FRAUD AND OTHER FINANCIAL MALPRACTICES IN THE NIGERIAN BANKING SYSTEM: A STUDY OF SELECTED BANKS IN NIGERIA

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study

The Nigerian banking system has undergone significant transformation over the past three decades, evolving from a predominantly state-controlled and fragmented industry to a consolidated, private-sector-driven, and technology-enabled financial ecosystem. This transformation, driven by regulatory reforms such as the banking consolidation exercise of 2005 (which increased the minimum capital base from N2 billion to N25 billion) and the ongoing adoption of digital banking platforms, has positioned Nigerian banks as key drivers of economic growth and financial inclusion. However, alongside these positive developments, the banking system has remained persistently vulnerable to fraud and other financial malpractices, which undermine depositor confidence, erode shareholder value, and threaten the stability of the entire financial system (Sanusi, 2019; CBN, 2020).

Fraud in the banking industry refers to deliberate acts of deception, misrepresentation, or concealment designed to obtain unlawful financial gain from the bank or its customers. Financial malpractices encompass a broader range of unethical and illegal activities, including insider abuse, money laundering, forgery, cheque kiting, unauthorized lending, outright theft of bank funds, and computer-based fraud such as phishing, identity theft, and cyberattacks on banking infrastructure. The Nigeria Deposit Insurance Corporation (NDIC) classifies bank fraud into internal fraud (perpetrated by bank staff), external fraud (perpetrated by customers or third parties), and collusion between insiders and outsiders (NDIC, 2021). Regardless of the classification, the consequences are uniformly damaging: financial losses, regulatory sanctions, reputational damage, and loss of public trust.

The prevalence of fraud in the Nigerian banking system is alarmingly high. According to the NDIC 2021 Annual Report, Nigerian banks reported a total of 45,987 fraud cases in 2021 involving a total sum of N12.7 billion, with actual losses amounting to N5.6 billion. This represented a 67% increase in the number of reported fraud cases compared to 2020. The most common fraud types included fraudulent withdrawals (35% of cases), internet banking fraud (22%), and unauthorized credits (15%). The NDIC further noted that insider involvement was implicated in over 40% of the reported cases, highlighting the critical role of employee integrity and internal controls in fraud prevention (NDIC, 2021).

The historical antecedents of bank fraud in Nigeria can be traced to the banking crises of the 1990s and early 2000s, which were characterized by widespread insider abuse, mismanagement, and outright fraud. The failed banks of the 1990s—such as African Continental Bank, Pan African Bank, and Societe Generale Bank of Nigeria—collapsed largely due to reckless lending to directors and their cronies, fraudulent loan write-offs, and outright diversion of depositors’ funds. These crises necessitated the creation of the NDIC in 1988 and the strengthening of the Central Bank of Nigeria’s (CBN) regulatory powers. Despite these interventions, fraud has proven resilient, adapting to new technologies and regulatory regimes (Ogbu, 2020; Nwankwo, 2019).

The causes of fraud in the Nigerian banking system are multifaceted. Economic factors include low salaries and remuneration for bank staff relative to the cost of living, creating incentives for employees to supplement their income through illicit means. According to the Fraud Triangle Theory (Cressey, 1953), which remains relevant today, fraud occurs when three conditions are present: perceived pressure (financial need), perceived opportunity (weak internal controls), and rationalization (justification of the act as acceptable). In Nigerian banks, low pay creates pressure, weak internal controls (or management override of controls) create opportunity, and a culture of impunity facilitates rationalization (Ibrahim and Shehu, 2020).

Organizational factors also contribute significantly to bank fraud. Weak internal control systems, including inadequate segregation of duties, poor supervision, lack of independent internal audit, and management override of controls, provide opportunities for fraud. In many Nigerian banks, the pressure to meet aggressive performance targets has led to a culture where “results at any cost” prevails, and whistleblowers are punished rather than rewarded. Furthermore, the high turnover of bank staff, particularly in junior and mid-level positions, means that institutional memory is lost, and background checks may not be thorough (Okonkwo and Eze, 2021).

Technological factors have introduced new dimensions to bank fraud. The rapid adoption of internet banking, mobile banking, Automated Teller Machines (ATMs), and Point of Sale (POS) terminals has expanded the attack surface for fraudsters. Cybercriminals use phishing emails, malware, social engineering, and ATM skimming devices to compromise customer accounts. In 2021 alone, Nigerian banks reported over 10,000 cases of electronic fraud, with losses exceeding N2 billion. The COVID-19 pandemic accelerated digital adoption, but also created new opportunities for fraud as bank staff and customers worked remotely, reducing the effectiveness of traditional controls (Adedayo and Ogunleye, 2020; CBN, 2021).

Regulatory factors play a dual role. On one hand, the CBN and NDIC have issued numerous directives and guidelines to combat fraud, including the “Know Your Customer” (KYC) requirements, the Bank Verification Number (BVN) system, the Treasury Single Account (TSA), and the Enhanced Customer Due Diligence framework. On the other hand, regulatory gaps remain, including inconsistent enforcement of sanctions against erring banks and staff, the slow pace of prosecution of fraud cases, and the lack of a centralized database of fraudulent bank employees across the industry. The absence of a deterrent effect means that the expected cost of committing fraud is low, while the potential gain is high (Sanusi, 2019).

The consequences of bank fraud extend far beyond the direct financial losses reported to regulators. When a bank suffers significant fraud, it may face a liquidity crunch, leading to inability to meet withdrawal requests from depositors. In extreme cases, such as the 2009 banking crisis where eight banks were bailed out by the CBN, systemic fraud can trigger a collapse of public confidence in the entire banking system, leading to bank runs and contagion to other financial institutions. Shareholders lose value, depositors may lose their savings (though the NDIC insures deposits up to N500,000 per depositor per bank), and the economy suffers as credit dries up (Ogbu, 2020).

The Nigerian banking system has also been implicated in money laundering and terrorist financing, which are forms of financial malpractices with global security implications. Banks that fail to maintain adequate internal controls over customer due diligence and transaction monitoring can become conduits for illicit funds. The Financial Action Task Force (FATF) has placed Nigeria on its “grey list” at various times due to deficiencies in the country’s anti-money laundering and counter-terrorism financing framework. Banks, as the gatekeepers of the financial system, have a critical role in detecting and reporting suspicious transactions. Weak internal controls in this area expose banks to regulatory fines, legal sanctions, and reputational damage (FATF, 2020; Nwankwo, 2019).

The role of internal audit and compliance functions in preventing and detecting bank fraud cannot be overstated. An effective internal audit function provides independent assurance to the board and management that internal controls are adequate and functioning. Similarly, the compliance function ensures that the bank adheres to all relevant laws, regulations, and internal policies. However, in many Nigerian banks, internal audit and compliance units are understaffed, underfunded, and lack the independence required to report misconduct objectively. Internal auditors may be pressured by management to “soft-pedal” on sensitive findings, or they may lack the technical skills to detect sophisticated electronic fraud (Bamidele and Okafor, 2020).

Fraud detection technologies have evolved significantly, offering banks powerful tools to identify suspicious transactions in real time. These include rule-based systems (e.g., flagging transactions above a certain threshold), anomaly detection algorithms (e.g., identifying unusual patterns of behavior), machine learning models that adapt to new fraud typologies, and biometric authentication systems (fingerprints, facial recognition) that reduce the risk of identity theft. Many Nigerian banks have invested in such technologies, yet fraud persists. The challenge is not merely the availability of technology, but its proper implementation, integration with other systems, and the availability of skilled personnel to interpret and act on alerts (Adeyemi and Oluwafemi, 2021).

The human element remains the weakest link in fraud prevention. Despite investments in technology, many fraud incidents involve social engineering—tricking bank employees or customers into revealing confidential information. For example, a fraudster may call a bank teller pretending to be a senior manager and request a funds transfer without proper authorization. Or a customer may be deceived by a phishing email that mimics the bank’s website and enters their login credentials. Training bank staff and educating customers on fraud awareness is therefore as important as technical controls. However, many Nigerian banks allocate insufficient resources to fraud awareness training (Eze and Okonkwo, 2020).

The case of selected banks in Nigeria for this study includes both tier-1 banks (e.g., First Bank, Zenith Bank, UBA, GTBank, Access Bank) and tier-2 banks (e.g., Fidelity Bank, Union Bank, FCMB, Sterling Bank, Wema Bank), as well as some regional banks. These banks represent a cross-section of the industry in terms of size, ownership structure, customer base, and geographic coverage. By studying multiple banks, the research aims to identify common fraud vulnerabilities, best practices in fraud prevention, and areas where industry-wide collaboration is needed (Nnadi and Okoro, 2021).

The banking industry has responded to the fraud challenge through various initiatives. These include the establishment of the Financial Institutions Training Centre (FITC) which provides fraud awareness training, the Bankers’ Committee’s adoption of the “Staff Background Check System” (SBCS) to screen new hires for prior involvement in fraud, the Whistleblower Protection Policy of the Federal Government, and the deployment of the BVN which links all bank accounts to a single biometric identifier, making it harder for fraudsters to open multiple accounts with false identities. Despite these measures, the persistent rise in reported fraud cases suggests that existing strategies are insufficient (CBN, 2021).

Therefore, this study is motivated by the urgent need to understand the nature, causes, consequences, and control mechanisms for fraud and other financial malpractices in the Nigerian banking system. By focusing on selected banks, the study will generate empirical evidence on the effectiveness of current fraud prevention strategies, the role of internal controls and internal audit, the impact of technology on fraud (both as a facilitator and as a control), and the regulatory and legal responses to banking fraud. The findings will inform policy recommendations for banks, regulators, and lawmakers to strengthen the banking system’s resilience against fraud.

1.2 Statement of the Problem

Despite the implementation of numerous regulatory reforms, technological investments, and internal control mechanisms, fraud and other financial malpractices remain endemic in the Nigerian banking system. The NDIC (2021) reported over 45,000 fraud cases in a single year, with actual losses exceeding N5.6 billion. This represents not only direct financial losses to banks and their customers but also significant indirect costs including regulatory fines, reputational damage, legal expenses, and the diversion of management attention from core banking activities. The persistence of fraud suggests that current prevention and detection strategies are inadequate.

A major dimension of the problem is the high rate of insider involvement. The NDIC (2021) reported that bank staff were implicated in over 40% of fraud cases, often in collusion with external fraudsters. This insider dimension points to weaknesses in internal control systems, including inadequate segregation of duties, poor supervision, ineffective internal audit, and the ability of senior management to override controls. It also raises questions about the effectiveness of employee background checks, integrity testing, and the deterrent effect of disciplinary actions or prosecution.

Another critical dimension is the rising tide of electronic fraud (e-fraud). As Nigerian banks increasingly adopt digital channels (internet banking, mobile apps, USSD, POS terminals), fraudsters have followed, exploiting vulnerabilities in both technology systems and human behavior. E-fraud cases have grown exponentially, with cybercriminals using phishing, malware, social engineering, and ATM skimming to compromise customer accounts. Many banks lack real-time fraud monitoring systems, and even where such systems exist, they generate high false-positive rates, leading to alert fatigue and missed genuine fraud attempts (Adedayo and Ogunleye, 2020).

The problem is further compounded by weak enforcement and prosecution. Despite the existence of laws such as the Failed Banks (Recovery of Debts) and Financial Malpractices in Banks Act, the Money Laundering (Prohibition) Act, and the Cybercrimes (Prohibition, Prevention, etc.) Act, the rate of successful prosecution of bank fraudsters remains low. Cases take years to resolve, and convicted offenders often receive light sentences that do not deter others. The absence of a centralized, real-time database of fraudulent bank employees across the industry means that an employee dismissed from one bank for fraud can easily be hired by another bank (Nwankwo, 2019).

Furthermore, there is a gap in the literature regarding the effectiveness of specific fraud control mechanisms in the Nigerian context. While many studies have examined the causes of bank fraud, fewer have empirically tested the relationship between specific internal control components (e.g., control environment, risk assessment, control activities, monitoring) and the incidence of fraud. Similarly, the role of internal audit independence, board oversight, and whistleblowing mechanisms in reducing fraud has not been rigorously studied using data from Nigerian banks. This study aims to fill that gap.

Therefore, the problem this study addresses is: What are the causes, types, consequences, and control mechanisms for fraud and other financial malpractices in the Nigerian banking system, and how effective are current internal control and audit mechanisms in preventing and detecting such frauds? This study, through an empirical investigation of selected banks in Nigeria, seeks to provide evidence-based answers to this question and to recommend practical solutions to reduce the incidence of fraud.

1.3 Aim and Objectives of the Study

The aim of this study is to critically examine fraud and other financial malpractices in the Nigerian banking system, using selected banks in Nigeria as a case study, and to recommend effective prevention and detection strategies.

The specific objectives are to:

1. Identify the types and nature of fraud and financial malpractices prevalent in selected Nigerian banks.
2. Determine the causes (economic, organizational, technological, and regulatory) of fraud in the Nigerian banking system.
3. Assess the effectiveness of current internal control systems in preventing and detecting fraud in selected Nigerian banks.
4. Evaluate the role of internal audit, board oversight, and compliance functions in fraud risk management.
5. Examine the relationship between internal control effectiveness and the incidence of fraud in Nigerian banks.
6. Propose a comprehensive fraud prevention and detection framework for Nigerian banks based on empirical findings.

1.4 Research Questions

The following research questions guide this study:

1. What are the most prevalent types of fraud and financial malpractices in selected Nigerian banks?
2. What are the major causes (economic, organizational, technological, and regulatory) of fraud in the Nigerian banking system?
3. How effective are the internal control systems of selected Nigerian banks in preventing and detecting fraud?
4. What is the role of internal audit, board oversight, and compliance functions in fraud risk management in Nigerian banks?
5. What is the relationship between the strength of internal control components (control environment, risk assessment, control activities, information and communication, monitoring) and the incidence of fraud in Nigerian banks?
6. What comprehensive fraud prevention and detection framework can be developed for Nigerian banks based on empirical evidence?

1.5 Research Hypotheses

The following null (Ho) and alternative (Ha) hypotheses are formulated for testing at a 0.05 level of significance:

Hypothesis One (Internal Control Environment and Fraud Incidence)

• Ho₁: There is no significant relationship between the strength of the control environment (integrity, ethical values, management philosophy) and the incidence of fraud in selected Nigerian banks.
• Ha₁: There is a significant relationship between the strength of the control environment and the incidence of fraud in selected Nigerian banks.

Hypothesis Two (Internal Audit Independence and Fraud Detection)

• Ho₂: The independence of the internal audit function does not have a significant effect on the rate of fraud detection in selected Nigerian banks.
• Ha₂: The independence of the internal audit function has a significant effect on the rate of fraud detection in selected Nigerian banks.

Hypothesis Three (Segregation of Duties and Fraud Prevention)

• Ho₃: Adequate segregation of duties does not significantly reduce the occurrence of internal fraud in selected Nigerian banks.
• Ha₃: Adequate segregation of duties significantly reduces the occurrence of internal fraud in selected Nigerian banks.

Hypothesis Four (Technology Adoption and E-Fraud Reduction)

• Ho₄: The adoption of advanced fraud detection technologies (e.g., real-time monitoring, machine learning algorithms) does not significantly reduce the incidence of electronic fraud in selected Nigerian banks.
• Ha₄: The adoption of advanced fraud detection technologies significantly reduces the incidence of electronic fraud in selected Nigerian banks.

Hypothesis Five (Staff Training and Fraud Awareness)

• Ho₅: Regular fraud awareness training for bank staff does not significantly reduce the rate of fraud perpetration or customer compromise.
• Ha₅: Regular fraud awareness training for bank staff significantly reduces the rate of fraud perpetration or customer compromise.

Hypothesis Six (Regulatory Enforcement and Deterrence)

• Ho₆: The strictness of regulatory sanctions (fines, license revocation, prosecution) does not have a significant deterrent effect on fraud perpetration in Nigerian banks.
• Ha₆: The strictness of regulatory sanctions has a significant deterrent effect on fraud perpetration in Nigerian banks.

Hypothesis Seven (Whistleblowing Mechanisms and Fraud Reporting)

• Ho₇: The presence of effective whistleblowing mechanisms does not significantly increase the reporting of fraudulent activities in selected Nigerian banks.
• Ha₇: The presence of effective whistleblowing mechanisms significantly increases the reporting of fraudulent activities in selected Nigerian banks.

1.6 Significance of the Study

This study is significant for several reasons. First, it will contribute empirical evidence to the body of knowledge on bank fraud in Nigeria, updating and expanding upon previous studies. Given the dynamic nature of fraud typologies and controls, regular empirical investigations are necessary. The findings will be valuable to academics, researchers, and students in banking, finance, accounting, and criminology.

Second, the study will be useful to bank management and boards of directors in identifying specific weaknesses in their internal control systems and fraud risk management practices. The recommended fraud prevention and detection framework will provide practical, actionable guidance for strengthening defenses against fraud. Bank executives will gain insights into the cost-effectiveness of various fraud control measures.

Third, regulators such as the Central Bank of Nigeria (CBN) and the Nigeria Deposit Insurance Corporation (NDIC) will benefit from the study’s findings. The research will highlight regulatory gaps, enforcement challenges, and areas where further guidance or supervision is needed. The findings can inform the revision of the CBN’s “Risk-Based Cyber Security Framework” and other fraud-related guidelines.

Fourth, the study will be useful to law enforcement agencies (EFCC, ICPC, Nigeria Police) and the judiciary in understanding the nature of banking fraud and the obstacles to successful prosecution. Recommendations on evidence preservation, inter-agency collaboration, and sentencing may help improve the prosecution rate.

Fifth, bank customers and the general public will benefit indirectly, as the study’s recommendations, if implemented, would lead to a safer banking system with lower fraud losses. Increased public confidence in the banking system will encourage greater financial inclusion and savings.

Sixth, professional bodies such as the Chartered Institute of Bankers of Nigeria (CIBN), the Institute of Chartered Accountants of Nigeria (ICAN), and the Association of Certified Fraud Examiners (ACFE) Nigeria Chapter can use the findings to update their training curricula and certification examinations.

Seventh, the study will provide a benchmark for comparative studies across different time periods, banking tiers, or countries. Future researchers can replicate the methodology to track trends in bank fraud or to compare Nigeria with other emerging economies.

1.7 Limitations of the Study

This study is subject to several limitations that should be acknowledged. First, the research is confined to selected banks in Nigeria and may not be representative of all 23 deposit money banks operating in the country. The selection of banks (both tier-1 and tier-2) is intended to provide a cross-section, but findings may not fully capture the experiences of smaller regional banks or non-interest banks. Generalizations should be made with caution.

Second, access to sensitive fraud-related data is a major challenge. Banks are often reluctant to disclose detailed information on fraud incidents, losses, or internal control weaknesses due to reputational risks and regulatory restrictions on disclosure. The researcher will rely on publicly available data (NDIC reports, CBN reports, bank annual reports) and anonymous survey responses, but some information may remain inaccessible. This may limit the depth of analysis.

Third, the study relies partly on self-reported survey data from bank staff (internal auditors, compliance officers, branch managers). Respondents may underreport the prevalence of fraud in their institutions (social desirability bias) or may not have complete knowledge of all fraud incidents. To mitigate this, the researcher will triangulate survey data with documentary evidence (audit reports, NDIC reports) and interviews.

Fourth, the study is cross-sectional, capturing fraud incidence and control effectiveness at a single point in time (or retrospectively over a period). Fraud patterns can change rapidly, especially with technological advancements. A longitudinal study following the same banks over several years would provide more robust evidence of trends and causal relationships, but this is beyond the scope of the current research.

Fifth, the study focuses on the banking system from the perspective of banks themselves (supply side) and does not include detailed analysis of customer-initiated fraud (e.g., loan default through fraudulent documentation, account takeover by external criminals). While these are important dimensions, they are not the primary focus.

Sixth, the study may face limitations in obtaining a sufficiently large sample size for statistical testing, especially from senior management respondents who are difficult to access. The researcher will use targeted sampling techniques and follow-up reminders to maximize response rates.

Despite these limitations, the researcher will adopt a rigorous mixed-methods approach (quantitative surveys and qualitative interviews), triangulate multiple data sources, and apply appropriate statistical tests to ensure that findings are as valid, reliable, and useful as possible.

1.8 Definition of Terms

For clarity and consistency, the following terms are defined as used in this study:

• Fraud: Any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. In banking, fraud includes forgery, cheque kiting, unauthorized lending, fund diversion, identity theft, phishing, ATM skimming, and other deceitful schemes aimed at unlawfully obtaining bank or customer funds.
• Financial Malpractices: A broader category of unethical and illegal activities in the financial sector that may not strictly meet the legal definition of fraud but still cause harm to the bank or its stakeholders. This includes insider abuse (e.g., granting loans to friends without proper documentation), money laundering, unauthorized disclosure of customer information, manipulation of financial records to hide losses, and conflict of interest transactions.
• Internal Control: A process, effected by a bank’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of operations (effectiveness and efficiency), financial reporting (reliability), and compliance (laws and regulations). Key components include control environment, risk assessment, control activities (including segregation of duties, authorization, reconciliation), information and communication, and monitoring.
• Internal Audit: An independent, objective assurance and consulting activity designed to add value and improve a bank’s operations. In the context of fraud, internal audit evaluates the effectiveness of internal controls, identifies weaknesses, investigates suspected fraud, and recommends corrective actions. Internal audit should report directly to the board’s audit committee to maintain independence.
• Electronic Fraud (E-Fraud): Any fraudulent activity that uses electronic channels (internet banking, mobile banking, ATMs, POS terminals, USSD) as a vector for perpetration. Common e-fraud types include phishing (fraudulent emails pretending to be from the bank), vishing (voice phishing), SIM swap fraud (gaining control of a customer’s phone number to bypass two-factor authentication), ATM skimming (stealing card details via a device on an ATM), and malware attacks on banking systems.
• Insider Fraud: Fraud perpetrated by employees (including temporary staff and contractors) of the bank, either acting alone or in collusion with external parties. Insider fraud is particularly dangerous because insiders have knowledge of the bank’s systems, controls, and vulnerabilities, and may have authorized access to sensitive data or funds. The NDIC (2021) reports that insider involvement is implicated in over 40% of fraud cases in Nigeria.
• Money Laundering: The process of concealing the origins of illegally obtained funds (e.g., from drug trafficking, corruption, tax evasion) to make them appear legitimate. Banks are required by the Money Laundering (Prohibition) Act to implement Know Your Customer (KYC) procedures, report suspicious transactions to the Nigerian Financial Intelligence Unit (NFIU), and maintain internal controls to prevent money laundering.
• Bank Verification Number (BVN): A unique biometric identifier (fingerprints and facial image) issued to every bank customer in Nigeria, linking all accounts held by that customer across all banks. The BVN system was introduced by the CBN in 2014 to reduce identity theft, fraud, and multiple account opening with false identities. It has become a key tool for fraud prevention and customer identification.
• Whistleblowing Mechanism: A formal channel (e.g., hotline, email, online portal) through which employees, customers, or third parties can report suspected fraud, corruption, or other malpractices confidentially, without fear of retaliation. An effective whistleblowing mechanism includes protection for whistleblowers, a clear reporting process, and a commitment to investigate all reports.
• Control Environment: The set of standards, processes, and structures that provide the basis for carrying out internal control across the bank. It includes the integrity and ethical values of management (starting with the CEO and board), commitment to competence, organizational structure, assignment of authority and responsibility, human resource policies (hiring, training, discipline), and the tone at the top. The control environment is the foundation for all other internal control components.
• Segregation of Duties (SoD): A control activity that requires that no single individual has control over two or more incompatible functions in a transaction flow. For example, the person who authorizes a payment should not be the person who processes the payment or reconciles the bank statement. Proper SoD reduces the risk of error or fraud by requiring collusion for circumvention.
• Tier-1 and Tier-2 Banks: In the Nigerian banking context, tier-1 banks are the largest banks by assets, market capitalization, and customer base (e.g., First Bank, Zenith Bank, UBA, GTBank, Access Bank). Tier-2 banks are smaller but still significant (e.g., Fidelity Bank, Union Bank, FCMB, Sterling Bank, Wema Bank). Some studies also refer to tier-3 banks (regional or specialized banks). This study includes both tier-1 and tier-2 banks to ensure a representative sample.
• Detective Controls: Internal controls designed to detect errors or fraud after they have occurred, so that corrective action can be taken. Examples include bank reconciliations, exception reports, periodic audits, surveillance cameras, and transaction monitoring systems. Detective controls do not prevent fraud but help identify it quickly to limit losses and gather evidence.
• Preventive Controls: Internal controls designed to prevent errors or fraud from occurring in the first place. Examples include segregation of duties, authorization requirements (e.g., dual signatures for cheques), physical security (locks, access cards), pre-employment background checks, and training. Preventive controls are generally more cost-effective than detective controls.
• Phishing: A type of social engineering attack where fraudsters send fraudulent emails or text messages purporting to be from the bank, asking the recipient to click a link, download an attachment, or provide login credentials. The goal is to steal the customer’s online banking credentials or install malware on their device.
• ATM Skimming: A method of fraud where a device (skimmer) is attached to an ATM card reader to capture the magnetic stripe data from the customer’s card. Often combined with a hidden camera or keypad overlay to capture the PIN. The stolen data is used to create counterfeit cards or perform online transactions.

CHAPTER TWO: LITERATURE REVIEW

2.1 Introduction

This chapter reviews existing literature on fraud and other financial malpractices in the banking system, with particular focus on Nigeria. The review is organized into several thematic sections: conceptual framework (defining fraud, financial malpractices, and related terms), theoretical underpinnings (Fraud Triangle Theory, Fraud Diamond Theory, Agency Theory, and Routine Activity Theory), historical development of banking fraud in Nigeria, types and typologies of bank fraud, causes of fraud (economic, organizational, technological, and regulatory), consequences of fraud for banks, customers, and the economy, internal control mechanisms for fraud prevention and detection, the role of internal audit and compliance, regulatory and legal frameworks in Nigeria, empirical studies on bank fraud, and emerging trends (cyber fraud, cryptocurrency-related fraud). A summary of literature gaps concludes the chapter, justifying the present study.

2.2 Conceptual Framework

2.2.1 Concept of Fraud

Fraud is a broad legal and social concept that refers to intentional deception made for personal gain or to damage another individual or organization. In the banking context, fraud involves deliberate acts of misrepresentation, concealment, or omission of material facts, resulting in unlawful financial gain for the perpetrator and corresponding loss for the bank or its customers. According to the Association of Certified Fraud Examiners (ACFE, 2020), fraud is characterized by three elements: (a) a representation (verbal, written, or by conduct) that is false; (b) knowledge by the perpetrator that the representation is false (scienter); (c) reliance by the victim on the false representation; and (d) damages or loss suffered by the victim as a result.

The legal definition of fraud in Nigeria is provided by the Criminal Code Act (Cap C38, Laws of the Federation of Nigeria, 2004) and the Advance Fee Fraud and Other Fraud Related Offences Act (2006). Section 421 of the Criminal Code defines fraudulent false accounting, while Section 422 covers fraudulent appropriation of property. The Banking and Other Financial Institutions Act (BOFIA) 2020 also contains specific provisions regarding fraudulent activities in banks, including insider abuse and false reporting. Despite these legal definitions, fraud remains a contested concept, with many acts falling into grey areas (e.g., aggressive sales practices that mislead customers but may not meet the legal threshold for fraud) (Nwankwo, 2019; Ogbu, 2020).

2.2.2 Concept of Financial Malpractices

Financial malpractices is a broader term that encompasses fraud but also includes unethical, irregular, or illegal financial activities that may not meet all the legal elements of fraud. These include insider trading, market manipulation, money laundering, tax evasion, bribery and corruption, conflict of interest transactions, unauthorized lending, deliberate overstatement or understatement of financial results, and regulatory breaches. While fraud typically involves direct deception causing loss, financial malpractices may involve acts that harm the integrity of the financial system without an immediately identifiable victim (e.g., failure to report suspicious transactions) (Sanusi, 2019).

In the Nigerian banking context, the NDIC (2021) identifies several categories of financial malpractices: (a) insider abuse (e.g., granting loans without collateral to directors or their proxies); (b) unauthorized disclosure of customer information; (c) manipulation of bank records to conceal losses or inflate profits; (d) non-compliance with anti-money laundering regulations; (e) failure to perform adequate Know Your Customer (KYC) due diligence; and (f) abusive churning of customer accounts to generate fees. These malpractices may not always result in direct financial loss to the bank in the short term, but they erode institutional integrity and increase systemic risk over time (CBN, 2020).

2.2.3 Concept of Banking System

The banking system refers to the network of financial institutions licensed by the Central Bank of Nigeria (CBN) to accept deposits, provide loans, facilitate payments, and offer other financial services. As of December 2022, the Nigerian banking system consisted of 23 deposit money banks (DMBs), including commercial banks, merchant banks, and non-interest (Islamic) banks. The system is regulated by the CBN (responsible for monetary policy, licensing, and prudential regulation) and the NDIC (responsible for deposit insurance and distress resolution). The banking system is a critical component of the financial system, intermediating between surplus and deficit units, facilitating payments, and transmitting monetary policy (CBN, 2021).

The Nigerian banking system is characterized by high concentration: the five largest banks (tier-1) account for over 70% of total banking assets, deposits, and loans. This concentration creates systemic risk: a major fraud incident in a tier-1 bank could have cascading effects on the entire system. The system has also undergone significant digital transformation, with over 80% of transactions now processed through electronic channels (internet, mobile, POS, ATM). This digital transformation has created new fraud vulnerabilities, as discussed later in this chapter (Nnadi and Okoro, 2021).

2.2.4 Concept of Internal Control in Banking

Internal control in the banking context is a process designed by the board of directors and management to provide reasonable assurance regarding the achievement of objectives in three categories: (a) effectiveness and efficiency of operations (including safeguarding of assets); (b) reliability of financial reporting; and (c) compliance with applicable laws and regulations. The Basel Committee on Banking Supervision (BCBS, 2015) has issued specific guidance on internal control in banks, emphasizing the importance of a strong control environment, risk assessment, control activities, information and communication, and monitoring. Banks are expected to have internal control systems commensurate with their size, complexity, and risk profile.

For fraud prevention specifically, internal controls in banks should include: (a) segregation of duties to prevent any single individual from controlling a transaction from initiation to recording to custody; (b) dual authorization for large or unusual transactions; (c) mandatory vacations for staff in sensitive roles (e.g., tellers, loan officers) to allow detection of ongoing fraud; (d) surprise cash counts and asset verifications; (e) reconciliation of suspense and clearing accounts; (f) access controls for IT systems; and (g) a fraud risk management policy that includes whistleblowing channels (Bamidele and Okafor, 2020; Adeyemi and Oluwafemi, 2021).

2.3 Theoretical Framework

This study is anchored on four interrelated theories: the Fraud Triangle Theory, the Fraud Diamond Theory, Agency Theory, and Routine Activity Theory. Each theory provides a lens for understanding why fraud occurs in banks and how it can be prevented.

2.3.1 Fraud Triangle Theory

The Fraud Triangle Theory, developed by criminologist Donald Cressey (1953) based on interviews with embezzlers, posits that three conditions are present when fraud occurs: (a) perceived pressure (or incentive), (b) perceived opportunity, and (c) rationalization. Perceived pressure refers to the fraudster’s motivation—financial need, lifestyle maintenance, gambling debts, medical bills, or pressure to meet performance targets. In banks, staff may face pressure from aggressive sales targets, personal financial problems, or the desire to maintain a certain lifestyle. The recent wave of loan frauds by relationship managers, who face pressure to grow their loan portfolio, illustrates this condition (Ibrahim and Shehu, 2020).

Perceived opportunity refers to the fraudster’s belief that they can commit the fraud without being detected or punished. Opportunity arises from weak internal controls: inadequate segregation of duties, poor supervision, lack of independent verification, management override of controls, or ineffective internal audit. In Nigerian banks, opportunity is often created by understaffing (making segregation of duties impossible), high turnover (reducing institutional memory), and a culture where results are prioritized over compliance (Okonkwo and Eze, 2021). Rationalization is the psychological process by which the fraudster justifies their actions as acceptable: “I was only borrowing the money,” “The bank owes me,” “Everyone else is doing it,” or “I will pay it back before anyone notices.” Rationalization is influenced by organizational culture, ethical climate, and the perceived fairness of policies (Eze and Okonkwo, 2020).

The Fraud Triangle remains highly relevant to banking fraud in Nigeria. Prevention strategies derived from the triangle include: (a) reducing pressure through fair compensation, employee assistance programs, and realistic performance targets; (b) reducing opportunity through strong internal controls, mandatory vacations, surprise audits, and background checks; and (c) reducing rationalization through ethics training, a strong code of conduct, visible disciplinary action, and a positive workplace culture (ACFE, 2020).

2.3.2 Fraud Diamond Theory

The Fraud Diamond Theory, proposed by Wolfe and Hermanson (2004), extends the Fraud Triangle by adding a fourth element: capability (or capacity). The theory recognizes that not everyone who experiences pressure, opportunity, and rationalization will commit fraud. The fraudster must also have the personal capability to commit the fraud—the right position, intelligence, ego, coercion skills, and ability to handle stress. In banking, senior managers or long-serving employees in positions of trust (e.g., branch managers, relationship managers, IT administrators) have greater capability to commit large-scale frauds because they understand the system, can override controls, and can intimidate subordinates into compliance (Adeyemi and Oluwafemi, 2021).

The capability element is particularly relevant to Nigerian banking fraud, where major frauds have often been perpetrated by senior employees. For example, the notorious cases of fraudulent loan facilities approved by branch managers without credit committee approval, or IT staff who created fictitious accounts and credited them with large sums, illustrate the role of capability. Prevention strategies include: (a) limiting tenure in sensitive roles (job rotation); (b) implementing mandatory leave policies; (c) conducting enhanced due diligence for senior hires; (d) separating authority (e.g., no single manager can approve a loan above a certain threshold without committee approval); and (e) surprise audits of branches where the manager has been in place for many years (Bamidele and Okafor, 2020).

2.3.3 Agency Theory

Agency Theory, developed by Jensen and Meckling (1976), describes the relationship between principals (shareholders or bank owners) and agents (bank management and employees). The theory assumes that agents are self-interested and may pursue their own goals at the expense of principals due to information asymmetry (agents know more about their actions than principals do). To mitigate this, principals incur monitoring costs (e.g., internal controls, audits, performance reviews) and bonding costs (e.g., performance bonds, codes of conduct). In banks, the separation of ownership (shareholders) from management (executives) creates classic agency problems. Fraud is a form of extreme agent self-interest (Ibrahim and Shehu, 2020).

Agency Theory explains why internal controls and audits are essential in banks. Without monitoring, agents (loan officers, branch managers, IT staff) may take actions that benefit themselves at the expense of shareholders and depositors: granting loans to friends without collateral, manipulating financial statements to trigger bonuses, or stealing from customer accounts. The theory also explains why executive compensation structures matter: bonuses tied solely to short-term profit may incentivize fraud (e.g., recognizing fictitious revenue, hiding loan losses). Effective corporate governance—including an independent board, audit committee, and strong internal audit—reduces agency problems (Nwankwo, 2019).

2.3.4 Routine Activity Theory

Routine Activity Theory (RAT), developed by Cohen and Felson (1979), offers a different perspective on fraud. RAT posits that for a crime (including fraud) to occur, three elements must converge in time and space: (a) a motivated offender, (b) a suitable target, and (c) the absence of a capable guardian. Unlike the Fraud Triangle, which focuses on the offender’s psychology, RAT focuses on the situational context. In banking, motivated offenders can be internal (disgruntled employees) or external (professional fraudsters). Suitable targets include weak controls, accessible customer accounts, poorly secured ATMs, or customers who are vulnerable (elderly, less educated). Capable guardians include internal controls, internal audit, security personnel, fraud detection software, and even vigilant customers (Adedayo and Ogunleye, 2020).

RAT has practical implications for fraud prevention in Nigerian banks: (a) reduce the number of suitable targets by strengthening controls (e.g., lower cash limits on tellers, faster transaction monitoring, mandatory dual authorization); (b) increase capable guardianship by deploying fraud detection software, training staff to spot red flags, and educating customers about phishing; (c) make fraud more difficult by implementing biometric authentication (fingerprints, facial recognition) and transaction limits; and (d) increase the perceived risk of detection through surprise audits, surveillance cameras, and data analytics (Eze and Okonkwo, 2020).

2.3.5 Integration of Theories for This Study

This study integrates all four theories to provide a comprehensive framework for understanding bank fraud. The Fraud Triangle explains the motivational and opportunity structures; the Fraud Diamond adds the perpetrator’s capability; Agency Theory explains the principal-agent conflict that necessitates controls; and Routine Activity Theory focuses on the situational context of fraud events. Together, these theories inform the research questions, hypotheses, and recommendations of this study. For example, Hypothesis One (control environment and fraud incidence) draws on the Fraud Triangle’s “rationalization” element; Hypothesis Three (segregation of duties) draws on the Fraud Triangle’s “opportunity” element; Hypothesis Four (technology adoption) draws on Routine Activity Theory’s “capable guardian” concept; and Hypothesis Two (internal audit independence) draws on Agency Theory’s monitoring function.

2.4 Historical Development of Banking Fraud in Nigeria

2.4.1 Pre-Consolidation Era (1980s–2004)

The history of banking fraud in Nigeria is as old as the banking system itself. In the 1980s and 1990s, the banking system experienced a series of crises characterized by widespread insider abuse, reckless lending, and outright fraud. The collapse of several banks during this period—including African Continental Bank (ACB), Pan African Bank, and Societe Generale Bank of Nigeria (SGBN)—was attributed largely to fraudulent activities by bank directors and senior management. Common frauds included: (a) granting loans to directors and their cronies without adequate collateral; (b) over-invoicing of contracts and sharing the difference with suppliers; (c) outright theft of depositor funds through fictitious accounts; and (d) falsification of financial statements to hide losses and pay dividends from depositor funds (Ogbu, 2020).

The response from regulators included the creation of the Nigeria Deposit Insurance Corporation (NDIC) in 1988, the promulgation of the Failed Banks (Recovery of Debts) and Financial Malpractices in Banks Act (1994), and the strengthening of the CBN’s examination powers. The NDIC was empowered to pay insured deposits (initially up to N50,000, later increased) when a bank failed, reducing the risk of bank runs. However, these measures did not eliminate fraud; they merely shifted its forms. The era also saw the emergence of “wonder banks” (Ponzi schemes) that defrauded millions of Nigerians, though these were not licensed banks (Sanusi, 2019).

2.4.2 Post-Consolidation Era (2005–2009)

The banking consolidation exercise of 2005, which raised the minimum capital base from N2 billion to N25 billion, reduced the number of banks from 89 to 25. Proponents argued that larger, better-capitalized banks would have stronger corporate governance and internal controls, reducing fraud. However, the consolidation did not eliminate fraud; it merely concentrated risks in fewer, larger institutions. In the period 2005-2009, fraud continued, with new forms emerging: (a) margin loans (loans to stockbrokers to buy shares) were widely abused, with banks lending to directors and their allies to inflate share prices; (b) insider trading became rampant; (c) creative accounting hid huge non-performing loans; and (d) corporate governance failures allowed CEOs to dominate boards and override controls (Nwankwo, 2019).

The 2009 banking crisis, triggered by the global financial crisis and compounded by domestic governance failures, exposed massive fraud at eight systemically important banks. The CBN, under Governor Lamido Sanusi, removed the CEOs of these banks and injected N620 billion in bailout funds. Forensic audits revealed fraudulent practices including: (a) granting loans to “special purpose vehicles” owned by directors; (b) writing off loans without board approval; (c) round-tripping (moving funds between banks to create false deposit records); and (d) outright embezzlement. Several bank CEOs were prosecuted, and some were convicted. This crisis prompted major regulatory reforms, including the establishment of the Financial Stability Committee and enhanced powers for the CBN (Sanusi, 2019).

2.4.3 Post-2009 Reforms to Present (2010–2024)

Following the 2009 crisis, the CBN implemented several reforms to reduce fraud: (a) the Bank Verification Number (BVN) system (2014), which links all bank accounts to a single biometric identifier; (b) the Treasury Single Account (TSA) (2015), which consolidated government funds in a single account at the CBN, reducing the float available for fraud; (c) the Risk-Based Cyber Security Framework (2018); (d) enhanced corporate governance codes; and (e) stricter enforcement of KYC and anti-money laundering requirements. Despite these reforms, fraud has persisted, adapting to new technologies. The NDIC (2021) reported over 45,000 fraud cases in 2021, with e-fraud accounting for an increasing share (CBN, 2021; NDIC, 2021).

The COVID-19 pandemic (2020-2022) accelerated digital adoption but also created new fraud vectors. With more customers using internet and mobile banking, fraudsters deployed sophisticated phishing, vishing, and SIM swap attacks. The work-from-home arrangements for bank staff reduced supervision, and some employees exploited this to perpetrate fraud. The pandemic period also saw an increase in loan fraud, as banks rushed to disburse government-backed stimulus loans without adequate due diligence. The trend continues, with emerging challenges including fraud involving cryptocurrency exchanges and decentralized finance (DeFi) platforms (Adedayo and Ogunleye, 2020; Nnadi and Okoro, 2021).

2.5 Types and Typologies of Bank Fraud in Nigeria

2.5.1 Internal Fraud (Insider Fraud)

Internal fraud refers to fraud perpetrated by employees of the bank (including temporary staff, contract staff, and even senior management) acting alone or in collusion with external parties. The NDIC (2021) reports that insider involvement is implicated in over 40% of reported fraud cases in Nigeria. Internal fraud can take many forms: (a) cash theft from teller drawers; (b) unauthorized loans or overdrafts to self or accomplices; (c) manipulation of dormant accounts to siphon funds; (d) payroll fraud (e.g., “ghost workers,” inflated salaries); (e) theft of customer data for sale to fraudsters; (f) override of system controls using privileged access; and (g) collusion with external fraudsters to approve fraudulent transactions (Okonkwo and Eze, 2021).

Insider fraud is particularly dangerous because insiders have knowledge of the bank’s systems, controls, and vulnerabilities. They know when audits are scheduled, which controls are weak, and how to avoid detection. They can also use their legitimate access to commit fraud that appears routine. Prevention strategies include: background checks before hiring, periodic integrity checks, surprise audits, mandatory leave for staff in sensitive roles, segregation of duties, and robust whistleblowing mechanisms (Bamidele and Okafor, 2020).

2.5.2 External Fraud

External fraud is perpetrated by individuals who are not employees of the bank, including customers, criminal gangs, and professional fraudsters. Common external frauds in Nigeria include: (a) forged cheques and bank drafts; (b) counterfeit currency deposits; (c) fraudulent loan applications using forged documents; (d) account takeovers (gaining access to a customer’s account using stolen credentials); (e) ATM skimming (using a device to capture card data and PIN); (f) phishing and vishing attacks on customers; and (g) identity theft to open accounts or obtain credit (Adedayo and Ogunleye, 2020).

External fraud has increased with digitalization. In 2021, e-fraud (primarily external) accounted for over 30% of reported fraud cases and 22% of actual losses. The BVN system has reduced identity-related fraud but has not eliminated it. Fraudsters have adapted by using “mules” (people who open accounts in their own names and then allow the fraudsters to use them) and by targeting customers directly rather than bank systems. Prevention requires both technological controls (e.g., transaction monitoring, two-factor authentication) and customer education (Eze and Okonkwo, 2020).

2.5.3 Collusion Fraud

Collusion fraud involves cooperation between bank employees (insiders) and external parties (customers or criminals). This is often the most damaging type of fraud because it combines insider knowledge and access with external capacity and motivation. Examples include: (a) a loan officer approving a fraudulent loan in exchange for a bribe from the “borrower”; (b) a branch manager issuing a cheque without funds (kiting) in collusion with another bank; (c) an IT staff member disabling fraud detection controls for a fee; (d) a customer service representative resetting a customer’s PIN without proper identification for an accomplice; and (e) a teller processing a fraudulent withdrawal for a friend (Okonkwo and Eze, 2021).

Collusion fraud is difficult to prevent because it involves multiple individuals bypassing controls together. Segregation of duties, which is effective against single individuals, is less effective against collusion. Prevention requires: (a) surprise audits that rotate among branches; (b) data analytics to identify unusual patterns (e.g., a loan officer with a high approval rate for loans that later default); (c) mandatory cross-training so that staff know each other’s roles; (d) hotlines for anonymous reporting; and (e) periodic rotation of staff between branches (Ibrahim and Shehu, 2020).

2.5.4 Electronic Fraud (E-Fraud)

Electronic fraud (e-fraud) encompasses any fraudulent activity that uses electronic channels as a vector. In Nigeria, common e-frauds include: (a) phishing (fraudulent emails or SMS pretending to be from the bank, asking customers to click a link or provide credentials); (b) vishing (voice phishing—calls pretending to be from the bank, asking for OTPs or PINs); (c) ATM skimming (card reading devices on ATMs); (d) SIM swap fraud (fraudster convinces mobile network operator to transfer the victim’s phone number to a SIM card in their possession, then uses it to receive OTPs and access bank accounts); (e) malware attacks (banking Trojans that capture keystrokes or redirect transactions); (f) POS terminal fraud (tampering with POS devices to capture card data); and (g) insider-enabled e-fraud (employee shares customer data with fraudsters) (Adeyemi and Oluwafemi, 2021).

The NDIC (2021) reported a 67% year-on-year increase in e-fraud cases between 2020 and 2021. The COVID-19 pandemic accelerated digital adoption and, with it, e-fraud. Banks have responded with fraud detection systems, but fraudsters have also become more sophisticated. Many banks now use machine learning algorithms to detect anomalous transaction patterns in real time, but these systems require continuous tuning to avoid high false-positive rates (Adedayo and Ogunleye, 2020).

2.5.5 Money Laundering and Terrorist Financing

Money laundering is the process of concealing the origins of illegally obtained funds to make them appear legitimate. Banks, as the gateway to the financial system, have a critical role in preventing money laundering. Common money laundering techniques in Nigeria include: (a) structuring (splitting large cash deposits into smaller amounts to avoid reporting thresholds); (b) use of shell companies and front businesses; (c) trade-based money laundering (over- or under-invoicing of imports/exports); (d) real estate purchases with illicit funds; and (e) use of cryptocurrency exchanges. Terrorist financing, while smaller in volume, poses a national security threat (FATF, 2020; CBN, 2021).

The Money Laundering (Prohibition) Act 2011 (as amended) requires banks to maintain a compliance function, report suspicious transactions to the Nigerian Financial Intelligence Unit (NFIU), conduct customer due diligence (CDD) including beneficial ownership identification, and retain records for at least five years. Failure to comply can result in fines (up to N1 million per violation for individuals, N5 million for banks) and imprisonment. Despite these requirements, the Financial Action Task Force (FATF) has placed Nigeria on its “grey list” (jurisdictions under increased monitoring) at various times due to deficiencies in anti-money laundering (AML) and counter-terrorist financing (CFT) controls (FATF, 2020).

2.6 Causes of Fraud in the Nigerian Banking System

2.6.1 Economic Causes

Economic factors are significant drivers of bank fraud in Nigeria. Low salaries and remuneration for bank staff, relative to the cost of living and relative to what other sectors pay, create financial pressure that can lead to fraud. Many bank employees, especially at junior and mid-levels, are paid amounts that are insufficient for rent, transportation, school fees, and other basic needs. When faced with an urgent financial need (e.g., medical emergency, child’s school fees), some employees rationalize taking “a small amount” from the bank, intending to pay it back (Fraud Triangle: pressure). Over time, this can escalate into larger frauds (Ibrahim and Shehu, 2020).

High unemployment and underemployment in the broader economy also contribute. People who cannot find legitimate employment may turn to fraud as a livelihood. The “419” scam (advance fee fraud) originated in Nigeria and remains prevalent. Fraudsters target bank customers, and some even seek employment in banks with the intention of committing fraud. The high turnover of bank staff (due to layoffs, restructuring, or poaching by competitors) means that background checks may be rushed, allowing individuals with fraudulent intent to be hired (Nwankwo, 2019).

Economic inequality and conspicuous consumption also play a role. When bank employees see wealthy customers and executives living lavish lifestyles, while they struggle to make ends meet, they may feel that the system is unfair and that taking from the bank is a form of “redistribution.” This rationalization is reinforced by a culture where wealth, regardless of its source, is celebrated. Banks with wide pay gaps between senior executives and frontline staff may experience higher fraud rates (Ogbu, 2020).

2.6.2 Organizational Causes

Organizational factors are perhaps the most controllable causes of fraud. Weak internal control systems are the primary organizational cause. In many Nigerian banks, internal controls are designed to satisfy regulators on paper, but are not fully implemented or enforced. Specific weaknesses include: (a) inadequate segregation of duties (one person handles multiple incompatible functions); (b) lack of independent verification and reconciliation; (c) poor supervision and oversight, especially in remote branches; (d) management override of controls (senior managers instructing subordinates to bypass procedures); (e) lack of physical safeguards over assets (e.g., cash, cheque books); and (f) ineffective internal audit (Bamidele and Okafor, 2020).

Organizational culture also matters. Banks with a “sales at any cost” culture, where meeting targets is prioritized over compliance and ethics, create pressure that can lead to fraud. For example, a branch manager facing pressure to grow deposits may instruct tellers to temporarily “borrow” money from customer accounts to meet targets, intending to replace it later. When targets are unrealistic, employees may feel that the bank is setting them up to fail, reducing their loyalty and increasing rationalization for fraud (Okonkwo and Eze, 2021).

High turnover of staff, especially in internal audit and compliance functions, undermines institutional memory and continuity. New staff may not be aware of past fraud incidents or weak controls. High turnover also means that experienced staff who could serve as deterrents are replaced by inexperienced staff who may be more vulnerable to manipulation or pressure. Banks that invest in employee retention, competitive salaries, and career development tend to have lower fraud rates (Eze and Okonkwo, 2020).

2.6.3 Technological Causes

The rapid adoption of digital banking has created new fraud opportunities. While technology enables faster, more convenient transactions, it also expands the attack surface for fraudsters. Nigerian banks have invested heavily in internet and mobile banking, but some have not invested commensurately in fraud detection and prevention systems. Many banks still rely on rules-based transaction monitoring (e.g., flag transactions above N500,000) rather than behavioral analytics or machine learning. Rules-based systems generate high false positives, leading to alert fatigue and missed genuine fraud (Adeyemi and Oluwafemi, 2021).

Legacy IT systems (older core banking applications) may have security vulnerabilities that fraudsters can exploit. Some banks have not updated their systems because of the cost and complexity of migration. These legacy systems may lack proper audit trails, making it difficult to detect or investigate fraud. They may also have inadequate access controls, allowing staff with basic IT knowledge to elevate their privileges or bypass controls (Adedayo and Ogunleye, 2020).

Customer vulnerability to social engineering is another technological cause. Despite bank warnings, many customers still click on phishing links, share OTPs with callers claiming to be bank officials, or use weak passwords. Banks have not invested sufficiently in customer education and awareness campaigns. Some banks prioritize the convenience of digital channels (e.g., low authentication requirements for certain transactions) over security, exposing customers to risk. The lack of a centralized, real-time fraud information-sharing platform among banks allows fraudsters to move between banks after being detected at one (Nnadi and Okoro, 2021).

2.6.4 Regulatory and Legal Causes

Despite a robust legal framework, regulatory and legal weaknesses contribute to fraud. The primary weakness is inconsistent enforcement. While the CBN and NDIC issue regulations, fines and sanctions are not always applied consistently or transparently. Some banks have been fined multiple times for the same compliance failures without escalation to license revocation. The perception that regulatory sanctions are just a “cost of doing business” reduces deterrence (Sanusi, 2019).

The slow pace of prosecution of fraud cases is another major weakness. Cases take years to resolve, and some are never brought to trial due to lack of evidence, witness intimidation, or judicial delays. Conviction rates are low, and even when convicted, offenders often receive light sentences (e.g., fines or short prison terms) that do not deter others. The absence of a centralized, public database of fraudulent bank employees means that an employee dismissed from one bank for fraud can be hired by another bank without the new employer knowing (Nwankwo, 2019).

Legal gaps also exist. The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 is a significant step forward, but its implementation has been slow. The law requires banks to report cyber incidents within 24 hours, but compliance is low. The law also provides for asset forfeiture, but tracing and recovering assets in e-fraud cases is difficult, especially when funds are moved across multiple accounts or converted to cryptocurrency. Cross-border fraud (where perpetrators are in one country, victims in another, and banks in a third) poses jurisdictional challenges that Nigeria’s legal framework is not fully equipped to handle (Ogbu, 2020).

2.7 Consequences of Bank Fraud

2.7.1 Financial Consequences for Banks

Direct financial losses from fraud are the most immediate consequence. In 2021, Nigerian banks reported actual losses of N5.6 billion from fraud. However, this figure likely understates true losses because: (a) some frauds are not detected; (b) detected frauds are not always reported to NDIC (banks fear reputational damage); (c) reported losses may be net of recoveries, but recoveries are often partial or nil; (d) indirect losses (e.g., investigation costs, legal fees, increased insurance premiums) are not included; and (e) the cost of implementing additional controls after a fraud incident is not captured (NDIC, 2021).

Fraud also affects bank profitability through increased operational costs. Banks must invest in fraud detection technologies, hire compliance and fraud investigation staff, conduct training, and pay higher premiums for fidelity insurance (insurance against employee theft). Large fraud losses may require setting aside provisions, reducing reported profits. In extreme cases, repeated fraud losses can erode capital and trigger regulatory intervention (CBN, 2020).

2.7.2 Reputational Consequences

Reputational damage is often more severe than direct financial loss. A bank that experiences a major fraud incident—especially if the fraud involved customer accounts or went undetected for a long period—suffers a loss of trust. Customers may withdraw deposits and move to competitors. Potential customers may choose other banks. Business partners (e.g., fintechs, correspondent banks) may reassess their relationships. In the social media era, news of fraud spreads rapidly, and the reputational damage can be long-lasting (Okonkwo and Eze, 2021).

For the banking system as a whole, a major fraud incident at a tier-1 bank can trigger systemic reputational damage, reducing public confidence in all banks. This is particularly dangerous because banking is built on trust. If depositors lose confidence, they may attempt to withdraw funds en masse (a bank run), potentially triggering a liquidity crisis even at solvent banks. The 2009 banking crisis demonstrated this contagion effect (Sanusi, 2019).

2.7.3 Regulatory and Legal Consequences

Banks found to have weak internal controls that facilitated fraud face regulatory sanctions. The CBN can impose fines, require the bank to increase capital, restrict dividend payments, place the bank under enhanced supervision, or, in extreme cases, revoke its license. Individual bank executives (including board members) can be disqualified from holding positions in any financial institution, fined, or prosecuted. The NDIC can also impose sanctions and may, in the case of systemic fraud leading to insolvency, take over the bank for liquidation or sale (CBN, 2020).

Legal consequences include civil lawsuits by customers who lost funds due to bank negligence (e.g., if the bank failed to prevent a SIM swap fraud despite red flags). Regulatory fines and legal fees add to the bank’s costs. In high-profile cases, senior executives may face criminal prosecution, leading to imprisonment, asset forfeiture, and lifetime disqualification from the banking industry (Nwankwo, 2019).

2.7.4 Consequences for Customers

Customers are often the direct victims of bank fraud, especially e-fraud. A customer who falls victim to a phishing attack and loses N500,000 may not get fully reimbursed by the bank, especially if the bank can demonstrate that the customer was negligent (e.g., shared their OTP). Even if the bank reimburses, the customer suffers inconvenience, stress, and time spent resolving the issue. Small business owners may face cash flow crises if their accounts are frozen pending investigation (Eze and Okonkwo, 2020).

Beyond financial loss, customers may suffer psychological harm: anxiety, loss of trust in the banking system, and self-blame for having fallen for a scam. Some victims may be elderly or less educated, making them more vulnerable. Banks have a responsibility not only to reimburse but also to provide support and education to affected customers (Adedayo and Ogunleye, 2020).

2.7.5 Consequences for the Economy

At the macroeconomic level, widespread banking fraud undermines financial intermediation. When banks lose funds to fraud, they have less capital to lend to productive sectors of the economy. When banks become risk-averse due to fear of fraud, they may tighten lending standards, making it harder for legitimate businesses to access credit. This can slow economic growth, reduce employment, and exacerbate poverty (Nnadi and Okoro, 2021).

Fraud also increases the cost of banking services. Banks pass the cost of fraud prevention (technology, staffing, insurance) and fraud losses (where not recovered) to customers through higher fees, lower interest on deposits, and higher interest on loans. In this way, even honest customers pay for the frauds of a few. Finally, high-profile banking frauds damage Nigeria’s international reputation as a financial center, potentially deterring foreign direct investment and correspondent banking relationships (Sanusi, 2019).

2.8 Internal Control Mechanisms for Fraud Prevention and Detection

2.8.1 Preventive Controls

Preventive controls are designed to stop fraud before it occurs. Key preventive controls in banks include: (a) segregation of duties (ensuring that no single individual can initiate, authorize, record, and settle a transaction); (b) authorization limits (requiring dual approval for transactions above certain thresholds, and escalating larger amounts to higher authorities); (c) physical controls (cash safes with dual custody, access logs for server rooms, locked cheque books); (d) pre-employment background checks and periodic integrity checks; (e) mandatory vacation policies for staff in sensitive roles (so that ongoing frauds are discovered by the covering staff); (f) job rotation to prevent entrenchment; (g) IT access controls (least privilege principle, role-based access, regular access reviews); and (h) a strong code of conduct