Guidelines on Artificial Intelligence Risk Management for Financial Institutions

The Governor GUIDELINES No 52/2026 [616] OF 04/06/2026 ON ARTIFICIAL INTELLIGENCE RISK MANAGEMENT FOR FINANCIAL INSTITUTIONS

1 The National Bank of Rwanda; Pursuant to Law no 48/2017 of 23/09/2017 governing the National Bank of Rwanda, as amended to date, especially in Articles 6, 6bis, 8, and 9; Having regard to Rwanda Vision 2050, the Rwanda FinTech Strategy 2024–2029, the National Artificial Intelligence Policy of Rwanda of 2022, the AI Readiness and Maturity Framework for Rwanda, and the National Data Sharing Policy of May 2025, which collectively promote innovation, responsible digital transformation, ethical artificial intelligence, sound data governance, financial inclusion, consumer protection, and financial stability; Recognizing the growing use of artificial intelligence including generative and agentic artificial intelligence in the financial sector, along with risks related to reliability, explainability, cybersecurity, privacy, accountability, operational resilience, and third‑party dependencies, there is a need for clear regulatory expectations to support responsible innovation, effective oversight, consumer protection, and a stable, trusted financial system. ISSUES THE FOLLOWING GUIDELINES: CHAPTER ONE: GENERAL PROVISIONS Article One: Purpose of these Guidelines These guidelines set out the requirements for the development, deployment, use, and oversight of AI systems by regulated financial institutions, ensuring safety, security, soundness, consumer protection, operational resilience, and financial stability. Article 2: Interpretation In these guidelines: (a) “Artificial Intelligence” or “(AI)” refers to technologies that simulate human intelligence to perform tasks such as learning, prediction, classification, decision-making, or content generation. This includes machine learning which includes (systems that learn from data without explicit programming), deep learning which includes (a subset of machine learning using neural networks for complex pattern recognition), Generative AI (GenAI), and natural language processing (NLP); (b) “AI incident” means any event involving an AI system that results in, or has a high likelihood to result in, material harm to consumers, market integrity, financial stability, safety, privacy, confidentiality, or compliance. Incident categories include model failure, unfair or discriminatory outcome, hallucination or toxic content, data breach or leakage, cybersecurity attack (including model extraction or inversion), prompt injection or data poisoning, and model drift beyond approved thresholds;

2 (c) “AI Lifecycle” means the process of developing, deploying, maintaining, and improving AI systems throughout their entire lifespan; (d) “AI system” means any application, model, or tool using AI techniques to support or automate business, operational, or supervisory decisions; (e) “Challenger model” means an alternative model developed to benchmark, contest, or validate the performance of a production (champion) model; (f) “Critical function” means any function whose disruption would materially impair the provision of critical financial services, safety and soundness, or consumer protection. This includes credit underwriting, AML/CFT transaction monitoring, fraud detection, payments, trading, treasury risk management, customer authentication, and cybersecurity operations; (g) “Cyber threat” means any circumstance, event, act, or capability intentional or incidental that has the potential to compromise the confidentiality, integrity, availability, or lawful use of AI systems or services, resulting in harm to legally protected interests; (h) “Developer” means a person who designs, writes, tests, and maintains software applications or systems; (i) “Financial Institution” means any institution licensed by the National Bank of Rwanda notably banks, deposit-taking microfinance institutions, non-deposit taking financial service providers, life insurance institutions, pension schemes, trust and company service providers, payment service providers and other financial services providers; (j) “General AI” refers to all AI technologies and systems used to automate, augment, or enhance human or institutional capabilities; (k) “Generative AI (GenAI)” refers to a type of AI system designed to create new content, including text, images, or code-based on the data it has been trained on; (l) “GenAI incident” means an AI Incident caused by a Generative AI system, including the dissemination of fabricated content presented as fact, intellectual property infringement, unsafe or abusive content, or external reliance on unvalidated GenAI outputs. (m)“High-Risk AI System” includes any AI system used in a Critical Function; that determines or materially influences customer eligibility, pricing, or access to financial products; that performs biometric identification; that scans or exploits system vulnerabilities with intent to disrupt critical functions; that performs autonomous decisioning without effective human review; or whose failure may cause significant financial, operational, legal, or reputational harm. The National Bank of Rwanda may designate additional AI systems as High-Risk where supervisory concerns arise; (n) “Human-in-the-Loop (HITL)” means a control whereby qualified personnel review, approve, or override AI outputs before reliance or external dissemination.

3 (o) “Material AI System” means a system whose failure, misuse, or inaccuracy could reasonably be expected to result in significant financial loss, consumer harm, regulatory breach, reputational damage, or disruption of critical functions. (p) “Material AI Use” means using AI applications that have a significant impact on customers, financial risk, operational processes, or regulatory compliance; (q) “Model drift” means a significant change in model inputs, relationships, or outputs that degrades performance or fairness beyond approved thresholds; (r) “Owner” means a person or a department responsible for defining and prioritizing the features, requirements, and objectives of an AI system; (s) “Public GenAI Platform” A generative AI system accessible to the public, often via the internet, and designed to generate content that is not proprietary to or licensed by the Bank; (t) “Vendor” means any third-party entity or individual involved in supplying, supporting, or servicing an AI system; Article 3: Scope of application (1) These guidelines apply to; (a) financial institutions; (b) material AI uses, whether developed internally or obtained from third parties; (c) systems falling under the broader category of General Artificial Intelligence; (2) Application of these guidelines shall be proportionate to the size, nature, complexity, and risk profile of the institution and its AI use. (3) The users of these guidelines should treat AI systems as high‑value cyber assets, subject to stronger controls than traditional software, and governed continuously across their entire lifecycle. (4) These guidelines must be read and implemented in conjunction with applicable laws, regulations, and other relevant regulatory guidance governing data protection, outsourcing, risk management, operational resilience, and consumer protection.

4 CHAPTER II: AI GOVERNANCE AND RISK MANAGEMENT Section One: Governance Article 4: Strategy and business model (1) Financial institutions apply AI to support their business model, align with strategic goals, create value, and operate within acceptable risk limits. (2) The Board of Directors must approve the institution’s approach to using AI and to oversee the AI strategy. The Board ensure that – (a) AI is used to support the institution’s core business activities, such as serving customers, managing risks, improving efficiency, or supporting decision-making, and not in ways that conflict with the institution’s business model or values; (b) decisions to adopt or expand the use of AI should be made with a clear understanding of why technology is needed, what problems it is meant to solve, and how it fits into the institution’s overall strategy; (c) the risks arising from AI, especially when AI is used in important or sensitive areas, are clearly recognized and reflected in the institution’s risk appetite and limits; (d) the institution remains fully responsible for decisions made using AI, even where systems are automated or capable of learning and adapting over time; (e) the AI strategy and governance arrangements are reviewed regularly to make sure they remain appropriate as – (i) the institution’s business model or strategic priorities change, (ii) new AI technologies emerge, and (iii) the institution’s risk profile evolves. (3) The Board of Directors and senior management ensure that the level of governance, oversight, and controls applied to AI use is proportionate to the size, complexity, and nature of the institution’s activities, and to how critical AI systems are to the business. Article 5: Responsibilities of the board of directors The Board of Directors, or a committee delegated by it, is responsible for – (a) approving the overall governance approach for AI risk management, including relevant frameworks, structures, policies, and procedures; (b) ensuring that clear roles and responsibilities are defined for the Board, senior management, and internal control functions with respect to AI oversight;

5 (c) ensuring that senior management promotes a corporate culture that supports the responsible and ethical use of AI; (d) ensuring that it is adequately informed of, and understands, the risks, limitations, and material impacts of AI systems, particularly those assessed as high risk or used in critical functions; (e) ensuring that the collective competence of Board members is sufficient to provide effective oversight and challenge of AI-related matters; (f) regularly reviewing the institution’s AI governance arrangements, risk appetite, capabilities, and risk management culture to ensure they remain fit for purpose. Article 6: Responsibilities of the senior management The Senior management is responsible for the effective implementation and operation of the AI governance framework and must – (a) develop and implement AI-related risk management policies and procedures consistent with the institution’s approved risk appetite; (b) ensure robust coordination, accountability, and ownership for AI systems across the institution, including designation of an AI system owner for each AI application throughout its lifecycle; (c) identify a member of senior management who is accountable for oversight of all AI systems within the institution; (d) establish escalation and incident-management processes for material AI risks, including breaches of risk thresholds, failures, or misuse; (e) regularly review and update AI policies, procedures, and controls to reflect technological developments, business changes, and regulatory requirements; (f) ensure that validation and performance reviews of AI systems are conducted on a regular basis; (a) report material AI-related risks, incidents, and developments to the Board in a timely manner; (b) ensure adequate resources, expertise, and training are available to support effective AI risk management; (c) set risk appetite, ensure AI-aware cybersecurity controls, and maintain oversight and accountability for AI generated cyber threats.

6 Article 7: Role of internal control functions (1) The risk management function must – (a) establish and maintain an AI risk management and validation framework covering the full lifecycle of AI systems; (b) develop and maintain a taxonomy of risks associated with AI use, including model risk, operational risk, ethical risk, cyber threats, data risk, and conduct risk; (c) assess, monitor, and manage AI-related risks in line with the institution’s risk appetite; (d) ensure that AI systems used for material or critical purposes are subject to appropriate independent validation and ongoing monitoring. (2) The compliance function must – (a) assess AI systems for compliance with applicable laws, regulations, supervisory expectations, and internal policies; (b) advise senior management and business units on regulatory and ethical obligations related to AI use; (c) monitor adherence to AI governance policies, including requirements related to transparency, accountability, and fair treatment of customers. (3) The internal audit function must – (a) independently review the effectiveness of the AI governance framework, risk management processes, and internal controls; (b) assess compliance with policies and procedures governing the development, procurement, deployment, and use of AI systems; (c) report audit findings related to AI governance and controls to the Board or its Audit Committee and follow up on remediation actions. Section 2: Risk management Article 8: Risk management framework Financial Institutions establish an AI risk management framework that – (a) covers the full lifecycle of AI systems, including design, development, procurement, testing, deployment, monitoring, modification, and decommissioning;

7 (b) clearly defines roles, responsibilities, and accountability for each stage of the AI life cycle; (c) ensures that personnel involved in AI development, procurement, validation, use, and oversight possess appropriate technical competence and understanding of associated risks; (d) ensures that users and business line heads understand the operating limits, assumptions, and restrictions applicable to AI systems; (e) supports continuous monitoring, validation, and improvement of AI systems to manage risks arising from model drift, data changes, and self-learning behaviors. Article 9: Risk identification (1) Financial institutions should have systems, policies, and procedures in place to consistently identify where and how AI is being used across all business and functional areas. This step is crucial because you can’t manage or control AI risks unless you first know where AI is in use. Clear definitions, criteria, and processes, supported by reliable systems, should guide this identification to ensure it’s consistent and thorough. (2) Institutions should assign clear responsibility for AI risk identification through a dedicated control function team responsible for identifying, documenting, reviewing, and maintaining up-to-date records of AI usage and related risks. (3) Once AI usage is identified, institutions must assess AI-specific risks, including– (a) model bias and discrimination; (b) lack of explainability or transparency; (c) data quality and integrity issues; (d) automation failures or model errors; (e) cybersecurity and adversarial threats; (f) risks from third-party providers or concentration of AI systems; (g) robustness and stability of models; (h) interpretability of AI outputs; (i) prompt injection risks in generative AI, where models could be manipulated to produce harmful or misleading content. (4) The risks identified should be captured in an AI risk register, which is linked to the institution’s broader enterprise risk management framework and updated regularly to reflect new threats or changes in AI deployment. (5) Public GenAI platforms must not be used to process confidential, customer, or supervisory information. Institutions must use approved models and gateways with logging and data-loss prevention controls.

8 Article 10: Risk analysis and measurement Financial institutions must– (a) identify and assess all risks associated with AI systems throughout their lifecycle, including both intended use and foreseeable misuse; (b) evaluate the significance of each risk, considering its potential impact, system complexity, and reliance on the AI system. (c) assess risks to operational stability, fairness, accuracy, data quality, security, legal compliance, fundamental rights, and financial integrity. (d) maintain an up-to-date inventory of all AI systems and their associated risk profiles. (e) use qualitative and quantitative methods, including indicators, thresholds, or metrics, to measure and track risks. Article 11: Risk evaluation and mitigation Financial institutions must – (a) prioritize identified risks based on severity and potential impact. (b) implement controls to eliminate or reduce risks to acceptable levels, including technical, design, or organizational measures. (c) ensure controls cover data quality, model accuracy, fairness and bias, explainability, human oversight, cybersecurity, and third-party dependencies. (d) test and validate all mitigation measures before deployment and periodically thereafter, documenting results. (e) record residual risks and determine whether additional safeguards are needed. (f) ensure that boards of directors and senior management review and approve mitigation strategies for all material AI systems. Article 12: Risk reporting and monitoring Financial institutions must – (a) Continuously monitor AI systems for performance, adherence to controls, and changes in risk profiles, including defined thresholds for –

9 (i) model drift (e.g., % population stability index shift); (ii) fairness breaches (e.g., disparity triggers); (iii) human intervention (maximum override rate); and (iv)system availability (maximum acceptable downtime for critical systems); (b) Regularly report on AI risks, incidents, and control effectiveness to senior management, boards of directors, or governance bodies, highlighting any threshold breaches; (c) Reassess risks when there are significant changes in AI systems, usage, performance, operating environment, or regulatory requirements; (d) Maintain a list of all AI-related incidents, including categorization, root cause analysis, corrective actions, lessons learned, and any threshold breaches; (e) Re-evaluate and recalibrate AI models as necessary, based on monitoring, audits, incidents, and any breaches of defined thresholds; (f) Keep documented records of all monitoring, reporting, and recalibration activities in line with institutional policies to ensure accountability and auditability. Article 13: Integration with risk management frameworks (1) The National Bank of Rwanda expects financial institutions to integrate AI governance, controls, and risk management into their existing enterprise risk management (ERM), internal control, and compliance frameworks. Policies, processes, and procedures governing the use of AI Systems must be aligned with the institution’s overall risk profile, size, and complexity, and embedded within broader institutional governance structures. (2) Institutions must ensure that AI-related risks are systematically identified, assessed, monitored, and mitigated through established risk management mechanisms, including model risk management frameworks and risk appetite frameworks. AI oversight should not operate as a standalone function but should be fully incorporated into existing institutional policies and control systems. Article 14: Risk materiality assessment (1) Financial institutions should have a clear process to assess the risk materiality of every AI system, model, or use case. This means evaluating how significant the potential risks are and using that assessment to determine how strictly each AI system should be monitored and controlled. Systems that pose higher risks should receive stronger oversight and more robust controls, ensuring that AI use stays within approved boundaries and aligns with the institution’s risk appetite. (2) The assessment should consider both the inherent risks of the AI system before controls are applied and the residual risks after controls are in place. Clear roles and responsibilities should be assigned to ensure the assessment process is applied consistently across the institution. A

10 designated control function should oversee the assessments, maintain documentation, validate outcomes, and act as the final authority on determining the risk materiality of each AI system. Regular reviews of the assessment methodology are essential to keep it relevant and aligned with evolving AI technologies. Article 15: AI inventory (1) Financial institutions should keep a centralized and up-to-date inventory of all AI systems they use. This inventory can be a dedicated AI register or part of existing records, but it must clearly link to other institutional inventories. Policies and procedures should ensure the inventory is always accurate, reflecting – (a) New AI systems before they are put into use; (b) Updates when systems are changed or retrained; (c) AI systems that are retired or decommissioned; (d) A designated team responsible for managing, reviewing, and maintaining the inventory. (2) The AI inventory should act as the single source of truth for all AI systems, helping the institution manage governance, oversight, and risks effectively. For each AI system, it should include important details, including – (a) what the system does and where it is used; (b) the type of model and how it works; (c) data sources and whether third parties were involved; (d) dependencies and how it fits with other systems; (e) lifecycle stage and validation checkpoints; (f) risk rating and significance to the institution; (g) who is responsible for the system (owners, developers, validators); (h) controls in place, like automated alerts, human checks, or cybersecurity measures; (i) links to all relevant supporting documents. (3) The inventory should be reviewed regularly and updated to reflect new AI technologies, changes in use, or involvement of third parties. This ensures the institution always has a clear, reliable picture of its AI landscape and can manage risks in line with its overall policies and frameworks. Article 16: AI Use-case approval and algorithmic impact assessment (AIIA) (1) Before development, procurement, or deployment, institutions must complete an Algorithmic Impact Assessment (AIIA) covering purpose, lawful basis, alternatives considered, expected benefits, foreseeable misuse, risk materiality, affected populations, data protection impact, explainability approach, human oversight, testing plan, and exit strategy. (2) High-Risk AI Systems require: (a) independent second-line challenge,

11 (b) Board or delegated committee approval, and (c) regulatory notification to National Bank of Rwanda before go-live, together with the AIIA summary and risk controls. Regulatory notification does not constitute prior approval unless otherwise required by the National Bank of Rwanda. (3) Material changes (model retraining, feature changes, threshold adjustments, provider switch, architectural changes such as introducing Retrieval-Augmented Generation (RAG) trigger re￾approval and re-validation before continued use. (4) Each institution maintains a Use-Case Register linked to the AI inventory, capturing approvals, owners, risk ratings, controls, monitoring metrics, and review dates. (5) Public consultation or customer testing may be required for novel high impact uses where appropriate, taking proportionality into account. CHAPTER III: DATA, MODELS, AND TRANSPARENCY Article 17: Data governance and quality Financial institutions must – (a) ensure that all data used in AI systems is accurate, complete, relevant, and up to date; (b) establish and maintain clear data governance arrangements that define data ownership, accountability, security controls, and access rights; (c) conduct appropriate due diligence on third-party data sources to ensure their reliability, integrity, and compliance with internal data governance standards; (d) process AI-related data in compliance with applicable laws, regulations, and supervisory guidelines on data protection, privacy, and confidentiality; (e) ensure that data quality controls are applied throughout the AI system lifecycle; (f) prioritize data sovereignty by ensuring that the processing, storage, and management of personal data occur within authorized local or sovereign AI infrastructures, unless otherwise explicitly authorized under relevant laws; (g) In the context of sovereign AI, financial institutions implement air-gapped AI environments to enhance security and take all reasonable measures to prevent external data leakage and mitigate supply chain risks; (h) ensure that access to AI systems and data is strictly limited to authorized persons on a need￾to-know basis and least privileges under a Zero-Trust model, where no user, device, or system is automatically trusted. All access shall be verified, monitored, recorded, and regularly reviewed, with prompt removal of access when no longer required;

12 (i) establish a data classification framework that clearly defines data sensitivity levels and sets out what data may be shared with third parties and what may be processed or stored in cloud environments, in line with appropriate security and risk management controls. Article 18: Data, fairness metrics, and sensitive attributes (1) Financial Institutions define, justify, and monitor appropriate fairness metrics, including error￾rate parity, equal opportunity difference, and demographic parity difference suited to each use case. Thresholds and remediation triggers are approved by senior management. (2) Sensitive attributes, including gender, age, location, and disability, are handled in line with the law and used for fairness testing where lawful and appropriate. Proxy detection methods are applied to identify indirect discrimination. (3) Synthetic data, if used, must be documented, tested for privacy leakage and bias, and clearly identified in model documentation. (4) Web-scraped or open internet data require provenance checks, legality review, and quality assessments prior to use. Article 19: Governance structures for AI (1) Financial Institutions establish a Data and AI Steering Committee or an equivalent organ chaired by senior management with representation from business, risk, compliance, IT, data, and internal audit to oversee AI strategy, risk, and performance. (2) Financial Institutions establish an independent Model Validation function with authority, resources, and access to data, separate from model developers. (3) Financial Institutions implement an AI Ethics Review mechanism to review ethical risks, fairness, and consumer impact for material and high-risk use cases. (4) Roles and responsibilities are documented for model owners, developers, validators, users, and approvers across the lifecycle. (5) Financial Institutions may integrate these functions within existing governance committees, provided responsibilities are clearly defined. Article 20: Model validation and lifecycle management (1) Financial institutions must– (a) validate AI models prior to deployment and on a continuous basis thereafter;

13 (b) ensure that validation assesses accuracy, robustness, stability, bias, limitations, and suitability for the intended use; (c) ensure that high‑risk AI models undergo independent validation prior to deployment and periodically thereafter; (d) maintain comprehensive and up-to-date documentation covering the entire AI model lifecycle, including development, training, testing, validation, deployment, monitoring, and material modifications; (e) re-validate AI models following any material change prior to continued use. (2) Independent validation covers conceptual soundness, data quality, performance (discrimination, calibration), robustness, stability, bias and fairness, explainability, and limitations. (3) Validation applies quantitative tests, including back-testing, benchmarking against challenger models, stress and sensitivity testing, and stability under data shifts. (4) All models maintain full lineage, version control for code, data, features, and hyperparameters, and are reproducible from artifacts. (5) Material performance or fairness deterioration triggers pre-defined thresholds, incident escalation, and remediation or suspension of use. Article 21: Ongoing monitoring Financial institutions must – (a) promptly escalate and report material deficiencies or risks to senior management; (b) implement timely corrective actions to address identified weaknesses. (c) ensure monitoring processes are proportionate to the AI system’s risk and impact; (d) establish continuous monitoring mechanisms to detect performance deterioration, data drift, unintended outcomes, and emerging risks; Article 22: Transparency and explainability Financial institutions must – (a) ensure that AI-driven decisions are transparent and explainable, proportionate to their risk and impact; (a) provide clear and meaningful explanations of AI-based decisions to the National Bank of Rwanda upon request;

14 (b) provide customers materially affected by AI decisions with meaningful and understandable information regarding the basis and outcome of such decisions; (c) maintain records sufficient to demonstrate explainability and traceability of AI system outputs. CHAPTER IV: ETHICS, RESILIENCE, CYBER, AND THIRD PARTIES Article 23: Ethical principles and fairness Financial institutions must – (a) ensure that AI systems adhere to ethical principles, including fairness, accountability, soundness, transparency, and consumer protection; (b) test AI models for bias and discrimination and implement risk-based mitigation measures where such risks are identified; (c) assign clear accountability for ethical breaches, discriminatory outcomes, or adverse impacts arising from AI systems; (d) establish mechanisms for human oversight, ethical review, and escalation of ethical concerns; (e) document, periodically review, and update the ethical principles governing AI systems in line with evolving regulatory expectations and industry best practices. Article 24: Human oversight Financial institutions must – (a) ensure that AI systems support, and do not replace human judgment, particularly in material, high-risk, or customer-impacting decisions; (b) ensure that humans retain meaningful control over AI-assisted decisions, including the ability to review, intervene, override, or halt system outputs where necessary; (c) retain full accountability for decisions supported or informed by AI systems; (d) subject AI-generated outputs to appropriate human review to identify and mitigate bias, errors, unfairness, or unintended consequences; (e) ensure that outputs produced by generative AI are reviewed and validated by qualified personnel prior to reliance or external dissemination.

15 (f) Automated external communications generated by AI without human review are prohibited. Article 25: Operational resilience and business continuity Financial institutions must – (a) integrate AI systems into their operational resilience, business continuity, and disaster recovery frameworks to ensure that critical financial services remain available during disruptions; (b) implement appropriate safeguards to protect AI systems against cyber threats, system failures, data corruption, and adversarial attacks; (c) establish contingency arrangements that enable the continuation or orderly suspension of critical services in the event of AI system disruption or failure; (d) regularly test resilience and recovery measures applicable to material or high-risk AI systems. Article 26: Cybersecurity precautions and best practices Financial institutions must – (a) integrate AI risks into enterprise cybersecurity governance structures, risk registers, and audit processes; (b) require risk classification of AI use cases, including low, medium, or high impact, with stricter controls for high‑risk and safety‑critical systems; (c) enforce data classification and minimization for training, fine‑tuning, and inference data; (d) apply strong encryption for datasets, model artifacts, embeddings, and logs at rest and in transit; (e) prevent data poisoning by validating data sources, using provenance checks, and segregating untrusted inputs; (f) prohibit use of sensitive or personal data in prompts or training unless explicitly approved and legally justified; (g) adopt defenses against prompt injections, including input validation, instruction separation, privilege boundaries. (h) sanitize and validate model outputs before they trigger downstream systems, including scripts, workflows, decisions;

16 (i) restrict model autonomy and agency AI should not execute sensitive actions without human approval; (j) apply least-privilege access controls and use strong authentication, including multi-factor authentication (MFA), and managed identities to models, datasets, vector stores, and orchestration tools; (k) conduct security due diligence on third-party AI models, datasets, APIs, and plugins; (l) continuously monitor for anomalous behavior, abuse patterns, output deviations, and data leakage; (m)extend incident response plans to include AI‑specific scenarios, including prompt injection, poisoning, and model compromise; (n) preserve logs and forensic evidence for investigations and regulatory review. Article 27: Third-Party and outsourcing arrangements Financial institutions must – (a) conduct enhanced, risk-based due diligence before engaging third-party AI providers, including assessment of their technical capability, governance standards, financial soundness, and security controls; (b) ensure that outsourcing contracts clearly define roles and responsibilities and include provisions on audit rights, access to relevant information, data protection, performance standards, and timely incident notification; (c) actively manage concentration, dependency, and vendor lock-in risks arising from reliance on third-party AI providers; (d) retain ultimate accountability for outsourced AI activities and ensure that outsourcing arrangements do not impair effective supervision by the National Bank of Rwanda. Article 28: Third-party AI, cloud, and exit strategy (1) Outsourcing contracts include audit rights for the institution and National Bank of Rwanda, access to model and data documentation, security attestations, incident notification timelines, performance Service Level Agreements (SLAs), and support for explainability and validation. (2) Institutions assess concentration and vendor lock-in risks and maintain exit strategies, including data and model portability, escrow or access to artifacts where feasible, and continuity plans.

17 (3) Black-box models with insufficient transparency are not permitted for High-Risk AI Systems unless alternative controls demonstrably achieve equivalent assurance and supervisory visibility. CHAPTER V: COMPETENCY, REPORTING, AND SUPERVISION Article 29: Staff Competency and Training Financial institutions must – (e) ensure that staff involved in the design, deployment, oversight, or validation of AI systems possess appropriate skills, expertise, and understanding of AI-related risks; (f) implement ongoing training programs covering AI governance, ethical considerations, operational risks, regulatory obligations, and emerging technological developments; (g) promote awareness of responsible AI use across relevant business, risk, compliance, and audit functions. Article 30: Regulatory Reporting and Disclosure Financial institutions must – (a) disclose material AI Systems and use cases to the National Bank of Rwanda in accordance with supervisory requirements, including core areas of Generative AI use where applicable; (b) promptly report significant AI-related incidents, system failures, data breaches, or adverse events that may affect financial stability, consumer protection, or operational resilience; (c) submit to the National Bank of Rwanda the AI inventory and risk materiality assessment as provided under Article 14 and Article 15 of these guidelines within three months from the date of entry into force, and update such submission at least annually by January 15th, or upon material change; (d) notify AI incidents, including – (i) severe consumer impact; (ii) financial loss or exposure above internal thresholds; (iii) significant fairness breach; (iv) data breach or security compromise; or (v) systemic service disruption. (e) severe incidents are reported within 24 hours, other material incidents within 72 hours, followed by a root-cause report; (f) for complex cases, initial notification may be preliminary and followed by detailed report;

18 (g) inform customers materially affected by AI-driven decisions in a manner consistent with applicable laws and transparency obligations; (h) maintain records sufficient to facilitate supervisory review and demonstrate compliance with these guidelines. Article 31: Supervisory powers (1) The National Bank of Rwanda may require information, documentation, or explanations to assess compliance and may impose corrective actions or sanctions for non-compliance. (2) The National Bank of Rwanda may require suspension or withdrawal of an AI system, mandate independent validation or audit, impose remediation timelines, or require additional safeguards where risks are not adequately controlled. CHAPTER VI: FINAL PROVISIONS Article 32: Compliance with these guidelines Financial institutions have six months from the date of signature to fully comply with the provisions of these guidelines. Article 33: Entry into force These guidelines enter into force on the date of their signature. Done at Kigali, June 04, 2026 BARIGYE Nick Deputy Governor and Acting Governor