قائمة امتثال KYC وKYB وAML
رواندا KYC, KYB & AML
A practical implementation checklist for reporting persons operating in Rwanda, with a focused payment and financial-services overlay. It translates the January 2025 AML/CFT/CPF law, current FIC rules, National Bank of Rwanda requirements, RDB beneficial-ownership filings and Rwanda's personal-data law into operational controls and reviewable evidence.
- تاريخ المراجعة
- 15 July 2026
- الإصدار
- 1.0
- مجالات رقابية
- 7
- فحوص تنفيذ
- 43
إجابة مباشرة
ما الذي تغطيه قائمة الامتثال الخاصة بـ رواندا؟
تحوّل قائمة رواندا قواعد KYC وKYB وAML الأساسية إلى 7 مجالات رقابية و43 فحوص تنفيذ، وتشمل الجهات المختصة وواجبات الإبلاغ والأدلة الواجب الاحتفاظ بها.
حقائق تنظيمية أساسية
- Financial intelligence unit
- Financial Intelligence Centre (FIC Rwanda)
- Current AML law
- Law No. 001/2025 of 22 January 2025
- Suspicion reporting
- Within 24 hours
- Threshold-report filing
- Within 2 working days
- Record retention
- At least 10 years
- FATF public list
- Not listed as of 19 June 2026
تفاصيل التنفيذ
متطلبات وإجراءات الامتثال في رواندا
افتح كل مجال لمراجعة المتطلب وإجراء التنفيذ المقترح والأدلة الواجب الاحتفاظ بها والمصدر الأساسي.
01Scope, registration and governanceConfirm reporting-person status, register with FIC and establish accountable, independently tested AML/CFT/CPF governance.6 عناصر+
Map every reporting person and supervisor
- إجراء التنفيذ
- Document which entities and activities are reporting persons under Law No. 001/2025. Map FIC obligations and the competent sector supervisor, including the National Bank of Rwanda for licensed financial institutions and payment services, CMA for capital markets and the relevant authority for DNFBPs or other regulated activities.
- الأدلة الواجب الاحتفاظ بها
- Entity-perimeter memo, licence inventory, supervisor matrix and named obligations owner
- المصدر الأساسي
- Law 001/2025; FIC mandate; applicable sector law
Register the reporting person with FIC
- إجراء التنفيذ
- Use the FIC system to register each reporting person. Under the operational rule, register a new reporting person within 30 days after receiving its incorporation certificate and notify FIC in writing of changes to registered particulars within seven working days.
- الأدلة الواجب الاحتفاظ بها
- FIC registration, incorporation date, filing receipt, particulars register and change notifications
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, arts. 3-4
Appoint and notify a managerial compliance officer
- إجراء التنفيذ
- Designate an AML/CFT/CPF compliance officer at managerial level with sufficient authority, independence, access and resources. Notify FIC of the appointment within three working days and maintain effective cover for absence or vacancy.
- الأدلة الواجب الاحتفاظ بها
- Appointment, role profile, reporting line, FIC notification, access rights, deputy and resource assessment
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, art. 5
Make the board and senior management accountable
- إجراء التنفيذ
- Require governing and senior-management bodies to approve the programme, enterprise risk assessment, customer-acceptance standard and material remediation; receive meaningful compliance and risk reporting; and ensure the compliance function can escalate without interference.
- الأدلة الواجب الاحتفاظ بها
- Approved framework, committee terms, minutes, dashboards, decisions and remediation tracking
- المصدر الأساسي
- Law 001/2025; FIC Regulation 002/FIC/2023
Maintain complete internal controls
- إجراء التنفيذ
- Document risk assessment, customer acceptance, CDD, beneficial ownership, PEP, sanctions, transaction monitoring, wires, reporting, records, training, privacy, agents and outsourcing. Payment service providers must maintain comprehensive and effective AML/CFT policies, procedures and controls and may not invoke banking, professional or contractual secrecy to avoid reporting.
- الأدلة الواجب الاحتفاظ بها
- Policy suite, regulatory mapping, approvals, version history, PSP control mapping and staff attestations
- المصدر الأساسي
- Law 001/2025; Payment Service Provider Regulation 2023, art. 46
Independently audit at least annually
- إجراء التنفيذ
- Maintain an independent audit function that evaluates compliance with AML/CFT/CPF policies, procedures, controls, CDD, monitoring, reporting and records. Conduct the audit at institution level at least annually and track findings to verified closure.
- الأدلة الواجب الاحتفاظ بها
- Audit independence, annual plan, report, sampled controls, issue register, owners and closure proof
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, art. 25
02Customer due diligence and remote onboardingIdentify customers, representatives and beneficial owners from reliable sources before service, with equivalent controls for remote channels.6 عناصر+
Identify and verify every customer
- إجراء التنفيذ
- Identify permanent and occasional customers, whether natural persons, legal persons or legal arrangements, using reliable and independent documents, data or information. Verify any representative's authority and identity and prohibit anonymous or fictitious accounts.
- الأدلة الواجب الاحتفاظ بها
- Identity record, verification response, representative authority, source provenance and quality review
- المصدر الأساسي
- AML Law 001/2025, arts. 12-13
Understand purpose and expected activity
- إجراء التنفيذ
- Record the purpose and intended nature of the relationship, occupation or business, products, expected volumes, counterparties, countries, channels and source of funds where required by risk. Use the profile as the monitoring baseline.
- الأدلة الواجب الاحتفاظ بها
- Customer profile, expected-activity fields, source evidence, risk rationale and review triggers
- المصدر الأساسي
- Law 001/2025, art. 13; FIC Regulation 002/FIC/2023, arts. 6 and 9
Apply every CDD trigger and threshold
- إجراء التنفيذ
- Apply CDD when establishing a relationship; for an occasional cash transaction at or above FRW 10 million; an occasional wire transfer at or above FRW 1 million; a casino transaction at or above FRW 3 million; a real-estate purchase or sale regardless of amount; and a precious-metals or precious-stones cash transaction at or above FRW 15 million. Aggregate linked transactions, and also apply CDD whenever suspicion exists or prior identification data may be unreliable.
- الأدلة الواجب الاحتفاظ بها
- CDD trigger and equality matrix, linked-transaction logic, completed CDD cases, suspicion escalation and refreshed verification
- المصدر الأساسي
- AML Law 001/2025, art. 12; FIC Regulation 002/FIC/2023, art. 13
Verify before or during establishment
- إجراء التنفيذ
- Verify the customer and beneficial owner before or during establishment or an occasional transaction. Use deferred completion only within the narrow statutory conditions, complete it as soon as reasonably practicable and control the risks before verification finishes.
- الأدلة الواجب الاحتفاظ بها
- Verification chronology, permitted-deferral rationale, limits, approval, completion evidence and overdue restrictions
- المصدر الأساسي
- Law 001/2025, art. 16
Stop or exit when CDD cannot be completed
- إجراء التنفيذ
- When required CDD cannot be completed, do not open the account, begin the relationship or perform the transaction; terminate an existing relationship where required; and consider filing an STR where necessary. If CDD itself would tip off a suspected customer, stop the CDD process and file an STR.
- الأدلة الواجب الاحتفاظ بها
- Rejected or terminated case, reason, compliance decision, STR assessment, filing receipt and non-tipping-off controls
- المصدر الأساسي
- Law 001/2025, arts. 19-20
Make remote verification equivalent to face-to-face
- إجراء التنفيذ
- Identify and verify a non-face-to-face customer using procedures equivalent to face-to-face controls and implement measures against single or multiple fraudulent applications. Add document authenticity, biometric or equivalent, device, contact and behavioural controls proportionate to risk.
- الأدلة الواجب الاحتفاظ بها
- Remote-control design, document result, liveness or equivalent evidence, device signals, fraud rules, exceptions and quality review
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, art. 11
03KYB and beneficial ownershipVerify legal existence and authority, trace ownership and effective control, and reconcile AML analysis with RDB filings.6 عناصر+
Verify the legal person or arrangement
- إجراء التنفيذ
- Verify legal name, form, existence, registered and principal addresses, governing instruments, senior managers, registration, tax identifiers, licences and representative authority using RDB, ORG and other reliable independent sources.
- الأدلة الواجب الاحتفاظ بها
- Registry extract, governing documents, tax and licence checks, managers, representative authority and discrepancy log
- المصدر الأساسي
- Law 001/2025, arts. 13-14; RDB/ORG records
Identify the ultimate natural-person owner or controller
- إجراء التنفيذ
- Identify and take reasonable measures to verify the natural persons who ultimately hold a controlling ownership interest. If ownership does not reveal the beneficial owner or creates doubt, identify natural persons exercising control by other means; if none is identified, record the relevant senior managing official as the statutory fallback.
- الأدلة الواجب الاحتفاظ بها
- Ownership chart to natural persons, controlling-interest rationale, other-control analysis, verification and fallback record
- المصدر الأساسي
- Law 001/2025, arts. 2 and 14
Identify all legal-arrangement parties
- إجراء التنفيذ
- For a trust, identify and verify the settlor, trustee, protector where applicable, beneficiaries or class of beneficiaries and any other natural person exercising ultimate effective control. Apply equivalent analysis to a similar arrangement.
- الأدلة الواجب الاحتفاظ بها
- Trust or arrangement instrument, party register, identity verification, control map and beneficiary-class analysis
- المصدر الأساسي
- Law 001/2025, art. 14
Apply the current AML beneficial-owner cascade
- إجراء التنفيذ
- Law No. 001/2025 sets no percentage. Operationalise FIC Guidelines No. 002/2025 by identifying natural persons with more than 25% of shares, at least 25% of voting rights, control by other means and, only if no natural person is identified, the senior-management fallback. Use a conservative at-least-25% implementation where systems need one threshold and document the official-text distinction.
- الأدلة الواجب الاحتفاظ بها
- Ownership and voting chart, threshold logic, other-control analysis, verification, fallback record and legal rationale
- المصدر الأساسي
- AML Law 001/2025, art. 14; FIC Guidelines 002/2025
File, reconcile and refresh beneficial ownership
- إجراء التنفيذ
- For RDB/ORG filing, apply the registry guidance's at-least-25% ownership step plus control by other means. Keep the RDB and AML analyses separate and reconcile discrepancies. Update beneficial-owner information within 15 days after a change, after identifying outdated information, or after a specified risk trigger. Refresh higher-, medium- and lower-risk BO files at least every one, two and three years respectively, and maintain the internal register and supporting evidence.
- الأدلة الواجب الاحتفاظ بها
- Separate AML and registry analyses, RDB filing, 15-day change, stale-data and risk-trigger workflow, 1/2/3-year review calendar, internal register and reconciliation
- المصدر الأساسي
- FIC Guidelines 002/2025, section 6.3; RDB BO Guidelines
Verify licences and operating reality
- إجراء التنفيذ
- Confirm the entity holds every required sector licence; business registration alone does not authorise financial services. Compare directors, locations, websites, settlement accounts, contracts and transaction activity to the claimed business and escalate shell or nominee indicators.
- الأدلة الواجب الاحتفاظ بها
- NBR or CMA licence check, RDB record, operating-footprint evidence, account match, adverse information and decision
- المصدر الأساسي
- NBR Consumer Protection Booklet; applicable licensing law
04Risk, PEPs and targeted financial sanctionsOperate documented enterprise and customer risk assessment, mandatory PEP controls and immediate 2025 TFS measures.6 عناصر+
Assess enterprise-wide ML/TF/PF risk
- إجراء التنفيذ
- Identify, assess, understand and document risks from customers, beneficial owners, countries, products, services, transactions, delivery channels, technologies, agents and outsourcing. Update the assessment after material change and use Rwanda's national risk assessment as an input.
- الأدلة الواجب الاحتفاظ بها
- Approved methodology, data inputs, assessment, residual-risk decisions, update log and remediation plan
- المصدر الأساسي
- Law 001/2025; Payment Service Provider Regulation 2023, art. 46; Rwanda NRA 2024
Assign and explain relationship risk
- إجراء التنفيذ
- Assign a documented rating using ownership, PEP, sanctions, business, product, channel, transaction and geographic factors. Ensure risk drives CDD depth, approval, monitoring and review frequency and that overrides are controlled.
- الأدلة الواجب الاحتفاظ بها
- Scoring methodology, input data, rating, override record, approval and next-review date
- المصدر الأساسي
- Law 001/2025; FIC Regulation 002/FIC/2023
Identify PEPs and connected persons
- إجراء التنفيذ
- Use risk-management systems to identify whether a customer or beneficial owner is a foreign or domestic PEP or a person entrusted by an international organisation, and identify covered family members and close associates. Repeat screening throughout the relationship.
- الأدلة الواجب الاحتفاظ بها
- PEP screening, relationship map, source data, alert decisions and rescreening
- المصدر الأساسي
- Law 001/2025, art. 22
Apply mandatory PEP controls
- إجراء التنفيذ
- Obtain senior-management approval before establishing or continuing the relationship, take reasonable measures to establish source of wealth and source of funds and apply enhanced ongoing monitoring proportionate to risk.
- الأدلة الواجب الاحتفاظ بها
- Senior approval, source-of-wealth and source-of-funds substantiation, EDD file and monitoring plan
- المصدر الأساسي
- Law 001/2025, art. 22
Screen UN and domestic lists continuously
- إجراء التنفيذ
- Screen customers, beneficial owners, controllers, representatives and transaction parties against current UN and Rwanda domestic designation lists before onboarding, before relevant transactions and immediately after FIC list notices. Subscribe to and operationalise current FIC public notices.
- الأدلة الواجب الاحتفاظ بها
- Authoritative-list inventory, notice subscription, update log, screening results, alert decisions and QA
- المصدر الأساسي
- Law 001/2025; FIC Regulation 001/FIC/2025; FIC Public Notices
Execute the exact TFS without-delay sequence
- إجراء التنفيذ
- After FIC notification, complete screening within five hours. If there is no match, report that outcome within two hours after screening. If there is a match, apply the targeted financial sanctions and prohibitions and report within six hours after screening. Complete the full designation-to-screening-to-freezing-and-reporting process within 24 hours after designation. Without prior notice freeze or seize linked assets, prohibit direct or indirect availability and submit the required STR or SAR when designated assets are identified.
- الأدلة الواجب الاحتفاظ بها
- Designation, notification and screening timestamps, two-hour no-match report or six-hour match action, asset scope, freeze record, STR or SAR receipt and release authority
- المصدر الأساسي
- FIC Regulation 001/FIC/2025; January 2026 Without-Delay Guidance
05Enhanced due diligence and higher-risk controlsApply proportionate additional measures to higher-risk customers, jurisdictions, structures, products and counterparties.5 عناصر+
Apply EDD when risk or suspicion is elevated
- إجراء التنفيذ
- Obtain additional identity, ownership, business, purpose, source-of-funds and source-of-wealth information; require senior approval; deepen and increase monitoring; and document why residual risk remains acceptable.
- الأدلة الواجب الاحتفاظ بها
- EDD checklist, corroborating records, approval, monitoring plan and review date
- المصدر الأساسي
- Law 001/2025, art. 18; FIC Regulation 002/FIC/2023, art. 8
Apply high-risk-country measures without blanket de-risking
- إجراء التنفيذ
- Apply enhanced CDD and any FIC or supervisory countermeasures to relationships and transactions involving identified high-risk countries. Document the current authority, risk basis and humanitarian or legitimate-activity safeguards.
- الأدلة الواجب الاحتفاظ بها
- Country-risk methodology, FIC notice, EDD, countermeasure decision and exception governance
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, arts. 16 and 24
Control correspondent banking
- إجراء التنفيذ
- Before entering a cross-border correspondent or similar relationship, understand the respondent's business, ownership, reputation, supervision and AML controls; establish responsibilities; obtain senior approval; and prohibit shell-bank exposure and uncontrolled payable-through access.
- الأدلة الواجب الاحتفاظ بها
- Correspondent questionnaire, public-source checks, control assessment, approval, agreement and review
- المصدر الأساسي
- Law 001/2025, art. 23; FIC Regulation 002/FIC/2023, art. 17
Control third-party reliance
- إجراء التنفيذ
- Rely on another party only under the statutory conditions, obtain CDD information immediately, ensure records can be supplied within 24 hours after request and retain ultimate responsibility. Apply group controls where reliance is intra-group.
- الأدلة الواجب الاحتفاظ بها
- Reliance due diligence, agreement, information receipt, 24-hour retrieval test, monitoring and exit plan
- المصدر الأساسي
- Law 001/2025, art. 28
Investigate complex and unusual transactions
- إجراء التنفيذ
- Pay special attention to complex, unusual and large transactions with no apparent lawful or economic purpose. Examine background, source and purpose, document findings and submit the required report to FIC when the applicable rule requires.
- الأدلة الواجب الاحتفاظ بها
- Alert, investigation chronology, customer explanation, corroboration, written findings and FIC receipt
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, art. 12
06Monitoring, wires and payment-service controlsKeep CDD current, monitor activity and preserve complete originator and beneficiary information through every payment role.7 عناصر+
Monitor transactions throughout the relationship
- إجراء التنفيذ
- Monitor actual activity against the customer's purpose, business, source, expected behaviour and risk. Use appropriately calibrated scenarios, link related transactions and provide investigators with complete data and case context.
- الأدلة الواجب الاحتفاظ بها
- Monitoring coverage, data lineage, scenario inventory, alert cases, tuning, QA and metrics
- المصدر الأساسي
- Law 001/2025; Payment Service Provider Regulation 2023, art. 46
Refresh on risk and trigger events
- إجراء التنفيذ
- Update identity, beneficial ownership, business, expected activity, PEP, sanctions and risk information according to materiality and risk and after ownership changes, unusual activity, document expiry, new products or adverse information.
- الأدلة الواجب الاحتفاظ بها
- Risk-based review schedule, trigger feed, updated CDD, rescreening, rating and overdue controls
- المصدر الأساسي
- Law 001/2025, art. 17; FIC Regulation 002/FIC/2023, art. 15
Capture complete wire information
- إجراء التنفيذ
- Apply the required originator and beneficiary data to domestic and cross-border wire transfers, with the exact threshold treatment in the current FIC rule. Preserve account or unique-reference traceability and required identity and address or equivalent data.
- الأدلة الواجب الاحتفاظ بها
- Payment-message specification, validation, domestic and cross-border samples, traceability and exception report
- المصدر الأساسي
- Law 001/2025, arts. 25-27; FIC Regulation 002/FIC/2023, arts. 18 and 22
Apply ordering, intermediary and beneficiary duties
- إجراء التنفيذ
- Detect missing wire information and apply role-specific verification, retention, suspension, rejection, monitoring and STR decisions. Where one provider controls both sides, consider all information from the ordering and beneficiary sides when deciding whether to report.
- الأدلة الواجب الاحتفاظ بها
- Role matrix, missing-data rules, repair and reject queue, decision records, retention and STR receipt
- المصدر الأساسي
- Law 001/2025, arts. 25-27; FIC Regulation 002/FIC/2023, arts. 19-21
Obtain approval for agents and material outsourcing
- إجراء التنفيذ
- Obtain prior National Bank of Rwanda approval before using a payment agent and prior written approval before outsourcing an important operational function. Perform due diligence, contract for AML, privacy, records, audit and incident rights, train and monitor approved agents and providers, and retain accountability for outsourced controls.
- الأدلة الواجب الاحتفاظ بها
- NBR approvals, due-diligence file, contract, agent and provider registers, training, monitoring, incidents and termination log
- المصدر الأساسي
- Law 061/2021 governing payment systems, arts. 29-30
Perform PSP CDD before service and retain payer/payee identity
- إجراء التنفيذ
- A payment service provider must perform CDD and KYC before providing service and retain identification information for the payer and payee regardless of their location. Map this requirement into onboarding, payment-message, retention and retrieval controls.
- الأدلة الواجب الاحتفاظ بها
- Pre-service CDD gate, payer and payee fields, retention configuration and retrieval test
- المصدر الأساسي
- Payment Service Provider Regulation 2023, art. 45
Prevent shell-bank relationships
- إجراء التنفيذ
- A payment service provider and financial institution must not deal with shell banks or shell financial institutions or permit its accounts to be used by them. Screen counterparties and escalation indicators before and during the relationship.
- الأدلة الواجب الاحتفاظ بها
- Counterparty policy, ownership and physical-presence checks, attestations, screening and review
- المصدر الأساسي
- Payment Service Provider Regulation 2023, art. 46; Law 001/2025
07Reporting, records, privacy and assuranceMeet FIC reporting clocks, preserve ten-year evidence and operate Rwanda's controller and processor registration, breach and transfer controls.7 عناصر+
File suspicious activity within 24 hours
- إجراء التنفيذ
- Promptly submit an STR or suspicious-activity report to FIC within 24 hours using the template and electronic or other channel set by FIC. Report regardless of amount when the suspicion test is met and maintain strict non-tipping-off controls.
- الأدلة الواجب الاحتفاظ بها
- Case chronology, compliance decision, FIC report, submission receipt, access log and communication controls
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, art. 29; Law 001/2025, arts. 32 and 34
Submit threshold reports within two working days
- إجراء التنفيذ
- Under the published operational rule, report financial-institution cash at or above FRW 10 million, subject to the stated inter-financial-institution exception; an occasional-customer transaction above FRW 10 million; casino cash at or above FRW 3 million; precious-metals or stones dealer cash at or above FRW 15 million; and wire transfers at or above FRW 1 million. Preserve those greater-than versus at-least operators. Linked transactions are reportable when their combined total exceeds the applicable threshold. File the FIC template within two working days from the transaction day and confirm continued applicability under Law No. 001/2025.
- الأدلة الواجب الاحتفاظ بها
- Threshold and equality register, combined-total linked logic, reports, two-working-day timeline, receipts and legal confirmation
- المصدر الأساسي
- FIC Regulation 002/FIC/2023, arts. 31-32
Retain retrievable records for at least ten years
- إجراء التنفيذ
- Keep domestic and international transaction records, CDD files, business correspondence, analysis results, STRs and other FIC reports and supporting documents for at least ten years after the transaction, relationship termination or occasional transaction. Ensure swift retrieval for competent authorities.
- الأدلة الواجب الاحتفاظ بها
- Retention schedule, repository controls, sample retrieval, legal holds, access logs and deletion evidence
- المصدر الأساسي
- Law 001/2025, art. 21
Register controllers and processors and appoint DPOs when triggered
- إجراء التنفيذ
- Before operating as a data controller or processor, register with the Data Protection and Privacy Office and maintain a valid certificate. Apply for renewal within 45 working days before expiry and report changes. Appoint a personal-data protection officer when one of Article 40's statutory triggers applies, rather than treating appointment as universal. A non-established organisation processing data of people in Rwanda must designate a written representative in Rwanda.
- الأدلة الواجب الاحتفاظ بها
- Registration certificate, renewal diary, change notifications, Article 40 DPO assessment and appointment where triggered, local representative and processing inventory
- المصدر الأساسي
- Law 058/2021, arts. 29-36 and 40; DPO Registration Guide
Apply lawful, transparent and secure processing
- إجراء التنفيذ
- Map processing to a lawful basis, give required notices, limit data to stated purposes, maintain accuracy, define retention, support data-subject rights, log processing, protect data with appropriate technical and organisational measures and contractually govern processors.
- الأدلة الواجب الاحتفاظ بها
- Lawful-basis register, notices, records of processing, rights log, security tests, access review and processor agreements
- المصدر الأساسي
- Law 058/2021, arts. 4-17, 37-42 and 46-47
Meet the 48-hour and 72-hour breach clocks
- إجراء التنفيذ
- Communicate a personal-data breach to the supervisory authority within 48 hours after awareness and submit the detailed breach report no later than 72 hours. A processor must notify the controller within 48 hours. Communicate high-risk breaches to affected data subjects unless a statutory exception applies.
- الأدلة الواجب الاحتفاظ بها
- Incident chronology, 48-hour notice, 72-hour report, processor notice, subject communication and remediation
- المصدر الأساسي
- Law 058/2021, arts. 43-45; DPO Breach Report Form
Separate cross-border transfer grounds from offshore storage approval
- إجراء التنفيذ
- For a transfer outside Rwanda, document one of Article 48's alternative lawful grounds and the applicable safeguards; supervisory authorisation is not the only possible transfer basis. Separately, obtain the valid Article 50 certificate authorising storage of personal data outside Rwanda. Record destination, purpose, recipient, security, contracts and the selected statutory route.
- الأدلة الواجب الاحتفاظ بها
- Data map, Article 48 transfer assessment, safeguards, Article 50 storage certificate, contracts, security assessment and transfer register
- المصدر الأساسي
- Law 058/2021, arts. 48 and 50; DPO transfer, storage and retention guidance

7 مجال رقابي و43 فحص تنفيذ مع روابط مباشرة للمصادر التنظيمية.
حمّل قائمة KYC وKYB وAML الخاصة بـ رواندا
شارك بيانات العمل للوصول الفوري إلى قائمة التنفيذ الموثقة بالمصادر لـ رواندا. تاريخ المراجعة التنظيمية: 15 July 2026.
احصل على ملف PDF فورًا
أرسل بياناتك ليبدأ التنزيل تلقائيًا
مراجعة وموثقة بالمصادر
الإصدار 1.0، تمت المراجعة في 15 July 2026
موثوق به من فرق الامتثال الرائدة
سجل المصادر الأساسية
24 مصدرًا مستخدمًا في هذه القائمة
استخدم هذه الروابط للتحقق من التشريعات وإرشادات الجهات الرقابية وإجراءات الإبلاغ والبيانات الدولية.
- Law No. 001/2025 on prevention and punishment of money laundering, terrorist financing and proliferation financingFinancial Intelligence Centre Rwanda · primary
- Regulation No. 002/FIC/2023 relating to AML/CFT/CPFFinancial Intelligence Centre Rwanda · primary
- Regulation No. 001/FIC/2025 on targeted financial sanctionsFinancial Intelligence Centre Rwanda · primary
- FIC Guidelines No. 002/2025 on Transparency and Beneficial OwnershipFinancial Intelligence Centre Rwanda · primary
- Guidance on implementation of the without-delay principle for TFS, January 2026Financial Intelligence Centre Rwanda · primary
- FIC Guideline No. 001/2025 on AML/CFT/CPF Independent AuditFinancial Intelligence Centre Rwanda · primary
- FIC record-keeping guidance, January 2026Financial Intelligence Centre Rwanda · primary
- Law No. 002/2025 amending the law governing the Financial Intelligence CentreFinancial Intelligence Centre Rwanda · primary
- FIC public notices on current targeted financial sanctionsFinancial Intelligence Centre Rwanda · primary
- FIC mandate and reporting responsibilitiesFinancial Intelligence Centre Rwanda · primary
- 2024 National Money Laundering and Terrorist Financing Risk AssessmentFinancial Intelligence Centre Rwanda · primary
- Regulation governing payment service providers, 2023National Bank of Rwanda · primary
- Law No. 061/2021 governing the payment systemNational Bank of Rwanda · primary
- Payment systems legal instrumentsNational Bank of Rwanda · primary
- Beneficial Ownership GuidelinesRwanda Office of the Registrar General · primary
- Beneficial Ownership Requirements and FormsRwanda Office of the Registrar General · primary
- Beneficial Owners RegisterRwanda Development Board · primary
- Rwanda personal-data and privacy law guidanceData Protection and Privacy Office · primary
- Personal-data sharing, transfer, storage and retention guidanceData Protection and Privacy Office · primary
- Controller and processor registration guideData Protection and Privacy Office · primary
- Personal Data Breach Report FormData Protection and Privacy Office · primary
- Jurisdictions under Increased Monitoring, 19 June 2026FATF · primary
- AML Compliance in Rwanda 2026VOVE ID · contextual
- KYB in Rwanda 2026VOVE ID · contextual
إجابات مباشرة
أسئلة KYC وKYB وAML في رواندا
What is Rwanda's current AML law?+
Law No. 001/2025 of 22 January 2025 is the current national AML/CFT/CPF law. It repealed Law No. 028/2023.
How quickly must an STR be filed in Rwanda?+
The published FIC operational regulation requires prompt submission within 24 hours using the FIC template and prescribed channel.
What beneficial-owner percentage applies?+
Law No. 001/2025 sets no percentage. FIC Guidelines No. 002/2025 use more than 25% of shares, at least 25% of voting rights, control by other means and senior-management fallback; RDB guidance uses at least 25% plus control. A conservative at-least-25% implementation should document these official-text distinctions and keep AML and registry analyses separate.
What are Rwanda's personal-data breach deadlines?+
The controller communicates the breach to the supervisory authority within 48 hours after awareness and submits the detailed report no later than 72 hours. A processor notifies the controller within 48 hours.
منهجية البحث والمراجعة
تحدد VOVE ID Compliance Research النطاق التنظيمي، وتحول الالتزامات إلى ضوابط تشغيلية، وتربط الادعاءات الجوهرية بالمصادر، وتسجل تاريخ وإصدار كل مراجعة.
VOVE ID Compliance Research · تاريخ المراجعة 15 July 2026 · الإصدار 1.0
This checklist is general compliance information, not legal advice. Law No. 001/2025 is the current national AML/CFT/CPF baseline and repealed Law No. 028/2023. FIC Regulation No. 002/FIC/2023 is cited because FIC continues to publish it for operational reporting, CDD, wire and threshold rules; confirm its current application and any replacement or amendment directly with FIC. Add the current sector rules of the National Bank of Rwanda, Capital Market Authority, insurance, gaming, professional or other competent supervisor before implementation.