Six Ugandans have been arrested and are set to be arraigned in court on March 23, 2026 in connection with a cross-border digital fraud scheme targeting Equity Bank Rwanda, marking a major development in a case that is rapidly unfolding into one of the region’s most significant banking cybercrime incidents.
According to charge sheet documents obtained from Uganda Police, the suspects are accused of electronically manipulating the banking systems of Equity Bank Rwanda and securing unlawful financial gains estimated at Rwf 4.9 billion (approximately USD 3.4 million).
The case, registered under CRB: 215/2026 at Kampala Metropolitan Police (CPS Kampala), has been brought under the offence of electronic fraud contrary to Section 18 (1) & (2) of the Computer Misuse Act, Cap 96.
Named suspects and charges
The accused have been identified as Mugisha Solomon, also known as Nelson, a 33-year-old businessman from Kira Division in Wakiso District; Enock Mpanga Kazige, a 34-year-old farmer from Namulondo Village in Wakiso District; Katerega Benedicto, a 35-year-old businessman from Matuga in Wakiso District; Kiyimba Faruk, a 30-year-old farmer from Bunamwaya in Wakiso District; Oketcho Gerard, a 31-year-old supporting engineer at Medix Ltd and an Uber driver from Kitezi in Wakiso District; and Katamba Isma, a businessman from Nansana in Wakiso District.
Police documents indicate that the accused, together with others still at large, are alleged to have committed the offence between February 14 and February 18, 2026, operating across Kigali in Rwanda and Kampala in Uganda.
How the fraud was executed
According to the particulars of the offence, the suspects are alleged to have used computer systems to manipulate Equity Bank Rwanda’s banking infrastructure, executing the scheme through deception and securing an unlawful gain of approximately Rwf 4.9 billion from the bank. The charge sheet explicitly states that the group “manipulated the banking system of Equity Bank Kigali,” indicating that the case involves a digital intrusion or system exploitation rather than traditional forms of banking fraud. The reference to “others still at large” further suggests that investigators believe the operation was carried out by a broader, coordinated network beyond the individuals currently in custody.
Cross-border dimension of the fraud
The case highlights the growing complexity of financial crime in East Africa, with the alleged offence spanning multiple jurisdictions. Police documents indicate that the fraud was carried out across Kigali, Rwanda, where the bank’s systems were targeted, and Kampala, Uganda, where part of the operation and associated financial flows are believed to have been coordinated. The arrests in Uganda follow earlier reports from Rwanda indicating that dozens of suspects had already been detained as part of the broader investigation.
Last week, CEO East Africa Magazine reported that Equity Bank Rwanda had detected and contained irregular transactions within its systems, triggering internal security protocols and reversing the majority of the transactions within 24 hours. The arrests now provide concrete prosecutorial backing to that earlier disclosure.
On March 15, 2026, the bank confirmed that it had identified the suspicious activity and acted swiftly to contain it, although it did not disclose the financial value involved. At the time, media reports suggested the fraud could involve billions of Rwandan francs, with figures around Rwf 4.7 billion circulating during the early stages of the investigation.
The amount cited in the Uganda Police charge sheet — Rwf 4.9 billion — closely aligns with those earlier reports, offering the first formal indication of the scale of the alleged fraud.
Equity Bank Rwanda has maintained that no customer funds were lost, indicating that any unrecovered amounts would ultimately be absorbed by the bank itself.
Fast-moving fraud exposes rising digital banking risks
The timeline outlined in the charge sheet suggests the fraud was executed over a five-day period, pointing to a highly coordinated operation capable of rapidly moving large sums through digital channels. Investigators believe the scheme involved system-level manipulation, reinforcing concerns about vulnerabilities in modern banking systems that integrate mobile money platforms, agent networks and third-party digital infrastructure.
The case adds to a growing list of fraud incidents affecting Equity Group across the region, including those linked to digital lending platforms, card transaction systems and insider collusion. Analysts say such developments reflect the evolving nature of financial crime in East Africa, where rapid digitalisation has expanded both financial inclusion and exposure to cyber threats.
The six suspects are expected to appear in court on March 23, 2026, where prosecutors will formally present charges. Authorities are likely to provide further details as investigations continue, particularly regarding additional suspects still at large, the methods used to access and manipulate the banking system, and the extent of funds recovered. For now, the case marks a significant escalation in what is increasingly seen as a major cross-border cybercrime operation targeting one of East Africa’s largest banking groups.
Why April–June is Known as the Transfer Window in Uganda’s Banking IndustryPattern of fraud incidents raises deeper questions for Equity Group
The unfolding Rwanda case is likely to intensify scrutiny on Equity Group’s ability to contain fraud risks across its rapidly expanding regional operations, particularly coming just months after a sweeping internal integrity crackdown that saw more than 1,000 employees dismissed over suspected misconduct.
Despite these aggressive measures, the bank has continued to face a series of fraud-related incidents across multiple markets, suggesting that the challenge may extend beyond internal discipline to deeper structural vulnerabilities within its operating model.
In Uganda, for instance, Equity Bank was linked in 2024 to suspected irregular transactions estimated at UGX 65 billion (about US$17 million) tied to its digital lending platform, alongside additional exposure of about UGX 4 billion in unreconciled card transactions.
Earlier cases across the group have also pointed to insider fraud and control weaknesses, including an incident in which an operations manager was charged over the alleged theft and laundering of US$2.8 million, as well as disputes involving fraudulent teller transactions exceeding Sh39 million, forged payment instructions worth Sh26.2 million, and title deed fraud schemes of about Sh490 million.
Taken together, these incidents point to a recurring pattern: fraud risks emerging across digital lending, card systems, internal processes and collateral verification — often cutting across multiple jurisdictions.
Analysts say this reflects the inherent complexity of Equity’s business model, which is built on large-scale retail banking, extensive agent networks and deep integration with mobile money platforms and third-party technology providers. While this model has driven rapid growth and financial inclusion, it has also expanded the bank’s exposure to increasingly sophisticated cyber and operational risks.
The Rwanda incident — involving alleged system manipulation and cross-border coordination — now adds a new layer to that pattern, raising questions about whether existing safeguards are keeping pace with the scale and complexity of the bank’s digital infrastructure.
Deepening complexity of digital fraud and insider risk
Beyond the specifics of the Equity Bank case, the incident reflects a broader and more troubling shift in the scale and sophistication of financial crime across East Africa. In Uganda alone, economic crimes cost the economy over USD 272 million (UGX 1.08 trillion) in 2024, with total losses rising by 16.4% year-on-year, even as the number of cases increased by just 1.6%, according to the Uganda Police Annual Crime Report 2024 as analysed by CEO East Africa Magazine.
Cybercrime has emerged as the fastest-growing threat, with losses surging from UGX 1.5 billion in 2023 to UGX 72.1 billion in 2024 — a staggering 4,700% increase — while the number of cases nearly doubled from 245 to 474, according to the same report. Yet recovery remains minimal, with only about UGX 420 million recovered, representing less than 1% of total losses, underscoring how once funds move through digital systems, they are rarely retrieved.
The nature of fraud is also shifting. While traditional crimes such as obtaining by false pretences still account for the largest losses — UGX 474.7 billion in 2024 — newer forms such as cyber fraud, system manipulation and document forgery are rising sharply in value and complexity. Losses linked to forged documents, for instance, surged from UGX 0.58 billion in 2023 to UGX 74.2 billion in 2024, while “other economic crimes” jumped to UGX 295.2 billion, according to the Uganda Police data.
Critically, these high-value frauds increasingly depend on insider knowledge or access. The report highlights how fraudsters exploit systemic loopholes, internal processes and weaknesses in financial systems, often through account manipulation, false loan applications or compromised credentials. This aligns with Equity Group’s own experience, where internal investigations previously led to the dismissal of more than 1,000 employees over suspected collusion and irregular transactions.
At the same time, prosecution remains limited. Of the 474 cybercrime cases reported in 2024, only 67 were taken to court and just 21 resulted in convictions, highlighting the difficulty of enforcing accountability in complex digital fraud cases and the resulting incentive for organised criminal networks.
Against this backdrop, the alleged Rwf 4.9 billion (≈USD 3.4 million) Equity Bank Rwanda fraud — executed over just five days and spanning two countries — fits squarely within a growing pattern of fewer, faster and far more coordinated attacks targeting financial systems. With banks now processing millions of digital transactions daily across mobile money platforms, agent networks and third-party systems, the line between internal vulnerability and external attack continues to blur.
The case ultimately underscores a central reality for the region’s banking sector: as financial systems scale, so too does the complexity of defending them.
