Flutterwave, Africa’s most valuable startup, will contact over 6,000 account holders across 35 banks and financial institutions to recover ₦19 billion (*$24 million) illegally transferred by POS merchants after a High Court ruling on February 1.
“In 2023, we discovered that certain POS device merchants abused their access by conducting unauthorized transactions. In response to this, we temporarily suspended the accounts where funds were improperly transferred,” Flutterwave said in a statement to TechCabal. The company insists that no customer funds were lost.
The February order —a Mareva injunction— lets Flutterwave recover the funds and assets of the identified account holders, which is crucial because the account holders may have spent the funds received in October 2023.
“We continue to actively engage with the relevant authorities to investigate and address the situation,” Flutterwave added.
An earlier court order placed debit restrictions on those accounts two months after the incident, court documents obtained by TechCabal show.
Per the most recent order granted on February 1, 2024, 35 financial institutions, including Opay, Paga, Palmpay, Access Bank, VFD Bank, Zenith, Polaris and Providus Bank, must share the email addresses and telephone numbers of the account holders.
Flutterwave will contact the over 6,000 account holders “through their respective email addresses and by SMS and Whatsapp messages to their respective telephone numbers,” per court documents seen by TechCabal.
The fintech company may use a recovery agency for this, a lawyer familiar with similar processes told TechCabal.
A timeline of the incident
“On 10th October 2023, there was a technical glitch in our client’s operating system, which resulted in funds being automatically transferred to the bank accounts of customers listed in Schedule A of this memorandum,” a letter from Flutterwave’s lawyers said.
Immediately after the “technical glitch” was discovered, Flutterwave contacted the bank and fintechs, notifying them of the glitch and the resulting erroneous funds transfers.
“The merchants listed did not provide any service to our client and were not entitled to funds that were erroneously transferred and have continued to keep said funds,” the letter from Flutterwave’s lawyers added.
Flutterwave also offered indemnity to the banks if they reversed the erroneous transfers. Typically, a reversal request would require the receiving bank to also go to court to seek further approval.
Flutterwave incident highlights the importance of KYC
The success of Flutterwave’s recovery efforts will depend on financial institutions like Opay, Palmpay and Moniepoint having accurate customer information. It also relies on banks having up-to-date information on their customers.
However, recent fraud incidents show this may not always be true. Neobanks, in a drive to boost financial inclusion, have popularised easy-to-open accounts with lax KYC requirements, and traditional banks do not necessarily have accurate information either. For instance, customers are not mandated to tell their banks when they change addresses, emails or phone numbers.
These KYC troubles are happening while there’s also a significant rise in fraud attempts in Nigeria’s financial services industry, and traditional banks have placed the blame on the neobanks.
Fidelity Bank, a commercial bank that holds ₦3.1 trillion ($2.1 billion) in customer deposits, blocked transfers to several neobanks over concerns that neobank wallets and accounts were an easy way to move monies that had been fraudulently obtained, TechCabal reported in October.
In December, the Central Bank of Nigeria mandated all financial institutions to implement stricter Know Your Customer (KYC) measures, requiring all customers to provide their bank verification number (BVN) or a national identification number (NIN) for account or wallet opening by March 2024.
*Additional reporting by Ngozi Chukwu
* The exchange rate in October 2023 was $1 = ₦789
