Skip to main content

Guidance Notes

WHO MUST COMPLY?

These are referred to as accountable persons, that is to say; Persons and entities listed under the second schedule of the Anti-Money laundering Act, 2013 (as amended) and these include:

  • Banks
  • Money Deposit Institutions
  • Credit Institutions
  • Forex Bureaus
  • Casinos
  • Dealers in precious stones and metals
  • Insurance companies
  • Insurance brokers and agents
  • Security exchange brokers
  • Trusts
  • NGOs
  • Mobile Money service providers
  • Churches
  • Real estate agents
  • Registrars of companies and land
  • Advocates
  • Accountants
  • Regulators(NGO Bureau, Insurance Regulatory Authority, Bank of Uganda, Capital Markets Authority, Ministry of energy, Ministry of lands, Uganda Micro Finance Regulatory Authority)
  • Virtual Assets Service Providers (VASPs)

OBLIGATIONS OF ACCOUNTABLE PERSONS

An accountable person has a number of obligations as listed here attach link. Below are the detailed obligations.

1. Register with the FIA

The registration process is two folds, the electronic process and the manual process.

Manual Process

a) Download of the Registration forms

The registration forms can be downloaded from our website (www.fia.go.ug)

Link is hereby attached. Please attach link

b) Fill in Form 1 and 3.

Form 1 requires the accountable person to furnish the Authority with details on the entity (name of entity, registration numbers, Tax Identification Number (TIN), Chief Executive Officer’s details, location and address of the entity).

Form 3, requires the entity to appoint a money laundering control officer who is a liaison person with the Authority and whose obligations are listed under the Act and Regulations thereto. (Anti-Money laundering Act, 2013 and Anti-Money laundering Regulations, 2015)

This Form therefore requests for details of the appointed person who should be of a senior managerial position.

c) Include attachments to the forms

The following kinds of documents should be attached on the application forms 1 and 3 prior to submission to the FIA:-

  • A certificate of incorporation,
  • license or permit from the licensing Authority,
  • National ID of the appointed Money Laundering Control Officer (MLCO)
  •  For individuals listed above (advocates and accountants), only a permit or practicing certificate should be attached and an ID for the appointed person

d) Authentication of Documentation

The documents submitted must be stamped and dully signed by the relevant officers.

e) Submission to the FIA.

The documents together with their attachments must be forwarded to the FIA office premises for receipt.

Electronic Process

To register, please follow the steps here. 

2. Have in place an Anti-Money Laundering (AML) Program

What is an AML Program?

This is a set of regulations and procedures that accountable persons (persons and reporting entities) follow to prevent and detect money laundering or terrorist financing activities.

What are the elements of a compliance program?

A compliance program has the following elements;

  • A system of internal policies, procedures and controls of money laundering and terrorism financing
  •  A designated compliance function with a compliance officer
  • Ongoing employee training program
  • An independent audit function to test overall effectiveness.

What is an AML Policy?

The law requires that all accountable persons should have anti AML policy in place. The policy comprises of procedures, controls to detect and prevent money laundering risks. It elaborates the steps taken to meet the regulatory requirements for compliance (procedures

Examples of these procedures/ controls that should be designed to detect, prevent money laundering include how the institution will

  • Identify high risk operations (products, services, delivery channel, customers and geographical locations). High risk products are determined by indicators such as the level of cash involved (the more the business is cash intensive the higher the risk) Secondly the clients who purchase such products whether they are from high risk countries can be determined by referring to the FATF (Financial Action Task Force) list. Thirdly the taking note of the geographical location of customers means referring to the FATF list of high-risk countries and the sanction list and take precautions during transactions or engagements with customers. 
  • Inform the senior management and the Board of known compliance deficiencies, suspicious transactions reports filled and corrective action taken.
  • Assign clear accountability to people for performance of duties under the AML/CFT program
  • Provide for continuity of program despite the change in management or employee composition (stating who will take on the responsibilities incase an employee is away)
  • Provide for segregation of duties.
  • Provide for periodic reviews as well as timely updates of the policy
  • Comply with all record keeping requirements in the law (keep records for a period of 10 years and ensure that the records are up to date. This requires a regular review of the KYC documents, transaction records and correspondences to ensure that they are accurate and up to date.
  • Implement risk based CDD policies and procedures(the enhanced measures should be adopted in case of high risks and simplified due diligence measures for low risks).Enhanced due diligence measures like obtaining the purpose and source of funds, ongoing monitoring, obtaining further information that may assist in establishing the identity of the person or entity, applying extra measures to verify any documents supplied and obtaining senior management approval for the new business relationship or transaction sought by the person or customer;
  • Comply with training requirements (to ensure that the employees understand the procedures to be followed and their relevance to mitigating the risks in their departments.
  • Suspicious transaction reporting, describing how to report and escalate suspicious transactions both internally and to FIA.
  • Provide for Screening programs to ensure high standards when hiring employees, and disciplinary action for employees who consistently fail to performing accordance with the AML/CFT framework.
  • Conduct AML Audits to assess the effectiveness of the AML/CFT program.
  •  Continuously review transaction monitoring rules and have in place an efficient and effective automated transaction monitoring system. There should be real time reporting of transactions.

How often should an AML policy be reviewed?

An AML Policy should be reviewed regularly

How should an AML policy look like?

It should have the controls to mitigate the identified risks and take into account the applicable laws and Regulations and the changes there in.

Who approves the AML policy and how often should it be updated?

It should and approved by the executive management and the Board.

Should an AML Policy be shared with the FIU?

In compliance with the law, all accountable persons should submit their AML policies to FIA whose function is to provide feedback and guidance on compliance

This is the role of the compliance officer who is also appointed as a money laundering control officer.

Who is in charge of drafting an AML Policy?

This is the role of the compliance officer who is also appointed as a money laundering control officer.

3. Customer Due Diligence (CDD) and Know Your Customer (KYC)

Undertake CDD and KYC measures simply means identifying and verifying your customer. A risk-based approach should be adopted, where for high risks enhanced due diligence measures are required. This calls for intense scrutiny of customers for example obtaining additional information on identity of customers and extra measures to identify and verify customers, obtain the purpose and source of funds and continuously monitor transactions. On the other hand, low risks demand the of simplified measures of due diligence that is reasonable measures.

4. Asses risks, conduct regular risk assessments (assess customers, products and geographical location of business) to identify high risks and adopt appropriate measures to mitigate the risks such as enhanced due diligence or on going monitoring of transactions for high risks.

5. Put in place adequate controls to mitigate the identified risks.

6. Adhere to the record keeping requirements (keep records for a period of 10 years (ensure that they are up to date and well kept)

7. Reporting requirements (Timely submission of the AML Policy, Risk assessment reports, AML compliance report, product risk assessment reports, Suspicious transaction reports and AML Audit reports)

8. Conduct regular AML trainings to ensure that the staff and the senior management are knowledgeable on matters of money laundering and terrorism financing as well as the developments in the law.

9. Conduct AML audits to assess the efficiency of the compliance program in place.

************View the Guidance notes for the various categories of providers below:***************

Guidance notes for dealers in precious metals and stones
Guidance notes for NGOs
Guidance Notes for Legal Professionals
Guidance notes for Real Estates/Agents sector