subscribe Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Subscribe now
Picture: 123RF/80869348
Picture: 123RF/80869348

In SA most people are familiar with the idea of criminal syndicates. You may have read reports of hijacking syndicates (with some operating out of the country’s airports), for example. Alternatively, you may have heard about the poaching syndicates that are such a threat to SA’s endangered wildlife. Less well-known — but potentially even more damaging to the country’s economy — are the organised crime syndicates that target SA businesses of all sizes.

While some of these syndicates still operate in the realms of physical theft, such as the ones responsible for stealing thousands of tonnes of coal from Eskom, an increasingly large number have international operations that specialise in white-collar crime.

To protect themselves against these syndicates, organisations need to ensure that they understand how the syndicates operate, what to look out for, and what legal recourse they have, should they find out they’ve been the victim of a criminal syndicate. However, it is also critical that they know what obligations they have regarding protecting their customers and employees from the effects of criminal activity.

A syndicate is not an employee raising a fraudulent invoice. While that’s undoubtedly an example of criminal activity, it may well be a one-off incident. Syndicates are groups of individuals who perpetrate crimes that actively target individuals and organisations.

In the white-collar world criminal syndicates aren’t just groups of loosely affiliated individuals trying to commit various forms of crime against businesses. They are highly organised and are sometimes set up akin to a business.

Typically, there will be different players within the syndicate, each playing a unique role. The masterminds who sit at the top of the operation are smart in terms of what they want to achieve, and won’t get their hands dirty. Instead, they recruit other people into the syndicate to carry out different tasks.

Embed people

You might, for example, have someone who is a researcher whose job it is to look at which businesses the syndicate can target, be it from a cybercrime, money-laundering or a corruption perspective.

From there the syndicate might try to embed one of their own people within the organisation or pay off an employee who can offer them information or actively assist them in committing the crime by providing information or providing access to networks, or by generating fraudulent invoices or transactions.

It is not always the case that someone has to be embedded within the organisation. Various forms of cybercrime can give criminals all the information they need to engage in malicious activity. Others may even get what they need with a little “dumpster diving”, particularly if the organisation in question doesn’t act responsibly regarding document disposal.

With those insiders or that information, syndicates can engage in many criminal activities. Fraudulent invoices and transactions are common, but criminals can go as far as in effect hijacking a business

Organised crime syndicates represent a major potential threat to SA businesses. The threat comes not just from any money stolen but also in reputational damage, which can be difficult to win back. That the average data breach costs SA organisations R49.25m is a useful indicator of how damaging being targeted by an organised crime syndicate can be.  

Prosecute ringleaders

Knowing that, what legal tools do organisations have at their disposal when they discover they’ve been targeted by a criminal syndicate? The key piece of legislation regarding organised crime is the Prevention of Organised Crime Act. For the purposes of dealing with syndicates, the most relevant sections are the ones dealing with activities such as money laundering and racketeering.

This legislation also works in concert with the Financial Intelligence Centre Act and the Prevention and Combating of Corrupt Activities Act. Applied effectively, these pieces of legislation can make it easier to prosecute the ringleaders behind syndicates.

Criminal syndicates often operate across borders, making them difficult to prosecute. As such, it’s critical that organisations do everything they can to protect themselves against syndicates.

There are regulatory requirements that organisations are obliged to comply with. In SA there is a suite of such legislation. The Protection of Personal Information Act (Popia) is one of them. It deals with data privacy and setting up systems in the organisation to protect personal information.

The Financial Intelligence Centre Act (Fica) is meant to protect against money laundering and applies to accountable institutions such as banks, law firms, and estate agents. Beyond those institutions there is a provision within Fica that applies to all organisations. Under this provision if employers, reasonably should know or suspect that their organisation is being used for money laundering purposes, or for the proceeds of crime, there is an obligation to report that to the Financial Intelligence Centre within 15 days of becoming aware of the crime.

Mitigate risk

In the antibribery space multinational organisations should consider whether they are subject to the US Foreign Corrupt Practices Act, or the UK Bribery Act.

However, we always advise organisations to go beyond the regulatory requirements and look at all the practical steps they can put in place to avoid becoming a victim of organised crime. The cost of crime to any organisation is severe, reputationally and financially, so the C-suite must make it a top priority. You don't want to be a victim of a corruption scandal or lose millions of rand through fraudulent or corrupt activity. Nor do you want your business to be the victim of money laundering or cybercrime. 

It is critical that you understand your business, and where your risk areas are, and ensure meaningful measures are implimented to mitigate the risk of being targeted by criminals.

Criminal syndicates are a huge potential danger to SA businesses. But organisations aren’t helpless in the face of this threat. Beyond the recourse of the law, they can go a long way to protecting themselves by putting the right practical steps in place. In doing so they not only reduce their risk of becoming victims of criminal syndicates, they can also dramatically reduce the effect and fallout of any criminal activity they may fall victim to.  

• Mohamed is partner and head of corporate investigations & forensics at law firm CMS SA. This is the first in a series of three articles marking International Fraud Week (November 13-21).

subscribe Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Subscribe now

Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.