What are the main challenges facing organisations in Morocco and the rest of Africa, around risk management and compliance?
Compliance and risk management is more complex for African businesses than it has ever been. Globalisation has been a powerful force for African firms, opening up trade opportunities that were previously hard to find and meaning that international trade has become far more accessible and potentially lucrative.
But with this opportunity comes a number of considerations. When trading globally, African companies are exposed to a whole host of different compliance regulations. The recent GDPR directive in the European Union (EU) for example, means that any organisation holding data relating to consumers that live in the EU must comply with the new regulations, irrespective of where that company is located. So GDPR applies just as much to businesses based in Morocco or South Africa, as it does to businesses actually based in the EU.
That’s just one example. Some industries – banking and insurance – have even more compliance requirements, and managing industry regulation, along with national and international requirements is an enormous task. And a number of companies in Africa are not approaching this in the right way, preferring still to use old world methodologies, instead of embracing digitisation as they should be.
Why are organisations struggling so much with compliance?
It’s partly the sheer complexity and scope of compliance requirements, partly not having the right methodology and approach, partly not having the internal tools and resources to do the job effectively and partly being focused on other priorities.
Many banks and insurers are only focused on business development. This is of course a vitally important element of business growth, but many have lost focus on compliance and regulation as a consequence. This is an oversight – the penalties for non-compliance can be severe, as can the long-term brand implications for a company that falls foul of GDPR, regulation that seeks to protect consumer data privacy. No African company would want to be known as an organisation that doesn’t take customer data security seriously enough.
Increasingly though, organisations are becoming more aware and more mindful of the fact that they need support in managing compliance. For many organisations however, just having access to a digital tool is not enough. They don’t know how to manage requirements for compliance such as GDPR, so they need the benefit of a consultant to navigate through this.
Why is there a lack of good compliance people to work internally?
There is an element of there not being enough good compliance people out there, and also the fact that good people cost a lot of money for companies, especially for mid-sized firms that might lack the resource of bigger competitors. So in terms of managing this risk, the motivation for them is not so strong to address this issue.
Such companies do not need someone full-time inhouse because it is expensive, but they undoubtedly need the constant supervision and management of risk. So it is becoming a good decision to externalise these services – they benefit from market-leading consultative knowledge and expertise, without paying the full price.
They get online, 24 hours a day, seven days a week consulting on all matters to do with risk and compliance. These requirements are incredibly complex and detailed, and they also change constantly, so it is hard for internal people to stay on top of this.
Are these compliance issues greater for African companies?
I wouldn’t say the compliance requirements themselves are necessarily greater, but perhaps more African companies are lacking the tools required to address them than companies in other parts of the world. With globalisation, African companies cannot bury their head in the sands and say that is nothing to do with me. The companies and countries they trade with have to address risk and compliance and so do they.
For some people risk management is still in the old world, using pen and paper. There is a need for more dynamic services, online, constant and failsafe. These companies need to embed digital into their DNA. It is a digital and connected world that we live and work in and companies must be mindful of that. Old approaches to compliance and risk management are not sufficient in this digital era.