By Lionel Van Tonder, Director & Danniel Kruger, Senior Forensic Manager at Webber Wentzel

South Africa is continuously suffering from the effects of corruption and drainage of resources, some of which were highlighted in the State Capture saga. Optimistically, significant changes have occurred in the public and private spheres to ensure that the industrial-scale corruption perpetrated does not continue to repeat itself. One such change is the recent signing of the Judicial Matters Amendment Bill into law by President Cyril Ramaphosa on 3 April 2024. Critically, the Bill expands culpability for corruption under Section 34 A of the Prevention and Combating of Corrupt Activities Act (PRECCA).

Section 34 of PRECCA makes it obligatory for anyone in a public or private company who learns of corruption or fraud to report it to the South African Police if the value of the incident loss is over ZAR 100,000. Now, as of 3 April, if authorities in private or public companies fail to stop "associates" from engaging in corruption, they themselves will be liable.

The inclusion of third-party contractors in the widened definition of the PRECCA is informative. Third parties have been at the heart of corruption in South Africa before, during, and after the State Capture era due to their ability to abuse public and private procurement processes. Instead of corrupt parties dealing directly with their facilities, third parties are regularly used to create a layer of bureaucracy between the parties committing the fraud, so it's harder to identify, with third parties compensated for their efforts.

It's a timely and needed change. Section 34 A gives public and private companies the opportunity to avoid sanctions if they can show that they have put "reasonable measures" in place to prevent corruption in their organisation. However, "reasonable measures" are not yet defined in South African law, which leaves a lingering question: what can reporting organisations do to show they have done all they can to prevent corruption by a member of staff or an associated third party?

A good starting point is to consider the United Kingdom's Bribery Act because Section 34 A of PRECCA is based on the UK Bribery Act. The UK Bribery Act refers to six principles that are used to judge whether an organisation has "done enough" to stop corruption from within and by parties they work with externally. These principles are proportionality, top-level commitment, risk assessment, due diligence, communication, monitoring and review.

At present, these principles are being applied as guidance for what "enough" looks like in a South African context. Over time, the courts will provide clarity on the minimum requirements as matters enter litigation. Until that happens, organisations and their leaders must proactively act to set up and leverage systems that can identify problematic employees, patterns, and third-party contractors in advance.

Prevention is better than cure, with technology providing new ways to stop corruption at the source

We've found that companies and public organisations are far more reactive than proactive in stopping corruption at the source. Leaders of organisation can fall into the trap of "fighting the last war" since the most up-to-date view of corruption they have is the last corrupt transaction perpetrated before the instigators were caught.

Reactively, whistleblowers generally provided three-quarters of the intelligence used to catch corrupt employees and third parties. The importance of whistleblowers is likely to stay the same, however looking at it more from a proactive view, data analytics is providing a new front for companies to tackle corruption before it can take place.

The most proactive clients do more than just monitor data as it enters the system in real time. They analyse and sift through current and historical data, to identify previously missed patterns and red flags, (such as invoices that are processed on weekends (fewer people means less oversight) and an employee taking no leave in three or four years). Stopping corruption at the source requires setting up the systems and parameters for continuous learning, testing, proactive reporting, and filtering out false positives from acts of corruption and fraud.

Organisations that fail to address and report corruption promptly face potential legal and reputational risks. To mitigate these risks, creating a supportive environment that empowers employees to report fraud as they see it is strongly recommended. Furthermore, time spent vetting third parties is now of vital importance since third parties a company uses are more likely to be purveyors of corruption than the company itself.

While it is impossible to stop all corruption - criminals are ingenious in that way - it is the fiduciary responsibility of organisational leaders to do everything they can to meet the threshold of "enough" and more.