Question NW2128 to the Minister of State Security

Reply:

(i) The conducting of lifestyle audits are implied in the legal prescripts such as those, among others, that govern the enforcement of the provisions in the Prevention of Organised Crime Act, 1998 (Act 121 of 1998)(POCA) and the Prevention and Combatting of Corrupt Activities Act, 2004 (Act 12 of 2004)(PRECCA) by law enforcement agencies, as well as the conducting of vetting by the State Security Agency (SSA).

The SSA is mandated in terms of section 2(1)(b) of the National Strategic Intelligence Act, 1994 (Act 39 of 1994)(NSIA) to fulfil the national counter-intelligence responsibilities and for this purpose to conduct and co-ordinate counter-intelligence and to gather, correlate, evaluate, analyse and interpret information regarding counter-intelligence in order to-

(i) identify any threat or potential threat to the security of the Republic or its people;

(ii) inform the President of any such threat;

(iii) supply (where necessary) intelligence relating to any such threat to the South African Police Service for the purposes of investigating any offence or alleged offence; and

(iv) supply intelligence relating to any such threat to the Department of Home Affairs for the purposes of fulfilment of any immigration function;

(v) supply intelligence relating to any such threat to any other department of State for the purposes of fulfilment of its departmental functions; and

(vi) supply intelligence relating to national strategic intelligence to the National Intelligence Coordinating Committee (NICOC).

The performance of vetting investigations falls squarely within the definition of counter-intelligence in section 1 of the NSIA. Section 2A of the NSIA empowers the SSA to conduct vetting investigations to determine the security competence of a person, if such a person-

(a) is employed by or is an applicant to an organ of state; or

(b) is rendering a service or has given notice of intention to render a service to an organ of state, which service may-

(i) give him or her access to classified information and intelligence in the possession of the organ of state; or

(ii) give him or her access to areas designated national key points in terms of the National Key Points Act, 1980 (Act 102 of 1980).

“Security competence” is defined in section 1 of the NSIA to mean a person's ability to act in such a manner that he or she does not cause classified information or material to fall into unauthorised hands, thereby harming or endangering the security or interests of the State, and is measured against a person's-

(a) susceptibility to extortion or blackmail;

(b) amenability to bribes and susceptibility to being compromised due to his or her behaviour; and

(c) loyalty to the State and the relevant institution”.

Furthermore, the legislative and regulatory framework governing members of the Executive, and the Public Service provides for reporting, mandatory disclosure of financial interests and conflicts of interest, and the referral of cases of non-disclosure, which enable the institutionalisation of lifestyle audits. Where obligations are stipulated in legislation, regulations and Codes of Conduct governing the aforementioned persons, placing a duty on them to disclose personal financial interests and conflicts of interests, misconduct proceedings should be instituted against them for:

(i) failing to disclose personal financial interests or conflicts of interest; or

(ii) making incomplete, incorrect or misleading disclosures of personal financial interests and conflicts of interests.

There are concomitant legal implications for breaches of the relevant legislative and regulatory provisions and Codes of Conduct.

In addition, the Public Finance Management Act, 1999 (Act 1 of 1999)(PFMA) sets the framework for accountable financial administration in the public service. Legislative imperatives on Risk Management that deal specifically with the financial and fraud risk categories are contained in sections 38 to 42 of the PFMA and regulation 3 of the Treasury Regulations, 2005. Section 38(1)(a)(i) of the PFMA requires the all departments, trading entities and constitutional institutions have and maintain effective, efficient and transparent systems of financial and risk management and internal control. Risk management processes, responsibilities and punitive measures for non-compliance are incorporated into the responsibilities of Accounting Officers and Audit Committees, and by extension to all Managers in terms of the provisions of section 45 of the PFMA. Regulation 3.2.1 of the Treasury Regulations requires that:

“The Accounting Officer must facilitate a risk assessment to determine the material risks to which the institution may be exposed and to evaluate the strategy for managing these risks. Such strategy must include a fraud prevention plan. The strategy must be used to direct internal audit effort and priority, and to determine the skills required to manage these risks.”

The internal audit unit must in accordance with regulation 3.2.7 of the Treasury Regulations prepare, in consultation with and for the approval of the audit committee, a rolling three-year strategic internal audit plan based on its assessment of key areas of risk for the institution, having regard to its current operations, those proposed in its strategic plan and its risk management strategy.

Hence, implementing lifestyle audits forms part of a risk management system and strategy, aimed at identifying risks related to unethical conduct, corruption and fraud.

(ii)

(aa) Lifestyle audits are a critical a critical assessment by means of an amalgamation of a variety of information sources in order to compare the subject’s lifestyle with his/her declared income streams. In essence, it is a test to determine whether wealth is commensurate to income.

During vetting investigations, the SSA in terms of the NSIA (section 2A (5), (5A) and (6)), may in the prescribed manner gather information relating to-

(a) criminal records;

(b) financial records;

(c) personal information; or

(d) any other information which is relevant to determine the security clearance of a person:

Provided that where the gathering of information contemplated in paragraphs (c) and (d) requires the interception and monitoring of the communication of such a person, the relevant members shall perform this function in accordance with RICA. Vetting Field Work Units within departments of State may, on request by the SSA, assist the SSA in gathering the information. The head of the SSA or any officials delegated by him or her in writing may, after evaluating the information gathered during the vetting investigation, issue, degrade, withdraw or refuse to grant a security clearance.

In addition, it should be noted that legislative provisions that affect the employee–employer relationship must be considered when conducting lifestyle audits, particularly the Constitution; the Basic Conditions of Employment Act, 1997 (Act 75 of 1997); the Labour Relations Act, 1995 (Act 66 of 1995)(LRA) and its accompanying Codes of Good Practice issued by the Department of Labour.

(bb) Lifestyle audits are utilised as a legitimate fraud prevention and detection mechanism and serve as a tool to understand the financial profile of an individual, in terms of legitimate declared income versus known and observed assets.