All Article Properties:
{
"access_control": false,
"status": "publish",
"objectType": "Article",
"id": "2588367",
"signature": "Article:2588367",
"url": "https://staging.dailymaverick.co.za/opinion-piece/2588367-labour-appeal-court-ruling-a-significant-step-in-fighting-ghost-employee-fraud",
"shorturl": "https://staging.dailymaverick.co.za/opinion-piece/2588367",
"slug": "labour-appeal-court-ruling-a-significant-step-in-fighting-ghost-employee-fraud",
"contentType": {
"id": "3",
"name": "Opinionistas",
"slug": "opinion-piece"
},
"views": 0,
"comments": 3,
"preview_limit": null,
"excludedFromGoogleSearchEngine": 0,
"title": "Labour Appeal Court ruling a significant step in fighting ghost employee fraud",
"firstPublished": "2025-02-12 18:48:21",
"lastUpdate": "2025-02-12 18:48:24",
"categories": [
{
"id": "435053",
"name": "Opinionistas",
"signature": "Category:435053",
"slug": "opinionistas",
"typeId": {
"typeId": "1",
"name": "Daily Maverick",
"slug": "",
"includeInIssue": "0",
"shortened_domain": "",
"stylesheetClass": "",
"domain": "staging.dailymaverick.co.za",
"articleUrlPrefix": "",
"access_groups": "[]",
"locale": "",
"preview_limit": null
},
"parentId": null,
"parent": [],
"image": "",
"cover": "",
"logo": "",
"paid": "0",
"objectType": "Category",
"url": "https://staging.dailymaverick.co.za/category/opinionistas/",
"cssCode": "",
"template": "default",
"tagline": "",
"link_param": null,
"description": "",
"metaDescription": "",
"order": "0",
"pageId": null,
"articlesCount": null,
"allowComments": "0",
"accessType": "freecount",
"status": "1",
"children": [],
"cached": true
}
],
"content_length": 7824,
"contents": "<span style=\"font-weight: 400;\">Like any good ghost story, this tale involves mysterious appearances, unexplained occurrences and the lingering question: who really controls these spirits that haunt our public sector payrolls?</span>\r\n\r\n<span style=\"font-weight: 400;\">But unlike traditional ghost stories, these phantoms leave very real holes in South Africa’s public purse, their presence felt not in midnight chills but in depleted budgets and compromised service delivery.</span>\r\n\r\n<span style=\"font-weight: 400;\">A January 2025 Labour Appeal Court decision in the</span><a href=\"https://www.saflii.org/za/cases/ZALAC/2025/2.html\"> <span style=\"font-weight: 400;\">Gauteng Department of Education vs General Public Service Sectoral Bargaining Council</span></a><span style=\"font-weight: 400;\"> case offers a fascinating window into one of South Africa’s most persistent public sector challenges: ghost employee fraud.</span>\r\n\r\n<span style=\"font-weight: 400;\">This case, involving approximately R2-million in fraudulent payments, illustrates both the sophistication of modern payroll fraud and the complexities of proving culpability in such schemes.</span>\r\n\r\n<span style=\"font-weight: 400;\">At its heart, the case revolved around a deceptively simple question: How did a principal personnel officer, Kenneth Mothlang, repeatedly obtain and use his colleagues’ regularly updated</span><a href=\"https://persal.treasury.gov.za/\"> <span style=\"font-weight: 400;\">Persal</span></a><span style=\"font-weight: 400;\"> (the government’s payroll and human resource system) passwords over two years to facilitate ghost employee appointments?</span>\r\n\r\n<span style=\"font-weight: 400;\">The Labour Appeal Court’s analysis of this question has profound implications for public sector accountability and system security.</span>\r\n\r\n<span style=\"font-weight: 400;\">In this case, the Gauteng Department of Education (the employer) dismissed four employees (Maluka, Tshabalala, Ntombela and Sibi) for alleged misconduct involving ghost employee fraud. The department alleged that between January 2014 and November 2015 these employees were involved in the fraudulent appointment and salary adjustment of two ghost teachers at Isiqalo Primary School.</span>\r\n\r\n<span style=\"font-weight: 400;\">Additionally, one employee was accused of extending these ghost contracts, while another was alleged to have appointed two more ghost employees at both Isiqalo and Munsieville primary schools.</span>\r\n<h4><b>Criminally convicted</b></h4>\r\n<span style=\"font-weight: 400;\">The fraud was perpetrated using the employees’ Persal system credentials. Over nearly two years, approximately R2-million was fraudulently paid into bank accounts belonging to Mothlang, a principal personnel officer who reported to one of the accused employees. Mothlang was later criminally convicted for the fraud.</span>\r\n\r\n<span style=\"font-weight: 400;\">The case’s trajectory through South Africa’s labour dispute resolution system is particularly instructive. The initial arbitration at the General Public Service Sectoral Bargaining Council focused narrowly on whether the department had proved “actual theft”, essentially missing the forest for the trees.</span>\r\n\r\n<span style=\"font-weight: 400;\">The arbitrator’s emphasis on the physical location where fraudulent transactions occurred — Braamfontein, Johannesburg and Pretoria rather than the employees’ Krugersdorp workstations — reflected a fundamental misunderstanding of modern digital fraud.</span>\r\n\r\n<span style=\"font-weight: 400;\">The Labour Court similarly adopted what the Appeal Court would later characterise as an overly technical approach. By focusing on whether employees had been specifically charged with sharing their Persal credentials, rather than their broader involvement in the fraudulent scheme, the court failed to engage with the practical realities of how such fraud operates.</span>\r\n\r\n<span style=\"font-weight: 400;\">The Labour Appeal Court’s decision represents a significant shift in how such cases might be approached in future. By focusing on the improbability of Mothlang repeatedly obtaining updated passwords without cooperation, the court demonstrated a more sophisticated understanding of system security and human behaviour.</span>\r\n\r\n<span style=\"font-weight: 400;\">This approach aligns with what we know about complex fraud schemes, which rarely leave direct evidence of collusion.</span>\r\n\r\n<span style=\"font-weight: 400;\">The Labour Appeal Court held that employees were unable to explain how their monthly updated passwords were repeatedly obtained over two years. Given a 2013 policy requiring password protection and the reasonable assumption that employees in their positions would understand the importance of credential security, the probabilities supported their involvement in the misconduct.</span>\r\n<h4><b>An unduly narrow and technical approach</b></h4>\r\n<span style=\"font-weight: 400;\">The court also held that the arbitrator had materially misdirected himself by taking an unduly narrow and technical approach to the charge sheet.</span>\r\n\r\n<span style=\"font-weight: 400;\">The arbitrator’s error lay in focusing on whether “actual theft” was proved rather than examining the broader allegation of involvement in fraudulent appointments. This approach, combined with the arbitrator’s failure to properly weigh crucial undisputed evidence, had a “distorting effect” on the outcome.</span>\r\n\r\n<span style=\"font-weight: 400;\">The timing of this judgment is particularly relevant. As Letlhokwa George Mpedi</span><a href=\"https://www.dailymaverick.co.za/opinionista/2023-07-20-ghost-employees-on-payrolls-a-major-occupational-fraud-hazard/\"> <span style=\"font-weight: 400;\">recently noted</span></a><span style=\"font-weight: 400;\"> in Daily Maverick, the Passenger Rail Agency of South Africa (Prasa) identified potentially 3,000 ghost employees in 2021, leading to savings of R200-million through Project Ziveze.</span>\r\n\r\n<span style=\"font-weight: 400;\">The Gauteng Department of Education case provides valuable insights into how such schemes operate and, crucially, how they might be detected and proven.</span>\r\n\r\n<span style=\"font-weight: 400;\">The court’s emphasis on password security as an indicator of complicity is particularly significant. In an era where public sector employees are increasingly aware of cybersecurity risks, the regular sharing of updated passwords over two years cannot be dismissed as mere carelessness. The court’s willingness to draw adverse inferences from this pattern of behaviour may influence how similar cases are approached in future.</span>\r\n\r\n<span style=\"font-weight: 400;\">However, the judgment also raises important questions about public sector controls. If four employees’ credentials could be used over two years to facilitate fraud worth R2-million, what does this suggest about the broader vulnerability of the Persal system?</span>\r\n\r\n<span style=\"font-weight: 400;\">The fact that transactions could be processed from locations different from the credential holders’ workstations points to significant system design flaws.</span>\r\n\r\n<span style=\"font-weight: 400;\">The case also highlights the challenge of balancing procedural fairness with practical justice. The Labour Appeal Court’s criticism of overly technical approaches to charge sheet interpretation reflects a growing recognition that workplace discipline must adapt to the realities of digital-era fraud.</span>\r\n\r\n<span style=\"font-weight: 400;\">Traditional concepts of location-based evidence and direct proof of theft may need reconsideration in cases involving system-based fraud.</span>\r\n\r\n<span style=\"font-weight: 400;\">Looking forward, this judgment should prompt a thorough review of public sector payroll systems. While the Persal system requires regular password updates, this case demonstrates that password changes alone are insufficient protection against determined fraudsters. Multi-factor authentication, biometric verification, and transaction location monitoring might need consideration.</span>\r\n<h4><b>Need for better training and accountability measures</b></h4>\r\n<span style=\"font-weight: 400;\">The case also suggests the need for better training and accountability measures. Public sector employees need to understand that system credentials are not merely administrative tools, but critical security measures. The court’s willingness to draw adverse inferences from unexplained password sharing might help drive this message home.</span>\r\n\r\n<span style=\"font-weight: 400;\">Ultimately, the Labour Appeal Court’s decision marks a significant step forward in addressing ghost employee fraud. By focusing on the practical impossibility of credential misuse without cooperation, rather than requiring direct evidence of fraud, the court has provided a template for future cases.</span>\r\n\r\n<span style=\"font-weight: 400;\">However, the real test will be whether this approach prompts meaningful reforms in public sector payroll systems and employee accountability.</span>\r\n\r\n<span style=\"font-weight: 400;\">The ghosts in South Africa’s public sector payroll system may be invisible, but their impact is all too real. As this case demonstrates, exorcising them will require not just better systems but also a more sophisticated approach to detecting and proving fraud.</span>\r\n\r\n<span style=\"font-weight: 400;\">The Labour Appeal Court has shown the way — it’s now up to public sector administrators to follow through. </span><b>DM</b>",
"authors": [
{
"id": "243506",
"name": "Marthinus van Staden",
"image": "https://www.dailymaverick.co.za/wp-content/uploads/2022/02/Screenshot-2022-02-27-at-23.24.42.png",
"url": "https://staging.dailymaverick.co.za/author/marius-van-staden/",
"editorialName": "marius-van-staden",
"department": "",
"name_latin": ""
}
],
"keywords": [
{
"type": "Keyword",
"data": {
"keywordId": "65130",
"name": "Prasa",
"url": "https://staging.dailymaverick.co.za/keyword/prasa/",
"slug": "prasa",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Prasa",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "70124",
"name": "service delivery",
"url": "https://staging.dailymaverick.co.za/keyword/service-delivery/",
"slug": "service-delivery",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "service delivery",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "98529",
"name": "Passenger Rail Agency of South Africa",
"url": "https://staging.dailymaverick.co.za/keyword/passenger-rail-agency-of-south-africa/",
"slug": "passenger-rail-agency-of-south-africa",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Passenger Rail Agency of South Africa",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "109871",
"name": "public service",
"url": "https://staging.dailymaverick.co.za/keyword/public-service/",
"slug": "public-service",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "public service",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "222798",
"name": "Gauteng Department of Education",
"url": "https://staging.dailymaverick.co.za/keyword/gauteng-department-of-education/",
"slug": "gauteng-department-of-education",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Gauteng Department of Education",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "357650",
"name": "Labour Appeal Court",
"url": "https://staging.dailymaverick.co.za/keyword/labour-appeal-court/",
"slug": "labour-appeal-court",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Labour Appeal Court",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "367349",
"name": "Persal",
"url": "https://staging.dailymaverick.co.za/keyword/persal/",
"slug": "persal",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Persal",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "388544",
"name": "Marthinus van Staden",
"url": "https://staging.dailymaverick.co.za/keyword/marthinus-van-staden/",
"slug": "marthinus-van-staden",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "Marthinus van Staden",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "413900",
"name": "opinionistas",
"url": "https://staging.dailymaverick.co.za/keyword/opinionistas/",
"slug": "opinionistas",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "opinionistas",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "429990",
"name": "ghost workers",
"url": "https://staging.dailymaverick.co.za/keyword/ghost-workers/",
"slug": "ghost-workers",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "ghost workers",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "429991",
"name": "digital fraud",
"url": "https://staging.dailymaverick.co.za/keyword/digital-fraud/",
"slug": "digital-fraud",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "digital fraud",
"translations": null
}
},
{
"type": "Keyword",
"data": {
"keywordId": "429992",
"name": "General Public Service Sectoral Bargaining Council",
"url": "https://staging.dailymaverick.co.za/keyword/general-public-service-sectoral-bargaining-council/",
"slug": "general-public-service-sectoral-bargaining-council",
"description": "",
"articlesCount": 0,
"replacedWith": null,
"display_name": "General Public Service Sectoral Bargaining Council",
"translations": null
}
}
],
"related": [],
"summary": "In the corridors of the South African public service, a different kind of haunting unfolds. These spectres don’t rattle chains or whisper in darkened hallways — they draw salaries.\r\n",
"elements": [],
"seo": {
"search_title": "Labour Appeal Court ruling a significant step in fighting ghost employee fraud",
"search_description": "<span style=\"font-weight: 400;\">Like any good ghost story, this tale involves mysterious appearances, unexplained occurrences and the lingering question: who really controls these spirits that haunt o",
"social_title": "Labour Appeal Court ruling a significant step in fighting ghost employee fraud",
"social_description": "<span style=\"font-weight: 400;\">Like any good ghost story, this tale involves mysterious appearances, unexplained occurrences and the lingering question: who really controls these spirits that haunt o",
"social_image": ""
},
"cached": true,
"access_allowed": true
} 
