Most serious legal and commercial risks do not announce themselves dramatically. They enter organisations insidiously through small, temporary gaps — often unnoticed — only to make their impact felt much later and at significant cost.

This insight was reinforced during a recent conversation with a former colleague. What began as a brief reconnection soon turned into a discussion about decisions made during periods of pressure and limited capacity — and how those moments, often dismissed as temporary or manageable, later became the source of significant legal, operational, and reputational consequences.

When Temporary Gaps Become Permanent Risk

In today’s highly competitive environment, organisations are often required to operate with temporary vacancies at Exco or senior management levels. When these gaps occur simultaneously, the organisation’s protective framework — its ability to identify, assess, and manage risk — is materially weakened.

From a risk perspective, the most critical resources are not always at the top of the hierarchy. The loss of legal and people-risk oversight — particularly within legal and human resources functions — at key decision points creates the greatest exposure. These roles act as early warning systems; without them, organisations frequently only appreciate the true cost of decisions long after they have been made.

The Real Costs of Inadequate Risk Oversight

The risk of this exposure is simply not worth it. Hefty fines and costly lawsuits are substantial on their own, but they are not the only concern. Consequences can be as severe as directors being held personally liable, facing criminal charges, or the suspension or revocation of a business licence, which can bring operations to a standstill. The reputational loss with customers, stakeholders, and even insurers can be irreversible.

A compelling example of the high cost of non-compliance is the recent matter involving Sasfin Bank. In August 2024 the South African Reserve Bank (SARB) imposed penalty fines totalling R209.7 million, following an earlier R500 000 administrative penalty in 2019 for weaknesses in Financial Intelligence Centre Act (FICA) training and internal rules. Investigations revealed that contraventions — linked to weak controls — dated back to 2014. Although Sasfin conducted an internal investigation and took action against staff and clients, SARB’s independent findings confirmed contraventions of FICA, the Exchange Control Regulations, and the Banks Act.

The controls that were intended to safeguard against these risks were ineffective for years. Sasfin’s regulatory challenges have continued: the South African Revenue Service is pursuing damages of approximately R4.87 billion against the bank. The severity with which this case was handled serves as a clarion call for organisations to ensure robust compliance with regulatory obligations.

Temporary Gaps in Systems Are Not Harmless

Companies cannot afford to allow gaps in their compliance systems, whether temporary or ongoing. Compliance processes are only effective as long as they remain relevant, monitored, and reinforced. Supporting human resource practices and policies — such as mandatory leave rotation to help detect irregularities — need to be in place. Governance processes must be prioritised, and where temporary resource gaps occur, alternative measures must be implemented to ensure that the situation does not become a breeding ground for long-term detrimental consequences.

---

How to Strengthen Compliance and Risk Oversight

Here are practical measures organisations should prioritise:

Set the tone from the top down
Leadership must champion compliance, ensuring appropriate policies and training plans are in place and actively supported.

Understand your compliance landscape
Develop a clear regulatory universe — a register of what you are expected to comply with.

Design effective risk and compliance systems
Create a compliance and risk management plan with meaningful checks, controls, and accountability.

Communicate regulatory changes
Ensure internal stakeholders understand regulatory developments and their implications.

Seek expert guidance
External legal and governance insight adds perspective and supports effective risk mitigation at all times and

Early Insight Matters

South African jurisprudence consistently underscores that procedural and governance shortcomings are not technicalities — they are substantive failures. Courts have upheld that where organisations lack adequate oversight during restructuring, employment decisions, or regulatory compliance, the outcome often favours affected parties, reinforcing the need for proactive risk management.

Boards and executives who proactively address potential risks are less likely to experience litigation, fines, or operational disruption. Early insight and sound judgment matter — and engaging experienced legal advisors can make the difference between manageable challenges and lasting consequences. If your organisation is navigating regulatory complexity, governance challenges, or periods of change — whether driven by temporary gaps or ongoing operational pressure — an early conversation can help identify where legal and people-risk exposure may exist and what practical steps can be taken to mitigate it.

About the Author
Samantha Govender is an admitted attorney and founder of Clause & Counsel, advising organisations on employment risk, workplace governance and commercial structuring.

This content is provided for general informational purposes only and does not constitute legal advice. No attorney-client relationship is created. Specific legal advice should be sought based on individual circumstances