When businesses think about financial crime, the focus often falls on external threats such as cybercriminals and organised syndicates. But a recent fraud case shows how the greatest risk can sometimes come from inside the organisation.
That is the warning from Christo Snyman (pictured), managing member of CS Forensics, following the conviction and sentencing of 38-year-old Riaan Theunissen, the former regional rental manager at Just Properties’ office in Table View in Cape Town. Theunissen’s abuse of privileged system access enabled the misappropriation of more than R5.5 million from his employer over more than seven years.
Snyman says the case demonstrates how employees with extensive access to financial systems can exploit weak internal controls to manipulate transactions and conceal fraudulent activity.
Seven years of fraudulent payments
Details of the CS Forensics investigation, published by Personal Finance, show that the fraud took place between June 2016 and August 2023, beginning when Theunissen was in his late twenties.
The publication reports that a preliminary investigation by CS Forensics uncovered irregular financial activity linked to Theunissen, including irregular allocations on the rental payment system and payments made to false beneficiaries. CS Forensics subsequently assisted in reporting the matter to the Directorate for Priority Crime Investigation (the Hawks).
The investigation found that Theunissen’s level of access to the rental payment system proved to be a critical weakness.
“Theunissen bypassed internal controls in the rental payments system by archiving certain transactions and failing to follow the agency’s internal approval and payment procedures. His system access allowed him to both load and release payments, creating an opportunity to manipulate the payment process and exploit his position of trust,” says Snyman.
CS Forensics identified multiple methods allegedly used to embezzle funds and conceal fraudulent activity, amounting to 473 fraudulent payments totalling R5.5m.
The investigation found that the combination of insider access and weak segregation of duties created the opportunity for the fraud to continue undetected over several years.
Snyman says insider fraud rarely occurs without a combination of weak internal controls, excessive trust in key individuals, and limited real-time oversight in increasingly digital work environments.
“While each case differs, the pattern is familiar: insider access combined with weak controls creates fertile ground for fraud,” he says.
Investigation and prosecution
Theunissen made his first court appearance in December 2024 after the Hawks executed a warrant for his arrest.
The criminal proceedings concluded relatively quickly once the matter reached trial. On 6 March this year, Theunissen pleaded guilty to 473 counts of fraud and theft.
Theunissen was sentenced by the Cape Town Regional Court on 9 June to 10 years’ imprisonment, with two years suspended for five years, leaving an effective sentence of eight years’ direct imprisonment.
According to the Hawks, Theunissen misappropriated funds from Just Properties by disguising and facilitating irregular payments through the PayProp payment system. He circumvented controls by archiving certain transactions and failed to follow the company’s approval and payment procedures.
Lessons for businesses
For Snyman, the significance of the case extends beyond the criminal conviction.
He says many fraud investigations are analysed using the “fraud diamond” model, which identifies four enabling factors: pressure, capability, opportunity, and rationalisation.
“Economic pressure is often the most common driver, with rising debt, hardship, and lifestyle inflation creating strain.
“Addiction can also play a role. In a different case that CS Forensics handled, the perpetrator committed extensive fraud while laundering funds into online gambling platforms and sustaining a costly drug addiction. These pressures can create the motivation for fraud, but it is capability and opportunity that allow it to happen,” says Snyman.
According to Snyman, organisations should focus on reducing opportunity through stronger internal controls, including strict access management, separation of duties in payment processes, regular auditing of high-risk transactions, and ongoing employee awareness.
He says the case also highlights the importance of reporting suspected serious fraud. Under the Prevention and Combating of Corrupt Activities Act, people in positions of authority are required to report suspected corruption, including fraud and theft exceeding R100 000, to the Hawks.
“The most prominent entry point into an organisation is often the employees themselves. A hyper-vigilant, responsible, and well-trained team member is not only a valuable human asset but also a powerful identifier of risk and deterrent to crime,” he says.
