The Bank of Uganda (BoU) is investigating two high-profile incidents of fraud that resulted in the diversion of $13 million (approximately Shs47.9 billion) in international payments. The fraudulent activities, which involved manipulating secure payment systems, have prompted a multi-agency investigation to uncover the full details and hold the perpetrators accountable.
In a statement issued by Mr. Kenneth Egesa, BoU’s Director of Communications and Public Relations, the bank highlighted its commitment to addressing the matter with the utmost seriousness.
“We immediately initiated a comprehensive internal investigation to understand the full scope of these incidents, conduct a thorough process review, and identify steps to prevent future occurrences,” the statement read.
Bank of Uganda is working with agencies such as the Criminal Investigations Directorate (CID), the Financial Intelligence Authority, and the Office of the Auditor General to aid the probe.
The fraudulent scheme involved the misuse of an asymmetric file transfer system. This system typically uses two keys: a public key shared between the sender and recipient, and a private key known only to the recipient. Insiders reportedly exploited the system by decrypting the files, creating new keys, and authorizing payments to accounts in Japan and England. A total of $6 million (approximately Shs22 billion) was sent to Japan, while $7 million (approximately Shs25.8 billion) was wired to England.
Efforts to recover the funds have met mixed results. A bank in England complied with BoU’s request to freeze the $7 million transfer, but a Japanese bank rejected the freeze request, citing valid documentation provided by the fraudsters. Investigations revealed that Shs400 million had already been withdrawn from one of the accounts.
The Directorate of Interpol and International Relations is working with its counterparts in England and Japan to identify individuals and entities involved in the scheme. So far, 17 officials from BoU and the Ministry of Finance, Planning and Economic Development have been questioned.
The breach was discovered in September when Bank of Uganda officials identified irregularities. A staff member, who had traveled to Nairobi during the period of the fraud, was apprehended, and their laptop seized. The device is undergoing forensic analysis by an auditing firm to extract login credentials used in the heist.
Bank of Uganda has assured the public of its commitment to maintaining institutional integrity and transparency. A detailed update will be provided once investigations are complete, with measures implemented to safeguard the bank’s systems and restore public confidence.
