2019 Sustainable Business Report

SAFARICOM SUSTAINABLE BUSINESS REPORT 2019 INTRODUCTION OUR BUSINESS OUR MATERIAL TOPICS STAKEHOLDER ENGAGEMENT CONCLUDING REMARKS 30 RISK MANAGEMENT We have undertaken key initiatives to enhance internal systems to mitigate risks such as fraud and to improve process efficiency and effectiveness. This includes strengthening the credibility of relevant products and services by pursuing professional certification. NEW RISK MANAGEMENT SYSTEMS PUT IN PLACE We have implemented Metric Stream software, a digital Governance, Risk and Compliance (GRC) system that will enable us to achieve objectives reliably while addressing uncertainty by ensuring we efficiently track risks and the related controls environment across the enterprise. The introduction of an automated Revenue Assurance System (RAS) will ensure efficient, timely and independent revenue reporting and billing processes. Benefit to Safaricom GRC system Helps us to identify, assess, quantify, monitor and manage enterprise risk in an integrated manner Is a unified system for managing all compliance obligations with legal and regulatory requirements Serves as a central location for all processes, controls and risks and reports Assists in managing risk and improving our controls environment via real-time dashboards RAS system Automates billing reconciliation and increases scope Identifies billing issues in a timely manner FRAUD AND ANTI-CORRUPTION We consistently review our compliance with regulatory obligations, particularly those surrounding fraud, corruption and anti-money laundering (AML) legislation. Compliance with KYC requirements and procedures surrounding the registration of customers and M-PESA transactions to ensure security and combat money laundering, are key focus areas for us. We more than doubled the number of assessments undertaken the previous year. Under our updated strategy, some reviews were combined so as to cover a broader scope. ADDRESSING FRAUD AND CORRUPTION A countrywide surge in SIM-swap fraud accounts for the high number of cases reported to law enforcement agencies in FY19. By contrast, far more fraud cases were investigated in FY18, when a major investigation was conducted involving the corporate loyalty scheme 4 , than in FY19. Internally, 78 members of staff underwent a disciplinary process to deal with issues of corruption including breach of policy, negligence and asset misappropriation. Most of the cases investigated were initiated by tip offs, which indicates that our duty-to-report training has borne fruit. The nature of disciplinary cases is dynamic; the change in statistics indicates neither an improvement nor a worse environment. 4 Devices are issued to customers based on certain criteria such as accumulation of a certain threshold of loyalty points, but ten members of our staff had been engaged in theft of these devices. All ten were investigated. FY16 FY18 FY17 FY19 5 0 10 15 20 25 30 35 Number of Interventions Financial Year Monitoring Corruption and Fraud Audit reviews: in-depth reviews that evaluate specific internal controls and processes Fraud reviews: conducted on specific areas/processes which may have become compromised Risk assessments: comprehensive evaluations of a range of risks, from operational and strategic to ethical Special request reviews: reviews of special areas/processes requested by management 9 8 11 26 11 20 33 31 21 10 1 3 3 13 10