NEWS & ANALYSIS

Has your company just been hijacked?

James Myburgh provides a guide on what you need to do

JOHANNESBURG - Over the past few years there has been an increasing problem of criminal syndicates using the Companies and Intellectual Property Registration Office (CIPRO) for the purpose of committing fraud. In 2008 a Pakistani syndicate used company cloning to defraud the South African Revenue Service (SARS) of R51m. By August 2009 another syndicate had cloned at least 114 companies for the purposes of committing various types of fraud. And in 2010 at least forty companies were hijacked - mainly for the purpose of trying to divert VAT refunds.

But while there is a growing awareness of the problem many companies who fall victim to this kind of fraud do not really know how to respond.

This guide is an attempt to remedy this deficiency. It sets out nine steps that need to be taken by a company to minimize potential harm. Standard Bank, SABRIC, Nedbank, Absa and CIPRO all provided input into these (see the banks' full contributions here). FNB, SARS and the SAPS declined or did not respond to an invitation to do so. This list is not exhaustive, and we'll update it with any further suggestions that may come in.

Before setting out the actions that a company needs to take - once it becomes aware it has been targeted - it is necessary to have some understanding of how these frauds work.

How CIPRO based frauds work

This guide is concerned with two common kinds of CIPRO-based fraud. The one is to set up a closed corporation (or company) with a confusingly similar name to a legitimate concern (‘company cloning'.) The other is to fraudulently deregister the legitimate directors of a company, and insert a syndicate member (‘company hijacking.')

These CIPRO based frauds follow a certain progression as illustrated by the following two examples:

A company cloning fraud (from 2009):

  1. A client posts a cheque to "Company Y".
  2. The cheque is intercepted at the Post Office by the syndicate.
  3. A CC called "Company Y 01" is then established through CIPRO.
  4. The director of the new CC opens a bank account with FNB.
  5. The stolen cheque is deposited into the new account and the money removed.

A company hijacking fraud (from 2010):

  1. A large tax refund due to Company X from the South African Revenue Service falls due.
  2. The syndicate is alerted to this opportunity by a SARS insider.
  3. The legitimate directors of Company X are removed on CIPRO and a syndicate member using a stolen identity is inserted as the sole director.
  4. The new director opens an account with Absa in the name of Company X.
  5. SARS is then requested to change the banking details of Company X to the new account.
  6. The refund is paid into the phoney account and the money removed.

As can be seen from these two examples the actual goal of the syndicate in effecting changes at CIPRO is to set up a bank account in the targeted company's name. It is critical to remember that if a stranger has been inserted as the sole director of your company then, as night follows day, they will have approached a bank branch to set up an account in your company's name. Unless the bank concerned phones you to check their bona fides before activating the account it can be taken as a given that they will have succeeded.

Once such an account has been established there are numerous other types of frauds that can be committed. Your clients may be approached to switch bank details; the syndicate may try and get credit in your company's name; or the syndicate will pay a cheque into another company's account and then request a refund before it has cleared.

There is thus no room for complacency. If you delay in acting it is not just your own money you potentially put at risk - but also your debtors', those who trust in your company's good name and South African taxpayers'.

How to check your details on the CIPRO website

Company details should be checked routinely. However, additional warning signs could be a delay in the payment of a tax refunds, a cheque that is long overdue, odd queries from clients or credit bureaus and so on.

It is currently possible to do certain basic checks on the CIPRO website. You can get your auditor or accounting officer to run a full check with CIPRO - and if you think your company may have been targeted it is advisable to do so.

If you go to the CIPRO homepage - www.cipro.gov.za - there is a panel on the left. Towards the bottom there is an empty field titled "name search" (see image). You can insert a key word from your company's name to check what other companies or CCs have similar names to your own (these won't necessarily be fraudulent.) Try "AVUSA" for instance and see what comes up. This method is not foolproof. If you insert "RENAULT" into the field it won't pick up the CC clone "RENAULTSA INSTRUMENTS CONTROLS."

For the next month it is possible to check your directorships on the CIPRO website for free by clicking here and inserting the identity numbers of your directors. For instance, if one inserts the ID number of the hijacker of Coca-Cola Africa ‘Samuel Sadike' the following comes up:

Again this check is not perfect as a syndicate member may occasionally be inserted as a director while leaving the other legitimate directors in place.

Once sure that your company has been hijacked - or obviously cloned - there are certain steps that must be taken as quickly as possible. It is critical to keep proper records of everything you do, as a lot of money can be stolen, and you may later find yourself in dispute with SARS or the banks over liability and negligence. These steps are (not necessarily in this order of priority):

1. Notify your own bank of the fraud, at one the following numbers:

Nedbank: 0860 555 111 (helpline)
Standard Bank: 0800 113 443 (fraud hotline)
Absa: 0800 414 141(complaints helpline)
FNB: 011 632 2226 (fraud team)

Remember to forward to your own bank - and the others - all documentation that may help them track down and identify fraudulent accounts.

2. Notify all the other banks - and record such notifications in writing.

Nicky Lala-Mohan of the Banking Association has also undertaken to pass on warnings of company hijackings to the banks (email: [email protected] telephone: 011 645 6700)

3. Notify CIPRO of changes to your records:

CIPRO can be emailed at [email protected] or [email protected]. Be sure to notify CIPRO of all fraudulent changes to your company's records. Apart from altering directorships the syndicate may have changed details of your physical and postal addresses, telephone numbers, company secretary details, and auditor details.

4. Lay fraud charges with the South African Police Service (SAPS) and keep a copy of the affidavit:

5. Notify the South African Revenue Service:

SARS' Fraud and Anti-Corruption Hotline is 0800 00 2870

6. Contact your debtors and creditors and notify them that your bank details have not been changed.

7. If any cheques from a debtor are overdue - and may have been intercepted - get them to cancel them.

8. Contact a credit bureau - such as Experian or Transunion ITC - to check whether any accounts have been opened or credit obtained in your company's name.

9. Notify all employees in the company of the fraud, as well as the person they should direct any inquiries to.

If you so wish you can also notify us at [email protected]. We'll do our best to check whether other companies have been targeted and to keep the feet of CIPRO - and other relevant institutions- to the fire until the problem has been solved.

Click here to sign up to receive our free daily headline email newsletter