74 financial institutions now access NIRA database, says BoU

Bank of Uganda (BoU) has indicated that at least 74 supervised financial institutions now have access to the National Identification and Registration Authority (NIRA) database.

The access, which is part of the plan to enhance the Know Your Customer (KYC) strategy as mitigation against fraud and associated risks and enhance financial inclusion, was launched in 2020 by Bank of Uganda in partnership with Uganda Bankers Association and Financial Sector Deepening Uganda to implement a section of the Registration of Persons Act, 2015 that provides for the use of a national ID and invariably the associated National Identification Number (NIN), to access certain services, including those of a financial nature.

It authorises supervised financial institutions to collect pre-agreed customer data, which is then submitted to the e-KYC system hosted by Bank of Uganda for authentication.

In its annual report for the year ended June, Bank of Uganda indicates that as of June 2024, there were 74 financial institutions accessing the NIRA database, 47 of which were at production and 29 at testing stage.

The report goes further to break down the categories of financial institutions that access the database, noting that a total of 27 commercial banks now have access, 21 of which are at production, while seven are at the testing stage. One, which the report does not mention, was suspended. 

Others include five microfinance institutions, one forex bureau, 34 financial technology companies (fintechs), two insurance companies, one telecom, and three credit reference bureaus.

In the last three years, commercial banks have heightened data update initiatives, emphasizing national ID as a key requirement.

Many customers have previously been locked out of their accounts over failure to provide some details, among them NINs.  

While launching the e-KYC in 2020, Bank of Uganda noted that the sustainable delivery of financial services significantly relied on the ease of uniquely identifying customers, the absence of which, would be a major constraint to financial inclusion and credit growth.  

The Central Bank also indicated that failure to uniquely identify customers was exposing the financial sector to fraud, especially due to the delicate balance of using digital systems to conduct financial services, which could only be mitigated by real-time verification of customer data.

Under the Registration of Persons Act, 2015, government authorises some key service providers, such as financial institutions and telecoms, to access personal data held by NIRA.

However, such access has previously been challenged by some security circles, which argue that giving personal data to private companies may compromise private and national security.

Breach of personal data is highly penalised under the Data Protection and Privacy Act 2019, implemented by the Personal Data Protection Office.  

Bank of Uganda also indicated that during the year ended June, it had directed all payment systems providers to amend agent agreements to obtain consent to share KYC information and enhance suspicious activities monitoring.

The Central Bank has been using measures such as KYC as proactive steps to mitigate rising fraud, enhance cybersecurity, and improve financial inclusion.

[email protected]