Overview:
The directive emphasizes compliance with Section 120 of the Insurance Act and the Anti-Money Laundering Act (Cap 118), requiring firms to enhance scrutiny across their operations to reduce exposure to illicit financial activities.
The Insurance Regulatory Authority has directed all licensed insurers and intermediaries to strengthen their internal controls to guard against money laundering and terrorist financing.
In a circular dated March 17, 2026, the Authority urged industry players to adopt a risk-based approach in tackling financial crime. The directive emphasizes compliance with Section 120 of the Insurance Act and the Anti-Money Laundering Act (Cap 118), requiring firms to enhance scrutiny across their operations to reduce exposure to illicit financial activities.
According to the circular, signed by Chief Executive Officer Alhaj Dr Kaddunabbi Ibrahim Lubega, insurers must regularly review and update their policies and procedures. They are also required to maintain a comprehensive, enterprise-wide risk assessment framework that addresses money laundering and terrorism financing risks specific to their businesses. Particular attention should be given to higher-risk products such as life insurance policies with investment components, annuity contracts, and single premium policies.
The directive further requires firms to conduct risk assessments before launching new products, introducing new delivery channels, or adopting new technologies—whether for new or existing services. In addition, insurers must classify customers based on factors such as occupation, source of wealth, geographic location, and ownership structures. Customer risk levels should be evaluated before or during the establishment of business relationships, with enhanced due diligence applied to high-risk clients, including verifying the source of funds and wealth.
Where investments involve non-traded assets or entities in jurisdictions with weaker regulatory frameworks, insurers are expected to assess and document the associated risks. Ongoing transaction monitoring must align with each customer’s risk profile, and records of risk assessments must be retained for at least five years after the end of the business relationship.
This directive comes amid growing concern that the insurance sector—particularly life and investment-linked products—is increasingly being exploited by money launderers seeking to legitimize illicit funds.
Finally, company boards and senior management have been tasked with approving and overseeing enterprise-wide risk assessments, ensuring they remain up to date through regular reviews or whenever significant risk-triggering events occur.