The Board of Directors (“Board”) of RFS views a robust and effective compliance process as a necessary and integral part of the day-to-day operations. The compliance process is based on the recommendations of the NamCode, the Corporate Governance Code for Namibia.

A compliance requirement is defined as a law (legislated or common law), regulation, government directive, industry code or standard, permit or license or a business-related requirement i.e. internal policy/procedure or contractual agreement that the Company is legally obliged to comply with.

As recommended by the Code, the Board holds ultimate compliance responsibility. The Board sets compliance policies and ensures that these policies, as well as associated processes to implement these policies, function effectively. The Manager: Internal Audit, Compliance and Risk Management is responsible to facilitate the compliance process whilst the executive director responsible for a specific functional area is ultimately responsible to ensure day-to-day compliance on an operational level.

The compliance process that RFS implemented can be summarised as follows:

1. Identification of all relevant legislation. This includes new laws and regulations or amendments to existing laws and regulations.

2. Identify compliance requirements applicable to the company.

3. Interpret and understand legislation and determine impact of it on the company. Where deemed necessary and appropriate, EXCO can assemble an appropriate team to do a detailed interpretation of legislation to understand and determine the impact of it on the company. This impact can include aspects relating to employees, systems, procedure and/or clients. Where necessary, expert advice (e.g. legal, actuarial, etc.) can be obtained depending on the circumstances.

4. Change/implement systems and processes to ensure compliance. The EXCO appointed team should take responsibility to make the necessary changes to systems and procedures to ensure that the new compliance requirements are embedded in the day-to-day activities. Where the changes are considered significant, a proper project management process is followed.

5. Ensuring continuous compliance. The staff identified as being responsible to ensure day-to-day compliance and their immediate senior take responsibility for the continuous compliance requirements. In addition, a 6-monthly compliance review is conducted by the Manager: Internal Audit, Compliance and Risk Management based on the content of the compliance register.

6. Maintain a compliance register. The Manager: Internal Audit, Compliance and Risk Management, in cooperation with the executive directors is responsible to maintain a centralised compliance register which is updated as and when new compliance requirements are identified. This register is accessible to all relevant staff.

7. Reporting and communication. Reporting on compliance matters is done as a minimum on a 2-monthly basis to the Internal Audit Committee and to the EXCO whilst it is included in the agenda of every Board meeting. This reporting includes, but is not limited to, the results of the 6-monthly compliance review conducted by the Manager: Internal Audit, Compliance and Risk Management, changes to legislation/new legislation and the impact of these changes, implementation plans and progress against these plans that will ensure timely compliance, and any cases of non-compliance, the possible/actual impact and corrective measures taken to prevent the re-occurrence.