This archive report was first published on 9 October 2019.
As the January 5, 2020 deadline for registration of private security firms draws near, it appears increasingly unlikely that many companies will meet the deadline. The Private Security Regulatory Authority has been quiet since the gazettement of the Private Security General Regulations on July 5.
History shows that government-driven compliance is often the most effective way to get businesses to comply with new regulations or laws in Kenya. However, some companies, especially those with a strong market presence or those looking to grow, have shown that compliance can be a business-driven initiative.
Under the 'Michuki rules,' companies that complied with regulations were rewarded with establishment of trustworthy brands. Companies like Citi Hoppa, Double M, and Compliant established themselves in the city transport landscape, while Mololine cemented its position as a market leader in the Nairobi-Nakuru route.
Companies that were proactive in complying with regulations were seen as trustworthy, reliable, and mindful of customer safety and security. They continue to benefit from this brand equity. In contrast, companies that failed to comply with tax regulations have faced difficulties with the Kenya Revenue Authority and their regulators.
Today, compliance is no laughing matter, and it doesn't matter how big or connected a company is. If a business is out of the regulatory environment, it is likely to be shut down. Judicial injunctions and orders have failed to rescue companies that were deemed non-compliant.
Another dimension of compliance is that businesses that anticipate new regulations and put in place measures to deal with them early are better prepared. The Data Protection Bill is currently in its final stages in parliament and could become law this year. Some companies, especially telcos, are already preparing for the new law by putting in place measures to deal with personal data.
When the Data Protection Bill becomes law, new duties, responsibilities, and liabilities related to personal data will arise. Court cases could start the very next day, especially on the further use of personal data. Few companies are preparing for this, and many will be caught out, especially with an engaged and activist population.
The private security regulations have been in place for almost three and a half years, and it is deemed that this was adequate time for companies and individuals to prepare for them. While an extension is reasonable and expected, it is poor business practice to rely on it. The government could extend the time, but clients may require a license before extending a contract.
A few companies are embracing regulation and setting themselves up for full compliance by January 5. Ironically, it is the small, hungry companies that are on this quest. When the chaos starts, they will be safely on the other side, waiting to reap the rewards.
The government should also speak out on the issue and address the fear among many business owners that it wants to shut down businesses. Regulatory compliance is a business disrupter and comes with new, heavy costs. It is one thing to encourage compliance and another to threaten business closure. Compliance is a continuous process, and many requirements can only be achieved with time.