🏆 PICCASO Awards Nominee + Growth! DataHub is expanding its Country Reporter Network across Africa. Be part of the story → Apply Here
Free Consultation
Free Consultation
Free Consultation
Your Cart
Loading

Navigating the Rising Cost of Compliance: Unifying Efforts for Greater Efficiency

General Counsels (GCs) lawyers often share tales of the early days of compliance—before the advent of digital tools. Back then, we relied on Excel spreadsheets to map out the regulatory landscape. These weren’t just simple checklists; they were sprawling, often hundreds of pages long, covering every law that could affect the organization. These checklists became the foundation of our compliance programs, guiding how we managed risk and stayed on the right side of the law.


When I took on the challenge of setting up a legal department for a listed company, the scale of compliance became staggering. The sheer number of laws, regulations, and industry-specific requirements was overwhelming. Listed companies, in particular, contend with an expanded spectrum of legal obligations—from securities regulations to corporate governance standards—all layered on top of the usual compliance considerations.


Then came the regulator’s requirement for annual legal audits for listed companies. While the intention was sound, the implementation caught many by surprise. External counsel often handled these audits, and the first invoices left us stunned—these costs rivaled those of year-end financial audits. The industry quickly organized itself, pushing back to lobby the regulator for changes. This collaborative effort bore fruit; the timelines were adjusted, slightly easing the burden.


The New Frontier: Data Compliance Audits

Today, a wave of regulatory developments has landed on our desks, adding layers of complexity to compliance management. One recent example is the Data Protection (Conduct of Compliance Audit) Regulations, 2024, introduced by Kenya’s Office of the Data Protection Commissioner (ODPC). These regulations outline the framework for conducting data protection audits and impose accreditation and licensing requirements for auditors, adding a compliance cost burden to organizations.


However, data protection is not the only area subject to stringent audit requirements. Corporate Governance audits under the Code of Corporate Governance Practices for Issuers of Securities to the Public 2015 mandates an independent assessment of an organization's policies, systems, and practices to evaluate their effectiveness and adequacy.


Additionally, the Climate Change Act, 2016 and the Environmental (Impact Assessment and Audit) Regulations, 2003 made under the Environmental Management and Co-ordination Act introduces audit obligations for organizations to monitor their environmental impact and compliance with environmental and climate-related policies.


Also, the Digital Health Act, 2023 has proposed to introduce annual audits by the Digital Health Agency (DHA) through the Digital Health (Use of eHealth Applications & Technologies) Regulations, 2024. The DHA will schedule and conduct annual audits and checks to assess adherence to Data Quality Protocols by both the system and certified digital health solutions. The modalities and standards of audit may the the subject of other regulations.


These sector-specific audit requirements reflect a growing trend in Kenya’s regulatory landscape—targeted oversight to address distinct risks. However, the overlap in compliance obligations often leads to duplicated efforts, inefficiencies, and increased costs. For instance, an organization might face separate audits for data protection, governance, and climate compliance, despite interconnected risks and shared management systems.


These challenges underscore the need for harmonized regulatory frameworks, encouraging Kenyan regulators, such as the ODPC and others, to collaborate with industries and general counsels through their associations to streamline audit processes and minimize redundancy. By doing so, Kenya can build a more business-friendly regulatory environment while safeguarding critical legal and ethical standards.


While these regulations open new opportunities for legal and audit professionals, they also add a significant financial burden to businesses. These costs will inevitably be passed on, inflating compliance expenses at a time when organizations are already grappling with tight budgets.


But the issue runs deeper than cost. The growing siloization of compliance—where each regulation requires its own set of audits, processes, and resources—is creating inefficiencies that undermine the very purpose of compliance.


Breaking Down Compliance Silos

Many organizations are actively working to break down internal silos, particularly in risk management. The goal is to create integrated frameworks that allow for a holistic view of risk across the enterprise. However, regulatory silos are now emerging as a new challenge.


For instance, a listed company may already conduct a comprehensive legal audit, only to be required to perform a separate data and climate or environmental compliance audit. All the audits are resource-intensive, involving similar processes, yet they remain disconnected. This fragmentation not only increases costs but also diverts attention and resources from other critical areas.

Some critical questions arise:

  1. What is the cost of addressing one subset of risk at the expense of others?
  2. Will other regulators follow suit, creating more isolated compliance requirements?
  3. How do these silos fit into broader enterprise regulatory compliance strategies?
  4. What is the overall impact on the cost of doing business?


What Does a Comprehensive Compliance Program Cover?

To understand the issue fully, let’s look at the scope of a typical compliance program. A well-rounded compliance framework should cover multiple areas, including:

  • Corporate Governance: Adherence to laws and practices that ensure transparency, accountability, and ethical management.
  • Data Protection and Privacy: Compliance with laws such as the Data Protection Act, GDPR, and sector-specific regulations.
  • Labor Laws and Employment Standards: Ensuring fair practices, adherence to health and safety standards, and compliance with labor laws.
  • Environmental Regulations: Meeting requirements around sustainability, emissions, and resource use.
  • Sector-Specific Laws: Industry-specific regulations, such as those governing banking, telecommunications, or healthcare.
  • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF): Measures to prevent illegal financial activities.

A fragmented approach to compliance means tackling each of these areas in isolation, often duplicating efforts and resources.


A Call for Unified Compliance Frameworks

One of the key lessons we can draw from other jurisdictions is the importance of a unified approach to compliance. The U.S. Department of Justice (DOJ), for example, evaluates compliance frameworks holistically. They assess whether a company’s compliance system is well-designed and effective as a whole, rather than focusing on individual components. This approach emphasizes integration, allowing companies to streamline processes, reduce redundancies, and focus on managing risk effectively. It’s a model that Kenya—and other jurisdictions—could learn from as we navigate increasingly complex regulatory landscapes.


How Can GCs and Industry Drive Change?

To address the challenges posed by siloed compliance, General Counsels (GCs) and the broader industry need to work together to lobby for cohesive regulatory frameworks. Here’s how:

  1. Build Collaborative Platforms: GCs can form industry-wide committees to discuss shared challenges and propose unified solutions.
  2. Engage Regulators Proactively: Rather than waiting for regulations to be imposed, the industry can engage with regulators like the ODPC early in the process to advocate for practical and cost-effective compliance measures.
  3. Leverage Industry Associations: Bodies like the Law Society of Kenya (LSK) can play a critical role in coordinating industry responses and engaging with regulators on behalf of their members.
  4. Propose Consolidated Audits: Advocate for a framework that allows overlapping audits—such as legal and data compliance audits—to be conducted simultaneously, reducing duplication and costs.


The Role of the Regulators

Regulators with distinct audit mandates can take proactive steps to ensure their requirements do not become an overwhelming compliance burden for organizations. Key recommendations include:

  1. Adopt a Risk-Based Approach - Focus regulatory efforts on areas of highest risk. For example, organizations with lower risk profiles could undergo simplified audits, reducing unnecessary compliance costs while ensuring that critical risks are adequately addressed.
  2. Encourage Industry Partnerships - Collaborate with industry groups and professional associations to co-create guidelines that are both practical and achievable. This participatory approach fosters mutual understanding and ensures that compliance frameworks are tailored to real-world operational needs.
  3. Offer Flexible Timelines - Provide businesses with sufficient time to adapt to new regulations. Phased implementation timelines allow organizations to integrate compliance measures seamlessly into their operations without disrupting productivity.
  4. Promote Accreditation Transparency - Ensure that accreditation processes for auditors are straightforward, the qualifying auditor field is wide and diverse with fees that are reasonable and proportionate. Transparency, diversity in these processes minimizes barriers to entry and fosters a competitive market for audit services.
  5. Support Capacity Building - Invest in training and capacity-building programs for both regulators and the regulated entities. A shared understanding of compliance requirements enhances efficiency and reduces friction in implementing new frameworks.
  6. Foster Inter-Regulatory Collaboration - Regulators with overlapping mandates should work together to align audit requirements. Developing unified or complementary audit frameworks can reduce redundancies, improve efficiency, and lower compliance costs for organizations.

By adopting these approaches, regulators can strike a balance between ensuring robust oversight and fostering a business-friendly environment that encourages compliance without stifling innovation or growth.


The Way Forward

As regulatory demands grow, businesses and regulators must collaborate to create compliance frameworks that are efficient, cost-effective, and aligned with organizational realities. Breaking down silos—both within organizations and across regulatory domains—is essential to achieving this goal. Unified compliance frameworks not only reduce costs but also help organizations focus on what truly matters: managing risks and driving sustainable growth.


It’s time to start the conversation. How can we work together to build a more cohesive approach to compliance? Share your thoughts.


---


About the Author

Margaret Odhiambo is a seasoned legal professional with over 15 years of expertise in compliance, corporate governance, and legal strategy. She excels in managing complex legal operations and aligning them with business goals, offering practical solutions that drive growth and sustainability.


---

info@mzizi-africa.com

---

The materials on this website are intended to provide a general summary of the law and do not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact or situation.

Back to blog
About Us

We are organized under the laws and bar rules of Kenya.

Nairobi Office : Maziwa Lane, Block 1, Ground Floor, P.O. Box 3336 Nairobi 00100, KENYA Tel : +254721640667

Email : info@mzizi-africa.com

RL Partners

Mombasa: Canon Towers II, Bandari Wing, 2nd Floor, Moi Avenue, P.O. Box 41742 Mombasa 80100

Eldoret: Asai Complex, 1st Floor (Next to Equity Bank), Kisumu Road, P.O. Box 1315 Kapsabet 30300

  • Maestro
  • Mastercard
  • PayPal
  • Visa
  • Discover

By using this website, you agree to our use of cookies. We use cookies to provide necessary site functionality and provide you with a great experience.