Communications and Digital Technologies Minister Solly Malatsi has referred the forensic report by audit firm KPMG into the governance and financial breaches at Postbank to the Hawks.
The report was presented to the communications and digital technologies portfolio committee meeting on Tuesday.
The KPMG investigation was instituted following confirmation by Auditor-General Tsakani Maluleke in her 2021 report detailing fraudulent activities at Postbank that included multiple incidents of cash theft.
Some of this money was stolen from vulnerable social grant beneficiaries and ordinary South Africans who were saving for a better future. Four employees were dismissed and one received a written warning.
In a statement, Malatsi said he referred the report to the Hawks in a bid to ensure that those responsible for the crimes were brought to book.
He said the ministry had also instructed the board of the Postbank to ensure that the recommendations contained in the KPMG report were implemented.
“We will use the full might of the law to fight anyone who dares rob citizens. I expect decisive action to ensure that public entities are run ethically and with integrity, for the benefit of our citizens, and not criminals,” Malatsi said.
In its presentation to the portfolio committee, Postbank said its board was requested by the department to conduct a forensic investigation into the allegations related to the theft of R91 million and the contract mismanagement in a letter dated April 14, 2022.
This was after then Minister Khumbudzo Ntshavheni received anonymous correspondences with damning allegations against the Postbank management and board.
The allegations related to cash-out incidents that occurred during October 2021, May 2022, August 2022, September 2022, and October 2022.
- In October 2021, users accessed the bank’s integrated grant payment system (IGPS) and increased cash balances of specific Sassa cards before withdrawing R89.5m.
- In May 2022, the users unblocked the specific Sassa cards with existing balances and then withdrew the residual funds totalling R1.3m.
- In August 2022, the users again accessed the IGPS database and inflated specific Sassa account balances before withdrawing another R5.8m.
- In September 2022, users withdrew R3.9m from the accounts.
- In October 2022, the users created a representation of deposits into specific Postbank accounts and withdrew R9m.
“The Postbank network is flat with no segregation of zones, accompanied by inappropriate user access management. Roles and responsibilities between Postbank and Sapo were unclear,” read the presentation.
Direct access to the IGPS database was allowed with lack of monitoring of database access.
“The IGPS service provider had full access to the system, which conflicts with the practice of least privilege.”
According to the presentation, the reported cash-out incidents were reported to the SAPS at the police stations of Lyttelton, Sandton, Meyerton and Booysen.
Cape Times