Uganda Insurance Regulatory Authority orders insurance sector firms to conduct enterprise-wide and customer-level money laundering, terrorism financing and proliferation financing risk assessments

The Uganda Insurance Regulatory Authority has issued a directive to licensed insurers, reinsurers, health membership organisations, micro insurers, insurance brokers and corporate agents requiring compliance with statutory anti-money laundering and terrorism financing risk assessment obligations, including periodic, documented enterprise-wide assessments. Firms must conduct and maintain a robust Enterprise-Wide Risk Assessment covering ML/TF risks across products and services, customer base, distribution channels, and geographic exposure, and must integrate proliferation financing risk. The directive also requires customer-level risk assessments for every customer, enhanced source of wealth and source of funds checks for high-risk customers, assessment of ML/TF risks in underlying assets of investment-linked policies (including where investments are in non-traded assets or non-equivalent jurisdictions), and transaction monitoring calibrated to the customer risk profile with inconsistent activity treated as potentially suspicious. Records of the risk assessment data and analysis must be kept for at least five years after the end of the business relationship. Board and senior management approval is required for the enterprise-wide risk assessment, which must be kept current and reviewed periodically or upon a material triggering event. Firms are advised to align existing AML/CFT policies and procedures with the directive, with non-compliance subject to monetary penalties or other enforcement actions under relevant laws.