Kenya’s private sector is expanding its workforce again, but in the rush to hire, it risks letting a costly and preventable threat slip through the cracks.
As businesses prepare for year-end demand and competition for talent intensifies, many firms may unwittingly recruit the very people who will defraud them.
The solution is not to slow hiring but to raise the bar: to pair urgency with vigilance, and ambition with accountability. Companies that fail to do so may find that their biggest threat this quarter does not come from the market, but from within.
Recent data show that business activity is rebounding. The Stanbic Bank Purchasing Managers’ Index rose to 51.9 in September, its first expansion since April, signalling renewed optimism and the fastest job creation since May 2023.
Across Kenya, companies are staffing up for the busy final quarter. Yet optimism should not breed complacency. When firms expand rapidly, background checks loosen, oversight thins, and controls are stretched. That is when insider fraud thrives.
Globally, occupational fraud is not an anomaly; it is a structural weakness. The Association of Certified Fraud Examiners estimates that organisations lose about five percent of annual revenue to fraud each year. The median loss per case is roughly $145,000, and many schemes persist undetected for months before discovery.
Contrary to popular belief, most frauds are not exposed by data analytics or forensic audits but by people-whistleblowers account for 43 per cent of detections.
The pattern is depressingly familiar: weak processes, unchecked access, and misplaced trust. More than half of all reported cases stem from poor or absent internal controls.
The most common form of occupational fraud is asset misappropriation-ghost workers, inflated claims, doctored expense reports, and fictitious suppliers. Though often smaller in scale than cooked books or procurement collusion, these acts collectively cost billions.
Procurement fraud remains one of the three most disruptive economic crimes globally, behind only cybercrime and corruption.
In Africa, the impact is particularly heavy, eroding productivity, distorting markets, and undermining investor confidence. Kenya is no stranger to this problem. Government audits continue to unearth ‘ghost workers’ and irregular payrolls-red flags that should alarm any private-sector leader.
The Public Service ministry recently concluded a national payroll audit, identifying rogue employees whose names may soon be made public. Meanwhile, the Ethics and Anti-Corruption Commission is pursuing asset recovery cases worth an estimated Sh49.5 billion, with billions more tied up in civil suits.
These figures are not abstract. They reflect a culture of internal manipulation that costs the economy jobs, investment, and credibility.
Kenya’s score of 32 out of 100 on Transparency International’s Corruption Perceptions Index, ranking 121st globally, reinforces the scale of the challenge.
Regionally, the African Union estimates that corruption drains about $148 billion from the continent each year-roughly one quarter of Africa’s total gross domestic product growth potential.
At the same time, the cyber-security agency KE-CIRT continues to list phishing and social engineering among the top forms of attack in Kenya. Many such breaches originate inside organisations, where trusted employees exploit system weaknesses or override safeguards.
Yet even in this landscape, the solution is within reach. Kenyan firms have successfully embedded ‘Know Your Customer’ protocols into their dealings with clients and suppliers.
The next step is to apply the same discipline internally through ‘Know Your Employee’ principles.
In practice, this means treating every new hire, transfer, and promotion as both a talent opportunity and a risk decision. Proper screening must become non-negotiable. Verification of identification documents, academic and professional qualifications, and previous employment history should be standard practice. For sensitive roles, lawful criminal and credit checks are essential.
As Kenya rolls out its Maisha Namba digital identity system, employers have a chance to streamline these checks, provided they adhere to data protection rules and ethical standards. Identity assurance should be viewed as a core business function, not an administrative burden. Beyond hiring, companies must design out opportunities for fraud.
Duties around procurement, payroll, and payments should be separated so that no one individual controls an entire process. Changes to supplier bank details or new vendor approvals should require dual authorisation. Staff in high-risk departments should be rotated periodically, and access rights limited to the bare minimum.
Studies by the ACFE show that strong internal controls not only reduce losses but also speed up detection.
By contrast, frauds that exploit control overrides or loopholes tend to inflict the greatest financial damage. Continuous monitoring is another critical line of defence. Payroll and vendor records should be analysed regularly to flag suspicious activity-duplicate bank accounts, round-number invoices, weekend approvals, or newly created vendors receiving instant payments.
Procurement, both in the public and private sectors, remains the single largest avenue of leakage, and it demands constant oversight rather than occasional audits. Whistleblower systems also deserve greater investment. Nearly half of all fraud cases are exposed through employee tips, yet many organisations still lack anonymous reporting channels or clear protection for those who speak up.
Building a culture of openness-where staff are encouraged to report anomalies without fear-can be a company’s most powerful safeguard.
Finally, firms must anticipate where regulation is heading. Kenya’s data protection and cybercrime laws are tightening, and authorities are ramping up enforcement. Insider lapses that once attracted mild sanctions now carry real financial and reputational costs.
Boards should view compliance not as a checklist but as a strategic pillar of corporate resilience. Kenya’s fourth quarter will bring thousands of new faces into workplaces nationwide.
Most will be genuine contributors; a few will test the seams. Businesses that pair fast hiring with rigorous verification, that balance trust with control, and that invest in integrity as seriously as they invest in growth will emerge stronger. Those that do not risk learning, once again, that the costliest fraud is not the one that happened-but the one they hired.