Lack of systems audits exposes Saccos to massive fraud losses.

Saccos suffers significant losses due to a lack of persistent up-to-date systems audits, internal control, and poor diversification of their members’ funds.

In May 2024, the Kenyan Daily Nation reported that management at KUSCCO, the umbrella body for Kenya Saccos, siphoned a staggering Sh580 million annually over 10 years.

The fraud happened despite existing control measures at KUSCCO. The incident sheds light and renews the need for up-to-date practices for member funds protection to ensure trust in Saccos.

Saccos’ primary objective is to offer financial benefits to their members. Such breaches are not just financial setbacks but also betrayals of trust.

The scale and duration of the 580 million shillings fraud highlights a glaring failure in internal controls, fraud prevention, and corporate governance.

What are the other industry examples?

The Business Daily, on 10 May 2024, reported that Kenya Police Sacco recently faced a significant financial loss due to internal fraud.

The incident exposed serious flaws in their internal control mechanisms, including inadequate checks and balances that allowed fraudulent transactions to go undetected for an extended period.

In September 2023, the Directorate of Criminal Investigations (DCI) announced the arrest of 9 staff of Njiwa Sacco in connection with the disappearance of KES 160 million. They included the internal auditor, the loans manager, the accountant, and system analysts.

In April 2024 Equity Bank Kenya was hit by a $2.1 million debit card fraud and 19 suspects were arrested. Preliminary investigations pointed to internal collusion.

According to TransUnion Africa, a credit reporting agency, Kenyan banks lose about $130 million to cybercriminals yearly, mostly through loan stacking and identity theft.

Kenya’s Financial Reporting Centre (FRC), an agency that tracks the flow of money in financial institutions­– flagged more than $600 million linked to card fraud, corruption, and terrorism financing in the three years to July 2023.

What is common about all these incidents?

The KUSCCO, Equity Bank, Njiwa Sacco fraud, and financial loss incidents have glaring similarities. They highlight the vulnerabilities of the cybersecurity infrastructure and the inadequacy of the skills or technologies used to secure them from fraudulent operators. They also raise concerns about evolving cyber threats. All these incidents involved misuse of technologies for fraudulent access to technology. Individuals implicated in these cases might have used their access privileges improperly. They may have left their security clearance in the wrong hands.

Systemic circumvention of internal control is a dangerous precedent shown by the KUSCCO fraud amounting to KES 580 million over ten years.

Affected institutions had regular audits as formalities rather than up-to-date and well-tested defense and recovery mechanisms to fix any loopholes before and immediately after fraud indications.

Next Action

Saccos must adopt comprehensive cybersecurity protocols and ensure their systems are resilient against such attacks.

Effective oversight and regular audits are not just formalities; they are essential to safeguard the hard-earned money of members.

Saccos should not have their funds in one basket. Diversified investments offer a means to lower the risk of fraud. Saccos cannot risk a single attack wiping out a significant amount of their members’ funds and investments.

How are audits important & how could they have helped?

Combined internal audits and external audits of the systems used internally offer fraud prevention.

Independent oversight and regular review of internal and inter-organizational protocols can reveal incident vulnerability before incident occurrence.

Systems audits involve a thorough examination of the internal controls, policies, and procedures that govern financial transactions within an institution. These audits can identify weaknesses in the system, uncover fraudulent activities early, and provide recommendations for strengthening internal controls.

Regularized systems audits can help Saccos to ensure that their operations are transparent, accountable, and secure.

What are some of the best practices being followed?

Stima Sacco is an example of a Sacco with an effective spread of investments.

This Sacco has diversified its investment portfolio extensively, spreading investments across real estate, government securities, and member loans. By not relying on a single investment channel, Stima Sacco mitigates risks and ensures stable returns for its members.

Mwalimu National Sacco has a robust governance structure and utilizes a stringent internal audit system that regularly reviews financial transactions and ensures compliance with regulatory standards. Their proactive approach to risk management and fraud prevention has helped maintain member trust and financial stability.

What can Saccos do now?

Financial analysts emphasize the necessity of strong governance and robust risk management practices in Saccos and microfinance institutions. According to James Mwangi, a financial crime specialist, “The KUSCCO fraud underscores the critical importance of transparency and accountability in managing member funds. Regular systems audits and advanced fraud detection systems are not just optional but essential in today’s complex financial landscape.”

It’s time for Saccos and other microfinance institutions to take a hard look at their governance structures and fraud prevention strategies. The trust of their members depends on their ability to safeguard investments and provide secure, reliable financial services. By prioritizing strong internal controls, effective governance, and diversified investment strategies, Saccos can protect its members’ interests and ensure sustainable.