This framework establishes the protocols for identifying, assessing, mitigating, and monitoring risks associated with Pesa Wire's digital app and money transfer operations, ensuring compliance with Bank of Uganda standards.
1. Risk Governance and Oversight
- Board of Directors: Retains ultimate responsibility for establishing the risk appetite, approving the risk management strategy, and ensuring the platform remains adequately capitalized.
- Risk Management Committee: An independent oversight body that reviews risk exposures, monitors compliance with internal policies, and advises the Board on emerging threats.
- Executive Management: Responsible for implementing the risk framework, integrating controls into daily operations, and fostering a culture of risk awareness.
- Internal Audit: Provides objective, independent verification to the Board that the established risk controls and mitigation strategies are functioning effectively.
2. Core Risk Categories and Mitigation Strategies
- Operational Risk: Mitigation involves automated transaction reconciliations, deployment of a fully redundant core processing engine to prevent downtime, and stringent access controls to minimize human error.
- Liquidity and Financial Risk: Managed through real-time monitoring of settlement obligations, strict maintenance of statutory minimum balances in BoU-approved trust accounts, and continuous tracking of forex volatility exposures.
- Compliance and Legal Risk: Strict adherence to AML/CFT regulations is enforced via automated Know Your Customer (KYC) verification, real-time transaction screening algorithms, and mandatory staff compliance training.
- Cybersecurity and IT Risk: In alignment with BoU's cybersecurity mandates, the platform utilizes end-to-end encryption, regular third-party penetration testing, and robust incident detection systems to protect user data and funds.
- Third-Party Risk: Active monitoring of Service Level Agreements (SLAs) with integration partners, mobile money operators, and settlement banks to ensure continuous uptime and security compliance.
3. Risk Identification and Assessment
- Continuous Monitoring: Deployment of real-time analytics to track transaction anomalies, velocity limits, and overall system health.
- Stress Testing: Routine simulations of extreme market volatility, liquidity crunches, and cyber-attack scenarios to evaluate platform resilience.
- Centralized Risk Register: Maintenance of a dynamic ledger documenting all identified enterprise risks, their likelihood, potential impact, and the status of corrective actions.
4. Incident Response and Business Continuity
- Escalation Protocols: Defined thresholds for internal alerts and mandatory external reporting timelines to notify the Bank of Uganda of any material security or operational incidents.
- Disaster Recovery: Maintenance of off-site, geographically separated data backups with automated failover capabilities to ensure uninterrupted service delivery during crises.
See our Business Continuity & Disaster Recovery Policy for full detail.
5. Reporting and Review
- Internal Dashboards: Daily operational risk summaries for management and comprehensive quarterly risk profile updates presented to the Board.
- Regulatory Submissions: Adherence to all Bank of Uganda reporting schedules regarding operational stability, liquidity positions, and risk control effectiveness.
Richard Bigabwa
Chief Executive Officer
Email: support@pesa-wire.com
Website: pesa-wire.com
Main Office (Ntinda): Plot 2114 & 2115, Block 216, Level 6 A6-02, Ntinda, Nakawa Division, Uganda
Branch Office (Town): Kimathi Avenue Plot 2, UAP Insurance Building, Office No. 3, Kampala Central, Uganda