Want to understand the impact of fraud in financial services sector in Uganda? In the presentation, find analysis of the impact of fraud on banks in Uganda based on their business model.
Fraud affects the cost to income; and revenue mix. It affects pricing of banking products.
2. be transformed
The top 4 broad risk areas of concern
9/22/2023 2
Cybersecurity
risks
Fraud &
compliance
risks
Incident &
Crisis mgt
(BCP)
ERM
Strategy
Enterprise
Objectives
at risk
4. be transformed
Cost of cybercrime (Uganda Police rpt)
A lot of money is invested in
trying to recover the big sums of
lost money which is not on record
248 of the reported
cybercrime cases led to a
loss of 11.4B
Ugx. 51 Mn
Ugx.11.4 Bn
Classified Information
cyber crime costed them over
13.4 billion
Ugx. *
Ugx. 171.1 Bn
0.4%
Recovered
99.6
0%
Cyber loss 2019
Confidential
Recovered
Our frontline projects
0.4%
99.6%
Source: Project Frontline Uganda 2020 published
by www.summitcl.com
5. be transformed
Fraud drives CTI higher…
5
Aspiration zone CTI<40% & NII
contribution <28%
Cost to Income Ratio (%)
NII industry
Avg.
of 26%
Medium risk :
Low CTI but high
dependence on
NII.
Medium to High risk:
7 banks
CTI Industry Avg. of
81.4%
Key:
Size of Ball = FY 2019 Assets
(Audited Financials)
Source: Published Audited financials
Citi CERUDEB
UBA
MCBL
Post
HFB
StanChart
SBU
BOA
Absa
Pride
Brac
DFCU
GT
FINCA
BOI
Equity
BOBU
FTB
ECO
Opportunity
UGAFODE
EFC
Yako
DTB
ABC
NC
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
32% 42% 52% 62% 72% 82% 92%
Contribution
of
NII
tot
Total
Revenue
Source: summitBI Uganda Banking Sector Review 2020 Report
by www.summitcl.com
6. be transformed
be transformed
6
38%
21%
38% 38%
46%
21%
29%
38%
A B C D E F G H
Common causes of cyber fraud…
A Weak and or compromised credentials
B Misconfiguration
C Trust relationships
D Missing or poor encryption
E
Technical vulnerabilities including zero-day exploits,
trojans, cross-site scripting, session high jacking, and man-
in-the-middle
F Ransomware
G Malicious insiders and or former employees and service
providers
H Social engineering including phishing
Source: Project Frontline Uganda 2020 published
by www.summitcl.com
Editor's Notes
Cybersecurity risks – do you leverage IT solutions? When did you last conduct IT security risk assessment?
Fraud risks – is your fraud risk management program effective?
Crisis management and business continuity
ERM - General risk management including strategy and compliance risks – how mature is your overall ERM? Covers all the processes
Fraud is a global problem affecting all organizationsworldwide. Because occupational fraud is frequentlyundetected and often never reported, it is difficult todetermine the full scope of global losses
According to the Uganda Police annual crime report for 2019, a total of 248 cybercrime cases were reported during the year compared to 198 cases reported in 2018.
These cybercrimes resulted in a loss of Ugx. 11.4 billion in 2019 of which Ugx. 51.8 million was recovered.
According to our Frontline projects at our premium clients in the past 12 months, on average over 13.4 Billion were lost to fraudsters and only 100.4 million was recovered.
Note: A lot of unreported cost is invested in sunning recovery processes for the lost money to cyber crime and at the end of it all, less money is recovered compared to what is lost.
Centenary Bank is medium risk based on the heat map. It has average CI and average NII – as a retail and commercial bank, Centenary must grow more NII to at least 45%, to cover retail risks. The question now is what is the composition of the NII? Is it due to inefficiency as result of high bank charges or transaction advisory, convenience and wealth management, etc? Centenary must reduce costs of operation further like peers to win.
BOI only Ugx 6 million impairment provision. Thanks to relationship banking within the Indian business community
Stanchart (Low cost to Income) = Full digital bank = Low NII to total revenue. However high impairment charge from prior year loans.
Winning Banks = offering convenience. Leveraging on corporate clients. Anticipate banks will close branches and focus on agency banking and digital.
Brac – leveraging on agency banking –solving the current problems – security and liquidity.
What kind of reports do you receive on cyber attacks?
When did you last do a penetration test? Black box? White box? IT governance assessment?