How can organisations foster a strong risk and compliance culture, and what role does leadership play in shaping this culture, especially in the unique business landscape of Africa?
Building a strong risk and compliance culture is the backbone for every organisation. Risk and compliance culture will determine the compliance levels in an institution and will go a million miles in reducing the exposures if properly sipped in. Below are some of the practices which can boost a robust risk and compliance culture:
- Communication model: It is important to encourage employees to speak up and voice their concerns. This is fundamental to nurturing a healthy company culture.
- Transparency: Employees will tend to trust a process if it is clear and transparent. They will feel safe in clarity.
- Training: It is the work of leadership to train on compliance and its importance for acceptance level to rise up.
- Feedback and culture survey: It is important for the management to carry out surveys on compliance knowledge and effectiveness and allow some flexibility after the feedback.
- Handle non-compliance consistently: In order to build an effective risk and compliance culture, the management should be ready to deal with non-compliance consistently until a culture of compliance is created. It is important to note that non-compliance is the greatest risk in risk management.
Considering the diverse economic environments across African nations, what innovative approaches can organisations adopt for risk financing to ensure sustainability and resilience in the face of unforeseen challenges?
Risk financing is definitely inevitable and more so in the African economic dynamics. It is therefore paramount for any company to come up with innovative ways of going around it. Some of the approaches a company can adopt and navigate the storms are:
- Risk transfer: While dealing with risk financing, the question is when, not if, the risk will occur, then it will be ultimately prudent to make sure once it strikes home, it will not hit your company hard. I find insurance a friendly risk transfer avenue since the cost of insurance can be passed down to the clients.
- Risk monitoring: In addition to the traditional risk financing techniques, which include a) insurance; (b) self-insurance; (c) mutual insurance; (d) finite risk contracts; and (e) capital markets, I would also recommend risk measurement, monitoring, and then providing for the risk according to the magnitude. This will give an organisation an opportunity to monitor the risk and provide for it according to its weight. With this in mind, stakeholders will be kept on their toes to make sure the possibility of the risk crystallising is almost nil and turn the provisions back to profitability.
With the increasing importance of data in the digital age, how can organisations in Africa effectively navigate and comply with data protection regulations while also managing cybersecurity risks?
My take when it comes to data security and cybersecurity is pegged on key risk registers. If in your organisation’s key risk register, data and cyber security are not top among the risks you manage, then forget about compliance with the two aforementioned and before long it will come back to bite you.
My advice on how an African firm can effectively navigate and comply to the regulations is by these two simple pointers:
- Effective monitoring: The risk and compliance department should be at the forefront to effectively monitor if the established procedure of data handling and cyber security assurance is being observed to the letter. This is one of the wars in the risk management world, where you win by defence and not offence. Any organisation is as strongest as the weakest link.
- Regular training and updates on policies and procedures: Everyone in the organisation should be aware of data protection, repercussion of breach, and policy & procedures.
What are the specific challenges and opportunities organisations in Africa encounter when developing and implementing a robust cybersecurity strategy, and how does this intersect with broader risk management practices?
When developing a robust cybersecurity in Africa, some challenges could be:
- Techno-savvy level of the people in the organisation. Not everyone will understand what a simple click to untrusted source could mean.
- High-tech fraudsters who are still unemployed. These fraudsters pose a big risk as they understand the system in equal measures to the people setting up the robust security. The only difference is that they are reading the system backwards.
- Limited safe server options due to cost, which could be a probable source of a cyberattack.
Some opportunities could include:
- Job creation for the fraudster to help in setting up the cybersecurity instead of hacking.
- Using AI to create robust security and firewalls.
- Training for every member of the organisation to understand the importance of cybersecurity.
- Government intervention by coming up with clearcut cybersecurity laws.
In the context of rapidly evolving technological landscapes, how can organisations balance the need for innovation with the imperative to maintain compliance and manage potential risks to data security in Africa?
Change is the only constant thing. With the advent of rapidly evolving technology, organisations cannot hold back and decide to maintain their current compliance procedures, sooner or later they will be rendered out of business. My slogan is “The best risk expert is an entrepreneur first.” This way they will be able to see it from a business perspective and properly process what risks it could pose.
I will say for the business to stay afloat and navigate the challenges, it will be up to the risk and compliance department to be innovative enough to look through the new risks and come up with mitigations to them instead of clinging to the old non-updated policies.
Are there notable regional variations in the approach to organisational risk and compliance culture, risk financing, and cybersecurity risk within Africa, and how can businesses adapt their strategies to account for these differences?
Yes, there are notable variations in the organisational risk and compliance approach attributed to:
- Local laws and regulations.
- Technology advancement in different localities.
- Risk and compliance culture enlightenment.
- Infrastructure advancement.
The best way on how businesses can adapt their strategies to account for the difference is by:
- Training.
- Being intentional in building a risk and compliance culture.
- Contextualising some policies according to the laws and regulations of the locality.
Tom Mutune is a risk and compliance manager at Vision Fund Kenya, a member of the larger Vision Fund International and World Vision International. Tom has been in the industry for 10 years. Tom started his career in the banking industry where he worked as an AML analyst, business analyst and later on as a credit and risk analyst before switching field to risk and compliance. Tom has an undergraduate degree in Finance and a post-graduate Diploma in Information Technology and also holds risk and compliance certification certificate from CFI.