It is clear that D&Os in the region are mindful of the obligation to provide a safe and secure working environment and are concerned about risks such as health and safety prosecutions.
This may be driven, in part, by a post-COVID world still grappling with the challenges of employee health and safety in a remote working environment. In addition, the region continues to experience significant and serious workplace incidents. Recent tragic events such as mine accidents and gas explosions, leading to the injury and harm of employees and members of the public, serve as stark reminders of health and safety concerns.
Breach of human rights within or by business operations occupies second place, and interestingly, feature much higher than in other regions. This may be related to health and safety concerns and it may also be the case that Africa’s abundance of natural resources and its strong labour-intensive sectors, such as mining, industry and agriculture, drives this perceived risk by D&Os.
D&Os in Africa are also concerned about the risks emanating from bribery and corruption and systems and controls, occupying the third and fourth spots respectively.
This is unsurprising given that fraud and white-collar crime continues to present a challenge to companies operating in the region. D&Os are, understandably, concerned about the direct financial losses that may be incurred by their businesses due to crime, as well as the possibility of liability for failing to meet their fiduciary duties (by not implementing appropriate controls and systems to continuously monitor such risks).
Whilst technology has provided companies with the platform to improve efficiencies, its increasing complexity including how different technologies and platforms interact, presents opportunities for loopholes to be exploited to the detriment of companies. Both cyber and crime related losses as a result of social engineering have increased substantially, with companies suffering significant losses from unauthorised access to their systems, or from the fraudulent transfer of funds. These are committed by perpetrators impersonating persons of authority or utilising company information in order to deceive employees into unknowingly providing log-in details, or to approve fraudulent payments.
Regulatory investigations targeting both companies and individual D&Os for alleged misconduct may also be driving their concerns around these risks. Dealing with these investigations can be extremely onerous and disruptive and may result in serious sanctions and penalties for the individuals concerned. They also often lead to significant investigation and legal defence costs.
The region sees a number of active regulators, including in respect of the financial services and banking industries.
An emerging risk for D&Os in Africa concerns insolvencies, bankruptcy and the financial distress of an organisation. This is unsurprising given global economic conditions and the potential impact that regional conflicts in other regions such as Europe may have on business operations and supply chains based in Africa.
South Africa has long been considered an economic powerhouse within Africa, but despite this privileged position, it too, has struggled due to a combination of internal and external factors. Whilst the latest statistics in the SA Liquidations Report indicate that the number of liquidations in 2023 reduced slightly from 2022 number's, liquidations remain high, with 921 companies being liquidated. South Africa has robust legislative mechanisms that allow companies to enter into business rescue (often called administration in other countries) which provide them with opportunities to avoid liquidation – it therefore, illustrates the level of financial distress being experienced in the region that such a high number of liquidations have occurred despite these robust mechanisms that enable business recovery.
Within South Africa, the personal risk to D&Os may be heightened by recent proposed legislative developments and case law. Following the Judicial Commission of Inquiry into Allegations of State Capture, Corruption and Fraud in the Public Sector (Zondo Commission) which focused on corrupt activities and the mismanagement of state-owned enterprises, the Minister of Trade, Industry and Competition has recently published proposed amendments to the Companies Act 2008 to extend the prescription periods regarding delinquency applications and claims for damages against D&Os.
The Companies Act presently provides that an application for delinquency can be brought if the person concerned is a director of the company, or within the 24 months immediately preceding the application was a director of the company. The amendments propose that the time limit to bring proceedings should be extended to five years, and furthermore that the court may on good cause shown extend that period in a specific case.
In addition, the amendments propose that the three-year time limit for bringing proceedings to recover loss, damage or costs from a director may also be extended by the court on good cause shown.
The impact that this may have on the insurance industry will likely only be known once the proposed amendments are codified. It’s feasible that insurers may review their underwriting and pricing of South African risks, given that the amendments not only allow extended time limits for claims to be brought (thus extending the “long tail” of insurance claims) but also potentially allowing for more claims to be brought against D&Os that may not have been possible previously.
These proposed amendments are also significant considering recent South African case law which has developed company law in respect of creditors.
The Gauteng High Court has recently held that, although a creditor is not expressly named among the class of persons in the Companies Act who can bring an application for delinquency, by virtue of the extended standing to apply for remedies provision contained within the Act, a creditor may exercise the right to bring an application for delinquency when acting in the public interest with the leave of the court.
Interestingly, the judgment also recognised the principle that in respect of insolvent or near insolvent companies, the so- called “twilight period”, the traditional approach that the D&Os owe duties to the company shifts to a more economic approach in terms of which the D&Os owe duties to the creditors. This is a significant development in South African company law and may well lead to more claims by creditors against D&Os.
Justifiably, D&Os in the region are concerned about the risks presented by insolvent and near insolvent positions.
Supplier business practices occupies the sixth position in Africa. We suspect that this may be driven by factors such as tender irregularities, which continues to remain a risk for companies in the region. Supply chain disruption may also be a contributing factor to this concern for D&Os.
It may further be that this relates to the fact that the implementation of data protection legislation and regulations across the region, including the duty to report to regulators on cyber-attacks, is only recently gaining traction.
The region has also just started to see the first fines been issued. In South Africa, the Information Regulator has handed down its first administrative fine in the amount of R5,000,000 against the Department of Justice and has also issued several other infringement and enforcement notices.
In Kenya, the Office of the Data Protection Commissioner, mandated to ensure compliance with the Data Protection Act, 2019 issued penalty notices to three data controllers in late September 2023 for failing to comply with the provisions of the Act on the processing of personal data of data subjects.
Given that Africa is experiencing a rapid escalation in cyber-attacks, it will be interesting to see if cyber-related risks appear in the rankings in the next 12 months.
