How Sh10 billion was lost through e-Citizen

By Newsflash Writer

Auditor-General Nancy Gathungu has exposed serious flaws in the management of e-Citizen, the government’s digital payments platform, revealing a potential loss of over Sh10 billion and the illegal collection of Sh2.6 billion from the public.

In a special audit report tabled before the National Assembly, Gathungu noted that vendor control over the platform created a single point of failure, posing significant risks to public service delivery.

Deputy Auditor-General Isaac Ng’ang’a, appearing before the Public Accounts Committee, confirmed that the platform’s weaknesses allowed for revenue loss and illegal charges on citizens. He said Kenyans were overbilled by Sh2.6 billion while accessing public services. Consequently, the committee has summoned Principal Secretaries Chris Kiptoo (National Treasury), Dr Belio Kipsang (Immigration and Citizen Services), and John Tanui (ICT) to explain the irregularities.

The revelations come amid public concern after Treasury CS John Mbadi declared that free secondary education is unsustainable due to a capitation cut from Sh22,244 to Sh16,900 per learner. “What the Auditor-General has revealed is catastrophic,” said Aldai MP Marianne Kitany. Rarieda MP Otiende Amolo called it “outright fraud.”

Ownership disputes and vendor dependence

The audit, covering financial years 2021/22 to 2023/24, uncovered systemic failures, including unsupported payments for system support, missing receipts, unauthorised revenue transfers, and suspicious payments from the M-Pesa paybill 222222. Although the International Finance Corporation (IFC) had funded the platform and handed it over to the Treasury in 2017, the ICT Ministry signed a new handover agreement with Webmasters Kenya Ltd on January 13, 2023.

This development raised questions about how control reverted to the vendor without explanation. “It was unclear how the platform, previously handed to Treasury, returned to private control,” the audit stated.

Despite the transfer of ownership, the government continued to rely on Webmasters, indicating a failure to take full control.

Further, the National Treasury withheld key documents, limiting the audit’s ability to assess IT controls safeguarding public data. “This affected evaluation of the systems’ ability to protect government information assets,” the report observed.

Shadow accounts and irregular transfers

The audit found no legal or contractual structure governing platform operations. There were no Service Level Agreements (SLAs), and convenience fees were collected without Treasury oversight. Notably, Equity Bank received Sh6.3 billion from an unregistered account named “Pesaflow,” not among the official collection accounts.

“This account was used to collect public funds irregularly,” the audit stated. The total collected remains unknown, as bank statements were not made available. Furthermore, Sh2.6 billion worth of payments could not be matched to any platform invoice and were attributed to duplicated or erroneous transactions.

“This highlights a lack of traceability, enabling fraud or loss. Without proper remittance, public services risk underfunding,” the report warned. Another Sh545.69 million was paid to Electronic Citizen Solutions Ltd—a company not listed in any official agreement.

According to the audit, legally binding contracts were signed with a consortium of Webmasters Kenya Ltd, Pesaflow Ltd, and Olive Tree Media Ltd. However, even Sh195.7 million paid for “gateway services” was deemed irregular, as the government should not pay to use its own system.

One striking finding was that on January 25, 2024, Sh127.9 million was transferred from the paybill 222222 to private firms, with no documents to support the transactions. Additionally, Kenyans were irregularly charged Sh2.2 billion in flat convenience fees, contrary to a 2014 gazette notice that allowed prorated charges.

Governance failures and legal loopholes

The audit raised concerns about the absence of a legal framework, noting that the National Treasury did not sign SLAs with any entities involved in revenue collection and settlement. As a result, Sh7.1 billion in collections during the 2023/24 fiscal year may have been used by financial service providers instead of supporting government services.

“Without a legal framework, there is a risk of non-compliance, legal disputes, and declining public confidence,” the audit stated. The report warned that a lack of transparency and legal clarity could compromise revenue integrity.

Executive Order No. 2 of 2023 placed e-Citizen functions under the Directorate of Citizen Services in the Interior Ministry, while the GDP Unit in the Treasury was assigned to manage payments. However, no single oversight body was mandated to coordinate the two entities.

The audit also found that the ICT Authority—despite lacking any legal mandate—handled vendor payments, further muddying the governance structure. This absence of clear leadership and regulatory control, the report said, leaves the digital platform vulnerable to fraud, inefficiency, and misuse.