Friday, February 7, 2025

"Inside Kenya’s Banking Scandals: How Insider Fraud is Costing Millions"



Kenyan Banks Under Siege: Rising Cases of Insider Fraud
Kenyan banks are grappling with a surge in insider fraud, as employees exploit their privileged access to siphon millions from financial institutions. Recent cases involving major banks highlight serious vulnerabilities in internal controls and the increasingly sophisticated tactics used by rogue insiders.

Multiple banks have been affected, including I&M Bank, SBM Bank Kenya, Equity Bank, KCB Bank, DTB Kisii, Credit Bank, and Ecobank Kenya. This widespread issue demonstrates the systemic nature of insider fraud and the challenges banks face in securing their systems.

How I&M Bank’s Kisii Branch Lost KSh 27.14 Million

At the heart of the scandal is I&M Bank’s Kisii branch, where former operations manager Daniel Ochieng’ Okweh orchestrated a KSh 27.14 million fraud. Okweh exploited loopholes in the bank’s cash handling processes by disguising lower denomination notes as KSh 1,000 bills.

The fraud was uncovered through an internal audit that exposed major discrepancies in cash vaults, ATM balances, and Mobicash float records. The discovery led to a full-scale investigation, revealing the extent of Okweh’s deception and prompting legal action against him.

SBM Bank’s Cyber Breach: KSh 9.5 Million Stolen

SBM Bank Kenya also fell victim to insider-enabled fraud, losing KSh 9.5 million through a cyberattack on its Mfukoni Mobile Banking app. Investigations revealed that IT officer Melvin Wairimu Njoroge had left her computer remotely connected, allowing hackers to install malware that compromised user credentials. Fraudsters exploited this breach to execute three unauthorized transactions linked to accounts associated with Njoroge’s contacts.

Equity Bank’s Billion-Shilling Heist

Equity Bank, Kenya’s second-largest lender, suffered a staggering KSh 1.5 billion loss in an elaborate insider fraud scheme in August 2024. The stolen funds, initially intended for employee salaries, were transferred across multiple bank accounts in 47 transactions without corresponding credits in Equity’s ledger.

Internal security measures flagged the suspicious transactions, leading to the arrest of David Machiri Kimani, a bank manager on leave at the time, along with his father, Joseph Kimani Machiri. Authorities believe the father-son duo collaborated in setting up fraudulent business accounts to facilitate the heist.

A Pattern of Insider Fraud in Kenyan Banks

Insider fraud is not new to Kenya’s banking sector, with various fraudulent schemes observed over the years:

  • Cash Manipulation: Disguising lower denomination notes as higher ones (I&M Bank).

  • Cyberattacks: Exploiting vulnerabilities in mobile banking apps (SBM Bank).

  • Large-Scale Theft: Transferring funds across multiple accounts without proper documentation (Equity Bank).

  • Abuse of Position: Branch managers stealing from customer accounts (DTB Kisii, Credit Bank).

  • Card Operations Weaknesses: Manipulating transactions and failing to follow procedures (Ecobank Kenya).

The losses from these cases range from millions to billions of Kenyan Shillings, significantly impacting both banks and customers. Beyond financial losses, these incidents erode public trust, leading to reputational damage and potential customer withdrawals.

Internal Control Failures and Root Causes

A recurring theme in these fraud cases is the failure of internal controls. Weaknesses in banking procedures, lack of oversight, inadequate employee training, and gaps in the "maker-checker" process have all contributed to these breaches. The involvement of employees at various levels—including operations managers, IT officers, and branch managers—highlights the risks posed by insiders with access to sensitive systems and information.

Beyond procedural flaws, systemic issues such as inadequate background checks during hiring, lack of whistleblower protection, and pressure to meet financial targets without stringent compliance measures exacerbate the problem.

Can AI Help Prevent Insider Fraud?

In response to these rising cases, Kenya’s banking sector is increasingly turning to artificial intelligence (AI) to strengthen financial security. The Central Bank of Kenya (CBK) highlighted in its annual technology report that banks are employing AI to boost operational efficiency, predict customer behavior, and manage risks more effectively, including monitoring staff communications.

AI-powered systems enable real-time transaction monitoring, anomaly detection, and behavioral analysis, helping banks swiftly identify suspicious activities before significant losses occur. Machine learning algorithms can track deviations in employee actions, flagging unauthorized access, suspicious transaction patterns, or data transfers to external devices. Advanced AI tools also facilitate continuous authentication, ensuring that even authorized users are consistently monitored for potential fraud.

While AI offers a powerful tool in fraud detection, its effectiveness depends on how well it is integrated into existing security frameworks. Banks must combine AI-driven monitoring with enhanced employee training and policy enforcement to create a holistic fraud prevention system.


Regulatory Scrutiny and the Need for Stronger Controls

The involvement of the Banking Fraud Investigations Unit (BFU) and the CBK indicates that authorities are aware of the problem and are taking steps to address it. The CBK’s emphasis on technology and risk management further underscores the urgency of fraud prevention. However, regulatory gaps remain, as insider fraud continues to outpace enforcement measures.

Kenya’s banking sector operates under the Banking Act and CBK prudential guidelines, which mandate internal risk controls, fraud reporting, and compliance audits. However, enforcement mechanisms need to be strengthened, with more stringent penalties for institutions that fail to curb insider fraud. Regulatory bodies must also push for increased adoption of AI-driven fraud detection, mandatory staff ethics training, and the creation of an industry-wide fraud database to track repeat offenders.

Safeguarding the Future of Banking

As insider fraud continues to evolve, Kenyan banks must prioritize stronger internal controls, enhanced oversight, rigorous employee monitoring, and AI-driven fraud detection. While technology offers a crucial line of defense, it must be complemented by proactive measures—including thorough background checks, robust staff training programs, and stricter regulatory compliance.

For customers, these fraud cases highlight the importance of vigilance. Monitoring account activity, enabling transaction alerts, and reporting suspicious banking behavior can help individuals protect their finances.

Ultimately, tackling insider fraud requires a collaborative effort between financial institutions, regulators, and customers to restore trust and ensure the integrity of Kenya’s banking system.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Decoding the 2025 Tech & Crypto Convergence: A Nairobi Perspective on Global Innovation

  The digital landscape of May 2025 is electrifying—a bold fusion of artificial intelligence (AI) and cryptocurrency that’s sparking inn...