Little that has been heard from the Private Security Regulatory Authority since the gazettement of the Private Security General Regulations on July 5.
The January 5, 2020 deadline for registration of private security firms now looks unachievable. History shows that government-driven compliance, with the hard targets and deadlines, is the only way people and businesses actually comply to new regulations or laws in Kenya.
But not always. Some businesses, especially those with critical market share or industry underdogs with the appetite to grow, regularly show that compliance can be a business- or market-driven initiative. Under the ‘Michuki rules’, as a majority of transporters ground to a halt, the few compliant ones got huge rewards, top of them establishment of trustworthy brands.
This was the time Citi Hoppa, Double M and another bus company aptly named Compliant established themselves in the city transport landscape. And the likes of Mololine cemented their position as market leaders in the Nairobi-Nakuru route.
Companies that had put everything in place were seen as trustworthy, reliable and mindful of customer safety and security. They continue to benefit from that brand equity. In the contrary, those that have been on the wrong side of tax compliance have had it rough with Kenya Revenue Authority and their regulators. The betting industry comes to mind; several firms have had to close shop.
In the current business, policy and regulatory environment, compliance, really, is something nobody should joke about. And it does not matter how big or connected you are; if your business is out of the regulatory environment, it is almost certain that you will be shut down. Judicial injunctions and orders have failed to rescue those whose time was deemed up.
There is also another dimension to compliance: Businesses that anticipate new regulation and put in place the infrastructure early to deal with upcoming regulations.
The Data Protection Bill is in its last stages in parliament and could very well become law this year. Some companies, especially the telcos, huge collectors and controllers of personal data, are already putting in place measures to deal with what is yet to become law. The day that law is gazetted, new duties, responsibilities and liabilities as to personal data will arise.
Court cases could start the very next day, especially on the further use of personal data. Few are preparing for this; many will be caught out, especially now that we have an engaged, almost consistently activist, population. One wrong text message, especially a marketing one, could lead your company to huge liabilities.
The private security regulations have been here for almost three and a half years. It is deemed that this was adequate time for companies and individuals to prepare for it. While an extension is, definitely, reasonable and expected, it is poor business practice to rely and hope on that. The government could extend the time but your clients may require the licence before extension of contract.
A few companies are, indeed, embracing regulation and setting themselves to full compliance by January 5. Ironically, it is the small hungry companies on this quest. When the chaos start once the government draws the red line, whenever that will be, they will be safely on the other side, waiting to reap the rewards.
The government should also itself speak out on the issue and fear among many business owners that it wants to shut down businesses. Regulatory compliance is, indeed, a business disrupter and comes with new, heavy costs. It is one thing to encourage compliance and another to threaten business closure. Compliance is a continuous process and many of the requirements can only be achieved with time.
Mr Nkaari is the country director, Elite Security Academy. [email protected]ite-int.co.uk