Uganda AML compliance: what the FIA expects from banks in 2026

Who is the FIA, and what does it require from banks in Uganda?

The Financial Intelligence Authority (FIA) is Uganda's AML supervisor. Established under the Anti-Money Laundering Act of 2013, and significantly amended in 2017 and 2022, the FIA is the agency every regulated institution in Uganda reports to on AML and CFT matters. The Bank of Uganda handles prudential supervision; the FIA handles AML supervision; both expect the same KYC and customer due diligence (CDD) controls to be in place.

In 2026, the FIA's compliance expectations have tightened. This piece is a practical breakdown of what the regulator now expects, drawn from the AML Act, the FIA's Practice Directives, and current enforcement patterns.

The five pillars of FIA AML compliance

1. Customer due diligence (CDD) and ongoing monitoring

Every accountable institution must identify and verify every customer before establishing a business relationship. The minimum standard:

Full legal name, date of birth, address and identification number, verified against an authoritative source, NIRA for Ugandans, passport for foreign nationals.
For corporate customers, the registered entity, beneficial owners (the natural persons ultimately owning a controlling share under FIA rules), and authorised signatories.
Source of funds and intended use of the account at onboarding.
Ongoing monitoring, risk profiles and CDD records must be refreshed periodically, more often for higher-risk customers.

2. Politically Exposed Person (PEP) screening

Domestic and foreign PEPs, their family members and known close associates require Enhanced Due Diligence (EDD). The FIA expects institutions to screen every customer at onboarding against current PEP lists and to re-screen continuously thereafter, a one-time check at account opening is not enough.

3. Sanctions screening

Every customer must be screened against the UN consolidated list and other applicable sanctions lists (OFAC, EU, HMT, where relevant). A sanctioned individual or entity must be reported to the FIA within 24 hours and assets frozen.

4. Transaction monitoring and threshold reporting

Cash transactions above the FIA's prescribed threshold must be filed as Currency Transaction Reports (CTRs). Any transaction that is structurally suspicious, unusual size, pattern, source or destination, must be reported as a Suspicious Transaction Report (STR), regardless of value.

5. Record-keeping

All KYC documentation, transaction records and CDD evidence must be retained for at least seven years from the end of the customer relationship, and produced to the FIA on request.

Where institutions are getting caught out

In our experience supporting AML compliance at 40+ Ugandan institutions, four gaps recur:

Beneficial ownership cascades. When a corporate customer is itself owned by another corporate, institutions stop at the first layer instead of resolving the full chain down to a natural person.
Static screening. PEP and sanctions screening is done at onboarding, then never repeated. New designations on UN and OFAC lists go unnoticed.
Manual STR workflows. Suspicious activity is spotted by a frontline officer, escalated by email, and lost in someone's inbox before the FIA's reporting window closes.
NIRA fall-back. When NIRA is unreachable, the customer is onboarded on the strength of the visual ID alone, and the live verification never gets retried.

What good AML compliance looks like in 2026

KYC integrated directly with NIRA, URSB and KCCA, no scanned-copy checks.
PEP and sanctions screening run continuously, with alerts when a customer's status changes.
STR and CTR workflows in a system, not an inbox, with auto-population of the FIA's reporting templates.
Full audit trail, every check, every decision, every reviewer, every timestamp, retained for the seven-year window.

How Laboremus helps

STREAMLINE by Laboremus is the AML and KYC platform 40+ regulated institutions in Uganda run their compliance on. Direct integrations with NIRA, URSB and KCCA. Continuous PEP and sanctions screening. Beneficial-ownership cascades resolved automatically. Every check produces an FIA-ready audit trail.

If you would like to see STREAMLINE running against your own customer file, the first walkthrough takes 30 minutes.

Run STREAMLINE on
your own customer file.

NIRA verification for Ugandan banks: a practical guide

Uganda AML compliance: what the FIA expects from banks in 2026

Who is the FIA, and what does it require from banks in Uganda?

The five pillars of FIA AML compliance

1. Customer due diligence (CDD) and ongoing monitoring

2. Politically Exposed Person (PEP) screening

3. Sanctions screening

4. Transaction monitoring and threshold reporting

5. Record-keeping

Where institutions are getting caught out

What good AML compliance looks like in 2026

How Laboremus helps

See STREAMLINE running on your own customer file.
The first walkthrough takes 30 minutes.

Who is the FIA, and what does it require from banks in Uganda?

The five pillars of FIA AML compliance

1. Customer due diligence (CDD) and ongoing monitoring

2. Politically Exposed Person (PEP) screening

3. Sanctions screening

4. Transaction monitoring and threshold reporting

5. Record-keeping

Where institutions are getting caught out

What good AML compliance looks like in 2026

How Laboremus helps

More from Laboremus

AML Screening in Africa: How digital AML screening platforms boost accuracy and reliability

How to build a reliable PEP screening process with Laboremus

PEP screening in Africa: Landscape, challenges and automation

See STREAMLINE running on your own customer file. The first walkthrough takes 30 minutes.

See STREAMLINE running on your own customer file.
The first walkthrough takes 30 minutes.