Three hackers held in Saccos fraud crackdown

• Three people said to have hacked into Saccos IT systems and stolen millions of shillings have
been arrested in Nairobi’s Dagoretti area.
• The Directorate of Criminal Investigations Tuesday said the trio; Ms Zahra Ahmed and Mr
Abdullazac Rajab who are Kenyan nationals and Ugandan citizen Mr Patrick Emmanuel
Gabantu were taken in for questioning and are expected to be arraigned today to face criminal
charges.
• “#ARRESTED| Mr.Gabantu Patrick Emmanuel,a #Ugandan national & two Kenyans; Zahra
Ahmed and Abdullazac Rajab have this afternoon been arrested by @DCI_Kenya Detectives for
defrauding Kenyan SACCOs (Safaricom, Bamburi,Stima & others) millions of shillings. Several
Passports recovered.” read a tweet by DCI Kenya, the Director of Criminal Investigations
official and verified handle.
• Cybersecurity consultancy firm Serianu Limited last month warned Saccos against operating IT
systems without proper cybersecurity systems, saying it made them easy targets for tech-savvy
“thieves”.
• The firm said the Sh443 billion sacco industry risked collapse if urgent measures were not
taken to address the security lapses.Serianu, which conducted a nationwide representative poll
where 100 top officials of saccos participated found that 50 per cent of saccos did not see the
essence of investing in cybersecurity.
Sirengo Maurice 2
• The firm’s Managing director William Makatani said
allowing employees to bring in their own devices to
work was the greatest threat and called for
enactment of company policies that deterred use of
private devices for official work.
• The Cybercrime Investigation Unit said about Sh17
billion was lost to hackers in 2016, with theft of
credit or debit card data and financial scams, bank
salami attacks and hacking of the mobile banking
systems being the greatest targets.
• While many saccos have been hit, none has
confessed any loss fearing a member backlash that
could lead to their collapse.
Sirengo Maurice 3
Vet staff, Kinoti warns banks, saccos over rising fraud cases
• The Director of Criminal Investigations (DCI) George Kinoti has warned banks and
mobile service providers over financial fraud, saying cases are mostly perpetrated by
their own employees.
• Speaking in an event held at the Radisson Blu Hotel on Friday, Mr Kinoti urged
financial institutions to conduct thorough background checks on potential and current
employees.
• This comes after the arrest of Mr Peter Sungu Nyakomitta, a branch Manager with
Diamond Trust Bank in Kisii, who is suspected of stealing Sh25 million from
customers’ fixed deposit accounts, a crime discovered after an internal reconciliation
process was done.
• In similar incident, Mr Abel Onyango, a relations officer with Family Bank, allegedly
withdrew Sh1.5 million from customers’ accounts through SIM swaps. The DCI in a
tweet posted on Sunday said Mr Onyango and Nyakomitta have already been arraigned
over the fraud.
• The DCI also reported that a manager at Harambee Sacco Limited, Mr Habil Onyango
Owiti, allegedly stole from the vault in smaller amounts cash amounting to Sh1,
783,392 that was meant for sacco delegates and miscellaneous expenditure.
• Mr Owiti is set to be arraigned on Monday

Sirengo Maurice 4
Fraud
• An intentional act by one or more individuals
among management, those charged with
governance, employees, or third parties,
involving the use of deception to obtain an unjust
or illegal advantage”
• It is defined as the premeditated distortion of
financial information, which may be carried out by
one or more members of the SACCO and which
may also involve persons outside the SACCO.

Sirengo Maurice 5
Fraud

• Fraud is sometimes confused with error.

• Error is the unintentional mistake in the
representation of financial information.
This is not meant to benefit the person
who perpetrated the mistake or a third
party nor is he aware of the mistake.

Sirengo Maurice 6
Why The Focus On Fraud?

“At any given moment, there is

a certain percentage of the
population that’s up to no
good.” J. EdgarHoover

Sirengo Maurice 7
The true cost of fraud and corruption

•Fraud and corruption are widespread

problems that affect practically every
organisation
•The typical organisation loses 5 per
cent of its annual revenues to fraud
and corruption.

Sirengo Maurice 8
The true cost of fraud and corruption

•Fraud affects how much we pay for

goods and services, each of us pays
not only a portion of the fraud bill but
also for the detection and
investigation of fraud
•Losses incurred from fraud reduce a
firm’s income

Sirengo Maurice 9
The true cost of • 2014 ACFE Report To The Nations
• Organizations lose approximately 5%
fraud and of revenue due to fraud
corruption • Asset Misappropriation – 85.4%
with median loss of $130,000
• Corruption – 36.8% with median
loss of $200,000
• Financial Statements – 9.0% with
median of $1 million
• Fraud duration 18 months
• Men (66.8%) vs. Women (33.2%)
• 40% of cases were detected via Tip
/Hotline

Sirengo Maurice 10
Estimated Costs/Impacts of Fraud
Report to the Nation

$994 billion per year (2010 Global Estimate is more than $2.9 trillion)

$6,860 per employee

$18.30 per day per employee

5 - 7% of revenue lost

5 - 7 cents on every revenue dollar stolen

Sirengo Maurice
Fraud is a Costly Business Problem
Fraud Robs
• Fraud reduces a Income
firm’s net income on a
dollar-for-dollar Revenues
Expenses
$100
90
100%
90%
basis. Net Income $ 10 10%
Fraud 1
• If the profit margin is Remaining $ 9
10%, revenues must To restore income to $10,
increase by 10 times need $10 more dollars of
losses to recover the revenue to generate $1 more
dollar of income.
effect on net income.

Sirengo Maurice
 Fraud Triangle
and Red Flags • Opportunity

Pressure Rationalization

13
Sirengo Maurice
Fraud Triangle and Red Flags

Pressure
• Personal financial factors that may lead to fraud:
• Financial difficulties (33%)
• High personal debts or financial losses
• Inadequate income
• Living beyond one’s means (44%)
• Personal habits that may lead to fraud:
• Extensive stock market or other types of speculation (starting a new
business)
• Extensive gambling
• Illicit affairs
• Excessive use of alcohol or drugs (12%)

Sirengo Maurice 14
 Fraud Triangle and Red Flags

Opportunity:
• Amount of fraud would decrease if the opportunity did not exist
• Reasons for increased fraud risk:
• Crime requires a simple act
• Chances of being detected are very slim
• Punishment is very light
• Mitigation factors:
• What if security was tight?
• What if sound internal controls require an elaborate scheme?
• What if the likelihood of detection is high?
• What if punishment is severe?

15
Sirengo Maurice
 Fraud Triangle and Red Flags

Opportunity (Continued):
• Personally Created Opportunities:
• Familiarity with operations (including cover-up capabilities)
• Close association with suppliers, vendors, and other key people (22%)
• Unwillingness to share duties (21%)
• Organizational Characteristics:
• Weak internal controls
• Absence of periodic rotation in job duties
• Constantly operating under a crisis environment
• Little attention to details
• Poor morale
• Opportunity is the ONLY thing your organization can control!

16
Sirengo Maurice
 Fraud Triangle and Red Flags
Rationalization:
• How can you be proactive and know who will rationalize fraudulent
behavior?
• Embezzlers don’t fit the criminal stereotypes; they appear to be
trustworthy, sincere, likeable, sociable, etc.
• Personal Emotions that may lead to fraud:
• Strong community or social expectations to succeed (6%)
• Perception of being treated unfairly by the organization (9%)
• Resentment towards superiors
• Frustration with job
• Insatiable desire for self-enrichment or personal gain
• Wheeler – dealer attitude (18%)

17
Sirengo Maurice
Common Rationalizations

I’m only
They owe it to Nobody will get
borrowing the I deserve more.
me. hurt.
money.

We’ll fix the books

It’s for a good as soon as we It’s for my sick
cause. get past this little child.
financial problem.

Sirengo Maurice 18
Who are the perpetrators?

•Fraud and corruption take place

because an individual, or group:
•Sees an opportunity to make money
or obtain other benefit
•Is motivated to act
•Believe they can get away with it.

Sirengo Maurice 19
Who commits fraud?

Sirengo Maurice 20
Shades of grey

Sirengo Maurice 21
Tone at the top

Sirengo Maurice 22
 Fraud Overview
• Internal controls are only as good as the personnel performing the
activities.

1%
Never
25% 25%
Would if
they could
Looking

49% Stealing

Source: ACFE

23
Sirengo Maurice
 Fraud Prevention/Investigation
Prevention:
• Employee support programs – can help alleviate pressure
• Password controls
• Forensic analytics – critical in larger operations due to large number of transactions.
Decreases the chances of “eyeballing” a problem
• Fraudulent activity to look out for:
• Fraudulent vendors usually show a very high, year over year growth
• Employee using a company purchasing card for personal expenses, often has a
geometric growth in total purchases
• Employee with fraudulent overtime scheme shows high growth in hourly totals,
sometimes to impossible levels
• Fraud Hotline (Not Frog Hotline?)
• Fraud awareness training: reminding people that fraud is real and could be happening. A
co-worker living beyond means is a classic red flag. (Not a silver bullet, just another
opportunity to raise suspicion.)

24
Sirengo Maurice
 Fraud Prevention/Investigation
Prevention (continued):
• Check log – simple but effective
• Surprise audits
• Job rotation
• Mandatory vacation
• Background and credit check
• Physical safeguards
• Control additional amount of new vendors and delete dormant
vendors from system
• Abnormal interactions with outside parties (errors, refunds,
overpayments) can be reviewed by risk management or another
independent person

25
Sirengo Maurice
 Fraud Prevention/Investigation

Investigation:
• Inform the audit committee, board, etc.
• Contact legal counsel
• Engage an independent fraud expert
• Stop the bleeding, i.e. eliminate access
• Secure computers, relevant accounting information, and
other documents
• Documentary evidence should typically be reviewed
before interviews are conducted

26
Sirengo Maurice
Managing the Risk of Fraud

Five principles for establishing an

environment to effectively manage fraud risk:
• Principle 1: Fraud Risk Governance.
• There should be a written policy to convey the expectation
of the board of directors and top management regarding
managing fraud risk.
• Principle 2: Fraud Risk Assessment.
• Fraud risk exposure should be assessed periodically to
identify potential events the organization should mitigate.

Sirengo Maurice 27
Managing the Risk of Fraud

Five principles for establishing an environment to

effectively manage fraud risk:
• Principle 4: Fraud Detection.
• Detection techniques should be established to uncover fraud events
when preventive measures fail or unmitigated risks are realized.
• Principle 5: Fraud Investigation and Corrective Action.
• A reporting process should be in place to solicit input on potential
fraud. Take corrective action including identify the cause, correct the
resulting errors and modify the system to prevent future similar
problems.

Sirengo Maurice 28
Summary
Keys to Fraud Prevention/Detection

• “Walking the talk” – leading by example

• Educating employees and others – they understand the
problem and know what to do if they suspect fraud
• Hotlines/Anonymous reporting mechanisms – potential fraud
can be reported
• Control procedures prevent and detect fraud
• Fraud audits create fraud awareness – individuals know their
work is always subject to review

Sirengo Maurice 29
There are three things in the
world that deserve no mercy,
hypocrisy, fraud, and tyranny.
Frederick William Robertson

Sirengo Maurice 30
Thank you

Questions

Sirengo Maurice 31