When Margaret Wanjiku last visited her late father’s Co-operative Bank branch in Kariobangi in early 2021, she was not expecting trouble. Her father, a retired civil servant who had died in 2018, had left behind a modest savings account, untouched, dormant, forgotten in the family’s grief. What she discovered instead was that the account had been reactivated months earlier and that transactions had been processed against it. The money was gone. InsideKe.Online reports quoting court documents
“Nobody called us. Nobody asked for a death certificate or probate papers,” she told this reporter, speaking on condition that her surname be changed. “Somebody inside that bank knew that account was sleeping, and they woke it up for themselves.”
Her account is not isolated. A landmark court ruling has now confirmed what banking insiders and fraud investigators have long suspected: that dormant accounts at Co-operative Bank have been systematically targeted by fraudulent insiders who exploit privileged system access to drain funds belonging to inactive or deceased customers, all while circumventing the very security controls the bank publicly champions.
The Case That Cracked It Open
The Employment and Labour Relations Court has upheld the dismissal of a former Co-operative Bank of Kenya relationship manager accused of helping fraudsters reactivate dormant customer accounts, including one belonging to a deceased client. The court also ordered the former manager, Amos Koech, to repay the bank a Sh2.9 million staff loan following dismissal over suspicious viewing of customer accounts and alleged involvement in fraud. 
Koech, stationed in the bank’s Diaspora Banking Unit, a unit handling accounts for Kenyans abroad, many of whom go months without transacting, allegedly became a key facilitator in a scheme that used forged documents to resurrect accounts that had not recorded activity for years. Among the most brazen moves was the use of a fake prison discharge certificate to explain why an account holder had been inactive for an extended period. Investigators later established that the supposed account holder was dead.
The scheme touched at least two branches, Kimathi Street and Kariobangi, where dormant accounts were reactivated following interactions with individuals later identified as impostors. Audit trails drawn from the bank’s own information systems showed Koech accessing customer accounts entirely outside his official mandate. That access log became the cornerstone of the bank’s case against him.
Under cross examination, Koech admitted to accessing accounts that did not fall within his assigned duties, a direct violation of the bank’s confidentiality policies. The court found that admission, combined with internal investigation findings, sufficient to justify his termination.
A Rotten System, Not a Lone Actor
Banking fraud investigators contacted by this publication say Koech’s case is less an anomaly and more a symptom of a structural vulnerability that has festered inside Kenya’s retail banking sector for years.
“The dormant account is the perfect crime scene,” said a fraud investigator at a major Nairobi bank who spoke on condition of anonymity, citing ongoing casework. “The customer is not watching. In many cases, the customer is dead. The estate has not been administered. There is nobody to raise an alarm when money disappears.”
Accounts from victims, bank staff, and law enforcement suggest that most losses of funds are inside jobs. A former compliance officer described a shadow industry in Nairobi neighbourhoods like Utawala and Ruiru which thrives on mobile banking fraud, targeting banks with vast retail operations like Equity Bank, KCB Group, and Co-operative Bank, Kenya’s biggest retail lenders with a combined customer base of over 50 million. 
The mechanics of the scheme, as reconstructed from the Koech court file and separate banking fraud cases reviewed by this publication, typically follow a predictable playbook. A network operative, sometimes a tout, sometimes a former bank clerk, identifies dormant accounts using insider lists or purchased data. A relationship manager or operations officer with system access is then recruited, bribed, or coerced into processing the reactivation. Forged documents, identity cards, court orders, discharge certificates, are manufactured to satisfy the paper trail. Once the account is live, the funds are swept out through mobile money or a mule account before compliance flags are triggered.
The Wider Pattern
The Co-op Bank case sits within a rapidly expanding landscape of insider driven financial crime across Kenya’s banking sector.
The most alarming case occurred in August 2024 when Equity Bank, Kenya’s second largest lender, lost KSh 1.5 billion in an elaborate insider fraud scheme. At I&M Bank’s Kisii branch, former operations manager Daniel Ochieng’ Okweh orchestrated a KSh 27.14 million fraud by disguising lower denomination notes as KSh 1,000 bills, uncovered through an internal audit that exposed discrepancies in cash vaults, ATM balances, and Mobicash float records. 
KCB Group fired 34 employees in the year to December over allegations of fraud and professional negligence, up sharply from 11 cases the year before. 
Fraud cases across the banking sector more than doubled last year, from 173 to 353, with card fraud alone jumping 16 fold to Sh263.29 million, while identity theft rose six times to Sh199.08 million. 
James Odhiambo, a fictitious name used here for a genuine banking compliance source who agreed to speak to InsideKE provided their identity was protected, said dormant account fraud at Co-op Bank has been an open secret among operations staff for years. “The controls exist on paper. But if the person processing the reactivation is the same person supposed to flag it, the control is meaningless,” he said. “Koech was not the first. He was just the one who got caught.”
The Regulatory Blind Spot
Kenya’s banking regulator, the Central Bank of Kenya, has repeatedly pointed to external cybercriminals as the primary threat facing financial institutions. The CBK’s Financial Sector Stability Report 2025 reported cases of cyber fraud in the banking sector more than doubled in 2024, rising from 153 to 353, with the amount exposed increasing to KES 1.9 billion and losses nearly quadrupling to KES 1.5 billion. 
Yet investigators and victims alike say this framing obscures a more uncomfortable truth. Unlike external hackers who must first breach perimeter defences, insiders like Koech already possess the credentials, the institutional knowledge, and the trust needed to make fraudulent transactions appear legitimate. They know which accounts have been dormant longest, which branch officials can be approached, and which document checks are merely procedural.
“The firewall stops people on the outside,” said the fraud investigator. “It does nothing about the person sitting inside with a valid login and the keys to 7.5 million customer accounts.”
For Margaret Wanjiku and others like her, the children of deceased customers, the diaspora workers who trusted the bank with their savings, that distinction is not academic. It is the difference between a father’s legacy and an empty balance.
The court has spoken on Koech. The question now is how many more accounts, still dormant, still unmonitored, are already in someone else’s sights.
