Is it really out with the old and in with the new when it comes to BEE?

“I run a family business, and we have been blessed with steady growth mainly because of one big client. Although we support transformation, we’ve never really needed to obtain a BEE certificate. Our big client has now informed us that unless we obtain a BEE certificate, they will not be able to do business with us anymore. We want to comply, but we are unsure about where to start, particularly because it appears as if there is also a lot of uncertainty regarding the new BEE requirements on the way?”

Your experience with your big client is part of the cascade effect that the BEE legislation in South Africa envisages to ensure that companies indirectly (or directly as in your case) place pressure on their suppliers to comply with BEE legislation. 

Right now, as you rightly remarked, there is uncertainty in the market surrounding BEE with companies finding it quite challenging to do their planning effectively. The uncertainty has largely been created by the advent of the Amended BEE Codes of Good Practice (“Amended Codes”), the Old BEE Codes of Good Practice (“Old Codes”) and the various Sector Codes of Good Practice (”Sector Codes”) that apply to specific industry sectors. Businesses are wondering whether they should still plan for compliance under the Old Codes, the New Codes or even the Sector Codes, particularly as the goals are not the same under the various codes. I will attempt to better explain the confusion:

Currently, the Amended Codes are in force (as from 1 May 2015), but a 12 month window has been granted for companies to still report under the Old Codes if they report using their financial period ending before 1 May 2015. This means that companies can still conditionally report under the Old Codes until 30 April 2016. Companies can of course also already report under the Amended Codes should they have to or choose to. This decision is the first problem which arises for many companies. 

The New Codes also make provision for certain companies to obtain “automatic” levels without going through a formal verification procedure. These companies are Exempt Micro Enterprises (“EME’s”) (under R10 million annual turnover) and all companies (including EME’s) under R50 million annual turnover with at least 51% black ownership. If companies choose to make use of this “automatic” level recognition option they only have to provide an affidavit confirming their status, but cannot as of yet obtain a BEE certificate from an accredited verification agency that confirms their automatic BEE level. This is the second problem as many companies or institutions (including government) still only accept an accredited BEE certificate and not an affidavit. To address this, such companies can apply for a BEE certificate but will then have to go through a formal verification procedure and be verified to obtain a certificate, thereby losing the benefit of an automatic level recognition and possibly also receiving a worse BEE level than they would receive with the automatic level recognition.

The third problem and area of confusion relates to the relationship between the Amended Codes and the Sector Codes. Companies that derive the majority of their income from sectors that have a Sector Code applicable to it such as construction, transport, agriculture etc. will have to report and be verified under the current Sector Codes until such time as the current Sector Codes are aligned to the Amended Codes. These Sector Codes must be aligned to the Amended Codes by 1 November 2015. But until then, the current Sector Codes will apply and companies falling within a Sector Code will not have the option of reporting under the Amended Codes and applying for “automatic” level recognition available under the Amended Codes – at least not until the Sector Codes are amended to possibly cater for this. 

In light of this confusion, it is strongly advised that you obtain the assistance of a BEE consultant that can help you understand which rules apply to your business and can guide you in establishing whether you should report under the Old Codes, Amended Codes or a Sector Code, and then assist you with the necessary planning and guidance through the verification process so that you can obtain a BEE certificate.

November 9, 2015
South Africa: The role and responsibilities of the information officer under POPIA

South Africa: The role and responsibilities of the information officer under POPIA

By now the news of the commencement date (i.e. 1 July 2020) for the Protection of Personal Information Act No. 4 of 2013 (‘POPIA’) has done the rounds and most persons who are required to comply with POPIA’s provisions are now in the midst of either implementing or updating their compliance frameworks to ensure that by the time the grace period ends and POPIA’s provisions become enforceable, on 1 July 2021, they can reasonably show the Information Regulator (POPIA’s supervisory authority) that their processing activities are compliant with POPIA’s conditions. Arguably, one of the key areas to address in POPIA compliance is the role of the information officer. PR de Wet and Hayley Levey, Director and Associate respectively at VDT Attorneys, outline the key compliance considerations with respect to the appointment and role of the information officer under POPIA.

South Africa: The Cybercrimes Act, its relationship with POPIA, and compliance

South Africa: The Cybercrimes Act, its relationship with POPIA, and compliance

During December 2021, the South African President signed the Cybercrimes Act, 2020 (Act 19 of 2020) (‘the Cybercrimes Act’) into law. This legislation is the first in South Africa to consider cybercrimes explicitly, and forms part of South Africa’s growing legislative framework on data management. But what impact does the Cybercrimes Act have on organisations operating in South Africa? In this Insight, the first on the topic of cybercrimes, PR de Wet and Davin Olën, from VDT Attorneys Inc, provide an overview and unpack how the new legislation slots into the existing South African regulatory universe, with specific reference to the Protection of Personal Information Act, 2013 (Act 4 of 2013) (‘POPIA’). The article also provides an overview of the applicable business processes which South African companies would need to consider in ensuring compliance with the Cybercrimes Act.

South Africa: Cloud regulation and POPIA – what remote computing services need to know

South Africa: Cloud regulation and POPIA – what remote computing services need to know

While cloud services had seen small-scale uptake within South Africa prior to 2020, the national working environment was fundamentally challenged by the onset of lockdown regulations following the COVID-19 pandemic. As staff members were required to stay at home, many organisations were obliged to shift their data onto cloud platforms for staff members to continue working. In many instances, this emergency operational modification did not consider the legislative implications of data migrations and, following the relaxation of lockdown regulations, companies have been forced to consider the risk and compliance aspects of their migration.

Sign up to our newsletter

Pin It on Pinterest