing accounts at appropriate times; and no requirement to perform CDD measures on existing customers who hold anonymous accounts or accounts in fictitious names.

158 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 10.1 – (Met) Article 10 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 prohibits reporting persons from keeping an anonymous account or an account in fictitious name. Criterion 10.2 (a) – (Met) Article 10 (1) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to undertake customer due diligence when establishing business relations. Criterion 10.2(b) – (Met) Article 11 (1) (d) (i) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 obliges reporting person to undertake customer due diligence when a customer is neither an account holder nor in an established business relationship with the reporting person but wishes to carry out a transaction in an amount equal to or above the threshold set by the Centre, whether conducted as a single transaction or several transactions that appear to be linked. Article 13 (a) of N° 002/FIC/2023 of 26/06/2023 relating to Anti Money Laundering, Combating the Terrorist Financing and Financing of Proliferation of Weapons of Mass Destruction provides for the threshold RFW10,000 ,000 (USD 7,936) on the same. Criterion 10.2(c) – (Met) Article 11 (1) (d) (ii) of the AML/CFT Law No. 028/2023 of 19/05/2023 requires reporting persons to undertake customer due diligence when a customer is neither an account holder nor in an established business relationship with the reporting person but wishes to carry out a domestic or cross border wire transfer in the amount equal to or above the threshold set by the Centre. Article 13 (b) of N° 002/FIC/2023 of 26/06/2023 Relating to Anti Money Laundering, Combating the Terrorist Financing and Financing of Proliferation of Weapons of Mass Destruction provides for the threshold of RFW10,000 ,000 (USD 7,936) on the same. Criterion 10.2(d)– (Met) Article 11 (1) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides requirements for a reporting person to undertake customer due diligence when there is a suspicion of money laundering, terrorist financing or financing of proliferation of weapons of mass destruction, regardless of any exemptions or thresholds provided by relevant laws. Criterion 10.2(e) – (Met) Article 11 (1) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to undertake customer due diligence when the reporting person has doubts about the veracity or adequacy of previously obtained customer identification data. Criterion 10.3 – (Met) Article 12 (1) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to identify a customer, whether permanent or occasional, whether a person or legal arrangement and verify that customer’s identity using reliable, independent source documents, data, or information. Criterion 10.4 – (Met) Article 12 (1) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that a reporting person must verify that a person purporting to act on behalf of the customer is so authorised, and identify and verify the identity of that person. Criterion 10.5– (Partly Met) Article 12 (1) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to identify the beneficial owner and take reasonable measures to verify his or her identity, using the relevant information or data

159 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 obtained from a reliable source. However, the article does not extend to requiring reporting person to be satisfied that it knows who the beneficial owner is. Criterion 10.6– (Met) Article 12 (1) (d) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to understand and, as appropriate, obtain information on the purpose and intended nature of the business relationship. Criterion 10.7 (a)– (Met) Article 12 (1) (e) (i) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that a reporting person must conduct ongoing due diligence on the business relationship, including to scrutinise transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the reporting person’s knowledge of the customer, business and risk profile of the customer, including where necessary, the source of funds. Criterion 10.7 (b)– (Met) Article 12 (1) (e) (ii) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 obliges a reporting person to conduct ongoing due diligence on the business relationship, including to ensure that documents, data or information collected under the customer due diligence process is kept up to date and relevant by undertaking reviews of existing records, particularly for higher risk categories of customers. Criterion 10.8– (Met) Article 13 (1) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting persons to, for a customer that is a legal person or legal arrangement, understand the nature of the customer’s business and its ownership and control structure.” Criterion 10.9(a)– (Met) Article 13 (1) (b) (i) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting persons to, for a customer that is a legal person or legal arrangement, identify the customer and verify its identity through the following information name, legal form and proof of existence.”. Criterion 10.9(b) – (Partly Met) Article 13 (1) (b) (ii) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 obliges reporting persons to, for a customer that is a legal person or legal arrangement, identify the customer and verify its identity through the following information the supervisory authority of a legal person or arrangement, as well as the names of persons holding senior management positions therein. However, the requirements do not extend to information on the powers that regulate and bind the legal person or arrangement. Criterion 10.9(c) – (Met) Article 13 (1) (b) (iii) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 stating requires reporting persons to “for a customer that is a legal person or legal arrangement, identify the customer and verify its identity through the following information, the address of the registered office and, if different, a principal place of business. Criterion 10.10(a) – (Met) Article 13 (1) (c) (i) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to “for a customer that is a legal person or legal arrangement, identify and take reasonable measures to verify the identity of beneficial owners through the following information the identity of the natural persons, if any, who ultimately has a controlling ownership interest in a legal person. Criterion 10.10(b) – (Partly Met) To the extent that there is doubt under (i) of the subparagraph or where no natural person exerts control through ownership interests Article 13 (1) (c) (ii) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023, the said law requires a reporting

160 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 person to, verify by other means, the identity of the natural person, if any, exercising control of the legal person or arrangement. However, the criterion requires the identification and identification of the natural person(s) (if any) exercising control of the legal person or arrangement through other means. Criterion 10.10(c)– (Not Met) Article 13 (1) (c) (iii) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires that where no natural person is identified under 13 (1) (c) (i) or 13 (1) (c) (ii) of 2023 AML/CFT law, identification and verification of the beneficial owner is done through the relevant natural person who holds the position of senior managing official and not the natural person holding the position of senior managing official Criterion 10.11 (a)– (Partly Met) Article 13 (2) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person to, for a customer that is a legal arrangement, identify and take reasonable measures to verify the identity of the beneficial owner through the following information for trusts, the identity of the settlor, the trustee, the protector if any, the beneficiaries or class of beneficiaries, and any other natural person exercising ultimate effective control over the trust. However, the requirements do not extend to those exercising effective control through a chain of control/ownership. Criterion 10.11(b)– (Met) article 13 (2) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 obliges reporting persons to, for a customer that is a legal arrangement, identify and take reasonable measures to verify the identity of the beneficial owner through the following information for other types of legal arrangements, the identity of persons in equivalent or similar positions referred to in article 13 (2) (a) of 2023 AML/CFT law. Criterion 10.12 (a) – (Met) Article 14 (1) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires in addition to the CDD measures required for the customer and the beneficial owner a reporting person providing long-term insurance policies which includes life insurance and other investment related insurance policies is required to conduct the following measures on the beneficiary, as soon as the beneficiary is identified by obtaining the name of the person. Criterion 10.12 (b) –(Met) Article 14 (1) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires in addition to CDD measures required for the customer and the beneficial owner a reporting person providing long-term insurance policies which includes life insurance and other investment related insurance policies when entering into a business relationship is required to conduct the following measures on the beneficiary that is designated by characteristics or by class or by other means through obtaining sufficient information concerning the beneficiary to satisfy the FI that it will be able to determine and verify the identity of the beneficiary at the time of the pay-out of the policy proceeds. Criterion 10.12 (c) (Met)– Article 14 (1) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires in addition to CDD measures required for the customer and the beneficial owner for both of the cases in subparagraphs (a) and (b) a reporting person providing long-term insurance policies including life insurance and other investment related insurance policies is required to verify the identity of the beneficiary at the time of the pay-out of the policy proceeds. Criterion 10.13– (Partly Met) article 14 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person providing long-term insurance policies

161 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 including life insurance and other investment related insurance policies to include the beneficiary of such insurance policies as a relevant risk factor in determining whether enhanced customer due diligence measures are applicable. However, the requirement does not require a financial institution to determines that where a beneficiary who is a legal person or a legal arrangement presents a higher risk, it should be required to take enhanced measures which should include reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of payout. Criterion 10.14(a) – (Met) Article 15 (1) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires that a reporting person to verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers or complete verification after the establishment of the business relationship, provided that this occurs as soon as reasonably practicable. Criterion 10.14(b) – (Met) Article 15 (1) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a14 reporting person verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers or complete verification after the establishment of the business relationship, provided that this is essential not to interrupt the normal conduct of business.” Criterion 10.14(c) – (Partly Met) Article 15 (1) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires that the reporting person must verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers or complete verification after the establishment of the business relationship, provided that the money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction risks are effectively managed. However, the requirement is optional under the AML/CFT law. Criterion 10.15– (Met) Article 15 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires the reporting person to adopt risk management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification. Criterion 10.16– (Met) Article 16 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person to apply customer due diligence to existing customers on the basis of materiality and risk, and to conduct due diligence on existing relationships at appropriate times, taking into account whether and when customer due diligence measures have previously been undertaken and the adequacy of data obtained. Criterion 10.17– (Met) Article 17 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person to perform enhanced due diligence measures if higher risks are identified. Criterion 10.18– (Met) Article 17 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person to perform simplified due diligence measures if lower risks have been identified. Further, Article 8(b) of the AML/CFT law requires reporting institutions to undertake risk assessment by identifying, assessing and understanding their money laundering, terrorist financing and proliferation of weapons of mass destruction risks related to customers, countries or geographic areas and products, services, transactions and delivery channels. In

162 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 addition, Article 7(2) of the FIC Regulations 002/FIC/2023 of 26/06/2023 obliges a reporting person not to apply simplified customer due diligence measures whenever there is a suspicion of money laundering, terrorist financing or financing of proliferation of weapons of mass destruction. Criterion 10.19––(Met) Article 18 (a-e) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that where a reporting person is unable to comply with customer due diligence measures, he or she should not to open the account, not to commence business relations, not to perform the transaction or to terminate the business relationship and to consider making a suspicious transaction report in relation to the customer where necessary and to consider making a suspicious transaction report in relation to the customer where necessary. Criterion 10.20––(Met) Article 19 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that a reporting person, where they suspect money laundering, terrorist financing or financing of proliferation of weapons of mass destruction, and reasonably believes that performing the customer due diligence process may tip-off the customer, it is permitted not to perform the customer due diligence process, and file a suspicious transaction report to the FIC. Weighting and Conclusion Rwanda has amended law no law no 028/2023 of 19/05/2023 on prevention and punishment of money laundering, financing of terrorism and financing of proliferation of weapons of mass destruction incorporating insurance and intermediaries (financial institutions) as reporting persons. The country has also made notable progress in implementing CDD requirements as spelt out by R.10. The key deficiencies relate to lack of requirements to identify and verify the relevant natural person who holds the position of senior managing official in case where no beneficial owner is identified, inadequate requirements on legal persons or arrangements as they do not extend to information on the powers that regulate and bind the legal person or arrangement and no requirements for the identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means. Rwanda is rated Largely Compliant with Recommendation 10. Recommendation 11 – Record-keeping In its 1st Round MER, Rwanda was rated partially compliant with these requirements (formerly R.10). The main technical deficiencies were; Scope limitation as insurance companies and intermediaries were not subject to the AML/CFT Law; no requirement to maintain accounts files and limitation/restriction of competent authorities’ access on a timely basis to customer and transaction. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 11.1 – (Met) article 20 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to maintain all necessary records on transactions, both domestic and international, for at least ten years following completion of the transaction. Criterion 11.2– (Mostly Met) Although, Article 20 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to maintain all necessary records on transactions, both domestic and international, for at least ten years following completion of the

163 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 transaction; the provision does not provide for the keeping of records following termination of the business relationship. Among others, the records include records obtained through customer due diligence measures, account files, business correspondence and results of an analysis undertaken. Criterion 11.3– (Met) Article 20 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires transaction records to be sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity. Criterion 11.4– (Met) Article 20 (3) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to ensure that customer due diligence information and transaction records are available swiftly to competent authorities upon appropriate request.” Weighting and Conclusion Rwanda has amended law no 028/2023 of 19/05/2023 on prevention and punishment of money laundering, financing of terrorism and financing of proliferation of weapons of mass destruction incorporating insurance and intermediaries (financial institutions) as reporting persons. Rwanda’s legal provisions also cover most of the elements as provided for under R11. The only shortfall relates to the period for maintenance of the records not taking into account the termination of the business relationship. Rwanda is rated Largely Compliant with Recommendation 11 Recommendation 12 – Politically exposed persons In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R.6). The main technical deficiencies were scope limitation as Insurance companies and intermediaries were not subject to the AML/CFT Law, no requirement to put in place appropriate risk management systems to determine whether a potential customer, a customer, or the beneficial owner is a PEP; no requirement to obtain senior management approval to continue the business relationship when the customer or the beneficial owner is subsequently found to be or subsequently becomes a PEP; no requirement to take reasonable measures to establish the source of wealth and source of funds for the beneficial owners identified as PEPs; no requirement to conduct enhanced monitoring on the relationship with PEPs. Criterion 12.1(a) – (Met) Article 2 (w) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for the definition of a PEP which covers foreign PEPs. Moreover, article 21 (1) of the AML/CFT Act 2023 requires reporting persons to have appropriate risk management systems to determine whether a customer or the beneficial owner is a politically exposed person. Criterion 12.1(b) – (Partly Met) Article 21 (2) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person, in case of business relationship with a foreign politically exposed person, to obtain approval from a manager designated by a reporting person before establishing or continuing a business relationship with such customer or beneficial owner. However, the approval of such relationships is not required to be undertaken by senior management as required under the criterion.

164 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 12.1 (c) – (Partly Met) Article 21 (2) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person to, in case of business relationship with a foreign politically exposed person, to take reasonable measures to identify the source of funds and other assets, however, this is not extended to the establishing the source of wealth. However, Criterion 12.1 (d)– (Met) Article 21 (2) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting person, in case of business relationship with a foreign politically exposed person, to conduct enhanced ongoing monitoring of the business relationship. Criterion 12.2 (a) – (Met) Article 21 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Act 2023 requires a reporting person to put in place the risk management systems to determine whether a customer or the beneficial owner is a domestically exposed person which includes an individual who hold prominent function within an international organisation. Where the customer is a foreign politically exposed person, Art 21(2) of the same Act requires reporting persons in addition to the CDD measures provided at Art 17 of the AML/CFT Act 2023. Criterion 12.2 (b) – (Met) Article 21 (3) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting persons in case when there is higher risk business relationship with such a person to apply, Article. 21 (2) (a-c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 which requires reporting person to adopt the measures in Criterion 12.1 (b) to (d). Criterion 12.3 – (Partly Met) The definition of Politically exposed person in article 2 (w) of the AML/CFT Law includes family members and close associates of PEPs. Moreover, the shortcomings identified under criterion 12.1 (b) & (c) will impact on the implementation of this criterion Criterion 12.4 – (Met) Article 21 (4) (a)&(b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a long-term insurer, which include life insurance, to take reasonable measures to determine, prior to the pay-out of the policy proceeds, whether the beneficiary of a long-term insurance or other investment-related insurance policy or the beneficial owner of the beneficiary of such a policy is a politically exposed person and, in case of a higher risk, the reporting person to inform senior management before the pay-out of the policy proceeds and conduct enhanced scrutiny on the whole business relationship with the policyholder and file a report to the FIC. Weighting and Conclusion The legal framework in Rwanda has to some extent incorporated requirements relating to PEPs. However, the approval of a business relationship with a PEP including family members and close associates is only required at manager level and not senior management as required under the Recommendation. Further, the requirement for source of funds and other assets do not extend to sources of wealth. Rwanda is Partially Compliant with Recommendation 12

165 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 13 – Correspondent banking In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R.7). The main technical deficiency was that there were no measures in relation to cross-border correspondent banking or other similar relationships. Criterion 13.1 (a)– (Met) Article 22 (1) (b)&(c)&(d) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires financial institutions to, in relation to cross-border correspondent banking and other similar relationships, gather sufficient information on the respondent institution to understand the nature of its business; determine from publicly available information, the reputation of the institution and the quality of supervision; determine whether it has been subject to money laundering, terrorist financing or financing of proliferation of weapons of mass destruction investigation or regulatory action. Criterion 13.1(b)– (Met) Article 22 (1) (e) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires financial institutions, in relation to cross-border correspondent banking and other similar relationships, to assess the anti-money laundering, countering terrorist financing or the financing of proliferation of weapons of mass destruction controls of the respondent institution. Criterion 13.1(c)– (Met) Article 22 (1) (f) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires financial institution, in relation to cross-border correspondent banking and other similar relationships, to obtain approval from senior management before establishing new correspondent banking relationships. Criterion 13.1 (d)– (Partly Met) Article 22 (1) (g) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires financial institution, in relation to cross-border correspondent banking and other similar relationships, to understand the anti-money laundering, countering terrorist financing or the financing of proliferation of weapons of mass destruction responsibilities of respondent institution. However, the criterion requires understanding of AML/CFT responsibilities of both respondent and correspondent institution. Criterion 13.2 (a)– (Met) Article 22 (2) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires financial institutions “in relation to a payable-through account, to ensure that the respondent institution has conducted customer due diligence on its customers that have direct access to the account of the correspondent bank. Criterion 13.2 (b)– (Met) Article 22 (2) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires financial institution, in relation to a payable-through account, to ensure that the respondent institution is able to provide relevant customer due diligence information upon request to the correspondent bank. Criterion 13.3 – (Met) Article 22 (3) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 prohibits a financial institution from entering into, or continuing, correspondent banking relationships with shell banks, and must satisfy itself that respondent financial institution does not permit its accounts to be used by shell banks.”

166 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Weighting and Conclusion Rwanda’s legal framework has provided for requirements for almost all criterions as required under Recommendation 13. However, there are no requirements for financial institutions to understand the anti-money laundering, countering terrorist financing or the financing of proliferation of weapons of mass destruction responsibilities of each institution. Rwanda is rated Largely Compliant with Recommendation 13 Recommendation 14 – Money or value transfer services In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly SR.VI). The main technical deficiencies were: no list of agents maintained by the MVT service operator or provided to the authorities; no sanctions available for failure to comply with AML/CFT requirements and Informal money/value transfer system operating in Rwanda without effective monitoring. Criterion 14.1 – (Met) Article 23 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person that provides money or value transfer services or his or her agent to be registered or licensed in accordance with relevant laws. Criterion 14.2 – (Partly Met) Art 3 of the Regulation Nº05/2018 of 27/03/2018 Governing Payment Services Providers prohibits any person from providing a payment system business without prior authorisation by the BNR. Art 42 of Regulation Nº05/2018 of 27/03/2018 Governing Payment Services Providers BNR provides for sanctions under the penal code but are mostly general offences. BNR has conducted awareness campaigns to the general public informing of the risks associated with unlicensed MVTS providers. This led to information from various sources to trigger investigations by the BNR only which is ongoing. Criterion 14.3 – (Met) Article 7 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 has incorporated MVTs as reporting persons hence the sector is subject to monitoring in line with the AML/CFT Law. Criterion 14.4 – (Met) Article 23 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person that provides money or value transfer services or his or her agent to be registered or licensed in accordance with relevant laws. Criterion 14.5 – (Partly Met) There is no legal requirement for MVTS providers to include agents in their AML/CFT programs and to monitor compliance with these programs. Articles 24, 25 & 26 of the regulation n° 2310/2018 - 00021[614] of 27/12/2018 of the National Bank of Rwanda governing agents provide for responsibilities of agents and institutions including the need for institutions to provide AML/CFT training to agents, agents to report suspicious transactions to the institutions. While there is no direct provision requiring MVTS providers to include agents in their AML/CFT programs, The elements captured above are considered part of AML/CFT programs. However, there is no provision for the institutions to monitor agents for compliance with these programmes. Weighting and Conclusion Rwanda legal framework only provides for general sanctions for unlicensed MVTS providers although there are some investigations by BNR. Moreover, there is no provision for MVTS

167 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 providers to include agents in their AML/CFT programs and to monitor the agents for compliance with these programmes. Rwanda rated Partially Compliant with Recommendation 14 Recommendation 15 – New technologies In its 1st Round, Rwanda was rated non-compliant with these requirements (formerly R.8). The main technical deficiencies were: Scope limitation as insurance companies and intermediaries were not subject to the AML/CFT Law; there was also no requirement on reporting entities to do the following: Have policies in place or take such measures as may be needed to prevent the misuse of technological developments in money laundering or terrorist financing schemes; Have policies and procedures in place to address any specific risks associated with non-face-to￾face business relationships or transactions. Other gaps were in relation to implementation measures which are not considered under the 2013 methodology. The new R.15 focuses on assessing risks related to the use of new technologies, in general, and imposes a comprehensive set of requirements in relation to virtual asset service providers (VASPs). Criterion 15.1 – (Partly Met) Article 24(1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to identify and assess the money laundering, terrorist financing or financing of proliferation of weapons of mass destruction risks that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new technologies for both new and pre-existing products. However, country and the FIs (with the exception of commercial banks) have not demonstrated that they identify and assess the ML/TF risks associated with the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products. Criterion 15.2 (a)– (Met) Article 24(2) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to undertake risk assessments prior to the launch or use of such products, practices and technologies. Criterion 15.2(b) – (Met) Article 24(2) (b) of AML/CFT law requires a reporting person to take appropriate measures to manage and mitigate the risks. Criterion 15.3 (a-c)– (Not Met) Rwanda has not conducted a money laundering and terrorist financing risk assessment of virtual asset activities and the activities or operations of VASPs. Criterion 15.4-15.10 – (Not Met) Rwanda does not have legal framework that set out the regulation and AML/CFT supervision of Vas and VASPs. Criterion 15.11 – (Not Met) There is no provision that requires competent authorities including supervisors to provide international cooperation in relation to money laundering, predicate offences, and terrorist financing relating to virtual assets and for supervisors to exchange information related to VASPs with their foreign counterparts. Weighting and Conclusion Rwanda has amended law no 028/2023 of 19/05/2023 on prevention and punishment of money laundering, financing of terrorism and financing of proliferation of weapons of mass

168 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 destruction incorporating insurance and intermediaries (financial institutions) as reporting persons. Rwanda has provided for requirements for reporting persons to identify and assess the money laundering, financing of terrorism and financing of proliferation of weapons of mass destruction risks that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products. However, the country and the FIs (with the exception of commercial banks) have not demonstrated that they identify and assess the ML/TF risks associated with the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products. Rwanda does not have a legal and institutional framework relating to VAs and VASPs and the country has not identified and assessed the ML/TF risks associated with VAs and VASPs. Rwanda is rated Partially Compliant with Recommendation 15 Recommendation 16 – Wire transfers In its first Round MER, Rwanda was rated non-compliant with these requirements (formerly SR.VII). The main technical deficiencies were; no requirement for reporting entities conducting wire transfers both domestic and international of amounts equivalent to EUR/USD1000 or more to obtain and maintain full originator information; no requirement for ordering financial institutions to verify the identity of the originator in accordance with Recommendation 5 (now R. 16); Lack of clarity as to whether originator information should be included in domestic wire transfers; no requirement on intermediaries and beneficiary financial institutions in the payment chain to ensure that all originator information that accompanies a wire transfer is transmitted with the transfer; no requirement on beneficiary financial institution to adopt effective risk￾based procedures for identifying and handling wire transfers that are not accompanied by complete originator information and to consider the lack of complete originator information a factor in assessing whether they are required to be reported to the FIU and consider restricting or terminating its business relationship with financial institutions that fail to meet SR.VII; no supervisory framework to ensure compliance with the wire transfer requirements after the granting of the necessary license; no sanctioning regime for failure to comply with wire transfer requirements. Criterion 16.1(a)(i-iii) – (Met) Article 25 of the AML/CFT Law 0028/2023 and article 18 of the FIC regulations 002/FIC/2023 of 26/06/2023 provide that domestic or cross border wire transfers equals to or above RWF1,000,000 or its equivalent in another currency fulfil the originator information requirements under the criterion. It requires accurate originator information on the name of the originator, the originator account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction; and the originator’s address, or national identity number, or customer identification number, or date and place of birth. Criterion 16.1(b)(i-ii)– (Met) The beneficiary information requirements under the criterion are provided for under Article 18 of the FIC regulations 002/FIC/2023. The requirement is applicable to cross – border wire transfers equal to or above RWF1,000,000 or its equivalent in another currency. The required beneficiary information must include the name of the beneficiary, and the beneficiary account number where such an account is used to process the

169 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction Criterion 16.2– (Met) Article 18 (3) of the FIC regulations 002/FIC/2023 of 26/06/2023 provides that where several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, they are exempted from the requirements of Paragraph (1) of this Article in respect of originator information, provided that they include the originator’s account number or unique transaction reference number, and the batch file contains required and accurate originator information, and full beneficiary information that is fully traceable within the beneficiary country”. Criterion 16.3(a)(i- ii) & (b)(i - ii) (Met) Article 19 of the FIC regulations 002/FIC/2023 of 26/06/2023 requires ordering financial institutions to ensure that cross-border wire transfers below RWF 1,000,000 or its equivalent in another currency is accompanied by originator and beneficiary information required by the criterion are always accompanied by: the name of the originator, and the originator account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction. Criterion 16.4– (Met) Article 19 of the FIC regulations 002/FIC/2023 of 26/06/2023 requires ordering financial institutions to verify all cross-border transaction below the RWF1,000,000 or its equivalent in another currency, which is a more stringent requirement. Criterion 16.5- (Met) The requirements under the criterion are provided for under article 19 of the FIC regulations 002/FIC/2023 of 26/06/2023, Rwanda applies the same requirements to cross border and domestic wire transfers Criterion 16.6– (Met) The requirements under the criterion are provided for under article 19 of the FIC regulations 002/FIC/2023 of 26/06/2023, Rwanda applies the same requirements to cross border and domestic wire transfers Criterion 16.7– (Met) Article 20 of the AML/CFT Law 0028/2023 requires FIs to maintain all necessary records on transactions, both domestic and international, for at least 10 years following completion of a transaction. Criterion 16.8– (Met) Article 19 (2) of the AML/CFT Law 0028/requires the ordering FI not to execute a wire transfer transaction if does not comply with the requirements provided in criteria 16.1 – 16.7. Criterion 16.9– (Met) The requirements under the criterion are provided for under article 20 (a) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires intermediary financial institutions to ensure that all originator and beneficiary information that accompanies a wire transfer is retained with a wire transfer. Criterion 16.10– (Met) The requirements under the criterion are provided for under article 20 (a) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires the receiving intermediary FI to keep for at least 10 years a record of all information received from the ordering financial institution or another intermediary FI in cases where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer,

170 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 16.11– (Met) The requirements under the criterion are provided for under article 20 (b) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires an intermediary FI to take reasonable measures to identify a cross -border wire transfer that lacks required originator or beneficiary information and the measures should consistent with straight – through processing. Criterion 16.12– (Met) The requirements under the criterion are provided for under article 20 (c) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires an intermediary FI to have effective risk-based policies and procedures for determining when to execute, reject or suspend a wire transfer that lacks required originator or beneficiary information and the appropriate follow up action. Criterion 16.13– (Met) The requirements under the criterion are provided for under article 21(a) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires beneficiary FI to take reasonable measures to identify cross border wire transfer that lacks required originator or beneficiary information Criterion 16.14– (Met) The requirements under the criterion are provided for under article 21 (b) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires beneficiary FI to verify the identity of the beneficiary if the identity has not been previously verified and maintains this information. Further, Article 20 reporting persons to keep records of all transactions domestic or internal for a period of at least 10 years. Criterion 16.15– (Met) The requirements under the criterion are provided for under article 21 (c) of the FIC regulations 002/FIC/2023 of 26/06/2023 which requires beneficiary FI to have effective risk-based policies and procedures for determining when to execute, reject or suspend a wire transfer that lacks require originator or beneficiary information and the appropriate follow up action. Criterion 16.16– (Partly Met) Article 7 of the AML/CFT Law 0028/2023 designates financial institutions including MVTS providers as reporting persons hence they are required to comply with all of the relevant requirements of Recommendation 16. However, there is no specific provision that requires MVTS providers to comply with the criterion through their agents. Criterion 16.17– (Not Met) There is no specific provision that requires MVTS providers to comply with this criterion. Criterion 16.18– (Not Met) Rwanda has provided for requirements in line with criterions 16.18. However, the requirements are set out in a Guideline and not a law or enforceable means. Weighting and Conclusion Although, Rwanda has provided for most requirements under R16, there are minor deficiencies which relate to lack of specific provision that requires MVTS providers to comply with the criterion through their agents, no requirements for MVTS provider that controls both the ordering and the beneficiary side of a wire transfer and some requirements are not in law or enforceable means. Rwanda is rated Largely Compliant with Recommendation 16

171 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 17 – Reliance on third parties In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R.9). The main technical deficiencies were scope limitation as insurance companies and intermediaries were not subject to the AML/CFT Law and there were no legal or regulatory provisions addressing reliance on third parties to perform elements of the CDD process or introduce business. Criterion 17.1 (a-c) – (Met) Article 26 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 allows a reporting person to rely on a third party to perform customer due diligence measures as provided for by Article 12(1)(a), (c) and (d). Article 26(1) (b) of the same Act requires a reporting person to immediately obtain the necessary information concerning customer due diligence measures from the third party including the identity of each customer and beneficial owner. Moreover, Article 26 (1) (c) (iii) of the same Act provides that a reporting person must take adequate steps to satisfy itself that the third party provides copies of identification data and other relevant documentation relating to customer due diligence requirements upon request without delay and the third party is regulated, and supervised or monitored for, and has measures in place for compliance with, customer due diligence and recordkeeping requirements. Criterion 17.2– (Not Met) there are no requirements in law or enforceable means obliging reporting persons to have regard to available information on the level of country’s risks. Criterion 17.3 (a-c)– (Met) Article 26 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 allows a reporting person to rely on a third party that is in the same financial group under the following circumstances; (a)Article 26(2)(a) provides that the financial group complies with recommendation 10-12 and 18. The financial group is thus required to apply customer due diligence and record keeping requirements (b)Article 26(2)(b) provides for the implementation of the customer due diligence and record keeping requirements and programs against AML/CFT/CFP is supervised at financial group by a competent authority. (c)Article 26(2)(c) provides requirements for a high-risk jurisdiction to be adequately mitigated by the group’s ML/CFTP policies Weighting and Conclusion Rwanda has provided most of the requirements under recommendation 17 in the AML/CFT Law 0028/2023 however, there are no legal provisions mandating reporting persons to have regards to information on the level of country risk when determining in which countries the third party that meets the conditions can be based. Rwanda is rated Largely Compliant with Recommendation 17 Recommendation 18 – Internal controls and foreign branches and subsidiaries In its 1st Round MER, Rwanda was rated partially-compliant with requirements under internal controls (formerly R.15) while requirements under foreign branches and subsidiaries (formerly

172 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 R.22) were considered not applicable as there were no Rwandan banks with foreign branches and subsidiaries abroad. The main technical deficiencies were that although the AML/CFT Law required the implementation of some measures to prevent ML and TF, it lacked the necessary level of clarity and detail to be in compliance with the standard. In particular: the requirements for reporting entities to establish, adopt, and maintain internal procedures, policies, and controls addressing CDD, record retention, detection of unusual and suspicious transactions and the reporting obligation were incomplete; there were incomplete requirements for reporting entities to do the following: Communicate the internal procedures, policies, and controls to prevent ML and FT to their employees; designate the AML/CFT compliance officer and other appropriate staff with timely access to customer identification and other CDD information, transaction records, and other relevant information; the requirements for internal audit function to assess the adequacy of internal control systems and policies with respect to AML/CFT and to maintain an adequately resourced and independent audit function were incomplete. R.18 introduced some new requirements for implementing independent audit functions for internal supervision and AML/CFT programmes for financial groups. Criterion 18.1 (a)– (Met) Article 27 (a) (i) of the AML/CFT Law 0028/2023 provides that a reporting person must implement internal control programmes for the fight against money laundering, terrorist financing or financing of proliferation of weapons of mass destruction, with regard to the risks identified and the nature and size of the business. Such programmes include putting in place policies and procedures of internal controls, including management arrangements for the compliance with the provisions of this Law, including the appointment of a compliance officer at the management level. Criterion 18.1(b) – (Met) Article 27 (a)(ii) of the AML/CFT Law 0028/2023 provides for reporting persons to implement internal control procedures for screening procedures to ensure high standards when hiring employees; Criterion 18.1(c) – (Met) Article 27 (b) of the AML/CFT Law provides for the requirements for an ongoing employee training programme; Criterion 18.1 (d)– (Met) Article 27 (c) an independent audit function to test the system. Criterion 18.2(a) – (Partly Met) Article 28 (1) (a) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that a reporting person must implement group-wide internal control programmes for the fight against money laundering, terrorist financing or financing of proliferation of weapons of mass destruction which must be applicable to all branches and majority-owned subsidiaries of the financial group. The programmes must include the measures set out in Article 27 which requires the reporting persons to implement appropriate internal control programmes with regards to the risks identified and the nature and size of the business as well as policies and procedures for sharing information required for the purposes of customer due diligence and ML/TF management. However, the entire Article 28 does not refer to appropriateness of the group-wide programs. Criterion 18.2(b) – (Partly Met) Article 28 (1) (b) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 0028/2023 provides that a reporting person must implement group-wide internal control programmes for the fight against money laundering, terrorist financing or financing of proliferation of weapons of mass destruction which must be applicable to all branches and majority-owned subsidiaries of the financial group. These programmes must

173 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 include the measures set out in Article 27 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 as well as measures for ensuring that group level compliance, audit and AML/CFT functions have the power to request and obtain customer, account and transaction information from branches and subsidiaries. However, this does not include information on analysis of transactions that appear unusual and branches and subsidiaries are not permitted to obtain information from the group whenever relevant and appropriate to risk management. Criterion 18.2(c) – (Met) Article 28 (1) (c) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 0028/2023 provides that a reporting person must implement group-wide internal control programmes for the fight against money laundering, terrorist financing or financing of proliferation of weapons of mass destruction which must be applicable to all branches and majority-owned subsidiaries of the financial group. These programmes must include the measures set out in Article 27 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 as well as measures for safeguarding the confidentiality and use of the shared information as well as preventing tipping-off. Criterion 18.3 – (Met) Article 28 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 states that “a reporting person must ensure that its foreign branches and majority-owned subsidiaries apply internal control programmes for the fight against money laundering, terrorist financing or financing of proliferation of weapons of mass destruction that are consistent with home country requirements. Weighting and Conclusion Provisions relating to internal controls, foreign branches and subsidiaries obligations are incorporated into Rwandan laws, however, there is no requirement for financial groups to share information and analysis of transactions which appear unusual, branches and subsidiaries are not permitted to obtain information from the group whenever relevant and appropriate to risk management. Rwanda is rated Largely Compliant with Recommendation 18. Recommendation 19 – Higher-risk countries In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R.21). The main technical deficiencies were due to lack of measures to advise reporting entities of concerns about weaknesses in the AML/CFT systems of other countries; lack of requirements imposed on reporting entities to examine, as far as possible, the background and purpose of transactions that have no apparent economic or visible lawful purpose, and that the written findings of those business transactions be available to assist competent authorities and auditors; and lack of counter-measures in place to address instances where a country continues not to apply or insufficiently applies the FATF Recommendations. Criterion 19.1 – (Met) Article 29 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that a reporting person must apply enhanced due diligence, proportionate to the risks, to business relationships and transactions with natural and legal persons, including financial institutions from countries for which this is called for by the Financial Action Task Force. Criterion 19.2(a-b) – (Met) Article 29 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides that a regulation of the Centre may determine countermeasures

174 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 proportionate to the risks emanating from high-risk jurisdictions when called upon to do so by the Financial Action Task Force or independently of any call to do so. The FIC has issued the Regulation 002/FIC/2023 of 26/06/2023 under Article 22, with guidance issued to reporting persons on the application of enhanced measures, in proportion to the risks, originating from jurisdictions which have weak measures in applying AML/CFT measures, as determined by the FATF and by a local competent authority. Criterion 19.3 – (Partly Met) Although, Article 29(3) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires the FIC to notify and provide advice on weaknesses of AML/CFT system of other countries, the FIC has not issued any advice on the weaknesses of the AML/CFT systems of other countries. Weighting and Conclusion Although Rwanda’s legal framework has provided for requirements for the application of enhanced due diligence, proportionate to the risks, business relationships and transactions with natural person and legal persons, there is no requirements for FIs and DNFBPs to apply countermeasures proportionate to the risks when called upon by the FATF or independently. Moreover, there are there are guidance to reporting persons on the application of enhanced measures, in proportion to the risks, originating from jurisdictions which have weak measures in applying AML/CFT measures, as determined by the FATF and by a local competent authority. Rwanda is rated Largely Compliant with Recommendation 19 Recommendation 20 – Reporting of suspicious transaction In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R13 & SR. IV). The main technical deficiencies were: the scope of the reporting obligation was too narrow because the money laundering offense did not apply to all the predicate offenses designated by the FATF; the reporting obligation did not extend to insurance companies and insurance brokers/agents; there were no obligation to report attempted transactions; and there was no obligation to report funds suspected of being linked or related to or to be used by individual terrorists. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 20.1 – (Met) Article 30 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting persons to report suspicious transaction reports if they suspect or has reasonable grounds to suspect that funds or property are the proceeds of crime, related or linked to, or are to be used for, terrorist financing or terrorist acts, or by a terrorist or a terrorist organisation or persons who finance terrorism. The reports should be promptly submitted to the FIC. The requirement for reporting persons to report suspicious transactions promptly to the FIC is set out under Article 30 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 Criterion 20.2 – (Met) Article 30 (2) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for a reporting person to report all suspicious transactions, including an attempted transaction, regardless of the amount of the transaction.

175 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Weighting and Conclusion Rwanda’s legal framework has provided all requirements for reporting of suspicious transactions to the financial intelligence unit. Rwanda is rated Compliant with Recommendation 20. Recommendation 21 – Tipping-off and confidentiality In its 1st Round MER, Rwanda was rated compliant with these requirements (formerly R14). Criterion 21.1 – (Met) Article 32 (2)(3) of the AML/CFT Law 0028/2023 requires financial institutions and their directors, officers and employees to be protected by law from both criminal and civil liability for breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, if they report their suspicions in good faith to the FIC. Article 32 (3) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides protection even if the person filing the suspicious transaction know precisely what the underlying criminal activity was, and regardless of whether illegal activity actually occurred. Criterion 21.2 – (Met) Article 32 (1) of the AML/CFT Law prohibits the tipping-off of information disclosed to FIC. Further, Article 9 (1) of 2023 AML/CFT law obligates reporting persons without consideration of an obligation of professional secrecy or restrictions on divulging information imposed by a law or under contractual agreement to share information with competent authorities, other reporting persons, another member of the group where this is required. Weighting and Conclusion Rwanda has provided for all requirements of tipping off and confidentiality in the legal framework. Rwanda is rated Compliant with Recommendation 21. Recommendation 22 – DNFBPs: Customer due diligence In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R12). The main technical deficiencies were: Casinos were not reporting entities under the AML/CFT Law; there were no thresholds for CDD measures applicable to casinos and dealers in precious metals and stones; the shortcomings identified in the framework of former Recommendations 5, 6, and 10–11 (now Rs 10, 12, and 11) were also applicable to designated non-financial business and professions; no provisions in line with former Recommendations 8– 9. Criterion 22.1 – (Most Met) – The AML/CFT Law 2023 lists DNFBPs as reporting entities and requires them to comply with CDD requirements set out in Rec. 10. The key deficiencies for Rec. 10 which are applicable to Rec 22.1 relate to lack of requirements to identify and verify relevant natural person who holds the position of senior managing official in case where no beneficial

176 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 owner is identified, inadequate requirements on legal persons or arrangements as they do not extend to information on the powers that regulate and bind the legal person or arrangement, and no requirements for the identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means. Criterion 22.1(a) – Article 10,11,12 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for requirement to conduct CDD for casinos. Casinos are reporting persons according to Article 7 of the same Act, the provisions and deficiencies under recommendation 10 therefore equally applies for Casinos. Article 13 of regulation No. 002/FIC/2023 of 26/06/2023 relating to AML/CFT mandates CDD for a casino customer that carries out a financial transaction equal to or above FRW 3,000,000 (USD 2,400) or its equivalent in foreign currency, whether conducted as a single transaction or several transactions that appear to be linked Criterion 22.1(b) – Article 10,11,12 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires real estate agents to conduct CDD. Real estate agents are listed as reporting persons according to Article 7(1)(d) of the same Act, the provisions and deficiencies under recommendation 10 therefore equally applies for real estate agents. Regulation No. 002/FIC/2023 of 26/06/2023 relating to AML/CFT mandates CDD for a customer that buys or sells real estate. Criterion 22.1 (c)– Article 10,11,12 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for requirement to conduct CDD for Dealers in precious metals and dealers in precious stones PMS. Dealers in precious metal and precious stones are reporting persons according to Article 7 of the same Act, the provisions and deficiencies under recommendation 10 therefore equally applies for DPMS. Article 13 of regulation No. 002/FIC/2023 of 26/06/2023 relating to Anti – Money Laundering, Combating the Terrorist Financing and Financing of Proliferation of Weapons of Mass Destruction mandates CDD when a dealer in precious metals or precious stones carries out a cash transaction equal to or above FRW 15,000,000 (US$12,000.00) or its equivalent in foreign currency; whether conducted as a single transaction or several transactions that appear to be linked. Criterion 22.1 (d)– Article 10,11,12 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for requirement to conduct CDD for lawyers, notaries, other independent legal professionals and accountants when involved in client’s transaction. Lawyers, notaries, other independent legal professionals and accountants are reporting persons according to Article 7 of the AML/CFT Law 2023, the provisions and deficiencies under recommendation 10 therefore equally applies for lawyers, notaries, other independent legal professionals and accountants. Criterion 22.1 (e)– Article 10,11,12 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for requirement to conduct CDD for Trust and company service providers when they prepare for or carry out transactions for a client. Trust and company service providers are reporting persons according to Article 7 of the same Act, the provisions under recommendation 10 therefore equally applies for TCSPs. Criterion 22.2– (Mostly Met) The definition of reporting person as set out in article 7 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 includes the designated non-financial businesses and professions and the record keeping requirements as described under recommendation 11 applies to all reporting persons as provided for in article 20 of the same

177 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Act as amended to date. See R11 for full details of the analysis. Although, Article 20 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires a reporting person to maintain all necessary records on transactions, both domestic and international, for at least ten years following completion of the transaction; the provision does not provide for the keeping of records following termination of the business relationship. Criterion 22.3– (Partly Met) The definition of reporting person as set out in article 7 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 includes designated non-financial businesses and professions and the requirements for PEPs described under Recommendation 12 apply to all reporting persons as provided for in article 13 of the AML/CFT Law. Further, the requirement for source of funds and other assets do not extend to beneficial owners and do not include sources of wealth, Criterion 22.4– (Mostly Met) Article 24 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires reporting persons to identify and assess the money laundering, financing of terrorism and financing of proliferation of weapons of mass destruction risks that may arise in relation to: a. the development of new products and new business practices, including new delivery mechanisms; b. the use of new or developing technologies for both new and pre￾existing products. However, the country and DNFBPs have not demonstrated that they identify and assess the ML/TF risks associated with the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products. Criterion 22.5– (Mostly Met) Article 26 (1) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 allows a reporting person to rely on a third party to perform customer due diligence measures as provided for by Article 12(1)(a), (c) and (d). According to Article 7 of the same Act, DNFBPs are reporting persons and the provisions under recommendation 17 therefore equally applies to DNFBPs. Rwanda does not have legal provisions mandating reporting persons to have regards to information on the level of country risk when determining in which countries the third party that meets the conditions can be based. Weighting and Conclusion Rwanda’s legal framework has provided for specific CDD requirements for Casinos, Real estate agents, Dealers in precious metals and dealers in precious stones, trust and company service providers, lawyers, notaries, other independent legal professionals, auditors and tax advisors, and accountants. However, shortcomings identified under R10, R11, R12, R15, and R17 applies to all reporting persons including designated non-financial businesses and professions. Rwanda is rated Partially Compliant to Recommendation 22

178 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 23 – DNFBPs: Other measures In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R16). The main technical deficiencies were that: Casinos were not subject to the requirements of former Rec. 13, 14, 15, and 21 (Now Rs20, 21,18 and 19); the shortcomings identified in the framework of former Recommendations 13, 14, 15, and 21 which are also applicable to non￾financial business and professions; and professional secrecy provisions for lawyers and legal professionals posed an impediment to suspicious transactions reporting. Criterion 23.1- (a) (Met) Article 30 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for reporting persons as defined which also includes DNFBPs to report suspicious transactions to the FIC. Article 30 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires lawyers, notaries, other independent legal professionals and accountants to report suspicious transactions to the FIC Criterion 23.1-(b) (Met) Article 31 (d) the FIC Regulations 2023 provides for dealers in precious stones and metals to report suspicious transactions and cash transactions equal to or above RWF15,000,000 or its equivalent in foreign currency. Criterion 23.1-(c) (Met) Article 30 of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 provides for TCSPs to report suspicious transactions. Criterion 23.2 – (Mostly Met) DNFBPs are subject to the same requirements for internal control and foreign branch and subsidiaries in the AML/CFT Act as all reporting entities. Therefore, the conclusions made in R18 apply under the criterion as well. Criterion 23.3– (Mostly Met) DNFBPs are subject to the same requirements for high-risk countries in the AML/CFT Act as all reporting entities. Although, Article 29(3) of the Law No. 028/2023 of 19/05/2023, AML/CFT Law 2023 requires the FIC to notify and provide advice on weaknesses of AML/CFT system of other countries, the FIC has not issued any advice on the weaknesses of the AML/CFT systems of other countries. Criterion 23.4– (Met) DNFBPs are subject to the same requirements for tipping-off and confidentiality and subsidiaries in the AML/CFT Act as all reporting entities. Therefore, the conclusions made in R21 apply here as well. Weighting and Conclusion Rwanda’s legal framework has provided for circumstances under which customer due diligence is required for Casinos, Real estate agents, Dealers in precious metals and stones, trust and company service providers, lawyers, notaries, other independent legal professionals, auditors (Article 9 of the AML/CFT Law) in circumstances consistent with requirements of the Recommendations 18, 19 and 21. However, there were minor shortcomings identified under R18 and R19 are also applicable under the recommendation. Rwanda is rated Largely Compliant to Recommendation 23

179 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 24 – Transparency and beneficial ownership of legal persons In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R33). The main technical deficiency was that information collected at the time of incorporation is easily accessible, but it is not kept up to date and does not specifically address the beneficial ownership Criterion 24.1 – (Met) - Rwanda has mechanisms that identify and describe:(a) the different types, forms and basic features of legal persons formed and created in the country; and (b) the processes for the creation of those legal persons, and for obtaining and recording of basic and beneficial ownership information. Article 11 of the Law N° 007/2021 of 05/02/2021 Law governing companies identifies five types of companies. Articles 6 of the same Law provides for essential requirements for incorporation of a company while articles 7 and 9 provide for essential requirements for both private and public compagnies and article 24 provides for a Company as a distinct legal entity Rwanda obtains and records beneficial ownership information through the Law governing companies (as amended 2023) and the Revised AML/CFT Law. The Registrar General has issued guidance outlining the processes for obtaining and recording beneficial ownership information. Information on the processes for the creation of legal persons is publicly available at http://rwanda.eregulations.org/. Criterion 24.2 – (Not Met) - Although Rwanda has conducted a national risk assessment, it has not assessed the ML/TF risks associated with all types of legal person created in the country. Criterion 24.3 – (Met) - In terms of Article 275, the Registrar General keeps a register of companies into which are entered all matters prescribed under the Act including an up-to-date index of the names of companies, including against each name of each company, its registered number. Article 6(4) requires the Registrar General to obtain information on the director of the company. Article 22(2) requires the Registrar General to register in the register of companies and business details relating to the company. Information retained by the Registrar General include in Article 23, the company’s registered name, code, type of company and date of incorporation. The Registrar General through article 30 collects information on the registered office of the company. the Registrar General through section 21 receives articles of incorporation for companies that have elected to have them and these contain basic regulating powers of the company. The Act sets out the basic regulating powers of the company if it does not have articles of incorporation. Article 278 makes the information held by the Registrar General accessible to the public. Criterion 24.4 – (Met) - Articles 111 of the law N° 019/2023 of 30/03/2023 amending law n° 007/2021 of 05/02/2021 governing companies require companies to keep records set out in criterion 24.3 including a register of their shareholders or members, containing the number of shares held by each shareholder and categories of shares (including the nature of the associated voting rights). Article 111 also requires companies to keep such records at its registered office, or at any other place in Rwanda notified to the Registrar General. Article 112 of the Law n° 007/2021 of 05/02/2021 governing companies requires the records to be written and in a form that is easily accessible. Criterion 24.5 – (Met) –Article 192 requires Directors of a company to up-date incorporation documents held by the Registrar General within 10 working days of the alteration.

180 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Incorporation documents include memorandum of association which must contain information referred to in criterion 24.3. Furthermore, article 134 requires directors of a company to submit annual returns confirming that the information relating to the company held by the Registrar General referred to in criterion 24.3 and 24.4 is correct as at the date of the return. Criterion 24.6(a) – (Met) – Article 1 and 116 bis of law N° 019/2023 of 30/03/2023 amending law n° 007/2021 of 05/02/2021 governing companies defines beneficial ownership in relation to companies to include a natural person who (1) holds or shares or exercises voting rights according to the required threshold or (2) exercises significant control or influence over the company. Article 116 bis of the same law also empowers the Registrar General to determine the required threshold of shares or voting rights needed to make one a beneficial owner. The Registrar General has set out the required threshold through article 1 of Instructions of the Registrar General N° 001/2023/Rg of 31/03/2023 Determining the Threshold for Identification of the Beneficial Owner of Company and of a Partnership. The said article provides that a natural person qualifies as a beneficial owner if the natural person is either holds at least 25% of the shares in a company or capital contribution in a partnership either directly or indirectly or exercises at least 25% of the voting rights in a company or a partnership either directly or indirectly. Further, the Law governing companies requires beneficial ownership information to be submitted to the Registrar General as part of incorporation documents (article 19), for the company to maintain a register of beneficial owners for past 10 years (article 111 (10)) and for company secretaries to also maintain the beneficial ownership information as to as to the shares and other rights in the company (article 116). Criterion 24.7 – (Met) – Under article 116 of law governing companies, company secretaries/directors are required to maintain an internal register of BO and update the Register within 14 days of any change. Additionally, article 116 ter of law governing companies empowers the Registrar General to verify BO by requiring any person to submit information and documents that enables the verification of accuracy of such information. Criterion 24.8(a)– (Mostly Met) – Article 119 authorises the company secretary to provide basic and beneficial ownership information collected by the company to competent authorities. Directors are recognized as company secretaries for purposes of article 118 if the company has not appointed a company secretary. Article 157 as read with article 7(4) imposes a residency requirement on at least one director whilst article article 12 para 3 of the law of the law N° 019/2023 of 30/03/2023 amending law N° 007/2021 of 05/02/2021 provides that “The company secretary must be a Rwandan resident”. However, there is no express requirement for the resident company secretary to be a natural person. Criterion 24.8(b)– (Not Met) – Rwanda has not provided evidence indicating that DNFBPs are authorized by the company to provide all basic and available BO information and to give further assistance to the authorities. The articles submitted by Rwanda (19(6), 20(7,8), 119 and 333 of the Law N° 007/2021 of 05/02/2021 governing companies) relate to disclosures by the company to the Company Registry. Additionally, whilst DNFBPs are obliged under article 20 of the 2023 AML/CFT Law to share records and information collected as part of their AML/CFT obligations including identification documents, such disclosures are not authorized by the company and do not therefore fall within the purview of c24.8(b). Criterion 24.8(c)– (Not Met) – Rwanda has not provided evidence of other comparable measures.

181 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 24.9 – (Met) – Article 111 of the Law 2023 governing companies requires companies to keep the information referred to for a at least 10 years at the end of the year to which they relate and to within 30 days of the company ceasing to exist, file with the Registrar General all such records. Further, article 20 of the 2023 AML/CFT Law requires reporting persons to maintain CDD documents for at least 10 years after the end of the relationship with the customer. Criterion 24.10 – (Partly Met) – whilst Article 116 ter of the law governing companies grants competent authorities access to the central BO register, Rwanda has not provided evidence of how this is achieved and if its timely. Additionally, while article 10(8) of the Law No 12/2017 establishing RIB empowers it to order for information and obtain statements from any person that can help with the investigation, the provision does not provide the timelines for obtaining sch information. Similarly, article 8(6) of the Law No 045/2021 governing the Financial Intelligence Centre which empowers it to order relevant organs, to provide it with information on property of legal persons suspected of ML/TF/PF offences for purposes of conducting financial intelligence does not have timelines to obtain such information. Further, the provision is limited to obtaining information on the property of the legal persons and not basic and beneficial ownership information on the legal person. Criterion 24.11(a) – (Met) – Article 3 of 2023 law governing companies prohibits allotment of bearer shares. Criterion 24.11(b) – (......) – Not applicable Criterion 24.11(c) – (......) – Not applicable Criterion 24.11(d) – (......) – Not applicable Criterion 24.11(e) – (......) – Not applicable Criterion 24.12(a) – (Met) – Nominee arrangements are allowed in Rwanda and article 7 of 2023 law governing companies requires nominee shareholders and Directors to disclose the identity of their nominator to the company and for the information to be included in the registry. Criterion 24.12(b) – (...) – Not applicable. Criterion 24.12(c) – (…) – Not applicable. Criterion 24.13 – (Met) – Article 19 of the law N° 019/2023 of 30/03/2023 amending law n° 007/2021 of 05/02/2021 governing companies empowers the Registrar General to impose administrative sanctions of not less than five hundred thousand Rwandan francs (RWF 500,000) and not more than two million Rwandan francs (RWF 2,000,000) to a company that fails to keep or update required documents with the Registrar General. Further, the Registrar General in accordance with article 327 as amended, can issue a sanction of not more than RWF 500 000 to a company that fails or delays to provide the Registrar General with documents required under the law. Article 352 as amended, provides for criminal sanctions for the offence of false disclosure of basic and beneficial ownership information for a term of not less than three (3) years and not exceeding five (5) years and a fine of not less than five million Rwandan francs (RWF 5,000,000) but not exceeding ten million Rwandan francs (RWF 10,000,000). Further, the Registrar General in accordance with article 328 can issue a sanction of not more than FRW 500 000 to any person including a natural person (director/company secretary) that

182 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 provides a false notice. Additionally, article 333 provides for criminal sanctions to the company secretary or any other competent person who fails to disclose information of the beneficial owner or any information requested by the competent authority by virtue of the provisions of the law to a fine of not less than five hundred thousand Rwandan francs (FRW 500,000) but not exceeding one million Rwandan francs (FRW 1,000,000). Lastly, article 352 provides for criminal sanctions for shareholders/members of company for the offence of false disclosure of basic and beneficial ownership information to imprisonment not exceeding two years imprisonment and a fine of not less than five million Rwandan francs (FRW 5,000,000) but not exceeding ten million Rwandan francs (FRW 10,000,000). These sanctions are dissuasive and proportionate. Criterion 24.14(a) – (Met) –Rwanda has a legal basis (Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters) as amended by article 1 of the Law Nº 040 of 2021 of 28/07/21 that allows it to rapidly provide the widest possible range of (in relation and specific to basic and beneficial ownership information) through MLA or other forms of international cooperation, by facilitating access by foreign competent authorities to basic information held by the Rwandan Registrar General, on the basis set out in Rec 37. Furthermore, article 49 (1) (a) of 2023 AML/CFT empowers the Registrar General to: (1) provide the widest possible range of international cooperation to its foreign counterpart, (2) share information on request or its own motion, (3) use the most efficient means to co-operate. Criterion 24.14(b) – (Met) – see analysis at criterion 24.14(a) Criterion 24.14(c) – (Met) – In addition to measures noted in criterion 24.14(a), article 49 (8) of 2023 AML/CFT law empowers the Registrar General to conduct inquiries on behalf of a foreign counterpart, and exchange with its foreign counterpart all information including beneficial ownership information that would be obtained by it if such inquiries were being carried out domestically. Criterion 24.15 – (Not Met) – Article 49(3) of 2023 AML/CFT law submitted by the authorities relates to Rwanda providing feedback to other jurisdictions as opposed to Rwanda monitoring the quality of assistance it has received. Rwanda has accordingly, not submitted evidence of how it monitors the quality of assistance they receive from other countries in response to requests for basic and beneficial ownership information or requests for assistance in locating beneficial owners residing abroad. Weighting and Conclusion Rwanda has mechanisms that identify and describe the different types, forms and basic features of legal persons formed and created in the country. Information on the processes for the creation of those legal persons is publicly available through a website. Rwanda has processes for obtaining and recording basic information on companies. Rwanda obtains and records beneficial ownership information through the Law governing companies (as amended 2023) and the Revised AML/CFT Law. Rwanda has mechanisms to ensure that basic and beneficial ownership information recorded, is accurate and as up to date as possible. Whilst Rwanda has some measures to ensure that companies co-operate with competent authorities in determining the beneficial owner, there is no requirement for the resident company secretary to be a natural person. Rwanda requires nominee shareholders and directors to disclose the identity of their nominator to the company and for the information to be included in the registry. Rwanda

183 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 prohibits allotment of bearer shares. Rwanda has a legal basis (Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters) as amended by article 1 of the Law Nº 040 of 2021 of 28/07/21 that allows it to rapidly provide the widest possible range of (in relation and specific to basic and beneficial ownership information. However, there are no mechanisms to monitor the quality of the international assistance received by Rwanda. Further, Rwanda has not assessed the ML/TF risk associated with all types of legal persons created in the country. Rwanda is rated Partially Compliant with Recommendation 24 Recommendation 25 – Transparency and beneficial ownership of legal arrangements In its 1st Round MER, the measures were not applicable to this Recommendation (formerly R34). Criterion 25.1(a) – (Mostly Met) - Article 87 and 88 of the Law N° 063/2021 of 14/10/2021 governing trusts requires trustees to maintain internal register of beneficial owners of a trust through which trustees obtain and hold adequate and current information on the identity of the settlor, trustees, protector, beneficiaries and any other natural person that exercises ultimate effective control of the trust. Article 88 prescribes the particulars on the identity of the beneficial owner and that the trustee must provide a copy within 14 days to the Register General who maintains the general beneficial ownership registry in accordance with article 85 of the same law. Article 87(1) requires trustees to verify the beneficial ownership information obtained while Article 89 of the same law empowers a trustee to issue a notice to any person with such knowledge for confirmation of beneficial ownership information. The above noted provisions however, do not prescribe how verification is conducted, for example through independent and reliable sources. Criterion 25.1(b) – (Mostly Met) – The authorities have submitted article 20 of 2023 AML/CFT law requiring reporting entities to maintain customer due diligence and transaction records as satisfying the requirement for trustees to hold basic information on other regulated agents of, and service providers to, the trust, including investment advisors or managers, accountants, and tax advisor. While it is appreciated that in some instances, undertaking CDD measures may lead to compliance with criterion 25(1)(b), it is not always the case that such compliance will result in holding basic information on the service providers such as circumstances not covered under articles 11(1)(a) and (d). Article 11(1) of 2023 AML/CFT law provides that a reporting person must undertake customer due diligence when: (a) establishing a business relationship; (b)…; (c)…; (d) a customer is neither an account holder nor in an established business relationship with the reporting person but wishes to carry out the following activities: (i) a transaction in an amount equal to or above the threshold set by the Centre, whether conducted as a single transaction or several transactions that appear to be linked; or (ii) a domestic or cross border wire transfer in the amount equal to or above the threshold set by the Centre. The 2023 AML/CFT law does not define ‘business relationship’ and where one is an occasional customer, conducting CDD is

184 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 limited to instances mentioned at article 11(1)(d). accordingly, it is conceivable that in the absence of clear requirement to hold basic information on other regulated agents or service providers, trustees implementing CDD measures fully, may still not record such information. Additionally, the authorities have submitted articles 84, 85, 86, 87, 88, and 89 of the law of trust as meeting the requirements of this criterion. However, the articles provided do not deal with the c requirement of collection basic information of other regulated agents but deal with obtaining beneficial ownership information of the trust. Criterion 25.1(c) – (Partly Met) – Under article 49( 2º) of the Law on Trusts., trustees are required to maintain all necessary records for at least ten years following the completion of the transaction. However, the requirement of the criterion is to maintain information after the trustees’ involvement with the trust ceases. Criterion 25.2 – (Partly Met) –The authorities have submitted articles 49(2) Law N° 063/2021 of 14/10/2021 governing trusts and article 33 of 2023 AML/CFT. The latter article mandates the Registrar General to ensure that it maintains adequate, accurate and updated information on the beneficial ownership of a legal person or legal arrangement. The provision however does not provide details on how the information will be verified and when it ought to be updated. The former provisions relate to keeping accurate accounts and records of trusteeship. The authorities have also submitted article 89 paragraphs 3 & 4 of the Law N° 063/2021 of 14/10/2021 governing trusts which relates to the powers of the trustees to issue confirmation of BO information notice to any person they believe knows the beneficial owners of the trust. The said article however does not indicate how verification is conducted, for example through independent and reliable sources. Additionally, the deficiencies noted in criterion 25.1(b) have a cascading effect. Article 87(1)(3) and (7) however, requires trustees to update the internal BO register within 14 days of any changes and to thereafter update the Registrar General within 14 days of noting the changes on the internal register. Criterion 25.3 – (Met) – Rwanda has measures to ensure that trustees disclose their status to financial institutions and DNFBPs when forming a business relationship or carrying out an occasional transaction above the threshold. Article 12(1)(a)-(c) of the 2023 AML/CFT Law requires reporting persons to identify their clients and where this involves trusts, invariably it involves identification of the trustee. Further, article 31 of the 2023 AML/CFT law requires reporting persons to make cash declaration disclosures to the FIC. Criterion 25.4 – (Met) – Article 87 (6) of the Trust Law obliges trustees to share information relating to the trust with competent authorities in a timely manner upon request. Criterion 25.5 – (Mostly Met) – Article 39 of 2023 AML/CFT law empowers law enforcement to obtain information held by trustees, FIs and DNFBPs by compelling the production of records held by a reporting person or another person the beneficial ownership; (b) the residence of the trustee; and (c) any assets held or managed by the financial institution or DNFBP. However, the law does not provide the timelines for obtaining such information as there is no stated period for the trustees to have complied with the production order. Criterion 25.6(a) – (Met) – Rwanda has a legal basis (Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters) as amended by article 1 of the Law Nº 040 of 2021 of 28/07/21 that allows it to rapidly provide the widest possible range of (in relation and specific to basic and beneficial ownership information) through MLA or other

185 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 forms of international cooperation, by facilitating access by foreign competent authorities to basic information held by the Rwandan Registrar General, on the basis set out in Rec 37. Furthermore, article 49 (1) (a) and 49(8) of 2023 AML/CFT empowers the Registrar General to: (1) provide the widest possible range of international cooperation to its foreign counterpart, (2) exchanging domestically available information on the trusts or other legal arrangement, conduct inquiries on behalf of a foreign counterpart, and exchange with its foreign counterpart all information that would be obtained by it if such inquiries were being carried out domestically. Criterion 25.6(b) – (Met) – see analysis at criterion 25.6(a). Criterion 25.6(c) – (Met) – see analysis at criterion 25.6(a). Criterion 25.7 – (Mostly Met) – Rwanda has through various provisions, articles 105 -114 of the Trust Law ensured that trustees are legally liable for any failure to perform the duties relevant to meeting their obligations. However, the deficiencies noted at criterion 25.1 and 25.2 on verification measures and hold basic information on other regulated agents or service providers, have a cascading effect. Criterion 25.8 – (Not Met) – Article 87(6) of the Trust Law obliges trustees to disclose beneficial ownership data to competent authorities, upon request, in a timely manner. However, the provision is silent on what it means by ‘timely manner’. The authorities have submitted article 113(2) of Trust Law which provides dissuasive and proportionate criminal sanction for trustees that refuses or provides false information to competent authorities. However, there it has no sanctions for failing to provide the information in a timely manner. The authorities have further submitted article 61 (e) of 2023 AML/CFT law, however it is also not applicable to this criterion as it relates to sanctions for providing false information when this criterion relates to sanctions for lack of timely access. Weighting and Conclusion Rwanda requires trustees to maintain an internal register of beneficial owners of a trust through which trustees obtain and hold adequate and current information on the identity of the settlor, trustees, protector, beneficiaries and any other natural person that exercises ultimate effective control of the trust. Trustees are obliged to provide the Registrar General with this information for inclusion in the public registry and to update both registries within 14 days of any changes. However, gaps remain on the requirement to keep accurate information as there is no requirement to verify the information through independent and reliable sources. Rwanda has mechanisms to ensure that trustees disclose their status to financial institutions and DNFBPs when forming a business relationship or carrying out an occasional transaction above the threshold and has enabled trustees to provide competent authorities with any information relating to the trusts in a timely or swift manner. However, there are no provisions outlining what timely or swift access means. Additionally, there are no sanctions for failing to provide the information to competent authorities in a timely manner. Rwanda is rated Partially Compliant with Recommendation 25

186 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 26 – Regulation and supervision of financial institutions In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R23). The main technical deficiencies were: there was no authority or authorities designated for AML/CFT supervision; institutions not subject to adequate AML/CFT regulation and supervision; lack of fit-and-proper measures for pension, payment service providers, and forex sectors, and application of relevant Core Principles to AML/CFT matters; lack of measures to ensure that relevant prudential regulatory and supervisory measures are also applicable for AML/CFT purposes. The other deficiencies related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 26.1 – (Met) Rwanda has designated the following authorities to be responsible for the supervision of financial institutions in terms of Article 42(a), (b) and (d) of Law 028/2023 as read together with Article 2 of Regulation No 002/FIC/2023. • BNR in relation to banks, micro finance institutions, non-deposit taking lending institutions, finance-lease institutions, insurance institutions, social security institutions, pension funds/schemes institutions, discount houses, payment systems and other financial services providers that are not supervised by any other institution under specific laws (Article 6 (3 and 4) of Law 048/ 2017), MVTS( Regulation No 06/2018 of 27/03/2018) and Forex Exchange Bureaus ( Regulations 2310/2018-00015 of 27/12/2018). • Capital Markets in relation to capital market industry, commodity exchange and related contracts and warehouse receipt system (Article 8 (1) and 8(9) of the Law No. 057/2021). Criterion 26.2 (Partly Met) – With the exception of banks, there is legal requirement for Core Principles financial institutions to be licensed by BNR and CMA for conducting operations. BNR Article 5 of Law Nº 47/2017 of 23/9/2017 governing the organization of banking stipulates that no person shall, without, being licensed as a bank, claim the status of bank or banker and puts restrictions for the use of the name bank. Hence banking activities may still be permissible by someone who does not claim the status of a bank. Article 7 of the same law merely imposes restrictions on a person other than a bank that holds a valid licence under the law to accept deposits in Rwanda. The restrictions relate to deposit taking rather than banking activities. Article 6 of the Law No. 30/2021governing the organisation of insurance business requires that insurance business in Rwanda is carried out by a person holding a license. However, a public insurer is exempted from requiring a licence. CMA There are restrictions imposed for capital market business to be conducted without being licensed, approved or exempted under article 6 of law N°01/2011 OF 10/02/2011 regulating capital market in Rwanda. Further, collective investment schemes (Article 18 of Law No 062/2021 of 14/10/2021) and custodial services (Article 3 of Capital Market Regulation No 12) are required to be licensed by CMA.

187 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Other Financial Institutions MVTS (Article 3 of Regulation No 06/2018 of 27/03/2018) and Forex Exchange Bureaus (Art 3 of Law No1/2017 of 22/02/2017) cannot operate without a license issued by BNR. Article 5 of Law No. 72/2021 requires that a company or cooperative which intends to carry out deposit-taking microfinance institution operations must apply for a license to the supervisory authority, i.e., BNR. Pension scheme providers (under BNR) are required to apply for a license to operate. (Art 48 of Law No 05/2015 governing the organisation of pension schemes). Article 5 of Regulation No 06/2016 of 26/09/2016 on licensing requirements and other conditions for carrying out finance lease operations requires that any institution intending to carry out finance lease operations shall apply for a license to the Central Bank. Payment Service Providers (Article 16 of Law No 061/2021 of 14/10/2021) requires that a license be issued to it by BNR for conducting operations. Any applicant intending to conduct financial services as non-deposit taking financial services provider must obtain a license from the Central Bank (Article 5 of Regulation No 65/04/2023 of 25/04/2023 governing Non-Deposit Taking Financial Service Providers. Prohibition of Shell Banks There is no provision in the law which prohibits the establishment or continued operation of shell banks. Criterion 26.3 (Partly Met) -. BNR and CMA is required to take the necessary measures to prevent criminals or their associates from being professionally accredited or holding or being the beneficial owner of a significant or controlling interest or holding a management function in a reporting person’s activities by virtue of article 41(g) of the 2023 AML/CFT. BNR Article 9 (5 and 8) of Law No 047/2017 requires that members of the Board of Directors and management of future bank are fit and proper while significant shareholders need to be trustworthy and should not be involved in money laundering and financing of terrorism. The modalities of the criteria are defined in the regulation No 2310/2018 -00013 (614) on licensing conditions of banks (Articles 5, 6 and 24) and Articles 6(4 &5) on the regulation No 01/2018 of 24/01/2018 on corporate governance for banks. The fit and proper criteria requires that there is no record of conviction of criminal records, amongst others. Article 45 of regulation No 01/2018 of 24/01/2018 on corporate governance requires that BNR evaluates the fit and proper criteria of board members and senior management on a regular basis as part of the evaluation of the bank’s corporate governance. Article 20 stipulates that no director can be renewed if he/she no longer meets the criteria for fit and proper. Article 9 (5) of Law No. 030/2021 governing the organisation of insurance business requires that any person intending to carry out insurance business as a private insurer must demonstrate that qualifying shareholders possess good

188 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 business standing, integrity, financial strength and ability to provide further financial support, if necessary. BNR has in place a standard fit and proper questionnaire which is required to be filled in by all applicants proposing to provide financial services under its purview where information on the criminal records of the persons is requested. BNR also requires that its approval should be obtained prior to any direct or indirect transfer of a significant interest in a bank (Article 21 of Law No 47/2017). This also applies to any insurer (Article 53 of Law No 030/2021). CMA Article 27 of Regulation No 1 on Capital Markets (licensing requirements) requires the application of fit and proper for corporate bodies and individuals either seeking or who have been granted a license or approval in respect of a regulated activity in terms of honesty, integrity and reputation. This includes assessment of whether a person has been convicted for any criminal offence, amongst others. However, the law does not explicitly provide for assessment of fit and proper for shareholders, directors, senior management and beneficial owners. CMA has a standard declaration form which needs to be filled in by directors, CEO, senior management, company secretaries and UBO of licensed companies and applicants which requires information on any conviction for any crime, amongst others. Article 5 of Regulation No. 2310/2018 requires that the Management and Directors of an applicant for a foreign exchange business license shall be persons well known, of good repute and integrity. Article 6 of Regulation No. 2310/2018 requires criminal record certificates, tax clearance certificate and credit status for the applicant’s shareholders, directors and management. Any transfer of share of a forex requires the prior approval of BNR (Article 23 of Regulation No 2310/2018 – 00015 (614) of 27/12/2018) Regulation No. 05/2018 governing payment services providers requires the relevant persons meet the fit and proper criteria as set out in Annex 1 of the regulation. Annex 1 of Regulation No. 05/2018, outlines the fit and proper criteria for shareholders, directors and management of applicants for a license. The fit and proper criteria include criminal record, credit status and source of funds declaration. Article 4 of Regulation No. 54/2022 governing the electronic money issues provides that issuers of e-money shall adhere to licensing requirements established under the regulation governing payments services providers. Criterion 26.4 (a) (Mostly Met) - Core Principles institutions fall under the supervision of BNR and CMA. BNR and CMA supervise core principles institutions in line with core principles but does not include consolidated supervision for AML/CFT purposes (Article 41(a and b) and 42 (a and b) of the 2023 AML/CFT Law). BNR and CMA supervise their obligations in relation to

189 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 ML/TF/PF risk assessment (Article 8), internal control programmes for fight against ML/TF/PF which include policies and procedures for internal controls, screening procedures, ongoing employee training and independent audit (Article 27 and 28 of the 2023 AML/CFT law).BNR and CMA also supervise that (Article 28 of the 2023 AML/CFT Law) core principle institutions implement group-wide internal controls programmes consistent with measures set out in Article 27 to fight against ML/TF/PF applicable to all branches and majority owned subsidiaries of the financial group. The programme includes measures for sharing AML/CFT information, powers to request and obtain AML/CFT/PF information and ensuring that foreign branches and majority owned subsidiaries apply AML/CFT/PF internal control programmes consistent with home country requirements if the host country requirements are less strict. BNR and CMA supervise the obligations of the core principles FIs as outlined in Regulation No 002/FIC/2023 of 26/06/2023. Criteria 26.4 (b) (Mostly Met) – Financial institutions providing MVTS, money or currency changing and Payment service Providers are subject to regulation and supervision by BNR. (Regulation No 06/2018 of 27/03/2018 on Money Remittances Services, Regulation No 01/2017 governing Forex Bureaus and Law No 061/2021 of 14/10/2021 governing payment system). BNR is the designated authority for monitoring and ensuring compliance with AML/CFT/PF requirements for MVTS, forex Bureaus and Payment Service Providers (Art 41 a and b of 2023 AML/CFT and Article 1 of Regulation No 002/FIC/2023). Article 27 of 2023 AML/CFT Law outlines the AML/CFT obligations of reported persons... Article 42(a) of Law 028/2023 requires that supervisory authority monitor and ensure compliance with AML/CFT/PF requirements on a risk sensitive basis, however, supervision and monitoring is not risk based and supervisory authorities have not developed risk-based tools for AML/CFT supervision of other financial institutions. Criterion 26.5(a) (b) and (c) (Partly Met) Article 41 (a) of the 2023 AML/CFT laws requires the supervisory authority to carry out risk￾based supervision associated with a reporting person at institution level and group-level. However, the supervisory are yet to demonstrate that the frequency and intensity of onsite and offsite AML/CFT supervision of FIs or groups are determined on the basis of a) ML/TF risks and the policies, internal controls and procedures associated with the financial institutions or their group as identified by the supervisor’s assessment of the institution or group’s risk profile. b) The ML/TF risks present in the country c) The characteristics, diversity of the FIs or groups and the degree of discretion allowed to them under the risk-based approach Risk Based Manual has been formulated by BNR and it has conducted an entity risk assessment for banks. However, the frequency and intensity of the onsite and offsite supervision is not guided by the risk assessment. Both BNR and CMA have conducted a sector risk assessment of banks and Securities Market Provider However, this has not been used to allocate and prioritise resources for conducting risk-based supervision of those entities. CMA has conducted an AML/CFT risk assessment at entity level. However, the risk-based framework is flawed as it is not driven by the riskiness of the product, delivery channel, geographical location and type of

190 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 customers but rather in terms of the volume of transaction/ assets. Consequently, this exercise cannot constitute a risk-based approach at entity level. Criterion 26.6 (Partly Met) - Article 41 (c) of the 2023 AML/CFT laws requires that the supervisory authority conduct an ML/TF/PF risk assessment of the reporting persons or group, including risks of non-compliance, periodically, and where there are major events or developments in the management and operations of the reporting person or group. Only BNR has conducted an entity risk assessment of banks and this is normally reviewed on a yearly basis. However, BNR has not been able to demonstrate that this is reviewed when there are major events or developments in the management and operations of the financial institutions or group. Regarding other FIs under its purview, no entity risk assessment has been conducted. Similarly, CMA has not conducted any entity risk assessment for institutions under its purview. Weighting and Conclusion Rwanda has designated CMA and BNR to supervise FIs for compliance with AML/CFT/PF obligations. There are gaps in relation to controls requirement to prevent criminals and their associates from being a beneficial owner. Further, supervision is not carried out on the basis of the risk profile of the institutions, ML/TF risks in their respective sectors and at country level. Supervisory authorities do not use consolidated supervision approach for assessment of AML/CFT group risks. Rwanda is rated Partially Compliant with Recommendation 26 Recommendation 27 – Powers of supervisors In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R29). The main technical deficiency was that there was a lack of adequate supervisory authority/powers addressing AML/CFT matters across all sectors. The other deficiencies related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 27.1 (Met) - BNR and CMA have powers to monitor and ensure compliance of FIs with AML/CFT/PF requirements (Articles 41 (b) and 42 (a) of 2023 AML/CFT). Furthermore, Article 1 of Regulation No 002/FIC/2023 of 26/06/2023 defines mandate of supervisory authorities as being in charge of regulating, supervising, controlling and monitoring the functioning of reporting persons. Criterion 27.2 (Met) –Article 42(b) of 2023 AML/CFT law empowers supervisory authority to conduct inspections of a reporting person. Criterion 27.3 (Met) - Article 42 (c) of 2023 AML/CFT gives supervisory authorities the power to compel production by reporting person of information relevant to monitoring compliance with AML/CFT/PF requirements.

191 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 27.4 (Partly Met) – Article 42(d) of the 2023 AML/CFT Law confers power to the supervisory authorities to impose administrative sanctions for failure to comply with AML/CFT/PF requirements. However, the sanctions are limited only to administrative sanctions and do not extend to criminal and civil sanctions. Article 61 provides for criminal sanctions to be applied to a reporting person, a member of the board of directors, senior manager or other employee but this is restricted to breaches relating to very limited AML/CFT obligations. Hence the law does not provide for a range of criminal sanctions to be applied for failure to comply with all AML/CFT requirements. Article 65 prescribes that any reporting persons who fails to comply with preventive measures outlined in the law and related Regulations commits a misconduct and it empowers competent authority to put in place Regulation for the determination of administrative misconducts and related sanctions. BNR Regulations No 72/2023 determines administrative sanctions applicable to a financial institution, its board members and its senior managers for a range of violations defined in the regulation for non-compliance with the prevention of ML/TF/PF. Article 5 mandates the Central Bank or FIC to impose sanctions for violations of AML/CFT/PF requirements by financial institutions. The quantum and the type of the sanctions (which include a range of disciplinary and financial sanctions) vary depending on the category of the institution under the purview of BNR (e.g., banks, forex bureau, MVTS etc, the risk of ML/TF/PF and the seriousness of the violation of the law and regulations. A range of sanctions is applicable which include, amongst others, written warning, suspension, prohibition and restriction of activities and revocation of licence. Sanctions against the members of the Board of Directors and senior managers include written warning, suspension and dismissal. CMA Regulations No 001/CMA/2023 of 29/03/2023 determines administrative sanctions applicable for FIs licensed and supervised by CMA for non-compliance with AML/CFT/PF requirements. Article 7 provides for a range of sanctions which may be applicable, which include amongst others, imposition of financial penalties, restriction/suspension and revocation of license. Article 8 confers powers to CMA to impose sanctions against members of the Board of Directors and Senior Managers. Weighting and Conclusion BNR and CMA have powers to supervise and enforce compliance with AML/CFT obligations, conduct inspections and compel production of records and information. However, while they have powers to impose administrative sanctions, this is not extended to criminal sanctions for failure to comply with all AML/CFT requirements. Rwanda is rated Largely Compliant with Recommendation 27

192 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 28 – Regulation and supervision of DNFBPs In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R24). The main technical deficiencies were: that the FIU does not have the capacity (both in terms of resources and expertise) to conduct AML/CFT supervision in an adequate manner, no AML/CFT supervision of DNFBPs; no sanctions for non-compliance with the AML/CFT obligations; lack of implementation and awareness of AML/CFT obligations. The other deficiencies related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 28.1 (Mostly Met) – All reporting persons, which includes casinos, are subject to AML/CFT regulation and supervision in terms of Articles 7, 41 and 42 of Law 028/2023. In particular, Criteria 28.1(a) (Met) – Casinos are required to be licensed by the Ministry responsible for Commerce. (Article 23 of the Law No. 58/2011) that governs the gaming activities requires that any person who wishes to promote or conduct casino operation should apply for a license in accordance with the provisions of this Law. Article 2(10) and 2(11) define what is gaming, casino games, live games and table games. As per Article 4 and 5 of the Law, the Ministry in charge of Commerce is the regulatory authority of the gaming activities. Criteria 28.1(b) (Partly Met) - Article 41(g) of Law 028/2023 provides that the supervisory authority has the responsibility to take necessary measures to prevent criminals or their associates from being professionally accredited, or holding or being the beneficial owner of a significant or controlling interest, or holding a management function in a reporting person’s activities. Article 8 of Law No 058/2011 requires that the regulatory authority, conduct an investigation provided for by this Law with respect to probity, technical competence, industry competitiveness and any other legal requirements. The licensing framework requires the submission of statements from 5 persons vouching for the good moral character and financial responsibility of the applicant, the proposed directors and the shareholders. However, this does not extend to beneficial owners and management. Section 2 of the application form – Personal detail requires a self-declaration of convictions. However, this is not counter verified, i.e. no criminal clearance certificate is required. There is also no provision regarding disqualification of a shareholder, director, beneficial owners or senior management who no longer meets the fit and proper test Criteria 28.1(c) (Met) – Article 42(a) of Law 028/2023 confers powers on the supervisory authority to monitor and ensure that casinos comply with AML/CFT/PF requirements. By virtue of article 42 (d), competent authority can impose administrative sanctions for non￾compliance with AML/CFT/PF requirement. DNFBPs other than casinos Criterion 28.2 (Met) - The following designated authorities and/or self-regulatory organisations/bodies are responsible for monitoring and ensuring compliance with AML/CFT

193 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 obligations by DNFBPs in terms of Article 42(a), (b) and (d) of Law 028/2023 as read together with Article 2 of Regulation No 002/FIC/2023. Lawyers: Bar Association of Rwanda: Article 4(2) of the Law No. 83/2013. gives the BAR the responsibility to ensure compliance with the rules and principles of the Advocates profession.

• Notaries: Ministry in charge of Justice: Law No 13bis/2014 and Ministerial Order No. 013/MOJ/AG/2017 gives the Ministry the mandate to regulate private notaries. -Accountants: Institute of Certified Public Accountants of Rwanda (ICPAR): Article 7(1) of Law 011/ 2008 mandates the ICPAR to regulate the accountancy profession. Real Estate Agents: FIC is the designated authority for monitoring and ensuring compliance of real estate agents with AML/CFT requirements. Article 7(15) of the law No 045/2021 governing the Financial Intelligence Centre (FIC) include regulation and supervision of reporting persons that do not have any recognized supervisory authority. Precious Metals and Stones: Rwanda Mines: Petroleum and Gas Board: It is the regulator for the trading of precious metals and stone (article 8 and 10 of Law No 58/2018 of 13/08/2018 on mining and quarry operations. TCSPs are regulated by BNR. Criterion 28.3 (Partly Met) – The DNFBP supervisors have only recently started to monitor DNFBP for AML/CFT purposes. They have yet to develop appropriate systems for monitoring compliance with AML/CFT requirements. FIC has issued three guidelines to reporting persons, (i) a guideline No 003/2022 on AML/CFT/PF for real estate sector, (ii) Guideline on Transparency and Beneficial Ownership and (iii) Guideline on detecting and reporting Suspicious Transactions/Activities. Further, regulation No 001/FIC/2022 and regulation No 001/FIC/ 2021 provides guidance on AML/CFT/PF obligations and TFS requirements for all reporting persons. The responsibilities as defined in Article 7 (15) of the law No 045/2021 governing FIC include regulation and supervision of reporting persons that do not have any recognised supervisory authority. Rwanda Mines and Petroleum and Gas Board (Dealers in Precious Stones and Metals) and Ministry of Justice (Notary) have also issued guidelines to DNFBPs under their supervisory purview. Criteria 28.4 (a) (Met) - The designated supervisory authorities have the necessary powers to carry out their functions, including monitoring compliance with AML/CFT requirements (Article 42(a, b and c) of the 2023 AML/CFT Law). Criteria 28.4 (b) (Partly met) – In terms of their licensing /registration process, some of the DNFBP supervisors verify that applicants for professional licenses are of good reputation, have been professionally accredited and are not subject to any criminal or disciplinary sanctions.

194 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 The Bar Association of Rwanda requires that a person cannot be admitted as an advocate if he was convicted for a period equal to or more than 6 months or he was convicted of a crime of genocide (Article 6 of Law 83/2013). The Ministry in charge of Justice requires that for a person to practice as notary, he/she should not have been sentenced to a term of imprisonment of more than or equal to 6 months which has not been nullified by amnesty or rehabilitation (Article 4 of the Law No. 13bis/2014 for Notary). As per Article 20 (1) and 20(3), in exercising his/her duties, the notary must be characterised by honesty and integrity and should demonstrate good conduct. Article 2 of the Law No. 13/MOJ/AG/2017 for Notary by private persons require that for a person to practice as private notary, he/she should not have been sentenced to a term of imprisonment of more than or equal to 6 months which has not been nullified by amnesty or rehabilitation. In terms of Regulation No 52/2022 governing trust and company service providers, BNR ensures that shareholders, directors and management of TCSPs make a declaration on their criminal record and credit status. All changes in shareholders, directors and senior management must be approved by BNR. ICPAR requires that public Accountants are characterized by integrity, amongst others (Article 4 of Law No. 11/2008) and a person is disqualified for membership of the institute if he has been convicted with an offence involving fraud or dishonesty, money laundering or corruption (Article 67 of Law No 11/2008). Given that there is no licensing requirement for real estate agents to operate in Rwanda and it is also not mandatory for them to register with the Rwanda Association of Real Estate Brokers (RWAREB), no measures are taken by FIC to ensure that criminals or their associates do not enter the market. There is also no legal requirement for Rwanda Mines, Petroleum and Gas Board to take adequate measures to ensure that criminals or their associates do not enter the market. There is no fit and proper criteria requirement for beneficial owners, directors and management including provision for disqualifications of the shareholder, director or senior officer who no longer meets the fit and proper criteria. Further, in most case, evidence has not been provided to determine how the DNFBP assess the fit and proper criteria and ensure that criminals do not enter the market. Criteria 28.4 (c) (Partly Met) - Article 42(d) of 2023 AML/CFT Law authorises DNFBP supervisors to impose administrative sanctions for failure to comply with AML/CFT/PF requirements. However, the law does not prescribe a range of sanctions which is applicable to DNFBP supervisors for failure to comply with AML/CFT requirements. For some DNFBPs, there are also no specific regulations which have been issued outlining the range of sanctions which are applicable for non-compliance with AML/CFT requirements. Article 28 and 29 of Regulations No 002/FIC/2022 of FIC determining Faults and Sanctions which have been issued to reporting persons falling under the purview of FIC outlines a range of disciplinary and financial sanctions for violations of a range of AML/CFT requirements.

195 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 The regulations also provide for sanctions against members of the board of directors and senior management such as warning, suspension and dismissal. FIC only monitors and ensure compliance with AML/CFT/PF requirements for Real Estate Agents. Regulations No 001/2023 of 31/03/2023 of the Council of the BAR establishing faults and sanctions related to AML/CFT requirements provides for administrative sanctions for non￾compliance with AML/CFT requirements. As per article 12, if reporting persons do not comply with the provisions of the regulation, he/ she is subject to the sanctions outlined in the Law No 83/2013 of 11/09/2013 establishing the Bar Association. The range of administrative sanctions provided for in article 73 of Law No 83/2013 include warning, reprimand, suspension and removal from the roll of advocates. For private notaries, the Ministerial Order nº 002/MOJ/AG/23 of 22/06/2023 determining modalities to practice the office of notary by private persons and modalities to provide notarial services by electronic means at Chapter V provide for faults, sanctions and disciplinary proceedings in relation to breaches relating to AML/CFT requirements. Regulation No 72/2023 determining administrative sanctions for non-compliance with AML/CFT/PF requirements provides BNR with a range of administrative sanctions applicable to TCSPs (category 6 of regulations institutions). Sanctions available include written warning, restrictions, prohibitions, suspension, and revocation of licence. Sanctions are also applicable to board members and senior management. A range of monetary penalties are only applicable and the amount varies depending on the seriousness of the breach. There are no provisions on prescribed sanctions applicable to accountants and dealers in dealers in precious stones and metals for non-compliance with AML/CFT requirements. Criterion 28.5 (a) and (b) (Not Met) - As per Article 41 (a) of 2023 AML/CFT law DNFBPs’ supervisors have the responsibilities to conduct risk-based supervision of reporting person both at institution level and group-level. FIC has developed a manual which is used by all DNFBPs’ supervisors on the conduct of inspections for assessing compliance with AML/CFT obligations which includes provisions on risk-based supervision. However, the manual is not tailor made for each DNFBP supervisor taking into consideration the diverse activities undertaken by them. FIC has conducted an entity risk assessment for a selected real estate agent, i.e., 24 out of 74. However, supervision of the real estates is not risk based. The other DNFBPs supervisors have not conducted any risk assessment at firm level. Hence, competent authorities do not apply risk-based supervision which includes a) determining the frequency and intensity of the AML/CFT supervision of DNFBPs on the basis of their understanding of the ML/TF risks, taking into account the characteristics of the DNFBPs, in particular their diversity and number; and b) taking into account the ML/TF risk profile of those DNFBPs, and the degree of discretion allowed to them under the risk-based approach, when assessing the adequacy of the AML/CFT internal controls, policies and procedures of DNFBPs.

196 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Weighting and Conclusion Rwanda has designated authorities and/or self-regulatory organisation for monitoring and ensuring compliance with AML/CFT obligations by DNFBPs. The law requires most DNFBPs, including the casinos, to obtain a licence or gets registered for operation. However, there are gaps in the law in so far as there are not adequate measures to prevent criminals and their associates from holding significantly controlling interest in DNFBPs, including casinos. The real estate agents are not licensed and this impacts FIC’s ability to properly supervise the sector. The risk of unregistered real estate agents remained high, thus rendering the sector vulnerable to ML. The DNFBP supervisors do not apply risk-based supervision and the sanction regime is not appropriate as it does not provide for a range of sanctions to be applied for non-compliance with AML/CFT requirements by most DNFBPs’ supervisors. Rwanda is rated Partially Compliant with Recommendation 28 Recommendation 29 - Financial intelligence units In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R26). The main technical deficiencies were: Lack of analysis of STRs and other information due to performing investigations and lack of analytical tools and weak quality/quantity of reporting; lack of guidance on manner of reporting, including reporting forms for nonbank reporting entities; no additional requests of information addressed to reporting entities; very low level of dissemination due to low level of STRs received; no publication of annual reports containing information about its activities, statistics, and typologies; lack of sufficient operational independence and autonomy mainly due to the powers and responsibilities of the Advisory Board; information not securely protected and effectiveness was not established. The other deficiencies related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 29.1 – (Met) - Rwanda’s FIU, the FIC is established, pursuant to article 2 (aa) of Law nº 028/2023 on the prevention and punishment of money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction which defines ‘Centre as the Financial Intelligence Centre which is the national authority receiving and analysing suspicious transaction reports and other information related to money laundering and associated predicate offences, terrorism financing and financing of proliferation of weapons of mass destruction and disseminating the results of such an analysis to relevant authorities.’ Criterion 29.2- (Met) Criterion 29.2 (a) (Met) The FIC serves as the central agency for the receipt of information filed by reporting entities. The FIU receives suspicious transaction reports from reporting persons in terms of Article 30(1) and (2) of Law 028/ 2023 Criterion 29.2 (b) (Met) The FIC receives cash transaction reports and wire transfer (domestic and international) reports for transactions of amounts equal to or above certain threshold (Article 31(1) of Law 028/2023.

197 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 29.3. (Met) Criterion 29.3 (a) (Met) Pursuant to Article 8(8) of law 045/2021, the FIC has powers to obtain additional information from reporting persons which it deems useful for the analysis when the information is correlated to received information’. Criterion 29.3 (b) (Met) The FIC has powers to access financial, administrative information and that of Law enforcement authorities. The FIC access cross border cash declarations, wire transfers, cash threshold reports, travel records from immigration, tax and vehicle information from Rwanda Revenue Authority, National Land Authority and open source. {Article 8(2) of Law No 045/2021] Criterion 29.4 (Mostly Met) Criterion 29.4 (a) (Met) The FIC conducts operational analysis using available and obtainable information to identify specific targets, follow the trail of particular transactions and determine links between targets and identify predicate offence and ML/TF. This is carried out in terms of Article 7(1) of Law 045/2021. Criterion 29.4 (b) (Mostly Met) The FIC uses available and obtainable information, including data provided by other competent authorities, to conduct strategic analysis of ML/TF trends and patterns in terms of Article 7(1) of Law 045/2021. However, during the period under review, the FIC has produced one strategic report, Criterion 29.5 (Mostly Met) The FIC disseminates spontaneously information and the results of its analysis to relevant competent authorities and law enforcement agencies (Article 2 (aa) of Law No 028/2023). However, there is no provision on dissemination of reports upon request. The dissemination is done through an encrypted email of the Director General to a designated officer of the competent authorities and this is considered secure. gives powers to FIC to disseminate to relevant authorities. Criterion 29.6 (Met) Criterion 29.6 (a) (Met) FIC protects information using rules in place governing securing and confidentiality of information, including procedures for handling storage, dissemination and protection of and access to information. The FIC security manual approved in January 2023 article 3.10-3.19 covers this. Criterion 29.6 (b) (Met) The FIC ensures that staff members have necessary security clearance levels and understanding of their responsibilities in handling and disseminating sensitive and confidential information. They work with NISS to clear all their staff members. This is in line with the FIC security manual approved in January 2023, article 3.10-3.19. Criterion 29.6 (c) (Met) The FIC offices are controlled by security staff all the time with CCTV cameras. In addition, there is limited access to FIC offices as staff use biometric finger print access to the premises and also physical security guards in every floor. Criterion 29.7 Criterion 29.7(a) (Met) which states The FIC has a legal personality and enjoys administrative, financial and human resource management autonomy. In the accomplishment of its mission and responsibilities it does not take instructions from any other organ [Article 3 of Law 045/2021].

198 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 It has powers to process reports and disseminate the results with having to consult or receive instructions from anyone. Criterion 29.7 (b) (Met)- The FIC has powers to provide or exchange information with its foreign counterparts or any other foreign agency, organisation or institution which operate at national and international level in countering money laundering, terrorism financing and financing of proliferation of weapons of mass destruction [Article 8(7) and Article 7(21) of Law 045/2021]. Criterion 29.7 (c) (N/A) Criterion 29.7 (d) (Met) - The FIC has a legal personality and enjoys administrative, financial and human resource management autonomy. In the accomplishment of its mission and responsibilities it does not take instructions or orders from any other organ [Article 3 of Law 045/2021 the FIC is headed by a Director-General, assisted by a Deputy Director-General (the Directorate-General). According to Article 13 of the FIC law, the Directorate-General is fully empowered to deploy the resources needed to fulfil the FIC’s mission. Criterion 29.8 (Not Met)- FIC has not yet applied for Egmont Membership. Weighting and Conclusion Rwanda established FIC as a national centre receives, analyse and disseminate financial intelligence to competent authorities. However, there is legal provision supporting dissemination of intelligence reports upon request. The FIC has to obtain and use additional from reporting entities as needed to perform its analysis properly. FIC has just started with strategic analysis, not applied for Egmont membership. Rwanda has met majority of the requirements and the outstanding ones are considered minor. Rwanda is rated Largely Compliant with Recommendation 29. Recommendation 30 – Responsibilities of law enforcement and investigative authorities In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R27). The main technical deficiencies were that the various police units responsible for the investigation of the predicate crimes do not investigate ML-related activities; the FIU conducts some investigations into ML on the basis of STRs received, although it should focus on its analysis functions and effectiveness of the current investigation and prosecution framework was not established. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 30.1 – (Met) - Rwanda follows an all-crimes approach with regard to ML/TF. Article 142 of the Rwandan Constitution provides that the National Public Prosecution Authority (NPPA) is responsible for investigating and prosecuting offences throughout the country. Article 3 of the Law Nº 014/2018 of 04/04/2018 determining the organization, functioning and competence of the national public prosecution authority and of the military prosecution department confirms the responsibility of the NPA to investigate and prosecute offences throughout the country. This is a provision of general application, but then Article 3 goes further and breaks down the responsibility to investigate into broad categories, amongst others,

199 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 the responsibility to investigate and prosecute economic and financial crimes - Article 3(3°); whereunder ML ordinarily falls. Further, article 38(a) of the 2023 AML/CFT law requires the authorities in charge of prosecution and investigation with responsibilities for AML/CFT/CFP to ensure that money laundering and associated predicate offence, terrorist financing or financing of proliferation of weapons of mass destruction offences are properly investigated, within the framework of national policies. Criterion 30.2 – (Met) - Article 142 of the Rwandan Constitution provides that the National Public Prosecution Authority (NPPA) is responsible for investigating and prosecuting offences throughout the country. Further, article 38 (b) of 2023 AML/CFT law requires the authorities in charge of prosecution and investigation with responsibilities for AML/CFT/CFP, to carry out investigation of any related money laundering, terrorist financing or offences during a parallel financial investigation, or refer the case to another agency to follow up with such investigations, regardless of where the predicate offence occurred. Criterion 30.3 – (Met) - Article 142 of the Rwandan Constitution provides that the National Public Prosecution Authority (NPA) is responsible for investigating and prosecuting offences throughout the country. Further, article 38(c) of 2023 AML/CFT law requires the authorities in charge of prosecution and investigation with responsibilities for AML/CFT/CFP to expeditiously identify, trace and initiate freezing and seizing of funds or other assets that may become subject to confiscation, or is suspected of being proceeds of crime. Criterion 30.4 – (Not Applicable) – Rwanda does not have other competent authorities which are not law enforcement authorities per se and exercise functions covered under R30. Criterion 30.5 – (Not Applicable) – Rwanda does not have an anti-corruption enforcement authority designated to investigate ML/TF offences arising from, or related to, corruption offences under Recommendation 30. Weighting and Conclusion Rwanda meets most of the requirements of Recommendation 30 while some criteria are not applicable in the context of the country. Rwanda is rated Compliant for Recommendation 30. Recommendation 31 - Powers of law enforcement and investigative authorities In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R28). The main technical deficiencies were lack of powers to compel production of documents and information from FIs and DNFBPs (documents can only be seized based on powers in CPC); no legal power obtaining documents and information held by lawyers; effectiveness of powers for document production, search, and seizure was not established. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 31.1 – (Met) - Competent authorities in Rwanda are able to able to obtain access to all necessary documents and information for use in ML/TF and predicate offence investigations, and in prosecutions and related actions.

200 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 31.1 (a)– (Met) - Article 10 of the Law Nº12/2017 OF 07/04/2017 establishing the Rwanda investigation bureau and determining its mission, powers, organization, and functioning provides for all the powers of investigators, including power to order for information and take statements from any person suspected of having information that can help an investigation; to search a person, enter a building or premises linked to information with or without a warrant; search any person or property and to recover stolen objects and seize any properties that may be useful for conducting criminal investigations. Article 22 of the N° 54/2018 of 13/08/2018 on fighting against corruption also provides investigators, prosecutor or judge with the power to demand for the production of records held by financial institutions, DNFBPs and other natural or legal persons. “During the investigation, the investigator, the prosecutor or the judge is authorized to demand information or seize the bank and finance institution’s records, financial and property or commercial records and any other thing likely to facilitate investigation.” Further, article 39 (a) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution has the powers to obtain access to all necessary documents and information. Criterion 31.1(b) – (Met) - Articles 55; 56 and 60 of the Law Nº 027/2019 of 19/09/2019 relating to the criminal procedure provides for the search of persons and premises, while Article 60 of the same law provides for Authorization to search and visit any place where evidence may be found. Furthermore, Article 10 of the Law Nº12/2017 OF 07/04/2017 establishing the Rwanda investigation bureau and determining its mission, powers, organization, and functioning provides for all the powers of investigators, including power to order for information and take statements from any person suspected of having information that can help an investigation; to search a person, enter a building or premises linked to information with or without a warrant; search any person or property and to recover stolen objects and seize any properties that may be useful for conducting criminal investigations. Additionally, article 39 (b) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution with the powers to compel the production of records held by a reporting person or another person. Criterion 31.1(c) – (Met) - Paragraph 3 of Article 47 of the Law Nº 027/2019 of 19/09/2019 relating to the criminal procedure that provides for taking witness statements. Also, Article 9(10°) of the Law Nº12/2017 of 07/04/2017 provides for ensuring the security of victims and Witnesses while Article 10 (8º) of the same law provides for ordering for information and taking statements from any person suspected of having information that can help an investigation As stated above Article 10 of the Law Nº12/2017 OF 07/04/2017 provides for all the powers of investigators, including power to order for information and take statements from any person suspected of having information that can help an investigation; to search a person, enter a building or premises linked to information with or without a warrant; search any person or property and to recover stolen objects and seize any properties that may be useful for conducting criminal investigations.

201 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Additionally, article 39 (d) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution with the powers to take statements from witness, suspects and victims. Criterion 31.1(d) – (Met) - Article 10 of the Law Nº12/2017 OF 07/04/2017 establishing the Rwanda investigation bureau and determining its mission, powers, organization, and functioning provides for all the powers of investigators, including power to order for information and take statements from any person suspected of having information that can help an investigation; to search a person, enter a building or premises linked to information with or without a warrant; search any person or property [see specifically Article 10 (4º), (6º) & (9º)] and to recover stolen objects and seize any properties that may be useful for conducting criminal investigations. In addition, Article 57 of the Law Nº 027/2019 of 19/09/2019 provides for Seizure and caveat of objects in order to collect evidence on the offence, Article 22 of the Law N° 54/2018 of 13/08/2018 provides for access to records and seizure to facilitate investigation in the effort to know the truth and Article 8 (4º) of the Law nº 045/2021 of 18/08/2021 governing the Financial Intelligence Centre provides for freezing and seizure of suspicious property in order to obtain evidences. Additionally, article 39 (e) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution with the powers to seize and obtain evidence. Criterion 31.2 – (Met) Criterion 31.2 (a)– (Met) - Article 40(a) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution of money laundering and associated predicate offence, terrorist financing or financing of proliferation of weapons of mass destruction to use special investigative techniques, including undercover operations. Additionally, Chapter 5 of Crime Investigation Standard Operating Procedures (SOPs) provides for Special investigative techniques (SITs 5.1.3) including undercover operations. Criterion 31.2(b) – (Met) - Article 40(b) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution of money laundering and associated predicate offence, terrorist financing or financing of proliferation of weapons of mass destruction to use special investigative techniques, including intercepting communications. The authorities have also submitted article 10(5) of the Law Nº12/2017 of 07/04/2017 which provides investigators with the power for carrying out telecommunication surveillance. This is a power of general application and speaks to telecommunication surveillance only; not to other types of communications as well. Additionally, the authorities referred to article 38 of the Law Nº 027/2019 of 19/09/2019 relating to the criminal procedure provides for Interception of communication in investigations and prosecution, but this power is limited to ascertaining the truth on commission of offences against national security, offences of corruption and offences of embezzlement of State property. Criterion 31.2(c) – (Met) – article 40(c) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution of money laundering and associated predicate offence,

202 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 terrorist financing or financing of proliferation of weapons of mass destruction to use special investigative techniques, including accessing computer systems or other electronic systems. Further, article 8(3) of the Law Nº 045/2021 Of 18/08/2021 Governing the Financial Intelligence Centre, as referred to by the Authorities, provides the FIC with the power to access electronic data and other information banked in the servers of reporting persons and other organs for the purpose of financial intelligence. This provision is, however, not extended to the national investigation and prosecutorial authority. So too article 8(2) and Article 9(2) &(3) of the Law Nº 60/2018 Of 22/8/2018 On Prevention and Punishment of Cyber Crimes provides investigators with the power to access and even seize computer systems, but this power is limited to the investigation of cybercrime. Criterion 31.2(d) – (Met) – article 40(d) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution of money laundering and associated predicate offence, terrorist financing or financing of proliferation of weapons of mass destruction uses special investigative techniques, controlled delivery. While Chapter 5 of RIB Crime Investigation Standard Operating Procedures (SOPs) provides for Special investigative techniques (SITs) including controlled delivery or purchase and supply of goods, including those prohibited from circulation to individuals and legal entities, there are no specific legal provisions authorizing same. Criterion 31.3 – (Met) Criterion 31.3 (a)– (Met) Article 39(f) of 2023 AML/CFT law, empowers the authority in charge of investigation and prosecution with the powers to identify, in a timely manner, whether a person holds or controls an account. Criterion 31.3 (b)– (Met) - Article 39(g) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution with the powers to identify funds or other assets without prior notification to the owner. Criterion 31.4 – (Met) - Article 39(h) of 2023 AML/CFT law empowers the authority in charge of investigation and prosecution with the powers to ask for all relevant information held by the Centre. Weighting and Conclusion Rwandan competent authorities conducting investigations of money laundering, associated predicate offences and terrorist financing are able to obtain access to all necessary documents and information for use in those investigations, and in prosecutions and related actions. They are also able to use a wide range of investigative techniques including undercover operations, intercepting communications, accessing computer systems and controlled delivery. Additionally, they are able to ask for all relevant information held by the FIU. However, they do not have mechanisms in place to identify, in a timely manner, whether natural or legal persons hold or control accounts; and identify assets without prior notification to the owner. Rwanda is rated Partially Compliant for Recommendation 31.

203 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 32 – Cash Couriers In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly SRIX). The main technical deficiencies were: the declaration system is not yet in force and is not in line with the standard; exemption regarding the withdrawal of cash from banks could limit the effectiveness of the declaration system; lack of clear powers to request and obtain further information from the carrier with regard to the origin of the currency or the bearer negotiable instruments and their intended use; lack of powers to be able to stop or restrain currency and bearer negotiable instruments for a reasonable time in order to ascertain whether evidence of ML or TF may be found; lack of proportionate sanctions for false disclosure, failure to disclose, or cross-border transportation for ML and TF purposes; the requirement for the retention of records does not extend to all kinds of bearer negotiable instruments declared or otherwise detected, or the identification data of the bearer; absence of clear definition of bearer negotiable instruments; lack of implementation of the system transportation of currency and bearer negotiable instruments across all border points; lack of training on the best practice of implementing the requirement of SR.IX and the effectiveness of the declaration system has not been established. Criterion 32.1 – (Met) - Rwanda has through article 34 of 2023 AML/CFT law, Regulation N° 001/Fic/2023 of 26/06/2023 Relating to the Declaration of Cross-Border Cash or Bearer Negotiable Instruments and the MOU signed by competent authorities, implemented a declaration and disclosure system for incoming and outgoing cross-border transportation of currency and bearer negotiable instruments (BNIs). In terms of the MOU, the FIC has the responsibility to issue a declaratory or disclosure template. The Directorate of General Immigration and Emigration has responsibility to receive the declaration forms passengers and transmit them to the FIC. The Rwandan National Police have the responsibility to check compliance with the obligation to declare by carrying out controls on individuals and to stop or restrain the courier and the cash or bearer instrument in case of failure to declare or false declaration or where there is suspicion of ML/TF; and to refer the case for investigation to the Rwandan Investigation Bureau. The Rwandan Revenue Authority have the responsibility to verify if there is a cash or BNI hidden within imports and exports under the customs bonded warehouse. Criterion 32.2 – (Met) – Article 34 (1) of the 2023 AML/CFT Law requires a person who leaves, transits or enters Rwanda carrying or transporting currency or bearer negotiable instruments of a value equal to or exceeding a pre-set threshold must declare or disclose them to the competent authority. Transportation of currency or bearer negotiable instruments according to article 2(h) of the Regulation N° 001/Fic/2023 of 26/06/2023 Relating to the Declaration of Cross-Border Cash Or Bearer Negotiable Instruments include any in-bound or outbound physical transportation of cash or bearer negotiable instrument from one country to another through the following modes of transportation: (i) physical transportation by a natural person or in his or her luggage or vehicle; (ii) shipment of cash or bearer negotiable instruments through containerised cargo; (iii) mailing of cash or bearer negotiable instrument by a natural or legal person. Article 34(2) requires the FIC to prescribe the threshold of currency and requirements for cash courier declaration or disclosure and sanctions in relation to non￾compliance thereof. The FIC has prescribed the threshold through article 5 of the Regulation N° 001/Fic/2023 of 26/06/2023 Relating to the Declaration of Cross-Border Cash or Bearer

204 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Negotiable Instruments as value is equal to or above RWF 10,000,000 or its equivalent in other currencies. Criterion 32.2(a) – (Not Applicable) Criterion 32.2(b) – (Met) - As stated above, Article 5 of the Regulation N° 001/Fic/2023 of 26/06/2023 set out the threshold of equal to or above RWF 10,000,000 or its equivalent in other currencies, approximately ten thousand American Dollars (USD 10,000), while Article 3 paragraph 1 of the same Regulations set out the obligation to declare as follows “A person in transit through or departing from the territory of the Republic of Rwanda transporting cash or bearer negotiable instrument of which value is equal or above the threshold provided by this Regulation, declares it to the competent authority”. Article 3 paragraph 3 of Regulations N° 001/Fic/2023 of 26/06/2023 set out the the mode of declaration as follows: “the declaration is done in writing, electronically or using a declaration form available at the competent authority operating at the border, airport or any other port of entry, transit or exit”. Criterion 32.2(c) – (N/A) Criterion 32.3 – (Met) – Article 3 paragraph 1 of Regulation N° 001/Fic/2023 of 26/06/2023 set out the obligation for disclosure as follows “a person who enters into the territory of the Republic of Rwanda with physical transportation of cash or negotiable instrument, of which value is equal or above the threshold provided for in this Regulation, discloses to the competent authority upon request”. Disclosure is defined in article 2(e) of the Regulation N° 001/Fic/2023 of 26/06/2023 as “the provision by a cash courier of appropriate and truthful information to the competent authority upon request” thus it can be oral or written. Criterion 32.4 – (Met) - Article 7(1)(b) of the Regulation N° 001/Fic/2023 of 26/06/2023 sets out action to be undertaken by the competent authority in case of discovery of a false declaration or disclosure of currency or BNIs or a failure to declare or disclose them. It provides that a person who fails or falsely declare is, amongst others, subjected to further questioning with regard to the origin of the cash or BNI and their intended use. Article 3.3 of the MOU between FIC and other LEAs Collaboration on matters related to cross border cash and bearer negotiable instruments designates the Rwandan National Police as the competent authority responsible for questioning the courier. Criterion 32.5 – (Met) - Article 7 (1)(a) and (c) of the Regulations Regulation N° 001/Fic/2023 of 26/06/2023 sets out action to be undertaken against persons who make a false declaration or fails to declare in that the cash or BNI is restrained for a period of 2 hours (to allow the FIU to make decision in respect thereof) and the person is required to pay a fine of (5%) of the transported cash or the value of the BNI immediately, without prejudice to criminal sanctions. The said sanctions are proportionate and dissuasive. Criterion 32.6 – (Met) - Article 9 of the Regulations Regulation N° 001/Fic/2023 of 26/06/2023 stipulates that: “The competent authority submits all declarations made by travelers and the detailed report relating to the provisions of Articles 7 and 8 of these Regulations, to the Centre within two (2) days by any lawful way of communication”. Further, article 3.6 of the MoU between FIC and other LEAs on Collaboration on matters related to cross border cash and bearer negotiable instruments requires the Directorate General of Immigration and Emigration to receive the declaration forms from passengers and to transmit them to the FIC in cases where the declaration is done manually.

205 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 32.7 – (Met) – Rwanda has in place adequate co-ordination among customs, immigration and other related authorities on issues related to the implementation of Recommendation 32. The authorities have outlined the inter-agency coordination mechanisms through an MoU between FIC, RIB, DGIE, RRA and RNP dated May 2022. Criterion 32.8 – (Met) Criterion 32.8(a) – (Met) - Article 8 of Regulations N° 001/Fic/2023 of 26/06/2023 provides for actions to be taken by the competent authority in case of suspicion of money laundering, financing of terrorism or financing of proliferation of weapons of mass destruction or related offences. It allows competent authorities to seize and detain cash or BNIs when such cash or bearer BNIs are suspected to be linked to ML/TF/PF. The competent authority: “1º stops or restrains the cash or bearer negotiable instrument, and informs the Centre that suspicious cross border transportation incident within thirty (30) minutes; 2º requests information from the carrier with regard to the origin of the cash or bearer negotiable instrument and their intended use; 3º submits the case to the organ in charge of investigation within three (3) hours if there are serious grounds of suspecting of money laundering, financing terrorism or financing proliferation of weapons of mass destruction or related offences.” Criterion 32.8(b) – (Met) - As stated above Article 7 of Regulation N° 001/Fic/2023 of 26/06/2023 provides empowers competent authorities to stops the cash courier or bearer negotiable instrument and restrains them within two hours for further action in case of false declaration or failure to declare. Criterion 32.9 (a), (b) &(c) – (Met) - Competent authorities have general powers for sharing information between the FIC and its foreign counterparts. Pursuant to Article 49 of the AML/CFT law competent authorities are empowered to share information on AML/CFT/CFP with international counterparts, including information from disclosures and declarations in the context of R36-R40. All declarations covering criterion 32.9 (a)-(c) are sent to and retained by the FIC. Articles 7(21º) of the Law N° 045/2021 of 18/08/2021 governing the Financial Intelligence Centre requires the FIC to collaborate with institutions, organizations or agencies that operate at national and international level in countering money laundering, terrorism financing and financing of proliferation of weapons of mass destruction, while Article 8(7°) of the same law gives the FIC the power to provide or exchange information with a financial intelligence authority from another country and other foreign organs with the power to access needed information in case they have the same obligation of professional secrecy. Criterion 32.10 – (Met) - There are sufficient mechanisms in place to provide strict safeguards to ensure proper use of information collected through the declaration system pursuant to Article 49 of the AML/CFT law and Article 8(7°) of the of the Law N° 045/2021 of 18/08/2021 governing the Financial Intelligence Centre. Recipients of information collected through the declaration system are bound by the obligation of confidentiality. The use of information

206 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 obtained by Customs are not restrictive against trade payments between Rwanda and other countries and neither does it curtail the freedom of capital movements. Criterion 32.11 – (Met) - Pursuant to Article 54 (1) of Law No. o28/2023 AML/CFT law read together with Article 2(q) of the same Act, the offence of ML is punishable by a term of imprisonment for not less than 10 years but not more than 15 years together with a fine of 3 to 5 times the value of proceeds of crime laundered. Article 55(1) of the 2023 AML/CFT Law makes TF punishable by imprisonment for a term of not less than 20 years but not more than 25 years and a fine of 3 to 5 times the value of the financing given. Further, in terms of Article 66 of the 2023 AML/CFT Law the court shall confiscate tainted property or funds held by the criminal defendant or a third party. The sanctions appear proportionate and dissuasive and applicable to persons who are carrying out a physical cross-border transportation of currency or BNIs that are related to ML/TF or predicate offences. Weighting and Conclusion Rwanda has through article 34 of 2023 AML/CFT law, Regulation N° 001/Fic/2023 of 26/06/2023 Relating to the Declaration of Cross-Border Cash or Bearer Negotiable Instruments and the MOU signed by competent authorities, implemented a declaration and disclosure system for incoming and outgoing cross-border transportation of currency and bearer negotiable instruments (BNIs). Further, the law provides for proportionate and dissuasive sanctions for persons carrying out physical cross boarder transportation of currency or BNIs that are related to ML/TF or predicate offences. Rwanda is rated Compliant with Recommendation 32. Recommendation 33 – Statistics In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R32). The main technical deficiencies were: lack of collection of detailed statistics on matters relevant to the effectiveness and efficiency of the AML/CFT regime and there was no review of the effectiveness of the AML/CFT system on a regular basis Criterion 33.1(a) – (Partly Met) – Under Art 35(1)(a) of the AML/CFT law 2023, competent authorities are required to keep statistics related to STRs received and disseminated. However, there were discrepancies in the number of financial intelligence reports provided by the FIC and received by the LEAs. Criterion 33.1(b) – (Partly Met) - Under Art 35(1)(b) of the AML/CFT law 2023, competent authorities are required to include statistics of ML/TF investigations, prosecutions and convictions. The NPPA and RIB provided different statistics on investigations and prosecutions. Criterion 33.1(c) – (Partly Met) - Under Art 35(1)(c) of the AML/CFT law 2023, the competent authority, NPPA has a dedicated unit called the Seized and Confiscated Assets Unit, however, no comprehensive data was provided to indicate the extent of the confiscation orders. Criterion 33.1(d) – (Partly Met) - Under Art 35(1)(d) of the AML/CFT law 2023, the ministry of Foreign Affairs is the central authority for mutual legal assistance and extradition requests

207 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 made or received. However, there were some discrepancies in the information provided by the NPPA and the Ministry of Foreign Affairs on MLA requests (see IO.2). Weighting and Conclusion Based on the statistics provided prior to the on-site and during the onsite visit, there were discrepancies in the statistics provided by the different competent authorities. Rwanda is rated Partially Compliant with Recommendation 33 Recommendation 34 – Guidance and feedback In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R25). The main technical deficiencies were: lack of guidelines and guidance on reporting obligation and no adequate and appropriate feedback from competent authorities, in particular the FIU. Criterion 34.1 (Partly Met) – Under section 42(e) of the 2023 AML/CFT law a supervisory authority can issue regulations and guidelines on AML/CFT matters. Moreover, under section 36 a supervisory authority is required to establish guidelines and provide feedback in order to assist a reporting person in the application of AML/CFT measures. BNR has issued a general guideline No 3160/2021 on AML/CFT/CPF to all financial institutions falling under its purview, though it supervises a wide range of sectors with different type of activities. The guideline covers a number of reporting obligations which include, amongst others, reporting of STRs, customer identification, CDD, beneficial ownership, transaction monitoring systems, wire and fund transfers, record keeping and TFS requirements. The guideline contains a chapter providing general indicators and specific examples of STRs for all financial institutions. CMA has issued a general Guideline No 001/CMA/G2023 of 29/03/2023 on ML/TF risks for the Capital Markets. The guideline covers the AML/CFT obligations, particularly, board’s responsibilities, risk-based approach, internal policies, training, CDD, EDD, risk-based approach, BO identification, record keeping and TFS. The Guideline also provides indicators of potential money laundering activities in the capital markets. The FIC has issued three Guidelines to reporting entities i.e. (i) Sector specific guidelines to the real estate sector which covers AML/CFT obligations in Oct 2022 (ii) Guidelines on Transparency and Beneficial Ownership in Sep 2022 and (iii) Guidelines on detecting and reporting Suspicious Transactions/Activities on 6 Jul 2023. Further, Regulations No 001/FIC/2021 of 26/08/2021 issued by FIC provides guidance on TFS requirements. Ministry of Justice has issued a Guideline in 2023 to the notarial sector on prevention of ML/TF/PF. The Guideline set out AML/CFT obligations for notaries such as due diligence measures, customer identification procedures, ML/TF/PF risk assessments, identification of PEP, implementation of control systems, suspicious transaction reporting and record keeping.

208 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Rwanda Mines, Petroleum and Gas Board has issued a Guideline to Dealers in Precious Stones and Metals. The Guidelines outlines the AML/CFT obligations of Dealers in Precious Stones and Metals, in particular customer identification, reporting requirements to FIC, internal AML/CFT policies, procedures and controls, TFS. ICPAR, Rwanda Bar Association and Ministry of Trade and Industry (Casino) have not issued any guidelines to DNFBPs under their purview. Pursuant to Article 7(19) of the Law 045/2021, the FIC is required to provide feedback to reporting persons with regard to suspicious transactions reports, current technics, methods, trends or sanitized examples of money laundering, terrorism financing and financing of proliferation of weapons of mass destruction cases. CMA, BNR provide feedback to FIs under their purview following onsite inspections. Weighting and Conclusion The guidelines issued so far by the different supervisory authorities are mostly general in nature. Further the guidelines issued by FIC, particularly the STR ones have only been recently issued indicating that they may have had little impact on the level of compliance by the reporting persons. The BO guidelines although published in 2022, the law Companies Act, was changed in May 2023 to give the reporting persons more time to implement BO requirements. Rwanda is rated Partially Compliant with Recommendation 34. Recommendation 35 – Sanctions In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R17). The main technical deficiency was no sanctioning regime for failure to comply with AML/CFT obligations (i.e., no competent authority), lack of clarity as to the range of available sanctions, and scope limitation of available sanctions. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 35.1 (Partly met) – Article 42(d) of the 2023 AML/CFT Law confers powers to the supervisory authority to impose administrative sanctions for failure to comply with AML/CFT/PF requirements. Articles 61 of 2023 AML/CFT Law provides that reporting persons, a member of its board of directors, senior manager or other employees who commits offences as specified under paragraphs (a-g) of article 61, upon conviction, he/she is liable to imprisonment for a term of not less than 2 years but not more than 5 years and a fine of not less than RWF 2,000,000 but not more than RWF 5,000,000. However, the criminal sanctions apply only for breaches relating to very limited preventive measures. Article 65 prescribes that any reporting persons who fails to comply with preventive measures outlined in the law and related Regulations commits a misconduct and it empowers competent authority to put in place Regulation for the determination of administrative misconducts and related sanctions.

209 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 The laws/regulations do not therefore provide for the use of criminal and civil sanctions for failure to comply with all AML/CFT requirements. TFS (R6) Article 23 of Regulation No 001/FIC/2021 on TFS/PF empowers supervisory authority to impose sanctions against a reporting person who does not comply or negligently failed to comply with requirements under this Regulation. By virtue of Article 26, without prejudice to criminal sanctions, a person who fails to comply with provisions of the regulation is liable to an administrative fine of not less than RWF1,000,000 and not more than RWF 10,000,000. for making funds or other assets available to a designated person. NPO (R8) By virtue of Article 65 of the 2023 AML/CFT Law, any NPO which fails to comply with the requirements set out in relation thereto in the law commits a misconduct. The competent authority has the power to set out regulation for the purpose of determining administrative misconducts and related sanctions. Regulation 002/30/05/2023 of 30/ 05/2023 determines administrative sanctions applicable to NPO, Faith based Organisation and Foundations regulated by Rwanda Governance Board for non-compliance with AML/CFT requirements. Article 8 of the regulation provides for the following sanctions depending on the gravity of the breach: (a) request for explanations; (b) written warning; (c) suspension (d) revocation of legal personality/or registration certificate. RGB may disclose the violations committed and the sanctions imposed through publication on its official public website. Preventive measures and Reporting (R9 to R23) Article 5 of Regulation No 72/2023 of 19/06/2023 provides for administrative sanctions for FIs under the supervision of the BNR as follows: written warning; suspension of all support from the Central Bank; various restrictions and prohibitions, suspension of the license for a period not exceeding six months and revocation of license. Article 8 also empowers BNR to impose pecuniary sanctions. A range of monetary penalties is applied for different type of violations depending on their seriousness which relate to, amongst others, CDD, record keeping, TFS requirements, STRs etc. The amount of monetary penalties applicable to each violation differs for different type of institution under its purview. For commercial banks, it ranges from a minimum of RWF 3 million to RWF 10 million while for microfinance companies, cooperatives, e-money issuers it ranges from RWF 2mn to RWF 3mn.Article 6 of the regulation provides for administrative sanctions against natural persons. There is, however, no provision regarding enforceable directions to take remedial actions. Article 7 of Regulations No 001/CMA/2023 of 29/03/2023 provides for administrative sanctions applicable to FIs under the supervision of the CMA. The range of sanctions available include: imposing a financial penalty, a public reprimand; Suspension in the trading of a listed company’s securities for a specified period; Suspension of a licensed financial institution from trading for a specified period; disqualifications, Revocation of the license; Restriction on the use of a license. The quantum of the monetary penalties differs for the different category of

210 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 licensees and depends on the seriousness of the violations of the AML/CFT obligations, including TFS. Regulations No. 002/FIC/2022 of 03/10/2022 provides administrative sanctions applicable to reporting persons under the supervision of the FIC, i.e., real estate agents. The regulation provides for a range of sanctions for different type of breaches. The sanctions include, amongst others, monetary penalties, restrictions, prohibitions, requesting competent authority to revoke the business incorporation certificate and publish the fault committed by reporting person and the imposed sanctions through publication on its official website. The amount of the monetary penalties depends on the seriousness of the violations of AML/CFT requirements, including TFS. Apart from Article 42(d) of Law 028/2023 which applies to all supervisors, there is no provision in the laws or regulations for all the DNFBPs, except real estate sector, to be subject to varied level of sanctions for a range of misconducts which are proportionate and dissuasive. Criterion 35.2 (Partly Met) – Article 6 of Regulation No. 72/2023 provides BNR with administrative sanctions applicable to Board of Directors and Senior Management: (a) written warning; (b) suspension; (c) Revocation of the approval; (d) dismissal. Article 8 of Regulation No. No 001/CMA/2023 of 29/03/2023 provides administrative sanctions applicable to Board of Directors and Senior Management of FIs under the CMA. The range of sanctions available include: written warning; suspension; dismissal. Article 29 of Regulation No. 002/FIC/2022 provides FIC with administrative sanctions applicable to board of directors and senior management of reporting persons for real estate agents. The range of sanctions are: warning; suspension; dismissal. However, the offence is only limited to breach of disclosure. Articles 61 of 2023 AML/CFT Law provides that reporting persons, a member of its board of directors, senior manager or other employees who commits offences as specified under paragraphs (a-g) of article 61, upon conviction, he/she is liable to imprisonment for a term of not less than 2 years but not more than 5 years and a fine of not less than RWF 2,000,000 but not more than RWF 5,000,000. However, the criminal sanctions apply only to breaches relating to very limited preventive measures. The Regulation No 01/2023 of 002/30/05/2023 provides administrative sanctions applicable to a member of the Executive Committee/Board of Directors and senior managers of an NPO were there is a breach of AML/CFT requirements. The range of applicable sanctions is: (a) request for explanations; (b) a written warning letter; (c) suspension of the member of Executive Committee/Board of Directors and senior managers of a NPO; (d) dismissal of the member of Executive Committee/Board of Directors and senior managers of a NPO. The laws/regulations do not therefore provide for the use of criminal and civil sanctions applicable to directors and senior management for failure to comply with all AML/CFT requirements.

211 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 There are also no provisions in the law or regulations for directors and senior management of DNFBP sector to be subject to a range of criminal, civil or administrative sanctions which are proportionate and dissuasive. Weighting and Conclusion The laws/regulations do not provide for the use of criminal and civil sanctions for failure to comply with all AML/CFT requirements. The law does not provide for the DNFBP to be subject to a varied range of sanctions which is dissuasive and persuasive. Rwanda is rated Partially Compliant with Recommendation 35 Recommendation 36 – International instruments In its 1st Round MER, Rwanda was rated largely compliant and partially-compliant respectively with these requirements (formerly R35 & SRI). The main technical deficiencies were that the assessment team could not establish the effective implementation of those recommendations. Criterion 36.1 – (Met) - Rwanda is party to all the relevant conventions under the standard: It acceded to the 1988 Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (the Vienna Convention) on May 12, 2012; it signed and ratified the 2000 Convention against Transnational Organized Crime (the Palermo Convention) on December 14, 2000 and September 26, 2003, respectively; it ratified the United Nations Convention against Corruption (Merinda Convention) on December 27, 2005; and it signed the 1999 International Convention for the Suppression of the Financing of Terrorism (the ICSFT) on December 4, 2001 and ratified it on May 13, 2002. Criterion 36.2 – (Partly Met) - Upon their publication in the official Gazette, international treaties and agreements that have been conclusively adopted in accordance with the provisions of law are binding. That notwithstanding, some measures require enactment of laws for implementation. To implement Articles 3-11, 15, 17 and 19 of the Vienna Convention, Rwanda has enacted the following laws: Articles 264 and 265 of the of the Law Nº68/2018 of 30/08/2018 determining offences and penalties in general; article 11 of the Law nº 69/2019 of 08/11/2019 amending law nº 68/2018 of 30/08/2018 determining offences and penalties in general; Article 29 N°30/2018 of 02/06/2018 determining the jurisdiction of courts; Law N° 69/2013 of 02/09/2013 on extradition; Law nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters as mended to date; Article 34 of Law N º12/2017 of 07/04/2017 establishing the Rwanda investigation bureau and determining its mission, powers, organization, and functioning; and Article 29 of the Law N° 69/2013 of 02/09/2013 on extradition. Consequently, Rwanda has fully implemented the Vienna Convention. With respect to the Palermo Convention, deficiencies are noted with the implementation of article 5(1)(a) of the Convention, that is, criminalizing participation in an organized group. Article 63 (a) of the AML/CFT Law 2023 criminalises committing ML/TF/PF within the framework of organised criminal activity but the law falls short of defining what it means by “organised criminal activity” and does not apply to other serious crimes as contemplated by the Palermo Convention. In relation to the Terrorist Financing Convention, there are deficiencies with

212 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 respect to the definition of terrorist acts as it fails to domesticate all relevant nine treaties, more specifically, the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf. Weighting and Conclusion Although Rwanda has fully implemented the Vienna Convention, the deficiencies noted under the Palermo Convention and Terrorist Financing Convention, notably the absence of criminalising participation in an organised group group in accordance with article 5(1)(a) of the Palermo Convention and the deficiencies noted on the definition of terrorist acts as required by the Terrorist Financing Convention, means that there are moderate shortcomings. Rwanda is rated Partially Compliant with Recommendation 36 Recommendation 37 - Mutual legal assistance In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R36 & SRV respectively). The main technical deficiencies were that the deficiencies identified under Recommendations 1 and 2 may limit the scope of assistance that the authorities can provide; the broad scope of the legal privilege prevents the authorities from obtaining upon request of a foreign state any information held by lawyers; timeliness of responses was not established; no consideration given to determining the best venue for prosecution of defendants in the interest of justice in cases that are subject to prosecution in more than one country; the deficiencies identified under Recommendations 1 and 2 may limit the scope of assistance that the authorities can provide; timeliness of responses was not established; no consideration given to determining the best venue for prosecution of defendants in the interest of justice in cases that are subject to prosecution in more than one country and effective implementation was not established. Criterion 37.1 – (Mostly Met) - Rwanda has a legal basis (Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters) as amended by article 1 of the Law Nº 040 of 2021 of 28/07/21 that allows it to rapidly provide the widest possible range of mutual legal assistance in relation to money laundering, associated predicate offences and terrorist financing investigations, prosecutions and related proceedings. Criterion 37.2 – (Partly Met)- Rwanda uses the NPPAas the Central Authority in the transmission and execution of requests. The processes to follow are set out in Articles 3(4), 4,5,7, 9 and 11 of the Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters. However, Rwanda does not maintain a case management system to monitor progress on requests and ensure the timely prioritisation and execution of mutual legal assistance requests. Criterion 37.3 – (Met)- The grounds for refusal for mutual legal assistance under article 12 of the of the Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters, are not unreasonable nor unduly restrictive. Criterion 37.4(a) – (Met)- Article 12(2) of the Law on mutual legal assistance allows for any other ground to be raised by the competent authorities as ground for refusing to grant mutual legal assistance. Rwanda has not provided evidence that the grounds under criterion 37.4(a) will not be one of the ‘other grounds’.

213 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 37.4(b) – (Met)- Refer to analysis at criterion 37.4(b). Criterion 37.5 – (Met)- Article 13 of the of the Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters provides for maintaining confidentiality of the request received. Criterion 37.6 – (Met)- Though an absence of dual criminality is a ground for refusal (as per article 12(2)), dual criminality is not a mandatory precondition for Rwanda to render assistance where mutual legal assistance requests do not involve coercive actions. Criterion 37.7 – (Met)- For the dual criminality requirement, Rwanda considers the “act” underlying the offense regardless of category of offence, or nomenclature of the offence. Criterion 37.8(a) – (Met)- Article 9 of the MLA law ensures that the powers and investigative techniques that are required under Recommendation 31 or otherwise available to domestic competent authorities are also available for use in response to requests for mutual legal assistance received by Rwanda. Criterion 37.8(b) – (Met)- see analysis at criterion 37.8(a). Weighting and Conclusion Rwanda has a legal basis (Law Nº 005/2021 of 05/02/2021 governing mutual legal assistance in criminal matters) as amended by article 1 of the Law Nº 040 of 2021 of 28/07/21 that allows it to rapidly provide the widest possible range of mutual legal assistance in relation to money laundering, associated predicate offences and terrorist financing investigations, prosecutions and related proceedings. Further, Rwanda does not maintain a case management system to monitor progress on requests and ensure the timely prioritisation and execution of mutual legal assistance requests. Additionally, the deficiencies noted at criterion 31.2(a)-(c) and 31.3(a)-(b) have a cascading effect. Accordingly, there are moderate short comings. Rwanda is rated Partially Compliant with Recommendation 37.

214 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Recommendation 38 – Mutual legal assistance: freezing and confiscation In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R38). The main technical deficiencies were: the AML/CFT Law addresses cooperation in freezing, seizing, and confiscation in the context of ML/TF only and similar cooperation with respect to the predicate offenses is unclear and effective implementation was not established. Criterion 38.1(a-e) (Partly Met) - Article 25 of the MLA law when read with articles 19 and 20 of the law governing recovery of offence related assets and article 66 of the 2023 AML/CFT Law, enables competent authorities in Rwanda to have the authority to take action in response to requests by foreign countries to identify, freeze, seize, or confiscate property laundered from ML/TF and other predicate offences. However, Rwanda has not demonstrated that provisional confiscation measures can be obtained without prior notice and this may impact its ability to expeditiously obtain provisional confiscation orders. Further, Rwanda has not demonstrated that it can expeditiously respond to requests from foreign countries. Criterion 38.2 – (Met) – Article 11 of law governing recovery of offence-related assets provides for non-conviction-based confiscation measures. Article 18 mandates Rwanda to cooperate with foreign States in returning assets of foreign States located on its territory. Article 19 empowers Rwanda to provide provisional measures in international cooperation for recovery of assets. Criterion 38.3(a) – (Met) – Article 15 of the Law governing recovery of offence-related assets as amended designates the National Prosecution Authority and Military Prosecution Department with the sole responsibility for the daily management of the seized assets and confiscated assets throughout the national territory depending on the nature of such assets or the person having used them in the commission of the offence. The modalities for managing, and when necessary, disposing of, property frozen, seized or confiscated are set out in the Ministerial Order N°004/08.11 OF 11/02/2014. Criterion 38.3(b) – (Met) – Article 15 of the Law governing recovery of offence-related assets as amended designates the National Prosecution Authority and Military Prosecution Department with the sole responsibility for the daily management of the seized assets and confiscated assets throughout the national territory depending on the nature of such assets or the person having used them in the commission of the offence. Articles 7, 8 & 9 of the Law N° 42/2014 of 27/01/2015, read together, also deals with the disposal of seized and confiscated assets. The NPPA also set up a Unit that is in charge of management of the seized assets and confiscated assets. Criterion 38.4 – (Met) – This is set in articles 9bis and 9ter of the Law N° 037/2021 of 28/07/2021 amending law n° 42/2014 of 27/01/2015 governing recovery of offence-related assets Weighting and Conclusion Rwanda has the legal framework to take expeditious action in response to requests by foreign countries to identify, freeze, seize, or confiscate proceeds and instrumentalities of money laundering and other predicate offences except for terrorism financing. Further, Rwanda is able

215 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 to provide assistance to requests for co-operation made on the basis of non-conviction-based confiscation proceedings and related provisional measures when a perpetrator is unavailable by reason of death. Additionally, Rwanda has measures coordinating the seizure and confiscation actions with other countries including designating an authority for the daily management of seized and confiscated assets and for managing, and when necessary, disposing of, property frozen, seized or confiscated. However, Rwanda may not be able to assist with requests for asset recovery where the perpetrator is unavailable by reason of flight, absence or is unknown. Rwanda is rated Largely Compliant with Recommendation 38. Recommendation 39 – Extradition In its 1st Round MER, Rwanda was rated partially-compliant with these requirements (formerly R39). The main technical deficiencies were: there is no framework to allow for the prosecution of a Rwandan national found guilty of ML or TF by a foreign State and whose extradition is refused on the basis of nationality only; there is no framework for cooperation in domestic prosecution of a Rwandan national whose extradition was refused on the grounds of nationality; extradition is not available for persons charged for money laundering and pending trial; it is unclear whether a request for extradition could be executed without undue delay; the effectiveness of the framework for extradition was not established. The other deficiency related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology. Criterion 39.1(a) – (Met) - ML and TF are extraditable offences in Rwanda.This is set out in article 4(3) of the law on extradition as read with article 17 of the law nº 68/2018 of 30/08/2018 determining offences and penalties in general where a felony is listed as an extraditable offence and a felony is defined as an offence punishable with an imprisonment term of above 5 years. According to article 29 of AML/CFT law, ML is punishable by at least seven years imprisonment. Article 30 of the same law provides that TF is punishable by at least 20 years. Criterion 39.1(b) – (Partly Met) –Article 6 of the law on Extradition provides that extradition request shall be made in writing and submitted to the Minister in charge of foreign affairs and that in case of emergency, the request may be made through Interpol or by relevant authorities of foreign States and sent to the judicial authority by registered mail or any other expeditious means, however it is unclear who the article refers as “judicial authority”. Additionally, Rwanda does not have a case management system for extradition including prioritisation where appropriate Criterion 39.1(c) – (Met) – The restrictions placed on requests for extradition from Rwanda by article 16 on law on Extradition are reasonable and not duly restrictive. Criterion 39.2(a) – (N/A) – Art 5 of the Law on Extradition provides that no Rwandan shall be extradited from Rwanda to any foreign State. Criterion 39.2(b) – (Met) – Article 18 of the law on extradition provides for Rwanda, with the consent of the requesting State, to prosecute a person who could not be extradited by Rwanda.

216 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 39.3 – (Met) – For the dual criminality requirement, Rwanda considers the “act” underlying the offense regardless of category of offence, or denomination of the offence in terminology. See Article 4 paragraph 2 of the Law N° 69/2013 of 02/09/2013 on extradition which provides that other offences may be added to this list if as agreed upon by the parties and the act giving rise to the extradition request shall constitute an offence under Rwandan Law or violate International Law. Criterion 39.4 – (Not Met) -. Rwanda does not have mechanisms in place for the execution of simplified extradition. Weighting and Conclusion Whilst ML and TF are extraditable offences in Rwanda and restrictions placed on extradition are reasonable and not duly restrictive, it does not have clear processes for the timely execution of extradition requests including prioritisation where appropriate. Further, Rwanda does not have simplified mechanisms such as allowing direct transmission of requests for provisional arrests between appropriate authorities, extraditing persons based only on warrants of arrests or judgments, or introducing a simplified extradition of consenting persons who waive formal extradition proceedings. Rwanda is rated Partially Compliant with Recommendation 39. Recommendation 40 – Other forms of international cooperation In its 1st Round MER, Rwanda was rated non-compliant with these requirements (formerly R40). The main technical deficiencies were: with respect to the FIU and LEAs: no sharing of information by the FIU with foreign counterparts; lack of powers of LEAs to conduct investigations on behalf of foreign counterparts; impossibility of sharing information detained by lawyers when conducting transactions for their clients concerning the activities set under Recommendation 12; lack of statistics and overall effectiveness. With respect to supervisory authorities: no AML/CFT supervisor in place for the banking sector that may cooperate with foreign counterparts; lack of arrangements in place to the sharing and exchange of information with respect to both ML and the underlying predicate offenses; lack of powers to allow all AML/CFT supervisors to conduct inquiries on behalf of foreign counterparts; lack of controls and safeguards in place for the AML/CFT supervisor of banks and other entities licensed by the BNR, the FIU, and LEAs to ensure that the information received by competent authorities is used only in an authorized manner; requests for cooperation could be refused on the grounds of professional privilege or legal professional secrecy; lack of overall effectiveness. The other deficiencies related to effectiveness issues which are not assessed as part of technical compliance under the 2013 Methodology.

217 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 40.1 – (Mostly Met) - Article 2 of Law governing mutual legal assistance provides Rwandan competent authorities with the legal basis to provide rapid and wide range of international co-operation in relation to money laundering, associated predicate offences and terrorist financing. Such exchanges of information can be both spontaneous and upon request. Further, article 9 (9) of the Law establishing the Rwandan Investigation Bureau provides for participation in inter-agencies law enforcement initiatives which address crime problems at a regional and international level and article 34 of the same law provides for Cooperation between RIB and other organs at national and international levels in order to share information, prosecute and arrest criminal suspects. However, the deficiencies identified at criterion 5.1 has a cascading effect. Criterion 40.2 (Partly Met) Criterion 40.2 (a) – (Met) – See analysis at 40.1. Further, articles 49, 50, 51, 52 and 53 of the 2023 AML/CFT Law creates a legal obligation on competent to provide cooperation on anti￾money laundering countering, financing of terrorism and financing of proliferation of weapons of mass destruction on both domestic and international levels. Criterion 40.2 (b) – (Met) – Article 2 paragraph 2 (6) of the Law on mutual legal assistance empowers competent authorities to use the most efficient means to co-operate by allowing them to render a broader range of assistance to another State than may be provided for in an agreement, where deemed necessary by the two parties. Further, article 49 (1) (c) of 2023 AML/CFT law provides that “Without prejudice to other relevant legislations, the competent authority must use the most efficient means to co-operate. Criterion 40.2 (c) – (Not Met) – Rwanda has not provided evidence that it has clear and secure gateways, mechanisms or channels that will facilitate and allow for the transmission and execution of requests. Criterion 40.2 (d) – (Not Met) – Rwanda has not submitted evidence that it has clear processes for the prioritisation and timely execution of requests. Criterion 40.2 (e) – (Not Met) – Rwanda has not submitted evidence that it has clear processes for safeguarding the information received. Criterion 40.3 – (N/A) – Article 2 of Law on mutual legal assistance empowers competent authorities to co-operate with foreign counterparts without the need for bilateral or multilateral agreements. Criterion 40.4 – (Partly Met) – Although article 49 (3) of 2023 AML/CFT law empowers competent authorities, to upon request, provide feedback in a timely manner to the competent authority from which it has received assistance, on the use and usefulness of the information obtained, there are no mechanism for the provision of feedback to foreign counterparts on the usefulness of information provided through a request for cooperation. Criterion 40.5(a) – (Met) - article 49 (4) (a) of 2023 AML/CFT prohibits Rwanda from refusing the request on the basis considered to involve fiscal matters; Criterion 40.5(b) – (Met) - Article 49 (4) (b) of 2023 AML/CFT prohibits competent authorities from refusing a request for assistance on the grounds that secrecy or confidentiality, except where the relevant information sought is held for reasons of professional secrecy.

218 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 40.5(c) – (Met) - Article 49 (4) (c) of 2023 AML/CFT law prohibits competent authorities from refusing a request for assistance on the grounds that there is an inquiry, investigation or proceeding underway, unless the assistance may impede that inquiry, investigation or proceeding. Criterion 40.5(d) – (Met) - Article 49 (4) (d) of 2023 AML/CFT law prohibits the competent authorities from refusing a request for assistance on the grounds that the nature or status of the requested counterpart authority is different from that of the requesting authority. Criterion 40.6 – (Met) - Article 49 (5) of 2023 AML/CFT law requires competent authorities to ensure that information exchanged by competent authorities is used only for the purpose for, and by the authorities, for which the information was sought or provided, unless prior authorisation has been given by the requested competent authority. Criterion 40.7 – (Met) - Competent authorities are required to maintain appropriate confidentiality for any request for co-operation and the information exchanged, consistent with both parties’ obligations concerning confidentiality, privacy, and data protection. For example, Article 49 (6) of 2023 AML/CFT law provides that “the competent authority must maintain appropriate confidentiality for any request for cooperation and the information exchanged, consistent with both parties’ obligations concerning privacy and data protection. The competent authority must protect exchanged information in the same manner as it would protect similar information received from domestic sources. Moreover, article 49 (7) of 2023 AML/CFT law stipulates that “The competent authority may refuse to provide information if the requesting competent authority cannot protect the confidentiality of the information effectively.” Criterion 40.8 – (Met) - There are legal provisions that empower competent authorities conduct inquiries on behalf of foreign counterparts, see article 2 paragraph 2(1) of Law on mutual legal assistance. Further, competent authorities are empowered by article 49 (8) of 2023 AML/CFT to conduct inquiries on behalf of a foreign counterpart, and exchange with its foreign counterpart all information that would be obtained by it if such inquiries were being carried out domestically. Exchange of Information between FIUs Criterion 40.9- (Met) – The FIC has a legal basis to provide or exchange information with foreign FIUs on ML, TF or PF based on reciprocity. The exchange is based on all information required to be accessible or obtainable directly or indirectly by the Centre and any other information which the Centre has the power to obtain or access, directly or indirectly, at the domestic level [Article 8(7) and Article 7(21) of Law 045/202 as read together with Article 50(1) of Law 28/2023]. Criterion 40.10- (Met) - The FIC is required to provide feedback to its foreign counterparts, upon request and whenever possible, on the use of the information obtained, as well as on the outcome of the analysis conducted [Article 50 (2) of law nº 028/2023]. Criterion 40.11 (a)- (Met)- The FIC has powers to exchange all information required to be accessible or obtainable directly or indirectly by the Centre, subject to the principle of reciprocity [Article 50(1)(a) of law 028/2023].

219 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 Criterion 40.11 (b)- (Met)- The FIS has powers to request any other information which it has the power to obtain or access, directly or indirectly, at the domestic level, subject to the principle of reciprocity [Article 50 (1)(b) of Law 028/ 2023]. Exchange of information between financial supervisors Criterion 40.12 (Met) -Article 51(a) of the 2023 AML/CFT Law provides for cooperation with their foreign counterparts, consistent with international standards for supervision, in particular with respect to the exchange of supervisory information related to or relevant for AML/CFT/PF purposes. Article 52 of Law No 048/2017 of 23/09/2017 governing the BNR provides that cooperation agreements between NBR and foreign institutions with similar mission is authorized to engage in cooperation relationships between with foreign central banks, foreign supervisory organs, foreign regulators and international institutions. Further, Article 12(2) of Regulation No 2310/2018 -00013 (614) of 27/12/2018 of BNR on licensing conditions of banks requires that a foreign bank wishing to establish a banking subsidiary in Rwanda need to provide a statement from the home supervisor that he is willing to enter into a memorandum of understanding with regard to exchange of information and crisis management and resolutions. Criterion 40.13 (Met) - Article 51(b) of 2023 AML/CFT law states that FI except self￾regulatory bodies must exchange with foreign counterparts’ information domestically available to them including information held by FIs in a manner proportionate to their respective needs. Criterion 40.14 (a), (b), (c) –(Met) – Article 51(e) of Law No. 28/2023 provides for exchange of the following type of information when relevant for AML/CFT purposes, in particular with other supervisors that have a shared responsibility for financial institutions operating in the same group: (a) regulatory information, such as information on the domestic regulatory system and general information on the financial sectors. (b) prudential information such as information on the financial institution’s business activities, beneficial ownership, management and fitness and properness; (c) anti-money laundering, terrorist financing or financing of proliferation of weapons of mass destruction information, including information related to internal procedures and policies of financial institutions, customer due diligence information, customer files, samples of accounts and transactions. However, the authorities have not provided any bilateral or multilateral agreements entered into for exchange of information. Criterion 40.15 (Met) – Article 51(c) of 2023 AML/CFT Law provides that financial supervisors except self-regulatory bodies must conduct inquiries on behalf of foreign counterparts, and, as appropriate, to authorise or facilitate the ability of foreign counterparts to conduct inquiries themselves in the country in order to facilitate effective group supervision. Further, article 59 of Law No. 047/ provide the legal basis for the BNR to authorize foreign

220 │ ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 counterparts to conduct inquires themselves on subsidiaries and representative offices of their banks in Rwanda. The Law No. 072/2021 provides for the BNR to authorize foreign counterparts to conduct inquires themselves in Rwanda with regard to the supervision of the parent company, subsidiaries and representative offices of a deposit-taking microfinance institution established in their country. Criterion 40.16 (Met) –Article 51(d) provides that financial supervisors should ensure that they have prior authorisation of the requested financial supervisor for a dissemination of information exchanged, or use of that information for supervisory and non-supervisory purposes, unless the requesting financial supervisor is under a legal obligation to disclose or report the information. The requesting financial supervisor must promptly inform the requested authority of this obligation. Exchange of Information between Law Enforcement Authorities Criterion 40.17 (Met) - Article 52(a) of AML/CFT law of 2023 empowers Rwandan LEAs to exchange domestic available information with their foreign counterparts for intelligence or investigative purposes relating to money laundering and associated predicate offences, terrorist financing or financing of proliferation of weapons of mass destruction, including the identification and tracking of the proceeds of crime and instrumentalities of crime. Criterion 40.18 (Partly Met) – Article 52(b) of AML/CFT law of 2023 empowers LEAs to use their powers, including investigative techniques to conduct inquiries and obtain information on behalf of their foreign counterparts. Rwanda has not provided evidence that the regimes or practices in place governing such law enforcement co-operation, such as the agreements between Interpol, Europol or Eurojust and individual countries, govern any restrictions on use imposed by the requested law enforcement authority. Criterion 40.19 (Met) Article 52(c) of the AML/CFT law of 2023 empowers LEAs to form joint investigative teams with foreign counterparts to conduct cooperative investigations, and, when necessary, establish bilateral or multilateral arrangements to enable joint investigations. Exchange of information between non-counterparts Criterion 40.20 (Met) – Art 52(a) and (b) of the AML/CFT law 2023 provides the requirement for Rwandan competent authorities to exchange information indirectly with foreign non￾counterparts. All the principles which are applicable from 40.1 up to 40.19 are also applicable to this criterion. Weighting and Conclusion Rwanda competent authorities apply the requirements of other forms of cooperation through laws and other arrangements in place to provide for assistance to foreign counterparts. There are still moderate deficiencies on the overall compliance with the requirements of this recommendation. This includes the lack of implementation of mechanism or channels that will

221 ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING MEASURES IN RWANDA – © 2024 facilitate and allow for transmission and execution of requests, feedback on usefulness of the information by competent authorities, no specific timelines for responding to a request. Rwanda is rated Partially Compliant with Recommendation 40.

222 │ Summary of Technical Compliance – Key Deficiencies Compliance with FATF Recommendations Recommendations Rating Factor(s) underlying the rating

1. Assessing risks & applying a risk-based approach [LC] • There are minor deficiencies with regards to the mechanisms for providing information on the NRA and allocation of resources in Rwanda
2. National cooperation and coordination [PC] • Not all authorities related to PF within Rwanda forms part of the NCC or the TCCC which limits the coordination mechanisms related to PF. • Rwanda does not have coordination and cooperation between competent authorities to ensure compatibility of the AML/CFT requirements with Data Protection and Privacy rules.
3. Money laundering offences [LC] The law does not fully cover the elements of concealing or disguising the illicit origin of the property or of helping any person who is involved in the commission of the predicate offence to evade the legal consequences of his or her action.
4. Confiscation and provisional measures [LC] • No evidence that it has steps that will prevent or void actions that prejudice the country’s ability to freeze or seize or recover property that is subject to confiscation. • No evidence that its provisional measures can be made ex-parte or without prior notice or whether implementing such ex parte or without prior notice measures, is inconsistent with the fundamental principles of Rwandan law.
5. Terrorist financing offence [PC] • Although Rwanda has ratified the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf, it is still to domesticate the Protocol. • The AML/CFT does not criminalise the organization or directing others to commit a TF offence or attempted offence, and contribute to the commission of one or more TF offences.
6. Targeted financial sanctions related to terrorism & TF [PC] • Rwanda has no clear provision on identifying information and specific information required to be considered for designation when requesting another country to do so. • Rwanda does not specify whether their status as a designating state may be made known when proposing a person. • Rwanda does not have mechanisms in place for identifying targets for designation pursuant to UNSCR 1373. • Rwanda has no clear provision on identifying information and specific information required to be considered for designation when requesting another country to do so. • Rwanda does not require all the natural and legal persons within the country to freeze, without delay and without prior notice, the funds or other assets of designated person and entities. • Rwanda has no publicly known procedures to submit for de-listing requests. • Rwanda has no clear procedures to inform the designated persons and entities about petitioning for de-listing to the Ombudsperson of the United Nations Office or Focal Point. • Rwanda has no mechanisms for communicating de-listing and unfreezing immediately to the financial sector and the DNFBPs.
7. Targeted financial sanctions related to proliferation [PC] • Rwanda do not require all the natural and legal persons within the country to freeze, without delay and without prior notice, the funds or other assets of designated persons and entities. • There is no publicly known procedures to submit for de-listing requests to the relevant UN sanctions Committee. • There is no obligation to provide clear guidance to other persons or entities that may also be holding targeted funds or assets on their obligations to take action under the freezing mechanism. • There has no provision to freeze funds or other assets derived or generated from funds or other assets owned or controlled directly or indirectly by designated persons or entities.

223 Recommendations Rating Factor(s) underlying the rating • There is no specific provision to freeze all funds or other assets that are owned or controlled by the designated person or entity in line with this criterion. • Without delay requirement is only implemented after FIC disseminate the notification to reporting persons and another relevant public or private institution 8. Non-profit organisations (NC) • Rwanda has not yet addressed the requirement to identify which subset of organizations fall within the FATF definition of an NPO and identify the features and types of NPOs that, by virtue of their activities or characteristics, are likely to be at risk of TF abuse. • Rwanda had not provided any policy to promote accountability, integrity, and public confidence in the administration and management of the NPOs. • Rwanda has not worked with NPOs to develop and refine best practices to address terrorist financing risk and vulnerabilities and thus protect them from terrorist financing abuse. • Rwanda has not taken steps to promote effective supervision or monitoring such that they are able to demonstrate that risk-based measures apply to NPOs at risk of terrorist financing abuse. • Rwanda has not demonstrated that it has established appropriate mechanisms to ensure that, when there is suspicion or reasonable grounds to suspect a particular NPO, that information is promptly shared with competent authorities, in order to take preventive or investigative action. • Rwanda has not yet identified point of contact nor are their procedures in place to respond to international requests for information on NPOs suspected of FT or involvement in other forms of terrorist support. 9. Financial institution secrecy laws (C) • This recommendation is fully met 10. Customer due diligence (LC) • lack of requirements to identify and verify relevant natural person who holds the position of senior managing official in case where no beneficial owner is identified • inadequate requirements on legal persons or arrangements relating to information on the powers that regulate and bind the legal person or arrangement • No requirements for the identity of the natural person(s) (if any) exercising control of the legal person or arrangement • no requirements for the identity of the natural person(s) exercising control of the legal person or arrangement through other means, and 11. Record keeping (LC) • Period for maintenance of the records not taking into account the time of termination of the business relationship 12. Politically exposed persons (PC) • The approval of a business relationship with a PEP including family members and close associates is only required at manager level and not senior management. • the requirement for source of funds and other assets do not extend to sources of wealth. 13. Correspondent banking (LC) • There are no requirements for financial institutions to understand the anti-money laundering, countering terrorist financing or the financing of proliferation of weapons of mass destruction responsibilities of each institution 14. Money or value transfer services (PC) • Rwanda legal framework only provides for general sanctions for unlicensed MVTS providers. • No provision for MVTS providers to include agents in their AML/CFT programs and to monitor the agents for compliance with these programmes 15. New technologies (PC) • Rwanda and the FIs (with the exception of commercial banks) have not demonstrated that they identify and assess the ML/TF risks associated with the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre￾existing products. • There is no legal and institutional framework relating to VAs and VASPs and the country has not identified and assessed the ML/TF risks associated with VAs and VASPs. 16. Wire transfers (LC) • There is no specific provision that requires MVTS providers to comply with the criterion through their agents. 17. Reliance on third parties (LC) • No legal provisions mandating reporting persons to have regards to information on the level of country risk when determining in which countries the third party that meets the conditions can be based.

224 │ Recommendations Rating Factor(s) underlying the rating 18. Internal controls and foreign branches and subsidiaries (LC) • No requirement for financial groups to share information and analysis of transactions which appear unusual, branches and subsidiaries are not permitted to obtain information from the group whenever relevant and appropriate to risk management. 19. Higher-risk countries (LC) • No requirements for FIs and DNFBPs to apply countermeasures proportionate to the risks when called upon by the FATF or independently 20. Reporting of suspicious transaction (C) • This recommendation is fully met 21. Tipping-off and confidentiality (C) • This recommendation is fully met 22. DNFBPs: Customer due diligence (PC) • The deficiencies identified in respect of CDD measures, PEPs, ML/TF risks assessment and mitigating controls against new technologies and reliance on third parties 23. DNFBPs: Other measures (LC) • there were minor shortcomings identified under R18 and R19 are also applicable under the recommendation. 24. Transparency and beneficial ownership of legal persons (PC) • Rwanda has not assessed the ML/TF risk associated with all types of legal persons created in the country. • there are no mechanisms to monitor the quality of the international assistance received by Rwanda. • there is no requirement for the resident company secretary to be a natural person 25. Transparency and beneficial ownership of legal arrangements (PC) • gaps remain on the requirement to keep accurate information as there is no requirement to verify the information through independent and reliable sources • there are no provisions outlining what timely or swift access means. • there are no sanctions for failing to provide the information to competent authorities in a timely manner. 26. Regulation and supervision of financial institutions (PC) • There are gaps in relation to control requirement to prevent criminals and their associates from being a beneficial owner. • No provision in the law which prohibits the establishment or continued operation of shell banks. • Supervision is not carried out on the basis of the risk profile of the institution, the ML/TF risk in the respective sectors and at country level. • Consolidated group supervision for AML/CFT purposes is not applied to Core Principles FIs. 27. Powers of supervisors (LC) • Sanctions available to FI supervisors are restricted mostly to administrative sanctions 28. Regulation and supervision of DNFBPs (PC) • There are gaps in the law to prevent criminals and their associates from holding significantly controlling interest in DNFBPs, including casinos. • The Real Estate agents are not licensed and this adversely impact the ability to properly supervise the sector. • DNFBP supervisors have not implemented risk-based supervision • Sanction regime does not provide for a range of sanctions to be applied for non￾compliance with AML/CFT requirements. 29. Financial intelligence units (LC) • There is no Provision for FIC to disseminate upon request. • Rwanda has not yet applied to join Egmont. 30. Responsibilities of law enforcement and investigative authorities (C) • This recommendation is fully met 31. Powers of law enforcement and investigative authorities (PC) • No mechanisms in place to identify, in a timely manner, whether natural or legal persons hold or control accounts; and identify assets without prior notification to the owner. 32. Cash couriers (C) • This recommendation is fully met 33. Statistics (PC) • There were discrepancies in the statistics provided by the different competent authorities. 34. Guidance and feedback (PC) • Guidelines issued by supervisory authorities are mostly general in nature. • Majority of the guidelines have recently been issued in order to see the impact. 35. Sanctions (PC) • supervisory bodies have powers to impose mostly administrative sanctions under the current AML/CFT legislative framework

225 Recommendations Rating Factor(s) underlying the rating 36. International instruments (PC) • Rwanda has not criminalised participation in an organised group group in accordance with article 5(1)(a) of the Palermo Convention and the deficiencies noted on the definition of terrorist acts as required by the Terrorist Financing Convention 37. Mutual legal assistance (PC) • Rwanda does not maintain a case management system to monitor progress on requests and ensure the timely prioritisation and execution of mutual legal assistance requests. • Rwanda can use the grounds of fiscal matters and secrecy or confidentiality requirements by financial institutions to refuse mutual legal assistance 38. Mutual legal assistance: freezing and confiscation (LC) • Rwanda may not be able to assist with requests for asset recovery where the perpetrator is unavailable by reason of flight, absence or is unknown. 39. Extradition (PC) • No clear processes for the timely execution of extradition requests including prioritisation where appropriate. • Rwanda does not have simplified mechanisms such as allowing direct transmission of requests for provisional arrests between appropriate authorities, extraditing persons based only on warrants of arrests or judgments, or introducing a simplified extradition of consenting persons who waive formal extradition proceedings. 40. Other forms of international cooperation (PC) • There is the lack of implementation of mechanism or channels that will facilitate and allow for transmission and execution of requests, feedback on usefulness of the information by competent authorities.

226 │ Glossary of Acronyms19 AML/CFT Anti-Money Laundering/ Counter Financing of Terrorism ARINSA Asset Recovery Inter-Agency Network Southern Africa Art Article AU African Union BNI Bearer Negotiable Instruments BNR National Bank of Rwanda BNR-BSD National Bank of Rwanda – Banking Supervision Department BO Beneficial Ownership CBR Correspondent Banking Relationship CDD Customer Due Diligence CISNA Committee of Insurance, Securities and Non-Bank Financial Authorities CMA Capital Market Authority CTR Cash Transaction Report DNFBP Designated Non-Financial Businesses and Professions DGIE Directorate General of Immigration & Emigration EDD Enhanced Due Diligence ESAAMLG Eastern and Southern Africa Anti-Money Laundering Group FATF Financial Action Task Force FI Financial Institution FIC Financial Intelligence Centre GDP Gross Domestic Product IAIS International Association of Insurance Supervisors IECMS Integrated Electronic Case Management System ICU International Crimes Unit ICPAR Institute of Certified Public Accountants of Rwanda IFC International Financial Centre IO Immediate Outcome KYC Know Your Client LEA Law Enforcement Agencies MER Mutual Evaluation Report MAAC Convention on Mutual Administrative Assistance in Tax Matters MFI Micro finance Institutions MINECOFIN Ministry of Finance and Economic Planning MINICOM Ministry of Trade and Industry MINIJUST Ministry of Justice MoFA Ministry of Foreign Affairs ML Money Laundering ML/TF Money Laundering/Terrorist Financing MLA Mutual Legal Assistance MLRO Money Laundering Reporting Officer MNO Mobile Network Operators MoU Memorandum of Understanding MVTS Money and Value Transfer Services NBFI Non-Banking Financial Institutions 19 Acronyms already defined in the FATF 40 Recommendations are not included into this Glossary.

227 NCC National Coordination Committee NCTC National Counter Terrorism Committee NDFI Non-deposit Financial Institution NISS National Intelligence Security Services NPPA National Public Prosecution Authority NPO Non-Profit Organisation NTCCC National Technical Committee to Coordination Committee NRA National Risk Assessment PEP Politically Exposed Person PF Proliferation Financing RBA Risk based Approach RBS Risk Based Supervision RDB Rwanda Development Board REMA Rwanda Environment Management Authority RGB Rwanda Governance Board RIPPS Rwanda Integrated and Payment Processing System RMB Rwanda Mines, Petroleum and Governance Board RNDPS Rwanda National Digital Payment System RIB Rwanda Investigation Bureau RNP Rwanda National Police RRA Rwanda Revenue Authority SADC Southern Africa Development Community SARs Suspicious Activity Report SDD Simplified Due Diligence SOPs Standard Operating Procedures SRA Sectoral Risk Assessment SRB Self-Regulatory Body STRs Suspicious Transaction Reports TCSPs Trust and Company Service Providers TFS Targeted Financial Sanctions UNSCR United Nations Security Council Resolution VA Virtual Assets VASPs Virtual Asset Service Providers