When the previous CEO of FirstBank resigned abruptly, like a janitor who comes to work and quits the same day, without the months-long notice we typically expect from bank leaders, I sensed something was amiss. I wrote, “I just hope it is well with him and his family as bank leaders do not resign like janitors with no notice! But if it is for another career opportunity, good luck to him.”
When they replaced him with a risk leader, I speculated that something significant and possibly problematic had occurred: “That said, we can extrapolate that it is possible that the last CEO left due to risk/compliance-related matters; I had expressed my shock that he resigned like a janitor, since you do not expect bank chiefs to come to work, resign, and stop work that same day.”
Today, we are learning about a significant fraud that has been unfolding for two years, costing the bank N44 billion.
According to TechCabal, “First Bank, Nigeria’s oldest bank, has suffered a massive fraud thought to be worth as much as N40 billion after an employee at a Lagos branch allegedly diverted funds in a scheme that went undetected for almost two years.”
This is unfortunate for a bank renowned for its excellence. It seems likely that this fraudster managed to bribe the internal control (ICU) and inspection units of the bank, preventing them from accurately reconciling mandates with actual value over time. Typically, at the end of each banking day, the IT unit generates End of Day reports, and the ICU and Inspection units use these reports to reconcile the bank’s general ledger with customer instructions (both paper and digital). These fraudulent reversals should have been flagged as there were no corresponding customer transaction instructions.
It is baffling that FirstBank could fall victim to such a fraud. As an entry-level IT staff member at Diamond Bank, I used to work overnight to print these reports. Early in the morning, courier companies would pick up the reports to distribute them to all branches for their control teams to reconcile. The ICU’s job was straightforward: verify the entry against the customer instruction, and if there was no instruction, raise a flag.
FirstBank should thoroughly review its books. Losing N40 billion should have caused discrepancies in the End of Month and End of Year reports in the general ledger. This suggests that someone was manipulating the general ledger entries to prevent these deviations from appearing in the reports. This highlights the importance of the systems automation unit, or any core unit in banks responsible for backend ledger postings.
In conclusion, the fraud at FirstBank is a severe blow to its reputation for excellence. The bank must investigate thoroughly to understand how such a significant breach could occur and implement stronger controls to prevent future incidents.