Guidelines on Mobile Number Portability and Continuity of Mobile Financial Services

1 The Governor GUIDELINES N o 49/2026[616] OF 04/05/2026 REGARDING MOBILE NUMBER PORTABILITY AND CONTINUITY OF MOBILE FINANCIAL SERVICES

2 THE NATIONAL BANK OF RWANDA; Pursuant to Law n° 48/2017 of 23/09/ 2017 governing the National Bank of Rwanda as amended to date, especially Article 6bis; Pursuant to Law n° 061/2021 of 14/10/2021 governing payment system, especially in Articles 4, 6, 54,55 and 56; Pursuant to Law n° 017/2021 of 03/03/2021 relating to financial service consumer protection, especially in its Articles 33 and 34; Pursuant to Regulation n° 56/2022 of 27/10/2022 on financial service consumer’s internal complaints handling, especially in Article 19; Pursuant to Regulation n° 74/2023 of 18/09/2023 of governing payment services providers, especially in Articles 2 and 47; Pursuant to Regulation n° 31/2019 of 16/12/2019 on protection of payment service users, especially Articles 42,43,44 and 45; Pursuant to Regulation n° 43/2022 of 02/06/2022 governing business continuity management and operational resilience for regulated institutions, especially in Articles 18 and 41; Recognizing that the roll-out of Mobile Number Portability involves multiple stakeholders, and that NBR's role focuses on safeguarding the continuity of Mobile Financial Services and ensuring consumer protection within its regulatory mandate; Recognizing further that the implementation of Mobile Number Portability, mobile subscribers are able to retain their phone numbers when switching between mobile network operators, and it is essential to ensure that customers continue to access their Mobile Financial Services seamlessly and without disruption, following the porting of their mobile numbers; ISSUES THE FOLLOWING GUIDELINES: CHAPTER ONE: GENERAL PROVISIONS Article One: Purpose of these Guidelines These Guidelines aim to – (a) ensure uninterrupted access to Mobile Financial Services (MFS) for customers whose numbers have been ported. To ensure that mobile subscribers in Rwanda seamlessly retain access to their MFS, including mobile wallets, e-money accounts, and linked financial applications, during and after the process of Mobile Number Portability (MNP); (b) uphold consumer protection and service continuity in the context of MNP; (c) define minimum technical, operational, and procedural expectations for Payment Service Providers (PSPs); and

3 (d) reinforce the obligation of PSPs to operate in compliance with all applicable legal and regulatory frameworks. Article 2: Scope of application This Guideline applies to all licensed Payment Service Providers operating under the jurisdiction of the National Bank of Rwanda that offer MFS to customers. Article 3: Interpretation In these Guidelines: (a) “Central Bank” means the National Bank of Rwanda; (b) “Mobile Financial Services (MFS)” refers to financial services provided to users through mobile wireless networks and platforms utilizing mobile wallets and agent networks for cash-in and cash-out transactions; (c) “Mobile Number Portability (MNP)” means the ability of a mobile network subscriber to retain a number of which the subscriber is granted to use on the basis of a subscription contract if the subscriber changes the provider of electronic communications services or the geographical location of use of the communications service, which this Guideline addresses in relation to the continuity of MFS; and (d) “Payment services providers ‘PSPs’” means any entity licensed by the Central Bank to provide payment services as stipulated by the regulation governing payment services providers. CHAPTER II: REQUIREMENTS Article 4: Legal and Regulatory Compliance In addition to complying with these Guidelines, all PSPs are required to continue operating in full compliance with – (a) the payment systems law and its implementing regulations; (b) regulations, directives and guidelines issued by the National Bank of Rwanda; (c) relevant data protection and consumer protection laws and regulations; and (d) any other applicable legal framework in the financial sector. Article 5: Continuity of Wallet Accessibility Post-Porting (1) PSPs must ensure that customers retain full access to their mobile wallets immediately after completing the number porting process, irrespective of their new mobile network operator. (2) Wallet services must be network-agnostic, ensuring portability of service access alongside number portability by ensuring that MFS systems account for ported numbers in their validation, authentication, and routing logic.

4 (3) PSP must ensure that ported subscribers enjoy the same level of quality of service similar to non-ported subscribers without discrimination. (4) Subscribers must not experience any interruption, loss of funds, or forced cash-out due to porting. Where a temporary interruption is unavoidable, PSPs must take immediate remedial measures and notify the affected subscribers in line with applicable Financial Services Consumer Protection regulations. Article 6: Customer Consent and Awareness (1) PSPs must obtain and document explicit customer consent for continued MFS access post￾porting, in accordance with applicable data protection law. (2) PSPs must inform customers via SMS or in-app messages that their wallets will remain active and accessible after switching operators. Customers must be fully informed of how MNP may affect their MFS usage and associated consumer protection rights. (3) In case of failing porting, mechanisms should exist to revert the subscriber wallet until issues are resolved. Article 7: Inter-Operator and Inter-PSP Coordination (1) PSPs must collaborate with all licensed mobile network operators and other PSPs to establish interoperable frameworks for seamless wallet access and service continuity without discrimination. (2) Service providers must resolve interoperability or technical issues collaboratively and promptly without barriers and implement agreed-upon solutions. Article 8: Security, Risk Management, and Fraud Prevention (1) PSPs must review and, where necessary, update their security protocols to safeguard customers from fraud or unauthorized access following porting. (2) Authentication mechanisms must be resilient and consistent across networks to prevent, among other things, the exploitation of the porting process. (3) PSPs must conduct risk assessments specific to MNP scenarios and put in place enhanced monitoring and fraud detection mechanisms. Article 9: Reporting and Compliance Monitoring (1) PSPs shall comply with existing regulatory reporting requirements and, with respect to MNP and accessibility of MFS shall classify and report incidents accordingly, coordinate with stakeholders to ensure effective resolution of customer complaints without customers being redirected between parties, and record and report time-to-restore and time-to-resolve metrics for complaints arising from post-porting disruptions in access to Mobile Financial Services.

5 (2) Any incidents involving service disruptions, data integrity issues, or customer complaints related to MNP and MFS access must be reported to National Bank of Rwanda as per the incident management and reporting guidelines. (3) PSP may be subjected to periodic regulatory audits aiming at overseeing platforms' porting compatibility, cybersecurity protocols, incidents of MFS interruptions post-porting, complaint resolution times and consumer protection. (4) The Central Bank may conduct periodic regulatory audits, among others, to oversee MNP￾related compatibility, cybersecurity protocols, consumer complaint resolution, and continuity of MFS. CHAPTER III: ADMINISTRATIVE FAULTS AND SANCTIONS Article 10: Violation of provisions of these Guidelines If a payment service provider contravenes any provision of these Guidelines, commits an administrative fault and is liable for administrative sanctions in accordance with the relevant laws and regulations. CHAPTER IV: FINAL PROVISIONS Article 11: Repealing provision All prior provisions contrary to these Guidelines are repealed. Article 12: Entry into force These Guidelines come into force on the date of their signature. Done at Kigali, on May 05, 2026 Soraya M. HAKUZIYAREMYE Governor