Kenya Insights

Tag: Absa Bank Kenya

  • Absa Bank Kenya Faces Mounting Internal Fraud Storm as Parliament Demands Answers Over Sh3 Million Vanishing From Customer Accounts

    Absa Bank Kenya Faces Mounting Internal Fraud Storm as Parliament Demands Answers Over Sh3 Million Vanishing From Customer Accounts

    Kenya’s National Assembly has once again been forced to confront the uncomfortable question of whether the country’s banking halls are as safe as the marketing campaigns claim.

    On the floor of Parliament on February 24, 2026, Hon. John Waithaka, the Member of Parliament for Kiambu, rose under Standing Order 44(2)(c) to demand a formal statement from the Departmental Committee on Finance and National Planning regarding the disappearance of approximately three million shillings from two accounts belonging to Mr. Kennedy Karanja Macibu, a customer of Absa Bank Kenya.

    According to the statement read before the House, Mr. Macibu, identified through his national identification number, was going about his evening on September 15, 2025, at around eight o’clock, when his phone began lighting up with transaction alerts he had neither initiated nor authorised.

    By the time the dust settled, close to three million shillings had vanished from his two Absa accounts.

    He moved quickly, contacting the bank to lock down what remained, lodging a formal complaint with Absa and reporting the matter to the Nairobi Central Police Station, where it was logged under OB Number 81 of 16/09/2025. Months later, Mr. Macibu is still waiting for the kind of clarity that should have come within days.

    On paper, this looks like an isolated misfortune, the kind of unlucky episode that could befall any bank in any country.

    But a closer examination of Absa Kenya’s recent history, drawn from court judgments, regulatory disclosures, whistleblower testimony and a string of separate customer disputes, suggests something far less comforting. Mr. Macibu’s ordeal fits inside a much larger and uglier picture, one in which the bank’s own staff, systems and digital lending arms have repeatedly been implicated in the very fraud the institution claims to be fighting.

    The Karen Prestige branch and the manager who opened the vault to strangers

    Perhaps the most damning evidence of internal rot at Absa Kenya is not speculation or anonymous chatter but a written judgment of the Employment and Labour Relations Court. The case centres on Lilian Adhiambo, the former branch manager of Absa’s Karen Prestige branch, whose dismissal the court upheld after forensic investigators tied her to the loss of millions from customer accounts.

    Court records show that on October 13, 2019, a withdrawal of Sh3.6 million was processed from a customer account at the Karen Prestige branch.

    In the days that followed, additional withdrawals and electronic transfers pushed the total loss past Sh6.3 million, all of it bearing Adhiambo’s authorisation. When the matter reached the Employment and Labour Relations Court, Justice Radido Stephen delivered a verdict that left little room for ambiguity.

    The judgment described gross misconduct, negligence and failure of due diligence on the part of a senior banking officer who, after two decades inside the institution, used her authority to wave through transactions that should have triggered alarm bells across the bank’s control systems.

    The forensic investigation behind the case was conducted by Absa’s own internal investigations unit, which means the bank’s findings and the court’s findings are aligned: a senior manager, entrusted with safeguarding customer deposits, instead became the weak link through which Sh6.3 million walked out the door.

    The court upheld her dismissal as fair and lawful, closing one legal chapter while opening a far bigger institutional question. If a branch manager with two decades of tenure could move millions out of customer accounts before anyone noticed, what does that say about the controls protecting every other account in the branch network, including the two accounts belonging to Mr. Macibu more than a thousand kilometres and six years removed from Karen?

    Timiza and the allegations of a black market for customer data

    If the Karen Prestige case shows what a single rogue manager can do with the keys to the vault, a separate and far more explosive set of allegations points to something organised, sustained and operating at a much higher level inside the bank’s digital lending arm.

    A whistleblower from within Absa Kenya’s Timiza digital credit department came forward with claims that strike at the heart of the bank’s ability to protect the personal and financial information of millions of customers.

    The whistleblower alleged that since 2023, Timiza had been collecting customer data without consent, and that this data was being exploited well beyond the bounds of any loan application. The allegations named senior figures inside the credit and risk functions and accused them of fostering a culture in which customer information became a tradeable commodity.

    According to the whistleblower account, Absa’s data centre in Westlands, referred to internally as the Data Office, became a hub where customer records, including credit card details and mobile banking information, were allegedly extracted and sold for as much as one thousand shillings per record.

    The claims extended to a senior technical lead within Timiza, who was accused of acquiring more than one hundred thousand customer records for personal use, while other senior figures allegedly explored ways to monetise the stolen data during internal meetings. The whistleblower further claimed that attempts to raise these concerns through Absa’s own internal reporting channels were met with intimidation and obstruction, leaving the individual no option but to go public.

    The timing of these revelations was not accidental. They emerged amid a Central Bank of Kenya investigation into a cluster of complaints against Absa covering insider fraud, sexual harassment and other ethical failures, an investigation that itself followed an internal probe ordered by Absa Group in South Africa into the conduct of its Kenyan operations.

    Sources familiar with that probe described a culture in which junior staff were allegedly expected to pay their way into promotions and in which favours of a deeply troubling nature were said to function as currency for career advancement inside certain branches.

    A death that still casts a shadow over the Nyali branch

    Among the most unsettling threads connected to this wider picture is the death of Oscar Owino, an employee at Absa’s Nyali branch, who died in August 2023 under circumstances that colleagues reportedly found suspicious.

    Accounts circulating among insiders link his death to a romantic dispute involving a fellow employee, and the case has since been cited repeatedly by whistleblowers as part of a broader pattern of dysfunction inside branches where personal entanglements, internal politics and financial irregularities appear to overlap in ways that have never been fully and publicly explained.

    When fraudsters know more than they should

    For ordinary Absa customers, the most frightening dimension of this unfolding story is not the size of any single loss but the sophistication of the fraud being reported. Accounts shared in connection with the wider scandal describe customers receiving phone calls that appear, on caller ID, to come directly from Absa’s official customer care line.

    The caller, claiming to be investigating an unauthorised withdrawal attempt, asks the customer to confirm account details in order to protect the very funds that are then drained shortly afterward.

    This is precisely the scenario the Timiza whistleblower warned about: that stolen customer data, once in the wrong hands, can be weaponised to give external fraudsters enough personal detail to walk straight past the suspicion threshold of even the most careful account holder.

    When a fraudster already knows your name, your account numbers, your recent transaction history and your registered phone number, the line between an external scam and an inside job becomes almost impossible for the victim to detect, and arguably impossible for the bank to credibly deny.

    A bank already under siege from multiple directions

    Mr. Macibu’s case and the Karen Prestige scandal are not occurring in isolation. Absa Kenya is currently the subject of a separate High Court matter brought by Phyilis Osoro Kemunti, who is seeking to have historical references listing her as a defaulter on a credit card account expunged, alongside damages for what she describes as reputational harm.

    Online, the picture is no less flattering. Customers describing their experiences on social media and discussion forums have ranked Absa among the most frustrating banks to deal with in Kenya, citing transaction failures, unresolved money disputes, unexplained penalties on loan accounts and what many describe as a wall of silence when something goes wrong.

    Even the bank’s commercial relationships have not been spared.

    In May 2026, Absa was drawn into a governance dispute at Nairobi’s century-old Vetlab Sports Club, where rival factions accused the bank of altering the signatories on the club’s main account, which held approximately Sh26 million, without proper authority and despite ongoing litigation over who actually constituted the club’s lawful leadership.

    The club’s chairman and honorary secretary took the matter to the High Court’s Commercial and Tax Division, and court papers reportedly showed that Absa had previously resisted similar requests during earlier phases of the same dispute, making the sudden reversal difficult for the bank to explain.

    Separately, the bank finds itself entangled in one of the largest alleged loan fraud cases in recent Kenyan banking history.

    Industrialist Benson Sande Ndeta and an American co-accused are facing twelve criminal counts over an allegedly fraudulently obtained Sh4.5 billion facility, originally advanced when Absa still operated under the Barclays brand in Kenya, secured using what prosecutors describe as forged corporate guarantees and fabricated board resolutions.

    Arrest warrants were issued for both men in March 2026 after they failed to appear in court, and the warrants were extended later that month after continued defiance of court orders. Whatever the eventual outcome, the case is a reminder that a lender which prides itself on rigorous documentation and credit discipline was, on its own telling, deceived at the highest level by paperwork its own systems failed to catch.

    The numbers behind the headlines

    All of this is unfolding against a backdrop of deteriorating financial performance and a sector-wide fraud surge that regulators have struggled to contain.

    Absa Kenya’s profit after tax for the first quarter of 2026 fell to Sh5.31 billion, down from Sh6.17 billion a year earlier, marking the bank’s first first-quarter profit decline in nine years.

    The Central Bank of Kenya’s own Financial Sector Stability Report for 2025 documented that cyber fraud cases across the banking sector more than doubled in a single year, rising from 153 to 353 incidents, with total losses jumping from Sh412 million to Sh1.59 billion.

    Mobile banking fraud alone accounted for Sh810.68 million of those losses, a rise of 344 percent, while card fraud surged sixteen-fold to Sh263.29 million and identity theft losses rose sixfold to Sh199.08 million.

    Against figures like these, Absa’s own 2022 disclosure that it lost Sh107.7 million to fraudsters, of which only a portion was recovered, no longer reads as an unfortunate one-off. It reads as an early data point in a trend line that has only steepened since, a trend line into which Mr. Macibu’s Sh3 million now slots with grim familiarity.

    A voluntary exit programme that raises more questions than it answers

    The timing of Absa’s broader restructuring has not gone unnoticed either.

    Earlier in 2026, the bank ran a voluntary exit programme that saw 82 employees leave with a combined Sh717 million in severance packages, officially framed as part of a technology-driven streamlining of the workforce.

    For a bank simultaneously facing whistleblower allegations of data theft inside its digital lending division, a Central Bank investigation into insider fraud and sexual harassment, and a court judgment confirming that a senior branch manager helped drain millions from customer accounts, the exodus of dozens of staff raises an obvious question that Absa has yet to answer publicly: how many of those departures were genuinely voluntary, and how many were the quiet conclusion of internal disciplinary processes the bank would prefer not to discuss in public?

    What Absa owes Mr. Macibu, and everyone else

    None of this excuses or explains away what happened to Mr. Macibu specifically. His case stands on its own and deserves its own forensic accounting. But it cannot be assessed in a vacuum, and Parliament’s intervention should not be treated as a routine, one-off inquiry into a single customer’s bad luck.

    Taken together with the Karen Prestige judgment, the Timiza whistleblower allegations, the Vetlab Sports Club signatory dispute, the Sh4.5 billion Ndeta case and the broader sector-wide fraud data, Mr. Macibu’s three million shillings looks less like an anomaly and more like the latest visible tip of an iceberg that Absa Kenya has spent years trying to keep below the waterline.

    Absa Bank Kenya does maintain whistleblowing channels, directing concerns to dedicated email addresses for anonymous tip-offs and priority investigations, and the bank’s security communications continue to emphasise customer vigilance, multi-factor authentication and prompt reporting of suspicious activity. Mr. Macibu did everything right.

    He noticed the alerts, secured his accounts, filed a formal complaint and reported the matter to police within hours. If a customer who follows every recommended step can still be left waiting months for answers, then the failure is not his, and it is not external. It sits squarely inside the bank’s own walls.

    Parliament has now asked the question publicly. The Central Bank of Kenya, already investigating Absa over insider fraud and ethical failures on multiple fronts, has the evidence and the mandate to demand a full forensic audit of the Macibu case, including transaction logs, staff access records and verification protocols at the time of the withdrawals, and to examine whether any link exists between his case and the data practices the Timiza whistleblower described.

    Kenyan depositors are watching, and after years of mounting allegations, vague reassurances about ongoing investigations will no longer be enough. Absa Kenya now has a choice: open its books, name names, and show its house is in order, or continue to watch its reputation erode one drained account at a time.

  • Absa Bank Kenya: The Lender That Declares War On Its Own Clients

    Absa Bank Kenya: The Lender That Declares War On Its Own Clients

    John Maina Kinyua is not a reckless borrower. He is precisely the kind of client a bank markets its long-term products to: a property owner with income-generating assets in Sigona, Kiambu County, willing to commit to 180 monthly installments stretching fifteen years into the future. He took an Sh80 million facility from Absa Bank Kenya in September 2024. He pledged two rental properties, Sigona/1294 and Sigona/2103, as security. The repayment schedule was modest: Sh180,000 every month until July 2039. Then he missed one payment in April 2025.

    What followed next is a story not about a borrower in crisis. It is a story about a bank that treats its own clients like adversaries the moment a contractual technicality presents itself, and about a pattern of institutional conduct that Kenyan courts, parliamentarians, and now borrowers themselves are increasingly calling out for what it is: predatory, reckless, and in multiple documented cases, outright unlawful.

    “The respondent cannot disown its own entries.” High Court of Kenya, on Absa’s pursuit of foreclosure despite its own records confirming the account had been fully regularised.

    One Missed Payment. Sh79.9 Million Demanded. Fourteen Years Collapsed.

    The facts in the Kinyua matter are not in serious dispute. On May 12, 2025, barely seven months after the loan was disbursed, Absa issued a 90-day statutory notice demanding immediate repayment of the entire Sh79.9 million outstanding balance. Not the arrears. Not the overdue installment. The whole loan. The bank argued, as it consistently does in such disputes, that the charge instrument gave it the unilateral right to recall the full facility the moment any default occurred.

    Kinyua cleared the arrears. Absa’s own bank statements, produced in court, showed that by September 24, 2025, the account had been fully regularised and arrears reduced to zero. The bank then issued a 40-day notice to sell on September 3, 2025, demanding Sh79.8 million and advertising the properties for public auction. It was pressing ahead with the sale of income-generating assets on a loan that its own records showed was current.

    The High Court was unsparing. In granting a temporary injunction halting the planned auction, the judge noted that Absa could not disown its own entries. The court described the pursuit of foreclosure against a now-performing, fully cured loan as a monumental triable issue, and ruled that a premature, accelerated foreclosure on a performing, fully regularised loan presents a formidable prima facie case with a high probability of success. The parties were directed to complete pre-trial steps within 14 days ahead of an expedited hearing.

    That judicial language is not boilerplate. It is the bench telling Absa that it behaved in a manner that raised serious questions about the legality of its own recovery process. For a bank that manages tens of thousands of secured lending relationships across Kenya, those words carry institutional weight.

    The Contractual Trap That Borrowers Sign Without Reading

    The legal architecture that made this possible is worth examining because it is embedded in every long-term charge document Absa issues. The bank’s standard charge instruments contain acceleration clauses that trigger the right to demand the full outstanding balance immediately upon any event of default, however minor. Kinyua argued that the charge document required a specific event of default to be formally declared and a prior demand for arrears before the entire facility could be recalled. Absa countered that the mere fact of any default activated its right to the full sum.

    The court found serious triable issues in that argument precisely because the bank was pressing ahead after the underlying default had been cured. But the deeper concern for anyone contemplating a long-term secured facility with Absa is that the bank appears to interpret its own charge documentation in the most aggressive manner available, and moves at speed. A 90-day statutory notice was issued just weeks after the alleged default. A 40-day sale notice followed months later. All of this occurred while arrears were being settled and while the facility still had over fourteen years to run.

    What Absa effectively argued in court is that once a default occurs, cure does not matter. The clock for full acceleration has already started. The income from the very properties securing the loan, rental income that was actively servicing the debt, was about to be destroyed by the very auction that would trigger tenant flight. The court accepted the borrower’s argument about that vicious cycle explicitly. It is difficult to read the bank’s position as anything other than a strategy designed to seize valuable security at the earliest contractual opportunity, regardless of the commercial reality on the ground.

    This Is Not a One-Off. Absa Has a Pattern.

    The Kinyua case does not exist in isolation. It is the latest chapter in a documented institutional habit at Absa Bank Kenya that stretches back years and spans multiple product lines, client categories, and judicial forums. The pattern is consistent: move fast on security realization, resist accommodation, and lean on contractual language even when the equities point in the opposite direction.

    Consider New Mega Africa Limited, a Nairobi transport company that ships clinker between Kenya and Uganda. It borrowed from Absa and charged a prime property in Kitusuru, Nairobi, as security for facilities that eventually reached Sh86.4 million. When the relationship soured, the company filed suit in the High Court in Mombasa alleging that Absa had printed its confidential financial statements without authority and shared them with third parties, exposing the firm to financial sabotage and cancellation of insurance policies. The company claimed Sh1.5 billion in damages.

    In November 2022, the court entered interlocutory judgment against Absa after the bank failed to file a defence within the stipulated period. The bank then contested that judgment, arguing that no data breach had occurred and characterising the lawsuit as an attempt by the transport firm to evade its loan obligations. Absa simultaneously moved to auction the Kitusuru property to recover the outstanding debt. In June 2023, Justice Mongare issued a temporary injunction halting the auction, barring the bank from selling or transferring the property pending determination of the full case. In January 2025, Absa suffered a further setback when the High Court in Mombasa allowed a former employee to testify as a witness in the case, reopening the evidentiary record the bank had fought to keep closed.

    The New Mega Africa litigation has now run for more than three years. The bank is fighting simultaneously to disclaim liability for the alleged data breach, to enforce its auction rights on the Kitusuru property, and to resist a Sh1.5 billion damages award. Those three fronts are not coincidental. They reflect a bank that moved to liquidate security while a major counter-claim was actively being litigated, a move courts have now repeatedly restrained.

    Senators demanded Absa’s CEO appear before Parliament to answer for a fraud syndicate targeting retirees at Absa branches. The National Treasury Cabinet Secretary confirmed collusion between pension officers and banking staff.

    Parliament Summons Absa’s CEO Over Retiree Robbery Syndicate

    The courtroom is not the only arena where Absa’s conduct has attracted institutional scrutiny. In December 2025, Kenya’s Senate erupted over a fraud syndicate that was systematically targeting retirees moments after they received lump-sum pension payouts deposited into Absa Bank accounts. Senator Eddy Oketch of Migori tabled a statement before the Senate Finance and Budget Committee demanding a full accounting of fraud cases involving Absa accounts since 2022 and the status of investigations into each of them.

    The cases were not abstract. Senators cited a retired teacher who lost her entire pension payout of Sh2.4 million from an Absa account. A retired police officer was robbed of cash moments after leaving an Absa branch, with senators raising concerns that insiders were feeding withdrawal information to criminal networks operating outside the bank. Nyamira Senator Okongo Omogeni went further, calling for Absa’s Chief Executive Officer, Abdi Mohamed, to appear before the Senate in person to explain how fraudsters were apparently able to monitor transactions and swiftly drain accounts after pension deposits.

    The National Treasury Cabinet Secretary John Mbadi, appearing before the Senate, made a statement that should have triggered a regulatory response: he confirmed the existence of collusion between pension officers and banking staff in defrauding retirees. That admission was made about cases specifically linked to Absa accounts. The government subsequently committed to fully digitising the pension payment system from July 2025 to reduce the human interface that was enabling the fraud.

    That Senate hearing did not take place in a vacuum. It came months after the Employment and Labour Relations Court upheld the dismissal of Lilian Adhiambo, former branch manager of Absa Bank’s Karen Prestige branch, after forensic investigators linked her to a syndicate that drained Sh6.3 million from customer accounts in October 2019. The court reviewed the forensic reports and found the bank’s decision to dismiss her fair and lawful. The Karen Prestige case was not an outlier. Former compliance officers have described a shadow network centered in Nairobi suburbs where rings of insiders and external fraudsters coordinate attacks on mobile banking platforms in real time.

    Sh4.5 Billion: When Absa Itself Was the Victim

    While Absa was pursuing small borrowers with aggressive acceleration clauses, the bank was simultaneously navigating the fallout from one of the largest alleged loan frauds in Kenyan corporate history. Prosecutors allege that between February 2017 and January 2018, industrialist Benson Sande Ndeta and an American co-accused, Charles Hills Jr., conspired to fraudulently obtain a dollar-denominated credit facility equivalent to Sh4.5 billion from Absa, then operating as Barclays Bank Kenya, by falsely representing themselves as acting on behalf of Savannah Cement Limited and presenting what prosecutors say were forged corporate guarantees, board resolutions, and security documents.

    The case carries 12 criminal counts including conspiracy to commit fraud, obtaining credit by false pretences, forgery, and uttering forged documents. Ndeta and Hills failed to appear in court to take a plea and in March 2026 Milimani Senior Principal Magistrate Carolyne Mugo issued arrest warrants against both men. The warrants were extended in March 2026 after the accused continued to defy court orders. In parallel, Ndeta returned to the High Court seeking to halt the criminal prosecution entirely, but in December 2025 the High Court dismissed his constitutional petition and cleared the path for trial.

    The Sh4.5 billion fraud case is instructive in a way the bank would prefer not to advertise. A lender that prides itself on contractual discipline and forensic documentation of borrower obligations was apparently deceived by forged board minutes and fabricated indemnity forms. While Absa pursues a borrower in Sigona for missing one installment of Sh180,000, it spent years absorbing the consequences of approving a nine-figure facility on the basis of documents that prosecutors say were fraudulent from the start.

    Vetlab Sports Club: Absa Caught in a Governance War Over Sh26 Million

    The complications did not stop there. In May 2026, Absa was dragged into a governance dispute at Nairobi’s century-old Vetlab Sports Club after rival factions of the club’s leadership accused the bank of illegally altering the signatories on the club’s main account, which held approximately Sh26 million at the time. The club’s chairman, Jared Ouko, and honorary secretary, Beatrice Kamau, filed suit at the High Court’s Commercial and Tax Division, accusing Absa of effecting the signatory changes without proper authority despite ongoing litigation over who constituted the club’s lawful board.

    Court papers showed that Absa had previously resisted similar requests to change signatories during earlier phases of the same dispute, making the reversal all the more difficult to explain. The applicants alleged that bank officials indicated a court order had been used to justify the changes but that they had never been served with any such order. The dispute put Absa in the position of having potentially taken instructions from one faction of a contested leadership body, exposing member funds to risk in circumstances where no unambiguous legal authority to act had been established.

    The Numbers Behind the Reputation Crisis

    Absa Bank Kenya reported a net profit of Sh5.3 billion in the first quarter of 2026, down 13.8 percent from the Sh6.1 billion posted in the same period the previous year, as falling interest rates and reduced lending compressed income. Total interest income fell 10.1 percent to Sh13.5 billion. The bank’s gross non-performing loans stood at Sh44.3 billion at the close of September 2025, having grown by 20.5 percent to Sh42.5 billion during 2024. Against that backdrop, aggressive enforcement of secured lending contracts is commercially understandable. A bank sitting on Sh44 billion in bad debt has every incentive to tighten recovery processes.

    What is harder to justify is the application of that tightening to a borrower who has cured a single missed installment on a facility that carries fourteen more years to maturity. The Kinyua matter is not a case of a serial defaulter or an insolvent borrower running from obligations. It is a case of a borrower who fell behind by one month, restored the account to performing status per the bank’s own records, and then watched as the bank pressed ahead with an auction anyway. The income-generating properties securing the loan were not at risk of disappearing. The tenants were paying rent. The cash flow was there. Absa chose the nuclear option.

    In 2023, the bank’s predecessor entity was ordered by the High Court to pay general damages to Paul Kuria Ngugi after auctioning his land in Muguga and failing to furnish him with documents relating to the sale or to disclose the price achieved at auction. Justice Francis Tuiyott found that the bank, then known as Barclays Kenya before its rebrand to Absa in 2020, had failed to call evidence or challenge the borrower’s assertion that proper documentation was never provided. The court ordered disclosure of the auction proceeds and the amount credited to the borrower’s account. That judgment predates the rebrand but the institutional conduct it describes is continuous.

    What Borrowers Must Understand Before Signing

    The Kinyua case should function as a compulsory case study for anyone contemplating a secured long-term facility with Absa Bank Kenya. The charge documentation contains acceleration clauses that, on Absa’s reading, allow it to demand the full outstanding balance immediately upon any default, however minor, however brief, and however thoroughly cured. The bank’s interpretation of those clauses is aggressive. It moves within weeks of a default to issue statutory notices. It does not appear to factor in whether a workout arrangement or cure period would better serve both parties on a long-term facility with income-generating security.

    The practical consequence is that a borrower who signs a fifteen-year mortgage with Absa is not actually secured for fifteen years in any meaningful sense. They are secured only for as long as every single installment lands on time. A single slip, whether caused by a bank processing delay, a personal cash flow disruption, or even a disputed debit, can trigger a process that within months places their property under auction notices. The cure period that common sense and commercial fairness would imply exists, apparently does not, unless it is explicitly negotiated into the charge document and specifically preserved against the general acceleration clause.

    Potential borrowers dealing with Absa would be prudent to insist on explicit cure windows before acceleration can be triggered, stricter definitions of what constitutes a material default sufficient to activate foreclosure, and procedural requirements that compel the bank to issue a demand for specific arrears before it can recall the entire facility. Without those protections in writing, the standard Absa charge instrument appears to leave the borrower entirely exposed to the bank’s discretion. And the documented pattern suggests that discretion will not be exercised in the borrower’s favour.

    A Bank That Does Not Trust Its Own Relationships

    The deeper problem at Absa is cultural. A financial institution that simultaneously battles a Sh1.5 billion data breach claim in Mombasa, faces Senate demands for its CEO to explain pension fraud in its branches, has insider fraud convictions from its Karen Prestige branch, is embroiled in a Sh26 million signatory dispute at a sports club, is pursuing a Sh4.5 billion fraud prosecution against external actors who allegedly deceived its own officers with forged documents, and is in the High Court defending its decision to auction a regularised loan due in 2039 is not experiencing isolated incidents. It is experiencing a systemic failure of institutional character.

    That failure has two faces. One faces outward toward borrowers: a confrontational enforcement posture that treats the first technical default as a licence to collapse an entire long-term credit relationship. The other faces inward: a vulnerability to insider misconduct and external fraud that has cost the bank hundreds of millions in direct losses and exposed clients ranging from retirees to transport companies to serious financial harm. Absa describes itself as an African bank committed to customer partnership and long-term relationships. Its conduct in court after court, and in parliamentary hearing after parliamentary hearing, suggests a more transactional and considerably less generous reality.

    The High Court’s intervention in Sigona has bought John Maina Kinyua time. It has not restored the rental income disrupted, refunded the legal costs incurred, or compensated for the months of uncertainty during which his tenants may have received notice that their landlord’s properties were headed to auction. It has not changed the charge document he signed or the acceleration clauses it contains. And it has not produced from Absa a public statement acknowledging that pressing ahead with a sale process after its own bank statements showed zero arrears was anything other than optimal risk management.

    Until the bank offers something more substantive than a commercial contract defense, every Kenyan considering a long-term secured loan with Absa is entitled to read the Kinyua judgment carefully. It is not just a court ruling. It is a warning issued in plain language by the institution that is supposed to be the last line of protection between a creditor’s contractual power and a borrower’s constitutional rights. The courts are doing their job. Absa would do well to examine whether its current approach is doing the bank, its clients, and the wider banking sector any credit at all.

  • The Rot Inside Absa: How Bank Insiders Are Looting Nairobi’s Customers

    The Rot Inside Absa: How Bank Insiders Are Looting Nairobi’s Customers

    The Employment and Labour Relations Court did not mince words. When Justice Radido Stephen delivered his verdict in the case of Lilian Adhiambo, the former branch manager of Absa Bank Karen Prestige, the language was clinical but devastating: gross misconduct, negligence, failure of due diligence, and a senior banking officer who used her two decades of institutional authority to open the vaults to strangers.

    Adhiambo was fired in November 2019 after forensic investigators linked her to a syndicate that drained Sh6.3 million from customer accounts.

    The court, having reviewed the forensic reports, upheld the bank’s decision as fair and lawful. But the real story of what happened inside that Karen branch is not a story about one rogue manager.

    It is a story about a bank whose internal controls are so porous that fraudsters need nothing more than an insider with a pen and access to an RTGS terminal.

    Kenya Insights has reviewed court records, forensic report summaries, whistleblower testimony, regulatory filings, and the bank’s own annual disclosures.

    What emerges is a pattern stretching from Karen to Nyali, from physical counter fraud to digital data theft, from branch managers approving suspicious transactions to senior executives inside the Timiza digital lending division allegedly hawking customer data on the black market.

    This is not a bank that has been unlucky.

    This is a bank that has, for years, harboured the conditions for fraud to thrive.

    THE KAREN PRESTIGE JOB

    On October 13, 2019, a withdrawal of Sh3.6 million was processed from a customer account at Absa Bank’s Karen Prestige branch.

    In the days that followed, more withdrawals and electronic transfers totalling over Sh6.3 million moved through the same branch, all bearing the authorisation of Lilian Adhiambo, a woman who had spent over three decades building her career inside the walls of the institution then known as Barclays Bank of Kenya.

    According to court documents, Adhiambo did not just fail to stop the transactions.

    Forensic investigators found that she actively participated in their facilitation.

    She approved Real Time Gross Settlement transfers despite glaring irregularities in the documentation.

    She failed to verify the identification documents of individuals presenting themselves at the counter. She communicated directly with a non-customer who was a suspect in the fraud ring.

    And, in what the court would later describe as perhaps the most damning detail, she advised the suspects to withdraw part of the looted funds in cash and channel the remainder through RTGS to avoid detection.

    “She was required to exercise due diligence before approving any transactions, even where her junior staff had already approved them.” — Employment and Labour Relations Court

    Adhiambo denied everything. She told the court that her role was limited to authorising transactions after junior officers and other departments had already verified them.

    She challenged the forensic reports as speculative.

    She argued the disciplinary process was unfair and that she was denied a right of appeal. She sought reinstatement, 12 months’ salary of Sh6.49 million, one month’s salary in lieu of notice of Sh500,145, and a decade of service pay amounting to Sh10 million.

    The court dismissed nearly all of her claims.

    The judgment found that the bank’s senior forensic investigator, Michael Ngobo, had presented overwhelming evidence.

    The court awarded her only Sh575,022 for 24 days of untaken annual leave and declared everything else forfeited by her own hand.

    The ruling was categorical: a branch manager with 31 years of banking experience is not merely expected to rubber-stamp what junior officers have done. She is the last line of defence. She failed it.

    A SYSTEM BUILT TO BE EXPLOITED

    What the Karen Prestige case exposes is a structural vulnerability that Absa Bank has refused to address with sufficient urgency.

    The fraud relied on a deceptively simple mechanism: a senior officer with unilateral RTGS authorisation authority, no mandatory second-tier verification from an independent department, and a culture in which subordinates defer to rank rather than flag red flags.

    Adhiambo could approve massive transfers, communicate with external contacts about those same transfers, and observe glaring documentation failures, all without triggering a real-time internal alert.

    Banks in Kenya are required under Central Bank of Kenya prudential guidelines to maintain robust internal controls, including maker-checker protocols for high-value transactions and independent compliance monitoring.

    In a properly functioning system, a branch manager authorising an RTGS above a defined threshold should trigger an automatic escalation to a compliance officer who has no reporting line to that manager.

    The Karen Prestige transactions occurred precisely because that firewall either did not exist or was bypassed. Nobody outside the branch noticed Sh6.3 million leaving customer accounts in tranches over a matter of weeks.

    This is not an isolated operational failure. It is consistent with a broader pattern that whistleblowers, court records, and the bank’s own financial disclosures have now made impossible to dismiss.

    TIMIZA: WHERE CUSTOMER DATA GOES TO DIE

    While the Karen Prestige trial was working its way through the courts, a separate catastrophe was unfolding inside Absa Kenya’s Timiza digital lending arm.

    A whistleblower from within the Timiza credit department delivered an explosive account to investigative outlets in mid-2024, alleging that the bank’s own executives had been harvesting customer data without consent and selling it on the black market.

    The whistleblower, who feared retaliation but was determined to speak, named Christine Marandu, identified as Head of Credit, and Chiera Waithaka, identified as Credit Risk, as the architects of what was described as a culture of data abuse inside Timiza.

    The allegations are specific and verifiable by digital audit: since 2023,

    Timiza has allegedly been extracting SMS content from customers’ phones, including financial transaction records and personal messages, and transmitting the data to a third-party server identified as PNGME, without anonymisation, without customer consent, and without any disclosure in the product’s terms and conditions.

    Collins Ouma, Timiza’s technical lead, is said to have acquired in excess of 100,000 customer records for personal use.

    Waithaka reportedly explored avenues to monetise the stolen dataset during internal meetings.

    The extracted financial data was subsequently used for targeted marketing and, in some cases, sold directly to competing financial institutions. Attempts by staff to raise concerns internally were met with intimidation.

    Forensic officials inside Absa are accused of demanding bribes to suppress internal investigations. One executive is named as being under DCI scrutiny in connection with the Sh179 million Equity Bank heist.

    The Timiza scandal did not emerge in a vacuum. It followed on the heels of a formal investigation by the Central Bank of Kenya into a growing volume of complaints against Absa Kenya, encompassing sexual harassment, insider fraud, and systemic ethical failures.

    Absa Group in South Africa had separately launched an internal probe into its Kenyan branches, driven by what insiders described as the alarming frequency and gravity of complaints.

    A source familiar with that probe described an environment of coercion in which junior employees were expected to pay bribes to supervisors for promotions, and in which sexual favours were used as currency for advancement.

    The Nyali branch carries its own grim footnote. An employee, Oscar Owino, died in August 2023 under circumstances his colleagues found suspicious, in the immediate orbit of a romantic dispute involving a fellow member of staff. The matter was not widely reported. The bank has not publicly addressed it.

    THE NUMBERS ABSA DOES NOT WANT YOU TO READ TOGETHER

    Absa Bank Kenya is required by the Nairobi Securities Exchange to publish annual sustainability and fraud disclosures.

    Those disclosures, read in isolation, are presented as evidence of the bank’s vigilance. Read together, they tell a different story.

    FRAUD EXPOSURE TRACKER

    2022: Sh107.7 million lost to fraud; Sh59.1 million recovered

    2023: Sh49 million net fraud loss; Sh32 million recovered; Sh498 million in potential losses thwarted

    2024: Sh58 million net fraud loss; Sh227 million recovered; Sh334 million in potential losses stopped

    2024: Absa Kenya reported blocking Sh306 million in fraud attempts; Sh169 million still lost

    2024 (CBK): Banking sector cyber fraud losses rose to Sh1.5 billion nationally, nearly quadrupling in one year

    2024: TransUnion ranked Kenya 10th globally for suspected digital fraud exposure

    Timiza (2018): Sh180 million vanished under allegations of insider-linked loan defaults

    Timiza (2022): Sh20 million lost under suspicious circumstances

    The bank’s narrative is that its systems are improving, that recoveries are rising, and that its fraud detection investments are bearing fruit.

    What the disclosures do not explain is why, if the systems are so much better, net losses are still climbing year on year.

    They do not explain why a bank that publicly warns customers against social engineering is simultaneously alleged by its own employees to be facilitating data theft that makes social engineering trivially easy.

    And they do not explain why a senior manager could drain Sh6.3 million from a prestigious Nairobi branch over multiple weeks without a single automated alert reaching an independent compliance desk.

    The gap between Absa’s public messaging and its internal reality is not measured in millions.

    It is measured in the complete absence of accountability that has allowed a carousel of fraud, both physical and digital, to persist across multiple branches and multiple product lines over multiple years.

    THE BROADER BANKING ROT

    Kenya’s banking sector is not singling out Absa as uniquely corrupt.

    The Central Bank of Kenya’s Financial Sector Stability Report for 2025 documented that cyber fraud cases in the sector more than doubled in 2024, rising from 153 to 353 incidents, with total losses jumping from Sh412 million to Sh1.59 billion in a single year.

    Mobile banking bore the heaviest toll, with Sh810.68 million stolen, a 344 percent increase. Card fraud surged sixteen-fold to Sh263.29 million. Identity theft rose six times to Sh199.08 million.

    The Communications Authority of Kenya reported 7.9 billion cyber threats in the first eight months of 2025 alone, double the volume recorded across the entirety of 2024.

    Yet the CBK’s official position remains that Kenya’s banking sector is resilient.

    Former compliance officers speak of a shadow industry centred in Nairobi suburbs like Utawala and Ruiru, where rings of insiders and external fraudsters coordinate attacks in real time on mobile banking platforms.

    Equity Bank confronted its own existential insider crisis most dramatically in 2024, when a manager on leave orchestrated a Sh1.5 billion heist through 47 seamless inter-account transfers, with his own father implicated as a co-conspirator.

    Equity CEO James Mwangi subsequently announced the mass firing of 1,500 staff, making the declaration with the directness banks rarely summon: he was being ruthless, and he did not care how many people he lost.

    Absa Kenya has made no equivalent public declaration. It has fired staff quietly, upgraded systems on paper, and continued posting sustainability reports that describe the problem without confronting it.

    WHAT ABSA’S OWN CUSTOMERS HAVE REPORTED

    In October 2024, a customer shared a detailed account of how his Absa Bank account was emptied in what he described as a coordinated inside job.

    The attack followed a pattern that forensic cybersecurity experts now classify as a hybrid vishing and insider-enabled breach.

    He received a call from a number he could verify was Absa’s official customer service line, 0722 130120.

    The caller claimed an unauthorised withdrawal attempt had been made on his account and urged him to confirm his account number to protect himself.

    Trusting the official number, he complied.

    What the customer did not know was that the caller already possessed his national identification number, his registered email address, and his full name, information that could only have been sourced from within the bank’s own customer database.

    When he logged into his account shortly after the call ended, his balance was effectively zero. “Little did I know they were working together,” he said. The case is illustrative of precisely what the Timiza whistleblower alleged: that stolen customer data is weaponised to give external fraudsters enough personal detail to bypass the suspicion threshold of even vigilant account holders.

    This is the terminal consequence of insider data theft. It does not merely expose customers to a generic scam. It creates fraudulent encounters so specific, so laden with private detail, that customers have no rational basis to distrust them.

    A REVOLVING DOOR WITH NO INDUSTRY BLACKLIST

    One of the most alarming structural failures in Kenya’s banking sector is the absence of a shared database of employees dismissed for fraud and ethical violations.

    When Absa fires a branch manager for fraudulent RTGS authorisations, that manager’s name does not appear on any list that KCB, Co-operative Bank, NCBA, or any other lender can access before hiring them.

    They walk out of one bank and into the interview room of another.

    The CBK has acknowledged the problem.

    Its supervisory reports note that players in the industry are now deploying artificial intelligence and machine learning to monitor their own employees, an astonishing inversion of what internal controls were designed to do: instead of systems that prevent fraud before it happens, banks are building surveillance architectures to catch employees after the fact.

    Absa has specifically committed to overhauling its back-end processing with machine learning and AI-driven early fraud detection. It has been making that commitment for three years. Sh6.3 million disappeared from Karen while that commitment was being made.

    PR NIGHTS AT THE BANK

    Absa Bank Kenya is not unaware of its image problem.

    It runs the Kaa Chonjo consumer education campaign in partnership with the Kenya Bankers Association, now in its fifteenth year, advising customers never to share PINs, verify unexpected calls through known numbers, and treat unsolicited links with suspicion. It publishes fraud and scam tips on its website, warns against vishing, phishing, smishing, and quishing, and reminds customers with bureaucratic regularity that the bank will never ask for an OTP over the phone.

    What Absa does not publish is a frank account of how many of the frauds its customers have suffered were enabled not by customer negligence but by the bank’s own insiders. It does not tell customers that the person calling from an official Absa number with their ID number and email address may have obtained that information from inside the bank’s own systems. It does not disclose how many employees it has dismissed for data-related offences, or whether any of those employees have been prosecuted. It does not explain what disciplinary action, if any, was taken against the executives named in the Timiza whistleblower report. It has not publicly addressed the death of Oscar Owino at the Nyali branch.

    The bank’s sustainability reports speak of commitment to customer protection, robust controls, and a secure banking environment. They are written for shareholders and regulators. They are not written for the customer whose account was emptied by someone who already knew his name.

    Absa publishes annual sustainability reports. It does not publish the number of customers whose data was stolen by its own staff.

    A High Court in Mombasa has already ordered Absa to pay Sh1.5 billion to a transport firm for leaking confidential financial statements to third parties without the client’s consent, a judgment that the bank had to be forced to defend. The pattern of legal exposure, regulatory scrutiny, internal whistleblowing, and documented physical and digital fraud has reached a scale that corporate communications campaigns can no longer contain.

    Absa Bank Kenya did not respond to Kenya Insights’ requests for comment on the specific allegations outlined in this report, including the Timiza data theft allegations, the death of Oscar Owino at the Nyali branch, and the adequacy of its internal controls in the wake of the Karen Prestige fraud judgment.

    The Employment and Labour Relations Court’s judgment in the case of Lilian Adhiambo versus Absa Bank Kenya is publicly available on the Kenya Law database. The forensic investigation was conducted by Michael Ngobo of Absa Bank’s internal security division. The whistleblower accounts referenced in this report were originally disclosed to investigative platforms in mid-2024 and have been corroborated by separate sources familiar with CBK’s inquiry into the bank.