Checklist de conformité KYC, KYB et AML
Ouganda KYC, KYB & AML
A practical implementation checklist for fintechs, payment providers, financial institutions and other accountable persons operating in Uganda.
- Revue le
- 15 July 2026
- Version
- 1.9
- domaines de contrôle
- 9
- contrôles d’implémentation
- 51
Réponse directe
Que couvre la checklist de conformité pour Ouganda ?
La checklist pour Ouganda traduit les principales règles KYC, KYB et AML en 9 domaines de contrôle et 51 contrôles d’implémentation, avec les autorités, obligations de déclaration et preuves à conserver.
Faits réglementaires clés
- Financial intelligence unit
- Financial Intelligence Authority (FIA)
- Large cash reporting
- Conservatively UGX 20,000,000 or more
- Record retention
- At least 10 years from the applicable identity, transaction/correspondence or relationship-closure date, whichever is later
- Annual compliance return
- Due by 31 January
- FATF public list
- Exited increased monitoring on 23 February 2024
Détail d’implémentation
Exigences et actions de conformité pour Ouganda
Ouvrez chaque domaine pour consulter l’exigence, l’action recommandée, les preuves à conserver et la source primaire utilisée.
01Regulatory perimeter and governanceEstablish the licences, accountable-person status and governance structure before onboarding customers.6 éléments+
Map the regulatory perimeter
- Action d’implémentation
- Document each product, customer type, payment flow and delivery channel; identify the applicable accountable-person category and sector supervisor, including Bank of Uganda licensing where relevant.
- Preuves à conserver
- Approved perimeter memo, product inventory and legal sign-off
- Source primaire
- AMLA Cap. 118, Second Schedule; FIA registration guidance; Bank of Uganda supervision framework
Register with FIA
- Action d’implémentation
- Register the entity as an accountable person using the prescribed process and maintain the registration particulars.
- Preuves à conserver
- FIA registration acknowledgement and entity profile
- Source primaire
- AMLA Cap. 118, s.21(pb); AML Regulations 2015, reg. 4
Report registration changes
- Action d’implémentation
- Notify FIA using the prescribed form within 15 days after a change to registered particulars.
- Preuves à conserver
- Change log, Form 2 and submission receipt
- Source primaire
- FIA Registration Guidelines for Accountable Persons
Appoint and empower the MLCO
- Action d’implémentation
- Every accountable person must appoint or designate an MLCO in a senior managerial position with sufficient competence and experience and notify FIA on Form 3. The internal auditor is ineligible; the CEO is ineligible except for a sole proprietorship or single-member company. Notify cessation on Form 3 within 15 days. Give the MLCO unrestricted access to relevant information and responsibility for FIA liaison, the internal escalation system and external reporting.
- Preuves à conserver
- Board appointment, competence assessment, eligibility check, Form 3 notices, access profile, escalation procedure and goAML role
- Source primaire
- AMLA Cap. 118, s.6(m); AML Regulations 2015, regs. 6-7, as amended by AML (Amendment) Regulations 2023, reg. 5 [01][02][20]
Approve an AML/CFT programme
- Action d’implémentation
- Maintain board-approved policies, procedures and controls covering risk assessment, CDD, reporting, records, sanctions, training and independent audit.
- Preuves à conserver
- Current policy suite, board minutes and control owners
- Source primaire
- AMLA Cap. 118; AML Regulations 2015; FIA Guidance Notes
Submit the annual compliance return
- Action d’implémentation
- File the annual compliance report and current internal AML/CFT policy with FIA by 31 January following each calendar year.
- Preuves à conserver
- Signed return, policy copy and FIA receipt
- Source primaire
- AML Regulations 2015, reg. 45
02Enterprise and customer riskUse documented risk assessment to determine control intensity and review frequency.5 éléments+
Assess enterprise ML/TF/PF risk
- Action d’implémentation
- Assess customers, products, services, channels, technologies and geographies; document inherent risk, control effectiveness and residual risk.
- Preuves à conserver
- Approved methodology, risk register and remediation plan
- Source primaire
- AMLA Cap. 118; AML Regulations 2015; FIA Guidance Notes
Assess new products before launch
- Action d’implémentation
- Complete ML/TF/PF, fraud and privacy assessments before launching a product, delivery mechanism or material technology change.
- Preuves à conserver
- Product risk assessment and approval gate
- Source primaire
- FIA Guidance Notes; risk-based obligations under AMLA
Risk-rate every relationship
- Action d’implémentation
- Assign and explain a customer risk rating using customer, ownership, PEP, sanctions, product, channel, transaction and geographic factors.
- Preuves à conserver
- Scoring model, input data, overrides and review date
- Source primaire
- AMLA Cap. 118, s.6; AML Regulations 2015
Apply enhanced due diligence
- Action d’implémentation
- For high-risk relationships obtain additional identity, ownership, purpose, source-of-funds or source-of-wealth information, senior approval and enhanced monitoring.
- Preuves à conserver
- EDD file, approvals and monitoring plan
- Source primaire
- AMLA Cap. 118, s.6; FIA Guidance Notes
Use simplified measures only after low-risk finding
- Action d’implémentation
- Document the low-risk basis and never use simplified measures where suspicion exists or higher-risk factors apply.
- Preuves à conserver
- Low-risk assessment and approved control configuration
- Source primaire
- AML Regulations 2015; FIA CDD guidance
03KYC and customer due diligenceIdentify and verify customers before or during establishment of the relationship, subject only to lawful risk-controlled exceptions.7 éléments+
Apply the prescribed natural-person identification rules
- Action d’implémentation
- For a Ugandan citizen or person lawfully resident in Uganda, obtain the applicable national identification card or alien identification document and any one of the particulars listed in regulation 19(1)(b). Residential address is one alternative among those particulars, not a separately mandatory requirement. The other alternatives include contact details; an employer or senior-government-official introduction; TIN where applicable; for a student, a school introduction and student ID copy; a summary of business activities; or a sample signature. Separately obtain the customer's fingerprints as required by regulation 19(6). Resolve doubtful citizen identity with NIRA and doubtful immigration status with the Uganda Citizenship and Immigration Control Board. For a foreign citizen not resident in Uganda, apply regulation 20's prescribed identification and independent-verification requirements.
- Preuves à conserver
- Regulation 19 or 20 identity checklist, applicable national identification card or alien identification document, one regulation 19(1)(b) particular, separate fingerprint record, independent verification and doubt-resolution record
- Source primaire
- AMLA Cap. 118, s.6; AML Regulations 2015, regs. 19-20, as amended by the AML (Amendment) Regulations 2023, including regs. 19(1)(b) and 19(6) [01][02][20]
Identify representatives
- Action d’implémentation
- Verify every person acting for a customer and confirm authority through a mandate, resolution, power of attorney or equivalent record.
- Preuves à conserver
- Representative KYC and authority instrument
- Source primaire
- AMLA Cap. 118, s.6; AML Regulations 2015
Understand purpose and intended nature
- Action d’implémentation
- Record why the relationship is opened, expected products, counterparties, volumes, value, geographies and source of funds.
- Preuves à conserver
- Customer profile and expected-activity baseline
- Source primaire
- AMLA Cap. 118, s.6; AML Regulations 2015
Apply every CDD trigger to the correct customer type
- Action d’implémentation
- Apply CDD to every one-off transaction, including every domestic or international wire transfer, without treating 5,000 currency points as a minimum threshold for regulation 18 CDD. Track and apply the 5,000-currency-point threshold separately only where another applicable provision expressly retains it. Also apply CDD whenever suspicion exists or previously obtained identification data is doubtful. For established customers, maintain ongoing CDD throughout every business relationship and ensure required originator and beneficiary information accompanies applicable wire transfers.
- Preuves à conserver
- One-off transaction trigger matrix, separately configured threshold controls, ongoing CDD schedule, wire-information controls and completed CDD cases
- Source primaire
- AMLA Cap. 118, ss.6-7; AML Regulations 2015, reg. 18 as substituted by AML (Amendment) Regulations 2023, reg. 16, and regs. 34-35 [01][02][20]
Resolve failed CDD safely
- Action d’implémentation
- Do not open, transact or continue where mandatory CDD cannot be completed; consider ending the relationship and filing an STR without tipping off.
- Preuves à conserver
- Decline or exit record and STR decision
- Source primaire
- AMLA Cap. 118; AML Regulations 2015
Monitor and refresh CDD
- Action d’implémentation
- Keep identification and risk data current, scrutinise transactions against the profile and refresh promptly after triggers or according to risk.
- Preuves à conserver
- Review schedule, trigger events and refreshed files
- Source primaire
- AMLA Cap. 118, ss.6 and 7; FIA Guidance Notes
Control non-face-to-face onboarding
- Action d’implémentation
- Apply additional document-authenticity, liveness, device, fraud and impersonation controls so remote verification is reliable and risk-based.
- Preuves à conserver
- Remote-onboarding standard, test results and exception queue
- Source primaire
- AMLA risk-based CDD duties; Data Protection and Privacy Act 2019
04KYB and beneficial ownershipVerify the legal person, its authority structure and the natural persons who ultimately own, control or benefit from it.7 éléments+
Verify legal existence
- Action d’implémentation
- Obtain and independently verify incorporation or registration, legal form, registered office, business address, tax details, directors and current status with URSB or the competent registry.
- Preuves à conserver
- Registry extract, constitutional documents and status check
- Source primaire
- AMLA Cap. 118, s.6; AML Regulations 2015
Identify the natural-person beneficial owners
- Action d’implémentation
- Trace ownership and control through every layer to the natural persons who ultimately own or control the customer, the natural person on whose behalf a transaction is conducted, and natural persons who exercise ultimate effective control over a legal person or arrangement; do not rely only on nominees or directors.
- Preuves à conserver
- Ownership chart, transaction-beneficiary analysis, declarations and independent corroboration
- Source primaire
- AMLA Cap. 118 as amended in 2017; s.6
Verify ownership and control
- Action d’implémentation
- Corroborate shareholding, voting rights, appointment rights, agreements and other means of influence; resolve discrepancies before onboarding.
- Preuves à conserver
- Share registers, filings, agreements and discrepancy log
- Source primaire
- AMLA Cap. 118; Companies (Beneficial Owners) Regulations 2023, as amended
Check and maintain the company BO register
- Action d’implémentation
- Obtain evidence that the company keeps its BO register, files an updated consolidated register annually, reports changes or discrepancies in writing as soon as known and designates at least one Uganda-resident natural person to cooperate with competent authorities.
- Preuves à conserver
- Certified BO register, annual consolidated filing, discrepancy notices, resident-contact designation and URSB receipts
- Source primaire
- Companies BO Regulations 2023; Amendment Regulations 2024, S.I. 35/2024
Verify directors and authorised signatories
- Action d’implémentation
- Identify and screen directors, senior managers, account signatories and persons authorised to instruct the relationship.
- Preuves à conserver
- KYC files, board resolution and mandate matrix
- Source primaire
- AMLA Cap. 118, s.6; AML Regulations 2015
Understand the business and funds
- Action d’implémentation
- Establish business model, operating footprint, licences, expected activity, source of funds and, for higher risk, source of wealth.
- Preuves à conserver
- Business profile, licence checks and financial evidence
- Source primaire
- AMLA Cap. 118; FIA Guidance Notes
Refresh KYB on change
- Action d’implémentation
- Monitor registry, ownership, control, directors, licences and activity; repeat CDD after material change, doubt or suspicion.
- Preuves à conserver
- Event monitoring and updated KYB pack
- Source primaire
- AMLA ongoing CDD obligations; BO Regulations 2023/2024
05PEPs, sanctions and targeted financial sanctionsApply enhanced PEP controls and execute targeted financial sanctions without delay.5 éléments+
Identify PEP exposure
- Action d’implémentation
- Screen customers, beneficial owners and controllers for domestic and foreign PEP status and relevant family members or close associates.
- Preuves à conserver
- Screening results, relationship map and review log
- Source primaire
- AMLA Cap. 118, s.6(g)
Apply mandatory PEP controls
- Action d’implémentation
- Obtain senior-management approval, establish source of wealth and source of funds, and conduct enhanced ongoing monitoring.
- Preuves à conserver
- Approval, source evidence and enhanced monitoring record
- Source primaire
- AMLA Cap. 118, s.6(g)
Screen within four hours
- Action d’implémentation
- Screen customers, beneficial owners, controllers, payers and payees against applicable designations within four hours after receiving FIA information or a directive and keep authoritative lists and subscriptions current.
- Preuves à conserver
- FIA receipt time, four-hour screening completion, list inventory and alert cases
- Source primaire
- Anti-Terrorism Regulations 2025, S.I. 75/2025
Freeze, stop and report without delay
- Action d’implémentation
- For a match, without delay freeze or seize funds and economic resources, stop transactions and prevent direct or indirect availability. Report to FIA immediately after freezing and complete the full TFS process within 24 hours.
- Preuves à conserver
- Match validation, freeze and stop records, immediate FIA report and 24-hour completion clock
- Source primaire
- Anti-Terrorism Regulations 2025, S.I. 75/2025
Control unfreezing and false positives
- Action d’implémentation
- Release assets only under competent authority, delisting or applicable legal process; preserve documented false-positive and name-resolution decisions.
- Preuves à conserver
- Legal authority, release approval and case file
- Source primaire
- Anti-Terrorism Regulations 2025, including delisting, unfreezing and court-authorisation provisions [10]
06Transaction monitoring and reportingDetect unusual activity and file prescribed reports through FIA channels without tipping off.9 éléments+
Monitor transactions continuously
- Action d’implémentation
- Use scenarios and investigations calibrated to the customer's expected activity, products, channels, counterparties, geography, cash and fraud risk.
- Preuves à conserver
- Scenario inventory, tuning evidence and alert outcomes
- Source primaire
- AMLA Cap. 118, s.7; AML Regulations 2015
File STRs within the exact clocks
- Action d’implémentation
- File without delay and no later than two working days from formation of suspicion. Report TF or PF suspicion without delay. Submit supplemental information as soon as possible and within two working days after discovery.
- Preuves à conserver
- Suspicion time, MLCO decision, STR, supplements and goAML receipts
- Source primaire
- AMLA Cap. 118, s.9; FIA reporting requirements; FIA STR Guidance Note effective 1 December 2024 [24][25]
Prevent tipping off
- Action d’implémentation
- Restrict STR information, communications and case access; do not disclose that a report or investigation exists.
- Preuves à conserver
- Access controls, scripts and training records
- Source primaire
- AMLA Cap. 118
Record and report large cash conservatively
- Action d’implémentation
- Configure UGX 20 million or more to reconcile the Act's 'exceeding' language with regulation 39(3) and Form A's 'equivalent to or exceeding' wording. Record on the same day; aggregate multiple transactions by or on behalf of one person during one day; apply the supervised-accountable-person own-account exception only where its conditions are met; retain Form A for 10 years; and file the prior week's reports weekly by Tuesday through the current FIA channel.
- Preuves à conserver
- Threshold rationale, same-day log, aggregation, exception record, Form A retention and weekly receipt
- Source primaire
- AMLA Cap. 118, ss.7-8; AML Regulations 2015, reg.39; FIA reporting requirements [24]
Carry and control complete wire information
- Action d’implémentation
- Ensure complete originator and beneficiary fields accompany domestic and cross-border wires throughout the chain; verify both parties; monitor and report incomplete transfers; restrict or terminate persistently non-compliant counterparties; freeze designated-person wires and notify FIA immediately.
- Preuves à conserver
- Message specification, verification, repair/reject queue, counterparty action and FIA reports
- Source primaire
- AML Regulations 2015, regs.34-35
Report covered international wires
- Action d’implémentation
- Apply FIA international-wire reporting to accountable persons facilitating those transfers. Use the exception only for financial-institution-to-financial-institution transfers where both institutions act on their own behalf.
- Preuves à conserver
- Report file, receipt and documented exception rationale
- Source primaire
- FIA reporting requirements for international wire transfers [24]
Apply the foreign-funding payout control where section 25 applies
- Action d’implémentation
- If the institution is licensed under an Act of Parliament to facilitate cross-border money transfers and is therefore a supervised institution under the Protection of Sovereignty Act 2026, do not pay money to an agent of a foreigner unless that agent declares the source of funds and submits proof of the declaration required under section 22(1). Submit a monthly report to the relevant regulator covering funds transferred through the institution to an agent of a foreigner, in accordance with regulations prescribed by that regulator. Do not apply this control universally to institutions, recipients or transfers outside those statutory definitions.
- Preuves à conserver
- Licence and applicability assessment, agent-of-a-foreigner status record, source-of-funds declaration, proof of the section 22(1) declaration, payout decision, monthly regulatory report and submission receipt
- Source primaire
- Protection of Sovereignty Act 2026, ss.1, 22(1) and 25; commenced 22 May 2026 [26][27]
Control outbound and inbound cross-border declarations
- Action d’implémentation
- Embed procedures for currency or negotiable bearer instruments equivalent to or exceeding 1,500 currency points. For outbound movement, require Form C to be presented to a customs officer at the port of exit. For inbound movement, document the current textual conflict: AMLA section 10 and FIA operational guidance specify Form D, while regulation 10(1)(b), as substituted in 2023, states Form C. Follow current FIA operational guidance, seek written clarification where practicable and retain the guidance, advice and declaration evidence supporting the form used. Escalate a failure, refusal, neglect or false declaration under the prescribed process.
- Preuves à conserver
- Customer notice, direction-specific workflow, completed declaration, retained FIA guidance or written clarification, customs handoff and escalation record
- Source primaire
- AMLA Cap. 118, s.10; AML Regulations 2015, reg. 10(1)(b) as substituted by AML (Amendment) Regulations 2023, reg. 10; FIA reporting guidance [01][02][20][24]
Respond to FIA and supervisor requests
- Action d’implémentation
- Preserve search capability, legal review, secure production and an auditable response log for information requests, directives and examinations.
- Preuves à conserver
- Request register, production package and approvals
- Source primaire
- AMLA Cap. 118, ss.20-21; sector supervisory powers
07Records, assurance and trainingUganda's AMLA section 7 uses record-specific trigger dates and an express whichever-is-later rule. Configure retention from the statutory event, not merely from file creation.3 éléments+
Apply the AMLA section 7 retention rule
- Action d’implémentation
- Keep account files, business correspondence, analysis results, identity and beneficial-owner evidence, CDD information, transaction records and written findings for at least ten years from the date identity evidence was obtained, the date of the relevant transaction or correspondence, or the date the account is closed or business relationship ceases, whichever is later.
- Preuves à conserver
- Retention schedule; trigger-date fields; automated legal hold; deletion approvals; sampled files showing the latest applicable trigger.
- Source primaire
- Anti-Money Laundering Act 2013 s.7, as substituted by Act 3 of 2017 [01][03]
Keep records reconstructable and immediately available
- Action d’implémentation
- Maintain records sufficient to reconstruct each transaction for account holders and non-account holders, including amount and currency, and in a form that can be supplied immediately to the FIA or law-enforcement agencies.
- Preuves à conserver
- Indexed archive; transaction reconstruction test; authority-request SLA test; access and integrity logs.
- Source primaire
- Anti-Money Laundering Act 2013 s.7(2), (4) and (6) [01]
Preserve specific cash and wire records
- Action d’implémentation
- Keep Form A cash and monetary transaction records for ten years from transaction date, while also applying section 7's later-trigger rule to overlapping account, identity, correspondence and relationship records. Preserve wire-chain information and reporting evidence under the applicable regulations.
- Preuves à conserver
- Form A archive; wire-message archive; overlap analysis; retrieval test.
- Source primaire
- Anti-Money Laundering Act 2013 ss.7-8; AML Regulations 2015 as amended [01][02]
08Payment systems and fintech operationsApply Bank of Uganda licensing and prudential controls to payment services, systems and fintech delivery.5 éléments+
Obtain the correct NPS licence
- Action d’implémentation
- Classify each service or system under the National Payment Systems Act and Regulations and obtain the required payment-service-provider or payment-system-operator licence before operation.
- Preuves à conserver
- Classification memo, application, licence and approved activities
- Source primaire
- National Payment Systems Act Cap. 59; NPS Regulations 2021
Meet capital and fit-and-proper requirements
- Action d’implémentation
- Maintain the category-specific capital and ownership conditions and ensure directors, controllers and key officers satisfy current fit-and-proper requirements and approval processes.
- Preuves à conserver
- Capital calculation, ownership chart, fit-and-proper files and BoU approvals
- Source primaire
- NPS Act Cap. 59; NPS Regulations 2021
Operate risk, conduct and transparency controls
- Action d’implémentation
- Maintain governance, enterprise risk management, AML, fraud, complaints, pricing and disclosure controls proportionate to the service and BoU licence.
- Preuves à conserver
- Policies, customer terms, fee disclosures, complaints and risk reports
- Source primaire
- NPS Act Cap. 59; NPS Regulations 2021; BoU Oversight Framework 2025
Govern agents and safeguard customer funds
- Action d’implémentation
- Approve and monitor agents under the applicable rules, segregate or safeguard customer funds as required, reconcile balances and prevent use of safeguarded funds for the provider's own account.
- Preuves à conserver
- Agent register, due diligence, safeguarding account, daily reconciliation and exceptions
- Source primaire
- NPS Act Cap. 59; NPS Regulations 2021
Maintain resilience and BoU reporting
- Action d’implémentation
- Operate security, business continuity, incident response, outsourcing, recovery and data controls and submit all applicable operational, prudential, incident and statistical reports to BoU.
- Preuves à conserver
- Resilience tests, incidents, vendor oversight and BoU receipts
- Source primaire
- NPS Regulations 2021; BoU Oversight Framework 2025
09Data protection and digital operationsThe Data Protection and Privacy Act 2019 and Regulations 2021 govern collection, processing, security, rights, breaches and transfers. Cross-border processing has two statutory routes under section 19.4 éléments+
Register and assign privacy accountability
- Action d’implémentation
- Register with the PDPO where required, keep registration current, appoint accountable privacy leadership, maintain a processing inventory and complete the required annual compliance reporting and change notifications.
- Preuves à conserver
- PDPO certificate; renewal calendar; privacy appointment; processing inventory; annual report and change notices.
- Source primaire
- Data Protection and Privacy Act 2019; Regulations 2021; PDPO organisation guidance [13][14][15]
Process lawfully and transparently
- Action d’implémentation
- Document a lawful basis and purpose for identity, biometric, screening and monitoring data; provide required notices; minimise collection; keep information accurate; implement retention controls; and support authenticated data-subject rights.
- Preuves à conserver
- Privacy notices; lawful-basis register; consent records where used; rights log; DPIAs; retention schedule.
- Source primaire
- Data Protection and Privacy Act 2019 ss.7-18; Regulations 2021 [13][14]
Notify every covered security breach immediately
- Action d’implémentation
- Where there is reason to believe personal data has been accessed or acquired by an unauthorised person, notify the PDPO immediately and follow the prescribed response process. Do not add an unsupported materiality or qualifying-breach threshold.
- Preuves à conserver
- Incident register; PDPO notice and timestamp; containment and investigation record; data-subject communications where directed.
- Source primaire
- Data Protection and Privacy Act 2019 s.23; PDPO organisation guidance [13][15]
Use only the section 19 cross-border routes
- Action d’implémentation
- Before processing or storing personal data outside Uganda, ensure the destination has adequate protection at least equivalent to Uganda's Act or obtain the data subject's consent. Do not rely on contract performance or an unspecified statutory condition as a section 19 transfer ground.
- Preuves à conserver
- Destination adequacy assessment or valid consent; transfer inventory; processor contract; security review.
- Source primaire
- Data Protection and Privacy Act 2019 s.19 [13]

9 domaines de contrôle et 51 vérifications d'implémentation avec sources réglementaires directes.
Téléchargez la checklist KYC, KYB et AML pour Ouganda
Partagez vos coordonnées professionnelles pour accéder immédiatement à la checklist d'implémentation sourcée pour Ouganda. Date de revue réglementaire : 15 July 2026.
Recevez le PDF immédiatement
Envoyez vos coordonnées pour démarrer automatiquement le téléchargement
Revue et sourcée
Version 1.9, revue le 15 July 2026
Approuvé par des équipes conformité de premier plan
Registre des sources primaires
26 sources utilisées pour cette checklist
Utilisez ces liens pour vérifier la législation, les lignes directrices, les procédures de déclaration et les statuts internationaux.
- 01Uganda Legal Information Institute (ULII) · Anti-Money Laundering Act 2013, consolidated with 2017 amendments
- 02Uganda Legal Information Institute (ULII) · Anti-Money Laundering Regulations 2015, with amendment history
- 03Uganda Legal Information Institute (ULII) · Anti-Money Laundering (Amendment) Act 2017
- 18Parliament of Uganda · Anti-Money Laundering (Amendment) Act 2022 (Act 18), official Acts 2022 collection
- 22Ministry of Justice and Constitutional Affairs Uganda · Official government record confirming the Anti-Money Laundering (Amendment) (No. 2) Act 2022 (Act 23); Parliament's public 2022 collection does not currently expose the Act 23 text
- 19Uganda Legal Information Institute (ULII) · Anti-Money Laundering (Amendment) Regulations 2022, S.I. 15 of 2022
- 20Financial Intelligence Authority Uganda · Anti-Money Laundering (Amendment) Regulations 2023, S.I. 2 of 2023
- 21Uganda Legal Information Institute (ULII) · Anti-Money Laundering (Amendment of Schedule 2) Instrument 2025, S.I. 17 of 2025
- 04Financial Intelligence Authority Uganda · Current accountable-person registration instructions
- 05Financial Intelligence Authority Uganda · Current goAML registration and STR information
- 24Financial Intelligence Authority Uganda · Direct reporting requirements for suspicious transactions, large cash transactions and international wire transfers
- 25Financial Intelligence Authority Uganda · Guidance Note on Suspicious Transaction Reports for Accountable Persons, effective 1 December 2024
- 06Financial Intelligence Authority Uganda · Current online registration guidelines
- 07Uganda Legal Information Institute (ULII) · Companies Act, current consolidated text
- 08Uganda Legal Information Institute (ULII) · Companies (Beneficial Owners) Regulations 2023
- 09Uganda Legal Information Institute (ULII) · Companies (Beneficial Owner) (Amendment) Regulations 2024, S.I. 35 of 2024, gazetted instrument record
- 10Uganda Legal Information Institute (ULII) · Anti-Terrorism Regulations 2025, SI 75 of 2025
- 11Uganda Legal Information Institute (ULII) · National Payment Systems Act, Cap. 59
- 12Uganda Legal Information Institute (ULII) · National Payment Systems Regulations 2021 and amendment history
- 13Uganda Legal Information Institute (ULII) · Data Protection and Privacy Act 2019
- 14Uganda Legal Information Institute (ULII) · Data Protection and Privacy Regulations 2021
- 15Personal Data Protection Office Uganda · Current organisational compliance and breach guidance
- 16Financial Action Task Force · Uganda removed from increased monitoring, February 2024
- 17Bank of Uganda · National Payment Systems Oversight Framework 2025
- 26Ministry of Internal Affairs Uganda · Protection of Sovereignty Act 2026 (Act 7 of 2026), official publication page
- 27Ministry of Internal Affairs Uganda · Protection of Sovereignty Act 2026 (Act 7 of 2026), enacted Act PDF
Réponses directes
Questions KYC, KYB et AML pour Ouganda
Who is Uganda's financial intelligence unit?+
The Financial Intelligence Authority is the national centre for receiving, analysing and disseminating financial intelligence and registers accountable persons.
What is Uganda's large-cash reporting threshold?+
FIA states that cash and monetary transactions exceeding 1,000 currency points, currently UGX 20,000,000, are reported using Form A.
How long must AML records be kept?+
FIA guidance states that accountable persons must keep required records for 10 years and keep them current and retrievable.
When is the annual AML compliance report due?+
Regulation 45 requires the prior calendar year's compliance report and internal AML/CFT policy to be submitted by 31 January.
Is Uganda on the FATF grey list?+
No. FATF removed Uganda from increased monitoring on 23 February 2024. Firms should still apply their normal risk-based country controls and monitor current FATF statements.
Does the Protection of Sovereignty Act 2026 source-of-funds control apply to every Ugandan institution or cross-border transfer?+
No. Section 25 applies to a supervised institution, defined as a person licensed under an Act of Parliament to facilitate cross-border money transfers, when paying or transferring funds to an agent of a foreigner. In that scoped case, the institution must obtain the prescribed declaration evidence before payout and report the relevant transfers monthly to its regulator under the applicable regulations.
Méthode de recherche et de revue
VOVE ID Compliance Research cartographie le périmètre réglementaire, traduit les obligations en contrôles opérationnels, relie les affirmations importantes aux sources et date chaque revue.
VOVE ID Compliance Research · Revue le 15 July 2026 · Version 1.9
Operational guidance, not legal advice. Requirements vary by licence, activity and supervisor. Confirm the current consolidated laws, FIA directives, Bank of Uganda conditions and sector-specific rules before implementation.