State Security Agency on vetting of officials; Research Unit on Audit outcomes, with Minister

Meeting report

The Chairperson welcomed Members of the Committee, the Minister and her delegation from the State Security Agency (SSA), and all present in the meeting. The purpose of the meeting is to be briefed by the SSA on the progress in terms of the vetting process, particularly in the Supply Chain Management (SCM). They will also be briefed by the Research Unit on the Audit Outcomes of different departments and State Owned Entities (SOEs). As Members knew, the SSA normally reports in Parliament in camera, but since the operative word of the Committee is “public”, this was going to be an open session. On their side, as this Sixth Parliament, the Members want to understand where SSA is in terms of the vetting process and to convey their expectations as a Committee, and to move with speed in this regard.

Presentation from the State Security Agency
Ms Ayanda Dlodlo, Minister of State Security, said that the background for the meeting was the third Cabinet Memorandum of 2006. This introduced a national vetting strategy for South Africa to enhance government’s vetting capacity on national, provincial and local government levels, including State Owned Entities (SOEs) and other statutory organs of state.

In 2006, the Cabinet approved the following objectives for the National Vetting Strategy :

• Establishment of a Chief Directorate External Vetting within the then National Intelligence Agency [which later became the SSA] —(achieved)
• Capacitating all organs of state with Personnel Suitability Checks (PSC) —(not achieved)
• Establishment of Vetting Fieldwork Units (VFU) at 17 identified organs of state —(23 VFUs were established.)
• Roll-out the Security Vetting Information System (SVIS) to organs of state with Vetting Fieldwork Units including the South African Police Service (SAPS) and the SA National Defence Force (SANDF) —(Achieved for certain identified departments)
• Make amendments to the National Strategic Intelligence Act of 1994 for the establishment of VFUs at organs of state —(achieved)
• Establishment of a National Intelligence Agency Fingerprint Unit at the SAPS Criminal Record Centre (CRC) — (not achieved)

In 2012, the then President, Mr Jacob Zuma, announced in the State of the Nation Address (SONA) that all public servants within Supply Chain Management (SCM) must be vetted. This was indicative of Government commitment to fight corruption. The policy decision was re-iterated by the then Minister of Intelligence, Dr SC Cwele, the then Minister of Finance, Mr P Gordhan and the Auditor General (AG). The project on the vetting of SCM personnel, commenced in February 2014. The project only managed to achieve security clearances to 48% of the submitted requests. However, as corruption continued, it was then realised that vetting of SCM members did not yield the required results in eliminating corruption.

Therefore the overall value chain needed to be reviewed. And part of the reason why they (SSA) were little very late is that she (the Minister) had then asked that the Decision Value Chain should be developed so that they could see where decisions start and where they end with regards to procurement. The SCM is only a fraction of what is going on in the decision matrix. The identification of the need for procurement starts at a different level. It is driven by the strategic objectives of a department, meaning that the Minister who has the responsibility to establish the strategic plan of the department is a key player in determining ultimately what it is that needs to be procured for the department.

The decision makers in the Decision Value Chain are the Ministers, the Heads of Department (HODs), and the boards as accounting authorities in the SOEs. The key role players will be the line functional personnel, which includes boards, directors, executives of departments and SOEs. Then they will oversee the development of the required specifications for the items to be procured. Again the line functional personnel are managers, but that decision starts at a much lower level than the HOD, before it even goes to the SCM function. So, if government is trying to curb corruption, bribery and so forth, it has to start at a level lower than that of the SCM personnel because the genesis of the decision is at a different place altogether.

In the execution of the government procurement processes, that is the request for authorization and the approval of procurement of the identified goods and services, the role players in this regard are the Bid Adjudication Committees. It’s only after all of this has been exhausted that SCM can come in, when all the decision have been taken, the SCM executes the decision that had been taken.

Therefore, in a sense the SSA were saying that they should not only concentrate on SCM, but look at the whole Decision Value Chain to determine where decisions lay or emanate from, and what could happen in between.

The causes of the backlog in vetting all public servants involved in SCM include:

• Lack of Human Capacity
• Lack of funding to recruit additional and required human capacity and other resources.
• Dependency on other departments with regards to Databases (SAPS Criminal Record Centre -CRC, SA Revenue Service - SARS, etc).
• Non-compliance and cooperation by subjects and references
• Over-classification of clearance levels by Security Managers
• Non-inclusion of required documents by subject

The challenges in the SCM project include:

• Vetting is not a (separately) funded function (it has to be done without a dedicated budget).
• Poor attendance at Security Managers Fora by Security Managers, Non-compliance by Security Managers with SSA requirements for vetting
• Lack of knowledge by government employees and those of SOEs regarding why they need to be vetted
• Government employees and those of the SOEs, including most Security Managers, do not understand the process of vetting
• Resistance by Government employees and those of SOEs to undergo vetting
• Interference of Unions
• Lack of capacity and resources from SSA
• Lack of compliance monitoring by the executives from external departments (i.e. Eskom, Airports Company of SA - ACSA, departments and boards)
• Lack of regulations to enforce compliance

A series of interventions to eliminate the backlog in vetting public servants involved in SCM are now in place:

• SSA and SAPS engagement on the implementation of the 2006 Cabinet Memo regarding access to SAPS CRC. Although the time-line has yet to be decided, this will involve a Memorandum Of Understanding (MOU) with data source owners (i.e. Department of Home Affairs - DHA, SAPS); and the Minister responsible must sign the National vetting Strategy off.
• Approval and implementation of the Integrated National Vetting Strategy (INVS) it is estimated, will take place by 31 March 2020
• By 30 September 2020:
• The fast tracking of the E-vetting solution will be in place. Government will have completed the pilot phase, which entails batch prioritization of 50 SCM officials per department on the e-Vetting solution.
• Collaboration with other organs of state will be in place (i.e. National School of Government will assist in conducting awareness training, and refresher courses related to vetting.)
• Government will have reviewed the Minimum Information Security Standards (MISS) and fast-track the approval of vetting regulations.

SCOPA was invited to note the following recommendations on the vetting of public officials that have been made by the SSA:

• Implementation of the Cabinet Memo 1 of 2006, through the facilitation of the provisioning of access to required databases, i.e. (SAPS: CRC)
• Ensure ownership and accountability by the accounting officers (Ministers and DG's) to vetting requirements and compliance monitoring (through performance contracts)
• Provision of funding for conducting vetting activities, including the implementation of ICT solutions to automate vetting processes
• MOUs with the Intelligence Academy, to ensure that Security Awareness is one of the compulsory training modules
• MISS and vetting regulations are to be approved to ensure compliance
• Vetting is to be paid for by clients/ departments
• Changes should be made in employment conditions, to reflect vetting as compulsory
• Engagement with unions to give clarity on the vetting mandate.

Discussion
Mr S Somyo (ANC) appreciated the presentation from the Minister. However, the presentation put a very grim picture on what was happening in the vetting system. Although there was in existence an instrument in as far as the Cabinet memo was concerned for such to be done, it was a very disappointing situation. As it is known through their oversight, as a Committee they had a very glaring situation in the biggest SOEs like ESKOM, in terms of funding from the state, wherein a number of officials were doing business with ESKOM and there was absolutely no intention of stopping that situation. Therefore, this kind of instrument (the 2006 Cabinet memo) could be very useful.

The Minister said the decision value chain is broader than the supply chain management. For him, it looked like that was the case. But broadening that kind of a scenario, when it came to a situation where the Minister told SCOPA that there is no capacity to pull the vetting process into that little area, he asked how they are going to be able to succeed to do vetting process in an extended situation. SSA needs to show commitment to do so in the little space it has been given, and through that little space they could expand into other areas in terms of the value chain.

Mr Somyo asked where the fast-tracking of the e-vetting solution will be based or located. Would it be decentralised?
 
Ms V Mente (EFF) asked, in terms of the shortage of capacity in human resources at SSA, whether that has been communicated to the Portfolio Committee where the Agency and the Minister account to because they are Members of Parliament and they cannot have a simple thing like HR to be a stumbling block for the vetting process in the public service.

Ms Mente asked how far the regulations were in terms of enforcing that every official that comes to the public service must be vetted.

Ms Mente asked whether SSA has a direct relationship with the SAPS and the Public Service Commission, (PSC) because they are the two departments that should be assisting the SSA in terms of fingerprints and disclosures to fast-track the vetting process.

Mr A Lees (DA) said that this vetting process is based in terms of the Cabinet memo, not on an Act of Parliament. He asked which parameters the SSA is working under, whether this vetting process is based on a Cabinet Memo or an Act of Parliament? Who was supposed to be vetted and who was not supposed to be vetted. SSA cannot issue regulations, unless there is an Act under which to issue regulations. Who gave the SSA to do these functions if it is not Parliament because Parliament allocates the money?

Mr Lees asked in terms of budget how much this vetting process is going to cost if this whole job is done properly. Where was that money going to come from? Was National Treasury involved in this?

Responses
Mr Sipho Blose, Deputy Director-General: SSA, said that on the issue of SOEs it is true that some SOEs don’t fully comply with the outcomes of the vetting. Even if [an SOE] stated in the vetting outcome that a person is not supposed to be getting top secret vetting clearance because of the following reasons, they still go on and employ such a person. For example, the case in point is that of the incident in the post office in Cape Town, where an indication through screening was given by SSA that this particular individual had a criminal record, but that indication was put aside. The post office employed that individual through its internal processes, which resulted in a student losing her life. In other instances, senior people in government do not want to be vetted. Also in SOEs senior officials do not want to be vetted.

They are currently doing work at ESKOM and have a list of 121 senior people that need to be vetted so that they could assist government to turn things around at ESKOM to reduce the level of corruption at ESKOM.

The Chairperson interjected, noting that the issue of the post office raised a red flag in his mind because in terms of screening the SSA had picked up something and had advised the post office of this but it carried on fully aware and employed that individual using its own internal process, negating the advice from SSA. So, they should separate screening from vetting because they were focusing on vetting, and Mr Blose is stating another dimension, which is helping them (Members) in what the agency is doing. This issue is very important but it’s an issue they can deal with on another day on whether there is compliance by departments and entities on what SSA is saying with regard of employing people. Therefore, it is an issue they need to look into going forward.

Minister Dlodlo said this is the crux of what the vetting process boils down to. This goes beyond just supply chain management and corruption. The post office case is one of just of many others. They are doing this to protect the employees of the entities and even the general public. This is done to see that every employee of Government can be relied on in terms of being a suitable employee of Government. It is not based on the Cabinet memo, because the Cabinet Memo was just about the strategy for vetting. It is pieces of legislation that gave rise to this process of vetting. So, the scope and size in which this vetting process is applied is very important, rather than confining themselves to supply chain management area only.

Mr Blose continued noting that there is a refusal by senior officials at ESKOM to be vetted. Out of the 121 senior officials to be vetted only 21 people cooperated with them. Despite several attempts to push, because they wanted to cover the space and this is a project that was tasked to do the vetting in order to help Government in terms of corruption and turn things around at ESKOM, the vetting process at ESKOM is not moving at the pace that is required to do their work. But this could be handled through the executive so that pressure can be exerted on those who must comply and cooperate with SSA.

Mr Blose said e-vetting will be located within SSA as a centre. In terms of their work they have a centre, but there are fields units within departments. Those field units will have a window to login to files they would have done because the clearance is demanded of SSA, and it will be the field units that make a decision in terms of evaluating what is in the file and they will arrive at a particular conclusion. If it’s a top secret clearance, it meant one must have more referees and also be subjected to a polygraph so that they are able to detect any other thing they might have missed through the investigation process.

Minister Dlodlo said on the shortage of HR personnel they had drawn on the budget vote process. They had  raised the issue with the Ad Hoc Committee that was established by Parliament, the Joint Standing Committee on Intelligence. There is not such a committee in existence as yet, but when they prepared their budget vote they did raise and flag some of these things.

Minister Dlodlo said vetting should be compulsory in all public service institutions. They do have a relationship with SAPS and PSC, but those relationships needs to be strengthened, more so when they experience serious problems where they need to access particular databases information, which became very difficult from time to time. SSA was also thinking of tying down those relationships into MOUs so that they are not entirely dependent on them (SAPS and PSC).

Minister Dlodlo said again this vetting process has nothing to do with the Cabinet memo, except that it was an approval of a national vetting strategy, which is based on some legislation.

Mr Lees said he understood what the vetting process is based on. But how was it decided who gets vetted? Because the senior officials from ESKOM refused to be vetted, surely, if this is based on law, these officials should be in jail.

Ms Mente asked is there any recourse to the post office in terms of ignoring the advice it got from SSA and applying its own internal processes and employing a criminal to serve people. Is there any punishment in terms of the law that should be meted out to the panel that employed that person? Also is there any recourse in terms of the law to remove people like those in ESKOM out of that entity if they do not want to be vetted?

The Chairperson said what they were trying to determine, as the Minister said, that her work is anchored in law, therefore it’s binding and should be adhered to. Then maybe the Committee should be engaging the AG that the issues of vetting and screening should become an audit competence and should be respected to the extent to which departments and entities are complying with SSA reports. Because, honestly it breaks one’s heart for the post office to have bypassed something, which ended up with innocent life been taken away. And prevention is better than cure, which is exactly what screening and vetting does. It might not do it 100%, but it is an enabler of the process as part of check and balances as they are building into the system to prevent tragedy, and also to push back the frontiers of corruption for the masses. Therefore, the Chairperson said, Members were asking for the binding effect of this process. What are the consequences when people do not comply? If only 21 people comply with the vetting at ESKOM, what are the consequences for the other 100 that do not want to comply? Does this bite or is just a commercial exercise? Who initiated this vetting process?

The Chairperson informed the Minister that as a Committee exercising its oversight role, they have been to ESKOM and have observations of their own. SCOPA is also finalizing their draft report on the entity. And based on some of the things they have seen as part of challenges at ESKOM they will be making recommendations to that effect, including but not limited to, the vetting of the board.

Mr Chester Dau, Acting Manager Vetting: SSA, said on the question of recourse there is a law that provides that clearance can be withdrawn. But again it should be indicated that there are two regulations that could be applied in this regard, and one of the regulations is in slide 7, which talks to the reviewing of minimum information security standards. Therefore, this is addressing the very same issue of recourse, because the Minimum Information Security Standards (MISS) is an old document that was adopted in 2006. It stipulated that the head of an institution has got the right, in case of the post office, to say that this person is not suitable due to certain factors. But the head of an institution, according to the law, can take the risk. And as SSA they are saying, having experienced this, they have to review the MISS as indicated in page 7, so that it gives teeth to the outcomes of the vetting. Again they do have the vetting regulations currently, which have been drafted in consultation with SAPS and Defence which is pronouncing on punitive measures for non-compliance. So, the vetting regulations are in that consultation process and are going to be presented to Joint Standing Committee on Intelligence (JSCI), their operation command structures and then to the Minister for approval.

The Chairperson asked if the recommendations or findings are binding or not binding.

Mr Dau said they are binding, it is just that there is a clause in MISS which stated that the head of an institution can take the risk. Therefore, in case of an event that something happens it means that head of an institution that has made the decision was allowed to do so by the law.

Mr Lees interjected by noting that it is where the vetting has been done and the recommendation made that is the issue. Because it seems they will never get to the point where vetting is actually done in the first place. So it is something that could never be withdrawn.

Minister Dlodlo said that as SSA had said earlier on, they have done only 48% of the vetting process. And they indicated the problems SSA encountered in the past. So, it was not as if something has not been done. But what had been done comes back to the issue of compliance and enforcement. And one of the things she said when she first came to the Department was that they need to review the MISS. Also, in accordance with the High Level Panel Review Report, they had to overhaul all of their legislation. That process was underway. Issues of consequences for non-compliance will be dealt with in the review. As much as the recommendations are binding, enforcement against non-compliance always evades them. SSA intend to take away that part [of the regulations] that gives [an institution] the discretion to implement or not to implement, based on operational reasons. Therefore, Cabinet must also make it a point that whatever recommendations come through are implemented, by monitoring and tracking their own decisions as Cabinet. But again they need to put a new legislation to say whatever it is they recommend, there should be consequences for non-compliance.

Mr Somyo said they are in full support that vetting must be done irrespective. Where it matters most is on the decision lines.

The Chairperson assured the Minister that as a Committee they will make sure that ESKOM complies because the mess that is happening at ESKOM is of national interest in terms of the economy as well as socially. As he already stated, SCOPA will be finalizing the ESKOM report and compliance will come in terms of their observations, not at the insistence of the Minister. The Minister has merely given them a perspective which they didn’t have with regard to the 100 senior people who did not comply at ESKOM.

The challenge as far as budgeting was concerned was noted by the Committee, but they cannot be a player and as this Committee decide on funding ahead of their (SSA’s) duly established committees. They can just merely highlight that matter to Parliament as a matter of urgency because it helps them in terms of the value chain of accountability.

The Chairperson said they note the Minister’s reviewing of the MISS by 20 September 2020, and they would hold her accountable to that. Because it is fundamentally clear that one of the challenges they have is that unravelling the realities of state of capture and pushing back on corruption is going to take a while because they are dealing with an entrenched system where SSA was not immune to that particular reality. Therefore, they will give it space and time for its relevance, and the Committee will want quarterly reports on progress in this regard with the all issues that have been put before the Committee, like the Approval on implementation of INVS by 31 March 2020, the Fast-tracking of the E-vetting Solution by 30 September 2020, Collaboration with other organs of state by 30 September 2020, and the Review of the MISS by 30 September 2020.

The Chairperson said the Minster should convey to Cabinet that if they are going to have a memo and a directive it must be coupled with a budget. This was a 2006 Cabinet resolution. Cabinet cannot issue memorandums and directives in vacuum. They must cost these things and make sure that there is meaning to it.

The Chairperson suggested that they as a Committee should take this vetting recommendation back to Cabinet and hold it accountable to its own commitments so that SSA received executive support because SSA is a recipient of a Cabinet decision. The Chairperson said in their next engagement with the Minster they would want to see an improvement in the 48% and would want to know who the problem children are who do not want to be vetted, and it’s not just ESKOM. A full list must be provided so that they can be called to appear before the Committee and explain themselves.

Minister Dlodlo said all what had been said by Members of the Committee was encouraging and SSA will take those issues to the Joint Standing Committee on Intelligence. They will also request that Parliament speeds up the process because she is itching to go to the JSCI for a variety of reasons. Ever since she arrived to this ministry she had requested progress report of the MISS from the Department, but up until today she still waiting for that report. So, the pace at which they move at the SSA is also a problem, and when she pushes people it seems as if she is micro-managing them. But she would like to work them in the manner that says there is urgency. They cannot afford to postpone things that they can do today and this affects the integrity of the country, it affects the lives of people, it affects the economy and so forth. Basically, this Government rests on the shoulders of state security for it to be able to deliver services to the people.

The Chairperson thanked the Minister for her presentation and responses. But the way the pace of the vetting process is going is of concern to them. Whilst they understand the challenges faced by SSA, the Department must make sure that it deals with these things as a matter of urgency. By the end of the present term, SCOPA will put through their report which will have binding recommendations. SCOPA will hold SSA accountable to them because they want to be a watchdog, and the appetite is there. They will bite.

SCOPA as an oversight body will make sure that ESKOM executives are vetted and stop undermining the SSA in carrying out its mandate. As already stated above, on a quarterly basis they will invite the SSA to table before the Committee its quarterly reports on this vetting process, not only in the SCM sector but in the whole value chain so as to curb the corruption that is happening in government departments and at SOEs.

Brief: Research Unit on the Audit Outcomes
Ms Ntando Cenge, Content Adviser: Parliament, said that the presentation would summarise the audit outcomes of Departments and Public Entities. The most common findings for 2018/19 financial year are:

• Non- compliance with applicable legislation
• Material misstatements in the financial and performance information
• Procurement and contract management
• Expenditure management (including non-prevention of unauthorised, irregular, fruitless and wasteful expenditure)
• Weaknesses in internal controls including lack of consequence management

[The presentation was of a written report available on the PMG page for the meeting:  Standing Committee on Public Accounts: 2018/19 - Analysis of Audit Outcomes for categorization (Group 1)]

Ms Gugu Shabalala, Researcher: Parliament said the audits of 2018/19 showed that the current state of the major SOE’s is dire. Most SOCs made huge losses and incurred huge amounts in irregular, fruitless and wasteful expenditure. Three major SOCs did not table the annual reports for 2018/19: SAA, ALEXKOR and SAA Express. SAA and SAA Express has not tabled for the past three years: 2016/17, 2017/18 and 2018/19.

[The presentation was of a written report available on the PMG page for the meeting: Standing Committee on Public Accounts: Analysis of Annual Report (2018/19) of SOEs for categorization (October 2019)]

The Chairperson thanked the delegation from Research Unit for the presentations. Members would not engage with these reports now. The Auditor-General will speak in detail on these reports. The Committee only needs to prepare itself for its engagement with the AG, and the date for that will be communicated to Members.

The Chairperson thanked Members for their inputs.

The meeting was adjourned.