Kigali — Investigations into the major fraud uncovered at Equity Bank Rwanda have intensified, with at least 35 suspects currently in custody as authorities attempt to unravel a complex scheme that siphoned billions of francs from the financial system. Taarifa reports
A bank official told Taarifa that the total volume affected in the fraud reached approximately Rwf4.7 billion. Of this amount, the bank has so far managed to recover about Rwf1.2 billion, leaving approximately Rwf3.5 billion still under recovery.
The clarification follows earlier information received by Taarifa suggesting the amount involved could have reached Rwf85 billion. However, subsequent verification with banking sources indicates that figure was inaccurate.
The Rwanda Investigation Bureau (RIB) is leading the probe, conducting forensic analysis of digital systems, financial transactions and electronic devices seized from suspects.
“We have about 35 people in custody,” the official said. “They cannot be released while investigations are still ongoing.”
Most of those detained are believed to be individuals whose bank or mobile money accounts received suspicious transfers linked to the fraudulent transactions.
Authorities are trying to determine whether the recipients knowingly participated in the scheme or whether their accounts were used by the masterminds behind the fraud.
“You cannot receive Rwf100 million in your account and claim you don’t know where it came from,” the official said. “Investigators want to know who sent the money and why it landed there.”
Among those detained are two Equity Bank employees from the bank’s IT department who work in areas related to data center operations.
The official emphasized that their detention does not necessarily mean they were involved in the fraud, but investigators are examining whether perpetrators may have gained physical or technical access to the bank’s infrastructure.
“The suspicion was that there must have been physical access to the data center,” the official said. “But even that I cannot confirm. RIB needs to complete the forensic investigation.”
Authorities have also detained suspects outside Rwanda.
Six individuals believed to be connected to the fraud were arrested in Uganda. Investigators are currently analyzing electronic devices and digital records obtained from them to determine their role in the scheme.
Police forensic teams are extracting and analyzing digital images from seized gadgets to establish whether the suspects were directly involved or unknowingly used by the network.
“We have to figure out whether they are truly connected to the case, whether they are innocent, or whether they were simply used,” the official said.
Sources have confirmed with Taarifa that the suspected entry point into the system was a platform provided by ESICIA Ltd, a vendor-managed internet banking platform whose system the bank uses under license.
Investigators are now examining whether the platform may have been exploited to gain unauthorized access or manipulate transactions. Authorities are expected to request system access logs to determine who entered the platform, when they accessed it and what actions were performed.
Digital forensic specialists are reviewing server records and user activity trails as part of the investigation.
Contacted for comment, ESICIA Ltd Chief Executive Officer Innocent Kaneza declined to comment on the matter.
The case has also raised broader concerns about vulnerabilities within the mobile money ecosystem, particularly around so-called float purchases.
In Rwanda’s mobile money system, agents purchase electronic value known as float by depositing equivalent funds into a trust account held by a bank. The telecom operator then issues digital value to the agent’s mobile wallet.
That float is meant to be used by authorized agents to serve customers conducting mobile money transactions.
However, investigators suspect that the fraudsters exploited this mechanism.
“What we saw were SIM cards buying float of up to Rwf100 million,” the official said. “Some of those SIM cards had never previously received even Rwf1,000.”
This immediately raised questions about how such large transactions passed through risk management controls.
From the bank’s perspective, the movement of funds into mobile wallets could not have occurred through normal transfer channels.
For example, the daily limit for transferring funds from Equity Bank to a mobile money account is around Rwf2 million per day.
“At that rate it would take thousands of transactions to move Rwf4.7 billion,” the official said. “So this could not have been a normal push-pull transaction.”
Investigators therefore believe the funds were moved through bulk float purchases rather than direct transfers.
The official said some of the SIM cards used to buy float were registered outside Rwanda and were not recognized agents within the mobile money ecosystem.
“That is where the biggest question arises,” he said. “Who issued those SIM cards, who owns them and how were they allowed to purchase such large amounts of float?”
The fraud has also exposed what banking insiders describe as a regulatory blind spot within digital payments.
Unlike traditional banking channels, which have strict withdrawal and transfer limits, float transactions in mobile money systems can sometimes involve very large amounts.
“In the banking system you cannot withdraw more than about Rwf5 million over the counter without scrutiny,” the official said.
Similarly, international transfers above about US$10,000 usually require additional compliance checks.
“But in mobile money, if someone is purchasing float, the amounts can be extremely large,” the official said. “That creates an opening where stolen funds can move very quickly.”
The response from institutions contacted by Taarifa has largely been non-committal.
Rwanda Investigation Bureau spokesperson Dr Thierry Murangira said he had no information about the case.
“I have no information on this case at all,” Murangira said.
A senior official at MoMo Rwanda Ltd said he learned about the case from Taarifa and declined to provide further details.
Attempts to obtain comment from the National Bank of Rwanda (BNR), the country’s financial sector regulator, were unsuccessful.
The lack of clear responses from key institutions reflects what observers say is a troubling pattern of institutional silence around major financial incidents, raising concerns about transparency and accountability in the country’s financial oversight system.
The Equity Bank incident appears to be part of a series of fraud attempts that have targeted several financial institutions in Rwanda in recent months.
Banking sector sources indicate that BPR Bank Rwanda was recently hit by a similar fraud involving approximately Rwf1.2 billion.
NCBA Bank Rwanda also faced a related incident involving around Rwf400 million, although the bank reportedly managed to recover about Rwf250 million.
Bank of Kigali has also been affected by a comparable fraud attempt in recent months, though the exact amount involved has not yet been independently established by Taarifa.
Sources within the banking sector further told Taarifa that even the National Bank of Rwanda has recently experienced attempted cyber intrusions.
In one reported case, the suspected perpetrators allegedly operated from a nearby hotel located less than 50 meters from the central bank’s premises, attempting to penetrate the bank’s network from a short distance outside the facility.
For now, investigators continue to track the movement of funds, identify the organizers of the scheme and determine whether insiders or external actors orchestrated the operation.
Authorities are expected to release more information once the forensic investigations by RIB and financial regulators are completed.
About the Author
