The Sacco Societies Regulatory Authority(SASRA) is in the process of consulting with the stakeholders in the industry to develop and issue a guidance note on the minimum standards and governance requirements that a third-party vendor or integrator must maintain before being allowed to integrate their system with those of any SACCO Society.
This follows data from the Authority which shows that 98% of cyber attacks and threats on the SACCOs’ systems over the last 3 years have been perpetrated using platforms owned and operated by third-party vendors and integrators, contracted by SACCOs for the provision of financial services.
The Sacco industry regulator notes that increased usage of digital and electronic financial services presents the risks of cyber-attacks and threats to the SACCO subsector. On the other hand, the rapid adoption of digital financial solutions such as mobile and internet banking has led to growth in revenue streams for SACCOs.
SASRA warns that national statistical surveys and reports suggest that SACCOs could be the next frontier for cyber-criminals. This follows the tightening of cyber-security measures by other financial sector players like commercial and microfinance banking institutions.
Whereas SACCOs have been able to maintain a very robust internal Management Information Systems (MIS) capable of withstanding cyber-attacks, the reliance on third-party vendors and integrators for access to mobile money platforms and other national payment platforms, has been observed to present an opportunity for cyber-criminals to access the SACCOs’ MIS and thereafter commit fraudulent activities.
According to findings by the Communication Authority of Kenya’s(CAK) National Cyber threats detection unit, a total of 158.4 million cyber threats were reported as of June 30, June 2021, compared to 110.9 million in the previous year. This figure was made up of 122.5 million malware attacks, 17.7 million in denial of service, 16.2 million in web application attacks, and 1.97 million system vulnerabilities.
This surge in cyber threats directed at local targets was attributed to increased Internet penetration, uptake of E-commerce services and cloud-based services to support remote working as well as a rise in the use of social media.
Implementation of virtual working environments as response measures to the COVID-19 pandemic, the increased digitization of government services and functions through E-Government towards the realization of the Digital Economy Blueprint, increase in online banking, increased uptake of Internet of
Things (IoT) devices, and the increased reliance of mobile devices also contributed to the increase in the cyber threats.
In its latest report and analysis, SASRA notes that usage of ICT in the provision of financial services will continue being the main transformative competitive edge of financial institutions which will be able to weather the storm of a highly competitive financial services sector driven mainly by digital services.
SACCOs must thus embrace digital and online access to their main services including savings mobilizations, application for and access to credit facilities, loan repayments, and transactional inquiries among others.
Whereas many SACCOs are already in the digital and online space of financial services delivered through mobile money platforms, online and internet platforms, ATMs, and SACCO agencies, a lot more needs to be done, particularly regarding efficiencies and turn-around times for their digital services.
The enactment of the legal framework for licensing, supervision, and regulation of digital credit providers by the Central Bank of Kenya, whose implementation is foreseen to take shape in 2022 will add another layer of competition for SACCOs.
Although previously seen as unregulated, the eminent commencement of supervision and regulation of digital credit providers is likely to endear them more to the public as credible credit service providers, especially among the tech-savvy youthful population of the economy.
To compete favourably for this demographic market, SACCOs must invest in ICT and be innovative enough in the roll-out of digital credit financial services products that responds to their market niche.
