Share this article

In a volatile and uncertain world, it’s clear that the risk landscape is changing. The COVID-19 pandemic accelerated the speed at which risk events occur and the extent to which they spread. Risks that once seemed remote and improbable have also become the norm. During this stressed socioeconomic times, risk and compliance issues have become exacerbated, making effective regulatory risk and compliance management even more important.

Business leaders everywhere are pushed to ‘expect the unexpected’. Organisations are looking to cultivate a new trait: resilience. They are forced to adopt proactive approaches in order to be prepared for these changes and to be able to respond to new laws and regulations in order to meet the expectations of their stakeholders.

Without a doubt, an integrated perspective on regulation and compliance is key for building the much needed resilience, trust and competitive advantage in today’s perilous business environment.

How prepared are regulators across industries to embrace an adaptive and prudential posture to engender trust and confidence while navigating the new regulatory challenges and demands that the spread of COVID-19 may have on the markets, organizations, and consumers?

In continuation of the Africa Crises Game Changer Series, Digital Jewel hosted the 4th session with the theme: Compliance in crisis?: A Regulators Perspective.

The virtual event which was moderated by Adedoyin Odunfa (CEO, Digital Jewels), had leading African regulatory Executives like Adebisi F. Shonubi (Deputy Governor, Operations, CBN), Tinuade Awe (Acting CEO NGX Regulation Limited – Subsidiary of the NSE) and Patrick Nyirishema Director General, Rwanda Utilities Regulatory Authority (RURA) on the panel.

Providing broad perspectives, the erudite regulators shared from their deep experiences, the different initiatives and strategies adopted in weathering the storm and staying ahead of the regulatory curve.

They emphasized the need to rethink regulation and compliance through enhanced digital infrastructure initiatives to drive strategy, promote collaboration, boost economic recovery, support innovation and enhance performance.

Laying a robust background, Adedoyin Odunfa provided context to the theme, based on four focus areas on the relevance, evolution, impact and the future of regulatory compliance in the light of the global pandemic and the recent national #ENDSARS unrest. This was further buttressed by the outcome of a short poll where 49% of the responders indicated that regulation has played the role of a facilitator in their journey of recovery from the impact of the crisis with 74% indicating that compliance is more relevant in a crisis.

On whether regulation has taken the back sit, Tinuade Awe corroborated the outcome of the poll as an incontrovertible and fair representation of the role and relevance of regulation in the pandemic.

Making a stronger case on the need for regulators to focus more on the spirit rather than the letters of regulation, she stated that, “Yes, regulation is still very important, but I think in a pandemic, people need to realize that regulators are also facing the pandemic just like everyone else. And so there’s need for regulations that are more principled and spirit based than rules and enforcement. At this time, regulators need to be flexible, adaptable and be more focused on the purpose of the regulation”.

Highlighting the ways regulation has evolved to address the opportunities and challenges thrown up by the global pandemic, Patrick Nyirishema shared a similar view on the changing nature of regulation relative to the degree of impact of the pandemic on individual sectors of the economy.

“Yes, the nature of regulation has changed, but this also is in direct relationship to the degree with which the pandemic has affected a particular industry. Looking at RURA for example, on the one hand in the Telcom industry, the pandemic increased the uptake of services. We saw for example, data utilization jump up by 35% over a short period of time. We also saw mobile financials services multiply by over four times, because certainly everyone had relied on electronic transactions for payments. Some other sectors were badly hit and it was a question of survival”, he asserted.

He opined that the way a regulator will treat a sector that was positively impacted by the pandemic should be different from the treatment for a sector that is negatively impacted and barely surviving and needs to be supported in order to get through the crisis.

While acknowledging increased collaborative approach between the regulators and the operators, Patrick Nyirishema stated that, ‘’Going forward, we can expect much more engagement between regulators and governments in economic recovery and that also means that regulators would have to focus less on the basics of the rules and laws with more thinking on development and economic recovery. And that means there will be areas where the regulators would have to allow a little bit of room in terms of compliance in the interest of economic recovery”.

While corroborating the relevance of compliance on the ability of financial institutions to respond to the pandemic, Adebisi F. Shonubi drew a sharp distinction between the ‘relevance’ and ‘practice’ of regulation.

On the relevance of the CBN’s revolutionary blueprint on Information security implementation in line with global best practices, he stated that, “We had put out regulations based on a new set of rules that certain international standards must be met on information security, this was long before we dreamt of any pandemic. This is what has been helpful. The issues and incidences of Cyber-fraud and the likes in terms of success has not gone up that much. In terms of banks being vulnerable, it exists, but have not gone up that much, even though we’ve seen more than a ten-fold attempts to compromise networks and systems”.

Speaking further on the impact of the Information security regulation on financial institutions, Adebisi F. Shonubi stated that, “Yes, it has helped the banks prepare and also allowed them to protect and make themselves more readily available to their customers. The only down side is that it’s put pressure on other infrastructure which many of us, I guess did not expect would have such much demand. So, there’s also been some sort of digital pandemic in that regards”.

On the observed trends, the apex bank boss stated that, ”We’ve seen a jump in the number of electronic transactions about three fold over the period. In Nigeria, I think the more predominant one is the used of the USSD channel for transactions”.

To underscore the significance of relevance as a regulatory game changer, Tinuade Awe shared further insights on how the implementation of the regulatory framework for minimum operating standards enhanced the resilience of the entire ecosystem of the Nigeria Stock Exchange.

“About five years ago, we implemented the minimum operating standards for our dealing members. And one of those standards was around technology requirements (order management system, periodic penetration testing, disaster recovery process, business continuity planning) and other digital transformation requirements to ensure confidentiality, integrity and availability of services.

As a result of the recent unrest, at the wake of the #ENDSARS protests, a number of our dealing members actually worked remotely. I spoke to a number of CEOs, and without exception, each of them talked about the fact that the minimum operating standards made them more able to withstand the disruption without missing a day of trading with all their clients records intact.

On his position on data sovereignty and the associated accelerator effect that technology has had on businesses in Rwanda during the pandemic, Patrick Nyirishema posited that despite the evolving technological landscape and the growing use of cloud services, data will remain at the centre of regulatory debate in many different aspects in terms of balancing security, privacy and the business imperatives for operators.

“But I think we cannot ignore the importance of data and what it means for the future of nations. Because if it’s not addressed appropriately, I think we will find ourselves in a situation where we have a few countries in the world dominating this space with everyone else depending on them. What does that mean for security, what does that mean for the economic future of nations, what does that mean even in terms of harvesting data and turning it into economic value? I think the data question is not going away anytime soon. How nations respond in terms of laws and regulations will continue to vary overtime”, he said.

While providing further validation on measures taken by the Central Bank of Nigeria, Adebisi F. Shonubi described the new scramble for data as the new colonization which is being underestimated.

“So, we do have regulations for the financial institutions, and they are consistent with the ones that NITDA had put out and we have localized them. We need to localize our rules where there are best practices and we cannot just say some rules are international best practice and therefore we must all abide by those rules without looking at the context”, he said.

On the achievement of the objectives of the shared services initiative, the apex banks’ boss acknowledged that though some progress have been made over the years, a lot more still needs to be done.

“But we are pushing for a few more. We are revalidating the shared service blueprint that we had in those days. The blueprint was being driven by the needs at that time. Now, the needs may have changed. So, there’s an ongoing conversation with the banks to identify and focus on the areas that will add greater value”, he said.

In what appeared to be a consensus, the regulators shared similar views on the imperatives of evolving regulatory outlook anchored on innovation, effective stakeholders’ collaboration, agile consumer protection initiatives and enhanced financial inclusion through seamless access to digital financial services.

Digital Jewels Limited is a leading African focused IT Governance, Risk and Compliance (GRC), Consulting & Capacity Building, firm with deep competencies in Information Security, Information Assurance, Project Management, e-business and Knowledge Capacity Building; with extensive footprints in several African countries.

Share this article