Wracked by fraud, fintechs and banks must work together or fall

Despite a decline in fraud incidents in Q1 2024, financial industry players agree fraud is an existential challenge.

Traditional banks and fintechs have historically fought fraud through internal controls, strengthening security infrastructure, and having adequate information on customers (KYC processes). Banks also share information among themselves, helping them identify and restrict the accounts of bad actors pending investigation. Fintechs have tried to replicate this information sharing but have failed.

In March 2023, fintechs, led by Flutterwave, began talks to create a fraud database, codenamed Project Radar, to share data on individuals and groups that had attempted or made fraudulent transactions. But the fintechs, hawkish about their data and ultracompetitive, did not make much progress with those talks.

Another industry collaboration to fight PoS fraud, a popular channel for bad actors is still in its early days. However, a decision mandating mobile banking agents to register with the Corporate Affairs Commission (CAC) is expected to increase transparency.

If financial institutions are learning to fly without perching, bad actors are learning to shoot without missing. The consensus is that an industry-wide response is required.

“It goes back to KYC and customer due diligence,” said Adedeji Olowe, founder of Lendsqr, a lending-as-a-service startup. “There is literally nothing new anyone is supposed to do.”

Section 7(2)(b) of the CBN Customer Due Diligence Regulations 2023 mandates financial institutions to physically verify the residential address of customers. Until recently, only traditional banks have followed this directive. The CBN began mandating fintechs to follow the same rules in May.

Those KYC processes, which are now being tightened and applied across board, are at the heart of a dispute between banks and fintechs. In April, Wema Bank removed seven fintech partners from its payment gateway platform over fraudulent activities after reporting ₦685 million ($594,943) in fraud and forgery losses in 2023. Fidelity Bank also briefly blocked some neobanks over fraud concerns in 2023, although such heavy-handed measures are likely frowned on by the regulator.

Nevertheless, banks and fintechs must sheathe their swords and collaborate to fight fraud. One such strategy in that fight is data sharing.

“I think the ecosystem is ripe for a central repository where everybody can share data. Just the way the banks themselves came up with BVN before the regulator stepped in. The entire financial industry needs something similar to tackle fraud,” said Lanre Ogungbe, co-founder of Identitypass, a Nigerian identity verification company.

Data sharing has been discussed since at least 2018, possibly earlier, with little to show for it. The growing complexity of fraud has made it more important than ever.

Financial Institutions (FIs) are part of the Nigeria Electronic Fraud Forum (NEFF), a CBN initiative where they report fraud incidents and provide relevant information on the nature of the fraud, but data sharing isn’t part of the arrangement.

The argument for a central repository is that banks and fintechs can share data on customers who trigger fraud flags and make that data accessible to all participants.

One industry insider narrated how a former employee of a traditional bank sacked for fraud got hired by a fintech startup six months later.

“Everyone must come together to fight fraud because it’s really becoming a pandemic,” said Babatunde Obrimah, chief operating officer of the Fintech Association of Nigeria, an industry lobby group.

Yet, quite a few people are skeptical about any collaboration. “I don’t see collaboration happening because there is this aversion to sharing data. If every stakeholder is doing what they are supposed to do, fighting fraud will be much easier,” Olowe said.

Obrimah said the Fintech Association of Nigeria is developing a black book where fintechs can drop details of bank accounts that have been involved in fraud to blacklist transactions from such accounts.

Taking fraud more seriously will also include setting fraud desks and timely disclosure of fraud incidents, Damilola Adeyi, a fraud expert told TechCabal.

“A lot of financial institutions don’t see fraud as an integral part of their operations. You can’t eradicate fraud but you can mitigate it,” he said.

In 2015, the CBN mandated all deposit money banks, mobile money operators, switches, and all payment service providers to establish a fraud desk to receive and respond promptly to fraud alerts. But most fintechs are non-compliant because the CBN has failed to enforce the directive, one industry insider claimed.

An executive at Moniepoint confirmed the company has a fraud desk that handles transaction monitoring and behavioral analysis, fraud detection and reporting, and investigation with law enforcement agencies.

Yet, financial institutions are paranoid about fraud reporting and believe disclosures could cost them customer trust. At least 63% of the financial institutions profiled in a recent fraud report by the Nigeria Inter-Bank Settlement System (NIBSS), the national payment switch, failed to report fraud cases, a violation of a CBN directive.

There is equally a need to strengthen the security systems of financial institutions. In the First Bank incident, the fraud went undetected for two years, raising questions about the bank’s internal control. A lack of an effective internal control system is the major cause of bank fraud, according to research. A 2022 KPMG Nigeria study found that only 30% of local banks have fully implemented KYC and anti-fraud measures.

“The CBN must take its audit more seriously and do spot checks to see that Information Security Management System (ISMS) is being adhered to in all the banks,” said one fraud expert who asked not to be named.