The Sacco regulator has unveiled a new unit of fraud investigators to prosecute saving and credit schemes’ officials, staff, and other players who are implicated in financial and cyber-related fraud.
Sacco Societies Regulatory Authority (SASRA) has signed a Memorandum of Understanding (MOU) with the Directorate of Criminal Investigations (DCI) to formalize the establishment of the Sacco Societies Fraud Investigation Unit (SSFIU).
In March 2020, DCI seconded three highly trained and skilled financial fraud officers to SASRA to lay the groundwork for the operationalization of the unit.
The SSFIU has already started working with highly trained officers from both the DCI and SASRA and has already started receiving information for further investigation from individuals and organizations.
“A time has come when the safety of members’ savings and deposits in Saccos must be guaranteed and always assured. This is the only way in which citizens will use or consider using Saccos as an alternative and worthy investment destinations for their savings,” SASRA Chairman John Munuve said.
The sector regulator revealed that hackers are turning to dizzy Saccos, making away with members’ savings as banks keep tightening controls against cybercrime.
Saccos lost Kes106 million in the 17 months to March 2021, with the attackers exploiting weak controls of the systems given minimal verification of savers’ identity.
Sacco systems are vulnerable as most societies either buy cheap systems or operate lean staff to monitor their financial systems.
The Central Bank of Kenya (CBK) in the 2020 Financial Sector Stability Report says Sacco systems have very minimal verification by members which makes them easy targets.
CBK said some SACCOs using systems provided by third-party vendors do not even have clauses in their agreement where lost cash can be refunded.
“All Saccos must now review and enhance their IT security including their service level agreements to ensure that affected Saccos are compensated by the vendor in the event of an attack where the vendor is culpable. Saccos are also encouraged to undertake indemnity covers to safeguard against attacks,” CBK said.
Kenya’s highly digitized economy linked with mobile money through telcos and banks has made the country a target for cybercrime and online fraud.
Cases where links are widely circulated promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.
Banks are also facing cyber-attacks targeting weak points in servers especially as employees of the lenders operate remotely from home or transition systems.
Eight Kenyan arrested in Rwanda for hacking Equity Bank have been handed 8-year jail terms and fined Kes5.6 million.
The eight are part of a 12-man gang arrested in 2019 by the Rwandan Investigation Bureau (RIB) that included three Rwandese nationals and a Ugandan.
Regional security teams had trailed the gang linked to bank hacking attempts in Kenya and Uganda and had notified Rwandese officials when they set up shop there.