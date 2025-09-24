Cybersecurity and fraud detection top the agenda for Bank of Uganda’s Senior Director of IT, Collins Babirukamu, who is building layered defenses, from multi-factor authentication to red-team testing, while keeping digital banking convenient.

When your job is securing the core rails of a country’s financial system, sleep comes second.

“Cyber security and fraud detection are two of the most important things that keep me awake,” says Babirukamu.

At the central bank, he argues, technology has moved from back-office support to the very heart of banking, which raises the stakes: every new feature or integration expands the attack surface.

Babirukamu’s approach starts with people. Staff awareness and continuous training sit alongside strict processes, role-based access, segregation of duties, and change control that keep experimental ideas out of production.



Then come the controls most customers never see: multi-factor authentication for all privileged users, encryption for data in transit and at rest, and continuous monitoring that pairs automated alerting with periodic penetration tests and red-team exercises to probe for weak points.



Babirukamu insists security can’t be bolted on later. It has to be designed into customer journeys, strong enough to stop fraud, light enough to avoid needless friction.

Industry data underscores the pressure he describes. Uganda Bankers’ Association (UBA) reports that the biggest fraud drivers in 2024 were impersonation, account takeovers, and cyber fraud.

Mobile banking fraud remained high, while cheque fraud fell markedly, evidence that controls in older rails are tightening even as attacks shift to digital channels.

Banks and regulators have begun to harden the ecosystem with shared rules and playbooks.

In February 2024, UBA launched the Banking Industry Guidelines on Mitigation of Fraud alongside a revised Industry Code of Conduct, a framework for information-sharing, standardised reporting, and stronger, sector-wide prevention.

The collaboration widened at the Financial Anti-Fraud Forum in July 2024, which drew roughly 228 stakeholders from banks, telecoms, regulators, law enforcement, and development partners.

Recommendations included setting up a Financial Sector Anti-Fraud Consortium to coordinate responses, fund awareness campaigns, and build capacity, strengthening laws and penalties; and pursuing cross-border partnerships for detection and recovery.

That consortium is now live: after terms of reference were signed off in December 2024 and a work plan approved in February, the Anti-Fraud Consortium was launched on April 23, 2025.

The consortium brings together UBA, the National Payments System Providers Association, Bank of Uganda, the Financial Intelligence Authority, and the Uganda Communications Commission.

Identity assurance is another frontline. UBA’s evaluation of the electronic know your customer platform, through which 31 supervised financial institutions verify customers against the NIRA database, found 68 percent of institutions rated the system satisfactory for speed and onboarding efficiency, though gaps such as image verification and the absence of a unique identifier remain.

A next-phase upgrade began in February 2025 to enhance fraud-fighting features and extend coverage.

On the softer side of defense, the industry is pushing sustained customer awareness campaigns, while regulators emphasize interventions that combine anti-money laundering enforcement, identity verification services, and an innovation-friendly posture that still mitigates risk, an approach meant to preserve convenience without trading away resilience.

For Babirukamu, the destination is “security by design”; layered controls baked into products from the first wireframe; governance mapped to international standards and tools like AI-driven anomaly detection and automated checks that triage alerts so human teams can focus on the highest-risk cases.

In a market where mobile money is ubiquitous and Fintech partnerships multiply, that balance is existential; convenience drives adoption; poor security kills trust.