Rwanda
Regulation governing the Regulatory Sandbox
Regulation 41 of 2022
- Published in Official Gazette 16 bis on 18 April 2022
- Assented to on 13 April 2022
- Commenced on 18 April 2022
- [This is the version of this document from 18 April 2022.]
Chapter One
General provisions
Article One – Purpose
This regulation aims at:1°enabling innovative financial product, services, and solutions to be deployed and tested in a live environment prior to launch into the marketplace, within specified parameters and timeframes;2°fostering responsible financial innovations that benefit financial consumers by improving the quality of, access to and usage of the financial products and services; and,3°setting application eligibility requirements and appropriate safeguards to identify and manage potential risks.Article 2 – Scope of regulation
This regulation is applicable to:1°the financial institutions licensed and/or supervised by the Central Bank, and;2°the legal entity alone or in partnership with a financial institution or with any individuals with innovative financial product, service, and solutions.Article 3 – Definitions
In this regulation, the following terms have following meanings:1°applicant: means any financial institution or legal entity which has applied for the Central Bank’s approval to participate in the regulatory sandbox;2°participant: means any financial institution or legal entity which has been approved by the Central Bank to participate in the regulatory sandbox;3°regulatory sandbox: a live, contained environment in which participants may test their product, service, or solution subject to the requirements under this regulation;4°customer: a select group of users to which participants will provide their products or services during the regulatory sandbox;5°Financial Institution: any Institution licensed and/or supervised by the Central Bank that provides financial services and products.6°Legal entity: any cooperative, company and or partnership as defined in their respective laws in Rwanda.Chapter II
Eligibility criteria
Article 4 – Eligibility criteria for participants
Any applicant seeking the Central Bank approval to participate in the regulatory sandbox must demonstrate that:1°the financial product, service or solution is genuinely innovative with clear potential to:a.improve accessibility, efficiency, security and quality in the provision of innovative services;b.enhance the efficiency and effectiveness of management of risks;c.address gaps in or open up new opportunities for financing or investments in the country; and,d.be in real need and will bring benefits to financial consumers or the financial industry.2°innovative financial products and services as well as related solutions do not clearly correspond to products or services currently regulated under existing laws and regulations or represent a hybrid product or services or will be provided differently;3°innovative financial products and services are those that are likely to fall under the supervisory scope of the Central Bank or where the core product or service is likely to be regulated by the Central Bank;4°He or she has conducted an adequate and appropriate assessment to prove the usefulness and functionality of the product, service or solution and identified the associated risks;5°He or she has necessary resources to support testing. This includes the governance and requires resources and expertise to mitigate and control potential risks and losses arising from offering of the product, service or solution;6°He or she has a clear solution to deploy the product, service or solution on commercial scale after a successful testing phase;7°a proposed technical architecture and solution, detailing the specific technology and innovative ways in which the technology will be applied, and;8°the participants are managed by persons of credibility and integrity that meet the fit and proper requirements.Chapter III
Application and approval process
Article 5 – Application for approval
Any applicant wishing to participate in the regulatory sandbox shall ensure that the purpose, scope, and criteria specified in this regulation are fully satisfied before submitting their proposal. Furthermore, the applicants shall submit the following to the Central Bank:1°an application letter duly signed by an authorized person;2°a filled form, in the format set forth in Appendix I;3°a detailed Testing Plan that meets the requirements prescribed in article 6 of this regulation;4°supporting documents to substantiate the information provided in the application form;The applicant must also include the expected key outcomes that the testing intends to achieve and the appropriate indicators to measure such outcomes.Article 6 – Regulatory sandbox plan
A detailed Testing Plan shall include but not limited to the following:1°proposed start and end dates of the proof of concept test;2°specific measures to determine the success or failure of the test;3°details on the scenarios or use cases intended to test in the regulatory sandbox;4°clearly defined objectives of the proposed test;5°an exit strategy should the test fail or be discontinued;6°critical success factors and activities to measure and monitor progress;7°details on the proposed regulatory sandbox testing boundaries, including:a.client limits, including the number of customers, client type and how they were selected;b.exposure limits or transaction thresholds;c.other quantifiable limits;8°a transition plan for the deployment of the product, service or solution on a commercial scale upon successful testing and exit from the regulatory sandbox.Article 7 – Evaluation process of the application
The Central Bank calls for applications in three cohorts per year.Upon receipt of the application, the Central Bank shall;1°review the application against the purpose, scope and eligibility criteria set forth in this regulation;2°therefore send to the applicant a letter acknowledging the completeness or deficiency of the application within seven (7) working days.In case of deficiency, the Central Bank shall outline in the letter all the deficiencies observed in the Application and provide deadline for their rectification.The decision to approve or to reject the participation in the regulatory sandbox is communicated to the applicant within the timeline set in the call for application alluded to in the paragraph one of this article.Where the Central Bank rejects the participation, the notification for rejection and its grounds shall be provided to the applicant in the rejection letter.In the evaluation of the application, the Central Bank may engage with the applicant.Article 8 – Regulatory sandbox testing period
Testing period shall not exceed (12) months except if the innovation has tested positive and it can be demonstrated that extended testing period is necessary to respond to specific issues or risks identified during testing phases.In such circumstances, the Central Bank may grant the participant an extension period not exceeding (12) months.Chapter IV
Potential risks and safeguards, records and reporting requirements
Article 9 – Potential risks and their assessments
The participant must identify potential risks that may arise during regulatory sandbox testing and communicate them to the customers. The participant shall propose appropriate safeguards to mitigate the identified and any other possible risks.In assessing the risks and evaluating the proposed safeguards, among other things, the Central Bank shall give due regard to whether participants ensure:1°financial business practices are consistent with monetary and financial stability standards;2°fair treatment of and preserving consumer protection;3°prevention money laundering and countering terrorism financing;4°safety, reliability and the efficiency of payment solutions and payment instruments; and5°effective competition for financial products and services.6°protection of personal data as well as mitigation of cyber risks;Article 10 – Customer safeguards
The participant shall ensure the following with regards to customer safeguards:1°have a clear customer onboarding process stating how each customer will be identified, and the identity verified using reliable, independent source documents, data or information;2°inform the customers that the product or service is currently operating within a regulatory sandbox;3°confirmation from customers that they fully understand and accept the inherent risks;4°provide to the Central Bank details on how he or she plan to implement customer protection measures;5°provide a consumer redress mechanism, including the possibility for financial compensation claimable by the customer against the regulatory sandbox participant under clearly defined circumstances where applicable.Article 11 – Record keeping requirements
The participant must ensure at all times that operations, records and any other relevant information from the regulatory sandbox are properly maintained and kept.The Central Bank reserves the right to request any relevant information from the participant at any time, as well as the right to conduct onsite inspections of the participant’s operations.Article 12 – Reporting requirements
The Central Bank shall require participants to submit interim reports on the progress of the test, which shall include:1°key performance indicators, key milestones and statistical information;2°key issues arising as observed from fraud or operational incident reports; and3°actions or steps taken to address consumer complaints, emergent risks, or other issues relevant to Central Bank’s assessment of applicable regulatory requirements.The frequency of reporting and specific details to be included in interim reports are agreed upon between the Central Bank and the participant, taking into account the duration, complexity, scale and risks associated with the test.The participants must submit a final report to Central Bank within 30 days calendar before the expiry of the testing period. The report shall contain:1°key outcome and performance indicators against agreed measures for the success or failure;2°a full account of all incident reports and resolution of customer complaints; and3°in the case of a failed test, lessons learned from the test.Chapter V
Extension of testing period and exit from the regulatory sandbox
Article 13 – Request for the extension of testing period
To extend the testing period in the regulatory sandbox, it requires the participant to submit a written application to the Central Bank not later than thirty (30) working days before the expiry of the initial testing period.The application must state the additional time required and clearly explain the reasons for requiring the extension.The Central Bank does not generally approve an extension of the testing period unless the product, service or solution have been tested positively and the participants can clearly demonstrate that extended testing is necessary to respond to specific issues and risks identified during initial testing.Article 14 – Expiration of the testing
At the end of the testing period, the regulatory sandbox participant must exit the regulatory sandbox following an exit strategy agreed upon with the Central Bank.Upon the completion of testing, the Central Bank decides whether to allow or not to allow the tested product, service, or solution to be introduced in the market on a commercial scale.If the product, service, or solution is allowed, the participant is subject to full regulatory and legislative requirements. Any legal and regulatory requirement relaxed by the Central Bank during the regulatory sandbox testing period, are expired.Article 15 – Prohibition of deployment of the service, product or solution on the market
The Central Bank may prohibit deployment of the product, service or solution in the market upon the completion of the testing due to the following reasons:1°if the testing was unsuccessful based on agreed test measures;2°if the product, service or solution intended negative consequences to the public and/or financial stability; or3°in cases of any other reason that may be deemed compelling enough by the Central Bank.Article 16 – Revocation of the approval
Central Bank may revoke a participant’s regulatory sandbox approval and ask the participant for an early exit from the regulatory sandbox if it determines that the intended test outcome as agreed is unlikely to be achieved.Other reasons that may cause the Central Bank to revoke the participation regulatory sandbox approval include, but are not limited to the following:1°the progress is unsatisfactory;2°there are critical flaws in the service, product or solution which may cause risks to customers and the financial system;3°the participant submits false, misleading or inaccurate information, or has concealed or failed to disclose material facts in the application;4°the participant is undergoing into financial distress or has gone into liquidation;5°the participant breaches data security and confidential requirements;6°the participant carries on business in a manner detrimental to customers or the public at large; or7°the participant fails to effectively address any technical defects, flaws or vulnerabilities in the product, service or solution which gives rise to recurring service disruptions or fraud incidents.Article 17 – Effects of the revocation
Upon revocation of the participation in the regulatory sandbox, the participant must execute the following:1°implement the exit strategy to cease the provision of the product or service to new and existing customers;2°immediately notify existing customers of the product termination and information on the necessary steps to be taken;3°compensate any customers who had suffered financial loss arising from the test in accordance with the safeguards submitted by the participant;4°submit a final report to the Central Bank within thirty (30) working days upon receipt of a revocation letter.Chapter VI
The Central Bank and the participant responsibilities
Article 18 – Responsibilities of the Central Bank
The Central Bank is generally responsible for:1°monitor that the objectives of the regulatory sandbox are fully achieved;2°monitoring sandbox participants’ operations and systems;3°monitoring the implementation of the regulatory sandbox test plan and take necessary actions if deemed necessary;4°issuing instructions to participants in the regulatory sandbox;5°apply appropriate redresses for non-compliance where needed.Article 19 – Responsibilities of a participant
The participant in the regulatory sandbox must generally:1°be responsible for monitoring and supervising the activities of its operations and staff;2°have information on the tests carried out for each type of service or innovation;3°monitor effective compliance with set limits and establish other prudential measures in each case;4°comply with relevant laws applicable to his/her business;5°take all other measures to enable it to operate strictly within the requirements of this regulations;6°address all enquiries to the Central Bank.Chapter VII
Miscellaneous and final provisions
Article 20 – Regulatory relax and evaluation
The Central Bank may temporarily relax specific regulatory requirements during a regulatory sandbox on a case-by-case basis.However, the following requirements shall remain in place for all participants:1°applicable character and fitness requirements for participants;2°applicable suitability requirements pertaining to business premises;3°anti-money laundering, countering the financing of terrorism and financing of terrorism and financing of proliferation of weapons of mass destruction requirements;4°consumer protection and data privacy requirement;5°cyber security requirements;Likewise, the Central Bank shall evaluate any regulatory changes, waivers, approval limitations, or other prospective relief that may be necessary to permit a participant to operate the completion of regulatory sandbox test on a case-by-case basis.Article 21 – Drafting, consideration and approval of this regulation
This regulation was prepared, considered and approved in English.Article 22 – Repealing provision
All prior Regulatory Sandbox provision contrary to this regulation is hereby repealed.Article 23 – Commencement
This regulation comes into force on the date of its publication in the Official Gazette of the Republic of Rwanda.History of this document
18 April 2022 this version
Commenced
13 April 2022
Assented to
Cited documents 1
Legislation 1
| 1. | Regulation of the National Bank of Rwanda governing the Organisation of Microinsurance Business | 1 citation |