What companies need to know to be protected against company hijacking

South Africa

In 2014, a fraudster was convicted of company hijacking. This conviction for company hijacking, the first of its kind, involved a member of a syndicate that fraudulently submitted CM29 forms to the Companies and Intellectual Property Commission ("CIPC") together with minutes and resolutions for the amendment of directorships of a global beverage company, a representative of German companies in South Africa, a production company of catalyst gauzes and customised getter systems and a property development company, which are international companies with registered offices in South Africa. The accused was found guilty of pretending that the CM29 documents presented were legitimate and official for the purposes of removing the legitimate directors and recording the fraudulent appointment of new directors by providing the necessary documentation required by the CIPC together with the names, the reason for resignation, and dates of appointment.

This elaborate form of fraud, normally orchestrated by syndicates, is not a new concept, but it is not that well known. This is partly because this kind of fraud is largely unreported. Company hijacking, also known as corporate identity theft, involves the acquisition of control of a company through the falsification of company information and records as well as through making false representations. It involves fraudsters fraudulently executing forms from the CIPC to change the company’s details, including but not limited to, the registered office and the list of officers, that authorise trading on the company’s goodwill or continue acting fraudulently and illegally under the control of the fraudster. It may also involve the theft of the identity of a company and trading under its name. Another method by which this type of fraud occurs is where a company’s internet listing is stolen and/or mirrored completely. The result of this is that a search for a particular company or product would result in an individual being directed to the hijacker’s website, or alternatively the legitimate company’s details may not appear on the search results or may appear further down the search results. The consequence of this is that internet traffic to the legitimate company’s website is reduced and the legitimate company’s sales are significantly reduced.

Once hijacked, the fraudsters can:

  • change the hijacked company’s jurisdiction by merging it with a newly formed entity to conceal its true identity;
  • sell the hijacked company and then the proceeds of the sale are used to compensate the hijacker;
  • issue new shares to themselves to dilute the shareholding of present shareholders; and
  • open a bank account using the hijacked company’s name and intercept any communication with clients concerning payments for transactions so that payments are made into the fraudsters bank account; and
  • by setting up a company with a similar name and operations, poach clients from the hijacked company.

The hijacked companies are often used in pump-and-dump schemes, whereby the fraudsters spread false or misleading information to encourage investors to buy shares in a company to inflate the price and then selling their (i.e. the fraudsters) own shares while the price is high. Once the fraudsters sell their shares and the fraudsters stop hyping the shares, the share price inevitably falls and innocent investors end up losing money. This may also have the consequence of causing the innocent buyers of the hijacked companies to become embroiled in an investigation, subjecting the company to trading suspensions and fines, as well as making it costly for the legitimate shareholders and management to regain control of the hijacked entity as it may involve a lengthy litigious dispute.

On a micro level, the hijacked companies not only lose their revenue and clients but also face costly and time-consuming litigation in an attempt to deal with the hijacking. As the number of company hijackings increases, the macro impact of the company hijackings affects the country’s attractiveness to foreign investors as the country is seen as an investment risk. It should also be noted that fraudsters target international companies that have subsidiaries in South Africa but with a board of directors that are not local to the country. Hence, it is advisable, as a preventative measure, to appoint a local representative as a director.

Businesses should be more proactive by becoming educated on the warning signs and the dangers associated with corporate hijacking. They should implement meaningful controls to mitigate fraud risk and ensure that they effectively screen their clientele, employees and other business partners. Similar to the companies in the first conviction for company hijacking, large and well-known organisations are targets for hijackers, and one way for hijackers to get inside the target companies is through employees of the company. This is why it is crucial for businesses to perform meaningful background checks on prospective workers before hiring them. Since more than half of these types of fraud are discovered as a result of employee whistleblower tips, it is crucial that businesses foster an environment that encourages employees to report fraud within the company.

Setting up a digital mailbox that will receive all notifications from the CIPC in the event that changes are made to the company's information and records is another precautionary measure that companies can take to protect themselves from hijacking. This enables businesses to monitor changes, take quick action, and avoid false information from being registered, as well as monitor bank notifications of unauthorised transactions. Ultimately, businesses need to be vigilant at all times and managing fraud risk should be a key priority for all businesses as it will ultimately save them from the severe consequences resulting from becoming victim to fraudulent conduct.