Securing Uganda's financial rails has become a race against evolving threats. Babirukamu warns that every new digital feature or integration expands the “attack surface,” increasing risk across banking systems.
BoU’s approach is layered. It begins with staff vigilance: continuous training, strict internal controls, role‑based access, segregation of duties, and tight change‑management processes that prevent untested ideas from reaching production.
On the technological side, BoU is deploying multi‑factor authentication for privileged users, encryption for data in transit and at rest, and ongoing monitoring combined with red‑team exercises to identify weak points before they can be exploited.
“Cyber security and fraud detection are two of the most important things that keep me awake,” Babirukamu said. His concern is shared across Uganda’s banking industry, which saw 2024 marked by a spike in impersonation, account takeovers, and other forms of cyber‑fraud.
With mobile banking fraud still high even as cheque fraud declines, banks and regulators are now pushing for shared rules, standardized reporting, and coordinated prevention efforts. Initiatives such as the Banking Industry Guidelines on Mitigation of Fraud and a revised Industry Code of Conduct are part of the response.
In April 2025 the Anti‑Fraud Consortium formally launched, bringing together stakeholders from the Bank of Uganda, Uganda Bankers Association, telecoms, regulators, and law enforcement to coordinate action, build public awareness, and improve capacity.
At the same time, identity verification remains a key battlefield. While many institutions rate the electronic know‑your‑customer (eKYC) system for verifying customer identities against the NIRA database as satisfactory, gaps remain, particularly in image verification and in establishing unique identifiers for every user.
For Babirukamu, security isn’t a retrospective patch it must be “designed in” from the start. From customer onboarding to transaction flows, risk‑aware design, AI‑driven anomaly detection, and incident triage are now central to BoU’s IT architecture.
As Uganda’s financial services continue their rapid digital transformation, the pressure is on to preserve both trust and convenience. Falling short on security undermines confidence; rigidness or friction can push users away. Babirukamu believes maintaining that balance is the central task for his team and by extension, for the whole sector.