What you need to know:
- Banking is always secretive, they only cry in public when the losses are too big to bear, but in the digital age, URA and Bank of Uganda included, even bigger hits can happen at any time.
One of the unaccomplished tasks of the National Information Technology Authority Uganda established in 2009 was to regulate standards for deployment and use of information technology. The first years of NITA-U were spent on implementing and managing the national information backbone or information infrastructure across the country. The second wave of projects looked to assist government service providers in implementing information technology solutions to deliver government services. IT is very much an attribute of the new public administration.
In Digital Vision 2040, the government seeks to increase the uptake of goods and services through digital channels. It doesn’t matter whether the platform is public or privately owned or operated.
These last two have resolved manual processes into electronic platforms, two factor authentication is the most common one, as opposed to a single interface, and now the National Identification Number, the NIN is a common tool to verify personal identity, enhanced in some environments by the fingerprint collected temporarily for purposes of two factor authentication.
In its idealistic form, NITA-U would task Bank of Uganda to implement information technology standards to detect and deter fraud, through on-time relay of information, appropriate control levels to detect large and unusual transactions and real time reports of suspected transactions to other regulators in the financial sector like the FIA. NITA-U would be able to detect unusual withdrawals from ATMs or now mobile money where lightly regulated activities like sports betting pick up ahead of big matches.
There was a time when commercial banks and partly because of insurance cover were bleeding withdrawals from ATM machines by rackets of persons of Eastern European origin who were mapping and then cloning ATM cards before colluding with bank staff to overload and then withdraw cash from ATM machines in many countries.
During the pandemic as many transactions shifted from cash to mobile money, at least two big mobile money heists that hit several banks were reported through the malfunctioning of a mobile money operator, Pegassus’ platform.
That, however, was the tip of the iceberg, as banking agents who have assumed the risk of handling small customer deposits were also hit every now and again by single incidents of losses exacerbated by “network” failures.
There was a time when the industry flagship, Stanbic’s enterprise online platform was predictably off every Saturday rendering it impossible to complete transactions. The second banking operator, Centenary Bank in 2019 implemented a solution that had no access to hard copies of years and years of banking information as it migrated its bank accounts to a national identification number centric system. In short, while bank accounts remained operational, it would take ages to communicate with back-office information collected at the time a bank account was opened.
So the news, that my bank manager and his predecessor are in criminal jeopardy accused of abetting a large fraud on a client is shocking and actually worrying. Inside operators are aware of vulnerabilities of the systems they operate every day. Some of the digital challenges come from simple tasks like conversion of currencies. Our notoriously “upbeat” shilling conversion platform can fail to convert a small sum of money ending with a few “9”s. At any one-time big blue has at least 4 exchange rates for the same conversion from US dollar to UG shilling. It has a system rate on its online platform, a board rate that flashes at you when you walk into the branch, a corporate rate for blue chip customers and a private banking rate for its high net worth individuals. No regulation whatsoever exists for how these rates interact throughout the day, and it appears in the Stanbic heist case, it was possible to withdraw sums of money without triggering any mobile money alerts.
This is where a national level echelon, like NITA-U better than getting bogged down in procurement of masses of equipment would be rushing to the aid of the banking sector where small operators, big operators are suffering regular “hits” on the system. Banking is always secretive, they only cry in public when the losses are too big to bear, but in the digital age, URA and Bank of Uganda included, even bigger hits can happen at any time.
Mr Ssemogerere is an Attorney-At-Law and an Advocate.