Open Rubric

© 2022 University of South Africa

All rights reserved

Printed and published by the

University of South Africa
Muckleneuk, Pretoria

FOR3704/1/2023–2025

10034811

InDesign

Revised by : Dr LL Motsepe

CGM_Style
CONTENTS
 Page
Introduction to the modulev
Learning unit 1: The forensic investigation of crime, irregularities, and transgressions 1
1.1 LEARNING OUTCOMES 1
1.2 INTRODUCTION1
1.3 LEARNING MATERIAL 2
1.4 LEARNING UNIT OVERVIEW 2
1.5 ACTIVITY 1 2
1.5.1 Feedback3
1.6 CONCLUSION4
1.7 SELF-ASSESSMENT4
Learning unit 2: Principles of investigation 5
2.1 LEARNING OUTCOMES 5
2.2 INTRODUCTION5
2.3 LEARNING MATERIAL 6
2.4 LEARNING UNIT OVERVIEW 6
2.5 ACTIVITY 2 6
2.5.1 Feedback7
2.6 CONCLUSION7
2.7 SELF-ASSESSMENT7
Learning unit 3: Cybercrime, Electronic Communications and Transactions Act 25 of
2002, computer-related activities, commercial crime, sexual offences,
and serious and violent crimes 8
3.1 LEARNING OUTCOMES 8
3.2 INTRODUCTION8
3.3 LEARNING MATERIAL 9
3.4 LEARNING UNIT OVERVIEW 9
3.4.1 Cybercrime9
3.4.2 Electronic Communications and Transactions Act 25 of 2002 10
3.4.3 Computer-related activities 13
3.4.4 Commercial crime 17
3.4.5 Sexual offences 21
3.4.6 Serious and violent crimes 22
3.5 ACTIVITY 3.1 23
3.5.1 Feedback23
3.6 ACTIVITY 3.2 23
3.6.1 Feedback23
3.7 CONCLUSION24
3.8 SELF-ASSESSMENT24

FOR3704/1(iii)
CONTENTS

Learning unit 4: Organised crime 25

4.1 LEARNING OUTCOMES 25
4.2 INTRODUCTION25
4.3 LEARNING MATERIAL 26
4.4 LEARNING UNIT OVERVIEW 26
4.4.1 Prevention of Organised Crime Act 121 of 1988 27
4.4.2 The Asset Forfeiture Unit 27
4.4.3 Racketeering Acts 28
4.4.4 Section 2(1) (e) of the Act 30
4.5 ACTIVITY 4.1 31
4.5.1 Feedback31
4.6 ACTIVITY 4.2 31
4.6.1 Feedback32
4.7 CONCLUSION33
4.8 SELF-ASSESSMENT33
Learning unit 5: Money laundering 34
5.1 LEARNING OUTCOMES 34
5.2 INTRODUCTION34
5.3 LEARNING MATERIAL 35
5.4 LEARNING UNIT OVERVIEW 36
5.4.1 Combating money laundering 36
5.4.2 Money laundering 36
5.4.3 Methods and stages of money laundering 38
5.4.4 Process of money laundering 39
5.4.5 Financial Intelligence Centre Act 38 of 2001 40
5.5 ACTIVITY 5.1 41
5.5.1 Feedback42
5.6 CONCLUSION42
5.7 SELF-ASSESSMENT42

(iv)
 INTRODUCTION TO THE MODULE

Dear student
Welcome to the module Investigation of Selected Crimes and Transgressions: Module
B (FOR3704). This module is at NQF Level 7 and carries 12 credits. It contains very
important information regarding the investigation of selected crimes and transgressions.
You must study all the information in this module to enhance your knowledge and
skills in the use and application of investigation of selected crimes and transgressions.

Investigation of Selected Crimes and Transgressions (FOR3704) is used and applied

during the investigation of incidents, transgressions and crime. This module will enable
you to make use of appropriate and financially viable resources, manage the application/
activities of selected resources, analyse and utilise the information/product delivered
in terms of your investigation. To complete this module, you will need to purchase
the prescribed textbook Forensic investigation: legislative principles and scientific
practice (ISBN: 9780702186479). The correct reference to use if you are seeking a copy
of the book is Dintwe, S & Zinn, RJ. (eds). 2015. Forensic investigation: legislative
principles and scientific practice (ISBN: 9780702186479). Cape Town: Juta. You
can also purchase or order the book from Juta or any academic bookshop and the
publication is available online at https://juta.co.za/ in both print and electronic format.
Please study this information carefully and ensure that you obtain the prescribed book.

All the questions asked in the assignments and the examination are based on information
in the prescribed textbook and Tutorial Letter 501. This module is offered online and
you should visit the FOR3704 module site often. Learning is not a spectator sport.
Students do not learn much just by sitting in class listening to teachers, memorising
pre-packaged assignments, and spitting out answers. They must talk about what they
are learning, write about it, relate it to past experiences and apply it to their daily lives.
They must make what they learn part of themselves. On this note, I wish you all the
best on your journey of self-discovery. Remember, with hard work, perseverance and
dedication, anything is possible!

1. PURPOSE OF THE MODULE FOR3704: MODULE-B

This module is designed for students in the corporate, private and public service law
enforcement spheres, which include occupations such as financial analysts, auditors,
private forensic investigators, private security industry personnel, police officers, military
police officers, intelligence personnel and any persons dealing with or investigating
aspects of financial crimes, transgressions or irregularities.

This module aims to identify and conduct investigations of selected crimes and
transgressions and inform students on how to apply the principles of humanising the
law and social responsibility.

FOR3704/1(v)
INTRODUCTION TO THE MODULE

2. LEARNING OUTCOMES
Learning outcomes in this context refer to the result of the learning process. It is what
you are expected to do after the learning process; the knowledge, skills and attitudes
that you have to demonstrate at the end of this module.

At the end of this module, you should be able to

• demonstrate integrated knowledge of the forensic investigation of crime, irregularities

and transgressions process and knowledge of some specialised areas of investigation.
• develop a well-rounded understanding and knowledge of investigative resources
of investigations in some specialist areas within the parameters of the investigative
mandate.
• analyse and utilise the information or product delivered in respect of selected crimes,
transgressions and irregularities in terms of the investigation of cybercrime and
organised crime.
• manage the application of investigation of selected crimes transgressions and
irregularities within the parameters of the investigative mandate.

3. SYLLABUS
The following knowledge is embedded within the module, and will be assessed directly
or indirectly through assessment of the specific outcomes in terms of the assessment
criteria:

• The forensic investigation of crime, irregularities and transgressions process

o Terminology
o Society and the rules that govern society
o Understanding crime investigation
o Constitutional foundation for investigations
o Purpose and objectives of an investigation or inquiry
o Types of investigators
o Criminal versus forensic investigation
o The investigation process
o Investigation techniques
o Specific characteristics of an investigator
o The modern-day investigation cycle
o Self-evaluation checklist for investigators

• The principles of investigation

o The Locard exchange principle
o Identification
o Individualisation

• Cybercrime
o 
Cybercrime in terms of the Electronic Communications and Transactions Act,
2002
o Computer-related crimes

(vi)
 Introduction to the module

• Identifying and solving:

o Advance fee schemes
o Commercial crime
o Sexual offences
o Serious and violent crime

• Digital evidence:
o The nature of digital evidence
o Use of digital evidence
o Sources of digital evidence
o Electronic devices and storage media
o Protected devices and media
o Concealed devices and media
o 
Digital evidence in terms of the Electronic Communication and Transaction
Act, 2002
o The admissibility and relevance of digital evidence
o The relationship between digital evidence and digital forensics
o Digital forensics
o The nature of digital forensics
o The digital forensic process
o Pre-examination phase
o Examination phases
o Post-examination phase, each of which follows sequentially

• Prevention of organised crime

o 
Investigations and proactive combatting through investigation in terms of the
Prevention of Organised Crime Act (POCA), 1998 (Act No. 121 of 1998):
o Racketeering
o Money laundering

4. ASSESSMENT CRITERIA
It is important to note that you will get assignments to complete during the semester
and write a formal examination. The assignments and examination will assess whether
you have achieved the set learning outcomes for this module.

The assessment questions will assess the following:

• Knowledge: Recall what you have learned.

• Comprehension: Demonstrate an understanding of the facts by organising, comparing,
interpreting, giving descriptions or stating main ideas.
• Application: Apply acquired knowledge to solve problems.
• Analysis: Make inferences, identify causes and find evidence to support judgements.
• Synthesis: Combine elements in different patterns to formulate new solutions.
• Evaluation: Give opinions and make judgements about the validity or quality of ideas.

FOR3704/1(vii)
INTRODUCTION TO THE MODULE

5. PRESCRIBED STUDY MATERIAL

Your prescribed material for this module is:

• Dintwe, S. & Zinn, RJ. (eds). 2015. Forensic investigation: legislative principles
and scientific practice. Cape Town: Juta (ISBN: 9780702186479)
This book, published in 2015, is the prescribed study material for this module. You can
purchase the book from Juta and the publication is available at all bookshops around
the country as well as online at https://www.jutaonline.co.za/shop/ in both print and
electronic format.

6. STRUCTURE OF THE STUDY GUIDE

Learning outcomes

Each learning unit in this study guide is structured as follows:

Introduction

This paragraph gives you a very brief idea of what you will be studying in the particular
unit.

Learning material:

This section indicates which paragraphs have to be studied from the textbook.

Module overview:

Under this heading, each learning unit indicates what content of the module is cov-
ered in the unit. It also refers to the prescribed cases that have to be studied with the
particular unit.

Activity:

The activity given at the end of each learning unit guides you in practising some of the
principles studied in the unit.

Conclusion:

The summary of each unit helps you to remember what you studied in that unit

Self-assessment activity

(viii)
1 LEARNING UNIT 1

The forensic investigation of crime,

1

irregularities, and transgressions

1.1 LEARNING OUTCOMES

On completing this learning unit, you should be able to:
• apply the investigation process and the investigation cycle to the investigation of
crimes, irregularities, and transgressions.
• investigate selected crimes, irregularities and transgressions using specific methods
and techniques, as required.

1.2 INTRODUCTION
The forensic investigation of crime, irregularities and the transgression process involves
more than mere investigation. Forensic investigation is first recognised as a science.
During an investigation, the natural sciences play a pivotal role in solving crimes or
incidents, for example through DNA analysis, but the human sciences also play a role.
The human sciences include the science of policing, which, in turn, includes the scientific
process, followed by an investigator in the investigation of a crime, incident, irregular-
ity or transgression. For example, a scientific process is followed to analyse the scene
of an incident (which encompasses making use of the natural sciences), and then the
investigator selects the most effective interviewing techniques that suit the personality of
the suspect, witness, or complainant (which encompasses utilising the human sciences).

To investigate something or someone is an immense responsibility and one that

investigators must undertake to the best of their ability. It is a responsibility that
demands dedication and a commitment to continuous learning because changes occur
daily in the fields of technology, legislation, policy, and the sciences. However, the field
of investigation is not the only one in which the investigator needs to grow. The forensic
investigation of crime, irregularities and transgressions also incorporates aspects and
elements from the management discipline. If investigators do not know how to manage
themselves, their resources, or their time, and if they do not know how to identify a
strategy and develop a plan to implement that strategy, they will be walking a very
rocky road.

FOR3704/11


1.3 LEARNING MATERIAL

The study information in the learning unit can be found in chapter 1 of the pre-
scribed book on pages 2 to 40 of Dintwe, S & Zinn, RJ. 2015. Forensic investigation:
legislative principles and scientific practice.

Please read through chapter 1 in the textbook, which explains the basic knowledge and
skills needed when investigating crimes, transgressions, or irregularities.

1.4 LEARNING UNIT OVERVIEW

Learning unit 1 is covered fully in your prescribed textbook, Dintwe, S & Zinn, RJ
(eds). 2015. Forensic investigation: legislative principles and investigative practices. Cape Town: Juta.
The topics dealt with in the relevant part of your prescribed textbook are the following:

• terminology
• society and the rules that govern society
• understanding crime investigation
• constitutional foundation for investigations
• purpose and objectives of an investigation/inquiry
• types of investigators
• criminal versus forensic investigation
• the investigation processes
• investigation techniques
• specific characteristics of an investigator
• the modern-day investigation cycles
• self-evaluation checklist for investigators

In the prescribed book, you will be introduced to the investigation of crimes and
transgressions. The concepts of forensic investigation and criminal investigation are
discussed and clarified. The investigation process is explained with specific reference
to the flow of an investigation, the investigator’s tasks and mandate, and the difference
between police and a private investigation. The concept of an investigator is unpacked
specifically about who this person is. What skills, attitudes and characteristics does
such a person need to be successful in what he or she does? The importance of eth-
ics and moral actions is also highlighted. The modern-day investigation cycle and the
value of intelligence-led investigations are also discussed. It is important to be mindful
that police investigations and investigations by private investigators differ in certain
respects. The learning unit concludes with a self-evaluation checklist for investigators.

1.5 ACTIVITY 1
X is employed as a bookkeeper by the GTI Group. Over two years, X has been transfer-
ring funds from the company account into a fraudulent account he created. You receive
an anonymous tip-off via the whistle-blowing hotline about X’s conduct. Furthermore,
you receive written complaints from employees forwarded to you by the human resource
department alleging that X uses derogatory language when speaking to fellow employ-
ees. You are required to conduct a forensic investigation into the allegations. Outline
how you will investigate the crime, irregularity, or transgression. You must first identify
whether a crime, irregularity or transgression has been committed.

2
 LEARNING UNIT 1: The forensic investigation of crime, irregularities, and transgressions

1.5.1 Feedback
Let us look at activity 1:

Firstly, it is important to identify and determine which crimes, irregularities or

transgressions have been committed. In the above scenario, the following can be
identified:

• fraud
• crimen injuria
• a transgression

Let us explore this further:

• Fraud

The fact that X has been transferring money unlawfully and intentionally, thereby
misrepresenting the company and causing actual loss to the company, is in effect
fraudulent behaviour, which is a criminal offence according to the requirements of
definitional elements for a specific type of crime. In this regard, see the definition of
fraud. Remember that the loss need not be actual loss; potential loss will suffice.

Investigation

See the discussion of the investigation process from page 20 of Dintwe and Zinn and
draw a mind map as to how you will approach the investigation.

A recommended process is set out below. However, you must consider the different
phases of investigation, including whether a company policy and procedure exist in
terms of which X can be investigated with a view to a possible disciplinary inquiry.

The investigation may include the following steps:

• lodging a criminal complaint with the South African Police Service (SAPS) (This
is an important step.)
• subpoenaing the relevant bank documents from the bank where the fraudulent account
is held (The bank statements will reflect the transfer of monies from the company
account into the fraudulent account.)
• establishing a link to the individual authorising the transfers to the fraudulent
account (the computer terminal used, passwords, authorisation codes, etc., will aid
in proving the case)
• suspending X as per the human resource policy and procedure (This is an option
that you have as a forensic investigator. The police can also effect an arrest.)
• initiating a disciplinary enquiry

• Crimen iniuria/transgression

Crimen iniuria is the unlawful, intentional, and serious impairment of the dignity or
privacy of another.

Investigation:

• Check if any policy exists that deals with the use of derogatory comments. Check
if X was aware of the existence of such a policy. Generally, employment contracts
require employees to familiarise themselves with all company policies and procedures.
These can usually be found on the company intranet or other electronic platforms.

FOR3704/13


• Conduct interviews and gather evidentiary material (statements, policies, procedures,

the employment contract, etc.).
• Initiate a disciplinary inquiry.
• In a criminal case, obtain sworn statements from the complainant.
• Obtain witness statements if there are witnesses.
• Lodge a criminal complaint with the SAPS.

The computer terminal that was used to commit the fraudulent acts is also important.
Consequently, the investigation process when dealing with computer crime is an im-
portant activity. During this activity, particular attention must be given to the hard
drive as an exhibit, including CDs and other evidentiary material. See the discussion
in Dintwe and Zinn. When studying the investigation of computer crime, you must
refer to the discussion of the investigation process on pages 20, 21 and 362 in your
prescribed textbook. In using the investigation process specific to the different phases,
you must be able to apply the principles in investigating computer crime. Also, see the
discussion in learning unit 3.

1.6 CONCLUSION
This learning unit is aimed at providing you with concise investigation processes and
the terminology thereof. The forensic investigation of crime, irregularities and the trans-
gression process is covered comprehensively in your prescribed textbook. The various
subtopics as outlined at the beginning of section 1.3 of this learning unit can be found
on pages 1 to 41 in the prescribed textbook. Do not underestimate this learning as you
will need to consult the prescribed book to learn more. In the next learning unit, we
look at the principles of investigation, which include the identification principle.

1.7 SELF-ASSESSMENT
To refresh your memory and to contribute to your understanding, do the following as-
sessment activities. The activities are for your preparations for the summative assessment.

• What are the three objectives of an investigation to consider at the scene of an incident?
• What is the difference between the criminal and forensic investigation? Give examples
to substantiate your answer.
• When can the company institute an investigation regarding an incident?

4
2 LEARNING UNIT 2

2 Principles of investigation

2.1 LEARNING OUTCOMES

On completing this learning unit, you should be able to:
• apply the principles of investigation, Locard exchange principle, identification, and
individualisation
• distinguish between identification and individualisation during the investigation of
selected crimes, incidents, or transgressions

2.2 INTRODUCTION
You need to consult chapter 2 of the prescribed book to understand the principles of
investigation. The forensic investigation of crime, irregularities, and transgressions
is a science. It is, therefore, important that an investigator apply scientific methods,
up-to-date techniques, and logical reasoning during the investigation process. For the
investigator to ensure that a scientific approach is adopted during an investigation, it is
important to be familiar with the principles of investigation.

There is no single definition that describes or explains the principles of investigation.

However, in this context, the principles include identification, individualisation, the
Locard exchange principle, and the gathering and examination of factual information
that answers questions or resolves problems. It is, therefore, important to recognise that
the principles of investigation include three main categories, namely:
• identification
• individualisation
• the Locard exchange principle

The purpose of identification in forensic investigation is to identify physical evidence,

which can then be analysed to help the investigator pursue a productive path based on
the clues provided by the specific characteristics of the physical evidence. The Locard
exchange principle in section 2.2 of the prescribed book is considered the foundation
on which identification is based, while individualisation in section 2.7 can be seen as a
more specific and later facet of identification.

FOR3704/15


2.3 LEARNING MATERIAL

In chapter 2 of the prescribed book, Forensic investigation: legislative principles and
scientific practice, three important principles of investigation are discussed as the most
influential concepts in the history of forensic investigation.

Study pages 45 to 46 of your prescribed book to understand what the Locard exchange
principle means to principles of investigation.

Study pages 48 to 63 of your prescribed book to understand the concept of identification,

the categories of identification, and to distinguish between the different types of
identification.

Study pages 64 to 66 of your prescribed book to understand the concept of

individualisation and to distinguish between identification and individualisation during
the investigation process.

2.4 LEARNING UNIT OVERVIEW

Learning unit 2 is covered fully in chapter 2 of the prescribed textbook. The topics dealt
with in the relevant part of your prescribed textbook are the following:
• the Locard exchange principle
• identification: a conceptual clarification
• the origins of identification
• the classification of identification
• types of identification
• individualisation
• the difference between identification and individualisation

In this learning unit, you will be introduced to the principles of investigation. These
principles talk to the gathering and examination of factual information and evidence
that solve crime investigation-related problems.

The Locard exchange principle will be discussed, a conceptual clarification of identification

will be provided, and the origins of identification will be explored. The classification and
types of identification will be explained, culminating in a discussion on individualisation.
The learning unit concludes with a discussion of the differences between identification
and individualisation.

2.5 ACTIVITY 2
The term individualisation is often mistaken for identification. However, each principle has
its own set of requirements to accomplish the objective during the forensic investigation
of crime, incident or transgressions.

• Differentiate between identification and individualisation.

6
 LEARNING UNIT 2: Principles of investigation

2.5.1 Feedback
In a forensic investigation, individualisation and identification are two inalienable
investigation principles that complement each other. One principle has no evidential
value without the other. Individualisation and identification can independently be used
to identify a specific suspect and link that suspect to a particular crime or incident.
Identification entails the act of identifying a person or object.

For more information, study more about these two investigation concepts from pages
45 to 65 of the prescribed material. Although this feedback is brief in this learning unit,
you must find more details about these principles.

2.6 CONCLUSION
This learning unit is covered in chapter 2 of the prescribed book, and the principles
of investigation are covered comprehensively. The various subtopics, which include
individualisation and identification as outlined at the beginning of section 2.2 of this
learning unit, can be found on pages 43 to 66 in your prescribed textbook. Once you
have studied these principles, you should be able to solve crime-related problems during
the investigation by using the techniques to a practical set of facts. The prescribed book
forms the core source of this module, and the examination is based on the application
of these principles of investigation. This wraparound merely provides a framework and
is not a source of comprehending the knowledge.

2.7 SELF-ASSESSMENT
These short-answer questions are appropriate in measuring an understanding of
investigation principles or the ability to solve problems or apply principles. They require
you to consider various factors of the investigation principles to arrive at solutions.

• How do you define identification?

• How can the identification principle be used in the investigation of a crime or incident?
To be certain that you understand this principle, give an example for your answer.
• Why is the Locard exchange considered an important principle of investigation?

FOR3704/17


3 LEARNING UNIT 3

Cybercrime, Electronic Communications and

3

Transactions Act 25 of 2002, computer-related

activities, commercial crime, sexual offences,
and serious and violent crimes

3.1 LEARNING OUTCOMES

On completing this learning unit, you should be able to
• explain the Electronic Communications and Transactions Act 25 of 2002 (ECT Act)
• describe computer-related crimes and distinguish the different types
• explain digital evidence

3.2 INTRODUCTION
Let’s begin with some startling statistics: it took 50 years for the radio to reach 50 mil-
lion people, but it took only five years for the internet to reach the same number of
people – and the number of internet users doubles every 100 days. In short, information
technology (IT) has changed the world. How we communicate has changed forever,
and that has been closely followed by a variety of new ways to commit crime. Initially,
only large organisations and government institutions had access to computers and the
internet. Nowadays, however, the “Net” and personal computers are found in many
households. As the IT world grows, the criminal world exploits this medium. The
word “cybercrime” can frighten any investigator, as it seems to imply that the field of
investigation is intangible.

Computers, information systems, communication devices, and other digital devices are
now used as tools to commit crimes. Moreover, they are the target of criminal activity.
However, potentially, they can also be used to store digital evidence that can prove or
disprove legal issues in dispute. As a result, the forensic-investigation environment has
changed fundamentally. These days, any investigator must be comfortable with obtaining
and collecting digital evidence, must understand how to make use of digital forensics,
and must be able to investigate cybercrime.

8
 LEARNING UNIT 3:

3.3 LEARNING MATERIAL

• Cybercrime and the Electronic Communications and Transactions Act are covered
in detail in Chapter 11 of the prescribed book, Forensic investigation: legislative
principles and scientific practice, from pages 362 to 395. It is important to have the
book when working through the learning unit.
• When studying commercial crime (3.4.4), sexual offences (3.4.5) and serious and
violent crimes (3.4.6), you ONLY need to study learning unit 3 as the prescribed
material. These three crimes are not covered in the prescribed book.

3.4 LEARNING UNIT OVERVIEW

The emergence of technology (computers, the internet and other means of communication
devices) has many advantages. One advantage entails dealing with socio-economic
issues that weigh down our society, including the improvement of poor communities
through education. These technologies have created many developments and opportunities
to move commodities within a short space of time, cutting the costs of travel. However,
in this globalised world, the same technologies have also created opportunities for
criminals to hide their identities and commit atrocious crimes against less advantaged
members of society. In this learning unit, you learn how the state has passed legislation
to curb the misuse of technology by criminals through what is now known as cybercrime
and other forms of crimes such as internet fraud, commercial crime, sexual offences,
serious and violent crimes.

3.4.1 Cybercrime
In chapter 11 of the prescribed book, it is explained how criminals have developed
creative new ways to perpetrate crime by integrating highly technical methods with
traditional crimes. Cybercrime is dealt with in detail on page 393 of the prescribed
book. Internationally, these “new” types of crimes challenge law enforcers to meet the
technological demands of investigations into such crimes. Computer crime may involve
traditional criminal activities, such as theft, fraud, forgery and espionage, as well as
a host of newly created offences, including the destruction of data, hacking, and the
interception of data.

From the viewpoint of a layperson, computer-related crime can be regarded as any

illegal activity where a computer, computer system, network or electronic device with
a memory capability is
• the object or target of the crime
• the instrument used to commit the crime
• used as the repository (store) of evidence relating to a crime

In terms of the above explanation, cybercrime would entail all crimes where comput-
ers/computer systems are the object, target or instrument of the crime, or the repository
of evidence related to the crime. A comprehensive definition of cybercrime can be found
on page 394 in your prescribed textbook under section 11.10.2.

In the next section, we will explore legislation that is aimed specifically at computer-
related crime.

FOR3704/19


3.4.2 Electronic Communications and Transactions Act 25 of 2002

When studying this information, please use learning unit 3 and the prescribed book.
This legislation is one of the most important materials that must be read in conjunction
with the prescribed book. Imagine someone hacking (illegally accessed) into a pharma-
ceutical company’s computers, stealing its medical formulae and publishing them on
the internet, from where the company’s competitors could download the information.
What would the suspect be guilty of?

It might surprise you to know that, until 1 August 2002, it would have been difficult
to prove that these actions made the perpetrator guilty of a crime. Admittedly, this
perpetrator stole intellectual property, but didn’t do so for financial gain. So, then, did
the suspect access premises illegally for unlawful purposes? No, the suspect didn’t leave
hir or her own home. Was he or she guilty of breaking and entering? No, the suspect
did not move or remove any tangible object to gain entry. What about theft? No again.
Only tangible items could be stolen and the suspect did not take the information away
from the owner; he or she simply made a copy of it. Until 1 August 2002, therefore,
South Africa did not have any legislation prohibiting crimes such as theft of data or
hacking (illegally accessing computers).

Fortunately, however, the Electronic Communications and Transactions Act (the ECT
Act) 25 of 2002 changed this undesirable situation. The ECT Act constitutes ground
breaking legislation for South Africa since it contains legislation to regulate something
that is not tangible, namely computer data. This might not seem significant, but, be-
fore the ECT Act, the only option investigators had was to try to prosecute offenders
responsible for billions of rand in damage in terms of common law offences.

Each aspect of the new legislation is discussed in detail using examples that an average
person can relate to. In the discussion below, selected sections that you are likely to
encounter in your work environment are quoted. However, it is helpful to read through
the whole ECT Act.

• Section 86: Unauthorised access to, interception of or interference with data

“(1) Subject to the Interception and Monitoring Prohibition Act, 1992 (Act No. 127 of
1992), a person who intentionally accesses or intercepts any data without authority or
permission to do so, is guilty of an offence.”

This means that you are not allowed to read or intercept any data without being duly
authorised to do so. Such provision is causing concern in the business community
since it implies that an employer is not allowed to monitor his/her employees’ e-mails
without their permission. This permission is normally gained using an IT policy. So,
when investigating cases of this type, you would need to obtain a copy of the IT policy
to determine if permission has been obtained.

“(2) A person who intentionally and without authority to do so, interferes with data in
a way which causes such data to be modified, destroyed or otherwise rendered ineffec-
tive, is guilty of an offence.”

In this subsection, crimes such as the deletion and modification of data are prohibited.
We often encounter cases where employees are dismissed/retrenched and, out of vin-
dictiveness, delete all the data on their computers.

“(3) A person who unlawfully produces, sells, offers to sell, procures for use, designs,
adapts for use, distributes or possesses any device, including a computer program or

10
 LEARNING UNIT 3:

a component, which is designed primarily to overcome security measures for the protec-
tion of data, or performs any of those acts about a password, access code or any other
similar kind of data with the intent to unlawfully utilise such item to contravene this
section, is guilty of an offence.”

This subsection refers to the creation, selling or possession of, primarily, programs
that assist hackers to break into other computer programs, that is, programs that are
designed to overcome the security features on a particular computer and allow a person
full access to that computer.

“(4) A person who utilises any device or computer program mentioned in subsection
(3) in order to unlawfully overcome security measures designed to protect such data or
access thereto, is guilty of an offence.”

This subsection links up with subsection 3 but prohibits the use of such a program.

“(5) A person who commits any act described in this section with the intent to unlawfully
interfere with access to an information system so as to constitute a denial, including a
partial denial, of service to legitimate users is guilty of an offence.”

This refers to any person who commits any of the acts we have already looked at in
order to render a computer system unusable. This is sometimes also referred to as a
“DOS” or “denial-of-service” attack.

• Section 87: Computer-related extortion, fraud and forgery

“(1) A person who performs or threatens to perform any of the acts described in section
86, for the purpose of obtaining any unlawful proprietary advantage by undertaking
to cease or desist from such action, or by undertaking to restore any damage caused as
a result of those actions, is guilty of an offence.”

“(2) A person who performs any of the acts described in section 86 for the purpose of
obtaining any unlawful advantage by causing fake data to be produced with the intent
that it be considered or acted upon as if it were authentic, is guilty of an offence.”

The above subsections are self-explanatory. In addition, both an attempt to commit one
of the above crimes and aiding and abetting in the commission thereof are prohibited
in terms of section 88.

As stated earlier on, these are not the only crimes dealt with by this Act. The remainder
of the Act prescribes the requirements for doing business on the internet. It is strongly
recommended that you study the remainder of the Act as well. Among other things,
you will discover the following:

• that it is unlawful in certain circumstances to send personal advertisements via e- mail

• the circumstances in which a contract is deemed to be signed by the parties dealing
via e-mail or over the internet
• how to keep records in electronic format
• the provisions relating to digital signatures

Other legislation that is closely related to this Act is the Regulation of Interception of
Communications and Provision of Communication-related Information Act 70 of 2002.

FOR3704/111


3.4.2.1 Crimes in terms of the Electronic Communications and Transactions Act 25 of

2002
Let’s have a look at some of the newer types of crimes mentioned in this Act. Note that
there are numerous different scenarios in which these crimes can occur.

• Hacking

In short, “hacking” means illegally gaining access to a computer or computer system.

You can also think of it as breaking into a computer. A hacker normally uses many
software programs (which, in terms of section 86(3) of the ECT Act, are now also illegal
to create, possess or use) to gain access to a computer, crack passwords, and destroy any
traces of his/her presence there. Hacking is a means to an end. People normally hack
into computers to perform some other mischief. This could include, but is not limited to,
• theft of data
• alteration of data
• destruction of data

Hackers do what they do for financial gain, or it could simply be for the challenge.
Information obtained in this manner is normally sold or used to extort money from the
lawful owner. It can also be used for espionage purposes. Hacking can be done while
sitting at the target computer or from the other side of the world. An employee who
has legitimate access to data can also commit theft, or alter or destroy data. So, as you
can see, it is not always necessary to hack before the crime is committed.

• Malicious programs

There is a wide range of malicious computer programs available. These programs are
grouped into several categories, for example, viruses, worms, and Trojans. To indicate
what a malicious program is, the following explains more or less what it does:
• A virus is a program that infects a computer. It can cause several problems, such
as making the computer slow, deleting data, annoying the user, or even rendering
the computer useless.
• A worm acts much like a virus but is normally able to spread/reproduce itself. If
a computer has a worm on it and it has e-mail capability, the worm will send itself
to all the contacts on the e-mail list.
• A Trojan is the most dangerous program of all. It is designed to do several things, for
example, collect certain data on your computer or create a backdoor on your computer.
This information is then sent back to the owner of the Trojan.
• A bomb or logic bomb is a program that is installed on a computer and “explodes”
if certain criteria are met. If, for example, you were a systems administrator at
a company, you could plant a bomb and tell it to destroy all data once your name
disappears from the company payroll – in other words, once you’ve been dismissed.

If you have access to the internet, you could do an internet search to find more infor-
mation on the difference between these types of malicious programs, the damage they
cause, and the measures that are available to combat them.

12
 LEARNING UNIT 3:

3.4.3 Computer-related activities

The most important thing to remember in this learning unit is that computers can play
a role in almost any type of activity or crime. Unfortunately, it often happens that an
investigator overlooks a computer at a crime scene as a potential instrument in the com-
mission of the crime or as a valuable source of evidence. Let’s prove this point:

Can you think of a crime in which a computer cannot be used? Let’s consider a few
crimes to see if computers can be used in their commission.

• Murder

Murder investigations have involved computers in many instances in South Africa,

so computers can be used in the crime of murder.

Here are a few examples:

• A person kills himself and leaves a suicide note on a computer. But how do we know
that he typed it? It could have been typed by the person who murdered him to make
it look like a suicide.
• Someone locates and corresponds with a hitman over the internet and “contracts” with
him to kill a person. All the evidence of this conspiracy is recorded on the computers
used.
• If a man knows that his wife has to undergo a serious operation and he breaks into
the doctor’s computer records and deletes information that she is allergic to penicillin,
the man could be legally responsible for his wife’s death.

• Vehicle theft/robbery

Here, again, computers can be used to commit a crime. For instance, one of the main
priorities of a car-theft syndicate is to get the stolen vehicle back on the road as a legal
vehicle. The syndicate does this by counterfeiting vehicle documents using a computer,
or it gets an insider at the licensing department to alter the details on the NATIS (com-
puter) system.

• Dealing in drugs

Once again, computers can be used to commit this crime. Many people, for example,
get information off the internet on how to manufacture drugs. There are even explicit
advertisements on the internet for the sale of scheduled medicines by unlicensed phar-
macists. You can even order dagga over the internet and get it delivered to your front
door! Furthermore, drug dealers keep records on computers of all their purchases and
sales, and of how much they owe their suppliers or street peddlers.

3.4.3.1 Investigation of computer crime

In studying the investigation of computer crime, you must refer to the discussion of
the investigation process on pages 20, 21 and 362 in your prescribed book. Using the
investigation process specific to the different phases, you must be able to apply the
principles in investigating computer crime. The sections that follow will provide some
guidelines that will help you to check your answers.

FOR3704/113


3.4.3.2 Collection of information

Firstly, I am sure that you would have determined that the phase is the preliminary
investigation phase. The importance of the preliminary investigation cannot be over-
emphasised. In the IT environment, a legion of possibilities exists. For example: is it
a stand-alone personal computer (PC); is it connected to a network; is it connected to
the internet; does the person use a password or encryption; is the evidence stored at the
scene or is it stored on a server in another country? Some of this information is crucial
to the investigation of computers and can only be collected during the preliminary in-
vestigation. It will be necessary, in some instances, to collect information about a person
or system beforehand. This can be done either by way of conventional methods (e.g.
informants) or by using more technically advanced methods. During this operation,
information on, for instance, passwords, encryption keys, where evidence is stored, and
possible accomplices can be collected. If this is not possible, the suspect can be placed
under surveillance either physically or by way of surveillance cameras.

Information about the physical layout of the crime scene is also important.

In all cases where a computer is involved, it is important to try to ascertain the following:
• the physical location of all PCs
• whether there is a network
• the location of the server or server room
• the name and contact details of the systems administrator
• the type of operating system in use
• whether passwords are used and, if so, what they are
• whether encryption is used and, if so, what the encryption keys are
• how many people are on the premises
• how many computers are involved
• who has access to which PC
• whether the PCs are connected to the internet and, if so, which internet service
provider (ISP) is used, and what the usernames and passwords are
• where all backups are stored

3.4.3.3 Digital evidence

You must consult your prescribed textbook from page 370 to page 395 for a detailed
discussion on digital evidence, which discussion encompasses the following topics and
subtopics:
• Defining digital evidence
• Nature of digital evidence
• Uses of digital evidence
• Sources of digital evidence
 Common devices and media
 Uncommon devices and media
 Protected devices and media
 Concealed devices and media

• Digital evidence concerning the Electronic Communications and Transactions Act

25 of 2002
• Admissibility and relevance of digital evidence
• Relationship between digital evidence and digital forensics
 Principles of handling computer-based digital evidence

14
 LEARNING UNIT 3:

• The digital forensic process

 Pre-examination phase
 Legal authority or mandate
 Identifying the legal elements to be proved
 Identifying the potential sources of digital evidence
 Seizing and transporting the evidence
 Forensic acquisition of digital evidence
 Authentication of forensic images

 The examination phase

 Confirming the examination parameters
 Authenticating the digital evidence provided
 Processing the digital evidence
 Examining the digital evidence
 Examining the digital artefacts
 Analysing relevant data artefacts

 The post-examination phase

 Examination and analysis of peer review
 Documenting the findings
 Report/affidavit peer review
 Testifying

3.4.3.4 How to collect, seal and package evidence

Computer-related evidence is like any other evidence you might find, except that it tends
to be very volatile and can easily be damaged or destroyed. Therefore, handle it with
extra care and follow the procedures listed below.

Only officials with sufficient knowledge and experience should deal with computers,
peripherals, CDs, DVDs, programs, and so forth, as well as with other technical or
specialised equipment, during searches. Never let the suspect or self-taught experts
touch the computer.

An official or civilian “expert” attempting an analysis without proper training can

seriously harm a case. Even if someone is a professional in the field of computers, it is
highly unlikely that he/she has received training in computer forensics.

Do not allow any suspect/unauthorised person to disconnect, alter the state of, or use
the computer. Never move a computer while it is switched on. A detailed discussion on
seizing a computer that is switched on can be found in your prescribed textbook
on page 387. Also, see the discussion on seizing a computer that is not powered
on, on page 386.

Keep radios, mobile phones and electrical/magnetic devices and sources away from com-
puter equipment. These include, but are not limited to, your car radio (in the boot next
to the transmitter), electric motors, speakers and magnetic clips. Don’t place the items
near excessive heat or in direct sunlight inside your car. Avoid touching exposed media
(e.g. CDs, DVDs and data tapes) with your bare skin, since the oil on your skin could
damage the media.

FOR3704/115


Avoid touching exposed wires or circuit boards – the static electricity in your body
may destroy the components. Do not place the items in plastic evidence bags or boxes
of foam. These items are full of static electricity and will cause permanent damage.
Treat the items gently: don’t drop or throw them around, and don’t pile heavy objects
on top of them.

Look around and ask the suspect if he/she has the original packing material. (Be cau-
tious to apply the above rules to any items he/she might suggest. Often, suspects care
more about protecting their equipment than anything else. If nothing else is available,
use a paper bag or cardboard box). Tag each wire, cable or other connector before it is
removed, as well as the port from which it is removed, allocating each item a unique
letter or number.

Follow the normal evidence-collection procedure that you would use for any other type
of evidence. Take pictures, and mark and tag items with the locations from which they
were seized. The location of each piece of evidence must be recorded and the exhibit
must be marked. If ten CDs are found at different locations in a room, they must be
packaged separately, since knowing the location could help to solve the crime. If, how-
ever, ten CDs are found in a box, they can be packaged together.

In many instances, storage devices such as CDs have few or no distinguishing features.
The investigator must nevertheless try his/her best to describe the pieces being col-
lected. Where serial numbers are available, they must be recorded.

Computer equipment must be packaged in non-static materials such as cardboard boxes

and paper envelopes. The stronger the packaging, the less likelihood there is that the
evidence will be damaged or destroyed. The evidence must be sealed by either placing
a non-removable tape over all-natural areas of opening or by sealing the evidence inside
a box/bag with rope and wax with a South African Police Service (SAPS) stamp. If
one of these sealing methods cannot be used at the crime scene, the front and back of
the computer can be covered with paper and sealed using Sellotape. (However, this is
suggested as a last resort.) The signature of the accused, complainant or witness present
must be placed over the seal. In incidents where forensic images of digital evidence are
obtained, it is of paramount importance that such images are authenticated. A discus-
sion explaining the process of authentication can be found in your prescribed textbook
on pages 378, 379 and 388.

The exhibit number and case number must be marked on the outside of the exhibit. No
covering letter must be sealed inside the exhibit container. When equipment is seized,
be sure to take all manuals, cables and components that are related to the seized items.
These will probably be required for the analysis.

A detailed discussion on the principles of computer-based digital evidence is

to be found in your prescribed textbook on pages 382 to 383. It is incumbent
upon you to read and compare the information in your prescribed book with the
information in your study guide.

3.4.3.5 Storage of seized evidence

Follow the golden rule for the storage of electronic or computer equipment: if you
are comfortable in a particular environment, the computer and components will be
“comfortable” there too.

16
 LEARNING UNIT 3:

• Store computer equipment at temperatures between 15 and 30 degrees Celsius.

• Store in dust-free environments.
• Store away from strong magnetic fields, including police radios in the boot of a car
or next to a large stereo speaker in the property room.
• Unfortunately, storing your computer evidence in a SAPS13 (evidence room) is not
one of the safest places for it: not only is it a temptation for someone to remove
some of the components (if it is unsealed, this will most likely happen), but stolen
radios might also be placed near your evidence or heavy articles may be placed on
top of it, causing it to be damaged.

3.4.4 Commercial crime

There is no recommended chapter in the prescribed book for this section of the
learning unit.

The commercial arena is probably where computer-related crimes are most often commit-
ted. This is because the whole commercial environment has changed from a paper-based
environment to an electronic environment. This means that transactions and actions
that were previously captured on paper are now captured and stored on computers.
That was the first phase. The second phase, which is currently gaining momentum, is
moving the actual transaction, where goods or services are exchanged for currency,
from a person-to-person environment to the electronic or internet environment. The
consequences of these changes are that, whereas detectives previously had to follow a
paper/money trail to find the culprit, nowadays there is no physical evidence, or clues,
that can be followed. Everything takes place and is stored in cyberspace. So, while
traditional commercial crimes such as fraud, forgery and scams still take place, it has
become much easier to commit these crimes, because computers are so much faster
and superior in carrying out the necessary actions.

Forgery of identity documents (IDs), bank statements, salary slips, shopping invoices,
money, and so forth, can all be done using a computer. But, you may be wondering:
“Why forge things such as bank statements, salary slips and shopping receipts?”

The answer is that criminals use these documents, together with a false ID, to apply
for credit and loans, and then they disappear with the money or the goods.

Another computer-related crime that is also unrivalled in scope is that of piracy (copy-
right infringements). Here we are talking about the pirating of computer software,
music and films.

3.4.4.1 Advance-fee schemes

Another computer-related crime that is also unrivalled in scope is that of advance-fee
schemes. Let’s look at a few examples of advance fee schemes and what it entails:

• Internet/e-mail crimes

The term “internet fraud” generally refers to any type of fraudulent scheme that uses
one or more components of the internet, such as chat rooms, e-mail, message boards
or websites, to fraudulently solicit prospective victims.

In general, the same types of fraudulent schemes that have harmed consumers and
frustrated investors for many years are now appearing online (sometimes with particu-

FOR3704/117


lar refinements that are unique to internet technology). With the explosive growth in
the internet and e-commerce, in particular, online criminals try to present fraudulent
schemes in ways that look, as much as possible, like the goods and services that the vast
majority of legitimate e-commerce merchants offer. In the process, they not only cause
harm to consumers and investors but also undermine consumer confidence in legitimate
e-commerce and the internet. This is very detrimental to South Africa if you consider
the multitude of legitimate business opportunities that the internet and e-commerce
present. A person struggling to make a living from a small, traditional business could
prosper greatly by putting their business on the internet, thereby allowing the whole
world to access their goods or services. However, such opportunities are seriously
jeopardised by unscrupulous operators of fraudulent online schemes.

The following is an example of a type of e-mail message that some people receive quite
often, particularly those less knowledgeable in the use of technology. Suppose you
received a message like this one. What would you make of it? What is going on here?

Subject: URGENT AND CONFIDENTIAL

Dear [ your name]

You may be surprised to receive this e-mail since you do not know me. I was given your name and
e-mail address by a business acquaintance of yours, who assured me that you are a trustworthy person
who might be willing to assist someone who is in desperate need, and so benefit from a lucrative business
opportunity at the same time. I am the son of the late president of the Democratic Republic of Zaire,
President Mobutu Sese Seko (Zaire is now the Democratic Republic of Congo, under the leadership of
the son of Mr Laurent Kabila). I presume you are aware that there is a financial dispute between my
family (the Mobutu) and the present civilian government. This is based on what they believe was bad
and corrupt governance on my late father’s part – may his soul rest in peace. Because they falsely allege
that he was corrupt, they have frozen his bank accounts in Switzerland and North America. This
has placed us, his family, in a difficult position. We still have some funds that rightfully belonged to my
father, but cannot deposit these funds either in our own country or in one of my father’s accounts. We
also live under the threat that the present government might appropriate these funds at any moment. Our
very lives may be in danger. Because of these circumstances, I am humbly asking for your help. I am
proposing that you confidentially allow me to use your bank account in South Africa to deposit thirty
million United States dollars (USD30 000 000). If you are willing to do this, my mother and I have
decided that you may have 20% of these funds. We will also refund any money you may spend on phone
calls or travelling expenses in the course of this transaction. Should you be interested in this transaction,
please reply to this message by sending me your telephone and fax number and e-mail address, and by
providing details of your bank account. Owing to the serious predicament of my family, I am sure you
will understand that all this has to be done with the utmost confidentiality. I am currently in a refugee
camp in the Netherlands but can be reached at [e-mail address]. Please, I need your full support and
cooperation for the success of this transaction. God bless you for your willingness to help a person in need.

Warmest regards

Joseph Mobutu Sese Seko

You will be able to check your answers for the above activity by working through the
following sections, which describe some of the main types of fraudulent schemes that
are perpetrated by means of electronic communication.

18
 LEARNING UNIT 3:

• Online auction and retail schemes

These schemes typically offer expensive items such as Cartier watches and comput-
ers, and collectables such as Teletubbies and Beanie Babies, which are likely to attract
many prospective customers. Such schemes induce their victims to send money for the
promised items but then deliver either nothing or only an item of far less value than
that promised (e.g. counterfeit or altered goods). An example of such a scheme under
investigation in South Africa involves the offer of accommodation to international guests.
This was a very popular scheme during the 2002 World Summit. What happened was
that the criminals would advertise accommodation on the internet. The unsuspecting
visitor would then pay the deposit in advance, only to discover once he/she arrived in
the country that the “hotel” concerned never existed. By that time, the internet site had
been closed down and the deposit paid was never recovered.

• Online business opportunity/“work-at-home” schemes

Fraudulent schemes often use the internet to advertise business opportunities that will
allow individuals to earn thousands of rand a month through “work-at-home” ventures.
These schemes typically require the individuals to pay some money upfront, but then fail
to deliver the materials or information that will be needed to make the work-at-home
opportunity a potentially viable business.

• Identity theft and fraud

Some fraudulent internet schemes also involve identity theft, that is, the wrongful acqui-
sition and use of someone else’s personal data in a way that involves fraud or deception,
typically for economic gain.

• Online investment schemes

Criminals use two basic methods to manipulate securities markets for personal gain.
Firstly, with so-called “pump-and-dump” schemes, they typically send out false and
fraudulent information to cause dramatic price increases in less popular shares. Secondly,
with short-selling or “scalping” schemes, false or fraudulent information is similarly
sent out, but, this time, to cause price decreases in a particular company’s shares so that
the shares may be purchased at a cheaper price.

• “419” or Nigerian scams

A person (such as the person who calls himself “Joseph Mobutu Sese Seko” in the activ-
ity), or a group of people, pretends to have a large sum of money in his/her/their pos-
session. Usually, they suggest that this money was obtained in suspicious circumstances
or that, for some or other reason, they cannot openly deposit the money into their bank
account. They, therefore, need another person to provide a bank account into which
the money can be deposited. They then usually promise the person who is willing to let
their bank account be used in this way a significant share of the money. In fact, all they
really want are the details of the person’s bank account. Having obtained these details,
they then use this information to illegally withdraw money from that person’s account.

Now, you would think that any person with a bit of common sense would realise that
this is a scam. Nevertheless, many educated people fall prey to this scam, lured by the
prospect of easy money. In the past, syndicates would send their request to potential
victims using letters or faxes, and detectives were then able to trace them via telephone
numbers as well as fingerprints on the letters. Nowadays, however, they send e-mail
messages from any internet cafe to people whose e-mail addresses they have obtained.

FOR3704/119


They often train a homeless person or “runner” to send e-mails and then hand such
person a stiffy containing the scam letter. Even if you could trace the e-mail very
quickly (which is impossible), you would only ever catch a person who was paid, say,
R20 to send an e-mail.

• Phishing

Phishing is a combination of technological development and social engineering which

may be broadly defined as the creation and use by a criminal of e-mails and websites in
an attempt to gather personal, financial and sensitive information.

A typical phishing e-mail will appear to come from a legitimate organisation such as a
bank and will state that the organisation requires the recipient of the e-mail to verify
their account information. For example, it may state that the person’s account could
have been compromised and that the bank needs to check their security details. The
e-mail will usually have a spoofed header and will be designed to resemble that of the
real organisation. The recipient is thereby tricked into providing the information, which
is then sold and/or used in committing identity theft. Although typically used to gain
financial information, phishing may be used to gain access to any account information
which may be useful to the offender. There are several ways in which phishing e-mails
may capture personal information. The least sophisticated is simply to ask the recipient to
respond via e-mail or fax. For example, an e-mail may contain a document that appears
to be from the tax department asking the person to provide their details and return
by fax within seven days, failing which the recipient will not gain certain tax benefits.

3.4.4.2 Card fraud

Some fraudulent internet schemes, which appear to be variations of the online auction
schemes described earlier, involve the use of unlawfully obtained credit card numbers
to order goods or services online.

This is how the scheme works:

• A criminal pretends to be a seller and advertises expensive items, such as video

cameras, at very low prices on an e-commerce website.
• A potential buyer contacts the criminal and offers to buy an item. He or she gives
the criminal their name and address.
• The criminal now contacts a genuine seller and buys the item from the seller. In
concluding the transaction, the criminal uses the potential buyer’s name and address,
and also the credit card number of another person that the criminal has obtained
illegally.
• The genuine seller now ships the item to the address that was provided, that is, the
address of the potential buyer who originally contacted the criminal.
• The potential buyer authorises payment to the criminal because they believe that
the item was sent by the criminal.
• The genuine supplier uses the credit card they were given to try to obtain payment.
However, at this point, they find out that the number was used illegally. They never
receive payment, because the person whose credit card number was used knows
nothing about the transaction and refuses to pay.

20
 LEARNING UNIT 3:

As a result, there are two victims of this scheme:

• the genuine supplier who sent the item to the buyer
• the buyer who sent their money to the criminal as payment

There are different types of card fraud, ranging from counterfeit-card fraud to lost-or-
stolen card fraud. Lost-or-stolen card fraud is more an opportunistic fraud type and
can be controlled through precautionary measures being adopted by cardholders, whilst
counterfeit-card fraud involves several technological fraud types such as skimming.

• Skimming

Skimming is a process whereby the genuine data on a card’s magnetic strip is electroni-
cally copied onto another without the legitimate cardholder’s knowledge.

There are two main categories of card skimming. The first involves “handheld skim-
ming”, which is when a handheld skimmer (a card reader that can store information in
memory) is utilised by criminals to skim (record) the data on credit and debit cards, after
which counterfeit cards are produced to complete actual transactions with the informa-
tion on the card. This type of skimming normally occurs at retail outlets, particularly at
bars, restaurants and petrol stations, where a corrupt employee skims a customer’s card
before handing it back. Often, cardholders are unaware of the fraud until they receive
their bank statements or alerts via their cellphones or computers.

The second type of skimming is card skimming using an automated teller machine
(ATM).

3.4.5 Sexual offences

While the internet is a very valuable technological tool, it unfortunately also has its
darker side: people with criminal tendencies and/or perverted minds can use this
medium very effectively to perform their criminal activities and/or satisfy their sick
obsessions. Let us look at a few examples of sexual offences that can be committed by
the use of the computer.

• Child pornography

The internet is an ideal medium for the pornographic industry: it is audiovisual and al-
lows the whole world access to a site. It can be used to distribute pictures, soundtracks,
videos, and even full-length films. These are some of the main reasons why pornography
is one of the biggest industries on the internet – a person cannot surf the internet for
even half an hour without stumbling onto a pornographic site.

Part of this industry is dedicated to child pornography, bestiality, and violence against
women and children. You may wonder what is harmful about possessing a picture of a
naked child. The fact of the matter is that the material is not normally of an innocent
nature and children are being exploited and violated to fulfil the perverted needs of
paedophiles. There are some sites where subscribers can interact with a host in real
time. On these sites, you can instruct the host to perform various acts with women or
children, or rape them, mutilate them or kill them. Women and children are abducted
or bought on the black market for this purpose.

FOR3704/121


Another area of grave concern to many parents is that of chat rooms. Paedophiles often
frequent chat rooms intended for children and teenagers, pretending to be children
or teenagers themselves who are experiencing the same problems any typical child or
teenager can relate to. These paedophiles might spend a couple of months befriending
a child in this chat room before suggesting that they meet in person. The outcome of
such a meeting is fairly obvious. Every parent of a so-called runaway child should be
questioned to see if that child spent any time on the internet before their disappearance;
it may just be that the child didn’t run away, but was abducted following a meeting such
as described in the above scenario.

• Invasion of privacy

Another perverted practice is to install webcams in locker rooms, bathrooms, stairwells

and various other places. Some people are even found walking along with a handheld
webcam so that they can look up women’s dresses. These photographs are then placed
on the internet for anyone to view.

• Malicious e-mails

E-mail can be used to distribute false or damaging information about a person. Can
you imagine the shock of seeing the face of your wife, daughter or even yourself pasted
on a pornographic image? This is especially disturbing for well-known figures such as
sportspeople, politicians or other celebrities.

3.4.6 Serious and violent crimes

In many cases, computers yield the evidence needed to prove a brutal crime. A crime
that is increasing at an alarming rate in South Africa is kidnapping. This normally takes
two different forms. In the case of the first form, a wealthy person/chief executive of-
ficer (CEO) of a company or a member of his/her family, such as a child, is kidnapped.
The ransom note might then be e-mailed from an internet cafe, thereby protecting the
identity of the criminal. Alternatively, the child could have been contacted directly via
the internet. Children often “meet” faceless people in chat rooms. This online rela-
tionship might then develop to the point where the child agrees to meet their online
“friend” in person, thus providing the opportunity for the child to be kidnapped. These
chat rooms also provide the perfect environment for cult members to influence young
people to join their cult.

In the second form, a businessperson might be contacted via e-mail and made a very
lucrative business offer. During the negotiations, they are invited to South Africa for
some other reason. On arriving at the airport, they are met so that they can be “trans-
ported to their hotel”. They never arrive at their hotel, but are instead kidnapped and
held for ransom. Very often, even if the ransom is paid, the person (hostage) is still killed.

In conclusion, it should be noted that the formula to build a nuclear bomb, as well as
various other deadly chemical weapons, can be found on the internet. When a youngster
is arrested for threatening to detonate a bomb, their parents might be disbelieving and
remark, for example: “How did my son or daughter know how to build a bomb? They
never mixed with that crowd. They kept to themselves and spent most of their time
surfing the internet.” Well, that’s the answer! Although this problem might not be preva-
lent in South Africa at present, there is a possibility that it could increase in the future.

22
 LEARNING UNIT 3:

In all of the above-mentioned scenarios, an indication of the kidnapped person’s

whereabouts or the suspect’s modus operandi could be obtained by analysing their
usage of the internet.

Here are some ideas about just one of the crimes mentioned in the above activity, namely
robbery. In the case of a bank robbery, for example, the robbers could have used software
to reconstruct the layout of the bank. They could have stored, on their computer, time-
tables indicating the changing of guards, the times of cash deliveries and pickups, and
a list of employees. They could also have saved their plans and action steps for robbing
the bank on their computer, or they could have e-mailed each other about the robbery.

3.5 ACTIVITY 3.1

Chapter XII of the Electronic Communications and Transactions Act deals with Cyber
Inspectors. Under the same chapter of the ECT Act, describe the provisions of section 87.

3.5.1 Feedback
Section 87 of the ECT Act deals with computer-related extortion, fraud and forgery.
Read sec 87(1)-(2) of this Act.

3.6 ACTIVITY 3.2

(1) Refer back to the imaginary scenario where someone hacked into the computer
system of a pharmaceutical company. Are you now able to determine what the
suspect is guilty of? Indicate the specific section of the relevant legislation in terms
of which the suspect will be guilty of a crime.
(2) As you might have noticed, this legislation does not look, sound or appear to be
the same as the common law that we are familiar with. Make a list of all the aspects
that you will need to investigate, or that your investigation will involve, to prove
one of these types of crimes.

3.6.1 Feedback
Concerning question 1 of the activity, the suspect will be guilty of hacking into the
system and stealing the formulae (section 86(1)). Further investigation would probably
also reveal that the suspect will be guilty in terms of section 86(3) or (4), that is, of
creating or using programs to gain access to the system.

In answering question 2 above, you most probably made a long list of aspects, and we
will be considering them all as we continue. Therefore, as you work through the fol-
lowing sections, think about how you can revise your answer to question 2 to make it
more complete.

A detailed discussion on digital evidence about the ECT Act can be found on page 378
in your prescribed textbook. You must pay attention to section 15(3) of the Act, which
sets out the guidelines for a South African court when assessing the evidential
weight of digital evidence.

FOR3704/123


3.7 CONCLUSION
Computer crime is a fast-growing area of crime. More and more criminals are exploit-
ing the speed, convenience and anonymity of the internet to commit a diverse range
of criminal activities that know no borders. This learning unit has introduced you to
various legislative principles that help combat such crimes or prosecute the perpetra-
tors. Furthermore, various computer-related crimes and the investigation thereof have
been covered. A detailed discussion on digital forensics and cybercrime is to be found
in your prescribed textbook on pages 361 to 396.

3.8 SELF-ASSESSMENT
• When did the Electronic Communications and Transactions Act (the ECT Act) 25
of 2002 come into effect?
• How can you keep records in an electronic format?
• How can a computer be useful in the investigation of a murder case?
• Why is using expert services to collect computer-related evidence at the scene of
the incident significant?

24
4 LEARNING UNIT 4

4 Organised crime

4.1 LEARNING OUTCOMES

On completing this learning unit, you should be able to
• explain organised crime and the Prevention of Organised Crime Act 121 of 1998
• recognise the purpose of the Asset Forfeiture Unit
• describe racketeering and the legal provisions that make it a crime to engage in
racketeering

4.2 INTRODUCTION
A single definition of organised crime has resulted in controversy among different
persons and countries. This can be attributed to the fact that different persons and
countries approach certain aspects of organised crime by using different methodologies.
However, the essential characteristics of the term “organised crime” are that it denotes
a process or method of committing crimes, not a distinct type of crime itself, nor even
a distinct type of criminal. Organised crime, therefore, involves the cooperation of
several persons and groups in which the main objective is premised on professional or
syndicated crime. Organised crime is committed by a coalition of crime groups bound
together by political and economic necessity.

The draft United Nations Framework Convention against Organized Crime of 1975 and
subsequent protocols, for example, resolution 53/111 of 9 December 1998, resolution
54/126 of 17 December 1999 and resolution 54/129 of 17 December 1999, stated that,
for the conventions, “organised crime” meant group activities involving three or more
persons, with hierarchical links or personal relationships which enabled their leaders to
earn profits or to control territories or markets, internal or foreign, through violence,
intimidation or corruption, both in furthering criminal activity and in infiltrating le-
gitimate economy, in particular through;

• the illicit trafficking of narcotic drugs or psychotropic substances, as defined by the

United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic
Substances of 1988
• money laundering
• trafficking in persons, as defined by the Convention for the Suppression of the Traffic
in Persons and of the Exploitation of the Prostitution of Others of 2 December 1949
• counterfeiting currency, as defined by the International Convention for the Suppression
of Counterfeiting Currency of 20 April 1929

FOR3704/125


• illicit trafficking in or the theft of cultural objects, as defined by the Convention on

the Means of Prohibiting and Preventing the Illicit Import, Export and Transfer of
Ownership of Cultural Property of 1970
• theft of nuclear material, its misuse, or threats of its misuse to harm the public,
as defined by the Convention on the Physical Protection of Nuclear Material of 3
March 1980
• terrorist acts
• illicit trafficking in or the theft of arms and explosive materials or devices
• illicit trafficking in or the theft of motor vehicles
• the corruption of public officials

The draft conventions also stated that the term “organised crime” covered commissions
of an act by a member of a group as part of the criminal activity of such an organisation.

It is important to understand that organised crime transcends borders; hence transna-

tional organised crime is premised on political and economic opportunity that allows
for syndicates to operate all over the world, with sophisticated networks and cells in
all corners of the globe. The 2000 United Nations Convention against Transnational
Organized Crime defines an organised crime group as a structured group of three or
more persons existing for a period of time and acting to commit one or more serious
crimes or offences established in accordance with the convention to obtain, directly or
indirectly, a financial or material benefit.

We have now established that organised crime is not only committed within a country’s
borders but is also an international phenomenon that reaches across borders and has
become a global problem. The emergence of organised crime in South Africa and the
rate at which it was increasing required the revision of legislation or the introduction of
new legislation to combat the sharp increase in organised crime. Furthermore, South
Africa’s common law and legislation had failed to keep pace with international measures
aimed at addressing organised crime. Also, the conventional criminal-law measures and
penalties were inadequate to combat and deter organised crime. This reality resulted in
the promulgation of the Prevention of Organised Crime Act (121 of 1988).

4.3 LEARNING MATERIAL

There is no recommended chapter in the prescribed book for this section of the learn-
ing unit. This learning unit must be read in conjunction with the following legislation:

• Prevention of Organised Crime Act 121 of 1988

• The Financial Intelligence Centre Act 38 of 2001

4.4 LEARNING UNIT OVERVIEW

Organised crime groups that attack citizens, businesses, organisations and the economy
seem to increase unabated. Because of the resourcefulness of the criminals, their
methods to commit organised crime are sophisticated for the emerging democratic
countries to deal with because of the state’s lack of skills and resources to investigate.
In this learning unit, certain sections of the Prevention of Organised Crime Act that
explain organised crime are uncovered. The purpose and value of the Asset Forfeiture
Unit are also explained.

26
 LEARNING UNIT 4: Organised crime

4.4.1 Prevention of Organised Crime Act 121 of 1988

The Prevention of Organised Crime Act introduced measures to combat organised
crime, money laundering, and gang activity. It also prohibited certain types of racket-
eering activities, outlawed money laundering, and established an obligation for people
to report specific information relating to money laundering.

The aim of the Act was to

• introduce measures to combat organised crime, money laundering and criminal
gang activities
• prohibit certain activities relating to racketeering
• provide for the prohibition of money laundering and for an obligation to report
particular information
• criminalise certain activities associated with gangs
• provide for the recovery of the proceeds of unlawful activity, as well as for the civil
forfeiture of criminal assets that have been used to commit an offence or assets that
are the proceeds of unlawful activity
• provide for the establishment of a Criminal Assets Recovery Account
• amend the Drugs and Drug Trafficking Act of 1992
• amend the International Co-operation in Criminal Matters Act of 1996
• repeal the Proceeds of Crime Act of 1996, incorporate the provisions contained in
the Proceeds of Crime Act of 1996, and provide for matters connected therewith

The Prevention of Organised Crime Act (hereafter “Organised Crime Act”) introduces
laws that operate against organised crime and gang activities, with a special focus on
money laundering and racketeering or illegal business activities. In the fight against
organised crime, the Organised Crime Act also introduces some changes to pre-existing
laws, such as the Drugs and Drug Trafficking Act and the Proceeds of Crime Act. The
Organised Crime Act also assists law enforcement in apprehending not only the criminal
“foot soldier”, but also the leaders of racketeering syndicates, and in cutting off their
income by confiscating or forfeiting their assets in terms of the money-laundering of-
fences created by such Act, particularly in terms of Chapters 5 and 6 of the Act.

Chapters 5 and 6 of the Organised Crime Act provide for a civil remedy ensuring the
preservation, seizure and forfeiture of property which is derived from unlawful activi-
ties or is connected to the commission, or suspected commission, of an offence. The
Act enables the National Director of Public Prosecutions to take property when, on a
balance of probabilities, it appears that the property is either the proceeds of unlawful
activities or was the instrumentality of an offence. The task of seizing and bringing
about the forfeiture of property is the work of the Asset Forfeiture Unit.

4.4.2 The Asset Forfeiture Unit

4.4.2.1 Introduction and mandate

The Asset Forfeiture Unit (AFU) was established in May 1999 in the Office of the
National Director of Public Prosecutions to focus on the implementation of Chapters
5 and 6 of the Organised Crime Act. The unit was to ensure that the powers in the
Act to seize the assets of criminals would be used to their maximum effect in the fight
against crime, and, particularly, organised crime.

FOR3704/127


The AFU sees its role as reclaiming what has been wrongfully obtained by criminals. It
recovers losses suffered by victims of crime and takes the profit out of crime. If there is
a direct victim of a crime, money from the asset forfeiture goes to the victim. If there
is no victim of the crime, the money goes into the Criminal Asset Recovery Account.

You will now be introduced to the crimes of racketeering and money laundering, crimes
which the Organised Crime Act was designed to address.

4.4.3 Racketeering Acts

Racketeering was an unknown legal concept in South African law before the enactment
of the Organised Crime Act. The offence of racketeering has characteristics similar to
those of the common law crime of conspiracy and is usually committed by organised
crime groups. Traditionally, racketeering involved a system of organised crime where
money was extorted from businesses by intimidation, violence or other illegal meth-
ods. It has also been described as a practice of engaging in a fraudulent scheme. The
ordinary meaning associated with a person who is a racketeer is “one who is engaged
in fraudulent business dealings”.

Common law crimes such as fraud, extortion, bribery and corruption may also constitute
racketeering activities. The term “racketeering” is not defined in the Organised Crime
Act, but a pattern of racketeering activities can result in a criminal act. This confusion
has resulted in various explanations of the concept. For example, De Koker argues that
racketeering was originally an American term for the organised blackmailing by busi-
nesses through intimidation and violence, which has since been used globally as a term
linked to organised crime which is perpetrated by organised crime groups.

In the United States of America, reference is made to protection rackets in which

businesses are forced to pay blackmailers to ensure that their businesses and clients are
left alone. A racket is a business that obtains money through fraud and extortion, or
through an illegal or dishonest practice.

Racketeering is a complex crime which, as already stated, bears some resemblance to

the common law crime of conspiracy. It usually involves group activity. However, the
Organised Crime Act does not limit the crime of racketeering to group activities or
organised crime groups. For example, the High Court and the Supreme Court of Ap-
peal have held that the Organised Crime Act applies to cases of individual wrongdoing.
Examples of these cases include

• National Director of Public Prosecutions v Mcasa and Another 2000 (1) SACR 263 (Tk)
• National Director of Public Prosecutions v Alexander and Others 2001 (2) SACR 1 (T)
• National Director of Public Prosecutions v RO Cook Properties (Pty) Ltd

Racketeering activities as dealt with in the Organised Crime Act focus on the enterprise
and objects rather than on the perpetrator.

It is therefore important that you are familiar with the characteristics of an enterprise.
The characteristics of an enterprise were set out in United States v Turkette 452 US 576
(1981) and are:
• differentiation of roles and tasks
• a system of command
• a commonly shared goal or purpose

28
 LEARNING UNIT 4: Organised crime

• the intention to make a profit

• continuity of personnel
• the fact that it is separate from the pattern of activity in which it engages

Let us now look at the sections in the Organised Crime Act that address racketeering.
Chapter 2 of the Act includes provisions that make it a crime to engage in racketeering.

4.4.3.1 Section 2(1) (a) of the Act

The section states:

Any person who (a)(i) receives or retains any property derived, directly or indirectly,
from a pattern of racketeering activity; and (ii) knows or ought reasonably to have
known that such property is so derived; and (iii) uses or invests, directly or indirectly,
any part of such property in the acquisition of any interest in, or the establishment or
operation or activities of, any enterprise; within the Republic or elsewhere, shall be
guilty of an offence.

Section 2(1) (a) is premised on the following:

• The accused must have received or retained property.
• There must have been a pattern of racketeering activity.
• There must have been an enterprise within the Republic or elsewhere.
• The property must have been derived directly or indirectly from a pattern of
racketeering activity.
• The accused must have known or ought reasonably to have known that such property
was derived directly or indirectly from a pattern of racketeering activity.
• Participation or involvement must be part of a Schedule 1 offence.
• The accused must have used or invested, directly or indirectly, any part of such
property in the acquisition of any interest in, or establishment or operation or
activities of, any enterprise within the Republic or elsewhere.

4.4.3.2 Section 2(1) (b) of the Act

The section states:

Any person who (b)(i) receives or retains any property, directly or indirectly, on behalf
of any enterprise; and (ii) knows or ought reasonably to have known that such property
derived or is derived from or through a pattern of racketeering activity; within the
Republic or elsewhere, shall be guilty of an offence.

Section 2(1) (b) is premised on the following:

The accused must have received or retained the property on behalf of an enterprise.
The property must have been received or retained within the Republic or elsewhere.

4.4.3.3 Section 2(1) (c) of the Act

The section states:

Any person who (c)(i) uses or invests any property, directly or indirectly, on behalf of
any enterprise or in the acquisition of any interest in, or the establishment or operation
or activities of any enterprise; and (ii) knows or ought reasonably to have known that

FOR3704/129


such property derived or is derived from or through a pattern of racketeering activity;

within the Republic or elsewhere, shall be guilty of an offence.

Section 2(1) (c) is premised on the following:

The accused must have used or invested property.

Such use or investment of property must have been on behalf of an enterprise.

4.4.3.4 Section 2(1) (d) of the Act

The section states:

Any person who (d) acquires or maintains, directly or indirectly, any interest in or con-
trol of any enterprise through a pattern of racketeering activity; within the Republic or
elsewhere, shall be guilty of an offence.

Section 2(1)(d) is premised on the following:

There must have been a pattern of racketeering activity.

There must have been an enterprise within the Republic or elsewhere.
Participation or involvement must be part of a Schedule 1 offence.

4.4.4 Section 2(1) (e) of the Act

The section states:

Any person who (e) whilst managing or employed by or associated with any enterprise,
conducts or participates in the conduct, directly or indirectly, of such enterprise’s af-
fairs through a pattern of racketeering activity; within the Republic or elsewhere, shall
be guilty of an offence.

Section 2(1) (e) is premised on the following:

There must have been an enterprise.

The accused must have directly or indirectly conducted, or participated in the conduct
of, such enterprise’s affairs.
The accused must have been a manager or an employee or must have been associated
with the enterprise.
The enterprise’s affairs must be identifiable.
Participation must be ongoing, continuous or repeated participation or involvement.

4.4.4.1 Section 2(1) (f) of the Act

The section states:

Any person who (e) manages the operation or activities of an enterprise and who knows
or ought reasonably to have known that any person, whilst employed by or associated
with that enterprise, conducts or participates in the conduct, directly or indirectly, of
such enterprise’s affairs through a pattern of racketeering activity; within the Republic
or elsewhere, shall be guilty of an offence.

30
 LEARNING UNIT 4: Organised crime

Section 2(1)(f) is premised on the following:

The accused must have managed the operations or activities of the enterprise directly
or indirectly.

The accused must have known or ought reasonably to have known that any person,
whilst employed by or associated with the enterprise, was conducting or participating
in the conduct, directly or indirectly, of such enterprises affairs through a pattern of
racketeering activity.

4.4.4.2 Section 2(1) (g) of the Act

Section 2(1)(g) of the Act states that any person who conspires or attempts to violate
any provision of paragraphs (a) (b) (c) (d) (e) or (f), within the Republic or elsewhere,
shall be guilty of an offence.

Section 3 states that, on conviction, such a person will be liable to a fine not exceeding
R1 million, or to imprisonment for a period up to imprisonment for life.

Conspiracy, attempt or incitement are inchoate crimes. “Inchoate crimes” can be defined
as acts which are committed in anticipation of the commission of the principal crime.
The inchoate crime not covered in this subsection is incitement.

To understand the various subsections of section 2, it should be noted that the common
theme of such subsections is the enterprise and object rather than the perpetrator.

4.5 ACTIVITY 4.1

Consider the points mentioned above specific to the draft United Nations Framework
Convention against Organised Crime of 1977 and the subsequent protocols thereto and
then indicate the characteristics of organised crime by analysing such points.

4.5.1 Feedback
The following points will help you understand the characteristics specific to organ-
ised crime: (They will also provide you with the necessary understanding to complete
activity 1.)
• corruption
• violence
• sophistication
• structure
• discipline
• multiple enterprises
• involvement in legitimate enterprises

4.6 ACTIVITY 4.2

You have established that Company Z is involved in racketeering activities during which
fraudulent offshore accounts are being used to channel money from the perpetration
of fraudulent business activities. Discuss how you would provide proof of the offence
of racketeering.

FOR3704/131


4.6.1 Feedback
The sections that follow will provide some guidelines that will help you to check your
answers for this activity.

Firstly, you must prove the following three things:

(1) the existence of an enterprise

(2) the pattern of racketeering activities
(3) the relationship between the accused, on the one hand, and the enterprise and the
pattern of racketeering activities, on the other

Secondly, the existence of a legitimate legal entity can be proved by the company charter.

Thirdly, the elements of each offence need to be proved through the evidence produced.

Fourthly, to prove the relationship, we must prove knowledge.

Fifthly, if an accused is an employee or associate, we must prove that he/she participated

in the activity.

Finally, determine who we are targeting. Remember that we are prosecuting the accused
for the collective activities of the enterprise.

After an investigation, you must understand and consider what the requirements are
if you intend to charge an accused person for racketeering. The following points are
guidelines for consideration:

• The accused
• The enterprise:
 separate from the accused
 the vehicle which the syndicate used to commit the crimes

• The offences
 pattern of racketeering activities
 p
redicate offences (A predicate offence is a crime that is a component of a
more serious criminal offence. For example, generating unlawful funds is the
main offence and money laundering is the predicate offence. Generally, the
term “predicate offence” is used in reference to underlying money laundering
and/or the financing of terrorist activity.)

• The state must establish

 the existence of an enterprise
 a pattern of racketeering activity
 a link between the enterprise and the accused

32
 LEARNING UNIT 4: Organised crime

4.7 CONCLUSION
“Racketeering” refers to carrying on a business, or business activities, in an illegal
manner or by using illegal means. Sometimes, the entire business itself is illegal, such
as drug trafficking, child pornography, or human trafficking. In other cases, however,
the business itself may be legal, but the tactics or practices used in the business are
illegal, such as extortion or money laundering. Several crimes may be part of an illegal
enterprise, such as theft, embezzlement, bribery, counterfeiting, and kidnapping.

When many people hear the term “racketeering”, they frequently think of the Mafia. The
Mafia has certainly been involved in some of the more infamous cases of racketeering
in many countries, but it is hardly the only group that has been guilty of the crime.
The organisation was famous for its protection schemes during the mid-20th century.
Protection racketeering involved forcing businesses to pay money to the organisation
for “protection”, which amounts to extortion according to the criminal law of most
countries. Interestingly, in most cases, the victims of a protection scheme were paying
money to the organisation to protect the business from being harmed by the same
organisation.

4.8 SELF-ASSESSMENT
• Why would a single definition of organised crime be controversial among different
persons and countries?
• How can the enactment of the Prevention of Organised Crime Act 121 of 1998 assist
in curbing organised crime in South Africa?
• When can the National Director of Public Prosecutions seize someone’s property?
• Who is responsible to reclaim the assets wrongfully obtained?
• What is the function of the Asset Forfeiture Unit?

FOR3704/133


5 LEARNING UNIT 5

5 Money laundering

5.1 LEARNING OUTCOMES

On completing this learning unit, you should be able to
• describe money laundering and the relevant sections thereto
• discuss the Financial Intelligence Centre Act 38 of 2001

5.2 INTRODUCTION
According to the 2009 Annual Report of the United Nations Office on Drugs and Crime
(UNODC), money laundering can be defined as the method through which criminals
disguise the illegal origins of their wealth and protect their asset bases to avoid suspicion
on the part of law enforcement and prevent leaving a trail of incriminating evidence.
It concludes that money laundering empowers corruption and organised crime. The
term “money laundering” in South African criminal law currently refers to several dif-
ferent offences that can be committed in terms of the Prevention of Organised Crime
Act 121 of 1998 (“Organised Crime Act”). Money laundering has been described or
defined in different ways. For this learning unit, the definition of money laundering
will be documented as stated in section 1 of the Financial Intelligence Centre Act 38
of 2001 (FICA), which defines money laundering as follows:

“money laundering” or “money-laundering activity” means an activity which has

or is likely to have the effect of concealing or disguising the nature, source, location,
disposition or movement of the proceeds of unlawful activities or any interest which
anyone has in such proceeds, and includes any activity which constitutes an offence
in terms of section 64 of the FICA or section 4, 5 or 6 of the Organised Crime Act.

In making sense of the definition of money laundering, it is also important to have a

general understanding of what money laundering entails. The following will assist you
to understand the concept better:

• Money laundering is the manipulation of illegally acquired wealth to obscure its

true source or nature.
• Money laundering is the process of taking the proceeds of criminal activity and
making these proceeds appear legal.
• The funds are made to appear legal through a single transaction or series of
transactions.

34
 LEARNING UNIT 5: Money laundering

Although South Africa conforms to international standards and is a signatory to the

international instruments that create duties regarding the criminalisation of money
laundering, for example, the 40 Recommendations of the Financial Action Task Force,
these are not the only measures concerning money laundering in the country. In South
Africa, money-laundering offences cover a larger area and differ from the laws of leading
foreign jurisdictions. The following points will help you understand these differences:
• In South Africa, money-laundering offences can be committed either intentionally
or negligently.
• Money-laundering offences can be committed in respect of the proceeds of any
type of offence.
• The main money-laundering offence can be committed by the criminal who committed
the laundering offence.
• South African legislation requires that suspicious transactions be reported.
• Penalties for money-laundering offences are harsh.

Schematic formation of money laundering: Figure 1.

A person who knows or ought

reasonably to have known that the
property forms part of the proceeds
of unlawful activities

enters into an agreement or performs any act in connection

engages in an arrangement of with such property
transaction OR

Which has or is likely to have the effect of

concealing the nature, source, enabling a person who committed

location, disposition or movement an offence to avoid prosecution or
of the property. to remove or diminish property
OR acquired as a result of an offence.

Source: Kruger (2008)

5.3 LEARNING MATERIAL

There is no recommended chapter in the prescribed book for this learning unit. This
learning unit must be read in conjunction with the Prevention of Organised Crime
Act 121 of 1998 and the Financial Intelligence Centre Act 38 of 2001.

FOR3704/135


5.4 LEARNING UNIT OVERVIEW

This learning unit aims to give you an overview of the sections of the Prevention of
Organised Crime Act created to combat different types of organised crimes, the meth-
ods and stages, and the processes of money laundering. Some transactions of money
laundering can occur in a single act. You will also learn the principal objectives and
functions of the Financial Intelligence Centre. This is followed by activities and self-
assessment at the end of the learning unit.

5.4.1 Combating money laundering

The legislature has endeavoured to combat money laundering in two ways:

• Firstly, sections 4, 5 and 6 of the Organised Crime Act create the offences of money
laundering.
• Secondly, the Financial Intelligence Centre Act (FICA) creates controls over
institutions that can facilitate money-laundering transactions. (The FICA embodies
both means of prevention (aimed at preventing the offence) and reactive means (in
the form of criminal sanctions).

Let us now explore the offences of money laundering in sections 4, 5 and 6 of the
Organised Crime Act.

• Section 4

Section 4 of the Organised Crime Act is dedicated to money laundering. The section
describes the offence of money laundering as follows:

5.4.2 Money laundering

Any person who knows or ought reasonably to have known that property is or forms
part of the proceeds of unlawful activities and –

(a) enters into any agreement or engages in any arrangement or transaction with
anyone in connection with that property, whether such agreement, arrangement
or transaction is legally enforceable or not; or
(i) performs any other act in connection with such property, whether it is per-
formed independently or in concert with any other person, which has or is
likely to have the effect –
(ii) of concealing or disguising the nature, source, location, disposition or move-
ment of the said property or the ownership thereof or any interest which
anyone may have in respect thereof; or
(iii) of enabling or assisting any person who has committed or commits an offence,
whether in the Republic or elsewhere –

(aa) to avoid prosecution; or

(bb) to remove or diminish any property acquired directly, or indirectly, as a result of
the commission of an offence, shall be guilty of an offence.

An analysis of the elements of the contraventions of section 4 of the Organised Crime

Act reveals the following:

36
 LEARNING UNIT 5: Money laundering

• The act from which the proceeds were derived or received must have been unlawful.
• Such unlawful act must have constituted a predicate offence that gave rise to the
proceeds derived, received or retained in connection therewith.
• Such activity must have happened in the Republic or elsewhere.
• Receipt or retention of property must have taken place.
• Property must have been derived directly or indirectly from a pattern of racketeering
activity.
• The accused must have known or should reasonably have known that the property
was derived from the crime.
• The accused must have used or invested such property.

• Section 5

Section 5 of the Organised Crime Act deals with concealing or disguising criminal
property and reads as follows:

5.4.2.1 Assisting another to benefit from proceeds of unlawful activities

Any person who knows or ought reasonably to have known that another person has
obtained the proceeds of unlawful activities, and who enters into any agreement with
anyone or engages in any arrangement or transaction whereby –

(a) the retention or the control by or on behalf of the said another person of the
proceeds of unlawful activities is facilitated; or

(b) the said proceeds of unlawful activities are used to make funds available to the
said other person or to acquire property on his or her behalf or to benefit him or
her in any other way, shall be guilty of an offence.

An analysis of the elements of the contraventions of section 5 of the Organised Crime

Act indicates that the first six bullet points of 5.4.2 above are applicable here. The only
exception is in the seventh bullet point which states: “The accused must have used
or invested such property.”

This element is replaced in section 5 of the Organised Crime Act with the following:

Such proceeds must be used to make funds available to the said other person or to
acquire property on his or her behalf or to benefit him or her in any other way.

You must understand that section 5 of the Organised Crime Act creates the offence of
assisting another person to benefit from the proceeds of unlawful activities. Section 5
does not seek to punish the person who obtained the proceeds of unlawful activities
but looks at the conduct of persons other than the initial perpetrator.

• Section 6

Section 6 deals with the acquisition, possession or use of the proceeds of unlawful
activities. This section states the following:

Any person who –

(a) acquires;
(b) uses; or
(c) has possession of,

FOR3704/137


property and who knows or ought reasonably to have known that it is or forms part
of the proceeds of unlawful activities of another person shall be guilty of an offence.

The analysis of this section indicates that it is conduct that constitutes the crime or
which contravenes any law. The activities targeted by section 6 are the acquisition, use or
possession of the proceeds of unlawful activity. The offence under section 6 is committed
in respect of the proceeds of the activities of another person. The accused must acquire,
use or have possession of the proceeds of the criminal activities of another person.

5.4.3 Methods and stages of money laundering

There are three stages involved in money laundering, namely:

(1) placement
(2) layering
(3) integration

5.4.3.1 Placement
This is the movement of cash from its unlawful source and its placement in traditional
financial institutions, casinos, shops, bureaux de change, and other businesses, both
nationally and internationally.

The process of placement can be carried out in many ways, including the following:

(1) Currency smuggling: This is the illegal physical movement of currency and
monetary instruments out of a country.
(2) Bank complicity: This occurs when a financial institution, such as a bank, is
owned or controlled by unscrupulous individuals suspected of conniving with
drug dealers and other organised crime groups.
(3) Currency exchanges: In some transitional economies, the liberalisation of foreign-
exchange markets provides room for currency movements. As a result, laundering
schemes can benefit from such a policy.

5.4.3.2 Layering
Layering is the process of separating the proceeds of criminal activity from their origin
through the use of many different techniques to layer the funds. These techniques include

(1) the use of multiple banks and accounts

(2) the use of professionals to act as agents
(3) transacting through corporations and trusts
(4) layers of complex financial transactions, for example, converting cash into travel-
lers’ cheques or purchasing valuable art and jewellery

5.4.3.3 Integration
This is the movement of previously laundered money into the economy mainly through
the banking system. In this way, such monies appear to be normal business earnings.
Some of the methods of integration include the following:

(1) Property deals: The sale of property to integrate laundered money back into the
economy is a common practice among criminals. For instance, many criminal

38
 LEARNING UNIT 5: Money laundering

groups use shell companies to buy property; hence the proceeds from the sale
would be considered legitimate.
(2) Front companies and false loans: Front companies that are incorporated in
countries with corporate-secrecy laws enable criminals to lend themselves their
own laundered proceeds by way of legitimate transaction.
(3) Foreign-bank complicity: Money laundering using known foreign banks
entails a higher order of sophistication and presents a very difficult target for law
enforcement. The willing assistance of the foreign banks is frequently protected
against scrutiny by law enforcement, especially as a result of banking laws and
regulations of other sovereign countries.
(4) False import/export invoices: The use of false invoices by import/export com-
panies has proven to be a very effective way of integrating illicit proceeds back
into the economy. This involves the overvaluation of entry documents to justify
the funds later deposited in domestic banks and/or the value of funds received
from exports.

5.4.4 Process of money laundering

Sources of Placement Layering Integration

income:

Goal: Goal: Goal:

1. tax crimes To deposit criminal To conceal the To create
2. fraud proceeds into the origins of an apparent
financial system proceeds legal origin
3. embezzlement through through for criminal
4. theft proceeds through
5. bribery 1. c hange of 1. w
 ithdrawals 1. c reating
6. corruption currency of cash fictitious loans
financial
7. armed robbery 2. c hange of 2. c ash
statements,
denominations deposits
contracts, etc.
3. t ransportation into other
bank 2. d isguising
of cash
accounts ownership of
4. cash deposits assets
3. s plitting
and 3. c riminal
merging funds used in
between third-party
bank transactions
accounts

Examples of businesses that are ideal for laundering cash may include
• banks
• casinos and bookmakers
• nightclubs
• car dealerships
• retail outlets
• businesses dealing in high-value commodities and luxury goods

FOR3704/139


5.4.5 Financial Intelligence Centre Act 38 of 2001

The Financial Intelligence Centre Act 38 of 2001 (FICA) came into effect on 1 July
2003. The FICA was introduced to fight financial crime, such as money laundering,
tax evasion, and the financing of terrorist activities. The FICA brings South Africa’s
legislation in line with similar legislation in other countries designed to reveal the move-
ment of amounts of money derived from unlawful activities, thereby curbing money
laundering and other criminal activities.

The FICA was later amended by the Protection of Constitutional Democracy against
Terrorist and Related Activities Act 33 of 2004 and the Financial Intelligence Centre
Amendment Act 11 of 2008. The aims of the FICA can be summarised as follows:

To establish a Financial Intelligence Centre and a Counter-Money Laundering Advisory

Council in order to combat money laundering activities and the financing of terrorist
and related activities; to impose certain duties on institutions and other persons who
might be used for money laundering purposes and the financing of terrorist and related
activities; to clarify the application of the Act in relation to other laws; to provide for the
sharing of information by the Centre and supervisory bodies; to provide for the issuance
of directives by the Centre and supervisory bodies; to provide for the registration of
accountable and reporting institutions; to provide for the roles and responsibilities of
supervisory bodies; to provide for written arrangements relating to the respective roles
and responsibilities of the Centre and supervisory bodies; to provide the Centre and
supervisory bodies with powers to conduct inspections; to regulate certain applications
to Court; to provide for administrative sanctions that may be imposed by the Centre
and supervisory bodies; to establish an appeal board to hear appeals against decisions
of the Centre or supervisory bodies; to amend the Prevention of Organised Crime Act,
1998, and the Promotion of Access to Information

Act, 2000; and to provide for matters connected therewith.

Section 29 of the FICA imposes a duty to disclose suspicious and unusual transactions.
Information regarding these transactions is forwarded to the Financial Intelligence
Centre (FIC). The FIC falls under the National Treasury, which receives all reports
filed by businesses and employees of businesses in terms of the FICA. The reports are
then analysed and disseminated to the relevant authorities.

5.4.5.1 Objectives of the Financial Intelligence Centre

The principal objective of the FIC is to assist in the identification of the proceeds of
unlawful activities and the combating of money-laundering activities and the financing
of terrorist and related activities.

The other objectives of the FIC are

(1) to make information collected by it available to investigating authorities, supervi-

sory bodies, the intelligence services and the South African Revenue Service to
facilitate the administration and enforcement of the laws of the Republic
(2) to exchange information with bodies with similar objectives in other countries
regarding money-laundering activities, the financing of terrorist and related activi-
ties, and other similar activities
(3) to supervise and enforce compliance with the FICA or any directive made in terms
of FICA, and to facilitate effective supervision and enforcement by supervisory
bodies

40
 LEARNING UNIT 5: Money laundering

5.4.5.2 Functions of the Financial Intelligence Centre

To achieve its objectives, the FIC must

(1) process, analyse and interpret information disclosed to it, and obtained by it, in
terms of the FICA
(2) inform, advise and cooperate with investigating authorities, supervisory bodies,
the South African Revenue Service and the intelligence services
(3) monitor and give guidance to accountable institutions, supervisory bodies and
other persons regarding the performance and compliance by them with their duties
and obligations in terms of the FICA or any directive made in terms of the FICA
(4) retain the information referred to above in the first bulleted point in the manner
and for the period required by the FICA
(5) annually review the implementation of the FICA and submit a report thereon to
the Minister
(6) implement a registration system in respect of all accountable institutions and
reporting institutions
(7) supervise and enforce compliance with the FICA or any directive made in terms
of FICA by accountable institutions, reporting institutions and other persons to
whom the provisions of the FICA apply, that
 a
re not regulated or supervised by a supervisory body in terms of the FICA or
any other law
 are regulated or supervised by a supervisory body in terms of the FICA or

any other law, if that supervisory body fails to enforce compliance despite any
recommendation of the FIC made in terms of section 44(b)

The FICA also gives rise to a duty on the part of all businesses, and every employee
of a business, to report a transaction with the business if it is known to involve, or is
suspected of involving, the proceeds of a crime or tax evasion or if it does not have an
apparent lawful or business purpose, that is, to report so-called “suspicious and unusual
transactions”. The FICA creates additional duties for two specific groups of institutions,
called “accountable institutions” and “reporting institutions”. Institutions which are
classified as accountable institutions are listed in Schedule 1 of the FICA.

This schedule lists, among others, attorneys, banks, brokers, insurers, estate agents and
trustees. Reporting institutions are listed in Schedule 3 of the FICA.

5.5 ACTIVITY 5.1

Money laundering is a crime that involves a very complex system of several unlaw-
ful activities to conceal dishonestly accumulated money and thereafter put it through
several schemes before it is moved into the normal use for legitimate purposes. Those
perpetrating money launderings are difficult to detect and investigate because of the
obscured methods used by perpetrators. Provide the legislation(s) that were promulgated
to bolster section 205 of the Constitution of the Republic of South Africa, 1996, to fight
the scourge of money laundering through organised crime.

FOR3704/141


5.5.1 Feedback
The Financial Intelligence Centre Act 38 of 2001 (also known as FICA), read in conjunc-
tion with the Prevention of Organised Crime Act 121 of 1998 (abbreviated as POCA),
are the major developments in support of the Constitution for purposes of prevent-
ing, combating and investigating crime in South Africa. In terms of FICA, financial
institutions, particularly the banks, are compelled to prevent the means criminals use
to launder the benefits of their criminal activities and to control and report suspicious
transactions of money laundering.

Read the provisions of South Africa’s anti-money laundering legislation.

5.6 CONCLUSION
South Africa has a comprehensive framework for controlling money laundering. There
is evidence that the Prevention of Organised Crime Act has already had a noticeable
impact on laundering methods in practice, for example in cases such as S v Dustigar (Case
no. CC6/2000; Durban and Coast Local Division) and S v Caswell (Case no. 27/87/98;
Regional Court, Cape Town). There are also positive indications that the South African
money-laundering control system will have an impact on current trends. Important
steps have already been taken by the South African government to ensure that the FIC
can operate effectively, and both government and the financial sector have committed
themselves to combating money laundering.

5.7 SELF-ASSESSMENT
• What is money laundering?
• How many stages does money laundering entail?
• Which legislation was created to prevent and combat organised crime such as money
laundering?
• What are the objectives of the Financial Intelligence Centre?

This concludes the study of the basic principles of investigation of selected crimes and
transgressions. We trust that you have enjoyed this module and wish you the luck with
the rest of your studies

Dr L Motsepe

42