Report Raises Doubt on Safety of Kenyans' Savings in Some Saccos

Kenyan Currency notes.
A photo of sample Kenyan currency notes.

A recent report on Digital Transformation and Cyber Risk within Saccos has raised concerns on the safety of Kenyans' savings in some of the financial institutions.

The report, generated from data sampled by Cyber Security firm Serianu over a period of three years, portrays existential threats from the wide gaps that exists in some of the Saccos in the country.

Among the loopholes the firm pointed out in the report include the failure by some Saccos to clearly defined digital transformation vision and strategy before rolling out operations.

The report also faulted some Saccos for implementing their Sacco management technologies despite having poorly designed network architectures. This, according to the report, exposes the systems to vulnerabilities.

Mobile banking services in Kenya
Mobile banking services in Kenya

Further, the report suggested existence of poor governance and accountability structures in some Saccos' systems, implying that the systems are not auditable and cannot fully inspire trust in the management and shareholders as well as savers.

Another gap pointed out by the report is the Saccos' thinking that digital transformation is just a technology change. Some Saccos were slow at adapting to changes in technology and providing clients with the most convenient and efficient access to financial services.

Some Saccos also had inadequate metrics for proper measurement of visibility and Return on Investment (ROI), limiting their ability to understand what their clients needed and whether their Digital Financial Systems were not only cost efficient to the Sacco but also profitable.

Out of over 1,000 staff members of Saccos sampled across the country, it was revealed that 60 per cent of the sampled Saccos lacked a cyber-security strategy. That way, they did not have clear guidelines on how to prevent, detect and handle cyber-attacks.

84 per cent of the sampled Saccos also lack formal standards for IT governance. This was deduced from the findings of the Saccos that IT Governance wasn’t represented at Executive level in the Saccos boards.

Alarmingly, 74 per cent do not monitor activities of their software vendors on their platforms, exposing them to such risks as theft of member deposits through obscurely programmed systems.

While the Saccos were encouraged to outsource System Design services, they were implored to also have internal mechanisms for auditing their Software Service Providers.

76 per cent of the Saccos also lack a Business Continuity Policy (BCP), which is necessary to ensure that the Saccos remain viable and competitive over time even as technology evolves.

The report further implored Saccos to be customer-centric, ensuring that the Saccos clients are well versed with the Saccos platforms. 72 per cent of the Saccos sampled do not perform general user awareness training and as such, some clients may not be aware of how their Saccos digital platforms operate.

The Central Bank Of Kenya
The Central Bank Of Kenya.