Crisis of Insider Complicity in Nigeria’s Financial Sector

Unexplained debits often signal insider fraud in Nigerian banks, as trusted hands quietly move billions from customer accounts, writes Festus Akanbi

Somewhere between the polished marble floors of Nigeria’s banking halls and the sleek interfaces of mobile banking apps, a silent heist is unfolding, not by masked intruders, but by the very custodians entrusted with safeguarding depositor funds.

When customers complain of mysterious deductions, of failed reversals that never return, of savings vanishing into thin air, they are often confronting the aftermath of a betrayal from within. The numbers are staggering, the methods brazen, and the human cost incalculable.

The financial hemorrhaging has reached epidemic proportions. Reports say Nigerian banks lost N52.26 billion to fraud in 2024 alone, representing a catastrophic 350% increase in losses over five years. Yet this headline figure masks a more sinister reality: while fraud incidents actually decreased in volume, the sophistication and severity of attacks have intensified. The perpetrators are no longer faceless hackers operating from distant servers; they are employees with staff IDs, names on payroll, and authorised access to the beating heart of banking infrastructure.

Consider the anatomy of the heist in Bank A (names withheld), a case study in institutional vulnerability. Wahab Adeyinka (not real name), a staff member in the electronic products team, exploited his legitimate access to process failed reversals, a routine function designed to help customers. Instead, he weaponised this trust, crediting merchant accounts with money that did not belong to them. The funds flowed first to his wife, Zainab’s account at a Nigerian bank, then cascaded through 34 intermediary accounts before dispersing into 1,190 secondary accounts across multiple institutions.

By the time the bank reported the breach to the Nigeria Police Force on March 25, 2024, the damage had metastasised from N12 billion to N40 billion.

Adeyinka vanished, but the paper trail remained. Court orders across Lagos and Jalingo froze accounts. Authorities recovered N1.17 billion, £35,070, and $392,818, alongside a property portfolio that reads like a real estate developer’s dream: plots in Itunu City, Lekki Peninsula, Amen Estate, and Abuja’s Life Camp. These were not the assets of a middle-class banker; they were the spoils of a systematic plunder of depositor funds. The recovery, while significant, represents mere crumbs from a feast that left thousands of customers financially devastated.

The Bank A case is not an aberration; it is a template. At a regional bank, three employees: Samuel Ihechukwu Asiegbu, Fabian Chizaram Onyeimachi, and Kingsley Kelechi Ejim, allegedly conspired with four external accomplices to manipulate internal banking data in January 2025. Their scheme diverted N8.5 billion through altered transaction records, exploiting the bank’s own infrastructure against it. When the EFCC arraigned the suspects before Justice Daniel Osiagor at the Federal High Court in Ikoyi, the charges painted a picture of institutional rot: insiders tampering with systems they were paid to protect.

The data tells a story of escalating internal complicity. The Nigeria Deposit Insurance Corporation (NDIC) first raised the alarm in 2018, documenting that fraud cases involving internal staff abuse surged from 231 in 2016 to 320 in 2017,  38.53% increase. That year, 26,182 fraud cases were reported across 26 banks, with internet and ATM-related fraud constituting 92.68% of incidents. While banks terminated 320 employees for fraud in 2017, the losses persisted, suggesting that dismissal alone is an insufficient deterrent.

The Financial Institutions Training Centre (FITC) Q1 2025 report reveals the evolution of this threat. While employee-related fraud cases declined to 63 in Q1 2025 (from 91 in Q4 2024), and terminations dropped to 23 staff members, the financial impact of each incident has grown exponentially. Banks lost N3.3 billion in Q1 2025 alone, a 137% increase from the previous quarter, despite 33.8% fewer reported cases. Fraud through bank branches, a channel requiring insider access, spiked to nearly N8 billion. The pattern is clear: fewer attacks, but far more devastating ones.

What enables this looting? The answer lies in obsolete governance structures. As financial analyst Chukwudi Izuchukwu observes, “If your system allows any single person to trigger financial transactions without a second approval layer, that is your vulnerability. Segregation of duties is not bureaucracy. It is what stands between your system and N40 billion walking out the door.” Yet Nigerian banks continue to operate with lax internal controls, single points of failure, and inadequate real-time monitoring.

The human toll transcends statistics. Behind every N40 billion heist are pensioners whose life savings evaporated, small business owners unable to pay suppliers, students unable to pay tuition fees, and families unable to access medical care. When a privileged staffer exploits a reversal function, they are not merely moving digital numbers; they are erasing futures. The “multiple deductions” customers face is often not a system glitch; it is the withdrawal slips of an insider economy feeding on depositor trust.

Regulatory responses have been reactive rather than preventive. The Central Bank of Nigeria’s 2024 risk-based cybersecurity frameworks and the integration of BVN with NIN represent necessary but insufficient measures. The EFCC’s recovery of N9.7 billion, N6.7 billion, and N3.7 billion in separate operations demonstrates enforcement capacity, but recovery is not prevention. By the time funds are traced to cryptocurrency conversions or real estate acquisitions, the original victims remain uncompensated.

The banking sector stands at an inflection point. The ongoing bank’s recapitalisation offers an opportunity to mandate security infrastructure investments alongside capital adequacy. But capital without governance is merely more money to steal.

Banks must implement mandatory dual-authorisation for high-risk transactions, AI-driven anomaly detection, and rotating access protocols that prevent any single employee from becoming a N40 billion vulnerability.

For customers, vigilance is essential but insufficient. When the threat emanates from within the fortress, no amount of password complexity or OTP protection can safeguard deposits. The burden of security must shift from individual depositors to institutional accountability. Banks must be compelled to disclose fraud incidents transparently, compensate victims promptly, and submit to independent security audits.

The alternative is the erosion of Nigeria’s digital banking gains. With POS transactions reaching N18 trillion in 2024 and mobile banking penetration at 80%, the infrastructure for financial inclusion is in place. But as the 2024 Nigeria Consumer Protection Survey found, nearly one in four digital financial service users experienced fraud or hidden charges, with only half pursuing formal complaints due to eroded confidence in redress mechanisms.

When depositors cannot trust their banks to protect them from their own employees, the foundation of financial intermediation crumbles. The N52.26 billion lost in 2024 is not merely a cost of doing business; it is a tax on trust, a penalty for inadequate governance, and a measure of institutional failure. The vaults are not being breached from the outside. The keys are already inside, and the clock is ticking.