Bank & Financial Institution Physical Security in Uganda (2026): CCTV, Access Control, and Compliance
Bank of Uganda audit requirements, fraud prevention, and staff accountability demand a higher standard of physical security...
On this page12 items
- What Makes Financial Institution Security Different
- Cash handling risk
- Insider threat risk
- Regulatory audit risk
- CCTV Requirements for Ugandan Financial Institutions
- Storage and Retention
- Access Control for Financial Institution Zones
- Time and Attendance for Financial Institution Staff
- Alarm Systems for Financial Institutions
- Power Backup: A Non-Negotiable Requirement
- Build Your Financial Institution Security Knowledge Cluster
- Proxima Solutions
Share this guide
Financial institutions in Uganda operate under a specific set of physical security obligations that go beyond what is required for general commercial premises. Bank of Uganda supervision guidelines, internal audit requirements, and the operational reality of managing cash, customer data, and restricted areas create a security environment where gaps in CCTV coverage, access control, or audit logs are compliance failures — not just security risks.
This guide covers the physical security controls that Ugandan banks, SACCOs, microfinance institutions, and forex bureaux need to have in place, and how to design them to meet both operational and regulatory expectations.
What Makes Financial Institution Security Different
Financial institutions face three distinct categories of physical security risk that do not apply to most commercial premises:
Cash handling risk
Teller areas, cash offices, ATM rooms, and vault approaches require camera coverage that is more granular than general perimeter surveillance. The goal is not just detecting intrusion — it is creating an unbroken evidence trail for every cash movement.
Insider threat risk
A significant proportion of financial institution losses come from staff, not external criminals. Access control that logs every entry to restricted areas — and access review processes that actually review those logs — is the primary control against insider theft and fraud.
Regulatory audit risk
Bank of Uganda guidelines and internal compliance frameworks specify minimum retention periods for CCTV footage — typically 90 days — and require documented access control policies and audit trails. A system that cannot produce this evidence during an audit creates regulatory exposure.
CCTV Requirements for Ugandan Financial Institutions
Camera coverage must address the following areas without exception:
- All customer-facing teller positions — full face and transaction visibility
- Cash office and counting room — complete room coverage with no blind spots
- Vault approach and vault door — every entry and exit event
- ATM interior and exterior — where applicable
- All entrance and exit points — including staff entrances
- Server room and data centre — where applicable
- Manager and senior staff offices — for institutions that handle sensitive transactions
Resolution requirements are higher than general commercial CCTV. Teller cameras should be capable of identifying individuals and reading transaction documents. A 2MP camera at the correct position and angle is the minimum standard for teller coverage.
Storage and Retention
Bank of Uganda supervision expectations and most internal audit frameworks require a minimum of 90 days CCTV retention for financial institutions. This significantly increases storage requirements compared to standard commercial CCTV.
For a branch with 16 cameras recording continuously at 2MP, a 90-day retention period requires substantial NVR storage. Under-sizing storage — one of the most common installation failures — means footage is overwritten before the retention requirement is met.
Related: CCTV Installation in Kampala: What to Buy and How to Avoid Mistakes
Access Control for Financial Institution Zones
Access control in a financial institution must match the sensitivity of each zone. A zone structure appropriate for a Ugandan bank branch or SACCO headquarters:
- Public zone: banking hall, ATM lobby — no access control, full CCTV
- Staff zone: back office, staff facilities — card or biometric access, all staff
- Restricted zone: cash office, teller vault access, compliance files — named individuals only, biometric preferred
- High-security zone: main vault, server room, IT infrastructure — dual-factor access, senior staff only, every entry logged
For each restricted and high-security zone, the system should log:
- Name and credential of every person who enters
- Time and date of every entry and exit
- Any failed access attempts
- Any after-hours access events
This log must be reviewable by compliance and audit teams on demand.
Related: Biometric Access Control in Uganda: Fingerprint vs Face (and What to Choose) Access Control Policies & Audit Logs: The Missing Part Most Sites Ignore
Time and Attendance for Financial Institution Staff
For financial institutions with shift structures — including security guards, tellers, and back-office staff — biometric time and attendance linked to access control creates a single record of both attendance and movement.
This is particularly valuable for audit purposes. When a compliance query asks who was in the cash office between 3pm and 4pm on a specific date, a combined access control and attendance system answers that question immediately.
Related: Time & Attendance in Uganda: Why Manual Systems Fail and What Proper Shift Accountability Looks Like
Alarm Systems for Financial Institutions
Alarm systems in financial institutions need to go beyond standard intrusion detection. Key requirements:
- Silent panic alarms at teller positions — activatable without alerting a criminal in the banking hall
- Vault door contact alarms — triggered by unauthorised opening outside business hours
- Motion detection in the banking hall after hours — with CCTV verification before response
- Direct connection to an armed response company or police contact where possible
Related: Alarm Systems in Uganda: What Works, What Fails, and Response Rules
Power Backup: A Non-Negotiable Requirement
Financial institutions cannot tolerate security downtime. CCTV, access control, and alarm systems must all have power backup sufficient to maintain full operation through a standard UMEME outage.
For branches in Kampala, a UPS covering 4–8 hours is typically adequate. For upcountry branches where outages may be longer, generator backup with automatic changeover is the appropriate solution.
Related: Solar-Powered CCTV for Off-Grid and Upcountry Sites in Uganda (2026)
Build Your Financial Institution Security Knowledge Cluster
- CCTV Installation in Kampala: What to Buy and How to Avoid Mistakes
- Biometric Access Control in Uganda: Fingerprint vs Face (and What to Choose)
- Access Control Policies & Audit Logs: The Missing Part Most Sites Ignore
- Alarm Systems in Uganda: What Works, What Fails, and Response Rules
- Time & Attendance in Uganda: Why Manual Systems Fail
- Security Systems in Uganda (2026): The Complete Guide
Proxima Solutions
Proxima Solutions designs and installs physical security systems for banks, SACCOs, MFIs, and forex bureaux in Uganda — with CCTV coverage and retention periods that meet audit requirements, access control logging that satisfies compliance review, and alarm systems designed for the specific risks of cash-handling environments.
We help financial institutions build security infrastructure that protects operations and stands up to regulatory scrutiny.
Contact Proxima Solutions for a financial institution security assessment and compliance-ready system design.
Want this deployed properly for your operations?
Get a clean deployment plan: device choice, installation checklist, alert configuration, reporting cadence, and staff training — so the system delivers ROI.