RWANDA Trends and Developments Contributed by: Molly Rwigamba, Happy Mukama, Dominic Ococ and Erick Mugisha, RR Associates
ing fit and proper requirements for board members and senior management. For larger electronic money issuers, Article 16 of the above regulation requires applicants to show that their board has a balance of skills, experience, and diversity, and to appoint at least four senior manag - ers, including a Chief Executive Officer, Chief Finance Officer, Head of Risk and Compliance, and Head of Information Technology. Similar requirements apply to money remittance services. In addition, Regula - tion Number 01/2018 on Corporate Governance for Banks requires banks to establish a Board IT Commit - tee responsible for supervision of technology strategy, monitoring IT risks, and ensuring alignment with busi - ness objectives. Fintech activities are also supervised through the reg - ulatory sandbox established under Regulation Num - ber 41/2022 of 13 April 2022 governing the regula - tory sandbox. Entry into the sandbox requires proof of innovation, adequate governance arrangements, and management by persons who meet fit and proper standards. These requirements remain in place dur - ing the testing phase. The Capital Market Authority applies similar rules under Guidelines Number 002/ CMA_G/2023 of 27 April 2023 governing the fintech regulatory sandbox for capital markets in Rwanda, which require disclosure of directors, shareholders, and key personnel, together with evidence of risk management systems. Further direction is provided by the Fintech Strategy 2024–2029, which places fintech within a co-ordinat - ed framework involving the central bank and other public institutions. It calls for clear regulatory guidance and ongoing consultation on new technologies. As a result, technology and digital finance are treated as matters for board supervision, with responsibility for governance, risk management and compliance resting at board level rather than being left only to manage - ment. Artificial intelligence in financial services Rwanda has not yet enacted specific legislation on artificial intelligence in the financial sector. The main instrument is the National Artificial Intelligence Policy (April 2023), developed by the Ministry of ICT and
Innovation with RURA, GIZ FAIR Forward and The Future Society. The Policy requires financial institu - tions, particularly in banking and digital payments, to integrate AI ethics into internal governance, including assigning AI ethics functions to chief digital officers and placing responsibility on boards and senior man - agement. From a governance perspective, AI systems must operate within a framework overseen by RURA, which develops sector-specific ethical guidelines. In addi - tion, AI-related data practices must comply with the Data Protection and Privacy Law enforced by the National Cybersecurity Agency, creating direct com - pliance obligations for boards and management. Artificial intelligence is already used within the finan - cial sector in Rwanda in areas such as credit scor - ing, customer verification, fraud detection, and com - pliance monitoring. The Policy requires that such systems remain subject to human supervision and internal accountability, and emphasises the need for skilled personnel, reliable data systems and secure infrastructure. The governance of artificial intelligence in financial institutions is indirectly regulated by Law Number 058/2021 of 13 October 2021 relating to the Protec - tion of Personal Data and Privacy. Article 4 requires that personal data be processed lawfully and in a manner that protects the rights of individuals. Also, Article 21 states that a person has the right not to be subject to decisions based solely on automated processing where such decisions produce legal or sig - nificant effects, requiring review and accountability in systems such as credit assessment and compliance. Further governance obligations arise in accordance with Regulation Number 50/2022 of 02 June 2022 on Cyber Security in Regulated Institutions, which places responsibility for technology systems on the board and senior management. It requires govern - ance frameworks, setting up board IT committees, and board-approved policies on data governance, access control and system security, ensuring over - sight, internal controls and monitoring of automated systems in financial institutions.
594 CHAMBERS.COM
Powered by FlippingBook