Getting your Trinity Audio player ready...
|
UGAFODE Microfinance Limited, one of five licensed micro deposit-taking financial institutions (MDI) in Uganda, has been hit by digital fraudsters, making off with an amount said to be about UGX400 million before, the bank moved in and shut down the suspicious accounts used to carry out the fraud.
An insider at the bank who spoke to CEO East Africa Magazine, on condition of anonymity said the fraudsters, strongly believe to be either insiders or working with insiders, used ‘doctored’ Know-Your-Customer (KYC) documents to open seemingly legitimate bank accounts, which were then credited from the inside and money was then withdrawn via mobile money accounts and banking agents.
“A sudden spike in activity on the previously dormant accounts, raised suspicion by the bank, who then moved in and closed the accounts which were subsequently found to be ‘fake’. But by the time they did so almost UGX400 million was gone,” the insider source confirmed to CEO East Africa Magazine.
CEO East Africa first got wind of the theft in a phone call with UGAFODE’s Chief Executive Officer, Shafi Nambobi while seeking a comment on a separate whistleblower letter to UGAFODE’s board, shareholders and Bank of Uganda, alleging mismanagement at the institution.
“Those are faceless claims made by some staff who were dismissed over fraud a few weeks ago,” Mr. Nambobi told this reporter on phone.
He also went ahead to offer to re-discuss a business proposal that CEO East Africa had in May 2022 sent to UGAFODE at the request by the financial institution’s Head of Marketing, provided we dropped the story. On insistence, Mr. Nambobi, then declined to divulge further details and or comment about the fraud or the whistleblower letter and instead referred this reporter to the Board Chairman, Prof. Ben Kiregyera.
In an emailed response, Prof. Kiregyera said that the board was aware of the whistleblower report and had moved in to investigate the veracity of its claims and would take action if indeed any matters warranting action were found out.
“I have been the Chair of the UGAFODE MDI Board for about ten years. Each time we have taken stern disciplinary action on senior staff invariably a whistleblower has popped up with some serious allegations. So we are dealing with a pattern we have observed. However, as a Board we take all allegations of the nature we are dealing with very seriously and indeed specific actions have been taken to constitute an independent investigation. The stakeholders copied in the whistle-blower have been informed accordingly,” he wrote.
“The Executive Board (which excludes the CEO, the ED and Board Secretary) has constituted a Board Sub-Committee with the remit to work out TOR for an independent investigation with clear timelines and deliverables and to select 4 reputable Audit Firms from a list of approved Audit Firms by the Central Bank to send the TOR to for quotations. The Board has approved the TOR and the 4 firms, and the TORs have already been dispatched to the selected firms. Note that any firm that has done business with UGAFODE before was removed from the list and the selection was randomly (scientifically) done,” he added.
“Please be assured as we have done with other stakeholders that the allegations are being taken very seriously and are being independently investigated.”
Regarding, the fraud, Prof. Kiregyera, said that the UGAFODE had “contracted a consultant to conduct enhancement of ICT Security with monitoring tools to track any cyber-attacks.”
However, CEO East Africa Magazine has independently examined the financial institution’s financial performance and did not find indications of poor performance.
For example, the published figures of the 5 licensed MDIs in Uganda show that despite being the 4th in market share, UGAFODE registered above-industry growth figures. For example, while industry deposits grew by 9.3% from UGX357.3 billion in 2020 to UGX390.7 billion in 2021, UGAFODE’s grew by 12.7% from UGX28.4 billion to UGX32 billion. While UGAFODE’s assets grew 13.6% from UGX74.2 billion to UGX84.3 billion- the industry’s assets grew by just 1.6% from UGX755.6 billion to UGX767.8 billion. UGAFODE’s income also grew above-industry average- by 11.9% compared to the industry’s 0.2%.
Shafi Nambobi has been UGAFODE’s Chief Executive Officer since May 2017.
‘Sacked’ staff respond
Following the inadvertent tip-off, by Mr. Nambobi that some IT staff had been sacked over the fraud, CEO East Africa Magazine, contacted, a one, Kisembo Moses Isaac, UGAFODE’s former Head of IT, for a comment on the allegations that he had been fired from the bank over the fraud.
He however denied having sent the whistleblower email or being involved in the fraud. He however confirmed, on record, to CEO East Africa Magazine that there had been fraud at UGAFODE using accounts planted in the system. He, however, declined to comment further, about the fraud as he said, he was no longer staff of the financial institution and the matter was now under investigation.
“I don’t know who sent the email (whistleblower letter), but what happened at UGAFODE is now a public matter as it is before the courts (of law),” he said.
“The accounts in question, were opened legitimately and I think a little under UGX400 million was lost,” he said, before adding: “Anyway, I am no longer staff there, so I can’t comment on behalf of the bank.”
Asked why he left the bank and if indeed he had been forced out, Kisembo said that he was never fired but instead chose to resign voluntarily.
“My exit from the bank was my choice. It was associated with the fact the bank didn’t seem to be doing enough to get out of the occurrences (fraud),” he told this reporter, adding that when he joined UGAFODE as an IT Manager, in 2018, the financial institution was emerging from yet another fraud incident.
CEO East Africa Magazine has since established that four staff in the IT department have since left the financial institution over the incident.
A further inquiry from the board chairman, asking why there was frequent fraud occurrence at UGAFODE and if there was sufficient insurance cover to protect the shareholders and depositors from the ensuing risks, as well as substantiation on the fact the fraud appeared to be an insider job, the now less -cooperative Kiregyera, refused to respond to our inquiry and instead instructed the bank’s lawyers to write a “cease and desist” threat to sue the CEO East Africa Magazine if they went ahead with the story.
Indeed, the bank’s lawyers, Frank Tumusiime & Company Advocates represented by a Godfrey Businge wrote to CEO East Africa Magazine, on 24th August 2022 accusing this reporter of “criminal defamation, extortion and blackmail’ and threatened to sue if the story was published.
However, this reporter, in an email to the lawyers, copied to Mr. Shafi Nambobi and Prof. Kiregyera responded, dismissing all the claims and challenging the financial services institution to respond to the request for clarification instead of attempting to muzzle the media house with the frivolous claims.
Bank of Uganda responds, says nature of fraud is evolving to match anti-fraud measures
Tumubweinee Twinemanzi, the Bank of Uganda’s Executive Director, Bank Supervision Directorate, under whose docket the supervision and regulation of the MFIs, falls, also told CEO East Africa Magazine that he was aware of the fraud incident, but declined to give more details saying the matter was still being investigated.
“There is an ongoing investigation to determine who, what, and the how; of the alleged fraud. It is the outcome of this investigation that shall inform future preventative measures that shall be put in place by UGAFODE. At this time, the Bank of Uganda, if it is to respond, can only do so once the investigation you refer to is complete,” he said adding, that although the response shall be to UGAFODE and shall be geared at ensuring that the “alleged fraud if proven, does not re-occur.”
When we asked Dr. Tumubweinee Twinemanzi, why there seemed to be an increased spate of digital money-related fraud in the industry and if perhaps it was associated with the industry’s failure to prioritise security in favour of profits as well as what the Central Bank was doing about it, he said the challenge was that the thieves were as swift as the industry responses to the problem that has become digital fraud.
“To suggest or even insinuate that failure to prioritise security by the industry is the reason for or even related to, the alleged “increased spate of digital money-related fraud” is uninformed and misguided. It reflects a complete failure to grasp or understand the interaction and self-reinforcing feedback loop between security risks and threats, and the measures developed to counter them. As the countermeasures gain in efficacy, the nature and pace of the security risks and threats they are responding to, evolve in nature and complexity, especially with respect to the how, the when and the where within any digital ecosystem. This phenomenon is not unique to Uganda or just to digital money, but rather to the global banking system that is increasingly relying on technology to deliver financial services,” Tumubweinee explained.
“Under the circumstances, allow me to reiterate what you have already referred to… “an investigation is ongoing”, so let us await the findings therefrom, and if there is anything therein for the public, the BOU Communications department stands ready to provide it in a manner that ensures there is no unnecessary panic among the users of the banking system,” he concluded.
A 2020 PriceWaterhouseCoopers Uganda, Economic Crime and Fraud Survey reported that economic crime remains a persistent threat in Uganda. 54% of Ugandan respondents in the survey, said they had experienced economic crimes in the past two years. Although this was down from 66% in 2018, PwC reported that this was still higher than the global average of 47%.
In the Uganda report, at least 18% of Ugandan companies that experienced economic crimes reported they had had more than 10 incidents reported in the previous 24 months. The top 5 forms of economic crimes were bribery & corruption, customer fraud, asset misappropriation, accounting / financial statement fraud and procurement fraud in that order. The participating firms reported that they had lost UGX21.3bn in the two years to 2020. was lost by Ugandan respondents.