Saying African Telcos Are ‘Inadequately Prepared’ for Mobile Money Fraud Smacks of Unconscious Racism

Is it possible for a black man to be racially prejudiced against other black people? This is the question we must regrettably consider as we seek to understand a damning claim about anti-fraud and anti-money laundering (AML) practices in African mobile operators. A recent TM Forum article asserted that African mobile operators are still not prepared for the risks surrounding mobile money even though M-PESA, the best known, most emulated and most extensive mobile money service, was launched by Kenyan operator Safaricom over 15 years ago, in March 2007. Written by Yusuf Joosub of SAS Institute and John Mark Ssebunnya of MTN Group, their article disparaged the quality of mobile money controls implemented by African mobile operators.

Unlike traditional financial institutions like banks, Fintechs and mobile operators are inadequately prepared to prevent fraud or money laundering activities.

I find this to be a shocking generalization. It is inconsistent with the controls described to me by experts from African telcos Safaricom and Vodacom. Africans have more experience of dealing with the risks surrounding mobile money than professionals on other continents. However, it is clear from the context that the criticism in this TM Forum article is specifically targeted at Africans.

By the end of 2025, 615 million people across Sub-Sahara Africa will subscribe to some form of mobile service, the equivalent to half of the region’s population. In most parts of Africa, people have struggled to open and operate traditional banking accounts. Fintech providers have stepped in and delivered mobile money platforms. This has resulted in digital financial services providers – mostly mobile operators led – having access to citizens that not even governments have details on. But there is a darker side to this potential, one that creates significant security concerns.

However, the article provides no examples of important risk mitigations that originated with African telcos or regulators and have since been copied elsewhere, such as creating APIs so banks and other institutions can check if a SIM has recently been replaced.

I reached out to both authors and asked them to comment on the racial implications of suggesting Africans had failed to address serious crimes over a prolonged period, and how they might justify the generalization that African mobile operators have taken inadequate steps to prevent fraud and money laundering. Ssebunnya wrote that he knew “many Fintech (sic) are still lacking” in the domain of fraud and AML but would not provide any detail to support his claim. It is not clear how much knowledge Ssebunnya has about fraud and AML controls outside of MTN Group, as his LinkedIn profile states it has been almost 8 years since he worked anywhere else. Joosub chose not to respond directly but passed on my queries to Thomas Maier (pictured), who described himself as Head of Communications at SAS Institute although the company’s website says he is only a Senior Manager in that function. Maier said the wording of the TM Forum article…

…is fully in line with SAS’ principles. Accordingly, there is nothing further to comment or correct on this blog post from the author’s side.

It is not clear why my messages to Joosub were routed to Maier, who is based in Germany, and not to a public relations representative of SAS Institute based in South Africa, the country where Joosub works. Maier chose not to respond to the observation that it was problematic for a white German to defend an article that implied African fraud and AML laws must be inadequate or that African businesses must be failing to comply with those laws. The lack of cultural awareness is startling when you consider Thomas Spaniel, a leading member of Germany’s police trade union, has described Germany as a “money laundering paradise” and that Deutsche Bank is currently mired in a money laundering scandal. It seems even ‘traditional financial institutions’ like Germany’s largest bank can also be ‘inadequately prepared’ to prevent money laundering, 150 years after it was founded!

Whilst Maier is undoubtedly experienced in the theater of public relations, he was demonstrably mistaken about the article needing no correction. The article is mostly a string of opinions, backed by few objective facts, but the authors still managed to get one of those facts wrong. Joosub and Ssebunnya claim: “When launched in 2007, MTN Mobile Money allowed customers to create accounts to pay, collect, and transfer funds using their mobile phone and the carrier’s network.” MTN’s first mobile money service was launched in August 2005, as corroborated here, here, here and here. That service was provided in partnership with Standard Bank but proved to be a flop, so MTN sold their share of the joint venture and only relaunched mobile money in South Africa in 2012. Some other MTN companies based in more favorable markets launched mobile money services during the interim, but I can find no evidence of any MTN opco launching a mobile money service during 2007.

The authors may have a shaky grasp of the history of mobile money, but if they really believed that MTN has 15 years’ experience of providing mobile money services then it would be strange for them to believe their own company has not yet ‘prepared’ for the associated risks. We talk of preparation when thinking of what lies ahead, not the ongoing experiences we have long been exposed to. Are they suggesting MTN has suffered a large degree of fraud and enabled an intolerable degree of money laundering over the last decade? Or if they are discussing the failings of other businesses, how was their information obtained? Their claims are made all the stranger by unfavorably comparing mobile operators to banks; MTN has typically rolled out its mobile money services in cooperation with banks that have experience of the compliance requirements in each national market. If MTN did not satisfy legal requirements relating to fraud and AML then presumably their partners should also be considered failures because their banking partners would have been advising MTN on how to meet those obligations. Even banking regulators are effectively being criticized here, because they should stipulate AML obligations, and know how they will be policed in practice.

The opinions expressed by Joosub and Ssebunnya contradicted what I have learned about the controls that African telcos have implemented around mobile money. However, I cannot claim much hands-on experience in this field so I asked for advice from one the top experts in mobile money risk management. Joseph Nderitu was instrumental in the development of controls surrounding the launch of M-PESA when he was employed by Safaricom. He is now a Director of the specialist consultancy Integrated Risk Services and has advised a string of telcos across Sub-Saharan Africa about mobile money fraud and AML. I interrupted Joseph during a financial risk management project he is currently undertaking for a mobile money provider in the Democratic Republic of the Congo to ask for his response to Joosub and Ssebunnya’s article. This is what Joseph said to me:

[Mobile money] is a fast growing service, reaching the masses, requiring that we adapt our systems and processes constantly. I speak to heads of assurance in telcos regularly. None of them pretends that it is not a challenging area. Yet, they have been able to rally their teams to ensure that these “massive banks that run on telco systems” are well protected. Customers have shown they trust us with their money. There were no guidebooks for anybody to reference for mobile money assurance – so pretty much everything that has been done was achieved by creatively adapting assurance models. We can’t argue with the growth and the numbers – we have done well. Otherwise, this would have collapsed like a house of cards. Surely, it should be possible to acknowledge that it is a Herculean task but also celebrate the skill and dedication of the people who are doing it, and have done it for years?

Hey, even banks are impressed with us. In Tanzania, I remember running telco mobile money forums that would invite representatives from banks. We actually had the secretariat of the Tanzania Bankers Association (TBA) attending our sessions and they praised the work that was being done by the RA, fraud, AML and cybersecurity teams in telcos. The CEO of the TBA attended some of the sessions. She instructed the secretariat to ensure minutes of our deliberation during such sessions went out to all banks.

Joseph also shared his thoughts on why some black Africans may indulge stereotypes about African risk professionals being less sophisticated than counterparts in other parts of the world.

I used to believe that Africans are disadvantaged because they do a poor job of telling their stories. It seems we must not only tell our stories but we must also be careful who, amongst us, is telling the stories. Sadly the people doing the hard work hardly tell their stories.

He also made a recommendation for how Joosub and Ssebunnya should tackle the next article they write about mobile money fraud.

It would have made a difference if the authors spoke to people who are really at the frontlines – they are not in short supply!

Most of my understanding of mobile money risk management has come from Joseph so I also spoke to other people responsible for fraud management in African telcos to hear their opinions. An experienced fraud manager who works for a large African telco told me they wanted to remain anonymous in case they have to work with Joosub and Ssebunnya in future but was happy to provide the following quote for this article.

On reading this article the writers said ‘Fintechs and mobile operators are inadequately prepared to prevent fraud or money laundering activities’ which is a very general and blanket statement without providing quantifiable proof. Mobile money started in Sub-saharan Africa and has grown like any other service that satisfies a need. With any new product or service, new risks arise and those that face them have to try their very best to limit those risks. Therefore to highlight that all Fintechs and Mobile operators lack preparedness is just not fair.

I could go on listing more opinions but the thrust is always the same: African risk professionals deserve credit for how well they have managed the risks associated with mobile money. The outcome may not always be perfect but it is wrong to suggest African telcos have generally failed to prepare for fraud and AML risks. On the contrary, African telcos have keenly anticipated mobile money risks. African professionals have often had to be inventive in their approach because there were few sources of practical advice. Banks can serve as useful partners for telcos but many aspects of the risks created by mobile money were new to banks as well. Joosub and Ssebunnya went too far in their criticism of African mobile operators and African professionals working in risk management.

It was also politically naïve for Joosub and Ssebunnya to imply criminals can wantonly abuse mobile money services. It would not be in MTN’s interests to suggest their customers are risking their money by using MTN’s mobile money service, so we must presume that nobody in MTN’s public relations function thought this article would be noticed by ordinary customers. It is also unlikely that the regulatory affairs team within MTN would want this article to be shown to agencies who could respond by imposing new anti-fraud and AML compliance obligations on mobile operators. One positive identified by Ssebunnya and Joosub is the way mobile money is improving the life of many Africans. However, they seem to be unaware that services can be threatened by governments who have their own reasons to take away the freedom that comes with using a phone to transfer money. The Zimbabwean government is systematically crushing mobile money services that had enjoyed widespread adoption amongst ordinary Zimbabweans. The government uses the excuse that they have intervened to prevent fraud and money laundering when the truth is that they are trying to control the flow of money to curb a steep climb in inflation caused by the government’s own fiscal policies.

The most generous interpretation of Ssebunnya’s and Joosub’s article is that they know less about fraud and AML outside of MTN than they pretend, but they want to make themselves sound good by making others sound bad. This is not uncommon in the world of telecoms risk management. Measuring performance is difficult. One of the easiest ways to beat management expectations is to first lower those expectations by claiming others have done a lousy job. I would discourage that approach. Businesses need to help each other to reduce fraud and money laundering just as staff within a telco need to work together. Shaming peers and colleagues is not an effective way to encourage cooperation, especially if your accusations are vague because you refuse to back them up with demonstrable facts. It is especially foolish to put down African professionals. They collectively need to combat negative and often racist perceptions about their competence and dedication. It is rare to hear Asians drawing attention to problems with fraud. Europeans and North Americans typically like to highlight how well they are doing, even if they have sometimes have an exaggerated sense of their abilities. The last thing Africans need is to encourage the belief that their continent is uniquely lawless and corrupt, especially when it comes to a digital service where African businesses have established themselves as the unrivaled global leaders.

A recent Commsrisk article highlighted the potential for a two-tier approach to governing international phone calls. Telcos in rich white countries like the USA, UK and Australia would immediately be granted the highest status of trust, even though there is lots of data indicating billions of illegal robocalls originate within the USA. Anyone outside of this circle of trust, including Africans, would be expected to earn the right to have their calls treated with the same respect. They will not be judged solely on whether they have met the same technical standards as the privileged white countries but will effectively be put on probation. No explanation is given for who needs a probation period and who can skip straight to the front of the line. The only explanation is that inhabitants of the inner circle – who uniformly belong to rich Western countries that are predominantly white – have convinced themselves that they are superior, and see no need to provide evidence to substantiate this belief. In such circumstances, it is a grave mistake to feed their prejudices. Africans can show examples where they have been world leaders in countering fraud and money laundering. African strengths should be highlighted too. I believe unconscious racism is one root of the obvious disparity between those who proclaim themselves fit to govern global fraud management, and those who seek to get ahead by debasing themselves and their neighbors.

I am a white man who has been fortunate enough to learn about the impressive and innovative techniques developed by black African professionals to address the risks surrounding mobile money over the course of the last decade. Neither my color nor their color should matter. My admiration is based on the quality of their work and nothing else. Having seen examples of the quality of this work, I then find it jarring to encounter biased beliefs about African telcos when speaking to some professionals in Western countries. This typically manifests as the unsupported assumption that every risk management innovation comes from the West and is only later copied by risk professionals elsewhere. My own experience conflicts with this because I keep encountering examples of innovation from the countries that are stereotypically supposed to lag behind. One important difference is that professionals in those countries are forced to innovate for themselves more, but are less likely to share their innovations, because they lack the same social and professional structures to help them communicate sensitive work-related information with each other. This encourages the misapprehension that the best (or only) professional training comes from Westerners.

One especially malignant example of racial bias in perceptions about professionalism is Papa Rob Mattison’s GRAPA, where even the students perpetuate the myth that they received a higher quality of education because it comes from the USA. They maintain this belief even though Mattison is essentially unknown to US telecoms risk professionals. Mattison and his ilk take advantage of the myth of the white man’s burden, the previously common belief that darker-skinned people need to be governed, educated and civilized by white colonial masters. They rely on the assumption that anything that comes from a white country like the USA must be better than alternatives that Africans and Asians could produce for themselves. They do this because they cannot substantiate why black people should pay white people for approval, and not vice versa.

Unconscious bias is real though it is also an inherently difficult problem to tackle. It befits risk professionals to be sensitive to the possibility of unconscious bias because such a bias can also be the source of a bad decision that runs contrary to objective data. Risk professionals who prefer to use technology and data to solve every problem should still acknowledge the potential for their work to be rendered redundant when decisions are influenced by unconscious bias. This article in Psychology Today offers a straightforward, though US-oriented analysis of the essentials of unconscious racism. It focuses on the US experience but that has some relevance to the culture of telcos globally because white Americans are most likely to benefit from unjustified beliefs about the superiority of their work in the field of telecoms risk management. The Royal Society, the UK’s national academy for the sciences, has a four-page guide that is designed to help people identify and reduce unconscious bias. It is well worth reading the Royal Society’s advice because it acknowledges the difficulty of reducing unconscious bias whilst making simple recommendations that all of us should follow every day.

The myth of the white man’s burden would not persist if it was comprehensively rejected by black and brown people. The tragedy of unconscious racism is that some of its victims allow themselves to become champions of institutional racism. They may behave as if it is inevitable that a white professional is superior to others. They may be more critical about black professionals than they would be about white professionals. Who are Ssebunnya and Joosub comparing Africans to, when they generalize about Africans being ‘inadequately prepared’? Who should be preparing Africans for the risks associated with mobile money? The only credible answer is that Africans set the standards, and it is the responsibility of Africans to prepare everyone else on this planet. Africans have most experience of managing mobile money risks. Setting standards and preparing others means positively articulating what is essential for risk mitigation whilst promoting examples of superior work. This will not be accomplished by complaining others are failing to do an adequate job whilst refusing to explain the basis of that criticism.

The TM Forum article by Yusuf Joosub of SAS and John Mark Ssebunnya of MTN Group can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.