South Africa's R4 Billion Payroll Fraud Crisis Exposes a Governance Problem, Not Just a Technology One

South Africa's payroll fraud crisis is being discussed publicly as a technology deficit. The National Treasury's latest Budget Review document prioritises the migration of state entities to digital payroll systems, a move prompted by what multiple outlets have reported as more than R4 billion in annual losses through ghost employees, diverted payments, and manipulated records. The Chartered Institute of Payroll Professionals places the private sector's exposure at approximately R100 million per year. Taken together, these figures describe a problem of enormous scale. They do not, by themselves, explain why it persists.

‍

The deeper issue is structural. South Africa's payroll fraud problem survives not because organisations lack software, but because they have normalised a system of concentrated access and minimal oversight. In the most common configurations, a single administrator controls a payroll system, processes runs without independent sign-off, and operates with full access to banking details and employee records. This arrangement exists at companies of all sizes, including large enterprises that have the resources to build proper controls. The risk is not ignorance. It is convenience, and the assumption that trust substitutes for process.

‍

Yolande Schoültz, founder of YSchoültz Attorneys and one of South Africa's most cited payroll fraud experts, is unambiguous about where responsibility lies. She notes that perpetrators tend to exploit the same structural gaps: ghost employees whose accounts remain active after they leave, banking details that are changed just before a payroll run, and login patterns designed to keep system access out of view. These are not sophisticated cyberattacks. They are the predictable outcome of systems with no chain of custody. Schoültz points to excessive overtime by payroll administrators as a reliable warning sign, not because working late is suspicious in itself, but because fraudsters who need to maintain control of a system must be present when others are not.

‍

The government's digital push creates a different set of risks. Organisations that migrate to cloud payroll platforms without simultaneously reforming their oversight policies will not reduce fraud exposure. They will simply move their vulnerability to a different medium. Sandra Crous, managing director of Deel Local Payroll, makes this point directly. A payroll platform provides audit trails, multi-user access, integration with other systems of record, and employee self-service features that let staff verify their own payslips. But none of these functions operate without deliberate activation. An organisation that migrates to a modern platform and assigns system access to a single administrator has not solved its problem. It has given that administrator a more detailed tool.

‍

The real opportunity in digital migration is less about fraud detection and more about removing the structural conditions that make fraud possible. When payroll data feeds automatically into accounting systems, manual data entry points disappear. When employees can access their own payslips directly, payment irregularities become harder to hide. When multiple authorised users, including finance directors, HR heads, and auditors, have visibility into the same dashboards, the information monopoly that enables fraud collapses. This is not a technology story. It is an organisational design story in which technology plays a supporting role.

‍

What is not being said publicly is that the National Treasury's mandate, while directionally correct, addresses only the state's most visible failure point. The private sector's R100 million annual exposure has attracted far less policy attention, and many of the businesses affected are small and medium enterprises without the capacity or expertise to implement proper oversight structures. The forensic audit industry in South Africa has documented cases where payroll fraud ran undetected for five years or more, not because the fraud was technically sophisticated, but because nobody with independent standing was looking. Digital systems make long-running fraud easier to discover after the fact. They do not prevent it in the first place without the governance layer that most organisations still lack.

‍

The pressure now is on human resources and finance leadership to treat the transition to digital payroll not as a compliance exercise but as a governance redesign. That means separation of duties, approval policies, scheduled spot checks, and multi-person sign-off on any change to banking or employee details. Until those structures exist, the country's payroll losses, in both the public and private sectors, will continue regardless of what software runs underneath them.