How does the Covid-19 Crisis in South Africa impact business compliance and risk?

COVID-19 has presented the world with an unprecedented disruption to the way we all  live our lives. As thousands of small business owners around South Africa will attest, the organisations keeping our economy alive are not immune to its impact.  

Many are coming to terms with the fact that business may never be “as usual” again. With many people working from home during lockdown, businesses are scrambling to set up contingency plans – gearing up work from home environments, and updating their risk and reporting procedures to ensure continuation of business. Embracing digital technology has gone from important to vital.

The benefits of using digital alternatives have become more apparent than ever before. The example of paper money highlights this. While electronic monetary transactions have held various benefits for years already, including a reduced need to draw cash, faster payment times and lower risk of theft, it now carries another impetus: electronic payment options involve a lower risk of passing on viral infection than the use of paper money does.  In the wake of this, we have seen the increased adoption of evolved digital alternatives of electronic banking channels, crypto currency, and stocks, amongst others.

Covid-19 has also heralded an unprecedented era of virtual meetings and information sharing. For example, many of us now have our daily calendars monopolized by Zoom meetings.

This opens up new possible risks to the business as information that was previously shared in the confines of a physical meeting room is now, by necessity, transmitted online.

Whether employees are using Skype, Zoom, Microsoft teams, email, or Microsoft Excel there are many types of challenges that can pose risk to business. Risk, Sustainability and Compliance officers need to pay special attention to the risks inherent to various digital tools and develop robust safeguards to de-risk the business. In order to mitigate data breaches of highly sensitive company and employee data, it is important that company leadership carefully considers factors such as encryption, data access, data storage and data sharing when sourcing an enterprise solution.

Here are some questions you should ask when looking for a data enterprise solution:

  • What is being distributed?
  • Who has access to the information?
  • What is the benefit of the exercise?
  • What happens if the data is leaked?
  • How can we control who can access the information?

And finally, what is the most secure medium that can be used for the transmission of information in the easiest to use format?

Accurate data and its ability to be readily available, is vital for stakeholders to make informed decisions that can be vital to the business’s response, strategy and ultimate success. Accurate data helps to save time, increase business agility and drive down labour inefficiencies.

In essence, your data compliance tool should help to elevate your partnership with the business. As Thomas Nicolosi, compliance modernization leader and Deloitte Risk and Financial Advisory principal at Deloitte & Touche, says: “Modernization makes the compliance function more flexible to scale up or down as needs change, and it creates capacity in the system. It can help not only to reduce the potential cost of regulatory scrutiny but also to reduce the level of scrutiny, and it elevates compliance professionals to true partnership with the businesses.”  https://deloitte.wsj.com/riskandcompliance/2017/07/17/compliance-modernization-a-five-step-roadmap/?mod=Deloitte_riskcompliance_relatedcontent

Risk and technology in B-BBEE compliance measurement

Nicolosi’s observation can be seen as relevant to B-BBEE in the South African context as well. Technology is an enabler against human error, decreases invalid data and misallocated resources and should be seen as an investment rather than a cost.

Multiple stakeholders engaging in one central platform to collaborate in a structured manner on the company’s B-BBEE objectives can act to save time and money while improving data accuracy in the organisation. Keeping the information enterprise secure is the starting point, especially in a fiercely competitive market. I couldn’t imagine anything worse than your competitors besting you, only because they managed to out position you due to having insight into your business.

With the increasing complexity of the B-BBEE environment, managing B-BBEE compliance using static solutions such as spreadsheets is no longer an option for companies that seek to drive a proactive approach to compliance management. Spreadsheets requiring highly sensitive company information adds significant business risk to companies, particularly as the Protection of Personal Information Act (POPI) and General Data Protection Regulation (GDPR) becomes increasingly pervasive. 

The B-BBEE compliance management process is generally very time consuming and administrative. This tends to drive up the “total cost of B-BBEE compliance”, whilst diverting the focus of functional specialists to conduct non-core and non-value adding processes. 

Speaking on the topic of Digital compliance, Rebecca Chasen, a partner with Deloitte Financial Advisory Services said that “Compliance professionals that can focus on the ‘why’ rather than the ‘what,’ of compliance efforts are freed up to spend time investigating data, understanding anomalies, and remediating issues, rather than merely collecting data.” – https://deloitte.wsj.com/riskandcompliance/2018/12/02/technology-a-powerful-tool-to-help-modernize-compliance/. In choosing a digital solution for your company, it is important to consider how many stakeholders will need to utilize the platform. For true stakeholder buy-in, the platform should be embraced by the organisation, with as many individuals being able to participate as possible. Ensure that your chosen solution does not have hidden limitations which will incur additional costs. 

By ensuring that the appropriate security settings are enabled for each user profile, your company can minimize the risk of unauthorized access to sensitive information, whilst not restricting the number of users of the product within the organization. Ensuring that users do not share or need to share their login credentials with other users is another key to managing risk.

As data, information, scorecards and evidence pass through different stakeholders throughout a typical B-BBEE compliance journey, the risk of variances in the consistency of interpretation and scorecard accuracy increases. By optimizing the process through cloud based digital platforms such as the BEEtoolkit and the Supplier Management System, all stakeholders can engage in their tasks in a central digital space that is secure and evolved to speak directly to their unique needs. 

These solutions also take into account the fact that business needs change as the organization changes and grows. Covid-19 has been a powerful reminder to us all that our tools need to adapt as quickly as the environment changes. 

An end-to-end solution for multiple divisions, subsidiaries, head offices, consultants and verification agencies, can solve the critical challenge of alignment and consistency of B-BBEE interpretation by enabling a seamless flow of data, information, scorecards and evidence — all the way through the compliance process, including verification and JSE reporting.

When done right, the digitizing of risk and compliance solutions can – and should — enhance the way your business runs. McKinsey and Company recently noted: “We are starting to see digital transformations in risk create real business value by improving efficiency and the quality of risk decisions. A digitized risk function also provides better monitoring and control and more effective regulatory compliance.”  https://www.mckinsey.com/business-functions/risk/our-insights/digital-risk-transforming-risk-management-for-the-2020s. Overall, look for a digital solution that decreases risk, enables growth and partners with you in maximizing business performance. 


Author – Dale Roberts, 2 May 2020