Digital compliance is something that lies at the core of what OXIAL offers. In a world of ever-growing compliance and risk management complexity, the idea that an organisation wouldn’t use automation and digital compliance to help manage this, is baffling. 

We work with a number of partners that really augment our digital compliance offering. Smart consultants that understand the requirements of modern global compliance are an integral part of digital compliance and this is a model that is really starting to resonate with businesses in different countries all over the world. 

In Africa we are lucky enough to work with BDO Morocco as our consulting partner. Africa is an attractive investment destination, as according to the World Bank, growth for Sub-Saharan Africa in 2018 is expected at 3.1%, rising to 3.6% in 2019.  Furthermore, the World Bank also cites Africa as having six of the top 10 fastest growing economies in 2018.   

So Africa is rich with opportunity, both for inward investment and for African companies looking to expand into Europe, Asia and the US. But managing compliance remains a key challenge. We recently spoke with Zakaria Fahim – Managing Partner & Head of Advisory, BDO Morocco about the risk management and compliance challenges faced by African businesses and also the launch of a digital compliance partnership between BDO and OXIAL. 

 OXIAL: 

What are the main challenges facing organisations in Morocco and the rest of Africa, around risk management and compliance? 

Zakaria Fahim:

Compliance and risk management is more complex for African businesses than it has ever been. Globalisation has been a powerful force for African firms, opening up trade opportunities that were previously hard to find and meaning that international trade has become far more accessible and potentially lucrative. 

But with this opportunity comes a number of considerations. When trading globally, African companies are exposed to a whole host of different compliance regulations. The recent GDPR directive in the European Union (EU) for example, means that any organisation holding data relating to consumers that live in the EU must comply with the new regulations, irrespective of where that company is located. So GDPR applies just as much to businesses based in Morocco or South Africa, as it does to businesses actually based in the EU. 

That’s just one example. Some industries – banking and insurance – have even more compliance requirements, and managing industry regulation, along with national and international requirements is an enormous task. And a number of companies in Africa are not approaching this in the right way, preferring still to use old world methodologies, instead of embracing digitisation as they should be. 

 OXIAL:   

Why are organisations struggling so much with compliance?

Zakaria Fahim:  

It’s partly the sheer complexity and scope of compliance requirements, partly not having the right methodology and approach, partly not having the internal tools and resources to do the job effectively and partly being focused on other priorities.  

Many banks and insurers are only focused on business development. This is of course a vitally important element of business growth, but many have lost focus on compliance and regulation as a consequence. This is an oversight – the penalties for non-compliance can be severe, as can the long-term brand implications for a company that falls foul of GDPR, regulation that seeks to protect consumer data privacy. No African company would want to be known as an organisation that doesn’t take customer data security seriously enough. 

Increasingly though, organisations are becoming more aware and more mindful of the fact that they need support in managing compliance. For many organisations however, just having access to a digital tool is not enough. They don’t know how to manage requirements for compliance such as GDPR, so they need the benefit of a consultant to navigate through this.  

 OXIAL:   

Why is there a lack of good compliance people to work internally? 

Zakaria Fahim:  

There is an element of there not being enough good compliance people out there, and also the fact that good people cost a lot of money for companies, especially for mid-sized firms that might lack the resource of bigger competitorsSo in terms of managing this risk, the motivation for them is not so strong to address this issue.

Such companies do not need someone full-time inhouse because it is expensive, but they undoubtedly need the constant supervision and management of risk. So it is becoming a good decision to externalise these services – they benefit from market-leading consultative knowledge and expertise, without paying the full price. 

They get online, 24 hours a day, seven days a week consulting on all matters to do with risk and compliance. These requirements are incredibly complex and detailed, and they also change constantly, so it is hard for internal people to stay on top of this. 

OXIAL: 

Are these compliance issues greater for African companies? 

Zakaria Fahim:

I wouldn’t say the compliance requirements themselves are necessarily greater, but perhaps more African companies are lacking the tools required to address them than companies in other parts of the world. With globalisation, African companies cannot bury their head in the sands and say that is nothing to do with me. The companies and countries they trade with have to address risk and compliance and so do they. 

For some people risk management is still in the old world, using pen and paper. There is a need for more dynamic services, online, constant and failsafe. These companies need to embed digital into their DNA. It is a digital and connected world that we live and work in and companies must be mindful of that. Old approaches to compliance and risk management are not sufficient in this digital era. 


Part two of the OXIAL interview with Zakaria Fahim will publish soon.

OXIAL’s New Generation GRC solutions are entirely built to address some of the greatest challenges impacting organisations that are faced with Risk Management, Internal Control and Compliance and Audit. OXIAL’s integrated GRC platform enables organisations to become more efficient and effective in mitigating risk by integrating and automating GRC processes on a global scale.

Featuring intuitive and powerful tools that make it possible to respond to fast-evolving risk environments, OXIAL makes it easy to synchronise corporate governance, enterprise risk management and corporate compliance activities and undertake real- time monitoring across all business and IT processes and company assets. OXIAL operates globally across multiple industries and meets the needs of over 40 customers who have chosen OXIAL to drive business performance and achieve success.