Social grant payments are a mess – and the public needs answers from Sassa, Sapo and Postbank
By Open Secrets and Black Sash
Published in the Daily Maverick
With a reputation of being incapable of managing the technical constraints of its internal systems, it must be questioned why the South African Social Security Agency and the South African Post Office would make Postbank the preferred partner to take over the administration of social grant payments.
Postbank’s technical ‘glitches’ are nothing new
Postbank officially took over the social grants payment system from Sapo on 31 October 2022 and its system immediately experienced technical failures that disrupted grant payments.
In December 2022, Postbank announced that ATM use for the Postbank/Sassa gold card had been suspended for December and that beneficiaries using these cards should collect their grants at retail stores. The reason given was the uncovering of attacks on the Postbank system by criminal elements “determined to commit systematic ATM card fraud-related crimes on Postbank payments” which required further investigation. Many retail stores ran out of cash, leaving beneficiaries unpaid.
PostBank had an emergency meeting with Sassa in December 2022 in an effort to resolve the issues, but the Postbank CEO was noticeably absent from the meeting, since he was on leave in a time of a crisis.
Postbank explained the suspension of ATM use as risk mitigation against fraud. Despite Postbank’s undertaking to inform stakeholders upfront of any action taken, Postbank was noticeably quiet in the media regarding the challenges with grant payments which continued in January 2023.
Despite the promise that these issues would be resolved in December, Postbank faced similar problems in January 2023, with recipients not being able to access their grants. All of this indicates that Postbank was ill-prepared to take on the responsibility of managing social grant payments. Yet, such issues have been persistent throughout the state entity’s existence.
In November 2022, the Mail & Guardian reported that Postbank’s irregular expenditure had risen by R118-million and that it had not reached its 2021-22 target of acquiring a commercial banking licence. Senior manager at the Auditor-General of South Africa, Joyce Nkonyane, told Parliament’s Portfolio Committee on Communication that the inappropriate spending came from various contracts.
The article reported that one of the major irregularities was that Postbank failed to safeguard the issuing of bank cards for its client, Sassa, which resulted in the loss of R68.8-million in cards that were not accounted for. These Postbank cards were meant for Sassa grant recipients who used Postbank accounts for their grant payments.
Additionally, Postbank’s failure to protect its internal systems and manage the cards led to stolen Sassa cards being used to commit fraud amounting to R13.6-million.
Moreover, in March 2022, Postbank confirmed that a cybercrime attack had resulted in a financial loss of about R90-million, though it claimed no customers had been affected by the loss.
AmaBhungane reported that “between 16 and 28 October last year (2021) individuals presumed to be either employed by Postbank or by a Postbank contractor stole at least R89,459,330 in physical cash through Sassa accounts. The brazen fraud involved illicitly crediting grant beneficiary accounts with large sums and then emptying these accounts out at ATMs.”
It was not the first time Postbank had suffered a cybercrime attack. In 2012, a hacker stole R42-million from the state entity when an employee’s computer was used to transfer money from the bank’s main server.
There have also been technical glitches within the Postbank system leaving recipients of the R350 Social Relief of Distress grant unable to get their grants. This problem was eventually resolved, but it highlighted concerns about Postbank’s ability to maintain adequate protections in its internal digital systems.
There has been little accountability for any of these issues, with the Auditor-General telling Parliament that it had noted a clear “failure of having enough consequence management efforts and no internal process established to deal with consequence management”.
What next to protect grant recipients?
With a reputation of being incapable of managing the technical constraints of its internal systems, it must be questioned why Sassa and Sapo would deem Postbank the preferred partner to take over the administration of social grant payments.
It has become evident over the past three months that Postbank may not be suitable to maintain the critical responsibility of making grant payments. It certainly raises even greater concern about the secretive nature of and lack of public engagement on the decision.
If Postbank is to remain Sassa’s preferred partner, then questions need to be raised as to how and when Postbank will address its internal control failures and fraud problem. Sassa, Sapo and Postbank must also be more transparent on the details and implications of Sapo ceding its responsibilities to Postbank. The public needs urgent answers to the following:
- What informed the decision to cede Sassa’s contract with Sapo to Postbank?
- Why was no notice of the proposed cession given to the public, particularly social grant beneficiaries?
- Why were beneficiaries not kept updated about the reasons for the delays in payments and how Postbank planned to address the issues?
- Given the experiences of grant beneficiaries over the past three months, is Sassa and the minister of social development satisfied that Postbank is able to fulfil the functions required of it in terms of this agreement?
- What measures have Sassa and the Postbank taken to protect grant beneficiaries from the effects of Postbank’s lack of expertise and capacity to fulfil the obligations to administer and pay the grants?; and
- What oversight mechanisms are currently in place between the Department of Social Development, Sassa and Postbank to ensure the efficient payment of social grants?