The Compensation Fund is under fire after auditors uncovered a cascade of missing documents, unauthorised bank‑account changes and serious cyber‑security gaps that may have cost the institution R71 million in just two financial years. The shocking figures, revealed in a disclaimer audit opinion issued by the Auditor‑General, suggest the fund’s internal controls are failing at a time when workers across South Africa rely on it for medical costs, lost wages and compensation after workplace injuries.
Senior insiders say the R71 million loss is only the tip of the iceberg; fraudulent activity continues undetected, meaning the true financial damage could be far higher. The fund, which sits under the Department of Labour, traditionally shields employers from direct liability while safeguarding employees, yet a series of governance failures now threatens that safety net.
Compensation Fund fraud: escalating losses and weak controls
A deep‑dive into the fund’s accounts shows a dramatic rise in fraudulent payouts. Payments to medical service providers, vendors and beneficiaries were made without supporting paperwork, and in several instances the intended bank details were altered to divert money into fraudulent accounts. The Auditor‑General’s report highlights that management could not produce evidence for millions of rand in transactions, leaving the legitimacy of those payments in doubt.
The report also paints a bleak picture of the fund’s digital infrastructure. Weak user‑access controls in the SAP and CompEasy systems expose the entity to cyber‑attacks, while internal network testing uncovered 220 vulnerabilities—including 52 critical and 73 high‑risk flaws. Even more striking, more than R60 million has already been spent on a biometric identity‑management system that remains non‑functional, and a postponed R148 million project meant to tighten access controls has yet to deliver any results.
Losses by financial year
| Financial Year | Identified Fraudulent Losses | Key Issues Highlighted |
|---|---|---|
| 2022‑23 | R10 million | Early signs of undocumented payments |
| 2023‑24 | R30.1 million | Increased bank‑account fraud, missing evidence |
| 2024‑25 | R41.4 million | Escalating cyber‑vulnerabilities, unauthorised payouts |
The upward trajectory is unmistakable: each year the fund records a larger shortfall, driven by both financial mismanagement and systemic security gaps. The table underscores how quickly the problem has intensified, raising alarms for workers who depend on timely compensation.
Auditor‑General Tsakani Maluleke warned that the deteriorating control environment directly harms injured workers, whose benefits may be miscalculated or delayed. She added that persistent breaches of the Public Finance Management Act (PFMA) exacerbate the fund’s instability, undermining confidence in a critical pillar of South Africa’s labour safety net.
Alarming cyber‑security flaws expose the fund to further risk
The internal network assessment identified 220 vulnerabilities, a figure that far exceeds the acceptable risk threshold for a public institution handling sensitive personal and financial data. Among those, 52 were classified as critical, meaning an attacker could potentially gain unrestricted access to the fund’s databases and manipulate payment records.
The failed biometric project, originally budgeted at R148 million, was intended to lock down user authentication and curb fraudulent transactions. Instead, the money has been spent on licences for a system that remains offline, while the fund continues to rely on outdated, unencrypted platforms. This paradox—high spending on a non‑functional solution—highlights a broader pattern of misallocation and poor project governance.
Governance failures fuel accusations of deliberate looting
An unnamed official described the fund’s architecture as “intentionally designed to enable looting,” pointing to an unencrypted system and a lack of proper oversight. Claims have surfaced that payments totalling R279 million were made to medical service providers without any supporting documentation, suggesting a coordinated effort to siphon funds.
The official further alleged that senior fund managers may be seeking to collapse the fund deliberately, a charge that, if proven, could trigger criminal investigations and parliamentary scrutiny. Meanwhile, the Department of Labour has yet to respond, and fund spokesperson Hloni Mpaka has not commented on the allegations.
Revenue collection and debt recovery lag behind
Beyond fraudulent payouts, the audit flagged serious weaknesses in revenue collection. The fund has struggled to chase long‑outstanding debtors, enforce employer assessments, and verify Section 85 reductions—tax relief measures granted to employers that should be underpinned by thorough checks. These lapses not only erode the fund’s cash flow but also create additional openings for misuse.
The Auditor‑General’s report concludes that without swift corrective action, the Compensation Fund’s ability to fulfil its core mandate—providing timely, fair compensation to injured workers—will be severely compromised. The combination of unchecked fraud, cyber‑security deficiencies and governance decay paints a stark picture of an institution teetering on the brink of collapse.
As the story unfolds, stakeholders from trade unions to employer federations are calling for an urgent overhaul. If the fund cannot restore robust controls, transparent reporting and functional technology, South Africa’s workforce may face a future where the promise of protection after a workplace injury remains unfulfilled.