A Decade of Compliance: Lessons from 10 Years of Guiding African Enterprises Introduction: Why Compliance Matters More Than Ever 

Compliance isn’t glamorous. It doesn’t usually make the front page when done right, but when it fails, it dominates headlines. From TikTok’s €345 million GDPR fine in 2023 to the MOVEit data breach that exposed millions of personal records, businesses across the world have been reminded that trust, security, and vigilance are not optional extras. 

For businesses everywhere, whether small, mid-sized, or corporate, the stakes are high. Enterprises operate in fast-changing markets, under diverse regulatory frameworks, with evolving financial systems and heightened scrutiny from partners, customers, and regulators. Weak compliance doesn’t just risk financial penalties; it can also undermine trust, damage reputations and cost companies the very relationships that sustain their growth. 

At Pétanque NXT Africa, we’ve spent the past decade helping businesses navigate this complexity. From data privacy to anti-money laundering (AML) and counter-terrorist financing (CTF), from risk management to the governance of disruptive technologies like AI, our mission has remained consistent: to make businesses safe, resilient, and trustworthy - one enterprise at a time. 

The Journey: From Vision to Trusted Partner 

When we launched Pétanque NXT Africa in 2015, our vision was clear: help businesses thrive by creating clarity around compliance and risk. Many of our early clients were grappling with the same issues: fragmented data, siloed risk management, and a sense that compliance was a “necessary and grudge element” rather than a strategic enabler. 

Over time, our role expanded beyond consultancy. We began forming partnerships with global leaders to bring best-in-class compliance solutions to our clients. With PrivIQ, we introduced the versatile data privacy platform that simplified compliance across our South African and the USA clients’ organisations, helping to manage the operational reality of privacy regulations like GDPR, POPIA, CCPA and others.  

With LexisNexis, we support their clients in implementing AML and CTF compliance software, guiding them through onboarding and training.  We also provide ongoing support to ensure customer due diligence, ultimate beneficial ownership checks, and suspicious activity reporting are effectively embedded into daily operations. 

The journey hasn’t been without challenges. We’ve had to balance different legal regimes, bridge skill gaps within client teams, and overcome resistance to change. Yet each challenge reinforced why compliance is central to resilience: without trust, businesses cannot grow. 

Case Study 1: AML in the Financial Sector 

A financial services firm was struggling to AML requirements across multiple jurisdictions. Manual screening processes were missing red flags, creating exposure to regulatory penalties. Partnering with us and LexisNexis, they implemented a robust AML framework that automated politically exposed person (PEP) and sanctions screening, tightened customer due diligence, and created auditable records.  Their risk exposure dropped sharply. 

Evolution of Compliance: Then vs. Now 

When we look back to 2015, compliance was often reactive. Companies waited for regulators to issue guidelines or fines before taking action. Privacy was narrowly understood as keeping data “safe” rather than respecting people’s rights. AML was still emerging outside the largest financial institutions. AI and digital transformation were barely part of the compliance conversation. 

Today, the picture is dramatically different: 

• Data privacy is now seen as a core business risk. With the enforcement of POPIA in South Africa and stricter GDPR measures in Europe, companies must show evidence of compliance daily, not just annually. 

• AML/CTF requirements have expanded to industries beyond banking, from telecommunications to real estate, requiring broader vigilance. 

• Risk management has become multidimensional, blending governance, operational resilience, cybersecurity, and environmental, social and governance (ESG) considerations. 

• AI governance is emerging as the next frontier. How businesses use data, algorithms, and automation is now tied directly to trust and compliance. 

This shift has transformed compliance from a “tick-box exercise” into a strategic differentiator. 

Case Study 2: Privacy in an Events Company 

An established events company, serving a wide portfolio of corporate clients, was facing increasing pressure to demonstrate strict adherence to data privacy requirements. Clients wanted assurance that attendee data - ranging from personal details to payment information - was managed responsibly and in line with POPIA and GDPR standards. 

Working with us and PrivIQ, the company rolled out a structured privacy program across its operations. Staff were trained to handle personal data securely, policies were updated to meet client and regulatory requirements, and a live evidence portfolio was created to provide instant compliance proof during client audits. 

The result: the company not only retained key corporate contracts but also strengthened its competitive edge, winning new business by being able to demonstrate robust data privacy compliance as part of its value proposition. 

Lessons Learned: What a Decade Has Taught Us 

Reflecting on 10 years, several lessons stand out: 

1. Compliance is about people, not just policies 

Software, frameworks, and policies are essential, but people remain at the heart of compliance. From frontline employees doing KYC (know your customer) checks to executives setting the tone for governance, culture shapes outcomes. 

2. Evidence beats intention 

Good intentions are not enough. Regulators and clients alike demand documented evidence: policies updated, risk registers maintained, incidents logged, and actions taken. That’s why our work with platforms like PrivIQ has been so effective - it creates living portfolios of evidence that can be demonstrated instantly. 

3. Compliance helps win and keep clients 

Increasingly, businesses don’t just face scrutiny from regulators - they’re asked by their customers and partners to prove compliance. For organisations and enterprises  being able to show privacy and risk controls can be the difference between keeping or losing a contract. Compliance is now a business development advantage. 

4. Integration creates clarity 

For years, companies treated AML, privacy, and risk as separate silos. But threats rarely arrive neatly packaged. A data breach can trigger privacy violations, financial fraud, and reputational damage all at once. Integrated compliance frameworks reduce duplication, close blind spots, and simplify audits. 

5. Training multiplies impact 

Compliance cannot live only with specialists. Training staff - like the creation of data stewards in our governance programs - ensures accountability is distributed. When employees understand both the risks and their role in managing them, compliance shifts from being a policy to being part of daily practice. 

6. AI changes the game 

The rollout of AI across sectors creates new compliance frontiers. From algorithmic bias to automated decision-making, companies must govern not just their data but how that data is used. 

7. Businesses can lead, not just follow 

Too often, companies see compliance as a burden imposed by regulators. In reality, forward-looking businesses can set the standard by embedding privacy, governance, and AML controls early. Those who do, gain trust not only from regulators, but from customers, partners, and global markets. 

Case Study 3: Building Data Governance Capability in a Scaling Business 

A rapidly scaling company reached a critical point: data was flowing faster than its governance structures could keep up. With new markets, clients, and compliance requirements on the horizon, leadership recognised that unmanaged data presented both a business risk and a privacy concern. 

Pétanque NXT was engaged to design and deliver a Data Governance training program tailored for their teams. The focus was on upskilling an internal network of data stewards - staff who could champion data governance within their business units. 

Over a series of interactive sessions, participants were trained to: 

• Understand the fundamentals of data governance and why it matters 

• Recognise how poorly managed data can create operational, compliance, and reputational risks 

• Connect data governance principles with data privacy obligations under GDPR, POPIA, and client contracts 

• Guide their teams in day-to-day practices, from data quality checks to access control and retention policies 

The outcome was more than just knowledge transfer. The company created a distributed data governance culture, where data stewards became trusted advisors to their colleagues. Teams began managing data with risk and privacy in mind, while executives gained confidence that governance was embedded at every level. 

Challenges Overcome and Milestones Reached 

We’ve faced resistance: leaders worried that compliance would slow them down, staff fearful of new systems, or boards reluctant to invest in non-revenue-generating functions. Yet through persistence and partnership, those barriers have been broken down. 

Some milestones we’re proud of: 

• Serving clients across two continents, with tailored compliance frameworks for South Africa, Africa, and the USA. 

• Launching compliance software adoption, helping clients digitise privacy and AML records for easier management. 

• Training and empowering client employees, ensuring compliance isn’t abstract but woven into daily workflows. 

• Building partnerships with global leaders like PrivIQ and LexisNexis, ensuring our clients benefit from cutting-edge solutions. 

What’s Next for the Industry? 

As we look ahead, several forces are reshaping compliance. By 2026 and beyond, three trends will dominate the global conversation: 

1. AI Regulation and Governance 

Artificial intelligence is no longer experimental - it’s embedded in daily business operations, from fraud detection to recruitment to customer analytics. But with power comes scrutiny. The EU AI Act introduces the world’s first comprehensive AI regulatory framework, classifying AI systems by risk levels and imposing obligations around transparency, data quality, and human oversight. 

For businesses everywhere, this means moving quickly to ensure their AI deployments are explainable, auditable, and free from bias. AI governance is set to become as critical as data privacy already is today. 

2. Cross -Border Data Governance 

Data is the currency of global commerce, but it increasingly faces regulatory walls. The EU-US Data Privacy Framework (adopted July 2023) and South Africa’s POPIA highlight how countries are asserting sovereignty over personal data flows. 

For mid-sized and scaling businesses, this can feel daunting. Yet cross-border compliance is no longer optional: clients and regulators expect companies to manage personal data responsibly across multiple jurisdictions. The winners will be those who adopt integrated data governance frameworks that allow them to comply with POPIA, GDPR, and other regimes simultaneously. 

3. Integrated Risk and ESG 

Environmental, Social, and Governance (ESG) reporting is converging with compliance. The IFRS International Sustainability Standards Board (ISSB) released its first global sustainability disclosure standards in 2023 (IFRS, 2023), and regulators worldwide are weaving ESG into corporate accountability. 

Compliance leaders will continue to respond to this shift: risk management must include not just financial and operational risks, but also climate, human rights, and governance disclosures. In practice, compliance teams will increasingly partner with sustainability teams to ensure consistency and credibility in reporting. 

The Common Thread 

Whether it’s AI, data, or ESG, the direction is clear: compliance is moving at an increasing pace from reactive box-ticking to proactive governance that builds trust. Companies that embed these practices early won’t just avoid penalties - they’ll gain reputational advantage, win clients, and strengthen their resilience. 

In Closing: Building Better Businesses 

At Pétanque NXT Africa, our mission remains the same: to support businesses against the threats of financial crime, cyberattacks, data misuse, regulatory failures, and reputational damage. We believe that when businesses are safe and trustworthy, they create stronger economies and better futures. 

This anniversary isn’t just about looking back - it’s about setting the tone for the next decade. Compliance will keep evolving, but the fundamentals - clarity, vigilance, and trust - remain constant. 

This blog is the first in our 10-year anniversary series on compliance and risk. Each week, we’ll dive deeper into key topics: from AML to privacy, from AI to audits. 

👉 Follow our blog series and LinkedIn campaign as we share insights, lessons, and foresight to help you navigate the future of compliance with confidence. 

Disclosure: Conceptualised and prompted by Dr. Michélle Booysen, CEO  -  Pétanque NXT Africa, refined and structured by ChatGPT 5.0.