ICT firms pocketed R1.5m in PIC's whistle-blower probe

A whistle-blower using the pseudonym "James Nogu" sent an e-mail alleging PIC's CEO had corruptly funded his "girlfriend".
A whistle-blower using the pseudonym "James Nogu" sent an e-mail alleging PIC's CEO had corruptly funded his "girlfriend".

The Public Investment Corporation (PIC) allegedly paid top ICT companies over R1.5 million in its bid to unmask a whistle-blower who accused its CEO Dan Matjila of corrupt activities.

This is on top of about R7.5 million that PIC paid its chief IT executive, Vuyokazi Manye, to leave the organisation, although investigations showed she had not done anything wrong in the whistle-blower saga.

PIC is one of the largest investment managers in Africa, managing assets of over R1.928 trillion. It is a registered financial services provider wholly-owned by the South African government, with the minister of finance as shareholder representative.

Another casualty in the furore is IT head of security, Simphiwe Mayisela, who was also shown the door as the PIC looked to uncover the whistle-blower.

Damning e-mail

At the centre of the witch-hunt, a whistle-blower using pseudonym "James Nogu" sent an e-mail alleging Matjila had corruptly funded his "girlfriend".

Part of the "James Nogu" e-mail, seen by ITWeb, reads: "We have uncovered a corrupt relationship between Dr Dan Matjila and his girlfriend (name withheld). Dr Matjila didn't follow PIC policy procedure when he funded his girlfriend an amount of R21 million through Maison Holdings. The transaction was funded through the CSI funds, which are meant for social responsibility, non-profit-making initiatives. In this case, Maison is running a fully-fledged profit-making business."

A source close to the matter sent ITWeb confidential documents showing that on 28 September 2017, the executive head of IT, Manye; senior manager of IT security, Mayisela; and one of the senior security engineers met with the CEO at the CEO's office to discuss the e-mails that were purportedly sent by "James Nogu". Also present during this meeting was the executive head of HR.

During the meeting, the document shows, the senior security engineer opened one of the e-mails received from "James Nogu" on 13 September 2017, with the subject "PIC CEO Funds Girlfriend", and demonstrated to everyone who was present how to investigate the source of the e-mail using the e-mail header.

According to the source, during this demonstration, the senior security engineer advised the CEO that the e-mail header only shows the translated IP address. As such, the originating IP address cannot be found.

However, using the information provided by the e-mail header, the senior security engineer showed the CEO the location from where the e-mail was sent. ITWeb has seen the location from where the e-mail was sent.

The source adds that during the meeting that was held on Friday, 13 October 2017 at the office of the provincial commissioner, Mayisela was made aware the SAPS will not ignore the allegations that were made by "James Nogu" against the CEO and that the SAPS will look into the matter broadly.

It is during this that one of the IT execs agreed to assist the SAPS in providing them with information to investigate the allegations made by the whistle-blower on the "James Nogu" e-mails.

The decision to assist the SAPS was made in line with clause 19.5 of the PIC Fraud, Corruption and Nepotism Prevention Policy, wherein it states under clause 19.5.1 that "An employee can be protected under the Whistle-blowers Act if they make wider disclosures, for eg to the police".

Forensic investigation

The memo shows that on 18 September 2017, the CEO of PIC met with IT service provider BCX to solicit assistance in conducting a forensic investigation and a security assessment of the PIC's information security posture.

The purpose of the forensic investigation and a security assessment were outlined on the proposal document from BCX titled "Information Security Forensic Investigation and Assessment Proposal", dated 19 September 2017.

The scope of work for forensic investigation was sub-contracted to Naledi Advisory Services by BCX. IT security firm SensePost also provided penetration testing services.

It adds that an e-mail account with super administrator privileges was created for Naledi Advisory Services on Mimecast on 20 October 2017. According to the document, this request to Mimecast was specified within that letter that the investigation was for the period 1 July 2017 to 20 October 2017.

The source alleges that in its quest to conduct the "witch-hunt", PIC continued to engage Naledi Advisory Services at a combined hourly rate of R3 200 per hour, and spent way in excess of R1.5 million to charge the senior manager of IT security and executive head of IT, instead of investigating the accuracy of the allegations by "James Nogu" made against the CEO.

According to the initial statement of work from BCX, signed by the CEO of PIC on 22 September 2017, the engagement with BCX and its affiliates would cost PIC an amount of R966 300. Subsequent to this, PIC further engaged Naledi Advisory Services, through a letter of engagement dated 8 October 2017, to conduct a forensic investigation into circumstances relating to the opening of a corruption case against the CEO of PIC. The costs of this engagement were set at R256 000.

In an e-mailed response to ITWeb, BCX said: "Whilst we are not at liberty to disclose the specific details of customer contracts that are covered by confidentiality restraints, kindly be advised that BCX takes great care at all times to ensure that it only concludes lawful agreements and is not complicit in any illicit behaviours."

E-mail security company Mimecast responded: "Mimecast's cloud archiving helps customers securely search and review historical e-mails. We respect our customers and their privacy. It is our company policy to not comment on behalf of our customers without consent."

Meanwhile, Business Day reported in May that the PIC board exonerated Matjila of corruption charges in September 2017, even though the evidence on which it based its decision was incomplete.

Have your say
Facebook icon
Youtube play icon