Is Equity Bank Becoming A Fraudsters’ Den?

The numbers are staggering. Over the past three years, Equity Bank Group has lost the equivalent of more than Sh4 billion to a cascading wave of fraud and cybercrime that has struck the lender in nearly every market it operates: Kenya, Uganda, Rwanda, and with further exposure expected in Tanzania, South Sudan, and the Democratic Republic of Congo.

The losses have come through hacked payment systems, stolen staff credentials, insider-facilitated transfers, cryptocurrency laundering, and now a cross-border digital heist involving the bank’s Rwandan subsidiary.

The question that Kenya’s banking establishment and its regulators refuse to answer publicly is blunt: at what point does a pattern of catastrophic, recurring financial crime stop being a series of unfortunate incidents and start being evidence of systemic failure?

Equity Group Holdings, which styles itself Africa’s leading financial inclusion champion and holds the distinction of being East Africa’s largest bank by market capitalisation, has framed every theft as a trigger for reform.

Each successive heist has been met with a press release, a CEO speech and, eventually, a mass dismissal.

In 2025, the bank fired more than 1,500 employees in successive waves across its Kenyan and Ugandan operations, in what CEO James Mwangi called the most aggressive internal anti-fraud campaign in East African banking history.

Then, barely eight months later, Equity Bank Rwanda was looted of Rwf 4.9 billion — roughly USD 3.4 million — in a five-day digital heist coordinated across two countries. The mop-up had not even finished before the next attack arrived.

The Blueprint: How The Looting Has Unfolded

The first recorded systematic assault on Equity’s digital infrastructure in recent memory began quietly in April 2023, when unknown actors penetrated the bank’s CyberSource payment and fraud management system. Security configurations for three registered merchants were downgraded from three-dimensional authentication — which requires multiple layers of verification — to two-dimensional, which offers far weaker protection.

For the next three months, fraudulent credit card scripts were run silently against the three merchants, with payments debited straight from Equity Bank’s settlement account.

No goods changed hands. No services were rendered. The money simply disappeared.

By the time Equity Bank discovered what had happened and filed a report with the Directorate of Criminal Investigations, it had lost Sh322.1 million. Correspondence between the DCI and the Office of the Director of Public Prosecutions, subsequently seen by Nation Africa, traced the stolen funds through multiple local bank accounts before a portion landed in the United Arab Emirates through a private company in Abu Dhabi, operated via a Kenyan-British businessman who is among four suspects recommended for prosecution.

The DCI noted that forensic analysis of a seized laptop was expected to reveal whether an Equity Bank staff member facilitated the breach from inside.

Whether the employee-collusion angle was ever conclusively resolved has not been made public. Whether the Abu Dhabi funds were ever recovered remains unknown.

One year later, almost to the month, the credit card fraud vector was struck again.

Between April 9 and 15, 2024, Sh179.6 million was fraudulently paid out to 551 bank accounts and mobile money wallets.

Investigators determined that an Equity Bank employee had installed malware in the bank’s main system specifically to delay detection, buying time for the stolen funds to be dispersed.

Equity managed to freeze Sh60 million; the remaining Sh118.9 million had already been moved — Sh63 million to M-Pesa accounts and Sh39 million to accounts in competing banks.

The CBK said nothing publicly. Equity Bank said nothing publicly. The incident was disclosed only through investigative reporting.

The Sh1.5 Billion Payroll Heist: An Inside Job At The Heart Of The Group

July 10, 2024, was the date that changed everything for Equity Group. Through 47 transactions designed to mimic routine salary payments, cybercriminals siphoned Sh1,545,553,374.59from the bank’s salary suspense general ledger — an internal account used to process payroll for corporate clients — in a single day.

The scheme was breathtaking in its sophistication: the transactions looked, on every internal system, like legitimate corporate payroll disbursements to employees of various companies.

In reality, Kenya’s second-largest bank was being drained in one of the most audacious bank heists this country has ever seen.

At the centre of the investigation was David Kimani Machiri, a general manager at Equity Bank’s Group Processing Centre, Salary Processing Unit, who held direct system access to the compromised account.

The digital fingerprints of every one of the 47 transactions pointed to his credentials. Machiri had, investigators noted with particular suspicion, taken sick leave immediately before the theft.

Yet somehow, his access codes were live and fully operational on the day of the heist. When confronted, his explanations did not satisfy investigators. He was arrested on July 12, 2024, and granted bail of Sh500,000 — then, on August 11, 2024, he was allegedly abducted and reportedly held in a forest, in a twist that raised immediate questions about who, precisely, needed him silenced.

As investigators followed the money, a second name surfaced: Ruth Muthoni Kamau, a businesswoman whose companies — Goodmans Fresh Ltd and Blue Kenfresh Ltd — received Sh105 million directly, with additional funds flowing into personal accounts.

A third suspect, Owen Karanja, received Sh215 million through his companies and, according to police, converted the entire sum to bitcoin deposited into a Binance cryptocurrency wallet registered in Muthoni’s name.

A fourth suspect, initially identified only as “Geoffrey”, was revealed through fingerprint analysis to be Geoffrey Kahungi Kiragu, founder of Lesedi Developers, a real estate firm that had defrauded more than 800 investors of at least Sh1 billion before its collapse in 2023. Kiragu had simply moved on to bigger scores.

Five individuals with Somali-sounding names received Sh463 million and were detained while attempting to access further funds at Equity Bank’s headquarters, pointing to the involvement of Hawala networks — the traditional Islamic money transfer system that operates entirely outside conventional banking channels — alongside cryptocurrency conversion.

The theft, in other words, was not opportunistic. It was a planned, multi-layered, professionally executed financial crime involving serial fraudsters, an insider, conversion to crypto to defeat tracing, offshore routing through forex bureaus, and hawala for the final clean-out.

The Cover-Up That Made A Scandal A Crisis

What elevated the Sh1.5 billion heist from a serious crime to a potential institutional crisis was the allegation of systematic interference in the investigation itself.

Inspector Bonface Maina Kamau, the lead Banking Fraud Investigation Unit detective on the case, found himself at the centre of what internal police correspondence suggests was an orchestrated campaign to derail the probe after he challenged inconsistencies in Ruth Muthoni’s witness statement — including a document that bore the wrong year, 2023 instead of 2024, and an improperly initialled recording.

When Inspector Kamau pushed for a corrected statement, Muthoni filed a complaint against him with the Directorate of Public Complaints, accusing him of demanding a Sh10 million surety and orchestrating an illegal abduction.

The complaint triggered Kamau’s sudden transfer to Baragoi in Samburu County — one of Kenya’s most remote postings — effectively removing the most knowledgeable investigator from the most complex financial crime case in the country.

In protest letters to senior police officials, Kamau alleged that two senior DCI officers from the Transnational Organised Crime Unit had “incessantly tried to help Ms Muthoni wriggle out of the investigation”, that ODPP bureaucrats had made similar approaches, and that Muthoni had made WhatsApp calls to “senior officers in the DCI and the National Police Service” while being processed and had met an officer who provided her with a BFIU contact for “furtherance in assistance she needed.”

Muthoni has since obtained a court order blocking the police from investigating or arresting her, claiming the investigation is tainted.

A Nairobi lawyer, Esther Bitutu Kadiki, was arrested in May 2025 and charged in connection with the heist, with court papers alleging she was instrumental in orchestrating the fraudulent siphoning of funds.

The Group’s own Chief Internal Auditor was sacked in October 2024 after being blamed for oversight failures that preceded the theft. Multiple legal proceedings now run concurrently in different courts. The investigation, in short, is as fragmented as the stolen funds.

Uganda: Years Of Looting Under The Bank’s Nose

Kenya’s losses, spectacular as they are, represent only part of the story.

In Uganda, Equity Bank has suffered a slow-motion catastrophe that should have raised alarm bells at the board level years ago.

Between 2018 and 2024, the Ugandan subsidiary was consumed by a massive insider fraud scheme in which UGX 65 billion — approximately USD 17 million — in unsecured loans was issued through the bank’s Eazzy Stock digital lending platform to fake companies, unqualified borrowers, and employees’ relatives, without adequate due diligence.

At least eight staff members were prosecuted. Managing Director Anthony Kituuka resigned. The scheme contributed to Equity Bank Uganda recording a UGX 18.8 billion net loss in 2023, a figure that has since been partially reversed — but not without leaving a deep scar on the subsidiary’s credibility.

In 2022 and 2023, a wave of SIM-swap and mobile banking frauds hit Ugandan customers.

In 2024, the bank was separately exposed to an additional UGX 4 billion in losses from the negligent failure to reconcile thousands of Visa card transactions, a failure investigators linked to two employees in the bank’s monitoring team. When the bank moved to recoup those losses by placing liens on affected accounts, it placed them on accounts that were already dormant or had been closed — aggravating customers who had nothing to do with the fraud.

Beyond the human toll, the UGX 4 billion card fiasco exposed a monitoring team that was either incompetent or complicit.

In one additional case, an Equity Bank Uganda operations manager was charged in court over the alleged theft and laundering of USD 2.8 million from the lender.

By mid-2025, when Mwangi extended his Kenyan anti-fraud purge into Uganda, Equity Bank Uganda’s fraud-related provisions had ballooned to UGX 191.2 billion — a figure that, taken alone, would be a national banking scandal in any country on the continent.

Rwanda 2026: The Purge Did Not Hold

Rwanda was supposed to be different. Equity Group had explicitly named it as one of the subsidiaries that would be swept through the integrity audit Mwangi had launched.

The CEO had gone on record in May 2025 promising to be “consistently ruthless.” Rwanda, Tanzania, South Sudan and the DRC were named destinations for the crackdown. Eight months later, on February 14 to 18, 2026, attackers executed a five-day digital assault on Equity Bank Rwanda that drained Rwf 4.9 billion — approximately USD 3.4 million — from the bank’s mobile money float system. Equity detected and contained the breach, reversing a majority of transactions within 24 hours. Approximately USD 2.5 million — 74 percent of the total — remained outstanding.

On March 15, 2026, Equity Bank Rwanda confirmed the incident. On March 23, 2026, six Ugandan nationals — Mugisha Solomon, Enock Mpanga Kazige, Katerega Benedicto, Kiyimba Faruk, Oketcho Gerard, and Katamba Isma — were arraigned at Kampala Metropolitan Police under CRB: 215/2026, charged with electronic fraud under Section 18(1) and (2) of Uganda’s Computer Misuse Act, Cap 96.

The Rwanda Investigation Bureau had separately detained 35 individuals in Rwanda, including two Equity Bank Rwanda IT staff connected to data centre operations.

Investigators told sources that “there must have been physical access to the data centre.” The reference in the Ugandan charge sheet to “others still at large” confirmed the operation was wider than the six individuals in custody.

The 2026 attack was not Rwanda’s first encounter with criminals targeting Equity Bank. In November 2019, twelve people — eight Kenyans, three Rwandans, and a Ugandan — were arrested in Kigali while attempting a similar cyber-fraud operation against the bank.

They were convicted in 2021 and sentenced to eight-year jail terms. That history makes the 2026 breach more damning, not less: Equity Bank Rwanda had been on notice since 2019 that it was a cross-border target.

The 2026 attack was, by all accounts, far more technically sophisticated — exploiting the mobile money float mechanism, deploying a cross-border human mule architecture, and apparently gaining entry through a third-party vendor’s system rather than through a frontal assault on the bank’s own network.

The Rogue Employee At Sh387M: A Fourth Attack In The Same Year

Even as the Sh1.5 billion payroll heist dominated headlines, Equity Bank Kenya was simultaneously absorbing a fourth major loss. Between May 17 and June 14, 2024 — while the payroll investigation was still live — a rogue employee illegally transferred Sh386.5 million to eight companies: Ubahashi Traders Limited, Calabash Adventures Limited, Jahnur Investment, Kariye Investment, Flowerish International, Kariye Salah Ali, Hotho Investments, and Sasa Pay Trust.

Equity Bank rushed to court for freezing orders and reported the matter to the BFIU. This was a separate theft, a separate employee, separate beneficiary companies — yet sharing names with some of the Hawala-linked suspects already implicated in the payroll heist, a connection that raises questions about the breadth of the criminal network that had embedded itself inside the institution.

The Audit Chief Is Fired, Not The System

One of the more revealing episodes in this saga is what happened to Equity Bank’s most senior internal watchdog.

Court papers filed in the Employment and Labour Relations Court reveal that a senior bank official who had served as Group Chief Internal Auditor since 2016 and was reassigned as Director Internal Audit in February 2024 was suspended in August 2024 and dismissed in October 2024, after the bank identified “omissions and/or commissions, failure or negligence” linked to his oversight role as contributing causes to the Sh1.5 billion loss.

The man had spent 22 years at the institution. His termination was treated as a solution. The structure that allowed an internal salary suspense account to be drained of Sh1.5 billion through 47 transactions without real-time alert — that structure received no public scrutiny whatsoever.

What The Numbers Actually Say

Tallied conservatively across the documented incidents from 2023 to early 2026, Equity Group has lost or been exposed to fraud and cybercrime losses approaching the equivalent of Sh5.5 billion across its regional operations.

The figure includes the Sh322.1 million CyberSource credit card fraud (2023), the Sh179.6 million repeat credit card fraud (April 2024), the Sh386.5 million rogue-employee transfer (May to June 2024), the Sh1.545 billion payroll heist (July 2024), the UGX 65 billion Eazzy Stock digital lending scandal in Uganda (2018 to 2024, equivalent to approximately Sh2.2 billion at current rates), the UGX 4 billion unreconciled Visa card losses in Uganda (2024), and the Rwf 4.9 billion Rwanda digital heist (February 2026, approximately Sh475 million).

Not counted in this figure are the USD 2.8 million Uganda operations manager fraud, the title deed fraud of Sh490 million, forged payment instructions of Sh26.2 million, or fraudulent teller transactions of Sh39 million — all separately disclosed in court documents.

The bank’s own internal audit, which led to the dismissal of between 1,200 and 1,500 employees across Kenya and Uganda by mid-2025, confirmed total losses over two years of at least Sh2 billion (approximately USD 15.4 million) from staff collusion alone.

These are not allegations. These are figures drawn from the bank’s own public statements, court filings, police charge sheets, and DCI correspondence with the ODPP.

The Structural Problem The Bank Will Not Name

Every statement issued by Equity Bank Group in the wake of these incidents has shared a common theme: the problem is the people, not the system. James Mwangi has said he will be ruthless. He will clean the bank.

He will protect mama mboga’s chicken. He will remove those who have compromised themselves. And so the bank has fired employees: 195 in May 2025, then 287 by mid-May, then 1,200 in a single wave on May 29, 2025 — nearly nine percent of the entire Kenyan workforce, handed two-day ultimatums to prove their innocence. By the time the Uganda purge was added, more than 1,500 people had been dismissed.

What has not been publicly examined, by the bank, by the Central Bank of Kenya, by the Bank of Uganda, or by the National Bank of Rwanda, is this: how does a bank of Equity’s scale and sophistication — with a market capitalisation of Sh1.3 trillion, operations in seven countries, and a customer base exceeding 12.9 million — allow a single manager’s credentials to authorise 47 transactions totalling Sh1.5 billion from a salary suspense account without a single real-time flag? How does a credit card fraud scheme run undetected for three consecutive months before the bank notices? How does the same fraud vector succeed again, one year later, by a different set of criminals? How does an employee install malware in the main system without detection? And how does the Rwanda subsidiary, explicitly named for a post-Kenya integrity audit, end up being looted eight months after the CEO’s pledge to sweep it clean?

The answer, which no one in authority is publicly willing to give, is that the problem is not primarily the employees.

The problem is a digital banking architecture that expanded faster than the controls designed to govern it. Equity Bank has transformed itself, with extraordinary commercial success, from a building society for the unbanked into a seven-country digital financial services group processing millions of transactions daily across mobile money platforms, agent networks, and third-party technology integrations.

In doing so, it has multiplied not just the opportunities for financial inclusion but the attack surfaces for financial crime. Every new integration is a potential entry point. Every new market is a new set of local fraudsters studying the system. Every new credential is a potential key.

Where Are The Regulators?

The Central Bank of Kenya has, to date, made no public statement specifically addressing the string of fraud incidents at Equity Bank. The Communications Authority of Kenya reported 7.9 billion cyber threats in the first eight months of 2025 — double the figure for 2024 — and the CBK has described Kenya’s banking sector as “resilient.”

This is the same regulator that is mandated under the Banking Act to ensure the soundness and stability of institutions under its watch.

The Bank of Uganda has been similarly silent on the Equity Uganda fraud provisions of UGX 191.2 billion. The National Bank of Rwanda confirmed only that it was cooperating with the Rwanda Investigation Bureau on the February 2026 attack.

No regulator in any of the three primary jurisdictions has publicly demanded an independent audit of Equity Group’s cybersecurity architecture. No regulator has disclosed whether the bank faces any supervisory sanction for repeated material control failures.

This silence is itself a regulatory failure. Kenya’s Banking Act grants the CBK sweeping powers to inspect, investigate and direct remedial action at licensed institutions.

The Proceeds of Crime and Anti-Money Laundering Act creates obligations that the bank’s own transactions with the Abu Dhabi-routed funds, the bitcoin conversions, and the Hawala networks should have triggered.

That the investigation into who precisely engineered the 2023 CyberSource hack — and whether an insider was involved — appears to have produced no public outcome three years later is not a point of comfort. It is a point of alarm.

The Questions That Must Be Answered

Is Equity Bank’s digital infrastructure fundamentally vulnerable to insider exploitation in ways that individual dismissals cannot fix? Why has no regulator in Kenya, Uganda or Rwanda publicly demanded an independent third-party cybersecurity audit of Equity Group’s core banking systems? How much of the combined Sh5-plus billion stolen from the bank across its markets has actually been recovered, and where is the money that reached Abu Dhabi in 2023? What happened to the investigation into Inspector Bonface Kamau’s allegations that senior DCI officers and ODPP bureaucrats attempted to shield Ruth Muthoni from prosecution? Are the criminal networks that have targeted Equity Bank in Kenya, Uganda, and Rwanda linked — and if so, is there a coordinated organised crime operation running across the group’s footprint that law enforcement has failed to map and dismantle? And why, after the largest internal purge in East African banking history, did Equity Bank Rwanda’s data centre apparently suffer a physical or near-physical access breach just eight months later?

These are not rhetorical questions.

They are the questions that the bank’s 12.9 million customers, its 14,000 remaining employees, its shareholders on the Nairobi Securities Exchange, the Uganda Securities Exchange and the Rwanda Stock Exchange, and the regulators in seven countries are entitled to have answered.

The money belongs to ordinary Kenyans, Ugandans, and Rwandans. Some of it is mama mboga’s chicken. And it keeps disappearing.