BANQUE DE LA REPUBLIQUE DU BURUNDI

REGLEMENT N° 02/2026 EDICTE EN APPLICATION DE LA LOI N° 1/08 DU 27 MARS 2025 PORTANT MODIFICATION DE LA LOI N° 1/02 DU 04 FEVRIER 2008 PORTANT LUTTE CONTRE LE BLANCHIMENT DE CAPITAUX ET LE FINANCEMENT DU TERRORISME

PRESENTATION NOTE

Pursuant to Article 40 of Law No. 1/17 of 22 August 2017 governing banking activities, covered institutions are obligated to refuse the management or transfer of funds linked to illegal activities and to implement an adequate system for detecting and reporting suspicious activities under the conditions set by regulation.

The national legal framework regarding the prevention of money laundering and the financing of terrorism (AML/CFT) has undergone a major evolution with the adoption of Law No. 1/08 of 27 March 2025 amending Law No. 1/02 of 4 February 2008 on AML/CFT. This reform aims to align the Burundian system with international standards and strengthen AML/CFT effectiveness.

Following the promulgation of this new law, Regulation No. 001/2023 issued under Law No. 1/02 of 4 February 2008 on AML/CFT has become obsolete, necessitating its alignment with the new law.

The new regulatory framework:

clarifies the role of the Banque de la République du Burundi (BRB) regarding its supervisory competencies over institutions subject to the banking law in matters of AML/CFT (Article 80 of the AML/CFT Law). Indeed, in compliance with Article 62 of Law No. 1/17 of 22 August 2017 governing banking activities, covered institutions and their foreign subsidiaries are subject to document-based and on-site supervision by the Central Bank and any person authorized by it, without professional secrecy being invoked against it. The BRB is thus empowered to request any documents or information enabling it to carry out its supervisory actions, to access client registers, and to verify the policies and procedures applicable in the fight against money laundering and the financing of terrorism.

also charges the BRB (i) to define standards for the identification and verification of client identity, (ii) to specify the obligations of institutions regarding governance, compliance functions, and internal control dedicated to AML/CFT, (iii) to determine the amounts above which enhanced due diligence measures or automatic declarations are required, and (iv) to provide a guide on risk indicators and money laundering schemes to facilitate detection by covered institutions.

In its capacity as the supervisory and control authority, and in accordance with Article 87 of the AML/CFT Law as amended, the BRB is tasked with issuing implementing measures for covered institutions.

This revised regulation fits within this dynamic of compliance and strengthening financial sector vigilance to prevent it from serving as a conduit for illicit capital flows.

By issuing this regulation, the BRB intends to equip covered institutions with robust tools for proactive AML/CFT risk management, thereby ensuring the integrity, solidity, and stability of the national financial system. Unlike the previous regulation, which was supplemented by two (2) annexes, the new regulation is explained by four (4) circulars regarding client identification and due diligence (KYC), internal organization and control, threshold setting, and typology of suspicious transactions.

---

BANQUE DE LA REPUBLIQUE DU BURUNDI

REGLEMENT N° 02/2026 EDICTE EN APPLICATION DE LA LOI N° 1/08 DU 27 MARS 2025 PORTANT MODIFICATION DE LA LOI N° 1/02 DU 04 FEVRIER 2008 PORTANT LUTTE CONTRE LE BLANCHIMENT DE CAPITAUX ET LE FINANCEMENT DU TERRORISME

The Governor of the Banque de la République du Burundi,

Having regard to Law No. 1/34 of 2 December 2008 establishing the Statutes of the Banque de la République du Burundi;

Having regard to Law No. 1/17 of 22 August 2017 governing banking activities;

Having regard to Law No. 1/07 of 11 May 2018 establishing the National Payment System;

Having regard to Law No. 1/05 of 27 February 2019 governing the Burundian capital market;

Having regard to Law No. 1/08 of 27 March 2025 amending Law No. 1/02 of 4 February 2008 on the prevention of money laundering and the financing of terrorism;

Having regard to Decree No. 100/044 of 16 March 2020 establishing the creation, missions, organization, and functioning of the National Financial Intelligence Unit, "CNRF" in short;

Having regard to Regulation No. 002/2024 revising Regulation No. 001/2017 on payment services and payment institutions governing payment institutions;

Having reviewed Regulation No. 001/2023 issued under Law No. 1/02 of 4 February 2008 on the prevention of money laundering and the financing of terrorism;

Hereby issues this Regulation:

Article 1: Subject Matter of the Regulation

The purpose of this regulation is to:

1. require covered institutions to establish, maintain, and update, as appropriate, specific policies, procedures, and tools to safeguard against the use of the financial system for money laundering and the financing of terrorism;

2. instruct covered institutions to identify suspicious transactions, document them, and submit reports and information on these suspicious transactions to the competent authority;

3. promote transparency in financial transactions.

Article 2: Scope of Application

The following are subject to this regulation:

1. credit institutions;

2. the National Post Office;

3. currency exchange offices;

4. payment institutions;

5. financing and/or guarantee funds;

6. microfinance institutions.

Article 3: Definitions and Acronyms

For the purposes of this regulation, the following shall mean:

1. Beneficial Owner, any natural or legal person represented in any manner whatsoever, any signatory to bank or financial accounts, or any beneficiary of rights or economic benefits resulting from the account;

2. Central Bank, the Banque de la République du Burundi;

3. Beneficial Owner, any natural person who ultimately owns or controls a client and/or any natural person on whose behalf a transaction is conducted;

4. Money Laundering, the process by which a natural or legal person conceals or disguises the nature or origin of the proceeds of illegal activities so that they appear to originate from legitimate sources, when the intentional commission is manifested by:

   i. the conversion or transfer of property, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person involved in the commission of the predicate offence to evade the legal consequences of his or her actions;

   ii. the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing, at the time of the transaction, that such property is the proceeds of a crime, a felony, or participation in a crime or felony;

   iii. the acquisition, possession, or use of property by a person knowing, at the time of receipt, that such property is the proceeds of a crime, a felony, or participation in a crime or felony.

5. CDD: Customer Due Diligence;

6. Manual Exchange, purchase or sale from an authorized financial institution such as banks, the National Post Office, currency exchange offices, of banknotes or traveler's checks denominated in foreign currency in exchange for national currency.

7. CNRF: National Financial Intelligence Unit of Burundi.

8. Occasional Client: any client who does not have an account with a covered institution and who conducts a one-off transaction with it, carried out in a single or multiple operations that appear linked.

9. Covered Institutions: credit institutions, the National Post Office, currency exchange offices, payment institutions, financing and/or guarantee funds, and microfinance institutions.

10. Layering: a concealment or disguise process aimed at masking the illicit origin of funds. It includes in particular the following operations:

    i. splitting deposits across multiple accounts followed by consolidation into a few specific banks;

    ii. succession of financial operations to mask fraudulent origin: repayment of fictitious loans, payment of false invoices;

    iii. purchase and resale of assets;

    iv. international fund transfers.

11. Trust: an operation by which one or more individuals (settlers) transfer assets, rights, or securities, or a collection thereof, present or future, to one or more managers (trustees) who, holding them separate from their own assets, act for a specific purpose for the benefit of one or more other individuals (beneficiaries).

12. Financing of Terrorism, any act committed by a natural or legal person who, by any means whatsoever, directly or indirectly, on his or her own behalf or through an intermediary, deliberately provides or collects, or attempts to provide or collect, assets, funds, and other financial resources with the intention of using them, or knowing that they will be used, in whole or in part, for the commission of one or more terrorist acts.

13. FATF, the Financial Action Task Force, the global supervisory body for money laundering and the financing of terrorism, which defines international standards aimed at preventing illegal activities.

14. Integration, the introduction of laundered funds into the legal economic circuit to give them a legitimate appearance. This may include in particular:

    i. investments in real estate;

    ii. establishment and purchase of companies;

    iii. stock market investments.

15. KYC, Know Your Customer (Client identification obligation).

16. AML/CFT, Prevention of Money Laundering and Countering the Financing of Terrorism.

17. High-Risk and Non-Cooperative Jurisdictions, countries identified by the FATF as having significant strategic deficiencies in their money laundering and terrorist financing prevention measures.

18. Politically Exposed Person (PEP), a natural person who exercises or has exercised important public functions in Burundi, in particular the following natural persons:

    i. Heads of State or Government;

    ii. senior officials within public authorities such as deputies, senators, ministers, heads of institutions, provincial governors, general commissioners, municipal administrators, civil servants holding high-responsibility positions at director level or above in ministries, all magistrates of the judicial, administrative, and financial orders regardless of rank and function, any person exercising the functions of public accountants and ordering officers, corporate executives sitting on the boards of public establishments and publicly owned companies;

    iii. senior military and police personnel such as general officers and senior officers of the army and national police, inspectors of the army general inspection and the national police general inspection;

    iv. political party leaders;

    v. persons known to be closely associated with a politically exposed person, in particular any close person, family member in the direct line or by marriage, or any person linked by business relations.

19. Illicit Placement, conversion of cash sums from trafficking or illegal activities by introducing them into the banking system or economic circuit, in particular cash deposits into bank accounts or the acquisition of prepaid payment cards.

20. International Standards, in particular the FATF Recommendations.

21. Significant Transaction, any operation exceeding an amount equal to or greater than that determined by the Central Bank in a relevant instruction (circular).

Article 4: Development of AML/CFT Strategies

Every covered institution is obligated to develop AML/CFT strategies containing:

1. internal controls, policies, and procedures, including the designation of responsible persons within the covered institution;

2. client knowledge rules and procedures, "KYC/CDD";

3. maintenance of files regarding suspicious cases;

4. identification and reporting of suspicious transactions; and

5. awareness and training of relevant employees.

Article 5: Client Identification

Covered institutions must implement internal rules and procedures to identify their clients, including occasional clients, as well as, where applicable, their beneficial owners in the situations provided for in Articles 53 and 54 of Law No. 1/08 of 27 March 2025 amending Law No. 1/02 of 4 February 2008 on AML/CFT.

Client identification entails, for a covered institution, the obligation to:

1. ensure permanent knowledge of its client using documents, data, and information from reliable and independent sources to detect abnormal or suspicious operations;

2. discover the beneficial owner of the opened account and take necessary measures to verify their identity;

3. conduct enhanced control in the context of politically exposed persons;

4. strengthen normal vigilance measures in correspondent banking relationships;

5. in case of a banking relationship with an individual or entity, thoroughly verify their relationship with persons/entities involved in money laundering/terrorist financing or if the entity or individual does not appear on sanctions lists published notably by the United Nations.

The above verifications must be carried out upon entering into a relationship as well as during the continuation of the relationship.

It is prohibited for a covered institution to hold or maintain an anonymous account or an account under a pseudonym.

Covered institutions identify their clients according to the content of the circular issued by the Central Bank, which takes into account the minimum requirements of the FATF.

Article 6: Operations Conducted on Behalf of Others

If the client does not act for their own account, the covered institution must inquire, by all means, about the identity of the person on whose behalf they act.

After verification, if doubt persists regarding the beneficial owner's identity, it must terminate the banking relationship and, where applicable, proceed, under the conditions provided for in Articles 12 and 13 of the AML/CFT Law, to file a suspicion report with the CNRF.

Article 7: Remote Operations

When a covered institution offers the possibility to open an account or conduct any other operation remotely, it must implement appropriate measures to guarantee client identification.

These measures must, in particular, provide for the authentication of presented identification documents, the request for additional documents, the possibility of independent verification of the client's situation by a third party of confirmed reputation, and the requirement of an initial payment through an account opened in the client's name with an institution subject to international AML/CFT standards.

Article 8: Use of Third Parties for Client Identification

Covered institutions may resort to intermediaries or other third parties to carry out client identification if they have ensured that the third party is:

1. able to provide upon request and without delay copies of identification data and other documents related to the vigilance obligation;

2. established in Burundi or in another State whose legislation imposes vigilance obligations equivalent to those provided for in Articles 53 and 74 of the AML/CFT Law, and that the third party is subject to sufficient supervision.

Article 9: Liability of Covered Institutions in Case of Outsourcing Client Identification

Without prejudice to the provisions of the previous article, final liability rests with the covered institutions that resort to third parties.

Covered institutions may be exempted from client identification obligations if the client is a financial institution established in Burundi or in another State whose laws and regulations impose obligations equivalent to those of Burundi in matters of AML/CFT.

The provisions referred to in Articles 9 and 10 of this regulation shall not apply whenever there is suspicion of money laundering or terrorist financing.

Article 10: Recording of Identification Evidence

A covered institution must require and record proof of identity of its regular or occasional clients when entering into a business relationship or when conducting transactions, particularly at account opening, safe deposit box rental, or during significant cash transactions.

For the purpose of the requirement in the preceding paragraph, proof of identity shall be considered satisfactory if:

1. it is capable of confirming that the requesting client is the person they claim to be;

2. it complies with the conditions described in the circular regarding client identification.

Article 11: Retention of Client Identification Files

A covered institution must, in accordance with Article 47 of Law No. 1/08 of 27 March 2025 amending Law No. 1/02 of 4 February 2008 on AML/CFT, retain files used for client identification for a period of at least ten (10) years after terminating relationships with their clients to be able to respond to requests from competent authorities.

The files referred to in the preceding paragraph must be retained in a satisfactory format, including electronic format, to allow reconstruction of the history of individual transactions, including amounts and currencies involved, where applicable, in order to provide evidence for potential criminal proceedings.

Article 12: Examination of Unusual Transactions

Covered institutions must pay particular attention to all complex and unusual operations, and all types of unusual transactions, when they lack an apparent economic or legitimate purpose.

They must properly examine and document the history and purpose of all operations that occur under unusual conditions.

Article 13: Control of Payment Means and Instruments

Covered institutions must:

1. implement control procedures for payment means and instruments;

2. respect the threshold amounts for operations specified in the relevant circular of the Central Bank.

Article 14: Reporting of Suspicious Transactions

Covered institutions that suspect or have reasonable grounds to suspect that funds or assets are the proceeds of criminal activity or are linked or associated with the financing of terrorism or intended for this purpose, are required to promptly transmit to the National Financial Intelligence Unit a declaration indicating their suspicions according to the format established by the latter.

Covered institutions must report as suspicious, in particular, the following transactions:

1. fund transfers abroad without a visible legitimate purpose;

2. fund transfers domestically without a visible legitimate purpose or where transactions are not justified;

3. unusual purchases of foreign currency without a visible legitimate purpose;

4. unusual purchases of foreign currency whose source of funding is not transparently established;

5. significant cash transactions that are visibly complex and unusual, as well as all types of unusual transactions, when they lack a visible legitimate purpose;

6. any other operation that the institution considers suspicious.

Acts likely to constitute suspicious transactions are set forth in a circular issued by the Central Bank. The list of operations enumerated in this circular is not exhaustive and provides only examples of the most elementary money laundering methods.

Article 15: Duty of Confidentiality

Under penalty of administrative and/or criminal sanctions, it is prohibited for directors, executives, and employees of a covered institution to warn clients when information regarding a suspicious transaction concerning them is communicated to the CNRF.

Article 16: Relationships with Foreign Persons

The covered institution must exercise the utmost caution in its transactions with persons, companies, and financial institutions from foreign countries, especially high-risk and/or non-cooperative countries.

Article 17: Branches and Subsidiaries

Every covered institution must ensure that client knowledge rules and procedures and AML/CFT strategies are also applied within its branches and subsidiaries, particularly those operating in countries that lack, or are insufficiently equipped with, anti-money laundering and counter-terrorist financing regulation.

Article 18: Designation of a Money Laundering and Terrorist Financing Prevention Officer

Covered institutions must designate one or more person(s) responsible for the prevention of money laundering and the financing of terrorism within their organization.

The Central Bank and the CNRF must be informed of their appointment.

When a covered institution has subsidiaries or branches, it must designate a competent AML/CFT officer for the entire group.

The money laundering and terrorist financing prevention officers are tasked with ensuring the consistency and effectiveness of the prevention system. They are, in particular, tasked with:

1. transmitting reports to the CNRF;

2. establishing applicable policies, procedures, and internal controls to be conducted;

3. closely monitoring operations considered atypical;

4. centralizing information to identify and prevent the execution of operations related to money laundering and terrorist financing;

5. regularly informing management about suspected and/or higher-risk clients;

6. to ensure that all a