Digital compliance is something that lies at the core of what OXIAL offers. In a world of ever-growing compliance and risk management complexity, the idea that an organisation wouldn’t use automation and digital compliance to help manage this, is baffling. 

We work with a number of partners that really augment our digital compliance offering. Smart consultants that understand the requirements of modern global compliance are an integral part of digital compliance and this is a model that is really starting to resonate with businesses in different countries all over the world. 

In Africa we are lucky enough to work with BDO Morocco as our consulting partner. Africa is an attractive investment destination, as according to the World Bank, growth for Sub-Saharan Africa in 2018 is expected at 3.1%, rising to 3.6% in 2019.  Furthermore, the World Bank also cites Africa as having six of the top 10 fastest growing economies in 2018.   

So Africa is rich with opportunity, both for inward investment and for African companies looking to expand into Europe, Asia and the US. But managing compliance remains a key challenge. We recently spoke with Zakaria Fahim – Managing Partner & Head of Advisory, BDO Morocco about the risk management and compliance challenges faced by African businesses and also the launch of a digital compliance partnership between BDO and OXIAL. 

 OXIAL: 

What are the main challenges facing organisations in Morocco and the rest of Africa, around risk management and compliance? 

Zakaria Fahim:

Compliance and risk management is more complex for African businesses than it has ever been. Globalisation has been a powerful force for African firms, opening up trade opportunities that were previously hard to find and meaning that international trade has become far more accessible and potentially lucrative. 

But with this opportunity comes a number of considerations. When trading globally, African companies are exposed to a whole host of different compliance regulations. The recent GDPR directive in the European Union (EU) for example, means that any organisation holding data relating to consumers that live in the EU must comply with the new regulations, irrespective of where that company is located. So GDPR applies just as much to businesses based in Morocco or South Africa, as it does to businesses actually based in the EU. 

That’s just one example. Some industries – banking and insurance – have even more compliance requirements, and managing industry regulation, along with national and international requirements is an enormous task. And a number of companies in Africa are not approaching this in the right way, preferring still to use old world methodologies, instead of embracing digitisation as they should be. 

 OXIAL:   

Why are organisations struggling so much with compliance?

Zakaria Fahim:  

It’s partly the sheer complexity and scope of compliance requirements, partly not having the right methodology and approach, partly not having the internal tools and resources to do the job effectively and partly being focused on other priorities.  

Many banks and insurers are only focused on business development. This is of course a vitally important element of business growth, but many have lost focus on compliance and regulation as a consequence. This is an oversight – the penalties for non-compliance can be severe, as can the long-term brand implications for a company that falls foul of GDPR, regulation that seeks to protect consumer data privacy. No African company would want to be known as an organisation that doesn’t take customer data security seriously enough. 

Increasingly though, organisations are becoming more aware and more mindful of the fact that they need support in managing compliance. For many organisations however, just having access to a digital tool is not enough. They don’t know how to manage requirements for compliance such as GDPR, so they need the benefit of a consultant to navigate through this.  

OXIAL:   

Why is there a lack of good compliance people to work internally? 

Zakaria Fahim 

There is an element of there not being enough good compliance people out there, and also the fact that good people cost a lot of money for companies, especially for mid-sized firms that might lack the resource of bigger competitorsSo in terms of managing this risk, the motivation for them is not so strong to address this issue.

Such companies do not need someone full-time inhouse because it is expensive, but they undoubtedly need the constant supervision and management of risk. So it is becoming a good decision to externalise these services – they benefit from market-leading consultative knowledge and expertise, without paying the full price. 

They get online, 24 hours a day, seven days a week consulting on all matters to do with risk and compliance. These requirements are incredibly complex and detailed, and they also change constantly, so it is hard for internal people to stay on top of this. 

OXIAL: 

Are these compliance issues greater for African companies? 

Zakaria Fahim:

I wouldn’t say the compliance requirements themselves are necessarily greater, but perhaps more African companies are lacking the tools required to address them than companies in other parts of the world. With globalisation, African companies cannot bury their head in the sands and say that is nothing to do with me. The companies and countries they trade with have to address risk and compliance and so do they. 

For some people risk management is still in the old world, using pen and paper. There is a need for more dynamic services, online, constant and failsafe. These companies need to embed digital into their DNA. It is a digital and connected world that we live and work in and companies must be mindful of that. Old approaches to compliance and risk management are not sufficient in this digital era. 

 OXIAL: 

We spoke previously about a growing need for digital compliance in Africa. But is that a tough sell to organisations that have favoured a more old-fashioned approach?

Zakaria Fahim:

It can be and certain industries have definitely been slower to embrace digital risk management and compliance than others. Banks have done things in a certain way for a long time, so it can be hard for people within such organisations to get their head around a new approach. But really, this solution is the only one that works.

Previously, a firm would make its own risk map and then find a technology partner to digitise this. But this doesn’t really work, digital services need to be embedded in an organisation’s DNA, not added on as a bolt-on. Digitisation is vital to the on-going success of banks in Africa, and indeed businesses in almost every different sector. Managing compliance properly is essential to on-going business success and this requires a digital approach in 2018.

 OXIAL:   

Is the partnership with OXIAL going to be beneficial to African companies?

Zakaria Fahim 

I certainly hope so. It really is an essential service and one that I am sure will prove popular with many BDO clients – it enables them to manage risk constantly and be assured that nothing will slip through the cracks.

It really is a unique offering for African companies, that combines BDO’s knowledge, understanding and expertise around risk management and compliance, all powered by the automation provided by OXIAL. It is a powerful proposition for businesses in Africa, and BDO’s digitised risk management services has the potential to be a real gamechanger.

It works so well because it is not a tool, it’s a service, and it’s one that brings extremely high value to clients. It’s a fully digital solution so fully integrates with, and supports organisations’ digital transformation programs. An IT solution would not work because compliance and risk management are business issues, so the OXIAL solutions is easy to implement and then use.

 OXIAL:   

Is compliance getting more complex in Africa?

Zakaria Fahim 

Compliance is getting more involved and complicated all over the world, and African businesses are part of that. We are in a global business landscape, where companies have to be mindful of both national and international compliance requirements.

African businesses simply cannot afford to adopt an old-world approach to this. The repercussions are too great. Not just the potential fines and damage to your brand of being non-compliant, but competitors can steal ground on you very quickly indeed.

OXIAL: 

Can the BDO / OXIAL solution affect real organisational change?

Zakaria Fahim:

Zakaria Fahim: Yes it can. Not only is it a solution that guarantees compliance, it can really change the manner and patterns of working.

It helps employees in those organisations to upgrade their own role and efforts at work. Our solution can transform day-to-day roles for people in African companies. It gives them the peace of mind that compliance is going to be dealt with effectively and efficiently and frees up their time to be spent more productively elsewhere in the business. There is certain work that is repetitive for a human to do – it is time consuming and tiring which means mistakes can be made. OXIAL does not make these mistakes or get tired, so its automation will make a major difference.

OXIAL: 

Will this one day be the way everyone approaches compliance?

Zakaria Fahim:

The environment is changing and organisations in Africa and the rest of the world need to change with it. Compliance is demanding and complex and some businesses are struggling to adapt. But the BDO and OXIAL service is easy to absorb in terms of finances and people are coming around to accepting such an investment. They know the value it can bring and helps to ensure their competitiveness.

But really, the time for action is now, not in the future. For any smart business in Africa there should be no discussion about whether to use such services, it is more of question of deciding when to start. If firms delay for too long they will fall foul of the increasingly complex compliance requirements facing them, and then may eventually pay the ultimate price.

OXIAL: 

Thank you for the interview.

OXIAL’s New Generation GRC solutions are entirely built to address some of the greatest challenges impacting organisations that are faced with Risk Management, Internal Control and Compliance and Audit. OXIAL’s integrated GRC platform enables organisations to become more efficient and effective in mitigating risk by integrating and automating GRC processes on a global scale.

Featuring intuitive and powerful tools that make it possible to respond to fast-evolving risk environments, OXIAL makes it easy to synchronise corporate governance, enterprise risk management and corporate compliance activities and undertake real- time monitoring across all business and IT processes and company assets. OXIAL operates globally across multiple industries and meets the needs of over 40 customers who have chosen OXIAL to drive business performance and achieve success.