The Regulation and Use of Artificial Intelligence and 5G Technology to Combat Cybercrime and Financial Crime in South African Banks

Artificial intelligence (AI) and fifth generation network technology (5G) are now being utilised by some companies and financial institutions such as banks to enhance their competitiveness and expand their businesses. The general types of AI include functional AI, interactive AI, text AI, visual AI and analytic AI. The key components of AI include machine learning, fast Internet connectivity, deep learning, neural networks and advanced data analysis. These components may be complemented by the adoption and use of standard 5G cellular networks. 5G utilises broadband Internet access and Internet connection, and is now employed by some banking institutions, especially in developed countries. It is not clear whether South African banking institutions have adopted 5G for their Internet connectivity and operations. AI and 5G may be used to detect and combat cybercrimes in banking institutions. On the other hand, AI and 5G may also be abused by cybercriminals to commit financial crimes such as money laundering and insider trading. In this regard it is submitted that South African policy makers should carefully revise the Cybercrimes Bill B6-2017 (Cybercrimes Bill) to embrace the use of AI and 5G to detect and combat cybercrimes in South African banks. Accordingly, this article examines the adequacy of the Cybercrimes Bill. It also explores the regulation and use of 5G and AI to detect, prevent and combat cybercrimes in banks and other financial institutions in South Africa.

The article also discusses the statutory and common law regulation of cybercrime in South Africa.Prior to the enactment of the Electronic Communications and Transactions Act (ECTA), 10 cybercrimes such as indecency (child pornography) and cyber fraud 11 were only prohibited under common law in South Africa.In addition, malicious communications, hacking, the unlawful interception of data, cyber forgery, cyber smearing and cyber uttering were not statutorily prohibited under the ECTA prior to 2002. 12It is noteworthy that the United States of America's Federal Bureau of Investigation (FBI) regards South Africa as the sixth most active cybercrime country in the world. 13While the increased reliance on the Internet offers many benefits to both human beings and banking institutions, it also provides new opportunities for unscrupulous persons to exploit both the common law and statutory regulatory gaps and commit cybercrimes.For instance, a criminal syndicate reportedly created and employed a malware known as "Dexter" to attack a number of South African retailers, and stole 6 Smith et al 2006 https://courses.cs.washington.edu/courses/csep590/06au/projects/history-ai.pdf1-27.millions of rands. 14This malware intercepted the payment details of ignorant customers from the point-of-sale terminals of retailers, created fraudulent duplicate bank cards, and stole money from the retailers and from their customers. 15The Wolfpack Information Risk (Pty) Limited held in 2014 that about R2.65 billion is annually lost to cybercrime in South Africa. 16Perhaps this could be related to the lack of statutory AI measures to curb cybercrimes in South African banking and related financial institutions, 17 or it could be that the policy makers adopted a flawed and fragmented approach by enacting different pieces of legislation to curb cybercrimes in South Africa.Such legislation includes the ECTA, 18 the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA), 19 and the Protection of Personal Information Act (POPIA). 20urthermore, the National Cybersecurity Policy Framework was introduced in 2015 in a bid to curb cybercrimes in South African banks and other financial institutions, inter alia.Given this background, it is important to explore the adequacy of the statutory and other regulatory measures that are employed in South Africa to detect, prevent and combat cybercrimes in the South African banking and related financial institutions.This follows the fact that the Fourth Industrial Revolution (4IR) and the introduction of new technology such as AI and 5G have made it easier to commit new financial crimes and cybercrimes such as the online theft of financial data, the online theft of card payment data, cyber theft, the sale of corporate data, and cyber extortion in the financial institutions and financial markets in South Africa and other countries globally. 21The authors of this article argue that AI and 5G measures could be an effective tool for the detection and prevention of cybercrimes and financial crimes in the South African banks and related 14 Tamarkin 2014 https://issafrica.org/iss-today/south-africa-must-pay-more-attentionto-cybercrime;see further Dawson and Omar New Threats and Countermeasures  10-298.15   Tamarkin 2014 https://issafrica.org/iss-today/south-africa-must-pay-more-attentionto-cybercrime;see further Dawson and Omar New Threats and Countermeasures  10-298.16   Tamarkin 2014 https://issafrica.org/iss-today/south-africa-must-pay-more-attentionto-cybercrime.17 Tamarkin 2014 https://issafrica.org/iss-today/south-africa-must-pay-more-attentionto-cybercrime;see further Dawson and Omar New Threats and Countermeasures 10-298.Electronic copy available at: https://ssrn.com/abstract=3898436H CHITIMIRA & P NCUBE PER / PELJ 2021 (24) financial institutions.Therefore, the Cybercrimes Bill and the ECTA should be amended to introduce provisions that specifically oblige banks and related financial institutions to adopt 5G and AI measures to curb cybercrimes and financial crimes in South Africa. 22AI measures such as machine learning, big data analytics, neural networks and pattern recognition could play an important role in the detection and prevention of such crime.
South African policy makers should seriously consider enacting a comprehensive and specific anti-cybercrime statute to effectively protect financial consumers, banks and other financial institutions from cybercrime and financial crime.The current use of sensors and elementary detectors in banks and related financial institutions is not robust enough to monitor and prevent cybercrimes in South African banks and related financial institutions.The statutory introduction of 5G and AI measures such as machine learning and big data analytics could enhance the detection, investigation and prevention and of such crimes. 23Furthermore, the role and functions of the Independent Communications Authority of South Africa (ICASA), the South African Police Services (SAPS), the 24/7 Point of Contact and other relevant enforcement authorities are discussed.This is done to recommend measures that could possibly be employed by the relevant enforcement bodies to enhance the combating of such crimes.

Brief historical background
The Convention on Cybercrime of the Council of Europe 24 was adopted on 23 November 2001 and it entered into force on 01 July 2004.The Budapest Convention is currently the only binding international instrument on the regulation and combating of cybercrime.It provides some guidelines on the basis of which member states may develop their own national legislation on cybercrime.It provides a general anti-cybercrime framework for international cooperation between member states.The Budapest Convention is the first international treaty that was adopted to deal with Internet and computer-related crime by drafting and recommending the enactment of adequate national laws, by improving investigative techniques and increasing co-operation among member states.This was done to develop and encourage all member states to adopt a common criminal policy against cybercrimea policy that could be applicable globally.Fortysix member states have ratified the Budapest Convention, while eight other member states, including South Africa, signed it on 23 November 2001.
Although South Africa adopted the Budapest Convention it has not yet ratified the treaty. 25This means that South Africa is not bound by or obliged to comply with its provisions.
The Budapest Convention outlaws a number of practices such as illegal access, illegal interception, data interference, system interference, the misuse of devices, computer-related forgery, computer-related fraud, copyright and related rights offences, child pornography and any attempt to aid or abet another person to commit cybercrimes. 26Cybercrime is outlawed under common law in South Africa.Moreover, in a bid to comply with the Budapest Convention, the ECTA was enacted in South Africa and came into force in 2002. 27Online offences such as child pornography, cyber fraud and crimen injuria (cyber-smearing) are prohibited under both common law and statutory law in South Africa. 28Nevertheless, the South African common law prohibition on cybercrimes such as extortion, spamming and phishing is still inadequate and flawed.Therefore, although South Africa has taken commendable steps to regulate and combat various forms of cybercrimes, its common law regulatory efforts have not been effective and robust enough to combat cybercrime in banks and other related financial institutions.This culminated in the enactment of the ECTA, as indicated above, but the provisions of the ECTA are also flawed.For instance, only unauthorised access to or the interception of or interference with data and computer-related extortion, fraud and forgery activities are prohibited under the ECTA. 29Moreover, the criminal sanctions that are provided under section 89 of the ECTA are too minimal and not sufficiently deterrent. 30No specific amount of fine is provided and the imprisonment terms for most cybercrimes under the ECTA do not exceed five years. 31urthermore, although the RICA deals with unlawful communication and interception-related offences, it does not expressly prohibit cybercrime and financial crime in South African banks and related financial institutions. 32he RICA is also mainly focussed on criminal sanctions, while other measures such as civil sanctions and administrative sanctions are not provided. 33The maximum criminal penalties of a fine between R2 million and R5 million or imprisonment for a period between two years and ten years are not sufficiently deterrent. 34nsequent on the flaws noted above, cybercrime is reportedly rife and increasing rapidly in South Africa. 35 Any person that commits any of the offences stated above will be liable to unspecified monetary fines and/or imprisonment terms ranging between five and ten years under the Cybercrimes Bill. 48In this regard, aggravated offences will give rise to unspecified monetary offences and/or imprisonment terms for up to 15 years under the Cybercrimes Bill. 49The provision of unspecified monetary fines for cybercrimes could suggest that the courts have discretion to impose monetary fines which they deem appropriate in terms of section 276 of the Criminal Procedure Act 51 of 1977.This approach is too broad and less dissuasive for the purposes of deterrence.Additionally, civil sanctions and administrative sanctions are not provided under the Cybercrimes Bill. 50Over and above, the prohibition of cybercrime in the Cybercrimes Bill does not specifically apply to juristic persons such as companies, banks and other related financial institutions.

Definitional aspects
Cybercrime refers to any unlawful activity or practice that is facilitated or committed through a computer, network, or hardware device, where a computer or device may be an agent of the crime, a facilitator of the crime and/or the target of the crime. 51The terms "cybercrime" and "financial crime" are not expressly defined in the POPIA, the RICA, the ECTA and the Cybercrimes Bill.Notably, for the purposes of this article, financial crimes include fraud (point of sale fraud, bank fraud, insurance fraud, cheque fraud, credit card fraud, mortgage fraud, medical fraud, corporate fraud), insider trading, market manipulation, corporate scams, tax evasion, bribery, embezzlement, money laundering, forgery and counterfeiting.
AI refers inter alia to the computer simulation of human intelligence processes so as to learn certain information, reasoning and related rules, and/or apply such rules to reach approximate or definite conclusions, and to self-correction in relation to certain aspects and/or different situations in life. 52AI further refers to the creation of intelligent devices or machines that function like human beings in respect of all and/or most aspects of life. 53alytic AI is an advanced deep learning technique that relies on machine learning.Analytic AI is employed to scan data to check dependencies and patterns which are used to produce recommendations or to provide business insights and/or assist in data-driven decision-making. 54Examples of analytic AI include sentiment analysis and supplier risk assessment.
Functional AI is also employed by the enforcement authorities and/or regulatory bodies to scan data and search for patterns and relevant dependencies in order for such authorities and/or bodies to take appropriate actions. 55For instance, functional AI may identify a machine-breakdown pattern in the sensor data received from a certain machine and trigger a command to turn that machine off.Examples of functional AI include robotics, machine learning and supplier risk assessment.
Interactive AI is a sub-type of AI that enables companies and financial institutions to send automated and interactive communications to their consumers.Examples of interactive AI include chatbots and smart personal assistants that may answer pre-built questions and understand the context of some conversations. 56xt AI is computer-related technology that includes text recognition, speech-to-text conversion, machine translation and content generation capabilities. 57For instance, text AI may be utilised in corporate research and to deliver company-related information to both internal and external consumers.
Visual AI includes computer vision and related computer systems that can identify, recognise, classify and sort objects, and convert images and videos into insights. 58Visual AI helps companies to grade certain functions and project the profitability of their businesses on the basis of the relevant past and/or current trends in respect thereof.
In terms of the Cybercrimes Bill, the term "access" refers to the use of data, a computer programme, a computer data storage medium or a computer system or their accessories or components or any part thereof or any ancillary device or component to the extent necessary to search for and seize an article. 59No similar definition is found in the POPIA, the RICA and the ECTA.
The Cybercrimes Bill provides that the term "computer data storage medium" refers to any device or location from which data or a computer programme is capable of being reproduced or on which data or a computer programme is capable of being stored by a computer system, irrespective of whether the device is physically attached to or connected with the computer system. 60 system, cause the computer system to perform a function. 61The term "computer system" refers to one computer or two or more inter-connected or related computers, which allow these inter-connected or related computers to exchange data or any other function with one another, or to exchange data or any other function with another computer or a computer system. 62No similar definitions are found in the POPIA, the RICA and the ECTA.The term "data" means the electronic representations of information in any form, while the term "data message" refers to data generated, sent, received or stored by electronic means, where any output of the data is in an intelligible form under the Cybercrimes Bill. 63Furthermore, the term "public available data" refers to data which is accessible in the public domain without restriction under the Cybercrimes Bill. 64 terms of the ECTA, "automated transaction" means an electronic transaction conducted or performed, in whole or in part, by means of data messages in which the conduct or data messages of one or both parties is not reviewed by a natural person in the ordinary course of such a natural person's business or employment. 65The term "consumer" means any natural person who enters or intends entering into an electronic transaction with a supplier as the end user of the goods or services offered by that supplier, under the ECTA. 66No similar definitions are found in the POPIA, the RICA and the Cybercrimes Bill.
The ECTA provides that "data" means electronic representations of information in any form while "data controller" refers to any person who electronically requests, collects, collates, processes or stores personal information from or in respect of a data subject. 67The ECTA defines "data message" as data generated, sent, received or stored by electronic means and includes a voice that is used in an automated transaction and/or stored records. 68The term "data subject" means any natural person from or in respect of whom personal information has been requested, collected, collated, processed or stored, after the commencement of the ECTA.The ECTA defines the term "electronic communication" as a communication by means of data messages while the term "transaction" means a transaction of either a commercial or non-commercial nature, and includes the provision of information and e-government services. 70The term "universal access" entails access by all South African citizens to Internet connectivity and electronic transactions under the ECTA. 71bersecurity refers to measures that are employed by the banks and other enforcement authorities to safeguard and prevent incidents of cybercrimes in South Africa. 72Cybersecurity also refers to technologies, processes and practices that are designed to protect networks, devices, programmes and data from attack, damage, or unauthorised access from any persons. 73onsequently, cybersecurity measures are generally employed by companies and financial institutions to defend computers, servers, mobile devices, electronic systems, networks and data from malicious activities and related digital, technological and/or electronic attacks. 74However, cybersecurity is not defined in the POPIA, the Cybercrimes Bill, the RICA or the ECTA.
Cybersecurity is a growing concern for banks and other companies in South Africa because it harms the integrity of and public confidence in the financial markets. 75Cybercrime includes computer crime which violates the relevant criminal laws in relation to the knowledge of and/or the illicit use of computer technology by the offenders. 76Computer crime includes criminal acts that are perpetrated through computers, electronic communication networks, information systems and/or through the publication of illegal content over electronic media. 77Cybercrimes usually take place on computer-related platforms and they rely primarily on computer-related technologies for their successful execution. 78Examples of computer-related cybercrimes include cyberwarfare, cyber espionage, industrial espionage and cyber fraud. 79

The common law position on cybercrimes
It is submitted that cybercrime became more prevalent in South African banks and related financial institutions in the early 1990's when the Internet started to be widely used in South Africa and other countries. 80During this period the common law was most often used to prohibit, prosecute and combat cybercrime in South Africa.Accordingly, cybercrimes such as online defamation, online child pornography, the dissemination of child porn online, cyber-smearing, cyber fraud, the online publication of any court proceedings without the courts' permission, and forgery were prohibited under common law in South Africa. 81However, any unlawful interception of data which included the acquisition, viewing, capturing or copying of data of a nonpublic nature through the use of hardware or software tools, cyber fraud, cyber forgery or cyber uttering was not prohibited under the South African common law. 82Notably, South African banks were more vulnerable to phishing, data loss, identity theft and online scams in the early 1990s. 83This suggests that the common law was not effectively able to curb cybercrimes in South Africa in the early 1990s. 84Its enforcement was impeded by physical court jurisdictional challenges since most cybercrime offences are perpetrated online.

The statutory regulation of cybercrimes in South Africa
After many years of legal uncertainty regarding the regulation of cybercrime, the ECTA has been enacted inter alia to curb cybercrime in South Africa.
The ECTA is the first statute to directly outlaw cybercrime in South Africa. 86lthough it does not expressly define the term "cybercrime", it defines "access" to include the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data. 87Any unauthorised access to or interception of or interference with data is outlawed under the ECTA. 88hus, any person who knowingly and intentionally accesses or intercepts any data without authority or permission from the relevant authorities or owners of such data is liable for an offence. 89Likewise, any person who knowingly and intentionally interferes with data or causes such data to be modified, destroyed or rendered ineffective is liable for an offence. 90The ECTA also prohibits all persons from unlawfully producing, selling, offering to sell, procuring for use, designing, adapting for use, distributing and/or possessing any device or computer programme in order to overcome data protection security measures or gain unlawful access to any data. 91These provisions are probably aimed at combating cyber-related offences involving unlawful interference with data by any persons.Moreover, all computer-related extortion, fraud and forgery practices are prohibited under the ECTA. 92For instance, any person who performs or threatens to perform cybercrimes or interfere with any data in order to obtain any unlawful proprietary advantage over other persons will be liable for an offence under the ECTA. 93Any person who attempts to commit any cybercrime activities is liable for an offence under the ECTA. 94Furthermore, any person who aids or abets, or attempts to aid and/or abet someone to commit any cybercrime activities is liable for an offence under the ECTA. 95Nonetheless, as earlier stated, the unspecified amount of fine and the imprisonment terms for cybercrimes under the ECTA are not robust and deterrent enough. 96oreover, the ECTA does not expressly provide for the use of AI and 5G to detect and curb cybercrime in South African banks and related financial institutions, and it does not expressly prohibit cybercrimes such as cyber warfare and cyber fraud in the South African banking institutions. 97However, it is generally expected that the ECTA will curb hacking and the selling, designing and/or production of anti-security and circumventer technology in South African banks and other financial institutions. 98e RICA prohibits any unlawful interception of communication by any authorised persons in South Africa. 99It also prohibits any person from the unlawful provision of real-time information and/or any archived communication-related information to other persons. 100Therefore, the RICA regulates the application and authorisation of directions regarding the interception of communications and communication-related information.However, the RICA does not prevent an employer from monitoring the workrelated data of employees in the workplace as long as such monitoring does not violate the relevant provisions of this Act.The RICA enables the relevant regulatory bodies and enforcement authorities to identify illicit mobile phone users and track cybercriminals who use mobile phone numbers for illegal activities. 101Nonetheless, as indicated before, the RICA does not expressly prohibit cybercrime and financial crime in South African banks and related financial institutions. 102Moreover, the RICA does not expressly provide for the use of AI and 5G to detect and curb cybercrime in South African banks and related financial institutions.
The POPIA seeks to protect all persons and/or data subjects from data breaches on their personal and private information. 103The POPIA establishes the Information Regulator which is inter alia responsible for monitoring and enforcing compliance with the provisions of the POPIA by all persons including public and private bodies to curb personal information violations for all data subjects in South Africa. 104 protection of the personal information of data subjects and it may summon individuals to appear before it to receive evidence, conduct private interviews and enter and search any premises with a search warrant to seize articles linked to the commission of an offence in terms of the POPIA. 105The POPIA imposes a statutory obligation on all relevant persons to protect and promote the integrity and confidentiality of personal information by taking appropriate, reasonable technical and organisational measures to prevent unlawful access to such information. 106Despite these positive measures, cybercrime is still rife in South Africa.For instance, it is reported that the Amalgamated Banks of South Africa (ABSA) lost about R500 000 after its accounts were hacked in 2003.Hackers also attacked the First National Bank (FNB), the Standard Bank and the Amalgamated Banks of South Africa (ABSA -again) in 2006 and transferred cash from bank accounts into prepaid accounts that were held by mobile operators. 107n 2020 Experian (a credit bureau) reported that the personal information details of about 24 million people and about 800 000 businesses had been compromised after they were hacked by a fraudster in South Africa. 108This could have been aggravated by the fact the relevant statutes such as the POPIA do not expressly provide for the use of AI and 5G to detect and curb cybercrime in South African banks and related financial institutions. 109In this regard, it is submitted that the statutory introduction and use of AI and 5G could enable enforcement authorities to timeously detect, prevent and combat cybercrimes in the South African banks and related financial institutions.
Given the statutory gaps and flaws enumerated above, the Cybercrimes Bill was introduced in South Africa.Unlawful interference with a computer data storage medium or computer system as well as any illegal acquisition, possession, provision, receipt or use of passwords, access codes or similar data or devices by any person is prohibited in the Cybercrimes Bill. 112Cyber fraud, cyber forgery, cyber uttering and cyber extortion activities are prohibited in the Cybercrimes Bill. 113Cyber-related aggravated offences are further prohibited in the Cybercrimes Bill. 114Any person who attempts, conspires, aids, abets, induces, incites, instigates, instructs, commands or procures another person to commit cyber-related offences will be liable for an offence under the Cybercrimes Bill. 115The common law offence of theft includes the theft of incorporeal things through cybercrimes under the Cybercrimes Bill. 116ny person that distributes a data message with intimate images without consent from the affected person or posts or sends a harmful and unlawful data message which incites damage to property and/or violence will also incur criminal liability under the Cybercrimes Bill. 117As indicated in paragraph 2.1 above, any person that commits any of the aforementioned cybercrimes will only incur criminal penalties under the Cybercrimes Bill. 118he Cyber Response Committee (CRC) and the 24/7 Point of Contact are also established under the Cybercrimes Bill in a bid to enhance the combating of cybercrimes in South Africa. 119e Cybercrimes Bill obliges financial institutions such as banks and electronic communications service providers to report cybercrimes and preserve any evidence which could be utilised by the law enforcement agencies when investigating and/or prosecuting cybercrimes in South Africa. 120Banking institutions should exercise their statutory obligation to keep, monitor, disclose and produce customer information in the event of the commission of cybercrimes by illicit perpetrators carefully to avoid violating their customers' right to privacy and the right to dignity as enshrined in the Constitution of the Republic of South Africa, 1996 (Constitution).Consequently, any financial institutions and electronic communications service providers that fail to report cybercrimes and/or preserve any relevant evidence in respect thereof will be liable for criminal penalties under the Cybercrimes Bill. 122Nevertheless, the Cybercrimes Bill does not expressly provide for the use of AI and 5G to detect and curb cybercrime in the South African banks and related financial institutions. 123 4 Available anti-cybercrime enforcement role-players in South Africa

The role of the Independent Communications Authority of South Africa (ICASA)
The ICASA is an independent body that regulates the communications, broadcasting and postal services sectors of South Africa.The ICASA was established in 2000 by the Independent Communications Authority of South Africa Act (ICASA Act) 124 to, inter alia, oversee the regulation of the telecommunications and broadcasting sectors of South Africa in the public interest.The ICASA took over from the Independent Broadcasting Authority (IBA) and the South African Telecommunications Regulatory Authority (SATRA).The merging of the former bodies into ICASA was generally informed by the need to adapt to and/or comply with the rapid technological developments that are constantly occurring in South Africa and other countries globally.The ICASA is statutorily empowered under schedule 1 of the Public Finance Management Act 1 of 1999, the ECTA, the Postal Services Act 24 of 1998, the Broadcasting Act 4 of 1999 and the ICASA Act to grant licences, monitor the licensee's compliance with the terms and conditions of their licences and develop relevant regulations to protect consumers.The ICASA develops regulations for the communications, broadcasting and postal services sectors of South Africa. 125It manages the radio frequency spectrum and it protects consumers against unfair business practices and poor-quality services.It also ensures that all people in South Africa have access to affordable basic communication services.All licensees are obliged to contribute to the Universal Service and Access Fund.
122 Section 14 of the Cybercrimes Bill.Electronic copy available at: https://ssrn.com/abstract=3898436The ICASA is empowered to receive complaints from the public about poor services provided by telecommunications, broadcasting and postal services licensees in South Africa. 126It also resolves such complaints or refers them to the Complaint and Compliance Committee for further adjudication.Moreover, the ICASA is a Chapter 9 institution which supports democracy in accordance with the Constitution.It is further obliged to promote international and regional co-operation and the interoperability of networks.It has a duty to promote the interests of consumers with regard to price, quality and the variety of electronic communications services, and to ensure information security and network reliability in South Africa. 127However, the ICASA does not specifically provide for the use of 5G and AI measures to detect, investigate, prevent and curb cybercrimes in South African banks, companies and other related financial institutions.Furthermore, the ICASA is not expressly provided for under the ECTA and the Cybercrimes Bill.

The role of the SAPS
Although the role of the SAPS in relation to cybercrimes is not adequately outlined in the Cybercrimes Bill, the ECTA and the POPIA, it is expected that all electronic communications service providers and financial institutions are obliged to report cybercrime activities to the SAPS. 128For instance, the Cybercrimes Bill obliges all persons, including banks, electronic communications service providers and other financial institutions, to report all incidents of cybercrimes to the SAPS. 129The Cybercrimes Bill stipulates that the Minister of Police must take relevant measures to build capacity in the SAPS so as to effectively deal with cybercrime activities in South Africa. 130The SAPS is also obliged to create mechanisms for cooperation and mutual assistance between foreign states in cross-border investigations to prevent and combat cybercrime in South Africa. 131The SAPS is also empowered to inspect, search and/or seizure any relevant materials from suspected cyber criminals under the ECTA. 132In this regard, the SAPS works closely with the cyber inspectors.warrants prior to any search for evidence, data or computers from any person, premises or vehicle in relation to the commission of cybercrimes in South Africa. 133The SAPS also participates in the development of anticybercrime policies and strategies in South Africa.It further provides specialised investigative capacity and interaction with other relevant national and international stakeholders such as banks to curb cross-border cybercrimes in South Africa.Cybersecurity is mainly enforced by the State Security Agency (SSA) in South Africa. 134A specifically designated police official may issue an expedited direction for the preservation of data to an individual or entity that is in possession of or may receive data relevant to the commission of cybercrime offences in South Africa. 135e SAPS should play a pivotal role in the combating of cybercrime, since South Africa is among the countries that have the highest rates of cybercrimes in the world. 136In this regard, it is important to note that the SAPS Directorate for Priority Crime Investigation (SAPS DPCI or Hawks) is directly involved in the curbing of cybercrime, financial crimes and corruption in South Africa.The Hawks should employ better approaches to authenticate hardware, software and data on computer systems and to verify user identities to enhance its monitoring and detecting of cybercrimes in South Africa.The SAPS must adopt a holistic approach in the fight against cybercrime and work harder to understand social media-related risks and illegal corporate espionage. 137

The role of the 24/7 Point of Contact and the CRC
The 24/7 Point of Contact is established under the Cybercrimes Bill. 138The 24/7 Point of Contact is administered by the Minister of Police and must operate on a twenty-four hour, seven-day-a-week basis to provide expedited assistance in all cybercrime investigations and/or related proceedings. 139The offences in South Africa.This position is worsened by the fact that cybercrime is not expressly outlawed under the RICA and the POPIA.Consequently, cybercrime is still problematic in South African banks, companies and other related financial institutions.Cybercriminals often target electronic banking or payment services of banks and other financial institutions and/or financial customers to fraudulently hack and steal money from their accounts.This has given rise to the introduction of the Cybercrimes Bill.However, the Bill is yet to be passed into law and it does not provide for the use of AI, 5G or other technological measures to curb cybercrime in South Africa.Thus, notwithstanding the commendable efforts adopted so far South Africa to regulate and combat cybercrime, cyberrelated activities are still rife and still affect most persons, banks and other related financial institutions.Moreover, it remains uncertain whether banks and other financial institutions have adopted 5G and AI to detect and combat cybercrimes in South Africa.In this regard, it is submitted that banks, companies and other financial institutions should adopt 5G, AI and/or other robust technological measures to enhance their detection, prevention and curbing of cybercrime offences in South Africa.This approach could further enable banks and other financial institutions to discourage and timeously prevent cybercriminals from committing financial crimes such as money laundering and insider trading in South Africa.It is also submitted that the South African policy makers should carefully revise the Cybercrimes Bill to embrace the use of AI and 5G to detect and combat cybercrimes in South African banks and related financial institutions. 155The other option is to amend the ECTA to expressly oblige banks, financial institutions, companies and other enforcement authorities to utilise technological measures such as 5G and AI so as to effectively detect, prevent and curb cybercrimes such as theft of bank card payment data, the theft of corporate data, and cyber extortion in South Africa.The ICASA should be empowered to specifically provide for the use of 5G and AI measures to detect, investigate, prevent and curb cybercrimes in South African banks, companies and other related financial institutions.

18
See ss 85-89 of the ECTA.19 Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (RICA) ss 2-57; see the related discussion by Ziska Handbook of Research on Information 27-566, Brenner Threats from Cyberspace 36-200.20 Protection of Personal Information Act 4 of 2013 (POPIA) ss 8-109; see the related discussion by Ziska Handbook of Research on Information 388-566.21 Kovacich and Jones Crime Investigator's Handbook 100-400; Cassim 2009 PELJ 36-79.
78Axelrod Violence Goes to the Internet 5-299; Bidgoll Internet Encyclopedia 200-500.79Rajput Cyber Economic Crime 8-260; Cruz-Cunha and Portela Handbook of Research on Digital Crime 67-600; Ericsson, Monserrat and Nokia 5G Mobile 100-398; Vishnevsky and Kozyrev Distributed Computer and Communication Networks 171-300.80Thornton et al Telecommunications Law 16-332.81Cassim 2010 JICLT 118-123; Thornton et al Telecommunications Law 16-332; Van der Merwe et al Information and Communications Technology Law 70-74.82Smith, 85 Snail 2009 JILT 3-13.Electronic copy available at: https://ssrn.com/abstract=3898436 This Bill is inter alia aimed at protecting all persons, including companies, banks and financial institutions, from cyber criminals, terrorists and other unscrupulous persons that rely on computers, the Internet and recent technology to perpetrate cybercrimes in South Africa.As stated earlier in paragraph 2.1 above, any unlawful securing of access to data and/or unlawful acquiring of data by any person is prohibited under the Cybercrimes Bill.110Likewise, any unlawful acts in respect of tool and illegal interference with data or a computer programme by any person are outlawed under the Cybercrimes Bill.111 110Sections 2 and 3 of the Cybercrimes Bill; also see Casey Digital Evidence 35-187; Bottomley 2020 https://www.businessinsider.co.za/the-personal-details-of-millionsof-south-africans-have-just-been-hacked-2020-8.Electronic copy available at: https://ssrn.com/abstract=3898436 Thus, it is empowered to investigate, access, search and/or seize any article, document or material used in the commission of cybercrime activities in South Africa.The Cybercrime Bill correctly provides that the SAPS should obtain search

The use of 5G, AI and other technological approaches to curb cybercrimes in South African financial institutions
24/7 Point of Contact is empowered to provide 133 Section 27 read with ss 29, 30 and 31 of the Cybercrimes Bill, which empowers police officers to access, search or seize any data or evidence from any accused persons without a search warrant; see the related discussion by Chawki et alCybercrime 25-120.inSouthAfricaandotherforeigncountries.140Thismeansthatthe24/7Point of Contact has extra-territorial jurisdiction to provide assistance in all cybercrime investigations and/or related proceedings.141The24/7Point of Contact is obliged to provide technical advice and facilitate or provide legal assistance, identify and locate an article or a suspect, and cooperate with the appropriate authorities of a foreign country regarding any cybercrime investigations.142TheMinister of Police may make regulations and impose additional duties on the 24/7 Point of Contact to enhance the curbing of cybercrime in South Africa.143TheNationalDirector of Public Prosecutions (NDPP) is obliged to provide legal assistance to the 24/7 Point of Contact for it to effectively conduct its duties.144The24/7Point of Contact is required to report all incidents of cybercrimes to the SAPS for further adjudication.Be that as it may, the 24/7 Point of Contact does not expressly provide for the use of AI and 5G to detect and combat cybercrimes in South Africa.On the other hand, the CRC is established under the Cybercrimes Bill to deal with cyber security threats in South Africa.145TheMinister of State Security appoints a chairperson, and whenever the chairperson is absent the Minister of State Security assumes the responsibilities and duties of the chairperson.146Theworkandfunctions of the CRC must be performed by a secretariat consisting of designated administrative members of the SSA.147TheCRC is statutorily obliged to implement any government policy on cybersecurity in South Africa.148TheMinister of State Security must submit a report to the chairperson of the Joint Standing Committee on Intelligence regarding the progress and functions of the CRC.149TheCybercrimes Bill does not expressly oblige the CRC to employ AI and 5G measures to detect, investigate and curb cyber-related activities in South Africa.As stated above, cybercrime also affects banks and other financial institutions.For instance, South African banks are constantly being affected by phishing scams and other cybercrimes.150Most of these crimes are perpetrated through the Internet and are exacerbated by technological advancements.As a result, the security of the Internet has become very important for the past four generations of wireless systems and will continue to be treated as such under any new generation of technology.151Furthermore, the cheaper that computation gets and as more new technology emerges, the more chances there will be that banks and other financial institutions will be susceptible to cybercrimes. 152herefore, newer generations of wireless systems must carefully improve their Internet requirements without compromising Internet security. 153obile broadband will be increasingly used for Internet access and cloud services and this will increase the vulnerability to cybercrimes of banks, companies and other financial institutions in South Africa.5Gnetworks transport large amounts of data which are also used in the South African banking institutions.Thus, connectivity to any Internet-connected household entry must be carefully audited to prevent unlawful entry and cybercrimes in the South African banking institutions. 154I and 5G presents unique opportunities for financial institutions to enhance their operations.In this regard, South African banks, companies and other financial institutions should seriously consider adopting 5G, AI and other technological measures to detect and prevent cybercrimes.5Ghas fast-virtualising software which provides better network functions that could be useful in the curbing of cybercrimes.Likewise, AI sub-types such as machine learning, deep learning, neural networks and analytic AI could enable banks and other financial institutions to timeously detect and effectively curb cybercrime in South Africa.As discussed above, cybercrime is outlawed under both common law and the ECTA in South Africa.Nonetheless, both the common law and the ECTA have so far struggled to effectively regulate and combat cybercrime 147 Section 53(4) of the Cybercrimes Bill.148Section 53(5) of the Cybercrimes Bill.149Section 53(7) of the Cybercrimes Bill.Electronic copy available at: https://ssrn.com/abstract=3898436LukongaFintech, Inclusive Growth and Cyber Risks 1-51.Electronic copy available at: https://ssrn.com/abstract=3898436 Abawajy et al Internet and Distributed Computing Advancements Abawajy JH et al Internet and Distributed Computing Advancements: Theoretical Frameworks and Practical Applications (IGI Global Hershey 2012) Achimugu et al 2009 JITI Achimugu P et al "Adoption of Information and Communication Technologies in Developing Countries: An Impact Analysis" 2009 JITI 37-46 Armstrong et al Access to Knowledge Armstrong C et al Access to Knowledge in Africa: The Role of Copyright (UCT Press Claremont 2010) Axelrod Violence Goes to the Internet Axelrod EM Violence Goes to the Internet: Avoiding the Snare of the Net (Charles C Thomas Springfield 2009) The Internet Encyclopedia Volume 1 (Wiley New Jersey 2004) Bossler and Berenblum 2019 Journal of Crime and Justice Bossler AM and Berenblum T "Introduction: New Directions in Cybercrime Research" 2019 Journal of Crime and Justice 495-499 Brenner 2006 Crime Law Soc Change Brenner SW "Cybercrime Jurisdiction" 2006 Crime Law Soc Change 189-206 Cyberlaw: The Law of the Internet in South Africa (Van Schaik Pretoria 2000) Carlan, Nored and Downey Introduction to Criminal Law Carlan P, Nored LS and Downey RA An Introduction to Criminal Law (Jones and Bartlett Sudbury 2011) Casey Digital Evidence Casey E Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet (Elsevier London 2011) Cassim 2009 PELJ Cassim F "Formulating Specialised Legislation to Address the Growing Spectre of Cybercrime: A Comparative Study" 2009 PELJ 36-79 Cassim 2010 JICLT Cassim F "Addressing the Challenges Posed by Cybercrime: A South African Perspective" 2010 JICLT 118-123 Cassim 2011 CILSA Cassim F "Addressing the Growing Spectre of Cyber Crime in Africa: Evaluating Measures Adopted by South Africa and Other Regional Role Players" 2011 CILSA 123-138 Cassim 2012 PELJ Cassim F "Addressing the Spectre of Cyber Terrorism: A Comparative Perspective" 2012 PELJ 381-415 Chawki et al Cybercrime Chawki M et alCybercrime, Digital Forensics and Jurisdiction (Springer  New York 2015) Brenner SW "Cybercrime: Re-thinking Crime Control Strategies" in Jewkes Y (ed) Crime Online (Routledge New York 2011) 12-29Electronic copy available at: https://ssrn.com/abstract=3898436Electroniccopy available at: https://ssrn.com/abstract=3898436