Rwanda
Law governing Credit Reporting System
Law 73 of 2018
- Published in Official Gazette 37 on 10 September 2018
- Assented to on 31 August 2018
- Commenced on 10 September 2018
- [This is the version of this document from 10 September 2018.]
Chapter One
General provisions
Article One – Purpose of this Law
This Law governs credit reporting system.Article 2 – Definitions
In this Law, the following terms are defined as follows:1°negative data: information on data subject with legal personality that covers facts not complying with contractual provisions including statements about payment defaults, arrears and bankruptcies. It may include statements about lawsuits, liens and judgments that are obtained from courts or other competent institutions;2°positive data: information on data subject with legal personality that covers facts of contractually compliant behaviour. It includes detailed statements about outstanding credit, amount of loans, repayment patterns, assets and liabilities, as well as guarantees or collateral for these loans;3°credit history: record of data of the subject’s behaviour with regard to payment of his/her past or current loans or fulfilment of other obligations under any type of credit;4°credit bureau: type of credit reporting system whose primary objective is to collect and store credit information received from creditors and other sources on individuals and entities with legal personality and develop credit reports and other services to creditors and other persons engaged in providing goods and services subject to deferred payment;5°credit registry: type of credit reporting system whose main objective consists of collecting credit information on individuals and legal entities, regulated by the Central Bank to assist it in effectively fulfilling its mandate;6°data subject: an individual or a legal entity whose data may be collected, processed and disclosed to third parties in a credit reporting system;7°credit report: service provided through credit reporting systems and including relevant information about credit payment history by individuals or legal entities;8°credit reporting system: the institutions, individuals, rules, procedures, standards and technology that enable information flows relevant to making informed decisions related to credit agreement;9°user: an individual or a legal entity that requests credit reports, files or other related services from credit reporting service providers, under pre-defined conditions and rules in accordance with this Law;10°credit: a loan, any other commitment between a data subject and a creditor or any other person where deferred payment is provided;11°consent: a document made and confirmed by a data subject accepting collection, processing and disclosure of personal data;12°data provider: creditors and other entity that, in a structured fashion, supplies information to the credit reporting service providers;13°credit reporting service provider: a legal entity that administers a credit reporting system as a credit registry or credit bureau;Chapter II
Credit data transmission
Article 3 – Data providers
Data providers are the following:1°banks;2°insurance companies;3°microfinance institutions;4°telecommunication companies;5°public service utilities;6°trader;7°a company that offers products and services subject to deferred payments.The Central Bank may designate additional data providers that must transmit data to the credit bureaus or credit registry.Article 4 – Obligations of a data provider
A data provider has the following obligations:1 °to collect information from the data subject on the basis of contractual obligation with the data provider;2°to maintain accurate information and without error;3°to provide information, on a systematic basis, to the credit reporting service providers in accordance with a pre-established schedule of data transmission.A data provider is accountable for any transmission of incorrect information to the credit reporting service providers.Article 5 – Mandatory data transmission
The following have the obligation to provide credit information:1°banks and micro-finance institutions that extend credit or engage in lending must report credit information to the credit registry;2°banks, micro-finance institutions that extend credit or engage in lending, insurance companies, telecommunication companies and public services utilities must report credit information to the operator of credit bureaus.The data providers are subject to the data subject a privacy notice prior to submitting the information to the respective operator of credit Bureau or to the credit registry.Data providers specified in paragraph one and 2 of this Article must comply with the rules for data transmission issued by the Central Bank.Article 6 – Voluntary data transmission
Trader or any other company providing services which implies a deferred payment may submit data to the operator of credit Bureau in accordance with rules for data transmission included under data standardization manual developed by the Central Bank.Credit reporting service providers may enter into agreement with government agencies to collect information considered necessary to enhance the performance of the operator of credit Bureau or credit registry.Article 7 – Requirements for data transmission
A data provider submits information that reflects the situation of the data subject and the guarantor, including positive and negative data.Specifically, a data provider must:1°transmit complete, accurate and timely credit information or other relevant data;2°transmit data to the operator of credit bureau on a systematic basis;3°update credit information in accordance with procedures developed by the Central Bank;4°in case of a data provider regulated by the Central Bank, submit data to the credit registry on a systematic basis and update credit information in accordance with regulations of the Central Bank.Operators of Credit bureau and the credit registry may generate rejected files reflecting the errors included in the data provider’s files for their correction before those files are uploaded.The Central Bank issues a regulation establishing the minimum requirements on data quality for voluntary data providers regarding transmission of data and access of data from the operator of credit bureau.Chapter III
Activities of an operator of credit bureau
Section One – License to carry out activities of an operator of credit bureau
Article 8 – License to carry out activities of a credit bureau
A license to engage in operating credit bureau is issued by the Central Bank.A license to operate a credit bureau is not transferable.The operator of credit bureau cannot engage in activities other than those specified in this Law or as approved by the Central Bank.Article 9 – Licensing criteria for operating a credit bureau
The Central Bank assesses whether a person who applies for a license to operate a credit bureau fulfils the following:1°to be a company incorporated in Rwanda according to the Law relating to companies;2°where a shareholder is a bank, a microfinance institution, any other financial institution or any other use, such a shareholder should not have more than fifteen per cent (15%) of shares or the voting rights in the proposed credit bureau.3°to have the paid-up capital prescribed by the Central Bank;4°to have an investment plan of the capital that complies with the Central Bank regulation governing investment of operators of credit bureaus;5°to have sufficient transparency in the ownership structure and governance arrangements of the company;6°to have human and operational resources that are adequate to perform its function efficiently and safely;7°to have premises, networks, data governance and supporting infrastructure which are suitable for the intended activities;8°to have adequate security systems in place to avoid loss, corruption, destruction or unauthorized access to data and network;Other Licensing criteria of a credit bureau are determined by the regulations of the Central Bank.Article 10 – Rejection of an application for license to operate a credit bureau
The Central Bank may reject an application for a license to carry on credit bureau business if:1°the applicant fails to satisfy any requirement;2°there is incomplete information or a material error in the application,When there is incomplete information or a material error in the application, the Central Bank, within two (2) months after receiving the application, notifies the applicant to rectify the situation within thirty (30) calendar days after receipt of the notification.Where the applicant fails to provide complete information or rectify material error within a period provided in paragraph 2 of this Article, the Central Bank communicates to the applicant in writing the final decision of rejection of the application.Section 2 – Functioning of credit bureau
Article 11 – Obligations of an operator of a credit bureau
An operator of a credit bureau collects, processes and disseminates data for the purpose of evaluating the creditworthiness or re-payment behaviour of individuals and legal entities.An operator of a credit bureau ensures that the service is secure, reliable, efficient, and that the credit reporting solution is capable of delivering credit reports and any other related products and services in compliance with the provisions of this Law.Article 12 – Obligations to have a Board of Directors
An operator of a credit bureau must have a Board of Directors consisting of members who must have an overall understanding of the operations and information technology systems of the credit bureau.The number of members of the Board of Directors for the Credit Bureau is determined by the regulations of the Central Bank.Article 13 – Obligations of the Board of Directors of operator of a credit bureau
Without prejudice to the provisions of the Law governing companies, the Board of Directors of operator of a credit bureau has obligations to ensure that:1°the operator of credit bureau’s activities is conducted in full compliance with the provisions of this Law;2°governance of the operator of credit bureau takes into account responsibility, authority, communication and delegation of powers;3°relevant aspects related to data integrity, security, accessibility, business continuity, product development, data governance and privacy are adequately addressed;4°decisions made by the operator of credit bureaus in respect to investment, outsourcing of processes, information technology management, product development and data subject’s complaints handling are transparent and clear;5°international standards developed by International Organization for Standardisation are complied with.Article 14 – Corporate governance standards and principles
The Central Bank issues by regulation corporate governance principles and standards that guide the operator of a credit bureau.Article 15 – Requirements for credit reporting service providers
Operator of credit bureau must:1°have adequate technology, protocols and procedures to ensure that data uploaded into the credit reporting system is accurate;2°provide credit reports and any other related and permitted services in accordance with the provisions of this Law;3°develop adequate communication and connectivity protocols to receive data effectively and safely from data providers;4°take steps to ensure that the data subject information collected is duly protected against any loss and unauthorized access;5°ensure that their shareholders, members of Board of Directors, senior officers, employees or agents, observe a permanent obligation of confidentiality with regard to the information provided to them in accordance with the provisions of this Law;6°develop validation rules and tools ensuring adequate data quality in the respective databases;7°establish a data subjects protection unit to handle data subject inquiries related to the credit reporting system they operate;8°maintain record of all services provided.Section 3 – Suspension of an operator of a credit bureau
Article 16 – Revocation of a license to carry out activities of a credit bureau
The Central Bank may revoke a license granted to an operator of a credit bureau if the operator:1°has not commenced operations within twelve (12) consecutive months from the date on which the license was granted;2°has obtained the license through false statements or fraudulent means;3°makes a written request to have the license revoked;4°no longer meets the applicable licensing criteria;5°is found to be in violation of law or in material breach of any regulation of the Central Bank, which affects its solvency, the effectiveness of its operations or public trust.When the Central Bank decides to revoke a license, it immediately notifies the operator of a credit bureau provider of its decision and the grounds thereof.Article 17 – Activities in case of winding up a credit bureau
If an operator of a credit bureau winds up its operations either voluntarily or involuntarily, following a court decision or after the Central Bank revokes the license, the operator of a credit bureau delivers the complete database and backup copies of data subjects’ information to the Central Bank.The database is accompanied by sufficient technical instructions and support to ensure that the database may be successfully imported into a successor credit bureau system.After verification of the integrity of the database received, the Central Bank orders the operator of a credit bureau that wound up its operations to erase all database records of data subjects’ information from all its storage and provide sufficient documentation to the Central Bank evidencing that erasure.Chapter IV
Collect, conservation and credit reporting
Section One – Collection of credit information
Article 18 – Data quality of information in credit reporting
The credit reporting service provider administers information that is accurate, without error and updated. Data in credit reporting system must be:1°collected from lawful and relevant sources;2°necessary and relevant to obtain valid identification of the data subject, to evaluate the credit worthiness of the data subject and build its credit history.Article 19 – Purpose of information collection
The information is collected for the purpose of:1°identifying the data subject;2°reflecting the data subject’s repayment behaviour of credit, loan and fulfilment of other financial obligations;3°facilitating an effective monitoring of the data subject’s payment behaviour and fulfilment of commitments as regards its financial obligations implying regular payment.Particular, the Central Bank collects information for the following purpose:1 °collect information related to any credits and loans provided by all banks and other financial institutions regulated by the Central Bank;2°monitor the quality of information collected from data providers and credit bureaus;3°support banking and financial supervision and regulation and any other Central Bank function as may be necessary for a successful fulfilment of its mission.The Central Bank may issue operating manuals governing operations of the credit registry.Article 20 – Determination of key items to be included in the credit bureaus
The Central Bank, in a standard data format, determines the key items to be included in the credit bureaus.The key items must at the minimum, contain information that allows creditors to adequately and uniquely identify the data subject in the credit reporting system and credit information details that enable the development of a data subject’s credit history.The Central Bank may, by a regulation, determine additional data that must be collected by data providers and submitted to the credit reporting service providers.Article 21 – Permissible additional information for operator of credit bureaus
Operator of credit bureau may collect additional information from other data sources including:1°courts on judgments related to debts and insolvency proceedings;2°the collateral registry office on information related to collaterals;3°the companies’ registry office on information on companies’ composition, sector and status;4°the fiscal authorities on information on tax law compliance;5°the liquidator of business activities;6°any other person or entity holding information deemed necessary for the adequate evaluation of credit worthiness of data subjects.For the purpose of Paragraph One of this Article, an operator of credit bureau can enter into contract with public institutions holding information on identification of individuals or legal entities to validate collected information.Article 22 – Authorization for additional data collection
The operator of credit bureau collects additional information which is subject to prior consent of the data subject save for the competent State organs.Collecting additional information must comply with the relevant legislation.Section 2 – Conservation of credit information
Article 23 – Data security
The credit reporting service provider protects the reporting system against any data loss, unauthorized access, use or disclosure.Credit reporting service provider, data providers and users participating in any type of credit reporting system must institute data recovery plan in case of data corruption and activity resumption plan after data damage.Article 24 – Time limit for data conservation
Credit information is retained within the following time limit:1°the credit report service provider retains and makes available to users positive information regarding data subject collected by credit bureaus for a period of five (5) years starting from the final date for payment.2°negative information regarding data subject credit history is retained and made available to users until the expiry of a period of five (5) years from the date of final settlement of the amount in default.3°credit bureaus make available positive and negative information obtained from public sources to users for a period of five (5) years from the date of transmission or receipt of the information.Article 25 – Confidentiality
A credit reporting service provider makes confidential credit information and other relevant information included in the credit bureau or the credit registry unless otherwise provided by laws.Credit reporting service providers, data providers and users must ensure that their shareholders, directors, senior officers, employees or agents, observe a permanent obligation of confidentiality with regard to the information.A data provider that reports information to a credit bureau must do so in complying with the legislation applicable on privacy and on confidentiality.Credit reporting service providers, data providers and users ensure that confidential information is not disclosed to any third party other than the persons authorized or is done contrary to the provisions of this Law.Any person, including data providers’ employees, credit reporting service providers’ employees and a person who, in the course of providing any service to them receives, compiles or processes, uses or discloses credit information, must perform these activities in accordance with this Law and its implementing regulations by the Central Bank as well as other laws applicable in Rwanda.Article 26 – Exceptions to confidentiality requirements in exchange of information
Without prejudice to the provisions of Article 25 of this Law, the Central Bank may exchange confidential information included in the credit registry with other authorities based on existing memorandum of understanding for exchange of information between authorities provided that such exchange is justified by legally recognized purpose.Operators of credit bureaus operating under a license may exchange confidential information with third parties located outside Rwanda at the written request of the data subject.Section 3 – Credit data flow
Article 27 – Permissible purposes in data flows
In credit reporting system in Rwanda, personal data are received and processed for legally recognized purposes.Personal data are received and processed for legally recognized purposes are not retained for more than the appropriate period compared to such purposes.The Central bank collects and processes credit information and other related data to fulfil its supervisory and monetary policy mandate and may disseminate such information, upon request and in accordance with the law.An operator of credit bureau collects, processes and disseminates credit information and other related data to enable creditors and other entities make informed decisions about the provision of credit, goods or services subject to deferred payment.Article 28 – Obligation of informing data subject
Data providers must, using a standard privacy note prescribed by the Central Bank, inform data subjects about their data transmission to the operator of credit bureau or to credit registry.The privacy note specified in Paragraph One of this Article includes the following:1°information related to the type of data processing that is going to take place using data subjects’ information;2°categories of users that can access the processed information;3°names of the operators of credit bureaus;4°specific procedures for data subjects to exercise their rights.Article 29 – Data subject consent to disclosure
Data providers other than a bank, an insurance company, a microfinance institution, a telecommunication company, public utility organs and other State organs must request data subjects’ consent prior to submitting the data to the operator of credit bureau.Data provider’s failure to prove the choice made by data subjects to submit their data to the operator of credit bureau renders the concerned data provider liable for such violation of data subjects’ right as provided by regulation of the Central Bank.The Central Bank specifies a standard consent clause referred to in Paragraph One of this Article.Article 30 – Data subject consent to user’s access
The data user obtains consent of the data subject prior to accessing its information. The Central Bank specifies a standard consent clause to be included as an integral part of the loan contract or service agreement document.Data users and credit reporting service providers must prove that no information has been accessed without data subject’s consent. Failure to present such a proof, subject the user and credit reporting services providers to sanctions in accordance with the Central Bank’s regulations.However, this requirement does not apply to the Central Bank or any other State organ in the exercise of its responsibilities and to the data subject on its own data.Section 4 – Use of credit information
Article 31 – Authorised users of credit bureaus services
Authorised users of credit bureaus services are the following:1°banks, microfinance institutions and any other financial institution providing any type of credit;2°legal entities engaged in the provision of goods and services subject to deferred payments;3°user from public or parastatal institutions intending to use the information in connection with a determination of the data subject eligibility for a license or other benefit granted by a government agency required by law to consider an applicant’s financial responsibility or status;4°users intending to use the information in connection with a data quality dispute initiated by the data subject;5°data subject as regards to its own credit history;6°another organ with a legitimate interest or authorized by the Central Bank.Article 32 – Requirements for access to credit information at the credit bureau
Access to credit reporting systems is restricted to users that have valid reasons to access such information.Users intending to access information which is in a credit bureau submit a request for credit information to the operator of the credit bureau.Article 33 – Reasons for access to data which are in credit registry
Users of credit information which is in the credit registry access to data under the following reasons:1°on-site and off-site inspections under a regular bank and other financial institutions supervisory function;2°to calibrate regulatory measures related to prudential supervision;3°any other circumstance in relation to the Central Bank’s legal mandate.Article 34 – Permissible purposes for access to credit reporting services
An operator of a credit bureau provides credit reporting services to the users for the following purposes:1°to assess a credit or loan application based on an existing data subject request, its extension, restructuring or limit the increase of the amount of loan;2°to assess an insurance application or claim;3°to assess a request for service that involves a deferred payment;4°to review or monitor existing loans or credits;5°to respond to the request by the competent court based on a court order;6°to respond to a Government entity which is entitled to it in accordance with the law;7°to detect and put in place measures to prevent fraudulent activities;8°to respond to a data subject’s request on its own data;9°to respond to supervisory or regulatory authorities in accordance with the law;10°any other purpose as may be approved by the regulations of the Central Bank.Credit reporting service providers establish processes, procedures and rules for users to access the credit bureaus or credit registry services.Access to credit bureau and credit registry is subject to appropriate security measures, including internet protection addresses, passwords or other appropriate double authentication technology.Section 5 – Data subject’s rights
Article 35 – Right to receive complete information
Operator of credit bureau and data providers must inform data subjects about the purpose for data collection, the users, the name of the responsible person for the database, key aspects of their rights to obtain copies of their credit report and process to challenge erroneous information.The data subject is informed of any adverse action taken against him or her related to change in the loan, credit or service conditions or if he/she has been refused a loan, credit or service depending on the data which are in the credit report.Article 36 – Right of the data subject to access his/her own information
A data subject has the following rights:1°to access information relating to him/her kept in any operator of credit bureau in accordance with the regulation of the Central Bank;2°to access his/her credit report at least once a year, at no cost. Additional reports may be requested by a data subject with a fee, in accordance with applicable regulation of the Central Bank;3°to receive a copy of the credit information contained in the database including names of the users that accessed such information in the last six (6) months since data access request.Article 37 – Right to request for correction of information
A data subject is entitled to request for correction of any incorrect, inaccurate or incomplete credit information included in the credit reporting system at any time.Article 38 – Right for challenging data
When a data subject realizes that the information contained in the credit bureau database is inaccurate, erroneous, insufficient, incomplete or outdated, he/she may notify the operator of credit bureau in writing and request that the information disputed be corrected.An operator of a credit bureau receiving a claim challenging information included in its database must revisit its database to ensure that a claim is founded or not.If the data provider had provided correct data which thereafter underwent erroneous operations or changes in the processing stage by the operator of a credit bureau, the bureau corrects the information disputed without involving the data provider, and notify the data subject of the correction made.If verification proves that the Credit reporting service provider submitted wrong information about the data subject to the operator of credit bureau, the operator of credit bureau informs the relevant data provider and requests the concerned data provider to respect the guidelines in place to handle the request within ten (10) working days.The decision taken by the data provider on a data subject’s request for correction of information is notified to the data subject, in writing within ten (10) working days.Article 39 – Respect of rights of data subject
Credit reporting service providers, data providers and users must respect and apply the rights of the data subject regarding his/her data as provided for by this Law.Article 40 – Requirements concerning the rights of a data subject
While applying the rights of the data subjects, the following requirements must be met:1°a dedicated unit of the operator of credit attends to claims and requests from data subject and provides to the data subject a copy of his or her credit report if the latter has provided proof of identification;2°the Central Bank publishes on its website relevant information regarding the credit reporting system in Rwanda.Article 41 – Content of information to be disclosed to the public
Information that the Central Bank discloses to the public, must include:1°name and contact details of all licensed credit bureaus;2°name and contact details of the credit registry;3°information regarding the objectives of the credit bureaus and credit registry, their data sources and their users;4°information regarding the data subjects’ rights and the process for implementing those rights;5°a link to this Law and any relevant regulation or appropriate guidelines issued in respect of credit reporting systems;6°any other aspects that are considered necessary by the Central Bank.Chapter V
Obligations and powers of Central Bank in credit reporting
Article 42 – Carry out inspection
The Central Bank has the obligations to appoint inspectors when considered necessary or empower any other competent person to carry out an on-site inspection of an operator of credit bureau, a data provider or a data user.In the course of on-site inspection, the Central Bank inspectors or any other person appointed by the Central Bank for inspection of an operator of credit bureau, data provider or a data user, enters any place of business of the latter for purpose of supervision.The operator of credit bureau, the data provider or the data user being inspected must provide the required data maintained by such entity or individual or by a third party in original, soft or hard copy, in written or in any other form as may be required and available.The data provider obtains an acknowledgment of receipt certifying that such data were received by the inspectors of the Central Bank or competent person appointed in accordance with this Law.Any information obtained in the course of or resulting from examinations or supervisory process is confidential and only available to the Central Bank.Article 43 – Supervisory powers of the Central Bank
While carrying out inspection, the Central Bank has the following powers:1°to supervise the activities of the credit reporting service providers, data providers and users;2°to review and approve operating procedures of credit reporting service providers on data accuracy and integrity and fee structures, as it considers appropriate;3°to instruct the transmission of reports and other information necessary for effective and efficient supervision;4°to conduct audit of books, accounts, documents, transactions, and any other information relating to the operator of credit bureau, data providers and data users if considered necessary and conduct technical audits.Article 44 – Maintenance of the credit registry operations
The Central Bank is responsible for the operations of the credit registry.The Central Bank develops and maintains an adequate database or empowers a third party acting on behalf of the Central Bank to develop and maintain such database.The Central Bank or a person empowered to maintain the credit registry is subject to data quality, confidentiality, data security and data subject’s rights provided for by this Law.However, a third party empowered to run the Credit registry on behalf of the Central Bank is not allowed to:1°establish a credit bureau in Rwanda;2°transmit data to credit registries operating in Rwanda;3°disclose on behalf of the Central Bank or on its own behalf any information obtained in course of performing his/her duties.Article 45 – Setting up security measures in data disclosure
The Central Bank provides for security measures including:1°agreement between the credit reporting service provider authorized to operate as an operator of credit bureau’s license and the third-party service provider specifying conditions of the service regarding the data;2°security measures document indicating the specific steps undertaken by partners of the credit reporting service provider in order to ensure perfect protection and integrity of the database;3°clear accountability for data misuse or unauthorized access, loss, corruption or destruction.Article 46 – Powers of the Central Bank over cross-border data flows
The Central Bank may approve the sharing of credit information beyond borders of the Republic of Rwanda, subject to terms and conditions of an agreement between Rwanda and those States or a memorandum of understanding between the Central Bank and the relevant authority of the concerned country.Article 47 – Regulation powers
The Central Bank issues regulations, instructions and guidelines for Credit reporting service providers, data providers and users to ensure compliance with provisions of this Law.Article 48 – Other powers of the Central Bank
The Central Bank also has the following powers:1°to issue and revoke the license of operator of credit bureau;2°to monitor modalities of compliance with proper standards of conduct, ensure safety and efficiency of credit information reporting practices;3°to impose administrative sanctions to those infringing this Law as well as regulations and instructions issued by the Central Bank.Chapter VI
Advisory Credit Reporting Council
Article 49 – Establishment of the Advisory Credit Reporting Council and its members
An Advisory credit reporting Council is established.An Order of the Prime Minister determines responsibilities of the Advisory credit reporting Council, appoints of its members and their term of office.Chapter VII
Faults, offences and penalties
Section One – Faults and administrative sanctions
Article 50 – Faults and administrative sanctions
A credit reporting service provider or a data provider that performs the following acts:1°to unlawfully modify, delete or damage information from its database;2°to fail to adopt security measures that are necessary to protect data from unauthorized access or misuse;3°to fail to adopt data quality control and to monitor the files to load into the credit bureau;4°to fail to collaborate with the supervisor during the examination process or to provide required reports or information to the supervisor;5°any other act infringing upon the provisions of this Law;commits a fault.He/she is liable to administrative sanctions determined by the regulations or instructions of the Central Bank.Section 2 – Offences and penalties
Article 51 – Unlicensed credit reporting services
Any person who:1°administrates a credit bureau without a license;2°uses the words "credit bureau" or “credit reporting service provider” or related terms in its corporate names or its trade names without license;commits an offence.Upon conviction he/she is liable to imprisonment for a term of not less than three (3) years and not more five (5) years and a fine of not less than five million Rwandan francs (FRW 5,000,000) and not more than ten million Rwandan francs (FRW 10,000,000).Article 52 – Fraudulent use and disclosure of credit information
Any person who:1°fraudulently manipulates and discloses credit information contained in the credit reporting service provider’s database;2°knowingly provides false information to a credit reporting service provider;commits an offence.Upon conviction, he/she is liable to imprisonment for a term of not less than six (6) months but not more than two (2) years and a fine of not less than three million Rwandan francs (FRW 3,000,000) but not more than five million Rwandan francs (Frw 5,000.000) or one of these penalties only.Article 53 – Offences committed by a company, organization, body, association or an umbrella of associations with legal personality
Where an offence provided for by this Law is committed by a company, organization body, association or an umbrella of associations with legal personality and there is evidence that the offence is committed due to its consent, negligence or bad faith of the following persons:1°an official at any level, a manager, a secretary or a staff member;2°a person who usurped the power referred to in item 1° of Paragraph One of this Article following the position he/she has or used to have;commits an offence.Upon conviction, the legal entity is liable to a fine of not less than twenty million Rwandan francs (FRW 20,000,000) and not more than fifty million Rwandan francs (FRW 50,000,000) or its dissolution.The criminal liability of the company, institution or organization, body, association or an umbrella of associations with legal personality provided for in Paragraph One of this Article does not exclude criminal proceedings against the offenders or their accomplices.Chapter VIII
Transitional and final provisions
Article 54 – Validity of acts performed
Acts performed under Law n° 16/2010 of 07/05/2010 governing credit information system in Rwanda remain valid.Article 55 – Drafting, consideration and adoption of this Law
This Law was drafted in English, considered and adopted in Ikinyarwanda.Article 56 – Repealing provision
Law n° 16/2010 of 07/05/2010 governing credit information system in Rwanda and all other prior legal provisions contrary to this Law are repealed.Article 57 – Commencement
This Law comes into force on the date of its publication in the Official Gazette of the Republic of Rwanda.History of this document
10 September 2018 this version
Commenced
31 August 2018
Assented to