As I read through the KPMG report I remembered what one of my partners once told me when I was taken by surprise in a business deal:

“Magda, it is not that I did not tell you the truth, it is just that you did not ask the right questions.”

The report does not clear Net1 of anything substantial. If anything, it reinforces everything that has been written about the company in terms of its business model, strategy and business practices. 

There is a whole section (the subject of a future article) dealing with the comparison of the cost of funeral insurance and microloans sold by Net1’s subsidiaries, Smart Life and Moneyline, to those offered by other providers. All that it really proves is that there are many more sharks in those waters than just Net1.

There are some irrelevant findings which I have excluded as they were never really the subject of any criticism or exposé.

But, as always with Net1, there were some gems. We also learn more about the business itself. Let’s look at some of the main findings.

1. Marketing to grant recipients

Included in the terms and conditions related to the Sassa bank accounts operated by Grindrod Bank was clause 6.2.2. which allowed Grindrod Bank to send marketing material to the grant recipients, “if they elected to receive same during enrolment”.

KMPG was asked, in a very narrow manner, whether Sassa-branded Grindrod Bank card account holders are provided with an option to “opt in” to receiving marketing material from Net1 companies when enrolling/opening their accounts.

The KPMG report concludes that, as there is no evidence that, at registration, anyone is asked whether they wish to “opt in” to receive marketing material, that, by definition, means that they have not given permission.

Whether that conclusion is correct is better left to lawyers. However, narrowing the question and hence limiting the answer to a factual finding is a clear obfuscation. A proper report should have gone on to test whether any grant recipient actually received any marketing material from Grindrod Bank, or any Net1 subsidiary company, or was directly marketed to by any entity related to Net1. If they have, then either the Ts&Cs allowed for this and KPMG’s conclusion is incorrect, or they did not and the Ts&Cs were breached.

The fact that Grindrod Bank revised their Ts&Cs on 15 March 2017 to read, “You consent to us using your personal information, as defined in the Protection of Personal Information Act 3 of 2014 including biometric data, to render banking services to you”, means that they want to distance themselves from the now infamous clause 6.2.2. We need to ask whether this change applies to existing account holders or just future account holders. Surely, a change of this magnitude to the rights of existing account holders cannot simply be applied unilaterally, where, to all intents and purposes, the existing card holders have no realistic option of terminating their accounts.

The fact that, by Net1’s own admission, their only clients are grant recipients seems to imply that someone is marketing something to somebody, opt in or out notwithstanding.

This is a wonderful example of how one can twist audit reports to say nothing at all.

1.2. Access to data

KPMG was asked to test whether Net1 subsidiaries’ employees could access Sassa grant beneficiaries’ personal information and perform bulk-downloads of such information. This test was performed to prove that Net1 did not exploit the database under its control. KPMG goes into a lot of technical details about the design and access to Net1’s databases to prove that the above is not happening. This is a pointless exercise which in no way proves that grant recipients’ data could not have been exploited in any number of ways.

For instance, Grindrod Bank holds a parallel database of every grant recipient’s information and could market to them at will. Each individual’s biometric data is embedded in the Sassa-branded and Easypay Everywhere credit cards issued by Grindrod Bank and is used as a verification mechanism at the point-of-sale of financial products. Net1 sets up its micro-lending marketing operations near CPS pay-points it controls. Every client of Net1 is a grant recipient. There is a host of other questions KPMG should have posed to determine how and to what extent data is being “exploited”. Narrowing the definition of “access to data” to database access is disingenuous.

Once again, by Net1’s own admission they do not have any financial services clients outside of grant recipients. If it looks like a duck, and it quacks like a duck….?

1.3 Funeral policy decisions

According to regulation promulgated in 2016, deductions may be made from social grants, up to a 10% limit of the grant, for funeral insurance. This excludes grants made in respect of child support. KMPG was asked to determine if CPS was permitted to make deductions for funeral insurance from Sassa grants prior to the payment of the grant. In the words of Homer Simpson, “D’oh!”. KMPG found that they are and do up to the 10% limit.

1.4 EasyPay Everywhere accounts and Moneyline loans

KPMG was asked to determine whether an EasyPay Everywhere (EPE) bank account was a pre-requisite for taking out a MoneyLine microloan.

There are now an astonishing 1,881,041 EPE bank accounts in existence and 1,580,542 microloans have currently been issued, all to grant recipients. Should we not chat about that exploitation of the CPS database again, KPMG?

KPMG found that 446,100 of the 1,580,542 (28%) microloan recipients were not EPE account holders. That may well be true. However, that leads to a host of other questions that have not been posed. Other dip-stick tests that should have been performed on the 446,100 cases were:

• Are the grant recipients directly responsible for the repayment of the actual microloan or is someone else, with another account or source of income, held responsible? What are the terms of repayment of these loans? Does anyone else stand as a guarantor of the loan? Is a spouse of a grant recipient required to open an EPE bank account?

This is a superficial finding which requires a lot more interrogation before it can be reported as proving the point.

1.5 Sassa-branded Grindrod Bank account fees

Another of my Homer Simpson moments. There are no monthly account fees associated with the Sassa-branded bank accounts. What we do learn, however, is that there is a plethora of transaction fees that are charged to grant recipients. KPMG details those in a table:

So, in summary, there are a lot of different transaction fees associated with the Grindrod Bank accounts. Thank you, KPMG.

1.8 Moneyline loan payment process

Could I call on a senior KPMG partner to once again review the issue of not exploiting grant recipients’ data at the point of sale? According to KPMG’s report the process of applying for a microloan looks as follows:

MoneyLine operator confirms the applicant’s identity by inspecting his ID and through biometric identification using the applicant’s Sassa-branded Grindrod Bank account card or EPE bank account card.

Applicant is asked to press Yes or No to authorizing account access. The moment he presses Yes the following message is displayed on the Point of Sale device owned by Moneyline: “I hereby authorise Moneyline to access my bank account transaction history for the purposes of approving my loan request”. As soon as he provides a fingerprint, his entire account history is printed. A few questions are asked about living expenses, before the device connects to the Moneyline system to perform an affordability assessment and a credit check. If the applicant qualifies for a loan, the loan application form is completed manually.

The right question to ask is whether any other microlender can use the Sassa credit card to access the same account history using a fingerprint. If not, that is exploitation!

It is also worth reminding everyone that in 2014 the South African National Credit Regulator applied to cancel the registration of Net1’s microlending subsidiary, Moneyline, on the basis that it contravened the National Credit Act by including child support and foster child grants in the affordability assessments prior to granting microloans. The case is pending. In the meantime, KPMG should have been asked to test whether this practice is still going on.

1.11 Prepaid electricity and prepaid airtime

To quote directly from the KPMG report:

“In order to initiate the purchase of airtime the user needs to use the phone number provided when opening the bank account. The user further needs to provide their bank PIN to access the main menu. Attempts to use different numbers (not registered) to gain access were not successful.”

Something rings a bell about the exploitation of grant recipients’ data again.

1.16 Smart Life premium collections

According to the KPMG report, Net1’s Smart Life has three product offerings:

• Mdende (Funeral product, for Sassa grant recipients only);
• Group Life Scheme (specifically for Net1 employees); and
• EPE (Free funeral benefit for EasyPay Everywhere card holders).

As at 5 April 2017, Net1 employed 375 funeral insurance salesmen.

The obvious question is if you do not exploit grant recipients’ data, how do you design products exclusive to that target market?

1.13 Donations to political parties

KPMG ran a check to determine if Net1 made any donations to political parties. A long list of names is provided. Net1 made no such donations. However, why was the list not extended to include some prominent individuals’ names which feature in all the reporting on Net1’s tender procurement procedures?

I would have found it a lot more heartwarming if Net1 apologised for its business practices, and indicated how it was going to amend them to ensure that no further exploitation took place and then cleaned up its act. But that would mean changing its entire business model, which is, after all, to sell financial services to the poorest and most vulnerable members of society.

And a word of warning to all audit firms. Question the motivations of your clients prior to accepting the appointments. No amount of money is worth being someone’s “beard”. DM