Saccos in Kenya face an increasing threat from cybercrime and financial fraud as they embrace electronic financial services. The convenience of mobile money, ATMs, Pesalink, and digital credit products has come with a significant downside – heightened vulnerability to cyber threats and fraud. A recent report by the Sacco Societies Regulatory Authority revealed that over 75% of fraud incidents reported by Saccos in 2023 were linked to breaches in their ICT infrastructures and Management Information Systems (MIS), with insider collusion playing a major role. These cyberattacks not only result in financial losses but also erode trust in Saccos, potentially undermining their ability to retain deposits.
In response, SASRA has called on all regulated Saccos offering electronic financial services to put in place adequate measures to detect and mitigate risks associated with cyber threats.
To combat these threats, the Sacco Societies Regulatory Authority (SASRA) has mandated that all regulated Saccos offering electronic financial services must implement robust cybersecurity protocols.
One of the key measures introduced by SASRA involves working with third-party system integrators and vendors, prescribing a set of minimum requirements for engaging these third parties to ensure that Saccos’ ICT systems remain secure from external threats.
In addition to addressing cyber fraud risks, the government has also moved to align Saccos with international standards on combating money laundering and terrorism financing. Saccos are classified as reporting institutions and are required to adhere to statutory obligations, including mandatory registration with the Financial Reporting Centre (FRC) and continuous screening of customers for suspicious activities. In 2023, SASRA and the FRC launched a mass registration campaign for regulated Saccos as reporting institutions under domestic laws such as the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and the Prevention of Terrorism Act (POTA).
These combined measures, focusing on both cybersecurity and regulatory compliance, are intended to safeguard Kenya’s Sacco industry from the growing threats of cybercrime and financial fraud, ensuring continued confidence in the sector.
