Loan fraud in a bank, part 3: the investigation

Continued from part 2. Working with the bank’s internal audit team and the bank’s security staff, I was retained to provide high-level investigations strategy

Continued from part 2.

Working with the bank’s internal audit team and the bank’s security staff, I was retained to provide high-level investigations strategy to help the team solve the case. The following were the investigation objectives:

(a) Undertake predication of the whistleblower’s information

(b) Identify the possible suspects and their accomplices

(c) Gather evidence for recovery of the lost amounts and or possible prosecution of the culprits

Predication is the process of determining whether any information provided by whistleblowers hold water or not. This is usually a desktop review of analyzing the facts at hand and making an informed judgment of their accuracy considering the circumstances. In this particular case, it was clear that something was not right. The overall control environment within the credit department left a lot to be desired. Following a one-on-one chat with the head of credit department, it was clear that she had limited faculties to run the office. I noticed, during the discussion, one of his staff brought loan approval papers and she just signed as our discussion went on!

She had no time for the details yet the credit department is one that require folks that are attentive to detail, including requiring physical visitation to client sites and making other independent unannounced visits just to be sure whether the property or home indicated is theirs or not.

The fact finding strategy

Fraud examination is a business of no sampling, no materiality. Everything matters. With this in mind, we decided to review all loans in the department since the suspicious characters joined. That meant a review of loans over a five year period.

We extracted all loan applications that were non-performing i.e. defaulting.

After a careful analysis, we had a print out of all loans that were questionable. The total amount of the loss went up to Ugx. 840,302,100 (US $311,223) over a period of five years, loan amount and interest. This was an equivalent of an average loss of Ugx. 14m per month! Which we thought was on a higher side. The first step was to contact each and every loan account holder to confirm the genuine ones.

We needed evidence that the loan applicants were non-existence.  We got printouts of each loan from the information that had been captured in the system. Before heading into the archives to review the loan application files, we reported a police file.

This was to ensure the evidence we collect on the case is not challenged as ‘illegally obtained evidence.’ With a case file open and a police officer assigned to the case, we were ready to go.

Based on the system records, we discovered many loans for which not even a single repayment had been made. Once the loan was disbursed, and the money obtained, the account became idol. Loan collectors had reported that some of the phones indicated were not going through.

We tried calling the indicated lines, without success.

After this tedious sorting exercise, we had about Ugx. 531,004,300 principal and interest unaccounted for.

The first step was to make an appointment to take an account of what happened (witness/ suspect statement) from the loan officers who had disbursed this money.  Three of them were still with the bank. It was easy to take their statements with the help of the police officer. Two of the officers involved in the generation of the client had left, and it was difficult to trace them.

At least we had 3 suspects with us.

We asked for an account of how the loans were disbursed then, and why the indicated physical addresses were not accurate. And why the mobile phones were off. One by one, we took their statements. Each denied knowledge.

“I don’t know what happened. I worked with ‘xx’ and he was the final person with the file. He was my supervisor. I don’t know whether he changed the information we had indicated.’ They took advantage of the fact that two of the suspects had left the bank and were unavailable.

With the statements in hand, we traced the staff that had left. We obtained their personnel files, and took note of the contacts indicated as their next of kin. We also obtained a court order and took it to the National Social Security Fund (NSSF) to obtain the suspect’s indicated contact details, and whether they are working elsewhere.

With this, we most of the information we needed about the suspects. We made the call to the suspect, but refused to turn up. He said he was busy and that he had handed over officially. He added that had forgotten anything to do with what we were talking about. We decided to call his wife, whom he had indicated as his next of kin. This call changed everything. A short while later, the suspect called, giving us an appointment and also advising us “to leave my wife out of this.”

This was a good progress on our part. We knew the man’s soft spot was his wife. And so, we had him in our palm. The case was on track.

We promised not to bother his wife, if he cooperated. The second deserter was not cooperative either. However, we noted down our phone discussions and filed.

All we needed was evidence that the suspects occasioned loss to the bank.

The physical loan files and client visitations

The next stop was in the bank’s archives. We had a list of the loan files we were looking for, having got a print out from the system. One by one, we searched for the loan file documents in vain.

Any scheme involving missing records or documents is very complicated to uncover.

For this reason, once a loan is approved, the supporting documents must be submitted to the archives and kept lock. No unauthorized person should be allowed to access the archives. Any access to the records/ archives must be duly documented and a chain of custody or document movement clearly kept. This helps prevent unauthorized discovery (by copying) or destruction of records.

We reviewed the filling procedures of the bank, and noted several weaknesses.

There was no security camera at the entrance to the archives room. Even then, we noted that the CCTV camera footage at the ATMs and banking hall are archived for just four months and then overwritten, as the bank could not invest in a data center and bulk storage system.

Without the loan files, we could not determine the particular staff who visited the clients, did loan vetting and signed on the loan. It was so annoying that all the suspected fictitious loan files were missing in the archives. It appears this was a highly sophisticated scheme involving several people.

We suspected that the fraud could have been much bigger. However, in absence of the original records, we could not go far.

Without critical evidence, we re-interviewed the suspects. They insisted that they were not aware of the scheme. Even the person that had raised the red flag, later changed his statement.

The good thing is he helped the bank fix the loop holes.

Recommended changes to avoid re-occurrence (in power point presentation) – 15 slides, clearly explained.

Subscribe to access the recommendations. Monthly subscription is Ugx. 100,000 (US $ 20) via mobile money or PayPal or Western Union.  Send mobile money to 0782610333. Or paypal to mmugisa[at] . Once money is received, you will receive access to our exclusive resources, members only resources on

For fraud training, email premium[at]

Copyright 2013 Mustapha Mugisa. All rights reserved. You are free to share with appropriate attribution.

Read 48006 times

Leave a Reply

Your email address will not be published.