The increasing pressure on financial companies to tighten up governance and compliance has created a rapid surge in the uptake of Software as a Service (SaaS) technology solutions that quickly and effectively address this. Many JSE-listed stock-broking companies, including Kagiso Securities, Afrifocus, Cadiz Financial Services Group and Barnard Jacob Mallet (BJM), have all adopted the cloud-based email management solution, Mimecast.
The JSE Listings Requirements accommodate certain provisions of the King II code and will be amended to include the tougher codes as outlined in the King III code, which came into effect on 1 March 2010. The annual financial statement must include reporting on how the code has been applied, the extent of a company¹s compliance and reasons for non-compliance, if any. If a company fails to comply with the JSE Listings Requirements, the JSE may suspend and/ or terminate the listing of that company.
The King III report requires companies to identify and mitigate risk. It is the new gold standard for compliance and has become much more specific in terms of IT compliance. All IT systems have to be reviewed at a board level and audit committees have to oversee IT risk mitigation and controls.
The SaaS model allows companies to solve several compliance requirements related to document retention with a few keystrokes, without having to invest in additional infrastructure or professional services. The rapid change in the legal environment, however, has sent businesses scurrying for solutions, with many ending up in a quagmire of partially complete technologies.
Business continuity continues to be highlighted as a critical area where IT can assist in ensuring not only King III compliance, but also that the business is protected from the revenue loss associated with downtime.
"There are many vendors that claim they can deliver on compliance necessary for the corporate environment, but usually fall short in some area or fail to understand what being fully compliant entails. In a legal spat, being only 90% compliant can be as good as useless," says Kendal Watt, senior technical consultant at Mimecast South Africa.
In the case of Afrifocus Securities, which relies on electronic instructions for managing client accounts, the legislative and operational requirements were extraordinary. The understandable crackdown on compliance in the financial industry means that e-mails have to be archived even before they are even read.
"The industry that we are in is possibly the most complex when it comes to compliance and legislation. Most of our instructions come via e-mail and are time critical. Downtime was just not an option," explains Moosa Kotwal, IT manager at Afrifocus.
Mimecast's ironclad chain of custody of the emails that it archives and solid audit trails, together with the ability to search for and extract emails within seconds, dramatically reduces both the possibility of a dispute, and potential legal costs.
Setting up company policies and procedures to classify and store relevant information to meet requirements is a mammoth task. In many instances, South African organisations will either risk not having the data on hand or try to mitigate the risk by retaining some information for a shorter period rather than face dealing with the management nightmare of all the technology infrastructure and cost to store data properly. Under King II, gambling that you may never need records could potentially pay off. But now with King III, gambling at all is grounds for JSE sanction.
Securities brokerage, Kagiso Securities evaluated a range of products and chose Mimecast because the solution is non-invasive and solved the problems of spam, archiving, business continuity and forensic email auditing, all at the same time.
The challenges in electronic document compliance are vast and include the cost of storing millions of emails in a way that doesn¹t erode the integrity of the mail; the infrastructure to retrieve and archive the emails and the people to manage it all.
"Mimecast¹s SaaS solution has demonstrated itself to be one of those very rare things: a genuine silver bullet that solves a seemingly intractable business problem, as proven in the success of Kagiso Securities, BJM, Afrifocus and Cadiz' seamless implementation of Unified Email Management," says Watt.