Ecobank Kenya lost millions of dollars between 2020 and 2022 after weaknesses in its card operations team exposed the lender to potential fraud by merchants and staff, an internal report seen by TechCabal showed.
The report, by a task force appointed in 2023, exposed critical lapses in Ecobank Kenya’s card operations, making it easy for employees and merchants to manipulate transactions and commit fraud. Those lapses went undetected for two years, raising questions about the bank’s oversight and technology.
While the report did not disclose the full financial hit, it revealed that $43.4 million (KES5.6 billion) was erroneously posted in the bank’s system, and $162,346 was rejected by payment service providers like Mastercard. It also failed to recover $232,464 in chargebacks.
“There was disregard for procedures in the merchant’s operation of acquiring product GLs (general ledger). Many manual entries posted therein were unprocedural and some erroneous,” the report said.
“There were no properly documented operating procedures and accounting entries for different card products. This led to the lumping up of different entries for different card products into the merchant acquiring GL.”
Control gaps and inadequate training for the teams processing transactions worsened errors that left the bank’s card operations vulnerable.
Ecobank Kenya did not immediately respond to a request for comments.
The investigation identified a $2.1 million balance without supporting documentation in the bank’s GL, raising concerns over the nature of the funds and whether they were related to fraud.
“A residual balance of $2.1 million was left outstanding in GL155000068 unsubstantiated. This balance was a reduction from the initial amount which was approximately $15 million as of July 2022,” the report said.
The maker-checker process, an internal control process that prevents unauthorised transactions, was weak. The bank’s chargeback monitoring process was also inadequate, allowing discrepancies and possible losses.
The bank’s card operations team failed to upload transaction source documents on multiple occasions. Between July and December 2021, the daily merchant general ledger had a debit of up to $34.8 million (KES4.5 billion) that did not have corresponding credits.
Eleven entries amounting to $16.2 million (KES2.1 billion) were duplicated.
“Due to this omission, it was impossible to determine the amount payable to merchants, the amount receivable from schemes and the service commission receivable from the merchants on these days,” the task force found, adding that omissions and delays were not detected or flagged.
Other transaction files were uploaded months after the funds had been moved, complicating the reconciliation process. For instance, transactions from March to May 2022 with a value of $11.6 million (KES1.5 billion) were uploaded on June 30 and July 1-4 2022.
African tech leaders and global players will be at Moonshot by TechCabal. You can get tickets here.