October 18, 2018

African banks vulnerable to financial fraud

The lack of a robust anti-fraud culture across Africa is responsible for the continent’s position as the number one targeted region for banking fraud

Five of the top 10 countries most affected by fraud are in Africa, according to PwC’s Global Economic Crime and Fraud Survey 2018.

The survey reports that in South Africa, 77 percent of companies that took part reported being victims of fraud in 2018, earning the country the top spot on the global fraud map. Kenya was second at 72 percent. Uganda, Gambia and Tanzania also made the top ten. The global average was 49 percent.

The size of the problem is such that fraud today is one of the biggest single causes of failure and distress in the African banking system. Both internal fraud (from within the bank) and external fraud (by a third party not associated with the bank) are widespread. This points to the absence of a well-developed anti-fraud culture lacking in proper systems, reporting and safeguards that extends from banks to law- enforcement agencies and government.

Internal fraud

Three main problems facilitate internal fraud: a lack of internal controls, the overriding of existing internal controls, and/or lack of management review.

The lack of controls is linked to ineffective risk-assessment processes. Full transaction analytics are rare, which means that few banks have the tools to spot fraud by analyzing the timing, device used, destination and the transaction amount, for example. The fact that banks often launch new products and services without doing a full and proper risk assessment also leaves them open to even basic breaches. A typical example might be a bank launching a money transfer service without a firewall protection for the server running the service, leaving them open to cybercrime and subsequently fraud from day one.

Even where controls are in place, they are often not enforced. For example, a bank employee might fail to check the ID of someone coming to a branch to pick up a new bank card. This might be down to lack of training to ensure staff know the importance of following procedures, or it might be the result of internal collusion to commit fraud, with the bank employee deliberately giving the card to a criminal on the outside.

In both instances, the problem is exacerbated by the fact that all too often there is no adequate management supervision. Management is responsible for creating and enforcing an anti-fraud culture, including ensuring that processes are followed, suspicious activity reported and alerts investigated. Management buy-in is also necessary to encourage whistleblowing by protecting those who report suspicious activity and making sure they are not victimized for coming forward.

You may also be interested in learning the "Four bank trends particular to Europe"


External fraud

Criminal gangs currently face a low risk of getting caught defrauding banks in Africa. They benefit from inadequate legislation, poorly staffed and trained enforcement agencies and bribery. Slow economic growth is also making it easier for fraudsters to find mules to help them.

With high unemployment across the continent, particularly among university graduates, there is a large pool of tech-savvy people with access to computers and the internet. Criminal gangs target this group and operate the following scam: 
the gang gives the graduate an amount of money with which to open an account – perhaps $100. It then infiltrates the bank’s IT systems, adjusts the account balance by adding some zeros and gets the account holder to transfer the inflated balance to another account in return for a cut of the stolen money.

The poor state of many economies is also affecting banks’ businesses, forcing them to make staff redundant. Criminals approach former bank employees with offers to buy any valuable inside knowledge that would help them defraud the banks – perhaps an IP address for a server or where card readers are stored in branches.

The situation is made more precarious as many countries, not limited to Zimbabwe, Uganda, Tanzania Swaziland, etc. still lack the legislation needed to fight cybercrime. Even Kenya only enacted its computer misuse and cyber Crime Act as recently as May 2018. In addition, the authorities are often under-resourced in terms of funding and staff, and unethical practices also take their toll. Even when cases get to court, the conviction rate is very low.

These contextual factors explain Africa’s vulnerability to fraud, including mobile banking fraud and SIM-swap fraud, particularly in eastern and western Africa. In southern Africa, where mobile banking is less popular, there is far more card fraud, including counterfeiting.

Despite seemingly insurmountable odds, awareness about fraud is rising among banks. Thanks to Basel II, global recommendations designed to reduce risk in the banking system, they now must report fraud losses on their annual P&L accounts and to the regulators in a pre-defined timeline. This is helping focus their attention on the cost and reputational damage fraud brings. In Kenya, the reputations of several banks have suffered because of fraud and they are actively looking at how to improve.

Even so, there is much work to do before PwC releases its next Global Economic Crime Survey in two years’ time. Corporate Africa, and particularly banks, should start instilling the right anti-fraud culture now to avoid remaining in the spotlight as the continent most vulnerable to fraud.

You may also be interested in this eBook:

Get the white paper
Picture of John Kiptum
John Kiptum

Risk Consultant at NetGuardians’ Kenya offices

Subscribe to our blog not to miss any article