RISKAFRICA Magazine 20 by COSA Media

CONTENTS 04

Africa’s Internet Resilience

Protecting your business from cyber criminals

Cybercrime. Directors’ and officers’ liability risk

Dear reader

Novare

Big Data and new connectivity in Africa

For Africa, connectivity means progress and possibility, it enables access to services, to education, to new economic frontiers and markets. Already its impact is powerful and evident.

Preparing for the future

Could Eskom turn off SA’s taps?

There will be oil

Investing in African Mining Indaba

Africa up and down the risk ladder

Getting the edge

This issue, Luka Vracar takes a look at what risks African businesses should be looking for in this area, and how businesses can protect themselves and build resilience in an era of interconnection and cyber risk. Melissa Wentzel explores international trends in liability for directors and officers in data breach cases internationally, and looks at what cover will provide protection, while Frances Bailey takes a look at what it takes for a risk management candidate to get ahead in the eyes of a recruiter.

38 News 44

But if organisations and individuals in developed, wealthy markets remain dramatically unaware and underprepared for the risks this connectivity brings, it is perhaps not surprising that on a continent with many challenges, a developing regulatory framework, and rapid change on multiple fronts, awareness and response strategies to cyber risk remain inadequate.

An African risk report

Also in this issue, while we may not have won an award ourselves, we take a look at the winners of the Global Risk Awards for which RISKAFRICA was shortlisted. It was a fabulous opportunity to meet the incredible Institute of Risk Management team in London and see the work of individual risk managers and organisations from around the world showcased at the ceremony. Enjoy the read.

Publisher Andy Mark Editor Sarah Bassett Production Nicky Mark Copy editor Gemma Gardner Feature writers Luka Vracar, Melissa Wentzel, Sarah Bassett Design and layout Herman Dorfling, Mariska Le Roux, Dave Androliakos, Davida Smith

Editorial enquiries sarah@comms.co.za Tel: +27 21 555 3577 Advertising and sales Michael Kaufmann | michaelk@comms.co.za Blake Dyason | blake@comms.co.za Dale Gardner| dale@comms.co.za Tel: +27 21 555 3577 | Fax: +27 21 555 3569

Subscription enquiries subscriptions@comms.co.za Tel: +27 21 555 3577

VAT and postage included standard postage FREE to RSA addresses only

www.riskafrica.com RISKAFRICA is published by COSA Media

Ground floor, Manhattan Tower, Esplanade Road Century City, 7441, Cape Town, South Africa Copyright THE RISKAFRICA MAGAZINE PUBLISHER CC 2015. All rights reserved. Opinions expressed in this publication are those of the authors and do not necessarily reflect those of the Publisher, Cosa Communications (Pty) Ltd, COSA Media, and or THE RISKAFRICA MAGAZINE PUBLISHER CC. The mention of specific products in articles or advertisements does not imply that they are endorsed or recommended by this journal or its publishers in preference to others of a similar nature, which are not mentioned or advertised. While every effort is made to ensure accuracy of editorial content, the publishers do not accept responsibility for omissions, errors or any consequences that may arise therefrom. Reliance on any information contained in this publication is at your own risk. The publishers make no representations or warranties, express or implied, as to the correctness or suitability of the information contained and/or the products advertised in this publication. The publishers shall not be liable for any damages or loss, howsoever arising, incurred by readers of this publication or any other person/s. The publishers disclaim all responsibility and liability for any damages, including pure economic loss and any consequential damages, resulting from the use of any service or product advertised in this publication. Readers of this publication indemnify and hold harmless the publishers of this magazine, its officers, employees and servants for any demand, action, application or other proceedings made by any third party and arising out of or in connection with the use of any services and/or products or the reliance of any information contained in this publication. Cover image: Shutterstock.com

AFRIC A’S

INTER RESILI NET ENCE By Lu ka

Vrac

Nobuhle Nkosi, AGCS

Jonas Thulin, Fortinet

Johannes Gschossmann, AGCS

ecent high-profile hacks into Apple, Sony, eBay, and retail giant Target, caused millions of dollars in losses, business interruption and reputational damage. But does African business have the tools to stand up to the evolving risks of cybercrime? In January the Economic and Financial Crimes Commission of Nigeria said that the increasing rate of cybercrime is a cause for alarm. Shortly afterwards, Tunisia arrested six suspects implicated in hacking government sites in December. The Ivorian Government even set up a special forensic police unit, the Platforme de Lutte Contre la Cyberriminalite to deal with cyber threats.

Cybe ra last y ttacks on ea m awar r resulted ajor glob a enes s sur in signific l corpora r tion antl oun threa ts ag ding the y increas s e ainst d busin anger of d IT esses .

This should not come a surprise; Africa’s Internet capacity is increasing rapidly, prices are falling, and rich emerging business make it an attractive target. This is according to Jonas Thulin, security consultant at Fortinet. The attacks on African business have not been minor either. The South African Post Office lost R42 million when it was hacked last year. The task force set up in the Ivory Coast was as a result of some $26 million that the nation was robbed of since the police unit began keeping records five years ago. “It is always a mistake to assume that just because we are a developing region, that the rest of the world is far ahead of us. Looking at South Africa, and to a greater extent Southern Africa, businesses are worried about the same cyber risks that we are worried about, the same thing they worry about in the US and in Europe,” says Thulin. To put the increased risk into perspective, Thulin says that Africa chose to ‘ignore’ the Internet because it was very limited in its accessibility when it rolled out. Bandwidth was very expensive, slow, and unreliable. For example, a few years ago, African business would have never had to worry about DDoS attacks (large-scale attacks with multiple compromising systems targeting one network or system) because lines running into Africa would not be able to carry the load of the data. >

“The last two years have seen a massive increase in DDoS attacks. The attacks are either volumetric, which are coming from the wider Internet and can take out whole service providers in something like 20-30 gig attacks, or at micro level against servers and services in what we call behavioural attacks. One of these was the highly publicised attack last year on the ANC. We would not have expected these attacks five years ago. It would not happen,” says Thulin.

more than 26 per cent for Africa and more than 42 per cent for the rest of the world. It shows how the threat of cyber risk can rise through the sector. Africa is catching up to the rest of the world, and more users simply mean more threats.

According to Johannes Gschossmann of AGCS, the intensity that African countries are targeted might be different to the US and Europe, as those regions remain prime targets. However, the motive of cyber attacks remains the same: economic fraud, theft of confidential information and even denial of service attacks. All of these are threats across the globe.

“South Africa is sometimes used to, from a cyber perspective, access the rest of Africa. Take phishing for example; the e-mail will come from a very well-known accredited South African company that people are more prone to buy into, as opposed to companies in other parts of Africa that might raise suspicion,” adds Nobuhle Nkosi of AGCS.

“We are also seeing Africa becoming a hotspot of cyber activity if you look at the countries hosting phishing sites, for example, South Africa has recently come on the landscape. So whereas in the past, Eastern European countries such as Ukraine or Russia, as well as Latin America, were the major predators, now South Africa is also in the top ten,” says Gschossmann.

African Internet Internet usage in penetration has significantly increased says Gschossmann. In 2011, Africa had a penetration rate of roughly 13 per cent, whereas the rest of the world had more than 35 per cent. These numbers have changed to

Consumer access to the Internet in the rest of the world is mainly driven by connecting people using copper and fibre cables, whereas in Africa this was not possible and the infrastructure was not put down. Very few communities followed that path. Thulin argues that this slow rollout of affordable and reliable Internet in Africa has even led to certain aspects leapfrogging the rest of the world, adding to the significant rate of increase of users in Africa. “What is happening in Africa now is that everyone wants the Internet, so everyone

is getting a smart phone. Even affordable mobile contracts come with feature phones or smartphones. This means that LTE networks and Wi-Fi data is leapfrogging, and you do not have this legacy of copper and fibre in the ground. You look at companies like Smile Telecoms that has a LTE network, yet they only use their LTE network for data,” says Thulin.

African mobile Africa is bringing users onto the Internet at a rapid pace, but, for Thulin, this also poses one of the biggest risks from an Internet perspective. While Internet penetration is on the rise, most of these new users are experiencing the Internet for the first time on a mobile device and are, therefore, not ‘Internet smart’.

2843 SSP Risk Africa Ads.pdf

Mobile devices are also easier targets for cybercriminals. Gschossmann highlights the common scenario where employees have smartphones or tablets that can be hacked and then be used as an access point to the company and its confidential information. This is most common because the networks that mobile devices are run on (such as public Wi-Fi) are not as secure as a company’s network, and attackers can get better access through these channels. However, this is not native to Africa. “It holds for Africa, but it holds globally as well. The operating systems on mobile devices and the Wi-Fi channels that they run on are easy targets, which is a concern. New mobile devices have more processing power, so they are almost replacing PCs in the sense that people are not using them just for calls and text but to store information and do business,” says Gschossmann. Mobile is certainly a big driver, and the new workforce is the strength of Africa. However, Thulin emphasises that the new workforce comes in with a different background, a different culture, and a different notion of IT. He warns that businesses need to be careful of assuming that the way people used to be trained is going to work, and that the way IT is being used is changing and businesses need to adapt to ensure that employees are not putting the business at risk.

African risks “In terms of industry, it is very opportunistic, but at the same time there are specific industries that are targeted. One of them is the financial services industry, because of the money element and the electronic transfer of funds. We also see other industries that hold a lot of personal information that could be under threat. For example, retailers, government, or the healthcare industry, those are normally the types of industry that are susceptible to cybercrime,” says Nkosi. Gschossmann adds that depending on the industry, the kind of cyber attack a business might be subject to can differ. In the finance industry, a cybercriminal might try to intrude the server to get access to banking details. Additionally there is credit card skimming, or phishing through emails. “Whereas if you look at the retail industry, large grocery stores or chain stores, it could be a point of sale attack, in that the

machines where you swipe your credit card can also be attacked. The hosting server of those machines is attacked to withdraw the encrypted data, which for very small amounts of time is not encrypted if the software is not up to date,” says Gschossmann.

2014/11/05

Is legacy technology holding you back?

While the majority of cyber-related risks is orientated around a financial motive, i.e. getting information that can easily be converted to cash, espionage is another area on the rise. Gschossmann points out that the mining industry is a good example where this might occur. The mining industry is, according to the Norton Cybercrime Report 2014, the industry most at risk from cyber threats.

Enhance and evolve with SSP...

“Other areas include phishing, especially spear phishing, when attackers try to lure users to click on a link and give over their personal or banking information. Spear phishing is a newer component wherein you are made to think that you know the person (or superior) telling you to click on the link and fill out your information. This is something very common in Africa,” says Gschossmann.

African resilience For Thulin, Africa is up-to-date with C international trends: “Companies tend to buy first-world technology. It is not like M we are not in a first world country and, therefore, buy something a little bit older. Y You see that in other industries, where we CM get hand-me-down technology, but you do not see that in IT. In IT, the solutions and MY technology that passed last year, passed CY everywhere in the world.”

Legacy transformation means applying the right insurance technology solution at

CMY

“In Mauritius they are seriously impressing with their investment in technology, from a government perspective. For example, they are giving tablets to all the students in all the schools in the country, and they are rolling out Internet in all the schools with open Wi-Fi, really pushing the envelope. Try finding a school in Europe with free tablets and free Wi-Fi,” he adds.

the right time, so you can respond to the changing industry demands and continue to adopt new strategies to ensure your

success.

Future-proof your business by making the right technology decisions.

AGCS is currently working on its first cybercrime policy in South Africa, which is to be launched in May 2015. The policy will mitigate cyber risks in two areas: one is the third party liability aspect that covers the loss of business income, and the other is the first party liability which covers the loss of data and subsequent expenses.

Get the SSP ‘enhance and evolve’ strategy. Call +27(0) 11 384 8600 email info.za@ssp-worldwide.co.za or visit www.ssp-worldwide.com/Africa

“To us, one of the key mitigating factors is the need for top management awareness of the topic and support to looking into cyber security, anything that follows from that will help the businesses security. Have an emergency response plan and test it every now and then. It is important to define the roles and responsibility in monitoring cyber and defending the company against it, to give it a distinct form of structure in the company. There must be a proactive approach to cyber,” says Gschossmann.

2843 TheCheeseHasMoved

“If you ask most people where they started using the Internet for the first time, chances are it was in a corporate setting: they got their first job, got their computer and they were brought onto the Internet. With that computer was some IT training, security policies, and someone told them it was important to have antivirus and a complex password to protect yourself. The first-time user on a smartphone is not getting that,” says Thulin.

Protecting your business from cyber criminals By Luka Vracar

According to Symantec’s Internet security report for 2014, 84 per cent of South African adults were victims of some form of cyber crime last year, rating it third in the world for malware. With the move to Internet applications, are financial services targeted? And with such increasing cyber risks, how can businesses protect themselves?

the black market in marijuana, cocaine and heroin combined. To put that into perspective, if cyber crime was a nation it would have the 27th biggest GDP in the world. In South Africa alone, cyber crime took in R5.7 billion in 2014.

According Symantec’s report, last year cyber crime was valued at $388 billion, bigger than

The point of somebody hacking you is essentially twofold, either for direct financial gain, or to impersonate you. Candice Sutherland, business development consultant

yber crime is any criminal activity involving computers and networks: theft, disruption, fraud and forgery of secured or unsecured data. This often results in direct theft of funds through fraud or extortion. And cyber crime is quickly becoming one of the greatest threats to business.

at Stalker Hutchison Admiral (SHA), notes that very seldom would cybercriminals actively try and steal your intellectual property. In particular, financial services are becoming desirable targets. “The risk to the financial industry over the last five years has risen considerably as financially motivated hackers look for new ways to illegally access funds. The adoption of Internet-based commerce systems, while

easy to use and convenient for customers and suppliers, could provide criminals with an opportunity to access both money and information,” says Roxanne Moodley, professional liability and cyber lead Africa at AIG. Moodley explains that there are three main incidence patterns responsible for security breaches in financial services:

Web app attacks – where an attacker uses stolen details or accesses information through e-commerce platforms.

credit or debit card at a point of sale but can include sophisticated attacks at ATM’s with user’s details being transmitted wirelessly.

Denial of service (DoS) – these attacks flood the company’s systems with malicious traffic resulting in lost production and a halt to business as usual.

However, cyber crime is largely opportunistic. Symantec’s security report indicated that 80 per cent of adults in emerging markets have been victims of cyber crime across all industries. In South Africa, both Cell C and Vodacom have had their clients’ data

Card skimming – this is not limited to capturing information from a customer’s

exposed, everything from banking details to call registers, PIN and PUK numbers. The City of Johannesburg’s online e-statements site was hacked, and residents and businesses had their personal details publicised. Cyber criminals managed to withdraw over R30 million from some 5 437 ATMs, in just three days. Other victims included Timbavati Nature Reserve, the ANC government, and the Gautrain. “Clients say to us all the time: ‘Well I am a small broker, no one is going to attack me,’ or, ‘I am a small landscaper, it will never happen to me.’ But the risk is so much greater to them than it is to a large corporation. The reason being is that massive corporations in South Africa have really sophisticated IT infrastructures, whereas the SMEs put entire client lists on Dropbox. So it is so much easier to get into those kinds of organisations than it is to get into Investec, or ABSA, or Standard Bank,” says Sutherland.

Regulation The Protection of Personal Information (POPI) Act gives effect to the constitutional right of privacy and protects all personal information. Businesses will have even more incentive to protect their (and their clients’) information, as the Act will enforce strict repercussions for custodians of breached information. Under POPI, custodians can face a R10 million fine, or 10 years in prison. However, even in regulation there are issues. “The problem with South Africa is that we have POPI but, since there is no information regulator, it theoretically does not exist. We have the Electronic Communication and Transaction Act, which states that if you are found guilty of a cybercrime offence you may face no longer than five years in prison, so a company owner would face a worse crime under POPI than the person who stole the data in the first place. So there is this disconnect,” says Sutherland. “We have no sort of legislation or task-team actually doing anything about cyber crime. The police are working on something, but nothing is happening now. So if somebody hacks into your system, impersonates you, or steals your data, if you can not find that person, what happens? Absolutely nothing. That is the fundamental issue,” she adds.

Cyber insurance Businesses can take out insurance. And they should, as even without fines a data breach can, and probably would, be very costly. More and more underwriters are offering first party and third party cover. “First party expenses are things like restoring your data and recollecting your data. It would also include any sort of loss adjustor or forensic auditor – essentially any cost that affects you as a first party,” says Sutherland. The cover also covers notification expenses, which are incurred to comply with privacy legislation such as legal expenses and

communication expenses through mail, call centres, and websites. Additionally, one of the biggest damages done to a company that has had a cyber attack is reputational damage. Insurance covers crisis management expenses, which includes public relations and advertising expenses. For example, if a company has 10 000 clients and there is a breach, for whatever reason, perhaps an MD’s laptop is stolen from their car, or an employee loses their smartphone on the Gautrain, it would be classified according to POPI as a breach of the client’s personal information. The company will have to notify every client, every staff member, and every person that the company has done business with and inform them that potentially their information has been breached. “We would set up credit monitoring for each person, and for that it is an average of about R200 per person. So multiply that by 10 000 clients and you are looking at R2 million just in notifying people what has happened and what is being done about it,” says Sutherland. Insurance would also cover any fines or penalties to the extent insurable by law. According to POPI, if you are the custodian of somebody’s information, you are directly responsible if that information is leaked through whatever fault. “The point of having a fine is so that you do not let the breach happen again. In terms of the POPI fines, we can’t say right now what the portion of that fine we would be able to cover because an information regulator has not been appointed, and no one knows when POPI is actually going to start,” says Sutherland.

Security evaluation To minimise the risk of cyber crime, businesses should be advised to consider having a security evaluation prior to taking out cyber liability cover. Usually, a broker will see a client and the business owner would have to answer a technical form with questions such as; How often do you update your passwords? Is your antivirus up to date? Have there been any attacks? Do you do cloud storage?

“We will evaluate the answers and say what we are not happy with and give advice before offering a quote. Once the client accepts the cover, then we have an Incident Response Team that we set up. So the most critical point is in the event of a breach, which would invariably happen between a Friday 6pm to a Saturday morning 10am, when people are generally not in the office, what do you do? We will deploy that whole team of forensic auditors, legal specialists, PR people – the whole operation,” says Sutherland. Businesses can even try and hack themselves. With a security penetration test, an IT professional can be contracted by the insurer to exploit a business’s weaknesses. However, this too can be very expensive as the final report is very comprehensive and analyses all aspects of a company’s IT. “We have four JSE listed companies that we have offered [the penetration test] to, but we also have a lot of small companies where their premiums are R8 000 a year, and for us to pay R60 000 to do a penetration test does not make business sense. If the client wants it, depending on their premiums, we would either cover it, or the client would take on the cost themselves,” explains Sutherland.

Beware the cloud Storing information on a data cloud has become common practice, whether it be personal photos on an Apple account, databases on Dropbox, or even banking details on Google Drive. However, cloud storage

poses risks, as illustrated last year when Hollywood celebrities had their Apple iCloud accounts hacked, and personal photographs released on public forums, and hacking is still only part of the cloud problem. “People essentially seeing information or getting information that they are not entitled to is obviously one of the biggest problems, probably the biggest one. But there are also problems of what guarantees you have that it is still going to be there tomorrow? That is another security problem. Additionally, there are corruption issues,” says IT veteran and CEO of NuoDB, Barry Morris. Cloud storage, according to Morris, is just a fancy way of describing remote computer storage. Morris points out, as in this case, that there is a person there looking after those machines – a systems administrator. He asks the pertinent questions: Who is that person? What is their background? Do they have a criminal record? Data, essentially, needs to be safe even in a potentially hostile environment. “There are also issues of access by third parties that is in fact legal access, but still not desired, like the NSA, for example. If you put your pictures on Facebook, chances are they can access them,” says Morris. As of right now, financial services institutions won’t go anywhere near the public cloud says Morris. They would

rather build a cloud of their own behind their own firewall. However, this is likely to change, as more and more services are cloud based. “Financial services will have to change their positions, but there will always be certain stuff they keep internally. But trust is going to build, and it’s going to build because economically it has to. You’re going get security that is going to get better, and operations will get safer and easier. Right now, if you go and put things on the Amazon cloud, you better first read what they say because they don’t give you any guarantees. None,” says Morris. The key to cloud security is encryption. Yet, even with this Morris points out that there is one major problem. Encryption can only work as long as the information owner is the only one with the password/key. Again this becomes a trust problem because there are administrators in play. Morris considers the cloud to be safe only with layered encryption, comprehensive policies as well as strong firewalls – a layered approach to security. “You want to have mechanisms where, if somebody does compromise the data on the cloud, that you can quickly delete it so that they can not continue to get value out of it, which requires you to have other copies encrypted in other ways in other places,” says Morris.

Human error “You must have standard IT policies, and you must have the tools to train your employees to follow them, and for them to understand them, you must understand them first. That is one of the big risks to security right now that the corporates do not get,” says Jonas Thulin, security consultant at Fortinet. “You have to have an information security strategy and you have to have your policies. I go to companies, and they indicated that they need a firewall, and a web filter, and an IPS, but they do not really know why they need it, they are just doing what their peers are doing. That is the kind of the attitude,” says Thulin.

Human error is a significant driver of cyber risk. Sutherland reports that over the past year, over 7 000 mobile devices were left at just airports, and since 38 per cent of users do not have an auto lock on their devices their data, be it personal or business, is available to anyone who bothers to look. Cyber criminals can easily exploit this, and it will lead to a data breach. As most employees use their mobile devices for personal and business reasons, this is a cause for concern. “The public’s mentality is a problem. I’ll say to people, “Do you have antivirus on your laptop?” And they always say, “Yes, of course.” I’ll ask them if they have antivirus or an auto lock on their cell phones and they will most likely say no, but if I pick up your cellphone or your iPad, and your Facebook logs in automatically, and your Gmail logs in automatically, I have access to your entire life,” says Sutherland. A threat especially common to Africa is phishing, when victims are tricked into sending personal information to a seemingly sincere email. This should be easily avoided by education through security policies. Employees should be made aware that they probably did not win the UK lottery, and to click on an email that says they did is to invite viruses into the system. “What is the easiest way for me to get your password? Asking you for it. Social engineering is used nine out of 10 times, that is the number one tool a hacker would go to. That is why people are your biggest risk,” says Thulin. Sutherland says that business owners and employees need to be reminded of the simplest things regarding security: “Don’t have your husband, or wife’s, or child’s name, or your birth date as your password. Have a complicated password. Don’t log onto unsecured networks. Don’t do your banking on the free Wi-Fi at McDonalds.”

AIG’s advice to protect from cyber criminals • Conduct a thorough inventory of your data collection and data storage protocols: - What kind of data do you have? - How is it being protected? - What is the threat relative to your industry? • Know who has access to your data and restrict remote access. • Ensure strong passwords are used and controlled. • Always use and update your anti-virus. • Keep accurate logs of access and use of your systems. • Safely dispose of old computers and personal/company information. • Build cyber threats into your company’s business continuity plans.

C bercrime Directors’ and officers’ liability risk By Melissa Wentzel

number of major companies including Sony, SnapChat, JP Morgan, and Target, have made headlines in the past year or two after falling victim to significant data breaches with lawsuits ensuing – some of which were aimed specifically at directors and officers of companies for negligence.

party illegally accessing that information. According to Sutherland, it is far more lucrative to steal online rather than on the street and she warns that these sophisticated syndicates are fast becoming the preferred form of attack.

With the introduction of the Protection of Personal Information Act (POPI) set to increase liability in South Africa, RISKFRICA asks how directors and officers of companies can mitigate their personal liability in the face of escalating cybercrime.

At the moment, the actual economic impact of cybercrime in South Africa is hard to determine effectively, with an accurate picture only being possible once the (POPI), which was written into law in November 2013, fully comes into play. Organisations will then be compelled to disclose when a breach occurs.

Every second that goes by, 12 people fall victim to cybercrime globally. That’s more than a million people every day – twice the number of babies born daily, according to a 2013 report on cybercrime by Norton Security. Candice Sutherland, business consultant at SHA Underwriters, reports that South Africa is emerging as a cybercrime capital, currently ranked third in the world for computer virus and malware attacks. “Last year saw R5.8 billion (0.14 per cent of our GDP) lost to cybercrime, and we anticipate that figure will grow exponentially in 2015,” she says. A data breach occurs when sensitive information acquired and stored by a company is made vulnerable by a third

Personal information

“Organisations are not regulated to disclose attacks and hacks, so it is very difficult to accurately estimate the impact of breaches in SA. There needs to be a regulator with teeth, and it will be up to POPI for companies to disclose when they have been breached,” says McAfee’s Trevor Coetzee. JP Morgan, one of the biggest banks in the US, experienced a massive month-long computer hack in July 2013 that affected the accounts of 76 million households and seven million small businesses before it was discovered in August that same year. Anton Meyer, executive head of SHA, says that the introduction of POPI creates

a highly complex scenario for directors and officers with regard to their personal exposure. “By creating various legislation, such as POPI, the regulator creates potential liability and the regulator is allowed to investigate and enforce these guidelines,” he says. In the US, some lawsuits have targeted the companies’ directors and officers for failing to take appropriate steps to protect information. POPI demands that companies identify personal information and take reasonable measures to protect that information in an effort to reduce the risk of data breaches and the associated reputation and legal consequences for the company.

The price of negligence Philip Hobson, the financial lines manager for Africa at AIG, says that claims against directors and officers could emanate from any situation where the company incurs a loss that impacts a stakeholder. “The potential aggrieved stakeholders could, in certain circumstances, institute an allegation of negligence against the directors,” says Hobson, adding that the POPI Act is another set of legislative requirements in which failure to carry out the requirements specified could result in losses for which the company, and ultimately the directors, are held personally liable.

Meyer explains that for a director to be accused of liability, a data subject must have a claim for damages and the data subject can request that the regulator sue for damages on their behalf which opens a door to a possible class action law suit. “When you start drilling down into this specific act (POPI) there are very few defences, a simple damages claim can result in legal action and hefty fines,” he adds. Non-compliance with POPI could expose the liable party to a fine of up to R10 million and, or alternatively, imprisonment of up to 10 years.

“A breach can financially cripple any company,” says Sutherland, adding that there are numerous costs associated with a breach: • the actual costs to restore, re-collect, or replace data • the cost of specialists, investigators, forensic auditors or loss adjusters; • loss of business income; • the cost of notifying the relevant stakeholders • crisis management expenses (PR, advertising, and other communication expenses)

• regulatory fines and penalties • damage to the organisation’s reputation Meyer emphasises the importance of realising that nothing happens in isolation and D&O liability claims are often consequential. “A data breach or a violation of the POPI Act for instance, can result in a liability claim against a director by a shareholder and can even lead to the liquidation of the company. >

Are directors and officers covered? Hobson explains that D&O insurance cover is extremely broad and covers most exposures related to the director or officer except in the case of fraud. “If the claim is made against the director and/or officer and the claim alleges that there was negligence on the part of the director or officer that resulted in a data breach, it should be covered,” he says. Meyer adds that the D&O policy will cover the legal costs to defend a director or an officer where allegations are made concerning negligence in their responsibility to protect data. “If there is a criminal investigation the cost will be covered but if

someone is found guilty the money must be returned,” he adds. “In short, D&O protects against damages to a data subject and covers the legal costs in so far as the directors or officers acted within their capacity as a professional.”

Prevention. Still better than cure. Hobson says that it’s important that companies ensure they follow the provisions of the POPI Act, that they implement a robust risk management programme which would, amongst other things, mitigate a data breach. He advises that the insured parties also scrutinise the cover of their D&O insurance

policy to determine whether they are adequately covered. “In other words, they need to ensure there are no exclusions that could jeopardise cover,” he says, cautioning that while this will reduce the risk of a D&O claim it may not remove the risk completely. For companies to comply with POPI, they need to take reasonable measures to improve the reliability of organisational databases including, but not limited to, the following: • Identify personal information. • Capture only the minimum required data. • Ensure that data captured is accurate. • Remove data that is no longer needed.

• Immediately notify the relevant. stakeholders of a breach. Meyer advises that directors familiarise themselves with the legislation and ensure that they’ve crossed all the ’t’s and dotted the ‘i’s. “Companies must comply with legislation within the parameters of the Act and insure that they appoint an information officer whose sole responsibility is ensuring compliance with the act.” “It is imperative that an incident response plan is in place so one can deploy the necessary specialists to contain the breach as quickly as possible. A cyber insurance policy will provide insurance in the event of a network security and/or data privacy breach as well as manage the entire incident response process,” says Sutherland.

All necessary measures “The upcoming POPI legislation is potentially extremely scary for South African Businesses and that means every business that keeps people’s information. So insurance is going to be a very important risk management tool for companies,” said Gerald Sutherland at the first in the 2015 series of Insurance Bootcamp seminars hosted by RISKSA in Cape Town last month with the focus on cyber liability. Good D&O insurance is vital, but according to Toby Merril, senior vice-president of ACE Group’s Global Cyber Risk Practice, directors need to thoroughly understand their cover and suggests answering the following questions: • What exactly is covered by your insurance and what is excluded? Does the product cover or exclude data breaches? • What are the policy limits and are they appropriate for your risk profile? • What type of event would trigger cover and what are the reporting protocols? • Are derivative shareholder actions covered? • In the event of a regulatory investigation, how broad is the cover?

•

CASE STUDY:

An easy target

Last year, Target experienced a data breach that resulted in the theft of 40 million payment cards. They are currently facing five million USD in damages in three class action lawsuits claiming that Target was negligent in its failure to implement and maintain security systems that were reasonable and appropriate to the nature of the information compromised in the breach. The lawsuits allege that Target knew, or at least should have known, about the security risks of dealing with sensitive personal information and that customers were not notified fast enough after they discovered the security issue. The Target breach is currently the secondlargest in US history, surpassed by a case involving the TJX retail chain in 2005.

CASE STUDY:

Snapchat

Snapchat experienced a data breach early in January 2014, and the usernames and partial phone numbers of 4.6 million subscribers were compromised. Snapchat, a photo and video-sharing chat app, already found themselves in hot water with the Federal Trade Commission last year after EPIC (Electronic Privacy Information Center) filed a complaint against the company regarding the allegedly deceptive claim that photos shared in the app would disappear forever after a set period of time. This claim was exploited by the hackers, because the company had already been made aware of the flaw by security researchers. It was predominantly California and New York Snapchat account holders whose information was leaked, accounting for an estimated 2.3 million accounts.

Source: lawyersandsettlements.com

Snapchat users were advised to change their passwords and usernames on other accounts and also encouraged to join a lawsuit. Many of the claims accuse the company of negligence in its security practices that led to personal information being leaked.

CASE STUDY:

Zappos

The Las Vegas-based clothing retailer and subsidiary of Amazon, Zappos, reached a settlement in a data breach class action filed by nine states. The company, regarding the hacking that was made public in 2012, announced a no-fault assurance of voluntary compliance settlement. The breach affected the personal information of 24 million customers after hackers accessed the company’s computer servers in Kentucky. The names, e-mail, billing and shipping addresses, phone numbers, credit card numbers, and scrambled passwords were exposed. Under the terms of the settlement, Zappos will pay 106 000 USD to the attorneys general of Massachusetts, Arizona, Connecticut, Maryland, Florida, Kentucky, North Carolina, Ohio, and Pennsylvania, who will then determine the distribution of the money to the respective states which may be used to cover the costs of the enforcement action, fund consumer privacy efforts or any other purpose. The company also agreed to improve their data security measures, and to implement new oversight and reporting requirements.

Source: lawyersandsettlements.com Source: bigclassaction.com

CASE STUDY:

Anthem

Anthem CEO, Joseph R. Swedish, announced in February that a sophisticated external cyber attack resulted in the theft of names, birth dates, medical identification and social security numbers, contact details, employment information, and even data pertaining to income. Eighty million customers and employees were affected in the attack. Anthem had allegedly only encrypted information in transit and not the information that was stored on its servers, where the attack took place.

There have already been several lawsuits seeking class certification filed that name Anthem, the second biggest health insurer in the US, as a defendant. Among the charges are ‘unfair business practice’, and ‘breach of covenant of good faith and fair dealing’. There is currently no proof that the stolen data has been sold, but the information would fetch up to 20 USD per record, substantially more than credit card information which can be cancelled and changed. Source: businessinsurance.

Passage to Africa: the case for private equity Within emerging markets, Africa has long been considered the frontier – a risky realm, poised for growth and ripe with opportunity, but not mature enough for institutional investors to consider seriously. But the surging growth of recent years has made these markets hard to ignore, and the investment mechanism gaining ground for accessing these markets is less traditional too.

By Sarah Bassett

istorically, for institutional investors, the options for investment have rested outside the realm of private equity, focused instead on lowrisk equities and bond markets. But these approaches are less possible in the context of Africa’s immature, but rapidly growing markets. “If the investment mandate is outside of South Africa, then the options are very limited,” notes Pieter de Wet, head of research at fund manager, Novare. “Excluding South Africa, the continent’s stock exchanges remain small and illiquid.” “A further challenge is that large funds, even at only 5 per cent mandated African exposure, are too large to invest in these small exchanges. At that scale, their buy-in would change the market itself,” he explains. Further complications include currency exposure, as no hedging instruments exist to offset the risks of investing in local currency. The second traditional investment category is listed bonds, the less sexy cousin to listed equities. “Though the bond market is talked about less, bonds are a major source of capital for Africa, because it is the vehicle governments are able to participate in. Even so, African bond markets remain difficult to access for the institutional investor as poor ratings render them high risk and outside the ambit of most of these funds,” De Wet explains. “Outside

of South Africa, there is only one African bond market whose issues are constituents of the JP Morgan Bond Index – Nigeria. Effectively this means that it is rather difficult for a global institutional player without a high level of risk tolerance to invest into any other markets. And the overall size of the Nigerian market still remains small relative to its South African peers.” The case for private equity This leaves a third option for accessing the African growth story – private equity. And though this has traditionally been thought too risky an area for the institutional investor, there is significant opportunity. The African private equity space, which has developed considerably in recent years both in scale and quality of transactions, is now gaining momentum for both local and international investors alike. “The third option is then to go into the private space, investing in unlisted companies. This is where every capital market begins,” notes De Wet. Because these markets are immature, the majority of African enterprises are private and historically did not have the option to raise capital or exit via the public markets. Private equity, therefore, provides the best mechanism through which to access the most compelling investment opportunities.

Indeed, according to the 2014 Ernst & Young Private Equity Roundup Africa, private equity fund-raising for Africa increased by 136 per cent in 2013 to US$3.3 billion, up from US$1.4 billion a year earlier, with South Africa receiving just 20 per cent of overall private equity investment during this period. The investment case is clear. Sub-Saharan Africa is home to 10 of the 20 fastest growing economies in the world. It is home to a rapidly burgeoning middle class, with fast-increasing spending power. Simultaneously, improved governance coupled with a more transparent and investment-friendly business climate are driving greater investor confidence. It is the rise of the African consumer which is truly at the heart of this dramatic economic turnaround, driven by factors both demographic and developmental. While resources are still often considered the backbone of Africa’s economies, only 24 per cent of GDP growth in the last decade was from natural resources, according to McKinsey & Company. Its 2010 report Lions on the Move: the progress and potential of African economies shows that between 2000 and 2010, the vast majority of growth was driven by consumer spending, manufacturing and service industries. Three key factors underpin this exciting shift.

Young population

City slickers and rising incomes

While developed market populations are ageing at pace, Africa has the youngest population in the world, with over 200 million people between ages 15 and 24.

Urbanisation has seen the urban population of sub-Saharan Africa increase by 102 per cent between 1990 and 2009, according to the United Nations, with 42 per cent of the population currently living in cities. This figure is increasing by a further 2 per cent every two years. “This presents a massive opportunity. As an international investor, you are now able to access millions of people in cities, creating enormous opportunities and demand. A mall in Lagos, for instance, can reach a market of 18 million people,” notes De Wet.

Africa has over 500 million working age people (age 15 to 64) and this number is expected to double by 2040, according to the African Development Bank, making it the largest in the world, surpassing both India and China. “This is the most promising development for African growth,” says De Wet. “If you look at the top 10 ‘oldest’ nations (which have the largest populations over 65 as a percentage of total population), eight are in Europe and Japan is the oldest of all globally. In the past, Europe and the US – and since the 80’s, Asia – have been the machines of productivity globally. But these age profiles mean that they cannot continue to do so. In Africa, the median age is 18.5. While other populations age, including China with its one family-one-child policy of previous decades, sub-Saharan Africa is seeing a bulge of largely young, working people. Historically, Africa’s populations weren’t able to participate in the global economy due to political and developmental challenges, but this is changing – and the future of the global productive and earning population will be Africa.”

While the majority of sub-Saharan African consumers are currently in lower-income groups, many will move up into more affluent segments as they urbanise and their incomes increase. Such movement will create attractive opportunities for consumer-facing companies. The continent now has the world’s fastest growing middle class. By 2060, the African middle class will constitute more than 1.1 billion people, notes the 2013 Novare Africa Fund Manager Survey. Private consumption in Africa is already higher than in India or Russia; it rose by $568 billion from 2000 to 2010, according to McKinsey & Company. By 2020, consumer-facing industries are expected to grow a further $410 billion, representing the continent’s largest business opportunity.

Technology The third key ingredient is the rise and power of technology, with the leapfrogging effect of mobile technology seeing an estimated 52 per cent of urban Africa having Internet access, compared with 54 per cent in China. In some markets, such as Kenya, the penetration figure reaches as high as 78 per cent. Word-class innovations such as Mpesa and the evolution of mobile money transfer have opened whole new markets and distribution models. Without the baggage of historical legacy systems, Africa’s technological transformation is set to continue at pace, with huge opportunities for business to access and understand their customers better. “You’ve got a young population moving towards cities and you’ve got capital able to reach them in those cities – and this is a massive opportunity for growth. If there’s a demographic vacuum in the rest of the world, then Africa is where the focus should be if you’re taking a 10-year viewpoint,” De Wet sums up. Navigating the rapidly developing private equity market in Africa may seem a daunting task for institutional investors. However, through investment platforms providing the right mix of relationships, experience and market insights, opportunities can be accessed prudently and efficiently.

Next issue, RISKAFRICA takes a closer look at how to access the African private equity space.

Big Data and new connectivity in Africa

By Luka Vracar

The rise and cost of cybercrime clearly illustrates the value of information and the critical need for it to be tightly secured. But what if your money cannot fit inside your vault? Companies themselves are turning to data mining for the edge that this knowledge can provide. It is the time of Big Data; vast amounts of information that will be passed to millions of new devices known as the Internet of Things, and there are challenges. 18

ow much data is there? In a new report, the International Data Corporation (IDC) found that in 2013, the digital universe was made up of about 4.4 zettabytes, which is the equivalent to 4.4 trillion gigabytes. While that might sound like a lot, the report found that at the current rate of growth, by 2020, just five years from now, there will be 44 zettabytes, or 10 times more data than there was just two years ago. Data is growing exponentially. â&#x20AC;&#x153;On the scale of Internet commerce or social networks, the amount of data can be pretty large â&#x20AC;&#x201D; think of the hundreds of millions

Aggression

Access

One of the challenges is the collection of large amounts of data. How will this data be stored and transferred across a network connection without straining the system? Hutton says that rather than processing and reducing the unanalysed data to more manageable levels at the source, large amounts of data are being transferred and then stored. The benefit of this is that it allows operators to use and analyse the raw data in over-long periods of time.

Big Data is so vast that not all of it is used immediately. Hutton says that large amounts of archived data raises significant security concerns over authorisation of access. Additionally, usually there is more than one single data set, but rather multiple repositories of data that may be combined and analysed together.

A few years ago it was difficult to deliver large files via the Internet, yet today large companies are transferring terabytes of data over long distances every day. Hutton says that the sheer quantity of data is forcing upgrades of core networks and data centres. Established infrastructure just cannot handle the load.

of smartphones and end-user devices,” says Perry Hutton, Fortinet Africa regional director. “On the scale of consumer, medical, scientific, or research data, it can be gigantic, as sensors and instruments can collect vast amounts of raw data, whether from a single source (such as instrumentation of an aircraft engine during a flight) or from the projected 26 billion devices that will make up the Internet of Things (IoT),” says Hutton. The IoT concept refers to the proliferation of everyday objects and appliances that are all enabled with Internet connectivity and transmit and store data. The phenomenon, still now in its infancy, is set to radically change the quantity and quality of data creation. According to the IDC report, The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things, companies that exploit vast data sources through sophisticated analytics are five times more likely to exceed their expectations than those that chose to ignore the wealth of information Big Data brings. Hutton calls data collection a “gold rush” that will be fed increasingly by IoT, as more ‘things’ are connected to the Internet and additional networks — not just mobile phones, but various objects with internet-capable sensors, as ‘things’ get ‘Smart’.” We have already seen these kind of connections with high-end refrigerators that SMS you to pick up more milk. However, as data becomes more valuable, and new devices connect to each other, Hutton warns of challenges for networks and security.

“This also creates challenges for perimeter security, such as firewalls, as many solutions are not designed to handle such large in-flows and sessions. Local area network congestion from normal enterprise campus traffic may further saturate network appliance central processing units or memory resources, causing large flows of data processing to stall or even drop,” says Hutton. Processing The shape of the data changes with use. Hutton says that the raw data that comes in, does not necessarily go out in the same form and volume as it has been analysed and altered by the user. Hutton points out that data kept in storage is analysed typically by an intermediary set of servers, and then further reduced by web server front-ends. Hutton says that higher bandwidth is needed to carry the load of increased server to server traffic. “Many studies show that server to server traffic now accounts for up to 70 per cent of the data centre traffic, and this trend will continue to increase with the growing amount of big data analytics,” says Hutton. “Server to server traffic needs to be segmented and inspected, not just for blocking lateral movement of advanced persistent threats and insider attacks, but to secure the data itself, come of which can be sensitive if disclosed or leaked. Network security architectures need to evolve from perimeter or gateway security oriented to a multi-tiered, hybrid architecture where more east-west traffic becomes virtualised and abstracted with the adoption of server/network virtualisation and cloud computing,” explains Hutton.

“Each set of data may contain certain sensitive or confidential information, and may be subject to specific regulations or internal controls. Further, there is often not just one group of analysts or researchers, but over time many constituents seeking to gain different insights,” says Hutton. “A large pharmaceutical company provided a good example where their Big Data research efforts were open to not just internal employees, but also contractors, interns, and visiting scholars. For each of them, a separate analytics sandbox needed to be created, authorising and auditing specific entitlements to identified data sets that could be accessed and combined,” says Hutton. For Africa, the connection of things to the Internet is still hampered by connectivity challenges. As IoT and Big Data requires reliable, high-speed connectivity to operate. However, GSMA reports that machine-tomachine connectivity in Africa is already being used in the form of vehicle tracking and mobile payments. In Johannesburg, the latest project is 34 000 smart meters for City Power installed last year. The GSMA estimates that last year 52 per cent of global connections to the Internet were M2M connections, and this is expected to grow to 60 per cent by 2020. Africa has around seven million IoT connections, but fast growing Internet penetration could see this number quadruple in the next five years. Hutton recommends that, to deal with network security risks brought on by large amounts of data as well as new channels of transfer brought on by IoT, companies need to ensure their networks are able to support the high-speed transfer of large amounts of data. Additionally, a primary security system, comprising layered protection such as firewalls and anti-malware, needs to be supported with perimeters to secure the various segments of archived data internally. In the era of big brother gone high-tech, it seems even your fridge will be capable of spying on you – for businesses, it’s clear that opportunities are as vast and exciting as the risks are. For Africa, where awareness and regulation around cyber risk lags the global trend, businesses and individuals will need to play catchup to stay ahead of this rapid change.

Ayanda Dlamini

Preparing for

the future

Advanced analytics for improved customer experience management, fraud detection, and revenue assurance will have to be implemented if businesses hope to remain competitive. This is according to Ayanda Dlamini of LGR Telecommunications. RISKAFRICA spoke to Dlamini about Africa’s readiness for knowing the future. By Luka Vracar

dvanced analytics is a subset of business intelligence (BI), but it focuses on particular problems, and the hidden relationships that can be exploited to get to the underlying core of those particular problems. With data proliferation, brought on more by the Internet of Things, and the increasing number of devices connecting to the Internet, the value of information cannot be discounted. Advanced analytics is to use this wealth of data in problem management, to use the data to simulate what might happen in the future.

“People have always had traditional BI. However, BI is when companies just want to track a couple of key performance indicators, things such as company’s revenue, penetration, and losses in terms of customers. We are now moving into the space of personalisation of services.

Dlamini says that Africa can expect a growing reliance on telecommunications as new data is delivered by new connections and increased Internet penetration. The proliferation will result in a lot of data that demands to be analysed quickly, and in volumes.

If you took data, for instance, there are millions of options that one can go for. Which one is best? The customer is bombarded with several options; to stay ahead one has to discover that niche market. To do that you have to apply a little bit more logic that BI applies,” says Dlamini.

“Traditional BI cannot deal with unstructured data, things such as social media — it flows very fast, and is not delivered complete. You cannot necessarily obtain this data, and put it in a structured database to analyse. So you have to apply advanced analytics as these complexities increase,” says Dlamini.

However, advanced analytics is of absolute importance to predicting risk: “Some of the related areas to risk that we have dealt with is revenue assurance and fraud. In South Africa, for instance, there is a lot of malware that steals customers’ data, airtime and all those things, and that has a huge bearing on advanced analytics, in terms of an effort. It also has a huge bearing on the operators themselves in terms of things like reputation and customer retention.” Another example where advanced analytics could be applied, according to Dlamini, is the banking sector: “Banks have come up with a working relationship with cellular service providers wherein they will be able to use, beyond sim card validation, encryption data from the network to validate that a person connecting to the bank from a certain device using a certain sim card is actually an authorised person. This was a reaction to sim-cloning and fraud. It is one example where advanced analytics could be applied in terms of securing the banking sector.” Dlamini indicates that the growth in data will see a major growth in the telecommunication industry in the next five years. However, only for those that have packaged their offerings and improved their quality of service. “It will be those that have positioned themselves in the right segment in each and every operational space in the

customer base. To be able to do that you will need a lot of analytics into how the service is created, into how it is positioned, into how the quality is managed. It becomes a complex process to design, to identify opportunities, and maintain consumption,” says Dlamini. However, Africa is currently not utilising advanced analytics to a very large extent. Dlamini says that this is not due to lack of technology, as Africa is largely exposed to the same solutions available elsewhere, but rather the lack of affordability and skills. Most African companies barely have traditional BI, and Dlamini says that a basis of BI is needed to use advanced analytics. “What should companies do to get ready? We did not have a culture of advancement, which

we need to start fostering in terms of data storage, in terms of access security, policy and retention. The approach would be a mixture of strategies. You have to have the right capability for your particular segment management system,” says Dlamini. Dlamini says that while businesses need to explore the possibilities, advanced analytics is not something that is just made up of a developer’s report. In order to mitigate future risks, anticipating the likelihood of a problem occurring through careful analysis offers advantage. However, he warns that the advanced analytics demand aspect of statistics, and decision-making, and those capabilities need to be built.

Could Eskom turn off

SAâ&#x20AC;&#x2122;s taps? By Sarah Bassett

or the time being, the worst of the immediate power crisis appears to be over, but there are years of insecurity ahead. The country will see some relief in the pressure when the Medupi Power Station comes on line later this year – now expected in June – but Eskom’s infrastructure backlog and financial turmoil will take years to turnaround, with many of the economic and practical implications still poorly understood. Early this year it emerged that inconsistent power supply threatens the already beleaguered South African water infrastructure, with water shortages in urban centres possible as soon as this year. According to government officials, about a third of all towns are in some form of serious water distress, the Mail & Guardian reports, with one in 10 municipal water systems considered to be totally dysfunctional. In response to the challenge of inconsistent power supply, water engineers are working to manage shortages. Electricity outages at pumps that distribute raw water can leave treatment stations without water, with no clean water for the distribution pumps to move once electricity returns.

With South Africa’s power crisis far from over, it is not only the country’s lights which are at risk.

According to the 2015 World Economic Forum Global Risks Report, water crises this year rank as the number one global risk in terms of impact, coming in above nuclear weapons or global disease pandemic, emphasising the severity of the situation. “The implications of shortages of water are as severe as the shortage of electricity, as these are basic services that are essential for the operation of most businesses. Shortages and interruptions place businesses at risk as they are not able to function normally and within the usual framework of operations,” head of corporate affairs at Santam, Donald Kau, tells RISKAFRICA. “Water shortages are likely to be treated as an additional cost for business: having to make alternative arrangements for water supply will have a cost implication which will ultimately be passed onto the customer,” he continues. Food and beverages giant, Nestlé, has already felt the impact at its Harrismith, Free State factory, which experience a reported 40 interruptions to water and electricity supply in the second half of

2014, costing the company R100 million due to interruptions. The Tswane and Polokwane municipalities were also hit by load-shedding-related water shortages during the recent round of load-shedding. The Eikenhof and Palmiet pump stations in Johannesburg’s south were also crippled by power outages this year, with water outages spreading through the western and southern parts of Johannesburg as well as the metros of Ekurhuleni and Tshwane. Rand Water’s operations manager, Matsobane Masebe, told parliament’s committee on water and sanitation that it was not possible to have a back-up plan because the pump stations relied on Eskom’s supply, and when these pumps fail, reservoirs

can’t be filled. In the longer term, alternative power transmissions from independent suppliers might provide a solution, but this would take time to effect, said Masebe adding that the size of generators required to drive the magnitude of power transmission required would be expensive and would not be a feasible solution. More severe than expected Though Eskom’s woes are not brand new, the true severity of the situation was not fully revealed until December last year. “The impact is now upon us, but it is not yet fully understood, and it was not fully anticipated before Eskom came clean on exactly what their situation is and what that looks like in the medium term,” notes Geoffrey Leathem, CEO of reinsurance intermediaries, Guy Carpenter and Company. “We run the risk of a series of claims from insureds. How policies respond and how that then aggregates into reinsurance claims could be a significant loss driver, requiring remediation in the market.” How can business respond? Depending on their level of dependency on water, the impact for businesses and the level of risk they face will vary, but, says Kau, all commercial entities need to re-look at their business recovery processes as well as re-assess their risk situation.

“Businesses that use water for manufacturing or construction will be heavily impacted if this becomes a regular problem. Water shortages place a wide variety of operations and enterprises at risk such as hospitals and offices too,” he explains. “Business interruption cover is an essential provision for all businesses and can insure against the loss of profits or revenue, rental during downtime and additional costs incurred in minimising the loss of revenue. Likewise, business owners can take out cover to protect machinery against fire and water damage. If machinery breaks down, emergency repairs can be covered.” The problem goes both ways Even without Eskom’s woes, the water infrastructure of South Africa is in trouble, with the cities of both Johannesburg and Durban facing water shortages within the next four years, with DA spokesman for Johannesburg Water, councillor Ralf Bittkau, suggesting that water rationing, similar to load-shedding, will be required. Here we find the problem goes both ways because just as water supply requires consistent power supply, power supply requires water supply. Dr Anthony Turton, professor at the Centre for Environmental Management, University of the Freestate, notes that the implications of not having a reliable water supply would be ‘catastrophic’ for the economy, especially for ‘strategic water users- such as

A proactive response

According to ContinuitySA, some basic measures can provide solutions for many businesses, noting that businesses can solve the water issue relatively easily by installing their own gravity-fed tanks that act as an emergency store replenished by the municipal water supply.

“Industries that use water in their manufacturing processes or that need water to operate safely are especially at risk. However, there are also difficulties for businesses in offices and retail environments and in these cases alternative arrangements have to be made. Ultimately this will impact businesses large and small and impact on economic growth,” says Kau.

“More serious, however, extended power outages could be more than battery backups at some telecommunications sub-stations can cope with, leading to interruptions in communications. Davies cautions that the impact of load-shedding on ICT disaster recovery should also not be ignored,” the risk advisory warns.

“Unstable electrical supplies affect virtually every aspect of modern life. As recent events have shown, water supplies are no exception as the pumping stations that keep the ‘water grid’ operating rely on electricity. Thus, when assessing business continuity risks, it’s as well to understand what contingencies your water utility has in place at the pumping stations serving your area – and possibly investing in water tanks with sufficient water for several days,” adds Tracey Linnell, general manager of Advisory Services for ContinuitySA

Ultimately, where a business cannot avoid interruption, business interruption cover is an essential provision. “Business interruption cover enable all businesses to insure against the loss of profits or revenue, rental during downtime and additional costs incurred in minimising the loss of revenue.

Eskom and Sasol. Mine shafts would close and Eskom could be forced into further load-shedding, with serious implications for businesses, particularly small businesses with limited resources to carry them through.

“Water is not the only essential service that is vulnerable to load-shedding. Most companies are highly dependent on telecommunications to function, and it is clear that many substations on the mobile networks are unable to deal with prolonged or frequent power cuts. Companies need to put strategies in place to mitigate this risk as a matter of urgency,” she continues.

Likewise, business owners can take out cover to protect machinery against fire and water damage. If machinery breaks down, emergency repairs can be covered” Kau concludes. What is clear is that as a country, South Africa will face multiple service and utility provision challenges over the coming years. Businesses will have to remain alert and proactive on all these fronts without letting anyone overshadow provisions for the others, but with careful management, the impact for many is possible to minimise.

There will be oil Africa has seen enormous success in exploration for oil and natural gas over the past decade, with six of the top 10 global discoveries by size made in Africa since 2013. However, with the drop in global oil prices, companies need to rethink the oil boom, and prepare. By Luka Vracar

he price for crude oil was just below $47 per barrel at the time of writing, and brent crude was hovering at $55 per barrel, following reports that current oil reserves are said to be at their highest level in the past 80 years. This is bad news for Africa’s newfound discoveries in Tanzania, Uganda, Kenya, and Mozambique, which is still sitting on one of the largest natural gas deposits in the world. According to its recent Fit for $50 oil analysis for Africa, PricewaterhouseCoopers (PwC) has indicated that the key to surviving the ups and downs of the cyclical oil and gas market is for companies to be more agile and to learn how to adapt quickly. “Oil and gas explorers will be relooking at their budget and deciding where to allocate their limited capital spend given the substantial decline in the oil price. Overall, low oil prices could have an impact on production undermining certain players in the market,” says Chris Bredenhann, PwC Africa oil and gas advisory leader.

“Oil and gas companies now need to plan for the upturn that is sure to follow to ensure that the potential boom does not go bust,” says Bredenhann.

“Oil and gas companies now need to plan for the upturn that is sure to follow to ensure that the potential boom does not go bust,” says Bredenhann. Africa has already been dealing with the effects of long-term poverty, food shortages, HIV, and the recent and biggest outbreak of Ebola in West Africa, and the PwC analysis indicates that the drop in the oil price will have an additional and significant impact on the continent. The analysis states that there are many and diverse challenges facing oil and gas producers in Africa, and that these challenges are fuelled by regulatory uncertainty, fraud, corruption, poor infrastructure, and a lack of skilled resource. Additionally, PwC reports that Africa has one of the highest average finding costs in the world, second only to US offshore fields. There are also several technical challenges facing Africa’s prospects. The analysis notes that these include deepwater sub-salt exploration activity in West Africa, waxy oil in Uganda, and offshore exploration leases in South Africa.

Risks The Fit for $50 analysis warned that the oil and gas players in the market that are expected to be most at risk as a result of the oil price are frontier areas, host governments, major gas projects, and oilfield service companies. According to the analysis, frontier projects are expected to suffer from delayed development in the near term as they require more capital expenditure than conventional

Opportunities

production. This includes technically difficult projects such as deepwater, sub-salt, shale gas and enhanced oil recovery ventures. While oilfield service companies will be affected globally, PwC expects its African portfolios to be especially vulnerable. “While oilfield service companies will venture to cut back on spending, they will also be under extreme pressure by the oil companies to drop their prices,” says Bredenhann. Bredenhann also notes that major African gas projects are expected to be under increased scrutiny as oil-linked liquefied natural gas (LNG) prices have also dropped significantly: “While we don’t envision that the major LNG projects in Mozambique and Tanzania will be cancelled outright, costs are a major concern for investors.” The analysis encourages African governments to focus on implementing regulatory, legislative, and fiscal policies in order so that they are seen as attractive prospects when the price recovers. Additionally, challenges in logistics and the lack of appropriate infrastructure need to be addressed. PwC says that that cost pressure, in particular seismic surveying and drilling, is expected to lead to idle rigs as well as delayed and potentially cancelled projects.

While there are challenges, the PwC analysis concludes that there are still numerous opportunities for investment in the industry within Africa. It says that an example of this is onshore exploration, which, while still having its fair share of risks, remains significantly cheaper. For example, Irish oil and gas exploration company Tullow Oil has taken note of the possibilities and recently announced that it intends to drill six basin openers in onshore Kenya during 2015. Bredenhann says that aside from exploration, there could be significant potential for industry players that are strong in research and development to go ahead with development programmes without having any plans to expand on exploration drilling. So there are challenges that Africa needs to face in terms of oil price, and PwC have indicated that for companies, adaptation is key – not just for oil and gas companies, but governments as well. In doing so, there will be an opportunity for new players with strong balance sheets to enter the market on the continent, and even at a low cost. “A number of issues must, therefore, be addressed, and this can be done by starting with an organisational stress test that includes strategic, financial, operational, and commercial elements. In situations of low commodity prices, many companies respond with knee-jerk cost reduction programmes. This could be more effective if they took the time to understand what specific costs are, how they compare to peers, and what reductions are truly possible. Cost reduction programmes need to be targeted and realistic,” concludes Bredenhann.

INVESTING IN

African Mining Indaba By Sarah Bassett

The 20th Investing in African Mining Indaba drew visitors from around the world, gathering once again in South Africa’s Cape Town to discuss and engage on the continent’s largest sector – which is facing a period of tough times.

he Bloomberg Commodity Index which tracks 22 raw materials plunged 17 percent last year, its largest annual loss since the financial crisis of 2008. To a large degree, this past year has been one of a divergent US economy and a very strong US dollar against sluggish growth in China, a lagging European economy and an economic scenario, which has not gained significant traction. We begin 2015 with many significant questions,” noted Mining Indaba managing director, Jonathan Moore, in his opening comments.

The annual conference and talkshop draws around 7000 delegates to the Cape Town International Conference Centre event itself, and even more to the city for associated networking events.

A main exhibition hall displayed stalls and exhibits from over 200 product and technology suppliers, with the governments of South Africa and Australia also holding places on the floor.

Hot topics for discussion this year included a focus on remaining profitable in the face of depressed commodity prices, the challenges of electricity and water supply in South Africa, the mining industry’s response to Ebola and role in managing the disease.

Keynote speakers and panelists this year included South Africa’s Minister of Mineral Resources, Ngoako Ramathlodi, who delivered the official welcome address on day two of the event. His speech made it clear to the international audience that South Africa is firmly open for business and

suggestion, but felt the speech did leave questions open around how this would be achieved in practice, which his talk did not clarify. Former UK Prime Minister, Tony Blair, also spoke on Tuesday, giving the keynote address of the Indaba. Many were more than a little mystified at what particularly qualified him for such an address. His claim to relevance stemmed largely from his involvement in his foundation, Africa Governance Initiative (AGI), established in 2009, which now advises the presidents of Nigeria, Senegal, Sierra Leone, Liberia, Guinea and Rwanda where on a variety and capacity building issues.

that the government is committed and open to engaging with investors and industry to move the sector forward. The minister reiterated government’s intent to achieve the objectives set out in the mining charter and said that this would inform his proposed amendments to the Mineral and Petroleum Resources Development Act (MPRDA). He also emphasised his support for the decision to refer the Act back to Parliament, saying that “the passage of the Bill is the key to unlocking investment.” Minister Ramatlhodi took a hard line on labour relations in his address, emphasising that “long-term strikes would not be tolerated in the future.” Commentators welcomed this

Blair, who described himself as an “Africa optimist”, said that his work in these countries had given him a perspective on Africa, its future and challenges and the difference between success and failure on the continent. He reminded the audience that despite falling commodity prices, 10 out of the 50 fastest growing economies in the world remain in Africa. He said relationships between north and south had changed from one of “donor” and “dependence” to one of “partnership” and there was a move, particularly in the extractive industries like mining, from mere transactions to the idea of relationships. He said the composition of African economies was changing both in terms of GDP and FDI. “For example, in Nigeria’s economy today, 60 per cent is in services. Tourism in Africa has tripled over the past decade. This year in telecoms and technology, retail and financial services,

they will take a bigger share of FDI than mining and extractive industries. However, the mining sector remains absolutely vital for Africa’s future and even with the sharp declines in prices, there are tremendous opportunities and there will be, no doubt, an adjustment and reshaping of the face of mining within Africa over these next few years.” He noted that new players – China and India in particular – are keen forces in the reshaping of African economies and its mining industries. One of the key investments, he said, was power and electricity – the “single most important precondition for a country’s success”. Transparency and corruption were also key principles to investment on the continent and rules that now governed investment, some of which were “eyewateringly tough”, made it impossible to access “high quality investment from the west” where there was corruption on either side of the deal. Other speakers include global economist Dr Dambisa Moyo, who spoke on the political, economic and financial workings of emerging economies, Graça Machel, president of the Foundation for Community Development, Anita Marangoly George, senior director, Global Practice on Energy and Extractive Industries with the World Bank Group, Robert Friedland, executive director and founder of Ivanhoe Mines LTD and Jim O’Neill, chairman of Cities Growth Commission.

A platform for discussion:

talking CEO Summit with Continental RE With the second annual Continental Re CEO Summit around the corner, RISKAFRICA caught up with CEO Dr Femi Oyetunji for insights on some of the key issues up for discussion at this year’s gathering of Africa’s insurance leaders. By Sarah Bassett Summit is not just an event; I’d like to see the discussion continue until the following year when we meet again. It is a privilege to be able to provide a platform and an environment for the leaders of insurance across Africa.

Our theme this issue is cyber risk. With cybercrime a growing global threat, are African businesses aware enough of cyber risk and responding adequately? Outside of South Africa, there is not currently enough awareness, discussion or documentation taking place around cyber risk, crime and security breaches. It’s not that it’s not there, I am almost certain that there isn’t a working individual across the continent who hasn’t been affected in some way, but it is simply not yet at the forefront of our risk discussions. I think the role of Continental Re and others within the insurance and reinsurance industry needs to be to help create awareness and discussion. I am certain that when organisations and individuals begin to look for the impacts, they will be there.

Is awareness growing here as the risk becomes more prominent globally?

Dr Femi Oyetunji

Tell us a little about the Continental Re CEO Summit and its purpose. We started the Summit last year and are the first private pan-Africa reinsurer to provide such a platform on the continent. We’re proud of that. This year, we want to emphasise sustainability.

We are one of the few signatories in Africa to the Principles of Sustainable Insurance – which are far too complex and all-encompassing to be covered in their entirety over the course of two days. Our intention is to generate a continuous discussion around emerging risks and common challenges that affect us all, such as regulation, pricing, skills and so on. So the

It is, yes, and we do find that we are getting more and more inquiries around cyber risk in the wake of big international breach stories. The global village concept is not just a cliche – if something is happening in the US or Europe, it’s happening in Lagos and Nairobi too. You may not see it, but that is not because it isn’t there. Even in developed economies, we still find that for cyber risk, information is hard to access, and there isn’t enough data for accurate determination of rates and appropriate cover. This is because of reluctance around disclosure. For this reason, at Continental Re we feel that the emphasis needs to be on risk management first and foremost, and insurance companies need be in the driving seat in promoting this.

Are African markets moving towards regulating for data breaches and cyber risk at all? In Nigeria, we have the Data Protection Act and I believe that there is similar legislation in Ghana and Kenya as well, but this regulation is focused more on the protection of consumer information rather than cybercrime specifically. I think what we need to be addressing in all these nations is the ease with which databases can be hacked, and information stolen. The risk is only worsening, given the volume of information available through social media. This is why we feel that the first step and emphasis needs to be on the protection of databases, Wi-Fi connections, servers and so on. Emphasis first of all should be on the protection of databases and Wi-Fi connections because I’m not sure that enough corporates are paying attention to that. Hence we need to emphasise risk management first.

Is product innovation required from African insurers in this area? Are brokers promoting awareness around the risk actively enough? We can’t create products in a vacuum; we need those who are at risk to recognise the risk. Otherwise, no one will take up the insurance regardless of the products. We need to make use of all the various distribution channels, but I think more than anything it is continuous discussion around these risks that is lacking and we as insurers and brokers do need to drive that. We know what products are required already, but we do need further data and quantification in order to tailor them to the African context and risk profile specifically. The upcoming Continental Re CEO Summit provides a platform for a discussion around emerging risks for the continent, and this is an area that should make it into the discussion.

There is a lot of talk in the market about the oversupply of capital, the soft rates environment and challenges in gaining market share. How is Continental Re responding to this, along with the increased global interest in the African market? There certainly is over-supply of capital in Africa as well as globally, and there has been an influx of alternative capital worldwide. But what we’ve found in the last year is that this capital is drying up internationally. With developed markets rebounding, investments are flowing back into these traditional capital markets. But at the same, the surge in interest in Africa has meant that global players in the insurance and reinsurance sides are flowing into the market, putting pressure on market share. For Continental Re, we see the low insurance penetration figures as the key opportunity and are focusing not only on how we fight for market share, but how we deepen the insurance market itself.

We do this through increasing awareness and focusing on new risk areas and products such as liability products, political violence, agriculture, and cyber risk as we’ve just been discussing – these are all key areas in which we can grow the market in Africa. Where we don’t have the expertise in-house, we work with our partners in Europe and in the US to bring this expertise in. We’ve been training insurance companies in new areas of business and emerging risks. So for us, the focus is on growing the market rather than scrambling over market share. Even for the existing market, however, we are able to offer superior service through our impressive African footprint. Interviews with cedents have confirmed that our customer service is a key competitive advantage. The platform we have created across the continent cannot be replicated overnight.

We have talked before about the skills shortages. With Africa’s relatively young population a possible advantage in coming decades, is enough being done to educate and enable young Africans to make the most of that demographic dividend? Absolutely not. We often comment that we hope that that the demographic dividend does not turn out to be demographic disaster for Africa. If initiatives are not put in place

to ensure that youngsters are trained to be engineers, doctors, financial experts and so on, that dividend may not materialise. We have seen encouraging results through our drive to increase skills sharing and collaboration across country regulators – it’s also been beneficial for identifying which areas of education we can best get involved with ourselves. We’ve identified that the standard of teaching for maths and science is generally very poor, even though we do have many brilliant people in these areas. There is progress taking place in certain individual countries, but critically what is required is continent-wide cooperation and collaboration and for this we would hope to see the involvement of the African Union to enable a platform for knowledgesharing. If we can identify key requirements for improvement at primary, secondary and tertiary education levels, and can improve the quality of teaching, then Africa can indeed benefit from the demographic dividend. Without this, we cannot benefit.

Africa up and down

the risk ladder By Dominic Uys

Aon recently released the 2015 publication of its Political Risk Map. The company’s essential guide for clients with business interests in foreign countries does not have much good news to share for Africa.

he end of 2014 and the start of 2015 are likely to continue to take their toll on the global economy throughout this year, according to risk advisory Aon’s latest risk report. The report, which measures political risk in 163 countries and territories, looks at all the factors that may influence how their clients will do business on the global scene. These include exchange transfer, political violence, political interference, supply chain disruption, sovereign non-payment, legal and regulatory regimes, ease of doing business and a number of other factors. Along with that, countries were rated on a six-tier scale from low to very high. In between reports, clients can also reference the report’s app, which notes small changes in country risks and gives more up to date information. Any changes in grade are delivered quarterly and allow the Political Risk Map to highlight deterioration in countries, such as with the Ukraine several quarters in advance.

While the risk map has not changed dramatically from previous years, this latest publication does reveal some interesting developments that will set the tone for the year to come. The first of these is the fact that the drop in the oil price has dealt significant hurt to more than a few economies, including Russia and Venezuela, as well as some of the smaller economies like Uzbekistan. The second is the risk upgrade of seven unlikely countries on the risk map, including destinations like Zimbabwe and Laos.

Russia and other flashoints Russia, according to the report, is the country carrying the highest single risk factor to the stability of the rest of the globe. Predictably the fuel price drop is pinching the oil producing country’s economy considerably. The international sanctions resulting from the country’s president undermining NATO members by stirring up trouble with its neighbours in Estonia and Latvia, have also not made the economic burden any easier. Recent

airspace encounters between Russia and its neighbouring countries also indicate the country’s willingness to test NATO’s capabilities hinting at the fact that these difficulties are far from over. Predictably Russia’s conquest into other countries has had an effect beyond its own borders. In Crimea and Eastern Ukraine, Aon has increased its catastrophic country risk ratings. The military conflict is certainly not confined to Russia, as several significant economies of the world are facing potential large scale encounters. Starting with Nigeria, militants from the Boko Haram Islamist group increase their attacks and have gained more control in northeastern Nigeria. On the other side of the planet, confrontations have broken out between Chinese navy vessels and fishermen in South China Sea. As a result Chinese and Japanese fighter jets engaged in a dogfight over the disputed Senkaku/Diaoyu Islands, escalating the long-standing tensions in this region.

And the list continues, with conflict again heating up on the North Korean border, crisis between India and Pakistan, and even a standoff between Russia, the US, Norway, Denmark and Canada over who owns the right to natural resources in the Arctic.

Africa’s ups and downs While Aon’s report notes that not much has changed in terms of country risk in the vast majority of locations, a handful of countries have moved up or down the scale. In total, the 2015 report has recorded 19 country rating changes since the 2014 risk map’s release. A marginal increase compared to the 2014 Risk map that laid down 15 status changes, but still less than that of the year before, which saw 25 the year before. The events surrounding Russia and China aside, the majority of the status changes on the report, both positive and negative, are to African countries. Nine of the risk downgrades affect countries on the continent, with Angola, the Central African Republic, Ghana and Burkina Faso seeing some of the most significant risks. Number two on the report’s most prevalent global risks is oil and other commodities. While volatile oil prices are mostly the problem of countries like Russia and Venezuela, Mining- and energy-heavy nations in Africa, like Angola, Cameroon, Congo, and Nigeria all face weaker incomes and likely spending cuts. The risk does not stop there, because the report mentions two more global risks that affect the African continent to a large extent. Not surprisingly, the conflict and violence around terrorist groups such as Boko Haram in Nigeria, is adding to the strain on the economies of both this country and its neighbours. Lastly, countries in North Africa, like Libya, are also listed as high risk because of political instability and the power vacuums that it creates. Yet the news is not all bad, and two unlikely upgrades have also taken place in Zimbabwe and Swaziland. While the risk in these countries remains high, especially on the political front, these two countries are expected to reap the biggest benefits from the global drops in oils and commodities prices. The result seems to be that 2015 might be the year of the pessimist. That said, if countries like Zimbabwe are managing to inch in the direction of the positive side of the risk scale, there may be hope for the rest of the continent yet.

Risk and opportunity:

Momentum Risk Summit By Sarah Bassett

he two-day summit focused on life insurance-related risks and the evolution of the insurance industry in response, and offered advisers insight into how consumers interpret information and behave during tough economic times. Local and international speakers shared thought-provoking content as a result of the changing landscape of the insurance industry. Now in its second year, Momentum Retail CEO Mark van der Watt told RISKAFRICA that the summit and its programme are part of the drive at Momentum and MMI to put clients at the centre of their businesses. The purpose of the business is around financial wellness, with the prioritisation of risk needs critical to achieving this wellness – so the summit’s focus is to enable our clients to. “The industry is tough, the economy is tough and consumers are under pressure – there is a lot of talk and concern around regulation, and there is a sense of uncertainty in this area, particularly in the risk space.” Even so, Van der Watt suggested that there are still significant opportunities for advisers in this space. “Research from True South,

2015

The outlook for insurers in 2015 is tough, but all around, there is still opportunity. This was the key message from speakers at the recent Momentum Risk Summit, held in South Africa.

commissioned by the Association for Savings and Investment South Africa (ASISA), shows that if you look at risk from an individual and group cover point of view we are only covering about 40 per cent of that risk currently, meaning there remains a gap in risk cover of 60 per cent – presenting advisers with significant opportunity.” “Death is better covered than disability at present, with significant opportunity here for advisers to close this gap and assist clients in managing these areas of personal risk,” he continued, adding that there is particular need for a focus on income protection over lump sum protection. Neill Müller, head of Momentum Myriad product development highlighted the tax

changes in income protection benefits and the implication of this change. Noting that while this may have an impact on demand, disability income protection products remain the most cost-effective way for clients to protect themselves from this risk. In advising clients on the change, Müller suggested that there is an opportunity for advisers to help clients reassess their cover. “When we analyse our book, 80 per cent of our clients don’t have maximum replacement cover – so there’s a big opportunity there for advisers to discuss this with their clients and move to increase their cover. For those few clients that are, in fact, over-insured, this is an opportunity to reduce their cover to the correct level and assess whether they are adequately covered in other areas.”

professor of gerontology and founder of the Oxford Institute of Population Ageing, Sarah Harper. For the most educated populations, the trend is, therefore, towards decreasing population sizes, with the predictions for global population size now reduced from 24 billion by 2050, to 11 to 13 billion by 2050. For populations where women remain less educated, the demographic trend looks a little different. In Africa, the birth rate for women remains between four and seven children and the continent is enetring a much talked of youth bulge. With aging populations all round, this bulge has the potential to be converted into what is termed a demographic dividend – a young, active and productive working population. Here, notes Harper, the critical question is whether Africa can educate its youth population sufficiently to convert in the youth bulge into a genuine dividend. While life expectancy differs from country to country, the global trend is clear – people are living longer. For life insurers, the key question, says Harper, is whether or not they will healthily live for longer or whether these latter years will be characterised by ailing health and disability.

Living longer, getting older

“If we can keep pushing back the onset of disability to later and later years, then that is actually really good, because we have productive individuals with a short period of disability at the end of their life,” she said. She noted, however, “if longevity is going to be accompanied by increasing years in frailty and disability, then the insurance world is actually going to have to wake up to a very different picture to the one that we have at the moment.”

The dynamics and characteristics of the global populaiton are changing, with global fertility rates dropping as increasingly educated women choose to have fewer children – so much so that two-thirds of the world is now at below the replacement levels of two children per women.

SA: an almost positive outlook

At the same time, people are living longer – and these two shifts combined are seeing the global population average age get older, almost half the world’s population now over the age of 50.

“I’m not saying that we are going to go back to the 5 per cent growth rate that we had before the recession – and there are many real challenges including the power, labour and the economic lethargy in Europe, our biggest trading partner. But our neighbours are looking strong, and the US economy is picking up and this will be good,” he noted, adding that if we can hold on until the Medupi power station comes

By the end of this century, England will be home to an incredible 1 million people 100 years old or older. This was according to

fully online at last this year, along with a new influx of renewables coming online then the electricity situation will be largely sorted and there should be no reason for the constraint to drive us into recession. In the meantime, he notes that the stock exchange remains strong, that inflation is low as are interest rates and that growth of 2.5 per cent could still be possible for South Africa in 2015, with the possibility for greater growth momentum in the coming years. A further positive is that per capita income in South Africa is at an all time high at R66 000 per person per annum, making South Africa an upper middle-income country.” Other speakers at the summit included wellknown scenario planner, Chantell Ilbury, who shared insight on the flags to watch when considering the future of the country and economy, and touched on ways that advisers can use scenario thinking to assist clients in planning of their own futures. Brian Gibbon, chief underwriter for Swiss Re Life and Health, shed light on the drastic changes in consumer behaviour and expectations being driven by changing access to information, increased data and instant communication.

Prominent economist and academic Dr Roelof Botha, painted a cautiously positive picture of South Africa’s economy, reminding us that, although the challenges are real, there are many solid reasons not to sink into total despondency.

Getting the

edge

By Frances Bailey

With the Institute of Risk Management South Africa (IRMSA) rolling out its risk professional board exam, industry experts give us their top tips on what gives a risk management candidate the edge.

n today’s fast-paced and technologicallyenabled world, a risk professional is expected to assist an organisation in building a risk culture that is aligned to the organisation’s strategy and risk tolerance, as well as assist with devising rapid responses and action plans, says Munier Damon, audit partner at Deloitte. “A ‘good’ risk culture in an organisation is when employees understand risk and their attitude towards risk leads them to consistently make appropriate risk-based decisions.”

accompanying the paradigm shift in politics and technology in sub-Saharan Africa.

importance of strengthening relationships is paramount.

The corporate Ming vase

A culture embracing change

According to Deloitte’s 2014 report on risk management: a company’s reputation should be managed like a priceless asset. “We found that 87 per cent of the executives we surveyed rate reputation risk as more important or much more important than other strategic risks that their companies are facing.

Damon adds that the risk professional won’t be the face of the organisation, but the skills required of the risk professional in a rapidly changing landscape should be those that drive the characteristics of a ‘good risk culture’.

If you are serious about getting the edge as a risk manager, it is important to – firstly understand the micro-economic complexities

In addition, 88 per cent say their companies are explicitly focusing on managing reputation risk,” says Damon. Hence, understanding the

“Change management ties into risk management quite closely, particularly in the context that the enhancement of risk management in most organisations requires a change in the risk culture of the organisation.

This is to complement efforts that organisations may have put in place to develop their risk management frameworks, policies, procedures and technologies. An organisation’s culture determines how it manages risk when under stress”, adds Damon.

reputation of an organisation from some sort of failure of its information technology systems. In colloquial terms, this essentially refers to traditional information security risk management with a large emphasis on threats from Internetbased sources or technologies,” says Damon.

Laying down the law

“This is sometimes an area where organisations are not ‘cyber security’ minded, and the intelligence around successful cyber breaches and events of interest are not openly shared to escalate the threat.” Therefore, he adds that technology skills and knowledge are a real advantage for risk managers.

Despite the complexities of the political and technological landscape, Brian Muller, director at Factory and Industrial insurance (F&I) reminds us that from a South African insurance perspective, risk management is also largely back to basics with consistency in the industry still posing a major challenge. “Has risk really changed that much? You comply with the regulations. You comply with the laws of the country. The problem is that you have so much non-compliance in the industry. One insurance company will say you need to meet these requirements, but another insurer will offer a policy without compliancy requirements in order to be competitive. Then when a building burns down, and it is non-compliant, we realise how the industry is its own worst enemy. Compete on rates and compete on your reputation but the risk management side should not be one where you compete”, Muller tells RISKAFRICA. Damon adds that the primary purpose of hiring a risk professional is to assist an organisation with managing its risk, including reputational risk, through driving the development and implementation of appropriate risk management frameworks, procedures and governance structures.

The curious case of cyber risks “Cybercrime or cyber risk means any risk of financial loss, disruption or damage to the

An industry-specific example

Damon says that an in-depth grasp of the various issues facing a particular industry is hugely valuable to the individual and assists with the credibility that the risk professional holds within the organisation. “Understanding risk in a particular industry and also what the mitigating factors are comes with training, but it also comes with many years’ experience,” says Muller. “Each risk is different. We wouldn’t delve into cyber risk because it is a different field. We are property risk managers, and many of our staff members come from the fire service or from health and safety backgrounds. We then send them on fire safety courses or they will study risk management through the University of South Africa. We also do a lot of in-house training with our staff. Specific requirements include understanding fire safety and the risks to a property that could develop,” he adds.

Getting that big break Becoming a certified risk manager will offer a definitive way to stand out from other candidates while consolidating your existing knowledge and experience. “The objective of the IRMSA

board exam is to ensure that we bridge the skills, knowledge and competency gap of risk professionals in the industry. The certification exam has been developed in such a way that the candidate’s learning and work experience are integrated, relevant and transferable to any industry,” reads IRMSA’s website. Applications to write the exam are opening in June 2015. Nicole Grobbelaar, events and marketing manager at IRMSA, tells RISKAFRIKA that there are no recruitment companies that specialise in placements for the risk management industry. However, she advises members to look out for future developments at IRMSA because they are investigating various options to assist their members with job placements in the future.

How we can expect a job description to look in a structured industry Company seeks qualified and accredited risk manager with a well-rounded understanding of cyber security, reputation and change management. The ideal candidate will promote good governance and reporting protocols while instilling a culture of risk-aware behaviour.

Duties You will be required to build the risk competence or function (including frameworks, policies, communication): 1. 2. 3.

4. 5. 6.

Driving risk awareness and education Driving a risk-adverse culture Driving the motivation and rewarding good risk- (adverse) behaviour (performance / reward systems) Understanding the importance of strengthening relationships Promoting good governance and reporting protocols Resolving misunderstandings

Requirements • A risk qualification / IRMSA Occupational qualification • 3 - 5 years risk management experience

Personal Skills / Attributes • Timely and honest communication to all stakeholders • Responsibility and accountability, both individually and collectively • Understanding the value of effective / proactive risk management • Encouraging an environment of constructive challenge

Advantageous • Technological skills and knowledge • In-depth understanding of industryspecific challenges

NEWS Rwanda offers

cheapest Internet Rwanda has the most affordable Internet on the continent, according to the Affordability Report announced at the Mobile World Congress in Barcelona by the Alliance for Affordable Internet. The Alliance said that Rwanda tops the continental list, which looks at the state of broadband policy across 51 developing and emerging economies, and is followed by Nigeria and Morocco. Uganda and Kenya are also on the list. “The country’s broadband connectivity has become a key competitive differentiator in the global economy. We have made significant progress already for the widespread adoption of ICT, particularly in sectors such as health, education, agriculture, as well as business and finance,” said Jean Philbert Nsengimana, Rwanda’s minister of youth and ICT. Additionally, the report states that at least two billion people in emerging countries are priced out of Internet access.

Credit Suisse appoints former Ivorian minister as CEO Credit Suisse has appointed former Ivory Coast Minister of Planning and Development and Prudential chief executive, Tidjane Thiam as its CEO. Thiam will replace current Credit Suisse CEO Brady Dougan, and will be the financial services multinational’s first black leader.

Three West African countries call for Ebola relief Speaking at a conference on Ebola in Brussels, leaders in Guinea, Liberia and Sierra Leone said in March that, while they were confident the worst of the Ebola outbreak has passed and that they were aware of the need to act quickly against new infections, donations were needed to repair the damage done to their economies. The epidemic has killed around 10 000

people in the three countries, and has set back their previously growing economies. “Victory against the virus is in sight but we must guard against complacency. There will not be total victory until we get to a resilient zero in the three most affected countries,” said Sierra Leone President Ernest Bai Koroma. The World Bank said that the epidemic will cost the three countries at least $1.6 billion in lost economic growth this year alone. Schools, farms and markets were forced to close during the epidemic, and businesses suffered with the exit of investors as well as the fall in global commodity prices.

The reaction to the appointment saw Credit Suisse shares jump 7.5 points, and experts say Thiam’s arrival might signal a new direction for the bank’s priorities. The Swiss bank came under criticism last year after it reached a $2.5 billion settlement with authorities for helping US citizens evade taxes via secret bank accounts. Thiam is a mathematician who began his impressive career in 1986 at global management consultants McKinsey & Co, before becoming the first black CEO of a FTSA 100 company. He is a dual Ivorian and French citizen and holds an MBA from INSEAD.

A green economy could save Egypt $2.4 billion annually A new study has said that a shift to a green economy trajectory can help Egypt realise annual savings of over $1.3 billion in the agriculture sector, $1.1 billion in the water sector, and up to a 13 per cent lowering of carbon dioxide emissions. The report was released by United Nations Environment Programme (UNEP) and the Egyptian Government. According to UNEP, a green economy is focused on reducing environmental risks and ecological scarcities. “Challenges such as Egypt’s rapidly growing population, which could reach 100 million by 2020, coupled with an ecological footprint almost three times its available bio-capacity, according to the Arab Forum for Environment and Development, are opportunities to implement an inclusive green economy strategy that can revitalise and diversify the economy and achieve social equity while also conserving the environment, and improving health and human welfare,” said Achim Steiner, UN under-secretary-general and UNEP executive director.

Africa shows biggest downgrades on latest global risk map Aon released its 2015 Political Risk Map, showing political risks in emerging markets. Topping the list of political risks facing emerging market investors is the increasing instability in oil producing countries such as Libya, the threat of extremist group violence on vulnerable nations such as Nigeria and Somalia, and the Ebola outbreak in several African countries. “Sub-Saharan Africa continued to record the largest number of downgrades in 2015, as economic and political risks increased,” says regional controller for Aon Sub-Sahara Africa, Darlington Munhuwani.

FirstRand to offer life insurance in SA, Ghana The leading South African bank plans to start a life insurance business in South Africa, and hopes to begin operations in Ghana midyear. CEO Sizwe Nxasana said in March that the bank had already secured its licence for the life insurance business and claims it will offer a new way of underwriting risk. The new insurer will also offer disability insurance. The news comes with FirstRand’s emphasis on growing business in Africa and India, owing to more than R10 billion in excess capital. In addition to a new insurance business, FirstRand was to convert its merchant banking licence to a universal one in Nigeria, while in it also plans to enter the banking market in Kenya.

Insurance giant Sanlam buys controlling stake of Nico Vida Sanlam Emerging Markets (SEM), South Africa’s insurance company has confirmed that it has acquired 51 per cent of Mozambican life insurance company Nico Vida. Sanlam also said that it now holds 25.1 per cent of the insurers parent company, Nico Holding’s limited. SEM had, last year, acquired a 40 per cent stake in Ghanaian short-term business insurer Enterprise Insurance for $20 million. The Sanlam Group has business interested in Africa, Europe, USA, Australia, India, and South East Asia.

Excellence inIRM the industry Global Risk Awards By Sarah Basset

40 40

he Institute of Risk Management (IRM) honoured the global industry’s finest with a glittering evening at the Hilton on Park Lane, London. RISKAFRICA was delighted to be shortlisted for an IRM Global Risk Award and, although we did not make it home with a new statue for the mantle, we were on hand for one of the most anticipated events on the risk management community’s calendar. Nearly 400 risk leaders from 20 countries arrived at the Hilton on Park Lane to celebrate at the annual highlight for the risk profession. The Awards, hosted by British actress Joanna Lumley, rewarded winners in risk excellence from as far afield as the UAE, Nigeria, Switzerland – and South Africa. “Tonight’s winners showcase the Institue of Risk Management’s belief that, in uncertain times like these, the best risk professionals help their organisations grasp the opportunities, as well as manage the threats that risk offers. Tonight’s Awards show the risk profession at its very best,” IRM’s chairman, José Morago, commented during his opening address on the evening. The categories awarded included risk management professional of the year, risk management service provider of the year, newcomer of the year, solution of the year, excellence in the face of adversity and risk management across borders. The IRM is a global professional body for risk management. The independent, not-forprofit organisation champions excellence in managing risk to improve organisational performance. The Institute provides recognised international training and qualifications, across diverse industries in both the private and public sectors. The Risk Management Newcomer of the Year Award went to Graeme Miller from Mott MacDonald, who impressed the judges with his combination of qualification, experience and commitment to developing his professional skills. Lord Currie, chairman of the Competition and Markets Authority, proved a popular choice for the Lifetime Achievement Award; as did the recipient of IRM’s Mark Butterworth Award, IRM’s chief examiner Dr Bill Stein. And, in a year of exceptional achievement among IRM’s students, Andrea Har flew in from Hong Kong to accept the International Diploma Student of the Year Award. “Our winners are all leaders in their class, but everyone shortlisted tonight should be proud – they are at the cutting edge of managing the very real risks the world faces today. As the world’s interconnected risks evolve ever faster, they show how the role of risk practitioners grows ever more vital,” IRM’s chief executive, Ian Livsey, commented, congratulating the night’s honourees.

INTERNATIONAL

NEWS Lloyd’s opens new underwriting platform in Dubai Lloyd’s have opened a new specialist underwriting platform to provide tailored risk solutions across the Middle East. The specialist underwriters in Dubai will provide cover for a range of risks including: property, construction and engineering, marine and energy, terrorism, political risks and trade, aviation, personal liability, and financial risks. “An important part of Lloyd’s Vision 2025 strategy is to expand our presence into developing and growth markets around the world. While the London market is still the global hub for specialist insurance and reinsurance, it is important Lloyd’s continues to expand our global footprint, turning perceived threats into opportunities, and ensuring London stays global for future generations of underwriters and brokers,” said Vincent Vandendael, director of international markets for Lloyd’s.

Global catastrophe report:

US insurers facing $1 billion payout Aon’s catastrophe model development team, Impact Forecasting, said in their monthly Global Catastrophe Recap report that US insurers face a minimum of $1 billion payout following February US winter weather losses. The report, which evaluated the impact of the natural disaster events that occurred worldwide during February 2015, reveals that 72 people died during five separate periods of heavy snow, frigid cold, freezing rain and ice impacted parts of the US. Meanwhile in Africa, Tropical Storm Fundi brought torrential rain and strong winds to Madagascar, causing six fatalities and damaging almost 7 500 homes.

Hackers attack major health insurer Hackers breached the IT systems of major US-based health insurer Anthem in February, stealing personal information relation relating to current and former policyholders and employees. Anthem, the number two health insurer in America, with nearly 40 million US clients, said the breach did not appear to involve medical or financial information such as credit card or bank details. However, the information accessed did include names, birthdays, social security numbers, street addresses, e-mail addresses and employment information, including income data.

Risk management complicated by ‘hyper-transparency’ Speaking at the Business Insurance Risk Management Summit in New York, a panel of experts said that building an international risk management programme involves resolving challenges that include increased worldwide regulatory enforcement. Andrea Bonime-Blanc, CEO and founder of GEC Risk Advisory in New York said that operating in an era of hyper-transparency can lead to increased reputational risks, especially when companies are involved in corruption. She noted that reputation and corruption are sixth and tenth on the Allianz Risk barometer for 2015 respectively. Bonime-Blanc emphasised that regulatory enforcement trends have increased, with 755 enforcement actions in 2014 valued at $4.14 billion.

XL Group now covers risks Global insurance giant XL Group has launched a new product that covers various mining risks under one single policy. The new mining product caters to a multitude of industry-specific perils in what the global insurer and reinsurer has called ‘a one stop shop’. Unveiled at an international mining industry forum, the policy covers a multitude of market perils including mobile assets and covers all machinery and equipment either above group, underground or sub-sea.

India praised for improved disaster risk management The Global Assessment Report on Disaster Risk Reduction released by the United Nations lauded the improved accuracy of forecasts made by the Indian Meteorological Department over recent years. The UN said timely warnings on cyclones have helped reduced mortality during extreme weather events. The report used cyclone Phailin that hit Odisha in 2013 as an example. Warnings were issued four days before the cyclone made landfall, and no more than 47 people lost their lives, whereas in 1999 when a cyclone hit the same area and 9 843 people died. To emphasise the importance of disaster risk management, the report went on to say that an annual global investment of $6 billion in strategies would provide a reduction of risk worth $360 billion dollars. “For many countries, that small additional investment could make a crucial difference in achieving the national and international goals of ending poverty, improving health and education and ensuring sustainable and equitable growth,” says the report.

Lithium batteries a fire risk on planes, says Boeing Aviation multinational and aircraft manufacturer Boeing said that highdensity packages of lithium batteries like those in cell phones and laptops pose a fire risk and should no longer be allowed on passenger planes, at least until safer methods for carrying them are developed. Boeing said in a statement that current firefighting systems on airliners can not suppress or extinguish fires involving significant quantities of lithium batteries. The main chemical used, Halon 1301, is unable to stop fires from

rechargeable lithium ion or nonrechargeable lithium metal batteries, the two main types of cells in consumer devices. “The Boeing Company supports and advocates for global harmonised requirements related to the air transport of batteries. We support efforts to develop effective protective packaging materials to facilitate the safe shipment of batteries as cargo,” said the statement.

African

risk

report By Dominic Uys

This year, the Institute of Risk Management South Africa (IRMSA) published its first annual Risk Report, a first-ofits-kind study of the South African risk environment.

tanding in front of a room full of industry insiders at the Cape Town launch of the first IRMSA Risk Report in February, Eskom’s executive manager of enterprise risk, Christopher Palm, explained that the organisation had set itself a challenge to produce a report that would stand out from the studies done by all of the other private firms in the country. Palm is the chair of IRMSA’s Risk Intelligence Committee, placed in charge of compiling the report. The 11-member committee is composed of company CEOs, analytical experts and a number of experts in other fields. This first risk report from IRMSA presents an evaluation of the country’s top risks over a two-year time horison through several

workshops at IRMSA conferences and a survey of 620 of the country’s foremost risk management experts. “We felt it was important as an industry body, to come out with our own report. But we had to have a hard look at what this report would have to bring to the table, since our industry already sees so many risk reports being published each quarter, by all of the most prominent private firms in our industry,” Palm explained. “We identified a need for our members to be able to engage with their executive committees (EXCO) and boards more effectively on how certain identified risks would affect their business. We have all on more than one occasion been to meetings with presentations

IRMSA’s top 10 South African risks for 2015 by LIKELIHOOD

The World Economic Forum’s top 10 global risks for 2015 by LIKELIHOOD

1. Increasing corruption

1. Interstate conflict

2. Unemployment

2. Extreme weather events

3. Shortfall of critical infrastructure

3. Failure of national governance

4. Political and social instability

4. State collapse or crisis

5. Organised crime

5. Unemployment or underemployment

6. Cyber attacks

6. Natural catastrophes

7. Failure of financial mechanisms

7. Failure of climate change adaptation

8. Severe income disparity

8. Water crises

9. Urbanisation

9. Data fraud or theft

10. Data fraud / theft

10. Cyber attacks

IRMSA’s top 10 South African risks for 2015 by CONSEQUENCE

The World Economic Forum’s top 10 global risks for 2015 by CONSEQUENCE

1. Increasing corruption

1. Water crises

2. Governance failure

2. Spread of infectious diseases

3. Unemployment

3. Weapons of mass destruction

4. infrastructure and networks breakdown

4. Interstate conflict

5. Critical infrastructure failure

5. Failure of climate change adaptation

6. Fiscal crisis in key economics

6. Energy price shock

7. Failure of financial mechanisms

7. Critical information infrastructure breakdown

8. Economic and resource nationalisation

8. Fiscal crises

9. Cyber attacks

9. Unemployment or underemployment

10. Severe income disparity

10. Biodiversity loss and ecosystem collapse

that had in large part been reworked from the World Economic Forum (WEF) reports or the ENY Africa report. In many cases these meetings would end with one of the board members asking how these risks affected the company,” he continued.

focused report that could reflect what was happening in South Africa, and which could be measured against the WEF report in order to put the South African risks in a global perspective.”

various stages and at various forums. This is of course only our first methodology and we will evolve as we go on.We will expand the methodology to more participants, CEOs and universities,” he starts.

Crowdsourcing methodology

“In compiling this first report, we first thought that we should get some freeform writing from the risk fraternity about what they thought the risks are for the country. That didn’t necessarily work very well. We realised that everyone has an opinion and the answers we got were quite diverse and we needed a base to work from.”

“So with that in mind, we kicked off with something as simple as a risk chat. And we started sharing the little tidbits of information that you might not necessarily pick up in the mainline. Info that would enable our membership to engage their EXCOs, their boards and people responsible for risk management.”

In compiling the report, the Risk Intelligence Committee took a different approach from most publications of its kind. Michael Ferendinos, group chief risk officer at AECI explains that the report is a complete industry collaboration and was in large part based on company and professional surveys.

Palm staid that the WEF’s annual risk report had set a high standard for risk analysis. “We set out to produce a South Africa

“This was not the risk intelligence committee telling everyone what the risk profile is for the country. A lot of people were involved at

“So we went back to the WEF’s Global Risk report of 2014 and mapped it out to create a risk universe. We then voted on the risks that had been identified in the report, at the

ranks countries and territories based on how corrupt a country’s public sector is perceived to be. The country is ranked 72nd out of 177 countries surveyed, with a score of 42 out of 100 in the CPI. This could prove damaging to the country’s reputation,” it adds. The risk of cyber attacks comes in at number six in terms of likelihood and a number nine in terms of consequence. At the lower end of the scale we see data fraud and income disparity mentioned.

An outsider’s insight Renowned scenario planner and author, Clem Sunter, also weighed in on the publication of the report. Sunter publishes global risk assessments and scenarios in his Mind of a fox series of books. He explains that his approach places identified risks in different categories, which he refers to as flags. “Flags can range from tipping points that might precipitate a different chain of events to ones which are a sign that you have already switched scenarios. We tend to consult experts in the field under consideration about the flags they are watching out for,” he epxlained. Examples of theses flags are terrorism, climate change, religion and border disputes. Sunter notes that IRMSA’s report does offer some new perspectives, adding that he added two new flags to his own risk assessments as a result. “After reading IRMSA’s report it became clear to me that my own risk analysis could benefit from it and I have subsequently started looking at new risks to incorporate into my own reports,” he said. “As for the crowd sourcing methodology that IRMSA has followed, I would say that there are both strong positives and negatives. On the one hand, it does give one a much broader perspective on the different risks in the playing field. On the other, I believe that crowd sourcing can only get you so far. I still feel it is important to call together a group of experts and rank the risks objectively,” Sunter continues. IRMSA risk labs and conferences,” Ferendinos continued. Once we did that we prioritised the results again and compiled a list of ten risks arranged in terms of likelihood and consequences. We then also looked at an additional seven risks that are quite specific to the South African context, and that was essentially how we got our first profile.” Ferendinos explained that the committee involved several risk experts to compile more data on the risks outlined in the draft. “That added a lot more value in terms of how to manage the risks and how they play out in the country,” Ferendinos concludes.

Corruption tops the chart The risks outlined in the report make for an interesting picture of South Africa. While the

emerging risks such as cyber, have made the list, the top spots in the risk report are dominated by the old issues that the South African risk fraternity has spoken about for quite some time. Number one on the list of concerning trends is corruption, followed closely by governance failures and infrastructure risks.

“Going forward, there are a lot of things that we are going to enhance. What we really want to see next is the interdependency map of the risks. We feel it is important to see how they play out together. After talking to Sunter we also realized that we will have to look at scenarios in the next report as well,” Ferendinos adds.

“The geopolitical risk of increasing corruption is at the top of the list of risks affecting the South African landscape. It has both the highest likelihood and consequence rating for the entire risk profile. This risk has been coupled with the risk of a major escalation in organised crime and illicit trade because of their close relationship,” the report states.

“We also want to link risks to objectives, so in our next report we will start linking these issues to the National Development Plan and whatever else we feel is relevant. Finally we are definitely going to be looking at greater participation and getting more professionals involved in creating this document,” Ferendinos concludes.

“South Africa has steadily been performing worse in Transparency International’s Corruption Perceptions Index (CPI), which

IRMSA has made its first risk report available on its website, and judging from the reception so far, this will not be its last.

We at Hollard have always understood what it means to work together. Itâ&#x20AC;&#x2122;s all about perspective. And synergy. We offer all sorts of worry - busting stuff. We just canâ&#x20AC;&#x2122;t fit it all on here! For clued-up insurance solutions, contact: Hollard Namibia on +264 61 371 300 or visit www.hollard.com.na

Hollard Mozambique on +258 21 357 700 or visit http://www.hollard.co.mz/

Hollard Botswana on +267 3958 023 or visit http://www.hollard.co.bw/

Hollard Zambia on +260 211 255 680 or visit http://www.hollard.co.zm/

The Hollard Insurance Co. Ltd (Reg No1952/003004/06) is an Authorised Financial Services Provider