Introduction

In Rwanda, corporate governance has developed significantly since the country’s reconstruction after 1994. Legal and regulatory reforms across key sectors have contributed to a structured governance environment that reflects international standards while responding to local conditions. Considering that the services sector, especially the financial sector, is the greatest contributor to GDP, the government has put emphasis on the organisation of the financial sector to ensure macroeconomic stability. One of the main centres of focus is governance and the National Bank of Rwanda ensures adherence to corporate governance through Regulation Number 01/2018 of 24 January 2018 on corporate governance for banks.

This paper examines three developments that are currently shaping the financial sector of Rwanda in 2025 and 2026. The first is the introduction of mandatory environmental sustainability governance reporting. The second is the shortening of board terms to promote dynamic and responsive corporate governance. The third relates to the governance and regulation of emerging technologies, including artificial intelligence, financial technology and digital assets. Together, these developments highlight the direction of governance reform and the increasing expectations placed on financial institutions and their boards.

An Overview of Corporate Governance in the Rwandan Financial Sector

Corporate governance in Rwanda is based on statutory law, regulatory instruments, and codes of practice that determine how companies are established, directed and supervised. Law Number 007/2021 of 5 February 2021 Governing Companies sets the legal foundation by assigning authority to the board of directors and defining their duties, including acting in good faith, exercising care and skill, and avoiding conflicts of interest. The law also requires the separation of the roles of chairperson and chief executive officer, the establishment of an audit committee composed of primarily independent non-executive directors, and compliance with financial reporting, disclosure, and audit obligations.

This framework is reinforced by the Capital Market Corporate Governance Code 2024, which applies to listed companies and sets standards on board composition, independence, and disclosure, including the requirement for regular board evaluations. In the financial sector, Regulation Number 01/2018 on Corporate Governance for Banks and Regulation Number 84/2024 on Corporate Governance, Risk Management and Internal Controls for insurers impose detailed requirements on board structure, committees, and the approval of directors and senior management by the National Bank of Rwanda subject to fit-and-proper approval by the National Bank of Rwanda.

Environmental, Social and Governance (ESG) Reporting: From Voluntary Commitment to Mandatory Obligation

Background and policy context on ESG reporting in Rwanda

Whereas most companies incorporated ESG reporting in their strategy as a measure of good corporate governance, there was no regulatory requirement for ESG reporting. However, the National Bank of Rwanda introduced ESG mandatory reporting through its Guidelines Number 040/2024 of 25 November 2024 on the Disclosure and Reporting of Sustainability-Related Financial Information for Financial Institutions.

Listed companies and issuers of securities were already required to disclose ESG information under the Capital Market Corporate Governance Code 2012, now replaced by the Capital Market Corporate Governance Code 2024. In 2024, the obligation was extended to all financial institutions through the issuance of BNR Guidelines Number 040/2024 of 25 November 2024 on the Disclosure and Reporting of Sustainability-Related Financial Information for Financial Institutions. These are supported by additional instruments, including the Rwanda Bankers Association ESG Guidelines for Banks (2024), which encourage integration of ESG factors into governance, risk management, and lending practices, as well as disclosure of ESG-related information in annual reports.

Further support is provided through the Rwanda Stock Exchange ESG Reporting Guidelines, which set out a structured framework for sustainability disclosure aligned with the Global Reporting Initiative Standards (GRI 2021), the Task Force on Climate-related Financial Disclosures (TCFD), and the International Integrated Reporting Council (IIRC) framework. These guidelines operate alongside the BNR requirements for institutions that are both listed and supervised. Rwanda’s adoption of IFRS Sustainability Disclosure Standards is guided by a national roadmap led by the Institute of Certified Public Accountants of Rwanda, launched in May 2025, which establishes phased implementation beginning on 1 January 2025 and sets out the expansion of sustainability-related disclosures across the financial sector.

The BNR Sustainability Disclosure Guidelines

The National Bank of Rwanda (BNR) issued Guidelines Number 040/2024 of 25 November 2024 on the Disclosure and Reporting of Sustainability-Related Financial Information for Financial Institutions. Article 5 of the Guidelines requires institutions to develop an approach for disclosing climate-related and environmental financial information. It further states that ESG reporting must align, at a minimum, with the Task Force on Climate-related Financial Disclosures (TCFD) recommendations and IFRS S1 and S2. Reports are also required to cover governance frameworks, strategic decision-making, risk management systems, and relevant metrics and targets.

The Guidelines are mandatory for all financial institutions under BNR supervision and the implementation framework operates across three Tiers (groups):

• Tier I Institutions include listed companies, the largest commercial banks, general and life insurers, the public pension fund, and Umwalimu SACCO. Reporting is mandatory for financial years starting 1 January 2025, focusing initially on climate-related disclosures aligned with IFRS S2.
• Tier II and III Institutions include deposit-taking microfinance institutions, captive and micro insurers, private pension funds, non-deposit financial services, MUGANGA SACCO, Mutual insurers, and health maintenance organisations (HMOs). Mandatory reporting begins 1 January 2026.
• Tier IV Institutions comprise Umurenge and non-Umurenge SACCOs with mandatory reporting beginning 1 January 2027, providing the longest transition period for smaller community-based institutions.

Capital Market Corporate Governance Code 2024

The Capital Market Corporate Governance Code 2024 requires companies to disclose material information on both financial and non-financial matters, including environmental and social issues in addition to other required matters. Pursuant to Article 26, the board of directors must ensure full, fair and timely disclosure to shareholders and other stakeholders, including information relevant to ESG matters. Article 27 requires companies to include in their annual reports non-financial information such as environmental and social risks, measures taken to address those risks, and performance against set targets, as well as disclosure of sustainability frameworks and stakeholder engagement practices.

Although the code is not binding on all companies operating in the Rwandan financial sector, it sets influential standards that many entities follow.

ESG reporting obligations for insurers

In the insurance sector, National Bank of Rwanda issued Regulation Number 47/2022 of 2 June 2022 on publication of financial statements and other disclosures by insurers. Article 4 requires the board of directors of an insurer to prepare an integrated annual report in accordance with International Financial Reporting Standards (IFRS). The report must cover the information on ESG, risks, governance practices, and the insurer’s strategy and performance in relation to social, environmental, and economic impacts. This ensures that ESG considerations form part of mandatory disclosures.

Board Tenure Limits and Shortened Terms to Promote Board Dynamism

The rationale for tenure reform

Limiting the tenure of board members has become a key strategy used in corporate governance in the financial sector in Rwanda. The underlying rationale is to promote dynamism and to avoid board members becoming complacent. Extended service on a single board often weakens a director’s independence due to familiarity with management and can lead to groupthink, thereby reducing the board’s ability to exercise strong oversight. The shortened terms facilitate regular board refreshment and effective rotation.

The National Bank of Rwanda and the Capital Markets Authority have both introduced fixed and renewable terms across the institutions they supervise. These limits create regular, structured opportunities for assessing director performance, replacing underperforming members and introducing new expertise, particularly in areas such as artificial intelligence, ESG and risk management, which are rapidly becoming new core board competencies in a well-governed financial institution.

Tenure limits in the banking sector

The governance structure of the National Bank of Rwanda has been reformed in line with this trend. Article 13 of Law Number 48/2017 of 23 September 2017 Governing the National Bank of Rwanda provides that, with the exception of the Governor and Deputy Governor, members of the BNR Board of Directors are appointed for a term of four years, renewable only once. This represents a significant shift from the previous framework from the repealed Law Number 55/2007 of 30 November 2007 governing the central bank of Rwanda, under which there was no limit on the number of renewals, effectively permitting indefinite reappointment.

For other supervised banks, Article 20 of Regulation Number 01/2018 of 24 January 2018 on corporate governance for banks requires a director to be appointed for a term of three years, renewable only twice. The maximum total tenure is therefore nine years. Renewal is not automatic: it requires the approval of the BNR and is conditional on the director’s continued satisfaction of fit and proper requirements and on the assessment of their contribution to the board. Banks are further required to conduct annual board and directors’ reviews covering all aspects of board structure, composition, responsibilities and relationships, and to submit compliance reports to the BNR.

The similar structure of three-year terms renewable twice applies to deposit-taking microfinance institutions in accordance with Regulation Number 58/2023 of 27 March 2023 establishing requirements on corporate governance for deposit-taking microfinance institutions, where directors also serve three-year terms renewable twice.

Tenure limits in the insurance business

For insurers, National Bank of Rwanda issued Regulation Number 84/2024 of 31 October 2024 on corporate governance, risk management and internal control requirements for the insurance business. Article 20 requires the directors to be appointed for a term of three years, renewable only twice, with renewal subject to approval by the Central Bank. In granting such approval, the Central Bank takes into account continued compliance with the “fit and proper” requirements, as well as an assessment of the director’s contribution to the work of the board.

Tenure limit within the Capital Market Framework

Within the capital market regulatory framework, Law Number 057/2021 bis of 18 September 2021 Establishing the Capital Market Authority provides that members of the CMA Board serve a four-year term, renewable only once. This means that the maximum term of office is eight years.

Whereas for listed companies and issuers of securities offered to the public, the Capital Market Corporate Governance Code 2024 takes a more flexible approach: it does not impose strict term limits, but recommends that independent directors should not serve for more than nine years. Where this period is exceeded, the board must justify the continued independence of the director in the Annual Report. This is a softening relative to the Capital Market Corporate Governance Code of 2012, which recommended that directors not continue for more than six years.

Regulation of Artificial Intelligence, Fintech and Digital Assets Corporate Governance

Fintech and the governance of digital payments

Financial technology and digital payments in Rwanda operate under the supervision of the National Bank of Rwanda, primarily through Law Number 061/2021 of 14 October 2021 governing the payment system. In this area, the central bank has issued several regulations, including BNR Regulation Number 74/2023 of 18 September 2023 governing payment services providers. This regulation introduced a risk-based licensing framework, strengthened anti-money laundering and counter-terrorist financing requirements, and set governance standards for licensed providers, including fit and proper requirements for board members and senior management.

For larger electronic money issuers, Article 16 of the above regulation requires applicants to show that their board has a balance of skills, experience, and diversity, and to appoint at least four senior managers, including a Chief Executive Officer, Chief Finance Officer, Head of Risk and Compliance, and Head of Information Technology. Similar requirements apply to money remittance services. In addition, Regulation Number 01/2018 on Corporate Governance for Banks requires banks to establish a Board IT Committee responsible for supervision of technology strategy, monitoring IT risks, and ensuring alignment with business objectives.

Fintech activities are also supervised through the regulatory sandbox established under Regulation Number 41/2022 of 13 April 2022 governing the regulatory sandbox. Entry into the sandbox requires proof of innovation, adequate governance arrangements, and management by persons who meet fit and proper standards. These requirements remain in place during the testing phase. The Capital Market Authority applies similar rules under Guidelines Number 002/CMA_G/2023 of 27 April 2023 governing the fintech regulatory sandbox for capital markets in Rwanda, which require disclosure of directors, shareholders, and key personnel, together with evidence of risk management systems.

Further direction is provided by the Fintech Strategy 2024–2029, which places fintech within a co-ordinated framework involving the central bank and other public institutions. It calls for clear regulatory guidance and ongoing consultation on new technologies. As a result, technology and digital finance are treated as matters for board supervision, with responsibility for governance, risk management and compliance resting at board level rather than being left only to management.

Artificial intelligence in financial services

Rwanda has not yet enacted specific legislation on artificial intelligence in the financial sector. The main instrument is the National Artificial Intelligence Policy (April 2023), developed by the Ministry of ICT and Innovation with RURA, GIZ FAIR Forward and The Future Society. The Policy requires financial institutions, particularly in banking and digital payments, to integrate AI ethics into internal governance, including assigning AI ethics functions to chief digital officers and placing responsibility on boards and senior management.

From a governance perspective, AI systems must operate within a framework overseen by RURA, which develops sector-specific ethical guidelines. In addition, AI-related data practices must comply with the Data Protection and Privacy Law enforced by the National Cybersecurity Agency, creating direct compliance obligations for boards and management.

Artificial intelligence is already used within the financial sector in Rwanda in areas such as credit scoring, customer verification, fraud detection, and compliance monitoring. The Policy requires that such systems remain subject to human supervision and internal accountability, and emphasises the need for skilled personnel, reliable data systems and secure infrastructure.

The governance of artificial intelligence in financial institutions is indirectly regulated by Law Number 058/2021 of 13 October 2021 relating to the Protection of Personal Data and Privacy. Article 4 requires that personal data be processed lawfully and in a manner that protects the rights of individuals. Also, Article 21 states that a person has the right not to be subject to decisions based solely on automated processing where such decisions produce legal or significant effects, requiring review and accountability in systems such as credit assessment and compliance.

Further governance obligations arise in accordance with Regulation Number 50/2022 of 02 June 2022 on Cyber Security in Regulated Institutions, which places responsibility for technology systems on the board and senior management. It requires governance frameworks, setting up board IT committees, and board-approved policies on data governance, access control and system security, ensuring oversight, internal controls and monitoring of automated systems in financial institutions.

Similarly, Article 32 of Regulation Number 01/2018 of 24 January 2018 on Corporate Governance for Banks issued by BNR, requires the supervised institutions to establish a Board IT Committee which is responsible for oversight of technology strategy and systems.

The regulation of virtual assets and cryptocurrency

To date, Rwanda has no specific law governing virtual assets, and cryptocurrency is not recognised as legal tender. The National Bank of Rwanda has consistently discouraged its use and, on 31 January 2023, issued a directive prohibiting all financial institutions from engaging in any crypto-related activities until a regulatory framework is established. This prohibition was addressed to managing directors and chief executives of financial institutions and was justified on the basis that such activities lack the safeguards required to ensure efficient and sound financial services.

As of 2026, Rwanda has transitioned from a restrictive stance on cryptocurrency to introducing a draft law regulating virtual assets, although it is not yet published in the Official Gazette. The draft law introduces a structured governance framework led by the Capital Market Authority, which is given exclusive authority to license and supervise virtual asset service providers. It also establishes co-ordination with the National Bank of Rwanda through a joint framework for information sharing, risk assessment and supervision. For boards, this creates a dual supervisory environment, requiring governance arrangements that respond to both market conduct regulation and financial stability supervision.

From a corporate governance perspective, Article 8 of the Draft Law requires the boards to regulate the licensing requirement to ensure that no virtual asset activity is conducted without prior authorisation and to ensure that licensed legal entities conduct virtual asset activities within the scope of their authorisation. This places responsibility on boards to ensure that all activities are properly licensed and that the institution operates strictly within the approved regulatory scope, with clear supervision of compliance at board level.

The draft law also sets internal governance and conducts standards. Virtual asset service providers must submit periodic reports to the regulator and are required to act honestly, fairly, and with due care, skill and diligence, while maintaining effective corporate governance structures. In addition, transaction transparency obligations require the collection and transmission of originator and beneficiary information. These provisions require boards to establish systems for reporting, compliance monitoring and operational control.

Finally, accountability is directly attached to boards and senior management through enforcement provisions. Unlicensed activity constitutes a criminal offence, while board members and senior managers may be held liable for providing false information or obstructing supervision. Administrative sanctions are also prepared. These provisions require boards to ensure continuous supervision, proper disclosure, and effective risk, compliance and audit functions within their institutions.

Conclusion

The developments examined in this article, mandatory ESG reporting, shortening of board terms, and the governance of emerging technologies reflect the direction of governance reform in the Rwandan financial sector in strengthening accountability, supervision, and ensuring that financial institutions operate within clear and enforceable governance structures.

The introduction of mandatory ESG reporting through BNR Guidelines Number 040/2024 of 25 November 2024 on the Disclosure and Reporting of Sustainability-Related Financial Information for Financial Institutions has placed sustainability disclosure within the core responsibilities of boards and senior management. Financial institutions are now required to integrate environmental and social considerations into governance, risk management and reporting, in line with internationally recognised standards. This has direct implications for transparency, investor confidence and regulatory supervision.

Board tenure reforms across banks, insurers and other financial institutions reinforce independence and effectiveness in supervision. The adoption of fixed terms with limited renewals, combined with performance evaluations and regulatory approval, ensures regular renewal of board composition and supports the introduction of relevant expertise. These measures strengthen the ability of boards to supervise management and respond to evolving risks.

Despite these advancements, important gaps remain in the governance framework. There is no specific legislation governing artificial intelligence in the financial sector, and the legal framework for virtual assets is not yet in force. This creates uncertainty in areas such as accountability for automated decision-making, risk management standards, and supervisory co-ordination. Addressing these gaps through clear and enforceable legal provisions will be necessary to ensure that the ongoing developments in the financial sector are effectively governed and aligned with existing regulatory structures.