The African National Congress and South African mining
The mining industry is poised on a knife’s edge with its future largely dependent on what the ANC's newly installed management team does in the months ahead. It is the time for level heads and an appreciation by all stakeholders of the daunting future the country will face if we fail to rebuild our once thriving mining industry. Labour has to appreciate the impact of very real cost constraints; mining companies must accept that there is a historical cost and context of doing business in South Africa; and government needs to be business savvy, and not play politics!
A strong mining industry - requires a solid foundation. South Africa's current mining policy and stakeholder relationships have created a frail industry which is undesirable to investors. The current mining policy emerged within a vacuum - devoid of proper economic analysis and removed from the realities of the markets and investors. Widespread dissatisfaction with the mining policy has resulted in creation of a crippling trust deficit - with the Department of Mineral Resources (DMR) and Zuma protégé, Minister Mosebenzi Zwane in one corner, and industry and stakeholders in the other.
Much of the discontent relates to policy development aimed at transforming the industry - the Mining Charter III and the Mineral and Petroleum Resources Development Amendment Act, 2013. The implementation of both of the Mining Charter III and the Amendment Act has been fraught with uncertainty, with the latter having been held up in parliamentary processes for over 4 years. The Mining Charter III proposes an increase in the ownership targets for historically disadvantaged South Africans to 30%; the creation of more onerous ownership requirements for suppliers to the industry; and demands that research and development be focused locally, ideally at previously disadvantaged universities. Similarly, the Amendment Act contemplates the introduction of compulsory local beneficiation requirements, adds more complexity to the already onerous "section 11" and does away with the long practised first-in-first assessed application system (opening the door to (more) fraudulent practices). Discontent is not based solely on what the Amendment Act includes, but also on what it lacks. While it purports to encourage investment, the Amendment Act makes no mention of "MPRDA Lite", a touted less onerous regime for junior miners and explorers, the inclusion of which would certainly make South Africa a more appetising investment destination.
Investors are not opposed to transformation but are exasperated by government's continued failure to properly consult with business and labour when developing policy. Increasingly investors are looking to other destinations like Botswana, Mozambique, Namibia, Zambia and given recent developments, potentially Zimbabwe, as preferable to South Africa. This diversion of investment comes at a time in which we are experiencing very low economic growth coupled with wide-spread corruption. The weakening of the mining industry, which has historically brought significant value to the South African economy, can only serve to continue this trend.
There is no doubt that the goals behind the Mining Charter III and the Amendment Act are laudable and necessary - but nothing can be achieved without the full buy-in of industry. The best solution to overcome the current impasse would be for all stakeholders to sit down, to discuss and formally agree on the vision for the mining industry and then approach the practicalities of how it can be achieved.
The possibility of such a solution playing out has become tangible following the conclusion of the ANC Elective Conference. Post-conference, the newly appointed ANC President, Cyril Ramaphosa, expressed opposition towards the implementation of the Mining Charter III. If Ramaphosa is not merely politicking, then there may be light at the end of the tunnel. Confirmation of Ramaphosa's sentiments coupled with stronger commitment by the leadership to build a more efficient and less corrupt administration will result in a reinvigoration of the South African mining industry.
These good things coupled with South African resilience are the essential elements to success. Whether in the form of a lekgotla, volksberaad or townhall, we need to meet each other and do so soon!
Jonathan Veeran, Partner at Webber Wentzel
NormCyber: enterprise-level cybersecurity for the midmarket
As the digital transformation of organisations across every sector increases, so too does the cyber threat landscape and risk of a serious data breach. The adoption of new and innovative technologies, the greater use of data and, more recently, the shift to remote working as a result of the global COVID-19 pandemic, mean that the development and implementation of an enterprise-level, robust cyber security and data strategy is crucial.
This is where NormCyber enters the equation. The business, which was founded in 2013, offers a leading portfolio of Cyber Security and Data Protection as a Service products for mid-market businesses. These services are driven by three core ‘protection pillars’: people, process and technology. Pete Bowers, is Chief Operating Officer (COO) at the company, having joined at the start of 2020. Prior to this, Bowers accumulated a broad scope of cybersecurity and technology experience that enables him to drive the NormCyber proposition.
The approach to security and data protection has grown exponentially across the board, he explains. “Over my career I’ve spent time on both the supplier side - so, working for a managed network services business providing technology solutions - and the customer side, running a small consultancy. It made me aware of the gaps that exist between what service providers want to sell and what customers need or consume. I saw NormCyber as a great opportunity to put that knowledge into practice, having that experience of multiple businesses and the deployment and strategy around technology verticals was invaluable.”
NormCyber provides its services across two areas: Cyber Security-as-a-Service and Data Protection-as-a-Service. On the former, Bowers explains that “we offer a comprehensive proposition for mid-market customers that meets all their cybersecurity challenges. The cyber threat is exploding, particularly over the last three or four months, and businesses in the mid-market – with a turnover of between £10mn and £250mn - are typically under provisioned both from a technology and cyber security perspective. Cybersecurity skills in particular, such as those that we offer, are often pretty hard to come by and can be expensive for these companies.
“With that in mind, we offer a holistic solution that addresses all areas of cyber security and protects businesses across the three pillars of people, process and technology,” he continues. “It’s a single solution that certifies businesses to crucial security certifications, we train and test employees to build out the ‘human firewall’ to enable them to be more cyber aware, and we deploy technology solutions that highlight vulnerabilities and provide real protection across the business wherever its IT assets may reside. It’s a service that overlays any existing technology investments, which is really important when businesses are going through rapid digital transformations. We don’t change any of those broader, strategic decisions, we sit around them and act as the eyes and ears. Customers can take the service as a whole package or as modules on a subscription basis for as long as they want. On the data protection side, we work with customers to ensure they operate within the GDPR regulations, that they are compliant but also to help them to grow by developing and implementing good data protection standards that allow a business to demonstrate that it can be trusted with customers’ private and personal data. We bring all these components together through our multi-level reporting and online Visualiser to clearly demonstrate to a Board, management team and technical team how protected the business is and where it can improve.”
These two areas are becoming increasingly important to businesses largely due to three key drivers, says Bowers. There is, for example, increased pressure from regulators, investors and customers to ensure that businesses have effective measures in place. Businesses are also becoming increasingly aware of the threat and potential impact of an attack. They therefore want to protect their business but also grow it by demonstrating that they can be trusted with confidential data and that they take information security seriously. Or, unfortunately some businesses, particularly recently, only realise after the event that they need to address the challenge. Which means that they have suffered a cyber breach, and therefore need to implement the necessary measures and controls to mitigate and manage not only the current impact but the possibility of it happening again.
NormCyber works with clients across a broad range of industries, including CRU Group, a leading business intelligence provider in mining, metal and fertiliser commodities. “We’ve been working with CRU for over three years,” says Bowers, “and they are very much a business focused on developing innovative products and services which are founded upon technology. Having that focus means that any supporting or operational activities, such as those services that we provide, are commissioned out to experts in their respective fields. We provide a fully outsourced cyber security and data protection service that addresses every aspect of CRU’s cyber strategy, including user training, network, cloud and endpoint protection, ongoing penetration testing and vulnerability management, as well as data protection services. For a company as geographically dispersed as CRU is, and which needs to maintain control and have visibility over so many endpoints, having the peace of mind that we provide is essential.”
Understandably, providing such an essential service requires the fostering of a close, collaborative relationship, says Bowers. To this end, NormCyber acts as a trusted adviser, he notes, which extends to providing expertise and knowledge more broadly where appropriate. “We work with CRU on providing cyber security and data protection services, but also on digital transformation in a wider sense. When you work in cyber security, and you look at the technology experience across our business, then you’re able to provide guidance and advice on certain business decisions and considerations, which means we can give added value to customers too.”
Such an approach stands NormCyber in good stead for both continuing to strengthen existing relationships, such as that with CRU, and to take advantage of opportunities as the market develops. On the first, Bowers believes the relationship with CRU will continue for many years. “For us, it’s all about ensuring we are with customers at every step of their journey, bringing in the right services when they are needed and protecting the business into the future. More broadly, I think that we’re well placed to deal with any disruption or change brought about by COVID-19, both for us and our customers. We’re able to bring the right services when they are needed, and we’ll continue to develop that package further to meet future needs.”