On 4th September 2023, leaders at the agribusiness cooperative approved a UGX 280 million loan to a long-standing distribution partner. The justification was simple: the partner had been with them for 11 years, always paid on time, and was “part of the family.”
The loan committee barely glanced at the due diligence report. The risk appetite for such lending was generous; in fact, the board often praised management for “trusting our partners” instead of “wasting time with too many checks and balances.”
By December, the partner had defaulted. Attempts to trace the funds revealed something chilling: the money hadn’t gone into expanding distribution capacity. It had vanished into a coordinated fraud scheme that had been set up months before.
What looked like an act of business generosity was, in reality, a textbook case of risk blindness, the point where an organization’s tolerance for risk turns into an inability to see it at all.
Summit Consulting Ltd was brought in after a junior accountant, frustrated by the lack of progress in recovering the debt, sent an anonymous tip to the board chair: “You need to look inside, not outside.”
The boardroom split
When we arrived, the leadership was sharply divided. The CEO and a few directors insisted this was just a “business risk gone wrong”, a bad loan, nothing more. Others, particularly the audit committee, suspected internal collusion.
The tension was almost physical in that boardroom. On one side, senior executives are defending their decision-making; on the other, internal audit and compliance officers are insisting the loss was avoidable.
The phrase “risk appetite” was being thrown around like a shield. But as we dug deeper, it became clear this wasn’t about appetite; it was about blindness.
How the scheme was engineered
- a) The perfect storm of trust and process gaps
Suspect 1, the cooperative’s head of credit, had been with the organization for over a decade. Known for his “relationship management skills,” he often skipped formal vetting for long-time partners, arguing it was a waste of resources.
Suspect 2, the director of the distribution partner, had deep personal ties to Suspect 1. Their families had attended weddings together, and they were co-investors in a small real estate venture in Mukono.
When Suspect 2 proposed the UGX 280 million “expansion loan,” Suspect 1 bypassed several standard steps: no updated credit risk assessment, no collateral verification, and no cash flow projections. Instead, he prepared a glowing internal memo recommending immediate approval.
- b) The paper trail illusion
The loan documentation was immaculate, contracts signed, disbursement schedules approved, and even bank guarantees attached. But the guarantees were forged. The “issuing bank” stamp was a near-perfect imitation, created by a contact of Suspect 2 in Kampala’s backstreet printing trade.
- c) Moving the money
Once disbursed, the UGX 280 million moved fast. Within 24 hours, UGX 50 million was withdrawn in cash at a bank branch in Jinja. The withdrawals were made in tranches of UGX 9.9 million to stay under reporting thresholds.
From there, the cash was split into three channels:
- UGX 120 million was converted into USD through forex dealers in Kikuubo and sent to a Dubai-based electronics supplier, payment for high-end gadgets that would later be sold locally for cash.
- UGX 80 million was sent via mobile money to 14 different numbers registered under various names, then withdrawn in rural districts in Busoga to avoid detection.
- UGX 30 million went directly into Suspect 1’s real estate project account in Mukono, disguised as “investor contributions.”
The red flags that should have sounded the alarm
A basic risk review would have caught several glaring anomalies:
- The borrower’s financial statements were six months out of date.
- The collateral offered, a warehouse in Iganga, was already mortgaged to another lender.
- The bank guarantee was printed on paper stock not used by the alleged issuing bank.
But in a culture of “we know our partners,” these red flags never made it to the decision table.
How the auditor spotted the cracks
Ironically, the fraud wasn’t discovered by the risk team. It was uncovered by an external auditor reviewing year-end loan classifications. The auditor noticed that the loan had been disbursed without any updated credit scoring, contrary to the cooperative’s lending policy.
Digging further, the auditor found that the loan approval memo came exclusively from Suspect 1, with no evidence of independent review. This triggered a direct report to the board’s audit committee, which in turn called in Summit Consulting.
Our first step was to follow the money. We obtained court orders for bank statements, mobile money transaction histories, and forex dealer records.
The forex trail led us to a warehouse in Nakulabye, where electronics worth an estimated UGX 140 million were stored, goods imported from Dubai using the diverted funds.
The mobile money trail was more complex. The SIM cards used were registered in the names of boda boda riders, market vendors, and even deceased individuals, classic “layering” to make tracing harder. But cross-referencing withdrawal points with CCTV footage revealed that the same two individuals collected most of the cash: Suspect 2’s younger brother and a former cooperative cashier who had resigned two years earlier.
The smoking gun was the UGX 30 million “investment” into Suspect 1’s property project. Bank records showed the money entering his account just days after the loan disbursement.
The internal controls that failed
This wasn’t just a case of a bad actor. It was a failure of governance and risk oversight:
- Risk appetite misunderstood: The board allowed high-trust relationships to bypass established due diligence.
- Segregation of duties ignored: Suspect 1 could recommend, approve, and oversee disbursement without independent checks.
- Collateral verification absent: No site visits or title searches were conducted.
- No post-disbursement monitoring: The cooperative never tracked whether funds were used for their stated purpose.
The total confirmed loss was UGX 280 million. Recovery efforts through asset seizures are ongoing, but early indications suggest that less than 40% will be recovered.
The cooperative has since suspended Suspect 1, terminated the partner relationship, and overhauled its credit policies. Summit Consulting has implemented new risk controls, including:
- Independent verification of all collateral
- Dual approval for all loans above UGX 50 million
- Quarterly partner reviews, even for long-standing clients
- Mandatory risk training for all loan officers
Risk appetite is about knowing how much risk you are willing to take, with eyes wide open. Risk blindness is when you walk into danger convinced it can’t harm you because you’ve been safe before.
In this case, years of trouble-free dealings created a dangerous complacency. Internal controls were seen as optional for “trusted” partners. That misplaced trust cost the cooperative nearly a third of its annual profit.
In Uganda’s fast-growing but trust-heavy business culture, this is not an isolated case. It’s a warning: your biggest losses will not come from risks you accept knowingly, but from the ones you never bother to see.
