BANQUE DE LA REPUBLIQUE DU BURUNDI

CIRCULAR NO. 04/LBC-FT/2026 ON IMPLEMENTATION MODALITIES BY BANKING LAW-SUBJECTED ESTABLISHMENTS OF THEIR OBLIGATIONS REGARDING ORGANIZATION, INTERNAL CONTROL, AND COMPLIANCE WITH ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING REQUIREMENTS

The Governor of the Banque de la République du Burundi,

Having regard to Law No. 1/34 of December 2, 2008 on the Statutes of the Banque de la République du Burundi;

Having regard to Law No. 1/17 of August 22, 2017 governing banking activities;

Having regard to Law No. 1/08 of March 27, 2025 amending Law No. 1/02 of February 4, 2008 on the fight against money laundering and terrorist financing;

Having regard to Decree No. 100/044 of March 16, 2020 on the creation, missions, organization and functioning of the National Financial Intelligence Unit, "CNRF";

Having regard to Regulation No. 02/2026 issued in application of Law No. 1/08 of March 27, 2025 amending Law No. 1/02 of February 4, 2008 on the fight against money laundering and terrorist financing;

Has issued:

---

CHAPTER I: GENERAL PROVISIONS

Article 1: Object

This Circular specifies the implementation modalities, by the establishments referred to in Article 2 below, of their obligations regarding organization, internal control, and compliance with the requirements set forth in the law on the fight against money laundering and terrorist financing (AML/CFT) in Burundi.

Article 2: Scope of Application

This Circular applies to the following subject establishments:

1. credit institutions;
2. the National Post Office (Régie Nationale des Postes);
3. currency exchange offices;
4. payment institutions;
5. financing and/or guarantee funds;
6. microfinance institutions.

---

CHAPTER II: PROVISIONS APPLICABLE TO BANKING LAW-SUBJECTED ESTABLISHMENTS OTHER THAN CURRENCY EXCHANGE OFFICES

Section 1: Internal Organization Regarding AML/CFT

Article 3: Roles and Responsibilities of the Board of Directors

The Board of Directors defines the AML/CFT strategy of the subject establishment and formulates directions for its deployment. It validates the AML/CFT framework documents, including:

1. risk assessment;
2. staff training and information program;
3. policies, procedures, and control measures;
4. report on the implementation of the internal AML/CFT prevention framework. The Board of Directors designates, upon proposal by the General Management, the head of the internal AML/CFT structure. The latter must be able to access the Board of Directors directly, if necessary.

Article 4: Roles and Responsibilities of General Management

General Management is responsible for the effective implementation of the strategy, directions, policies, procedures, and control measures defined and validated by the Board of Directors. It is specifically charged with:

1. continuously ensuring compliance by relevant staff with AML/CFT policies, procedures, and control measures;
2. authorizing the establishment of business relations or the execution of an operation with or on behalf of a politically exposed person (PEP);
3. validating the list of clients identified as PEPs;
4. authorizing banking correspondence relations and other similar relations;
5. taking all other decisions and actions necessary to fulfill its mission. General Management continuously ensures the proper functioning of the internal AML/CFT structure. It provides it with adequate human and material resources and ensures its operational independence for the exercise of its responsibilities.

Article 5: Information System

The subject establishment equips itself with an information system enabling, in particular:

1. profiling of clients and accounts held in its books;
2. real-time filtering of clients and transactions;
3. monitoring of movements on accounts and generation of alerts;
4. determination of the global balance of all accounts held by the same client;
5. recording of operations carried out by the same client, whether occasional or habitual;
6. identification of transactions with a suspicious or unusual nature. The subject establishment takes into account any information likely to modify the client's profile and integrates it into the information system within a maximum period of one month. The information system must also ensure that modifications related to the implementation of targeted financial sanctions are taken into account without delay, in accordance with Article 79 of the AML/CFT Law. The effectiveness of the information system must be subject to periodic review, at least once a year, to adapt said system to the nature and evolution of the subject establishment's activity as well as its legal and regulatory environment.

Article 6: Establishment of an Internal Structure Responsible for the AML/CFT Framework

The subject establishment sets up an internal structure responsible for the AML/CFT framework in accordance with current regulations. This structure is adapted to the size, organization, nature, and volume of the financial institution's activities. It does not participate in the execution of operational tasks. The risk management structure or the compliance department may assume the responsibilities mentioned in the preceding paragraph when the establishment's size does not justify assigning this function to a separate structure. The head of the internal AML/CFT structure is attached to General Management or an equivalent body within the concerned subject establishment.

Article 7: Functions of the Internal Structure Responsible for the AML/CFT Framework

The internal structure responsible for the AML/CFT framework is charged with:

1. centralizing suspicion indicators identified by staff;
2. processing internal suspicious transaction report (STR) files;
3. drafting STRs and transmitting them to the CNRF;
4. responding to regular or ad hoc requests from supervisory authorities, the CNRF, or partner institutions;
5. developing and implementing the staff training and awareness program regarding AML/CFT referred to in Article 9 of this Circular;
6. conducting the AML/CFT risk assessments referred to in Article 27 of the AML/CFT Law;
7. conducting the AML/CFT risk classification provided for by the Circular on identification, verification of identity, and customer due diligence by banking law-subjected establishments;
8. developing and updating AML/CFT policies, procedures, programs, and control measures referred to in Articles 31 and 32 of the AML/CFT Law;
9. carrying out periodic review of the information system referred to in Article 5 of this Circular;
10. handling all other duties provided within the framework of implementing the internal AML/CFT prevention framework.

Article 8: Staff Training and Awareness Program

The subject establishment implements a staff training and awareness program regarding AML/CFT. This program must be adapted to current legal and regulatory requirements and the needs of stakeholders. To this end, it must specifically include:

1. modules covering: i. the legal framework for AML/CFT in Burundi; ii. detection of AML/CFT indicators; iii. reporting obligations regarding AML/CFT, including the preparation of suspicious transaction reports; iv. implementation of vigilance measures regarding clients; v. identification and handling of unusual or complex activities/operations; vi. document retention and archiving policy; vii. national, regional, and international cooperation regarding AML/CFT; viii. design and implementation of the subject establishment's AML/CFT strategy.
2. a post-evaluation tool for staff understanding of the program and its effectiveness;
3. regular information meetings for employees to keep them updated on developments in AML/CFT techniques, methods, and trends, as well as applicable preventive rules and procedures. The subject establishment deploys the program referred to in this article at least once a year and ensures its implementation is documented.

Article 9: Participants in the Training and Awareness Program

The subject establishment ensures that the following persons follow the training and awareness program referred to in Article 8 of this Circular.

1. staff members whose tasks directly or indirectly relate to AML/CFT;
2. staff members whose tasks expose them to the risk of encountering AML/CFT attempts;
3. governance body members, particularly those of the Board of Directors and General Management/Executive Management. The subject establishment ensures that third parties to whom it outsources tasks also possess adequate AML/CFT training.

Section 2: Provisions Regarding Controls and Reporting

Article 10: Internal Control and Audit

The subject establishment implements a control mechanism for the proper application of internal policies and procedures regarding AML/CFT. This mechanism is audited at a frequency taking into account the nature, volume, and complexity of the establishment's operations, and at least once a year. Audit mission conclusions are submitted to the Board of Directors, which takes necessary measures to ensure follow-up.

Article 11: Report on the Implementation of the Internal AML/CFT Prevention Framework

The subject establishment prepares an annual report on the implementation of its entire internal AML/CFT framework. This report must specifically:

1. describe the organization and resources of the subject establishment regarding AML/CFT prevention;
2. present training and awareness actions carried out;
3. inventory controls performed to ensure proper implementation and compliance with client identification, data retention, detection, and reporting procedures for suspicious transactions;
4. highlight investigation results, particularly regarding weaknesses identified in procedures and their compliance, as well as statistics related to the implementation of the STR reporting framework;
5. indicate, where applicable, the nature of information transmitted to third-party institutions, including those established outside the country;
6. prepare a mapping of the most common suspicious transactions, indicating observed developments;
7. trace conclusions of internal audit missions carried out and measures taken for their implementation, where applicable;
8. present perspectives and the action program for the coming year. The subject establishment transmits the report referred to in this article to the BRB within a period of two (02) months from the end of the relevant financial year.

Article 12: Banking Correspondence

To ensure the implementation of obligations regarding banking correspondence relations and other similar relations provided for in Article 5 of the AML/CFT-related regulation, the subject establishment may rely on tools and principles developed by other jurisdictions, groups, or associations, notably the FATF (GAFI), provided they include the collection of minimum information mentioned in the questionnaire appearing in Annex 1 of this Circular.

---

CHAPTER III: SPECIFIC PROVISIONS FOR CURRENCY EXCHANGE OFFICES

Article 13: Responsibilities of Currency Exchange Offices Regarding AML/CFT

The currency exchange office takes, under its responsibility, the following measures:

1. implement an AML/CFT framework adapted to its activity and backed by one or more clearly defined and documented procedures;
2. prepare an annual report on the implementation of the AML/CFT framework;
3. ensure compliance by all staff with the AML/CFT procedures referred to in point 1 of this article;
4. ensure that all staff periodically receive training and awareness regarding AML/CFT.

Article 14: Information System of Currency Exchange Offices

The currency exchange office equips itself with an information system enabling, in particular:

1. recording of operations carried out by the same client, whether occasional or habitual;
2. identification of transactions with a suspicious or unusual nature. The information system must also ensure that modifications related to the implementation of targeted financial sanctions are taken into account without delay, in accordance with Article 79 of the AML/CFT Law. The effectiveness of the information system must be subject to periodic review at least once every three (03) years, to adapt said system to the nature and evolution of the currency exchange office's activity as well as its legal and regulatory environment.

Article 15: Internal AML/CFT Framework of Currency Exchange Offices

The currency exchange office designates at least one person within its ranks responsible for the AML/CFT framework. The number of designated persons is adapted to the organization, nature, and volume of activities carried out. The persons designated under the preceding paragraph are charged with:

1. centralizing suspicion indicators identified by staff;
2. internally documenting STR files;
3. drafting STRs and transmitting them to the CNRF;
4. responding to regular or ad hoc requests from the supervisory authority, the CNRF, or partner institutions;
5. ensuring compliance with AML/CFT procedures referred to in Article 13 of this Circular in all operations carried out by the currency exchange office.

Article 16: Report on the Implementation of the AML/CFT Framework by Currency Exchange Offices

The currency exchange office transmits, within a period of two months from the end of the relevant financial year, the annual report referred to in Article 13 of this Circular, to the BRB. The annual report specifically contains:

1. a description of the organization and resources deployed for the AML/CFT framework;
2. statistics on STRs submitted;
3. perspectives for the coming year, particularly regarding training and acquisition or updating of AML/CFT tools;
4. risk assessment referred to in Article 27 of the AML/CFT Law;
5. any other information deemed relevant by the currency exchange office.

Article 17: Supervision of Currency Exchange Offices

The Central Bank ensures supervision of the currency exchange office's compliance with its AML/CFT obligations. The currency exchange office is required to submit to this supervision and provide all necessary information for its proper conduct.

Article 18: Reporting by Currency Exchange Offices

The currency exchange office is required to report to the Central Bank within ten (10) days following the end of each quarter, according to the template attached to Annex 2 of this Circular, foreign currency purchase or sale operations carried out at its counters during the preceding quarter. These declarations are accompanied by a summary document presenting, in particular, the total volume of activities during the preceding quarter and operations that have been subject to a suspicious or atypical transaction report.

---

CHAPTER IV: DIVERSE AND FINAL PROVISIONS

Article 19: Sanctions

Non-compliance with the rules provided by this Circular is sanctioned in accordance with the provisions of the AML/CFT Law in Burundi and specific BRB regulations currently in force.

Article 20: Entry into Force

This Circular enters into force on the date of its publication in the Official Gazette of Burundi and on the BRB website.

Done in Bujumbura, on 30/1/2026

Edouard Normand BIGENDAKO
Governor.

---

ANNEX 1: MODEL QUESTIONNAIRE FOR CORRESPONDENT BANKS (Article 12 of this Circular)

1. Information on the establishment

1.1 What is, in percentages, your capital structure?

i. Institution with predominantly public capital
ii. Institution with predominantly private capital

1.2 Please complete the following information:

i. Name and address of the establishment
ii. Telephone
iii. Fax
iv. Email
v. Website
vi. SWIFT code

1.3 Name and contact details of the person in charge of anti-money laundering and counter-terrorist financing (AML/CFT) and their deputy

1.4 List of management body members

1.5 Is your establishment approved by a supervisory authority?

Yes
No If "yes", please indicate: i. Name of the supervisory authority
ii. Date of approval
iii. Reference number of approval
iv. Type of approval

1.6 What are the main activities of your establishment?

i. Account management for clients
ii. Client credits/loans
iii. Fund transfers
iv. Investment of funds
v. Deposit collection
vi. Others

1.7 What are the categories of clients of your establishment?

i. Natural persons
ii. Private legal entities
iii. Public legal entities
iv. Non-Governmental Organizations (NGOs)
v. Others

2. Information regarding laws, rules and procedures

2.1 Has your country of establishment implemented legislation on AML/CFT prevention, in compliance with international standards and primarily with FATF recommendations? (If yes, please attach a copy)

Yes
No

2.2 Are money laundering and terrorist financing considered in your country of establishment as offenses penalized by current criminal laws?

Yes
No

2.3 Has your establishment implemented a written AML/CFT policy and procedures, in compliance with the laws of your country of establishment and FATF recommendations?

Yes
No

2.4 Has your establishment implemented a training program for its AML/CFT agents as well as other staff members?

Yes
No If you answered "yes", please indicate the type and frequency of these training programs.

2.5 Has your establishment implemented an audit system to verify the compliance of its rules and procedures with national legislation?

Yes
No If you answered "yes", please indicate the nature and frequency of these audits.

2.6 Do your AML/CFT procedures apply to your branches and subsidiaries both nationally and abroad?

Yes
No

2.7 Does your establishment's policy include procedures ensuring the implementation of due diligence to obtain information on the real identity and activity of your clients?

Yes
No

2.8 Does your AML/CFT policy include identification and verification procedures for the origin of funds during international transfer operations?

Yes
No

2.9 Has your establishment implemented a system to detect accounts and funds belonging to persons or entities sanctioned and/or considered terrorist by all competent authorities or the United Nations?

Yes
No

2.10 Do these policies and procedures prohibit you from:

i. opening or maintaining anonymous or numbered accounts?
Yes
No ii. having business relations with banks having no physical presence in any country (shell banks)?
Yes
No

2.11 Does your establishment retain client identification files?

Yes
No If you answered "yes", please indicate the retention period: ……… years.

2.12 Has your establishment implemented a control system for accounts and transactions to detect suspicious activities and operations?

Yes
No

2.13 Are suspicious transactions, operations, and activities as defined by FATF recommendations reported to a local competent authority?

Yes
No If you answered "yes", please indicate: i. the name of this authority:
ii. the reporting procedure:

2.14 Has your establishment implemented a system to verify, in relations with correspondent banks, that the latter apply AML/CFT procedures?

Yes
No

2.15 Do you have subsidiaries or branches in one or more countries or territories designated as "non-cooperative" by the FATF?

Yes
No If you answered "yes", can you confirm that your AML/CFT policies and procedures apply to these subsidiaries or branches?

---

ANNEX 2: DECLARATIONS OF FOREIGN CURRENCY PURCHASE AND SALE OPERATIONS BY CURRENCY EXCHANGE OFFICES

Identity of the client or beneficial owner (full name and ID number)	Client status (specify if the client is a politically exposed person)	Operation amount (specify the currency concerned)	Type of operation (purchase or sale of banknotes or travel checks)	Reason for the operation	Supporting documents provided	Name of the agent who performed the operation	Date of operation execution	Date of the last operation carried out by the client and name of the agent who performed it	Comments (indicate any other relevant information)

---

• The declarations concern operations for which clients have been identified in accordance with current regulations.