BUSINESS ETHICS, GOVERNANCE, RISK AND REGULATION

We consider sound corporate governance, ethical behaviour, robust risk management and regulatory compliance to be fundamental to our commercial sustainability. If the business is not run in an ethical, transparent and accountable manner, Safaricom is likely to be impacted by legal and reputational risks, as well as being disadvantaged as a result of eroded employee and investor trust and confidence, which quickly translates into lost opportunities and diminished success.

As part of our ongoing commitment to the SDGs, we continued to align our efforts regarding ethics, governance, risk and regulation with fi ve of the goals that represent areas over which we are able to achieve signifi cant impact in our own business and amongst our stakeholders: promoting ethical business practices and fighting corruption in all its forms within Safaricom (SDG16) and within the wider business community (SDG17); pledging to create a non-hostile and secure workplace (SDG8) within which all employees are treated equally (SDG10); and striving to provide universal access to high quality information and communications technology for Kenyan citizens through our network (SDG9) as part of our work with the regulators.We publish this report to disclose the progress we have made towards our goal of building a more sustainable future.

Since 2012, we have been documenting our sustainability journey because we believe in holding ourselves accountable by sharing our successes, our challenges and our constraints in a public, transparent and open manner. We also publish this report because we believe that we have a duty to raise awareness of the sustainability challenges we face as a society and to ensure that these remain part of the discussion in Kenya and around the world.

KEY FOCUS AREAS DURING THE YEAR

Regulation
(monitoring and responding to all regulations)
Compliance
(ensuring compliance to all regulations, policies and procedures)
Economy
(impact of slow economic growth on the business)
Market disruptions
(technological changes, in particular)
Security
(physical security of personnel and equipment, especially in high-risk areas)
Fraud and corruption
(both internal (Safaricom-related) and external (customer-related))

CORPORATE GOVERNANCE

We ensure that Safaricom is run in an ethical, transparent and accountable manner by having strong governance processes and structures in place, along with explicit guiding principles and clear lines of responsibility.

The Board of Directors of Safaricom is, ultimately, responsible for corporate governance throughout the organisation and the behaviour of members is governed by an explicit Governance Charter. Members of the board also undergo collective and individual performance assessments at least once annually. The board meets at least four times a year.

RISK MANAGEMENT

Our governance objectives are supported by our risk management processes. The Audit and Risk Committee reviews and assesses the risk management processes of the company and ensures the adequacy of our overall control environment. Our risk management initiatives are led by the Director of Risk Management. We use a combination of risk assessments, audit and fraud reviews to monitor and manage risk throughout the company. We also benchmark ourselves against other world-class companies and leading telecommunications operators globally and independent assurance is provided through both internal and external audit functions. As a company, we also endeavour to apply the Precautionary Principle  to all our activities to help ensure that we continue to act as a responsible corporate citizen.

Demographics of the Board

Monitoring Corruption and Fraud

Please refer to the ‘Our Governance’ section of the 2018 Safaricom Annual Report at https://www.safaricom.co.ke/investor-relation/financials/reports/annual-reports for more information regarding our governance structures and reporting processes.

Overall, we are satisfied with the performance of our monitoring processes during the year. The processes we employ appear to be an effective combination. The one change we intend to make next year reflects the growing maturity and sophistication of our approach. In FY19, we intend to conduct risk assessments at the departmental level, rather than the current divisional level. This new approach will triple the number of assessments we need to conduct within the year, but it will enable us to monitor operational risks at a much more detailed, granular level.

Addressing Corruption and Fraud

While it is difficult to accept any number of disciplinary actions and dismissals, we are satisfied with our ability to detect and investigate unethical behaviour. Regrettably, we recognise that it is unlikely a business the size of ours will ever be free from fraud entirely and that the better we get at detecting it, the more effectively it is concealed. It is also worth noting that it is 10 warnings and 43 dismissals out of 5,556 employees. Overall, our main goal remains to have procedures in place that show that we are proactively detecting, investigating and penalising wrongdoing.

Helping customers tackle fraud

During the year, we continued to help customers safeguard themselves from social engineering attacks and the criminal syndicates that target M-PESA users.
As prevention is far better than cure, our focus remains on raising awareness of the common techniques used by crime syndicates and to offer advice on steps customers can take to prevent being defrauded. We ran a series of programmes during the year, including print, radio and digital media campaigns, along with mass market caravan road shows and other activations in rural areas.While it is difficult to accept any number of disciplinary actions and dismissals, we are  satisfied with our ability to detect and investigate unethical behaviour.

Regrettably, we recognise that it is unlikely a business the size of ours will ever be free from fraud entirely and that the better we get at detecting it, the more effectively it is concealed. It is also worth noting that it is 10 warnings and 43 dismissals out of 5,556 employees. Overall, our main goal remains to have procedures in place that show that we are proactively detecting, investigating and penalising wrongdoing.

We also continue to monitor suspicious activity on the M-PESA platform and will investigate and report suspicious M-PESA transactions within seven days to the Mobile Money Investigations Unit (MMIU), which effectively investigates cases of mobile money fraud committed by cartels and forwards such cases for prosecution.

Assuring the deployment of our new billing system

The risk management division also played an important role in the successful deployment of the CBS v5.5. billing system during the year. The deployment was considered a high-risk undertaking due to the complexity of the system and its potential impact on customers and revenue. Fifteen members of the division worked on the project for four months, as part of the larger team, and played a central role in data migration, product assurance, user access management, performance testing, redundancy testing and project governance.

ETHICAL BEHAVIOUR

Our ethics and values are the principles and standards that guide our behaviour as employees and individuals. The management Ethics Committee provides strategic direction and oversight on our ethical awareness initiatives.

We use an independent ethics perception survey and preventative measures like our continuous ethics awareness and staff anti-corruption training programmes to monitor and manage the ethical culture across all of our operations. We use our supplier Code of Conduct and the Code of Ethics for Businesses in Kenya to manage the ethical culture of our business partners.

Staff ethics training and awareness sessions

We conduct regular ethics awareness sessions with staff every year. The focus of these sessions is to address any concerns revealed by the ethics perception survey. The survey is an independent assessment of the opinions of our internal and external stakeholders conducted by the Ethics Institute of South Africa. Topics covered during the ethics awareness sessions held throughout the year included sexual misconduct, duty to report and confl icts of interest.

We achieved a 98 per cent participation rate again this year, despite training more than 1,000 additional members of staff during the year. The increase was due to the employment of additional personnel and the decision to include contract and temporary members of staff in the training sessions as well. We attribute this excellent achievement to the continued understanding of the importance of these sessions across the business.

Business partner ethics training

We continued to promote ethical business practices among our business partners during the year. We held ethics sessions and fraud training with our M-PESA agents, dealers and suppliers. We supplemented the sessions with ethics-related newsletters. Topics covered included: honest business practices; adherence to the Know Your Customer (KYC) campaign; ethical selling; fraud awareness; bribery and corruption. We also continued to mandate that suppliers sign up to the Code  of Ethics for Businesses in Kenya and will not renew their contracts unless they do so.

Every member of staff is expected to attend ethics training at least once a year. Most of the training is undertaken through face-to-face-sessions and supplemented by e-learning courses. The awareness training is tailored to address the specific ethics risks faced by the attendees.

Anti-corruption collaborations

We continued our work tackling corruption and enhancing governance and transparency both internally and within our broader business ecosystem with the United Nations Global Compact (UNGC) and the B-Team — Africa during the year. Highlights of our collaboration included the fi nalising of the Anti Corruption SME toolkit, which is now ready for dissemination, and a review of the gaps in the Kenyan Private Sector Anti-Bribery Act, which has identifi ed areas within the guidelines (procedures) described by the Act that could be more specific and detailed.

REGULATORY COMPLIANCE

We ensure that we remain compliant with regulatory requirements by assessing our processes against all applicable laws and regulations. We also engage with our regulators proactively on all issues through a variety of channels (please see the Stakeholders section on page 56 of this report for further information about these important relationships). Our engagement with regulatory bodies and compliance with regulatory requirements is managed by the Regulatory and Public Policy Department.

Communications Authority Quality of Service (QoS) compliance

The Communications Authority of Kenya (CA) is mandated by government to ensure that mobile network operators are delivering services of adequate quality. Accordingly, the CA tests every operator annually against a series of Quality of Service (QoS) measures it has developed. Operators that fail to meet any of these criteria are fi ned. The results of these tests are made available to the public and published on the CA website.

At the time of going to press with this report, the CA had not levied or imposed any fines on Safaricom. The CA introduced an enhanced framework for the measurement of the QoS of mobile networks halfway through the year. As part of this enhanced framework, the CA has introduced a new Quality of Experience (QoE) measure. The new QoE measure will use customer surveys to evaluate user experience The QoE scores will be added to the existing metrics to establish operator QoS scores.

Safaricom and other mobile network operators continue to engage the CA on the implementation of QoE, considering how subjective this type of measurement can prove to be. The Authority has begun measuring QoE, but has stated that it will not use the metric to penalise network operators while it establishes the best methodology to determine it.

Closing 2G gaps around the country

We began the challenge of constructing and commissioning of 48 2G-enabled new Base Transceiver Stations (BTS) in underserved, remote areas during the year. We were awarded the tender to deliver the BTS by the CA as part of its initiative to use the Universal Service Fund (USF) to close ‘2G gaps’ around the nation. The USF was created to support widespread access to ICT services and the ‘2G gap’ initiative aims to ensure that that there is mobile voice and data coverage in even the most inaccessible and isolated areas of the country. In spite of the onerous logistical challenges involved, we are pleased to report that we have already commissioned 30 of the 48 sites.

Network Redundancy, Resilience and Diversity (NRRD) Guidelines

During the year, the CA concluded its stakeholder consultation on the improved NRRD guidelines and regulations for ICT networks in Kenya and began a pilot period. The new guidelines are a toughening up of QoS regulations, designed to ensure network resilience and minimal disruption to customer services for business continuity. The result of the pilot, which will be run from October 2017 to June 2019, will be used to fi ne tune the thresholds of the fi nal framework.

LOOKING AHEAD

FY19 Goals

• Triple the amount of risk assessments conducted during the year (target
is 34) as part of our new, departmental-level approach
• Achieve the GSMA Mobile Money Certifi cation through an independent
audit of our M-PESA policies and practices
• Continue our efforts to raise customer awareness regarding social
engineering fraud through a wide variety of initiatives and media
campaigns
• Review our data protection policies to ensure that these are aligned
with the European General Data Protection Policy and proposed data
protection legislation in Kenya
• Continue to participate actively in the Kikao Kikuu consumer affairs
forums hosted by the CA

• Work closely with the CA and other government agencies to complete
the remaining 18 sites in our USF 2G contract
• Continue to engage government and the CA on the ongoing initiatives
highlighted in this report
• Intensify our external Child Online Safety advocacy, launching our
internal policy to an external audience and working with the CA to
develop its guidelines
• Take an active role in implementing B-Team — Africa governance and
transparency initiatives, including the launch and dissemination of the
Anti-Corruption SME toolkit with the UNGC