- CybAfrique Newsletter
- Posts
- Banking is boring
Banking is boring
also ft Meta and Morocco
CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.
HIGHLIGHTS
Banking is boring

I never get used to how fintechs fail. There’s almost always a security issue, most recently in the case of OurPass. This story is already told (by TechCabal). A while back, there was a startup that offered one-click checkouts, which is actually a normal fintech-y thing to do, but was not profitable, so they “pivoted” to banking fintech.
This is where it gets interesting. TechCabal’s article says OurPass had a "significant security incident" in which about ₦25 million (that's roughly $16,700, for US readers) was "unauthorizedly transferred." In the grand scheme of things, for a company that aims to be a bank and has raised at least $1 million, this is not a huge amount. Yet, OurPass has struggled since then. And I can’t help but wonder if the fact that a relatively minor security issue could cause a complete liquidity meltdown suggests a deeper, more fundamental problem.
This is the illusion of banking fintechs. You download an app, you put your money in, and you see a number on a screen. The app is slick and the user interface is beautiful, but behind all this, your money has to be somewhere. The classic banking fintech problem is that it’s easy to hold this money anywhere apart from a safe, boring, FDIC-insured account at a safe, boring, chartered bank. It's often with a third-party partner, or in some sort of complex inter-company arrangement.
This is possible because, while a fintech is a legal entity that’s still bound by the law, it can operate with much less regulation than a bank. OurPass’s failure demonstrates the difference between a bank and a company that acts like a bank. A real bank is a very boring, highly regulated entity for a reason. They have capital requirements. They have strict rules about how they can hold and move money. They are designed, by their very nature, to be boring. They are not supposed to have "critical transitions" that freeze customer accounts. A successful bank is one where you put your money in, and you can take it out, and nothing exciting ever happens.
Techies looking to “revolutionize” payment and banking see banking fintechs as a way to be a bank without all the boring parts. They want the customers and the deposits and the excitement, but not boring things like security or regulatory oversight that make a bank reliable. But, as any successful banking fintech will tell you, there is safety in boredom and people want their money to be safe.
Some regulators are catching up, like in Ghana, where the Bank of Ghana has suspended eight fintech licenses and one bank over regulatory breaches. A list of top-profile fintechs, including Flutterwave, Cellulant, and Afriex, is facing suspension, some even indefinitely, for breaching guidelines for inward remittance set in 2023, which include rules that make it hard for fintechs to be fancy financial middlemen.
Meta and Morocco
Meta’s 2024 transparency report ranks Morocco as the most data-hungry African country. The report states that Morocco made nearly 1,200 requests for user data in 2024. Clearly outranked by India’s 103,000 or the U.S.’ 74,000 — but also outrageous in comparison to other African countries like Tunisia (which is second on the list with 121), Algeria (54), Ghana (38), South Africa (36), and Kenya (35). These data are often collected as part of official crime investigations, but not always.
In Morocco, the government is cracking down hard on cybercrime, disinformation, and internet-enabled terrorism, which might explain high rates of data requests. Morocco, however, is also cracking down on immorality and social abnormality, which is just fancy-speak for abusing rights to speech. Meta said it cooperated at least partially with over 78% of data requests, but you can’t tell which of these was valid or not.
Overall, African countries had the lowest number of data requests, which points more to a lack of cross-corporation than any ideal towards internet freedom or non-surveillance.
Share to support
HEADLINE
Telecom Egypt to sell Cairo data center campus to Helios Investment.
Senegal probes fintech CinetPay over Money laundering, fraud
Ghana moves to challenge MTN with planned AT Ghana–Telecel merger.
National tour on personal data protection in Togo concludes.
Data Protection and Privacy in Uganda: PDPO draws inspiration from EDPS to strengthen its governance
Kenya Internet Exchange Point expands to iColo’s Mombasa data center.
Three loan shark breaches a day: Inside Nigeria’s busiest year of data enforcement.
UTME 2025: How students manipulated the JAMB system to commit high-tech malpractices
Reply