You don’t need a high-tech vault. You just need to stop being sloppy. Most small businesses still think cybercrime is a big company problem. That’s why they’re the softest targets. Not because hackers are smart. But because owners are careless. Here’s what I see every week. And what you must do. a) No backups. Or backups connected to the same network (i) When ransomware hits, your backups become useless if they’re on the same network. (ii) Fix: Keep offline backups. Back up daily. Test weekly. b) Weak passwords reused across accounts (i) The receptionist uses “123456” for email, social media, and admin panel. (ii) Fix: Enforce strong, unique passwords. Use a password manager like Bitwarden or 1Password. c) No two-factor authentication (2FA) (i) One password is never enough. Hackers can buy them off the dark web. (ii) Fix: Turn on 2FA on all critical accounts email, finance, admin. d) No cybersecurity training for staff (i) Most attacks succeed because someone clicked something. (ii) Fix: Train your staff quarterly. Teach them to spot phishing and fake invoices. Run simulated phishing tests. At Institute of Forensics & ICT Security, we provide affordable training solutions for enterprises. Visit www.forensicsinstitute.org to learn more. e) Using pirated or outdated software (i) Hackers exploit old software with known vulnerabilities. (ii) Fix: Use licensed software. Enable automatic updates. Schedule patch management. f) No firewall or antivirus monitoring (i) Installing antivirus and never checking it is like locking a door and leaving the key outside. (ii) Fix: Get active threat monitoring. At a minimum, use tools like Sophos or ESET. g) Poor email security settings (i) Attackers spoof your domain and trick your clients. (ii) Fix: Set up SPF, DKIM, and DMARC records for your domain. Your hosting provider can help. h) Shared accounts with admin rights (i) Everyone uses one account. No logs. No accountability. (ii) Fix: Give users only the access they need. Enforce role-based access control. i) No incident response plan (i) Something goes wrong and everyone panics. No one knows what to do. (ii) Fix: Draft a simple cyber incident plan. Include contacts, steps to isolate threats, and recovery plans. j) Ignoring mobile devices and Wi-Fi networks (i) Staff connect personal phones to office Wi-Fi. No control. (ii) Fix: Use guest networks. Secure mobile devices with screen locks, encryption, and remote wipe options. In 2023 alone, over UGX 12 billion was lost in Uganda due to preventable cyber incidents most in small businesses. You don’t need a cybersecurity budget of $100,000. You need discipline. Start with backups. Then train your people. That alone stops 80% of attacks.
Ransomware attacks: How one click can cost millions
The incident On the morning of 3rd March 2024, a mid-sized logistics company based in Mombasa, Kenya went dark. All systems dispatch, email, finance froze. A red screen replaced the company’s normal login portal. The message: “Your data is encrypted. Pay $1.5M in Bitcoin within 72 hours or lose it forever.” The firm’s entire fleet coordination collapsed. By day two, port operations flagged the company for delays. By day three, clients began shifting to competitors. That’s how it starts. Not with fireworks. With one staff member clicking a fake invoice attachment titled “Revised LPO – Urgent”. You’d think a logistics company would have ironclad cybersecurity. Wrong. Most East African firms treat cybersecurity as an IT matter. But ransomware doesn’t attack systems. It attacks people. And people click. The IT Manager tried to downplay it. The CEO initially refused to pay. Legal flagged regulatory issues. But the firm couldn’t process a single delivery. By day five, their entire April shipment backlog had been forfeited to rivals. This wasn’t a data loss incident. It was a reputation meltdown. We were brought in on day six, after one of their clients also our client alerted us to the suspicious blackout. Within hours, we were on ground with our cyber incident response team. The scheme i) The attacker used a spear-phishing email with a spoofed supplier domain. ii) The email contained a malicious macro embedded in a Word document. iii) Once executed, the ransomware LockBit 3.0 variant propagated via shared folders. iv) Within 15 minutes, it disabled all backups connected to the network. v) The attackers used Cobalt Strike to maintain persistence and exfiltrated critical data. Their vulnerability? Poor email filtering. Shared admin credentials. No offline backups The forensic red flags Our audit picked up several signs missed by internal IT: i) A login attempt at 2:43am from an IP in Belarus. ii) Sudden traffic spikes to *.onion domains (Dark Web). iii) 28GB exfiltrated to an unknown external server via HTTPS. iv) Disabled antivirus via Group Policy on three machines simultaneously. v) No endpoint detection or MFA on admin accounts. The cost Total losses tallied UGX 9.3 billion. That’s just direct losses revenue lost, clients cancelled, systems rebuilt. It does not include brand damage or the CEO’s resignation that followed. When you measure in lost trust, the number is far higher. f) Case in point In 2010, a young woman from Ntinda walked into our office. She had clicked a link while applying for a bursary online. Her laptop got locked with a pop-up asking for $300. She ignored it. But it didn’t stop there. The ransomware spread to the school’s shared systems, wiping parent records. The school, unaware of the source, fired the bursar. That woman never told anyone it started with her. But her face told the whole story. g) What this means for you You don’t need millions to be a target. Just internet. And an employee who’s in a hurry. Cyber-crime is a silent war. No alarms. No patrols. Just a single click. And silence. By the time you know you’ve been hacked, it’s too late. Be proactive. Review your systems. Or wait for the ransom note.
Fraud investigation report that withstands legal scrutiny
In fraud investigations, perception is not enough. You need precision. If your report can not stand cross-examination in court or scrutiny by an aggressive opposing counsel, you have wasted time and set your organization up for failure. Let me show you how to write a fraud report that survives not just audits but adversaries. From the cover letter to the annexes, every line must communicate clarity, integrity, and mastery. No sampling. No opinions. No hearsay. Just facts, plain facts. If you do not have evidence to support it, do not write it down. Cover letter Set the tone. Define the facts. Shield the process. ____________________________________ Date: 3rd April 2025 To: The Managing Director XYZ Microfinance Uganda Ltd Plot 14, Jinja Road, Kampala Subject: Submission of Final Fraud Investigation Report – Irregular Loan Disbursements Dear Sir, We write to formally submit the final fraud investigation report into irregular loan disbursements within your Credit Department, following your instruction dated 6th February 2025. This investigation was conducted independently and professionally in line with our mandate. All evidence collected was corroborated using documents, interviews, and digital logs. The report highlights a clear pattern of manipulation of loan records, unauthorized account creations, and internal collusion between Credit Officers X, Y, and B and third-party agents Jane Doe. The total financial exposure identified stands at UGX 178,240,000, as detailed in Section 5.2 of the report. We confirm that this report is supported by primary evidence annexed herewith and has been prepared to stand the test of legal and forensic scrutiny. We appreciate the opportunity to support XYZ Microfinance in securing its systems and culture. Please reach out for any clarification or expert witness services during disciplinary or criminal proceedings. Sincerely, James XP, CFE, Lead Investigator Institute of Forensics & ICT Security The report itself Precision over persuasion Title: Final Forensic Fraud Investigation Report Loan Disbursement Scheme XYZ Microfinance Uganda Ltd Report Ref: SUMMIT/FRD/004/2025 1.0 Executive summary This report presents findings from a fraud investigation commissioned on 6th February 2025. The inquiry focused on anomalies in group loans processed between September 2024 and January 2025 across four branches: Kawempe, Soroti, Mbale, and Lira. Our findings confirm collusion between internal Credit Officers and external agents to fabricate group membership, approve loans without due diligence, and divert disbursed funds. Total exposure is UGX 178,240,000. Disciplinary action and criminal referrals are recommended. 2.0 Mandate and scope 2.1 Terms of reference We were engaged to investigate: (i) Irregularities in group loan applications and approvals (ii) Potential internal collusion with agents (iii) Financial exposure and control gaps 2.2 Period under review 1st September 2024 to 31st January 2025 2.3 Departments and branches reviewed Kawempe, Soroti, Mbale, Lira Credit and Operations departments 3.0 Methodology (i) Reviewed 132 loan files (ii) Conducted 17 structured interviews with Credit Officers, branch managers, and clients (iii) Performed forensic analysis of T24 logs and signature comparisons (iv) Verified 37 clients physically, including household visits in Soroti and Lira 4.0 Summary of Findings 4.1 False group memberships (i) 46 group loans were approved for clients with no traceable addresses (ii) IDs used were photocopied from previous loan files, evidence of document recycling 4.2 Collusion (i) WhatsApp conversations (annexed) between Credit Officer Isaac W. and agent “Baba T.” confirm revenue sharing 30% kickback on each disbursed loan (ii) Audio recording (dated 14 Jan 2025) where Isaac explains how loan balances were rescheduled to disguise defaults 4.3 Systems override (i) Credit Committee signatures were cloned from prior meetings (ii) Disbursements were made outside working hours, in breach of internal policy 5.0 Financial Exposure 5.1 Value of fraudulent loans (i) A total of 46 group loans (ii) Average loan per group: UGX 3.88M (iii) Total exposure: UGX 178,240,000 5.2 Recovery status Only UGX 23,000,000 recovered to date. The rest is outstanding and likely unrecoverable. 6.0 Conclusion The fraud was perpetrated through internal collusion, poor supervision, and deliberate circumvention of policy. Management failed to follow up on red flags, especially repeated use of the same guarantors across unrelated groups. 7.0 Recommendations (i) Immediate disciplinary hearings for identified staff (ii) Termination and police referral for Isaac W. and Lydia K. (iii) System audit to plug override loopholes (iv) Enhanced verification using biometric tools at onboarding Annexes List of suspicious loans B. Interview transcripts C. WhatsApp chat printouts D. Signature analysis table E. Client visitation logs F. Management policies violated _________________________ If your investigation report is vague, you have just written a rumour. If it is overly technical, you have written it for machines. If it is dramatic, you have written it for newspapers. But if it is factual, clear, defensible, and precise, you have written it for court and justice. That is the report I deliver. Every time. Unlock your investigative skills and become a reporting pro: Sign up today for our Investigation and Report Writing Course and start making an impact! The IFIS Team Copyright IFIS 2025. All rights reserved.
Conducting effective internal investigations and disciplinary hearings
When things go wrong internally; fraud, harassment, data leaks, ghost workers, it is not what happened that destroys your organization. It is how you respond. Most boards and CEOs hesitate, outsource blame, or overcomplicate the process. That is how rot spreads. Here is the practical, unfiltered guide from Institute of Forensics & ICT Security experts on how to conduct internal investigations and disciplinary hearings effectively without losing the plot which usually could cost the organization’s reputation and more money. a) The trigger: Know when to act (i) Every investigation begins with a trigger. A whistleblower email. A financial discrepancy. A complaint of harassment. An exceptional report by the Internal Audit or Analytics team. A system flag of an exceptional event. Do not wait for a perfect storm. The best time to investigate is when your gut tells you, “Something is off.” (ii) In 2010, a young lady in her mid-20s went directly to the CEO’s office. She was a cashier at a microfinance institution in Mbale. Her supervisor was forcing her to process loan top-ups for ghost clients. Her reports to head office were ignored. She risked everything to blow the whistle. That’s the real trigger. The courage of one. That is how we got involved as case investigators. (iii) Once a trigger is identified, activate your internal risk committee or a trusted triage team. Never the whole HR or audit department. Small, tight, and skilled wins. b) Scoping the investigation (i) Define what you are investigating. Not “Is there fraud,” but “Did person X manipulate loan disbursement records between January and March 2024?” In investigations, clarity of the investigation objectives is key. (ii) Avoid kitchen sink investigations. Scope creep kills credibility. Focus on facts, not gossip. Hard evidence not hearsay and opinions. You are investigating to identify who did what, where, when, and how. Better have your facts in order. Remember, there is no draft evidence! (iii) Create a work plan with milestones: document review, interviews, forensic review, draft report. c) Evidence gathering: the audit trail is king (i) Review emails, finance logs, door access records, and CCTV footage if available. In Uganda, where logs are often manual, focus on inconsistencies. Cross-check signatures, approvals, timestamps. (ii) In one case in Arua, our investigators discovered that fuel vouchers were signed by a staff member who had been on maternity leave. That single signature opened a trail of collusion worth UGX 124 million. (iii) Interview key suspects last. First, gather all evidence. Interviews are not fishing expeditions. They are confirmations. Better first take their statements. Study their alibi. Collect all supporting evidence. And interview only to connect the dots and determine the consistency of their statements. Investigations is a skill. d) Conducting the disciplinary hearing (i) Once evidence is clear, write a report (see next article on this) and prepare for a hearing. Send a formal letter to the accused with clear allegations, hearing date, right to representation, and relevant documents. (ii) Form a panel with an HR rep, a legal adviser, and a neutral chair. Avoid panels of friends or enemies. (iii) Hear both sides. Ask open questions. Let the accused respond freely. Maintain a verbatim record. In many cases, the truth slips out in tone, not words. e) Disposition: conclude with integrity (i) Decide based on facts, not emotions. Was there a breach of policy? Was it gross misconduct? Was it negligent or malicious? (ii) Document your decision. Clearly outline reasons. Issue a sanction proportional to the breach: warning, suspension, termination, or referral to police. (iii) In the Mbale case, the supervisor was terminated and reported to police. The cashier was promoted and became head teller. Protect whistleblowers if you want a culture of truth. f) Lessons learned: Fix the root (i) Every investigation must end with a report to management. What control failed? Where was oversight weak? What culture enabled the breach? (ii) Use findings to fix systems: update procedures, train staff, or even restructure departments. Otherwise, the next investigation will be déjà vu. An investigation is not about who you punish. It is about what you allow. Start fast. Stay focused. Finish with courage. That is how we build institutions that last. Unlock your investigative skills and become a reporting pro: Sign up today for our Investigation and Report Writing Course and start making an impact! The IFIS Team Copyright IFIS 2025. All rights reserved.
The Art of Investigations – how to uncover the truth like a pro
Dear Executive, Fraud does not always knock. Sometimes it wears a staff ID and walks in smiling. It is so friendly and helpful. Fraud is always hidden in plain sight. I started my career in a bank, Nile Bank, that was later acquired by Barclays, which became a prize of Absa. You know how competition has been changing the face of banking in Uganda. Today I will share a case that will make you question every approved loan you have ever seen. The case of the ‘invisible borrowers’ In late 2023, a CEO gave us a call and asked to meet a whistleblower. We arranged to meet at our offices where the whistleblower walked in with a brown envelope. Inside were photocopies of loan approval forms, schedules, and a curious memo from a branch manager at a mid-tier financial institution in Western Uganda. The claim? Over UGX 1.2 billion had been disbursed to borrowers who do not exist. No drama. No alarms. Just neatly approved loans. Here is what made it brilliant and dangerous. a) The setup (i) The fraudster was a seasoned credit officer. She had mastered the system, the process, and the people. (ii) Using dormant customer profiles real names but inactive accounts she started applying for small loans of UGX 5M to UGX 20M. (iii) Because she had access to the loan origination system, she generated internal approvals, forged signatures, and ensured the documents were “checked out.” (iv) She created fictitious phone numbers linked to the account numbers she controlled. All follow-ups were handled smoothly. b) The cash movement (i) Once loans were disbursed, she redirected the funds to two personal mobile money numbers under relatives’ names. (ii) From there, the funds were withdrawn in small amounts across different towns Kyenjojo, Fort Portal, and Kasese to avoid a pattern. (iii) The money funded a side business. A retail shop. Ironically, her own family thought she had won a government grant or in real local terms “married a Mzungu.” Family members were so proud of her success. She started being invited to the Church to share success stories and motivate young people on how to start small and grow steadily. Her shop was expanding and she was living a good life. For nearly two years, no one noticed. c) How the fraud came undone It was not IT. It was not Risk. It was not even Compliance. Not even Internal Audit. It was a newly transferred branch accountant. He could not reconcile a set of loan repayments there were over 30 active loans without corresponding cash inflows for 90+ days. He flagged them to his supervisor. The supervisor ignored it. But this man did not stop. He wrote directly to Head Office Audit, attaching a spreadsheet of loans by customer ID, disbursement date, and repayment history. That was when we were called in. d) The red flags we found (i) Multiple loans disbursed to customers with no current physical address. (ii) Similar handwriting on several KYC forms. Most had been filled by the same hand hers. (iii) Internal approvals during odd hours many done past 7 pm, when no managers were on duty. (iv) Loan repayments were all marked as ‘pending restructure’ or ‘in legal,’ yet no legal files existed. e) The moment of truth We staged a quiet confrontation. Having trained as a certified fraud examiner, computer hacking forensic investigator, and accountant, I know what makes a good investigator is an effective case investigation strategy. To make a good one, start by understanding the facts of the case. We sat down and reviewed the whistleblower reports. Listened to the internal auditor. Reviewed the loan process from start to finish, by studying the credit manual. We then did a walk-through of the process identifying areas of failure. My earlier experience has shown that processes are not applied consistently across all bank branches. In the city, near the head office, process reviews and approval are thorough. However, upcountry, due to low staffing levels and the pressure to grow the business, people do not focus on controls and reconciliations. After reviewing all the documentation, and interacting with other staff, we met the main suspect. We asked her to walk us through a loan application process. She became defensive. Claimed she had too much backlog. Then her phone buzzed a mobile money alert. It was a UGX 3M deposit. The same number we’d been tracking. That was it. When you have all the evidence and records, it is easy to get someone in the corner. She confessed. Tearfully. Claimed pressure to survive. Blamed poor pay. Total confirmed fraud? UGX 1.26 billion. Only UGX 240 million was recoverable. f) The real insight Fraud is not always technical. It is psychological. The best fraudsters exploit routine, not loopholes. They bank on you being too busy, too trusting, or too afraid to question. That is why real investigators must be obsessed with patterns, not personalities. Ask yourself: Are you reviewing loan portfolios with fresh eyes? Are dormant accounts truly dormant? And most importantly, is your system designed for integrity or just compliance? In investigations, do not wait for red sirens. Follow the silence. That is where fraud lives. The art of uncovering the truth is not about shouting. It is about noticing the thing no one else sees and asking the question no one dares ask. Investigate with discipline. Document everything. And when you find the thread pull hard. Unlock your investigative skills and become a reporting pro: Sign up today for our Investigation and Report Writing Course and start making an impact! Copyright IFIS 2025. All rights reserved.
Cracking the Case – essential skills every investigator must have
Dear Leader, We have seen it too often. A fraud case breaks out. Panic. Headlines. Then… silence. Why? Because the so-called investigation team was built on fear, not skill. They showed up with titles, not tools. Everyone thought the presence of a police officer, a lawyer, and the “IT guy” would solve the mystery. But it did not. The case collapsed. The money vanished. And everyone moved on. Let us get this straight investigation is not drama. It is a method. It is not magic, it is about evidence. Facts. Facts and more facts. And in Africa today, where corruption wears a clean shirt and drives a government car, your ability to investigate defines your survival. Let me take you behind the scenes. A staff loan gone rogue Last year, in a government agency not far from Nairobi, a routine payroll review raised a subtle flag. A staff member had taken a loan of KES 3.4 million from the staff SACCO. All fine. Except, the deductions quietly stopped after month three. No one noticed. No one asked. HR kept processing payroll. Accounts kept remitting salaries. And the SACCO kept bleeding. Until one day, a sharp internal auditor asked a simple question: “Why did loan recovery stop?” That question cracked the case. She discovered the staff member had colluded with the payroll officer to halt deductions. They edited the CSV file manually before uploading it to the bank portal. The bank simply paid what it was told. The SACCO was not on the instruction list. Case closed at least for them. How the auditor cracked it She did not shout. She traced. She enlisted the help of a fraud examiner with digital forensic skills. And together, the case was cracked. Leading from the front, the Internal Auditor matched HR records with payroll files. She requested system logs showing changes to the CSV uploads. She interviewed the staff member off-site where he was more relaxed and arrogant. She dug through SACCO receipts. And then she followed the money. It had gone to a betting account and was later withdrawn in cash. Total recovery? KES 1.4 million. Total loss? KES 2 million. But the real win? The method. Her report did not speculate. It proved. So, what does it take to crack a case? a) If you are in a hurry, you will miss the details. Most fraudsters mess up in the fine print. b) Curiosity. Ask the awkward questions. If it makes people uncomfortable, you are probably getting close to the truth. c) Documentation. What you do not document does not exist. No matter how obvious it is in your head. d) Emotional control. Do not accuse. Observe. Do not confront. Confirm. The minute you make it personal, you lose objectivity. e) Follow the trail. In Uganda, money does not go far. It lands in school fees, land purchases, or mobile money. Trace it. If you want to master investigation, stop thinking like a cop. Think like a strategist. Ask what does not make sense. Cross-check everything. And when you find a discrepancy do not celebrate. Trace it backward until you can write a report so tight no suspect can wriggle out of it. Because in this game, suspicion makes noise. But evidence makes arrests. Stay sharp. Unlock your investigative skills and become a reporting pro: Sign up today for our Investigation and Report Writing Course and start making an impact Copyright Institute of Forensics & ICT Security 2025. All rights reserved.
From suspicion to evidence — mastering the investigation process
Although this is a real case drawn from field experience, the names and locations have been altered to protect confidentiality. Any similarities to actual persons or offices are purely coincidental. What matters is the method of how a young, determined internal auditor turned suspicion into evidence, and unearthed a ghost scheme that cost taxpayers millions. It began with a subtle red flag. During her quarterly review at a district health office in eastern Uganda, the internal auditor noticed an odd pattern. One supplier Green Mango Supplies Ltd had been paid UGX 76 million over just three months. Oddly, she had never seen any trucks offloading goods from them. No one in the store’s department had signed a delivery report. Yet, the payment had sailed through. Her instincts kicked in. Suspicion is not enough. Most fraud investigations fail not because the suspects are smart, but because the investigators are sloppy. Suspicion is loud. The evidence is quiet. Many internal auditors shout about fraud, but when asked for proof, they mumble. And that is how cases die. The curious payment at a district health office In 2010, a young lady in her mid-20s came to our office with a case involving ghost suppliers. She was an internal auditor at a district in eastern Uganda. During her routine review of quarterly releases, she noticed that a company called “Green Mango Supplies Ltd” had been paid UGX 76 million for supplying non-pharmaceutical items. Her suspicion? She had never seen a delivery from them. Following the money — how it was done (i) The company was registered in the name of a cousin to the district procurement officer. (ii) Payments were processed using fake Local Purchase Orders (LPOs) generated during system downtimes. These were approved manually with forged signatures. (iii) The delivery notes bore stamps from the store’s department. Upon scrutiny, the stamps were traced back to a stolen pad from the sub-county headquarters. (iv) Once payment was wired, the money was withdrawn in cash across four transactions, each just under the threshold requiring second approval UGX 19 million, 18.5 million, 20 million, and 18.5 million. How the auditor nailed it (i) She retrieved the original LPOs and noted inconsistent fonts and date formats. (ii) She visited the supplier’s address. It led to a kiosk selling sugar. (iii) She requested CCTV footage from the bank. The man withdrawing the funds was the cousin, not a company representative. (iv) She flagged the audit report with these findings and submitted it to her seniors. The suspects were arrested. But here is the sad twist only UGX 4 million was recovered. The rest was long gone. Lessons in investigation Do not chase ghosts. Chase transactions. The red flags are always altered documents, unusual approvals, cash withdrawals, or too-quick payments. Always start from the system, then trace backward. Evidence is found in contradictions. If the paperwork says goods were delivered, but there is no space in the store or acknowledgment from users, that’s your first breadcrumb. From suspicion to evidence, the journey requires discipline, not drama. Investigations fail not due to a lack of leads, but because many lack the patience to follow the money. In this case, UGX 76 million vanished, but the real loss was public trust. Investigate with precision. Document everything. And never assume anything. As I always say, strategy is in the details. Unlock your investigative skills and become a reporting pro: Sign up today for our Investigation and Report Writing Course and start making an impact! Copyright IFIS 2025. All rights reserved.
The deal that nearly bought my soul – when a gunman confronted me
Every entrepreneur talks about success. But no one tells you the price tags attached. Before I pivoted to strategy, risk, and leadership, I was a fraud investigator. Few professions offer the same mix of fulfillment and adrenaline as investigations. The thrill of responding to a crime scene. Taking notes. Preserving evidence. Recording statements. Analysing facts. Developing a fraud hypothesis. Gathering proof. Interviewing suspects. And ultimately, confronting the prime suspect. It is captivating. Addictive, even. You find yourself chasing the truth relentlessly. Who did it? How? Why? The process of connecting the dots becomes an obsession. You do not rest until the whole puzzle fits together. I remember one investigation that changed everything. It was late, around 7:30 PM. I was stuck in Jinja Road traffic. Out of nowhere, a man approached my car and signalled me to lower the window. I complied, unsuspectingly. He made sure I saw the gun tucked inside his oversized jacket. “You are Mustapha? Mugisa?” he asked. “Yes,” I replied, a bit startled. “I have decided to give you a second chance,” he said coldly. “That case you are investigating the one involving fictitious SIM cards drop it. This is the last time I will warn you.” I had received many threats over the years. It comes with the territory. But this one was different. Chilling. Personal. As traffic finally began to move, the song Coward of the County echoed in my head. I laughed softly at myself in the mirror half in disbelief, half in reflection. I could not help but wonder. Did the traffic officer deliberately hold us up so that this guy could reach me? I never got the answer. I just drove off, never looking back. That night marked a turning point. I decided to lose interest in that case. I informed the client that I would no longer proceed. And over time, I began reducing my fieldwork in forensic investigations. Instead, I shifted focus to empowering companies to conduct their internal investigations and offering back-end support from our forensic lab, where clients bring in their digital devices for deep analysis. This transition opened new doors. As part of our “kitchen” work in support of investigations, Summit Consulting got the opportunity to supply and set up digital forensic labs for several government and private institutions. We built systems—trained teams. Strengthened capacity. In 2021, an East African agency advertised an international open bid to set up a modern forensic laboratory. We knew this space. We had already designed and built a top-tier, state-of-the-art forensic lab for a leading government agency in Uganda. That experience was not just solid, it was exceptional. We were ready. Hungry. And fully equipped for the next challenge. This was not just another tender. This was a career-defining opportunity. We reignited our international contacts, and together bought the bid documents, following every detail. My team was excited; you could feel it. We knew that if we nailed this, we would not just win one job. We would own the entire forensic consulting space in government, not only in Uganda but in the region. You know those ambitions of conquering the continent. The power of dreaming while awake is good. One thing caught our sharp eyes, the procuring entity had not included anti-static carpets in their plan. Anyone serious about forensic labs knows that without anti-static carpets, your sensitive lab digital forensics bulk evidence story and analyst workstations fail, or they keep failing, making the cost of ownership and lab operations very expensive. We flagged it. Offered to include it in our bid. Even showed the cost implications of the new additions, if they wanted. But we made it clear that no quality without that carpet. We submitted. Then my phone rang. Unknown number. “Is this Summit Consulting? Calling from your neighbouring country xx. Meet me. Next week. Café Javas. Will be in Kampala next week. Let us do lunch.” Now, if you are an entrepreneur, you know what that feels like. Heart racing. You think this is it. The nod. The handshake. The deal. I quickly processed an air ticket and was ready to fly out. On the day I walked in. He was already seated. Escort the car outside. Driver waiting. I could see a pistol in the jacket, casually in sight. He got straight to the point. “Your bid is good,” he said. “Boss liked it. Told us to give those guys the job. Ugandans are decent people.” My pulse shot up. Then came the real deal. “But…” he leaned closer. “Our budget is equivalent to KES 95 million. You quoted KES 35 million. Your profit?” “UGX 5 million,” I replied. He smirked. “Only that? Why not KES 25 million profit?” I played along: “Of course. Yes.” He nodded. “Good. Go revise your bid. Make it KES 93 million. You will do the work for KES 55 million. The rest KES 38 million you will give us. In cash.” Now, at that moment, my brain went into overdrive. There was no negotiation. There was no polite refusal. This man came with authority and backup. He travelled from Nairobi for this deal! I smiled. “This is excellent,” I said. “I will inform my Board Chairman and my partners in Nairobi. They have school fees to pay. I am sure they will approve.” He laughed. Patted my back. “Smart chap. We shall work well.” I walked out smiling. But inside? I was scared and disgusted. Two days later, I called him. Voice low. Disappointed. “My friend, I tried. Sat down with the Board. We voted. 3 to 2 against pursuing the deal. I fought for it. But… I’m sorry.” He replied coldly: “Your Board is not serious.” I said, “Yes. I know.” Hung up. That day, I learned something they never put in the tender documents. Ethics is not tested when it is easy. It is tested when millions are on offer. When no one is watching. And sometimes, the real profit is walking away broke, but free.
How AI can save your bank from being the next fraud headline
Dear Managers, Let me start with a simple, real-life scenario A mid-sized financial institution I will call “Bank X” approved a USD 2.1 million loan backed by “verified” land titles. Six months later, repayments stopped. The investigation revealed: fake titles, inflated land values, and a forged valuation report. All crafted by a well-connected ring of insiders and outsiders. The kicker? Everything looked legitimate. By the time Bank X woke up, the fraudsters vanished, and auditors were scrambling. Classic case of human oversight, greed, and failure to connect the dots fast enough. Now, here is the uncomfortable truth. Your institution is probably just as vulnerable. Traditional fraud detection systems depend heavily on rule-based checks, human approval, and post-incident audits. Too slow. Too predictable. Fraudsters learn the rules, bypass them, and exploit insider weaknesses. Enter Artificial Intelligence. Not hype. Not theory. Real use cases. The AI Advantage Anomaly detection in real-time AI models does not rely on static rules. They monitor thousands of transactions, account behaviours, login patterns, and more spotting subtle deviations no human eye catches. Unusual login from a new device? Large loan approval after dormant account activity? AI flags it instantly. Document forgery detection Machine learning algorithms can scan collateral document titles, valuation reports, and IDs and detect signs of tampering. Fake stamps, manipulated metadata, inconsistent fonts, signatures. AI forensic tools outperform even seasoned fraud examiners. Employee behaviour analytics Ever think to check if a loan officer is consistently approving high-risk loans? AI systems track employee patterns unusual approvals, repeated overrides, and late-hour logins alerting you to possible insider collusion. Third-party vendor risk monitoring Your fintech partners and third-party providers are weak links. AI-powered vendor risk platforms scrape data feeds, and monitor dark web chatter, regulatory actions, and financial health of partners, giving early warning signs of compromise. The fix Stop relying on audits done quarterly. Start deploying AI models that continuously learn, adapt, and flag suspicious patterns daily. Integrate AI fraud tools into every touchpoint: loan processing, mobile banking, payments, and KYC updates. Invest in AI-driven document verification systems to kill fake collateral before it gets to the loan desk. Make AI a watchdog for both customers and employees. No exceptions. Ignore this at your peril. Bank X’s US$2.1 million mistake was the price of sticking to outdated systems and assuming fraud looks obvious. It does not. Next steps: Pull your fraud risk team, IT, and senior management together. Audit every single fraud detection tool in place. Where are the gaps? Where is AI missing? Do not wait until you are the next headline. Here is how to set up AI-driven fraud detection that delivers results Buying AI tools off the shelf will not save you. It is not plug-and-play magic. For AI to deliver, it needs to be embedded deep into your institution’s workflows, with clear accountability and zero bureaucratic nonsense. Step 1: Assign ownership – make someone accountable The biggest mistake? Leaving AI to the IT department alone. Fraud prevention is a business-critical, cross-functional responsibility. Assign a Chief Fraud & Risk Officer (CFRO) or designate a Head of AI Fraud Systems, reporting directly to senior leadership. This person’s sole job integrate AI tools across every department, continuously refine models, and stay ahead of evolving fraud techniques. Step 2: Build the fraud data lake AI is only as good as the data you feed it. Start by setting up a central fraud data hub that aggregates: Transaction records Loan applications & approvals KYC documents Employee activities (logins, approvals, overrides) Vendor interactions External data (credit bureau scores, court records, blacklist databases) No silos. Break down barriers between credit, compliance, operations, and IT teams. All data flows to one source. Step 3: Deploy AI engines in specific areas You do not need to start big. Focus on high-risk, high-return areas first: Loan approval process. Train AI models to analyze past fraudulent loan patterns. Flag suspicious collateral documents, inconsistent borrower information, or unusual valuation reports in real time before approvals. Mobile & online banking. Use AI to monitor login behaviour, device fingerprints, location anomalies, and unusual fund transfers. Immediate alerts, and instant freezes on suspicious accounts. Employee behaviour analytics. Deploy AI to track patterns in which officers approve risky loans too fast. Which back-office staff consistently override controls? AI sends risk reports to CFRO weekly. No one is untouchable. Vendor monitoring. Integrate third-party AI platforms that scan your vendors’ financial stability, regulatory compliance, cyber vulnerabilities, and news feeds. Flag at-risk service providers early. Step 4: Human-in-the-loop – define clear roles AI does not replace people. It empowers them. Define sharp, no-fluff roles: Branch Managers. Get real-time fraud risk dashboards daily. Every branch’s suspicious activities are flagged, along with accountability to act immediately. Loan Officers. Cannot override AI alerts without escalation to CFRO. All overrides are logged and reviewed quarterly. Compliance & Internal Audit. Get AI-generated anomaly reports weekly. Their job: audit flagged cases, investigate, close or escalate. Senior Executives. Receive monthly AI fraud trend reports. Decisions around policy adjustments, product redesign, or process reengineering are based on actual AI findings, not intuition. Step 5: Continuous model training and feedback loop Fraud evolves. AI models must evolve too. Set up a dedicated AI Feedback Taskforce a mix of data scientists, fraud analysts, IT, and business unit reps. Every confirmed fraud incident is fed back into the model. Models retrain monthly, improving detection rates. Step 6: Don’t forget explainability Regulators will come knocking. Make sure your AI systems provide clear, traceable reasons why a transaction or document was flagged. AI shouldn’t be a black box. If you are still relying on post-event audits, you are dead in the water. AI done right is proactive, predictive, and unforgiving to fraudsters. But you need leadership commitment, clear roles, data visibility, and ruthless follow-through. Who in your bank is responsible for embedding AI fraud detection in every process? If no name comes to mind immediately, that is your first weakness. Fix it before the fraudsters find it. Yours, Institute of Forensics & ICT Security
Why your fraud investigations are still stuck in the stone age (and how AI & Data Analytics are fixing it)
Dear Assurance Manager, Let me pull back the curtain on a real case. A financial institution processed over 300 mobile money withdrawals from dormant accounts within 48 hours. Each withdrawal was small enough to fly under the manual threshold radar. Internal audit flagged it weeks later during their quarterly routine. Too late. The money was long gone, the insiders who coordinated it had vanished, and management had to scramble for explanations. Typical scenario, right? Here is how it plays out Most fraud investigations today are reactive, painfully slow, and entirely reliant on hindsight. You audit after the damage. You manually review transactions after suspicious behaviour has already cascaded. You are fighting yesterday’s battle. That is not how fraud works anymore. The game has changed. AI and data analytics are flipping the script. The banks winning the fraud war aren’t waiting for audit cycles they are using real-time AI models and predictive data insights to hunt fraud before it even matures. Let me show you how. Case closed BEFORE fraud even matures: Use cases of AI & analytics Pattern recognition beyond human capacity AI systems analyze millions of data points across accounts, devices, transactions, and behaviour logs. They find micro-patterns humans can not: Multiple small transactions designed to avoid thresholds? Flagged instantly. Same mobile phone IMEI used across different account holders? AI picks it up. The same device used to approve loan applications and process disbursements? A suspicious link was spotted. The outcome was fraudulent chains are broken early before funds vanish. Network analysis busting insider collusion Let us stop pretending insiders always act alone. AI-powered link analysis tools visualize hidden relationships between employees, vendors, and customers. Example: The loan officer approves three different loans, all backed by collateral verified by the same third-party vendor, all default within months. AI maps this and reveals unusual ties. The investigation starts before the defaulted loans pile up. Natural Language Processing (NLP) for document tampering Forget manual document reviews. AI systems with NLP scan submitted land titles, business registration documents, and IDs, comparing against known templates: Slight font inconsistencies? AI detects. Metadata manipulations? AI catches. Same photo used in different applications? AI flags. Fraudulent paperwork does not make it past the gate. Employee behaviour analytics Your biggest threat is not always external. AI models track login patterns, approval speed, and override frequency: An employee logging in at odd hours to access dormant accounts? Repeatedly overriding KYC protocols? AI builds risk scores per staff member. Suspicious trends bubble up. You do not need to wait for whistleblowers. Predictive risk scoring do not just look backwards Here is where data analytics truly shines. You stop looking at past fraud cases and start predicting who might commit fraud next. Example: Customers opening multiple accounts, maintaining low balances, suddenly requesting large loans? Vendors repeatedly late in delivering services, requesting advance payments? Your systems predict risk, not react to loss. The real shift stop investigating fraud like it was in 1999 Here is my challenge to you: How many cases is your institution investigating weeks after the fraud? How many could be prevented if you applied AI and analytics now not after the fact? AI does not replace investigators. It turns them into hunters, not janitors cleaning up messes. Actionable next steps: Integrate real-time AI pattern recognition in transaction monitoring. Assign your data team to implement link analysis to expose insider collusion. Equip fraud investigators with dashboards powered by predictive analytics. Automate document verification using NLP tools. Make employee behaviour analytics part of monthly risk reporting. If your fraud team’s biggest tool is Excel, you’ve already lost. Change the playbook. Let AI do the heavy lifting. Yours in strategy, Mr Strategy Institute of Forensics & ICT Security
