When governance is optional, failure is inevitable – Part II
7 min readOn 5 July 1999, responding to then Mpumalanga premier Ndaweni Mahlangu’s casual assertion that lying to the electorate was acceptable, I wrote in Business Day: “Zero tolerance only answer to lack of ethics”.
I argued that the accelerated decline of ethical standards was directly linked to the absence of accountability.
Read: When governance is optional, failure is inevitable – Part I
Then president Thabo Mbeki’s political rhetoric about “honest, transparent, accountable government” was admirable, but the perception of tolerance for moral turpitude was fuelling a culture of lawlessness.
South Africa needed legislation that treated corruption as an existential threat, modelled on the US Federal Sentencing Guidelines (1994 edition, Chapter 8), which imposed fines of up to $250 million on organisations without effective compliance programmes.
I warned that as long as the organisation’s interests trumped individual accountability, conflict of interest would persist. Prevention and legislation were necessary but insufficient; zero tolerance was the only answer.
We should have asked in 1994/95 whether we could afford not to legislate corporate governance with real criminal consequences.
Enron, WorldCom and the Sarbanes-Oxley watershed
While I argued in the mid to late 1990s against the non-prescriptive corporate governance model championed by Judge Mervyn King (outlined in Part 1 of this three-part series), Enron (2001) and WorldCom (2002) followed, the latter involving $11 billion in manipulated financial statements and the then-largest bankruptcy in US history.
The Sarbanes-Oxley Act (SOX) of 2002 was a direct legislative response.
It created the Public Company Accounting Oversight Board (PCAOB) to end auditor self-regulation, imposed strict auditor independence rules under Title II (prohibiting certain high-risk categories, but not all consulting or advisory work), mandated CEO/CFO personal liability (Section 302), which requires certification and creates exposure to liability if false, and required rigorous internal control testing (Section 404).
The real punitive teeth come from Section 906 (criminal penalties for false certification).
While not eliminating all consulting relationships, SOX significantly curtailed the most conflicted services and shifted the regulatory model toward enforceable oversight and accountability.
SOX didn’t eliminate conflicts – it made the most dangerous ones illegal and the rest visible.
ADVERTISEMENT
CONTINUE READING BELOW
Where SOX banned the conflict, South Africa asked auditors to assess it.
South African audit firms and commentators initially scoffed at “US jurisdictional overreach”.
The extraterritorial reach of SOX compelled global audit firms, including those in South Africa, to adhere to stricter independence rules when auditing US-listed companies – effectively accelerating the global shift away from high-risk service bundling.
Read:
Maybe the big four auditing firms do need breaking up
Calls for whistleblower fund after govt pensions agency saga
In South Africa, the Companies Act 2008 reinforced auditor independence through a principles-based framework that requires auditors to avoid conflicts of interest, while more explicit prohibitions – such as the restriction on providing internal audit services to external audit clients – are primarily set out in the Independent Regulatory Board for Auditors (Irba) Code of Professional Conduct.
These restrictions are applied more stringently to public-interest entities, but they remain grounded in a judgement-based rather than rules-based regulatory model.
The self-review threat has finally been acknowledged – decades after Masterbond and my 1997 Johannesburg Fresh Produce Market investigation, followed by the Greater Johannesburg Transitional Metropolitan Council, the Auditor-General, the Serious Economic Offences Act of 1991 (OSEO), and finally the Attorney-General.
This proved the point.
Post-SOX rogues’ gallery: A pattern that persists
Despite the King IV Report on Corporate Governance, the Companies Act, the Public Finance Management Act (PFMA), the Financial Intelligence Centre Act (Fica), the Twin Peaks legislation and ‘SOX-lite’ principles, South Africa’s corporate scandals have persisted.
Each shares the same DNA: complex, opaque structures, offshore vehicles, related-party transactions, auditors constrained by incentives, and regulators arriving late.
Steinhoff International (2017): R100 billion accounting fraud, overstating profits and assets from 2009 to 2017. Deloitte faced scrutiny for failing to exercise professional scepticism and paid €70 million (R1.3 billion) into a global settlement without admitting liability. Over R200 billion wiped from JSE value; devastating impact on pension funds, including the Government Employees Pension Fund (GEPF).
Tongaat Hulett (2019-2022): R12 billion in overstated profits due to premature revenue recognition and expense capitalisation. Deloitte signed off on audited statements for seven years, showing positive equity of R11 billion; restated figures revealed negative equity of R1 billion. Former Deloitte partner Gavin Kruger was charged with fraud and racketeering. Deloitte settled for R261 million without admitting liability.
African Bank (2014): Aggressive lending and a disastrous R9 billion acquisition. Deloitte lead partner Mgcinisihlalo Jordan was sanctioned by Irba for misconduct; the firm made a donation to historically disadvantaged universities.
VBS Mutual Bank (2018): “The Great Bank Heist” – R2 billion looted through fraudulent loans. KPMG partners received irregular loans and payments to issue clean audits. KPMG settled for R500 million. The collapse devastated rural depositors, burial societies and pension funds in Limpopo.
EOH Holdings (2019 onwards): R865 million in kickbacks to front companies for public-sector tenders; R76 million in timed ANC donations. A forensic probe by ENSafrica fed into the Zondo Commission of Inquiry into allegations of state capture. As of 17 March 2026, the NPA reinstated bribery charges against former minister Zizi Kodwa and ex-EOH executive Jehan Mackay. EOH itself launched a R6.4 billion civil suit against its former founders for breach of fiduciary duty.
Financial statement fraud is straightforward. It occurs through the overstatement of assets or income, or the understatement of liabilities or expenses – eight basic classes of schemes under a double-entry system.
That’s it, simply. The more permutations, the more detectable the anomalies should be.
ADVERTISEMENT:
CONTINUE READING BELOW
Read:
Former Tongaat CFO Munro fails in appeal against R6m JSE fine
Ex-Steinhoff finance chief Ben la Grange sentence to 5 years in prison
Trial of Steinhoff’s former treasury head Stéhan Grobler delayed
R2m fine or prison: Former Steinhoff auditor sentenced
Yet sophisticated management override continues to evade detection precisely because the Companies Act’s framework, while improved on paper, never delivered the prosecutorial hammer or the required cultural shift.
The hidden economy and the dual engines of fraud: Listed, unlisted, and the government contract amplifier
This is the part of the economy no one wants to look at too closely. Not because it is small or insignificant, but because it is vast, opaque, and largely beyond meaningful control.
Away from the glare of markets, analysts, and continuous disclosure, governance becomes optional, oversight inconsistent, and accountability theoretical.
It is not a fringe ecosystem; it is a parallel economy operating in plain sight, where the rules exist but are not applied.
Both listed and unlisted sectors fuel South Africa’s economic crime landscape, but in structurally different ways.
The listed economy – banks, large corporates, and state-linked entities – operates under disclosure obligations, audit scrutiny, and regulatory oversight.
The unlisted economy – small and medium-sized enterprises (SMEs), privately held firms, and informal enterprises – largely operates outside continuous supervision, with governance that is discretionary and enforcement that is reactive.
Crucially, roughly two-thirds of the R1.03 trillion active Special Investigating Unit (SIU)/Directorate for Priority Crime Investigation (DPCI) caseload is linked to government contracts flowing through this unlisted space.
Procurement fraud, tender rigging, and inflated government deals create a feedback loop: public funds are siphoned into lightly supervised private structures, amplifying risk and the opportunity for fraud, and linking unlisted companies directly to high-value schemes normally associated with the listed sector.
Together, the two layers form a dual-stage amplification system, producing a continuous, largely invisible cycle of economic crime that official statistics barely register.
It is also within this vast, lightly supervised segment of the economy that one repeatedly encounters Banxsos and BHI Trusts, which I recently investigated, along with the MTI’s, Louis Liebenberg’s diamond schemes, and countless others that rarely reach public consciousness.
Read:
Claims against BHI Trust balloon – and keep going – as Ponzi scheme unravels
Behind the BHI Trust scandal
ADVERTISEMENT:
CONTINUE READING BELOW
These are not anomalies – they are products of an environment where governance is discretionary, oversight is fragmented, and enforcement is largely reactive, if at all.
The consequence is not an occasional scandal but a predictable outcome of structural design.
In an environment where detection is low, enforcement is delayed, and consequences are uncertain, fraud does not merely occur – it persists.
Each collapse is treated as an isolated event, a singular failure of individuals, rather than what it truly is: a predictable outcome of structural design.
Until this underlying reality is confronted, the cycle will continue – schemes will rise, victims will multiply, and the system will respond only after the damage is irreversible for the multitude of victims and, ultimately, the entire economy.
If the system even responds at all.
This is the second article in a three-part series.
Read: When governance is optional, failure is inevitable – Part I
* Bart Henderson is a veteran fraud risk specialist and forensic investigator with nearly three decades of experience at the highest levels of financial crime detection, investigation, and litigation support across South Africa and beyond.
An original official research partner for the New Partnership for Africa’s Development (Nepad) African Peer Review Mechanism, Henderson spent over two decades advancing fraud risk methodologies across South Africa and the broader African continent. During this time, he developed and refined what became a pioneering 72 Red Flag/400 Rule forensic audit and investigation model – a system that broke decisively from traditional silo-based methodologies and anticipated what is now widely recognised as Enterprise-Wide Fraud Risk Management.
As a lecturer, Henderson has presented on the subject at multiple white-collar crime symposia and summits as a main speaker alongside Judge Willem Heath, Advocate Willie Hofmeyr, Peter Goss, Martin Welz, and others of his generation. He also serves on contract to the Institute of Internal Auditors (SA), the Institute of Chartered Accountants (ZW), AusAID, the Central Bank of Kenya, the Central Bank of Nigeria, and a host of state-owned enterprises throughout Africa.
In both prosecution and defence environments, he has been advisor, and represented high-net-worth individuals, senior executives, government officials, cabinet ministers, and a former head of state.
#governance #optional #failure #inevitable #Part