National Bank of Rwanda Banki Nkuru y’u Rwanda

KN 6 Av./P.O. Box 531 Kigali-Rwanda Tel: (+250) 788199000 / Website: www.bnr.rw / E-mail: info@bnr.rw / Swiftcode: BNRWRWRW / Twitter: @CentralBankRw

---

The Governor

DIRECTIVE Nº 2600/2024-00040 [613] OF 3rd/07/2024 ON PRIVATE BANKING SERVICES

1

---

DIRECTIVE Nº 2600/2024-00040 [613] OF 3rd/07/2024 ON PRIVATE BANKING SERVICES

The National Bank of Rwanda.

Pursuant to Law n° 48/2017 of 23/09/2017 governing the National Bank of Rwanda as amended to date, especially in Articles 6 and 6bis;

Pursuant to Law n° 044/2024 of 30/05/2024 governing banks, especially in Articles 6 and 110;

Considering that all financial centers today have a wealth management industry that typically targets private banking customers. Private banking and wealth management have evolved further in parallel with global economic growth to serve private banking customers;

Noting that private banking has been and continues to be an essential industrial cornerstone;

To ensure there is an effective framework to provide and manage risks related to the provision of private banking services;

ISSUES THE FOLLOWING DIRECTIVE:

CHAPTER ONE: GENERAL PROVISIONS

Article One: Purpose of this Directive

This Directive sets out the regulatory and supervisory framework applicable to licensed commercial banks wishing to offer or provide private banking services.

Article 2: Interpretation

In this Directive:

(1) “Concierge service” means any assistance to the private banking customer with personal services of acting as a personal financial assistant, managing and helping to streamline the financial complexity, including business events management, tour planning, and reservations, offering suggestions for events, and arranging transportation, hotel services, household services, personal and professional lifestyle management, or medical assistance;

(2) “Hold mail” means retaining all or selected statements related to the account of a private banking customer with the bank until such time the customer arranges for the collection of the mail;

(3) “Private banker” means a relationship manager (RM) with personal interactions with private banking customers and who is engaged by or acting for a bank carrying on private banking services;

(4) “Private banking” means a business of offering banking and financial services or products to a private banking customer, including an all-inclusive money-management relationship. It focuses on providing personalized banking and wealth management services to private banking customers through dedicated private bankers;

2

---

(5) “Private banking customer” means –

(i) a high-net-worth individual who –

(a) invests in an investment project registered in Rwanda with net assets of at least USD 1,000,000 or the equivalent value in another currency;

(b) possesses an investable asset of at least USD 1,000,000 or the equivalent value in another currency; or

(c) has an annual income of at least USD 150,000 or the equivalent value in another currency; or

(ii) a legal structure set up to manage the wealth of beneficial owners, whereby this legal structure possesses investable assets of at least USD 1,000,000 or the equivalent value in another currency and avails of products and services falling within the field of private banking service carried on by a Bank.

(6) “Wealth management” means a service relating to investment advisory or assets management.

Article 3: Scope of application

This Directive applies to licensed commercial banks wishing to engage or which are engaging in offering private banking services as part of their conventional banking activities.

Article 4: Use of the term “private banking” or its derivatives

(1) The only authorized banks to conduct private banking services are allowed to use the word “private banking”, “private banking account”, “private banking customer” and “private banking services” regarding private banking business relationships.

(2) No financial institution is authorized to use private banking terminologies referred to in Paragraph (1) of this Article, in any language, in its corporate name, trade name, signage or advertisement, or any other derivative that can indicate or be perceived as related to private banking business unless it has a non-objection issued by the Central Bank.

CHAPTER II: PERMISSIBLE ACTIVITIES

Article 5: Permissible activities of private banking

(1) The commercial bank with non-objection to carry out private banking services, may engage in any of the following activities:

(i) all banking services: activities provided in the banking law and other services and operations to the banking main business;

(ii) wealth management;

(iii) security brokerage services;

3

---

(iv) insurance and protection products, covering property and health insurance, life assurance and pensions;

(v) commodity exchange services;

(vi) concierge services; and

(vii) other financial services that the Central Bank may approve.

(2) The following control measures are implemented when a commercial bank intends to provide concierge services:

(i) a comprehensive risk assessment prior to the launch of the concierge services to identify, manage, and mitigate all the associated risks;

(ii) a robust due diligence process on the concierge service provider, where applicable;

(iii) a suitable clause in the agreement with the concierge service provider clearly establishing the party liable for dealing with issues arising from the concierge services (e.g. complaints and refunds);

(iv) upfront disclosure to private banking customers on all the operational arrangements (including the complaints or dispute resolution mechanism) and risks involved.

(3) A commercial bank is authorized to open an account to a foreign private bank customer and provide to him or her all services of private banking. The opening of the account must meet the due diligence requirements provided for in relevant laws and regulations.

Article 6: Licensed activities by other relevant regulators

If the bank carrying on private banking services intends to carry out activities that are regulated and supervised by other regulators, it must –

(i) Apply for a license or authorization from those relevant regulators; or

(ii) outsource such services from the licensed service provider.

CHAPTER III: APPLICATION FOR NON-OBJECTION

Article 7: Application requirements for non-objection

(1) A licensed commercial bank intending to carry out private banking business, applies in writing, for non-objection to the Central Bank.

(2) The application for a non-objection is accompanied by the following information or documents:

(i) the business model, products or services to be offered, and targeted clientele;

(ii) policies providing all controls in place to provide private banking services;

(iii) specific AML/CFT policies applicable to private bank customers;

4

---

(iv) professional and moral suitability of the persons proposed to manage or control the private banking customer, their qualifications and experience;

(v) assessment of the impact of the business on the overall soundness of the bank;

(vi) declaration of source of funds to be invested in the business;

(vii) license or authorization from other relevant regulators for activities that are regulated and supervised by another relevant regulator;

(viii) activities to be outsourced, where applicable;

(ix) any other relevant information the Central Bank may require.

Article 8: Assessment of the application

The Central Bank assesses the integrity, competence, professionalism, qualification and experience of the private banker and the dedicated staff, and other operational requirements.

Article 9: Granting a non-objection

If the Central Bank is satisfied with the provided documents and information, as well as the sustainability of the business model it grants the non-objection within 30 days from the date of reception of the completed application.

Article 10: Duration and publication of the non-objection

(1) A non-objection granted remains valid unless revoked by the Central Bank.

(2) A bank granted a non-object display it, always, in a visible place at the head office of the concerned bank, and copies of it shall be similarly displayed at each of its branch offices where private banking services are offered.

CHAPTER IV: BUSINESS CONDUCT AND UPSKILLING

Section One: Competency

Article 11: Competence to provide private banking

(1) The bank offering private banking services must have senior staff with competence to provide private banking services.

(2) To foster professional standards and enhance transparency to clients and confidence in the private banking industry, the bank must present standards of good practice on competency and market conduct of the senior staff operating in the private banking industry.

(3) The bank establishes standards relating to the assessment and continuous training of all staff in charge of private banking services or products.

(4) The head of the private banking service must be approved by the Central Bank before assuming such duties.

5

---

Article 12: Expected standards

(1) The bank and its staff providing financial, or wealth advisory services must conduct their business activities with integrity and professionalism.

(2) In particular, the bank and its staff must –

(i) maintain standards of professionalism;

(ii) take reasonable care and use reasonable diligence in their dealings with the client; and

(iii) manage the key risks associated with their business.

Article 13: Practices for guiding clients and electronic banking relationships

A bank determines whether guiding clients or relationships initiated through electronic channels requires a higher degree of due diligence before account opening. The bank specifically addresses measures to satisfactorily establish the identity of non-face-to-face customers.

Article 14: Duties of a private banker

The private banker has the following duties:

(1) manage financial assets of a private bank customer;

(2) provide the private bank customer the financial recommendations on products and services;

(3) develop loan packages for credit review as well as underwriting;

(4) ensure opening plus service accounts within certified limits and ensure records are maintained within given policies and guidelines;

(5) prepare private bank customer base by servicing existing clients and cross-selling products;

(6) develop new business by interacting with external resources and informing about changing market conditions;

(7) ensure compliance with all banking policies and practices along with regulatory statutes;

(8) take reasonable measures to verify if the value of the investable assets and the annual income using relevant information obtained from reliable sources satisfy the requirements of the private bank customer;

(9) Supervise bank operations suitably including personal banking relations, client service operations, and problem resolution;

(10) ensure private bank customer satisfaction by contact as well as maintenance of relationship;

(11) Maintain and update knowledge of banking products along with financial or investment services and knowledge of industries or market areas served;

6

---

(12) upgrade on latest developments plus market trends to identify and service private bank customer needs;

(13) train and guide less experienced private bankers; and

(14) handle other financial matters for private bank customers, such as tax, estate, and philanthropic planning.

Article 15: Key Attributes for Private Bankers

A private banker must consider the following attributes for a private banker may when providing private banking services :

(1) a holistic approach (professionals with a global, holistic vision are better able to implement the strategies that are right for the client and the environment);

(2) approachability, empathy, and building relationships of trust (the ability to customize the service to suit each client, accessibility, and availability);

(3) ability to engage or have a long-term outlook (clearly define the private bank customers’ objectives in their different stages of life. In volatile, changing, and uncertain scenarios);

(4) ability to strategically embrace digital transformation (master all the tools that help to optimize the services they offer);

(5) ability to extensively engage clients on a constantly evolving landscape (e.g. legislation with new products, environmental, social, and governance);

(6) creativity and innovativeness (ability to generate new business ideas in the current competitive context);

(7) regulatory expertise (full understanding of the financial regulatory framework and standards affecting the profile of a client);

(8) ability to focus on maximum specialization (personalized service that is adapted to the client’s personal circumstances, risk profile, time horizon, and financial objectives);

(9) possession of intercultural skills (develop synergies between different markets to enrich the final offer to clients).

Article 16: Duties of private banking staff

(1) The different units and staffing within the private banking function, as applicable, must be well-demarcated and their functions and duties be clearly set out.

(2) The duties of private banking staff must be properly segregated among the front-office and operational staff (middle-office or back-office staff).

Article 17: Competency assessment

(1) The staff assigned to provide private banking service or to serve must be fit and proper.

(2) A private banker must possess at least 10 years of serving in the relevant financial services, mainly banking, or securities markets or wealth management services-related experience

7

---

before he or she provides any financial or wealth advisory service on behalf of his or her respective bank.

(3) The private banking staff are advised to pass the Client Advisor Competency Standards (CACS) or other related courses or training programs.

Article 18: Continuing professional development

(1) To ensure that knowledge and skills are kept current with industry and regulatory developments, the private banking staff undertakes continuous training to ensure ongoing competency.

(2) Training activities constitute formal documented learning, which may include, attending courses, workshops, lectures or seminars as well as e-learning courses. The records of training attended shall be kept

(3) The bank ensures private bank staff are facilitated to attend training or professional courses.

Section 2: Market Conduct

Article 19: Professionalism

The banks and their dedicated staff must act with professionalism and ensure that their activities are guided by appropriate ethical values, prudence, and integrity.

Article 20: Personal conduct

(1) The bank must incorporate in its code of conduct a statement of general principles governing personal account holdings and ethical values, including honesty and integrity, competence, and diligence of the staff in charge of private banking.

(2) In particular, the private banker conducts his or her activities in a manner that is in the best interests of the private banking customer and the bank, by preventing any potential conflicts of interest.

(3) When in possession of inside information, the staff dedicated to private banking does not act upon it in the following ways:

(i) influencing or inducing any client or any third party to enter into any transaction;

(ii) communicating such information to any client or third party;

(iii) engaging in unauthorized transfer of inside information or insider trading; and

(iv) not engage in activities that are not in the best interests of the client such as front-running or parallel-running of the client’s transactions.

(4) Where appropriate, the bank may –

(i) require designated staff to obtain prior approval to transact in securities for their own account or an account in which they have an interest; and

(ii) impose an appropriate timeframe for which the approval is valid.

8

---

(5) The bank takes reasonable steps to ensure that client orders are executed on the best available terms, considering the relevant market, nature, and size of the transaction, in accordance with the bank’s trade allocation policies and procedures, and mitigate the risks of potential market abuse for sale and purchase transactions between client accounts, i.e. cross trades.

Article 21: Conflict of interest

(1) The private banker manages any actual, perceived or potential conflicts of interest, including appropriate disclosures to the client under certain circumstances, to minimize any potential adverse impact on the private banking customer.

(2) The extent of relevant policies and procedures must be proportionate to the nature, scale, and complexity of the business activities.

(3) The private banker ensures that the offering and receipt of gifts and entertainment between the private banking customer, counterparty, broker, financial institution, or any other third party and the bank, including their staff, are appropriate and that no gifts or entertainment are offered to or received from public officials. There must be–

(a) appropriate records maintained of entertainment and gifts received and offered by the bank and its staff; and

(b) periodic reviews-maintained records and the related policy by senior management of the bank.

Article 22: Private banking staff ethical actions

(1) Banks carrying on private banking business adopt a code of ethics to be observed by their private banking staff to promote fair and ethical actions that are fundamental to good business practices.

(2) The banks treat private banking customers fairly, by proactively informing private banking customers about the bank and its regulatory status, the services and products offered, and their expected costs and risks.

Section 3: Investment suitability

Article 23: Investment advice on the risks

The banks carrying on private banking services make their customers aware of the general and specific risks of an investment when advising them, including –

(1) adequately identifying the financial background, the risk-bearing capacity, the risk-tolerance or appetite, and the investment goals of the private banking customers with discretionary and non-discretionary wealth management mandates, advising them in line with this analysis and ensuring that customer suitability obligations are observed;

(2) verifying with private banking customers before executing investment orders that are not in line with and considerably riskier than their usual transactions;

(3) timely and diligently executing private banking customers’ orders in the best possible way;

9

---

(4) avoiding conflicts between the interests of the private banking customer and the interests of the bank or, if this is not possible, taking appropriate measures to reduce and manage the conflict and disclose it to the private banking customer. In particular, under a discretionary wealth management mandate, private banking customers need to be asked to formally approve in advance investments with the bank’s related parties or affiliates or entities connected directly or indirectly to the bank’s board members, senior officers or other staff;

(5) properly documenting the service, transactions, and interactions with the private banking customers; and

(6) proactively and regularly disclosing necessary information (related to the suitability of the investment portfolio, trade orders such as quantity, pricing and associated costs, and performance reporting) to the private banking customers in accordance with their investment management agreement signed with the bank, either on a non-discretionary or discretionary wealth management mandate.

Article 24: Customer Profiling

(1) The relationship manager (RM) must understand the objectives, needs, and constraints of the private banking customer before providing investment advice.

(2) The bank sets methods to understand the private banking customers’ investment goals, risk or volatility tolerance, investment time horizon, financial needs or constraints, prior investment knowledge and experience, and personal circumstances. These typically involve private banking customers completing a risk assessment questionnaire to understand this.

Article 25: Product classification

(1) The bank must have a new product approval process in place to ensure that new products are appropriately rated before they can be offered to customers. There must be a product risk rating methodology for conducting due diligence on the features and risk-return characteristics of financial products.

(2) The due diligence on the financial products typically includes risk-return profile, product volatility, product liquidity, product complexity, experience, creditworthiness, and reputation of product issuers and service providers, and fees and charges.

(3) There must also be ongoing reviews of existing products and their issuers and service providers to ensure that initial assessments remain appropriate and reflective of the products’ underlying risks.

Section 4: Policies and procedures for private banking service

Article 26: Approach for carrying on private banking business

(1) A bank may have a separate policy for private banking business or integrate it within its existing policies.

(2) The bank carrying on private banking services introduces, maintains, and duly enforces a board-approved policy for private banking services. This policy sets out the approach, processes, and controls for private banking services.

10

---

(3) The policy referred to in this Article covers at least the following areas concerning a bank’s private banking service:

(i) internal control environment;

(ii) background, integrity, fitness, and propriety checks on private bankers;

(iii) private banking staff conduct and personal securities dealings;

(iv) customer account transaction processing;

(v) hold mail service;

(vi) handling of dormant private banking customers;

(vii) portfolio performance statements;

(viii) business communication systems;

(ix) management information system;

(x) additional control measures for permissible activities.

Article 27: Private banking staff conduct and personal securities dealings

The policy for private banking business sets out rules governing private banking staff conduct and personal security dealings comprising a requirement –

(1) to disclose any conflict of interest that may arise in relation to his or her duties;

(2) to make regular independent monitoring on a random or sample basis of the private banking staff's personal security dealings, including in-house securities dealings;

(3) to annually submit a duly signed declaration form with details of –

(i) all personal transactions on securities and other investment products, including a consent for the bank to have access to these transactions if warranted;

(ii) outstanding assets and liabilities;

(4) to make a prompt investigation on any matter that may give rise to suspicion of misconduct by private banking staff.

Article 28: Customer account transaction processing

(1) The bank carrying on private banking services must have in place an internal policy for call-back procedures to confirm transaction orders with private banking customers.

(2) The call-back is performed for irregular, unusual, and high-risk or high-value transactions, as determined in the bank’s policy for private banking services. It is recommended that the call-back is performed by a staff who is independent of the receipt and execution of the transaction order.

(3) The callbacks are subject to regular reviews by the control functions.

Article 29: Handling of dormant private banking customers

The bank carrying on private banking service complies with the following requirements:

(1) in cases where all accounts held by a private banking customer have become inactive, the bank carrying on private banking service must, after providing communication through a secure and verifiable method to the private banking customer’s address, make all other

11

---

reasonable efforts to establish contact with the client. If the private banking customer cannot be reached, he or she is classified as dormant;

(2) at the time of account opening, private banking customer must be duly informed of the processes and terms for their accounts becoming dormant;

(3) control and monitoring processes are put in place to prevent the abuse of accounts (including assets under management) of dormant private banking customers.

Article 30: Portfolio performance statement

(1) The private banking customer receives statements on the performance of the portfolio of investment with the bank periodically, i.e. at least quarterly, or, at a more frequent interval as may be requested by the private banking customer.

(2) Bank carrying on private banking services establishes rules for –

(i) proper segregation of duties in generating and delivering account statements;

(ii) handling customer requests for change of correspondence address; and

(iii) collecting and following up with returned mail, advice, or statements.

Article 31: Business communication systems

(1) There must be, to the extent possible, the use of any business communication system or platform for all communication between private banking staff and private banking customers.

(2) The bank establishes a list of authorized alternative third-party communication applications that may be used by private banking staff for calls or messaging.

(3) The bank maintains an appropriate audit trail of communications (such as voice logging of calls and call reports) with private banking customers to keep records of all transactions and to facilitate any investigation in the case of disputes or suspected fraudulent transactions.

(4) There must be specifications on the storage and data protection of the call recordings as well as on circumstances under which designated persons may access these call recordings.

(5) The call recordings may be deleted after ten years.

Article 32: Management information system

The bank carrying on private banking services establishes an appropriate management information system to facilitate regulatory reporting and oversight on the private banking segment.

CHAPTER V: SPECIFIC REQUIREMENTS ON AML, CFT, AND FP

Article 33: Customer onboarding and ongoing monitoring

The bank offering private banking services takes reasonable measures regarding Know Your Customer (KYC) and conducts a periodic review of business relationships, in accordance with

12

---

the provisions of existing legislation relating to anti-money laundering (AML), combating the financing of terrorism (CFT) and financing of proliferation (FP) of weapons of mass destruction.

Article 34: Enhanced due diligence

(1) The bank adopts a risk-based approach in managing ML/TF risks and subjects higher-risk customers to enhanced Customer Due Diligence (CDD) measures and ongoing monitoring procedures. The bank undertakes the KYC processes to gain a reasonable understanding of the private banking customer, including the personal and professional background, source of wealth and income, and business activities.

(2) As part of the KYC process, the bank typically obtains and corroborates the source of wealth of the private banking customer and beneficial owners by obtaining information on the family background (e.g. information on the family tree and how family wealth was derived), investment history (e.g. types of investments, location, number and value of properties held, the value of shareholdings), business activities (e.g. nature, size, profitability, and history) or professional career (e.g. length of career, position held and annual income), where relevant.

(3) For the source of wealth acquired via inheritance and gifts, the bank identifies the persons making the inheritance and gifts and assesses the legitimacy and reasonableness of the inheritance and gift amounts relative to the background of the persons identified.

(4) The bank performs independent verification which includes citing public information sources (e.g. company websites, journals, or media reports), to verify the net worth of private banking customers or financial statistics of operating companies as well as obtain documentary evidence like bank statements, confirmation from third party professionals (e.g. tax advisors) and assess the authenticity and reliability of the documents provided by the private banking customer.

Article 35: Situation Requiring Additional Diligence

(1) The bank’s internal policies define categories of individuals necessitating extra diligence, particularly when their circumstances present a higher-than-average risk to the bank based on some indicators.

(2) The circumstances of the following categories of persons are indicators for defining them as requiring additional diligence:

(i) persons residing in or having funds sourced from countries identified by credible sources as having inadequate antimony laundering standards or representing high risk;

(ii) persons engaged in types of business activities or sectors known to be susceptible to money laundering;

(iii) Politically Exposed Persons “PEPs”, refer to individuals holding or having held positions of public trust, such as government officials, senior executives of government corporations, politicians, important political party officials, etc., as well as their families and close associates.

Article 36: Authentication of customer procedures

(1) The bank authentication procedure typically entails the verification of customers’ signatures by independent parties. Given that signatures can be forged easily, the bank may subject

13

---

transactions with higher fraud risk (e.g. third-party account transfers, requests for hold-mail services, changes to customer’s mailing addresses and mode of delivery of account statements) to additional authentication procedures, such as independent call-backs.

(2) The call-back procedure is generally performed by parties independent of the front office, using customers’ contact numbers maintained in the bank’s official records.

(3) Hold mail (HM) service is not offered to private banking customers because of the high risks of fraud, including concealment of unauthorized transactions, except in exceptional circumstances and upon request by the customer. The banks must have a rigorous control framework governing the offering of HM services offering

Article 37: Tax compliance

The bank carrying on private banking service must adequately identify, address, and mitigate conduct and compliance risks that may arise from being prosecuted by domestic or foreign tax authorities for aiding and abetting tax fraud committed by its customers, or, from not making relevant declarations to the tax authority.

CHAPTER VI: MISCELLANEOUS, TRANSITIONAL AND FINAL PROVISION

Article 38: Supervisory framework

The bank carrying on private banking services may be subject to the ad hoc regulatory and supervisory requirements by the Central Bank.

Article 39: Compliance with this Directive

The existing commercial bank using the terminology of “Private Banking” for business-related services or products or purported to offer private banking services to its customers has six months to comply with the requirements of this Directive.

Article 40: Entry into force

This Directive comes into force on the date of its signature.

Done at Kigali on 03rd July 2024

[Signature]

RWANGOMBWA John Governor

14