In a concerning revelation, two prominent Kenyan banks have reported significant financial losses totaling KSh36.64 million due to insider fraud and Cybersecurity Lapses, underscoring the persistent challenges within the nation’s banking sector.
An internal audit at I&M Bank’s Kisii branch uncovered a discrepancy of Sh27.14 million. Investigations implicated former operations manager Daniel Ochieng’ Okweh in a scheme where lower denomination notes were allegedly disguised as Sh1,000 bills, effectively misrepresenting the branch’s cash reserves. This manipulation not only breached the bank’s trust but also highlighted vulnerabilities in cash handling procedures.
In a separate incident, SBM Bank fell victim to a cyber-attack resulting in a loss of Sh9.5 million. The breach was linked to IT officer Melvin Wairimu Njoroge, who reportedly left her computer remotely connected, exposing it to unauthorized access.
Court proceedings revealed that Mrs Njoroge left her computer remotely connected which exposed her computer to possible compromisation. The proceedings further revealed that the Fraudsters executed three transactions totaling Sh9.5 million, using accounts linked to Njoroge’s associates.
These incidents are not isolated. The Kenyan banking industry has faced multiple fraud cases in recent years, prompting institutions to reevaluate their internal controls and cybersecurity frameworks. The integration of advanced technologies, such as artificial intelligence (AI), has become a focal point in fraud prevention strategies. AI systems are now employed to monitor employee communications and behaviors, aiming to detect irregularities and potentially fraudulent activities in real-time.
The most shocking case happened in August 2024 when Equity Bank, Kenya’s second-largest lender, lost KSh 1.5 billion in a well-planned insider fraud scheme. The stolen money, meant for employee salaries, was moved through multiple bank accounts in 47 transactions without proper records in the bank’s system.
The bank’s security systems detected suspicious activity and reported it to the Banking Fraud Investigations Unit (BFU). Authorities arrested David Machiri Kimani, a bank manager who was on leave, and his father, Joseph Kimani Machiri. Investigators suspect they worked together by creating new business accounts to carry out the massive theft.
Equity Bank has faced insider fraud before. In 2023 alone, the bank handled 48 fraud-related cases, resulting in 22 employees being fired and 26 others resigning.
In response to the rising tide of financial fraud, regulatory bodies and industry stakeholders are advocating for the adoption of real-time monitoring systems, multi-layered security architectures, and strict adherence to cybersecurity protocols. The emphasis is on proactive measures, including advanced anomaly detection tools, to identify and neutralize threats before they result in significant financial losses.
As banks enhance their security measures, they must also consider the customer experience. Implementing robust security protocols should not impede the seamlessness of banking services. Striking this balance is crucial to maintain customer trust while safeguarding assets.
The recent insider fraud and Cybersecurity Lapses cases serve as a stark reminder of the evolving threats within the financial sector. Banks are urged to foster a culture of proactive cybersecurity risk management, moving beyond reactive approaches. This includes continuous staff training, regular system audits, and the adoption of cutting-edge technologies to stay ahead of potential threats.
Do you have any story or press releases you want to share? Send tips to editor@envestreetfinancial.com
Follow us on Twitter, Facebook, or LinkedIn to ensure you don’t miss out on any