In the banking industry, dormant accounts are often viewed as low-risk repositories of forgotten savings. But a recent court case has exposed how such accounts can become prime targets for fraudsters when insiders allegedly exploit their privileged access to bypass internal controls.
The case involves a former Co-operative Bank Relationship Manager Amos Bett Koech, whose dismissal has now been upheld by the Employment and Labour Relations Court after the lender linked him to a scheme involving the suspicious reactivation of dormant customer accounts, including one belonging to a deceased client.
However, the crimes were committed undetected through bypassing the bank’s security firewalls while he was still in active service before his dismissal in November 2020.
Court documents paint a troubling picture of how Koech collaborated with fraudsters to gain access to accounts that had remained inactive for years, opening the door for potential theft of customer funds. Koech, who was attached to the bank’s Diaspora Banking Unit, was accused of facilitating the revival of dormant accounts using forged documents supplied by individuals posing as legitimate account holders.
Among the most startling revelations was the use of a fake prison discharge certificate to explain inactivity on one of the targeted accounts. According to evidence presented before the court, fraudsters sought to reactivate an account belonging to a deceased customer by presenting documents designed to convince bank officials that the account holder had been incarcerated for years and had only recently been released.
Investigators later established that the account holder was dead. The bank told the court that Koech played a key role in facilitating communication with branch officials and helping push through the reactivation process despite glaring red flags.
One of the incidents involved Koech at the bank’s Kimathi Street branch, where the dormant account was allegedly revived after interactions involving individuals later identified as impostors.
Another account at the Kariobangi branch was similarly activated before becoming the target of unauthorised transactions.
What alarmed investigators most was not merely the forged documentation but the alleged abuse of internal system privileges. Audit trails generated from the bank’s information systems reportedly showed Koech accessing customer accounts that were unrelated to his assigned duties.
The access logs became a critical piece of evidence during internal investigations and subsequent court proceedings. Bank investigators argued that the pattern of account access could not be explained by his official responsibilities and suggested deliberate efforts to obtain sensitive customer information.
During cross-examination, Koech admitted that he had accessed accounts that did not fall within his mandate, an act that violated the bank’s confidentiality policies and code of conduct.
The revelations underscore a growing concern within the financial sector: insider-assisted fraud.
While banks invest billions of shillings in cybersecurity systems designed to keep external hackers at bay, experts increasingly warn that some of the greatest dangers come from individuals already inside the system, armed with knowledge, access and the ability to make fraudulent transactions appear legitimate.
Unlike cybercriminals operating from outside a bank’s network, insiders often know where security loopholes exist, how dormant accounts are managed and which approval processes can be manipulated.
Investigators believe dormant accounts are particularly attractive to fraudsters because they often belong to customers who no longer actively monitor transactions or, in some cases, deceased individuals whose estates have not been fully administered. Such accounts can remain untouched for years, making fraudulent activity harder to detect.
Following internal investigations, Co-operative Bank initiated disciplinary proceedings against Koech, issuing him with a show-cause letter before convening a disciplinary hearing. The bank subsequently terminated his employment in November 2020.
Unhappy with the decision, Koech moved to court seeking compensation for unfair dismissal, payment of gratuity and reinstatement of his banking privileges. He denied wrongdoing and argued that the bank had unfairly linked him to fraudulent activities. However, the court sided with the lender.
In its judgment, the court held that Co-op Bank had established a valid and fair reason for dismissing the employee. “The court is satisfied that suspicion of fraud in a banking environment, supported by audit logs and internal investigation findings, constitutes a valid and fair reason for dismissal,” the judge ruled.
The court further found that the bank had followed due process by allowing Koech an opportunity to respond to the allegations and pursue an appeal before his dismissal.
In a further setback, the court also allowed the bank’s counterclaim and ordered the former employee to repay an outstanding staff loan amounting to Sh2.9 million together with contractual interest.
The case serves as a stark reminder of the vulnerabilities facing financial institutions in the digital age.
While technology continues to strengthen banking security, the Co-op Bank case demonstrates that sophisticated fraud schemes do not always begin with hackers breaching firewalls from the outside. Sometimes, investigators say, the greatest danger comes from individuals already inside the system, armed with knowledge, access and the ability to make fraudulent transactions appear legitimate.
For customers are advised to regularly monitor their account activities since it may be the first line of defence against fraud, particularly where dormant or rarely used accounts are concerned.
There's no story that cannot be told. We cover the stories that others don't want to be told, we bring you all the news you need. If you have tips, exposes or any story you need to be told bluntly and all queries write to us [email protected] also find us on Telegram
