The theft of billions of shillings at the Bank of Uganda (BoU) has been revealed as a likely inside job involving collusion among officials, according to ongoing investigations. This revelation contradicts earlier reports suggesting the funds were stolen by external hackers. Security agencies have shifted their focus to employees within BoU, the Ministry of Finance’s Treasury department, and the Accountant General’s office.
The heist, which occurred in September, involved the transfer of $13 million (Shs47.8 billion). Of this amount, $6 million (Shs22 billion) was wired to Japan, while $7 million (Shs25.7 billion) was sent to the United Kingdom. Initial reports suggested the theft was orchestrated by shadowy operatives in Southeast Asia. However, findings from an independent audit conducted last week indicate that the operation was likely an organized crime facilitated internally.
President Museveni, upon learning of the theft, directed security agencies to investigate. Subsequently, officials from BoU and the Ministry of Finance recorded statements with the police, and staff from the Accountant General’s office were also summoned for questioning. Detectives from the Defence Intelligence and Security (DIS), formerly known as the Chieftaincy of Military Intelligence (CMI), alongside the Auditor General’s office, are now spearheading the probe.
Preliminary findings suggest that fraudulent expenditure requests were created within the Accountant General’s office, enabling the funds to be transferred through BoU’s secure payment systems. The system utilizes dual encryption keys to ensure security—one public key shared between the sender and recipient and a private key known only to the recipient. Investigators believe that someone with access to the private key decrypted the files and manipulated the system to authorize the transfers.
To conceal the theft, the funds were channeled through intermediary banks before reaching accounts in Japan and the UK. When anomalies were detected, BoU officials reported the matter to the police. A staff member who was allegedly in Nairobi at the time was detained, and their laptop is under forensic examination to uncover details of the logins and system access used during the heist.
The independent audit also confirmed that BoU’s network firewalls had not been breached, further dispelling earlier hacking claims. The incident has raised concerns about long-standing vulnerabilities in public financial management systems, with investigators suspecting this may be part of a broader pattern of money laundering.
The BoU and Ministry of Finance have yet to issue detailed public statements, but the case underscores the need for stringent reforms to safeguard Uganda’s financial systems.
