Regulatory Compliance
--
Overall Compliance
Across all frameworks
--
Active Regulations
Monitored frameworks
--
Compliance Gaps
Requiring attention
--
Upcoming Deadlines
Within 30 days

Data Protection Act No. 3 of 2021

Personal data protection and privacy regulations (Regulated by: Data Protection Commission)

Compliance Score 78%
Requirements 45
Controls Mapped 35
Gaps 10
Key Requirements
Requirement Status Control Evidence Actions
Data Subject Consent Management Compliant Consent Management System 3 documents
Data Breach Notification (72 hours) Partial Incident Response Plan 2 documents
Data Protection Impact Assessment Non-Compliant Not Mapped None
Data Subject Rights Management Compliant Rights Management Portal 5 documents
Cross-Border Data Transfer Controls Partial Transfer Agreements 1 document

Bank of Zambia (BOZ) Regulations

Financial sector regulations and prudential requirements

Compliance Score 92%
Requirements 68
Controls Mapped 63
Gaps 5
Key Requirements
Requirement Status Control Evidence Actions
Capital Adequacy Requirements Compliant Capital Management Framework 4 documents
Liquidity Risk Management Compliant Liquidity Management System 6 documents
AML/CFT Compliance Compliant AML Monitoring System 8 documents
Regulatory Reporting Partial Reporting Framework 3 documents

National Pension Scheme Act

Pension scheme administration and compliance requirements

Compliance Score 98%
Requirements 82
Controls Mapped 80
Gaps 2
Key Requirements
Requirement Status Control Evidence Actions
Member Registration Process Compliant Registration Management System 7 documents
Contribution Collection & Recording Compliant Contribution Management System 10 documents
Benefits Administration Compliant Benefits Processing System 12 documents
Investment Management Guidelines Compliant Investment Policy Framework 8 documents
Actuarial Valuation Requirements Partial Actuarial Framework 4 documents

Employment Act of Zambia

Labor law compliance and employee rights protection

Compliance Score 85%
Requirements 54
Controls Mapped 46
Gaps 8
Key Requirements
Requirement Status Control Evidence Actions
Employment Contracts Compliant HR Management System 5 documents
Working Hours & Overtime Compliant Time & Attendance System 3 documents
Leave Entitlements Partial Leave Management System 2 documents
Termination Procedures Compliant HR Policies & Procedures 4 documents

Competition and Consumer Protection Commission (CCPC)

Competition law and consumer protection compliance

Compliance Score 88%
Requirements 36
Controls Mapped 32
Gaps 4
Key Requirements
Requirement Status Control Evidence Actions
Fair Competition Practices Compliant Competition Compliance Policy 3 documents
Consumer Rights Protection Compliant Customer Service Framework 5 documents
Merger & Acquisition Compliance Partial M&A Guidelines 2 documents

Anti-Corruption Commission Act

Anti-corruption and integrity compliance requirements

Compliance Score 95%
Requirements 28
Controls Mapped 27
Gaps 1
Key Requirements
Requirement Status Control Evidence Actions
Anti-Corruption Policy Compliant Ethics & Integrity Framework 6 documents
Whistleblower Protection Compliant Whistleblower System 4 documents
Conflict of Interest Management Compliant COI Declaration System 5 documents
Gift & Entertainment Policy Partial Gift Register 2 documents

Regulatory Compliance Overview

Compliance Status by Framework
Upcoming Deadlines
Data Protection Act Annual Report
Due: Aug 31, 2025
BOZ Quarterly Filing
Due: Sep 15, 2025
NAPSA Benefits Audit
Due: Sep 30, 2025
Recent Regulatory Updates

Regulatory Compliance Guide

Comprehensive guide to managing regulatory compliance across multiple Zambian regulatory frameworks applicable to NAPSA operations.

1 Quick Start Guide

1
Review Frameworks

Navigate: Regulatory Frameworks tab

Review the 6 regulatory frameworks applicable to NAPSA: Data Protection, BoZ, NAPSA Act, Employment Act, CCPC, ACC Act.

2
Monitor Compliance

Check: Dashboard statistics

Monitor overall compliance percentage, active regulations count, compliance gaps, and upcoming deadlines.

3
Address Gaps

Action: Review compliance gaps

Identify non-compliant and partially compliant requirements, create action plans, and track remediation progress.

4
Track Deadlines

Monitor: Upcoming regulatory deadlines

Track submission deadlines for regulatory reports, filings, and assessments across all frameworks.

5
Run Assessments

Assess: Framework compliance status

Conduct compliance assessments (quick, detailed, gap analysis) for individual frameworks or all frameworks.

6
Generate Reports

Export: Compliance reports for regulators

Generate PDF reports for submission to regulators, Board, and management stakeholders.

2 Understanding Regulatory Frameworks

What are Regulatory Frameworks?

Regulatory frameworks are sets of laws, regulations, guidelines, and standards issued by government authorities that NAPSA must comply with. These frameworks govern various aspects of NAPSA's operations including data protection, financial management, pension administration, employment practices, competition, and anti-corruption measures.

NAPSA's Six Core Regulatory Frameworks

Data Protection Act No. 3 of 2021

Regulator: Data Protection Commission

Scope: Personal data protection and privacy regulations

Key Requirements: Consent management, breach notification (72 hours), data subject rights, cross-border transfers, Data Protection Impact Assessments (DPIA)

Bank of Zambia (BoZ) Regulations

Regulator: Bank of Zambia

Scope: Financial sector regulations and prudential requirements

Key Requirements: Capital adequacy, liquidity risk management, AML/CFT compliance, regulatory reporting, risk management frameworks

National Pension Scheme Act

Regulator: Pensions and Insurance Authority (PIA)

Scope: Pension scheme administration and compliance

Key Requirements: Member registration, contribution collection, benefits administration, investment management, actuarial valuations

Employment Act of Zambia

Regulator: Ministry of Labour and Social Security

Scope: Labor law compliance and employee rights protection

Key Requirements: Employment contracts, working hours & overtime, leave entitlements, termination procedures, workplace safety

CCPC Act

Regulator: Competition and Consumer Protection Commission

Scope: Competition law and consumer protection compliance

Key Requirements: Fair competition practices, consumer rights protection, merger & acquisition compliance, anti-competitive conduct prevention

Anti-Corruption Commission Act

Regulator: Anti-Corruption Commission (ACC)

Scope: Anti-corruption and integrity compliance

Key Requirements: Anti-corruption policy, whistleblower protection, conflict of interest management, gift & entertainment policy

3 Framework-Specific Compliance Requirements

Critical Requirements:
  1. Data Subject Consent Management - Obtain, document, and manage consent for personal data processing
  2. Data Breach Notification - Report data breaches to Data Protection Commission within 72 hours
  3. Data Protection Impact Assessment (DPIA) - Conduct DPIA for high-risk processing activities
  4. Data Subject Rights Management - Enable right to access, rectification, erasure, portability
  5. Cross-Border Data Transfer Controls - Ensure adequate safeguards for data transfers outside Zambia
  6. Data Protection Officer (DPO) - Appoint DPO and maintain independence
  7. Data Localization - Store personal data within Zambian borders (effective Jan 1, 2026)
Penalties: Non-compliance can result in fines up to 5% of annual turnover or ZMW 5,000,000, whichever is higher.

Critical Requirements:
  1. Capital Adequacy Requirements - Maintain minimum capital ratios as prescribed by BoZ
  2. Liquidity Risk Management - Implement liquidity management framework and reporting
  3. AML/CFT Compliance - Know Your Customer (KYC), transaction monitoring, suspicious transaction reporting
  4. Regulatory Reporting - Submit quarterly and annual returns to BoZ (timely and accurate)
  5. Risk Management Framework - Establish comprehensive ERM framework (credit, market, operational, liquidity risks)
  6. Internal Audit Function - Maintain independent internal audit reporting to Board
  7. Board Governance - Board composition, independence, risk committee, audit committee
Note: BoZ conducts annual regulatory examinations. Ensure all documentation and evidence is readily available.

Critical Requirements:
  1. Member Registration Process - Timely registration of all eligible members
  2. Contribution Collection & Recording - Accurate recording of employer and employee contributions
  3. Benefits Administration - Timely processing of retirement, invalidity, and survivor benefits
  4. Investment Management Guidelines - Comply with investment limits and prudent person rule
  5. Actuarial Valuation Requirements - Conduct actuarial valuations at prescribed intervals
  6. Record Keeping - Maintain accurate member records for 75 years
  7. Financial Reporting - Annual audited financial statements submitted to PIA
Best Practice: NAPSA currently maintains 98% compliance with NAPSA Act requirements - highest across all frameworks.

Critical Requirements:
  1. Employment Contracts - Written contracts for all employees within 30 days of hire
  2. Working Hours & Overtime - Maximum 48 hours/week, overtime compensation at 1.5x
  3. Leave Entitlements - Annual leave (24 days), sick leave, maternity leave (90 days)
  4. Termination Procedures - Notice periods, severance pay, procedural fairness
  5. Workplace Safety - Occupational health and safety standards
  6. Equal Opportunity - Non-discrimination in employment
  7. Minimum Wage Compliance - Comply with national minimum wage requirements

Critical Requirements:
  1. Fair Competition Practices - Avoid anti-competitive agreements and abuse of dominance
  2. Consumer Rights Protection - Transparent service delivery, complaint handling
  3. Merger & Acquisition Compliance - Notify CCPC of mergers exceeding threshold (ZMW 20 million)
  4. Price Transparency - Clear disclosure of fees and charges
  5. Customer Service Standards - Maintain service level agreements

Critical Requirements:
  1. Anti-Corruption Policy - Board-approved ethics and integrity framework
  2. Whistleblower Protection - Anonymous reporting channel with protection against retaliation
  3. Conflict of Interest Management - Annual COI declarations by all staff
  4. Gift & Entertainment Policy - Gift register, approval thresholds, disclosure requirements
  5. Due Diligence on Third Parties - Vendor screening and ongoing monitoring
  6. Training & Awareness - Annual anti-corruption training for all employees
Achievement: NAPSA maintains 95% compliance with ACC Act - recognized as a model institution.

4 Compliance Monitoring & Reporting

Monitoring Process

  1. Daily Dashboard Review
    Check overall compliance percentage and critical gaps requiring immediate attention.
  2. Weekly Framework Review
    Review each framework's compliance score, identify trending issues, and track remediation progress.
  3. Monthly Compliance Assessment
    Conduct formal assessments for at least one framework per month (rotate across all 6 frameworks).
  4. Quarterly Regulatory Reporting
    Submit required reports to BoZ, PIA, and other regulators by statutory deadlines.
  5. Annual Compliance Review
    Comprehensive review of all frameworks, update compliance documentation, and present to Board.

Reporting Requirements

Framework Report Type Frequency Deadline Recipient
Data Protection Act Annual Compliance Report Annual August 31 Data Protection Commission
BoZ Regulations Quarterly Returns Quarterly 30 days after quarter end Bank of Zambia
BoZ Regulations Annual Financial Statements Annual March 31 Bank of Zambia
NAPSA Act Annual Financial Report Annual June 30 Pensions and Insurance Authority
NAPSA Act Actuarial Valuation Triennial December 31 Pensions and Insurance Authority
Employment Act NAPSA Contributions Return Monthly 10th of following month NAPSA (for own employees)
All Frameworks Board Compliance Report Quarterly Board meeting schedule NAPSA Board of Directors

5 Best Practices

DO's
  • ✅ Review regulatory dashboard daily for compliance status
  • ✅ Track upcoming deadlines at least 30 days in advance
  • ✅ Maintain a compliance calendar with all regulatory submission dates
  • ✅ Document all compliance activities and evidence
  • ✅ Conduct internal audits before regulator examinations
  • ✅ Assign dedicated compliance officers for each framework
  • ✅ Subscribe to regulatory updates and circulars
  • ✅ Maintain open communication with regulators
  • ✅ Train staff on applicable regulatory requirements
  • ✅ Archive compliance documentation for statutory periods
  • ✅ Escalate compliance gaps to executive management immediately
  • ✅ Integrate regulatory compliance with ERM framework
DON'Ts
  • ❌ Don't wait for regulator queries to address compliance gaps
  • ❌ Don't miss regulatory submission deadlines (penalties apply)
  • ❌ Don't submit incomplete or inaccurate reports to regulators
  • ❌ Don't ignore regulatory circulars and updates
  • ❌ Don't assume partial compliance is acceptable
  • ❌ Don't work in silos - compliance requires cross-functional collaboration
  • ❌ Don't delay implementation of new regulatory requirements
  • ❌ Don't treat compliance as a one-time activity (it's ongoing)
  • ❌ Don't rely solely on external consultants (build internal capability)
  • ❌ Don't forget to update policies when regulations change
  • ❌ Don't ignore low-priority frameworks (all require attention)
  • ❌ Don't fail to report breaches within statutory timeframes

6 Frequently Asked Questions

Answer: Each department has specific regulatory obligations:

  • IT Department: Data Protection Act, BoZ (cybersecurity), NAPSA Act (systems availability)
  • Finance: BoZ Regulations, NAPSA Act (financial reporting, investment management)
  • HR: Employment Act, NAPSA Act (member contributions)
  • Compliance: All frameworks (oversight responsibility)
  • Customer Service: CCPC Act, Data Protection Act, NAPSA Act
  • All Departments: ACC Act (anti-corruption applies to everyone)

Recommendation: Consult with the Compliance Department to identify your department's specific obligations.

Answer: Missing regulatory deadlines can result in serious consequences:

Regulator Late Submission Penalty Additional Consequences
Data Protection Commission ZMW 50,000 per day (up to 30 days) License suspension after 30 days
Bank of Zambia ZMW 10,000/day for first 7 days, ZMW 20,000/day thereafter Regulatory restrictions, increased supervision
PIA ZMW 25,000 per month Mandatory compliance audit
Prevention: Use the compliance calendar, set reminders 30 days before deadlines, and prepare reports in advance.

Answer: Use the Regulations module's built-in tracking:

  1. Identify Gaps: Click on any framework tab to see requirements with "Non-Compliant" or "Partial" status
  2. View Gap Details: Click "Action Required" or "Review" button to see specific deficiencies
  3. Create Remediation: Navigate to Compliance → Remediations and create action plan
  4. Assign Owner: Assign to responsible department head with specific due date
  5. Track Progress: Monitor remediation status (Open → In Progress → Completed)
  6. Re-Assess: Once remediation is complete, conduct follow-up assessment to update compliance status

Tip: The dashboard shows total compliance gaps - use this as your daily KPI to drive down to zero.

Answer: Assessment frequency depends on framework risk and regulatory requirements:

Framework Recommended Frequency Rationale
Data Protection Act Quarterly High penalties, new regulations
BoZ Regulations Quarterly Aligns with quarterly reporting
NAPSA Act Semi-Annual Core operations, high compliance rate
Employment Act Semi-Annual Stable requirements, mature processes
CCPC Act Annual Lower risk, limited changes
ACC Act Annual High compliance rate, stable framework
Best Practice: Conduct assessments at least one month before regulatory submission deadlines.

Answer: Regulators typically request the following types of evidence:

Documentation Evidence:
  • Policies and procedures (approved by Board)
  • Process flowcharts and workflow diagrams
  • Training materials and attendance records
  • Board and committee minutes
  • Internal audit reports
Operational Evidence:
  • System screenshots showing controls in action
  • Sample transactions with approval trails
  • Exception reports and management actions
  • Incident reports and breach notifications
  • Monitoring reports and dashboards
Testing Evidence:
  • Control testing results
  • Penetration test reports (for IT controls)
  • User access reviews
  • Reconciliation reports
  • Compliance assessment reports
Golden Rule: "If it's not documented, it didn't happen." Maintain complete evidence for all compliance activities.

Answer: Stay informed through multiple channels:

  1. Official Regulator Websites:
    • Data Protection Commission: www.dpc.gov.zm
    • Bank of Zambia: www.boz.zm
    • Pensions and Insurance Authority: www.pia.org.zm
    • Competition and Consumer Protection Commission: www.ccpc.org.zm
    • Anti-Corruption Commission: www.acc.org.zm
  2. Email Subscriptions: Subscribe to regulator newsletters and circulars
  3. NAPSA Compliance Department: Receives and disseminates all regulatory updates
  4. Industry Associations: Join pension fund industry associations for peer updates
  5. Legal Counsel: Engage external legal counsel for complex regulatory changes
  6. ERM System Alerts: System displays regulatory updates on Overview tab
Action: Check the "Recent Regulatory Updates" section on the Overview tab weekly.

7 Support & Resources

Compliance Department

Email: compliance@napsa.co.zm
Phone: +260 211 123 456 (Ext. 5200)
Hours: Monday-Friday 08:00-17:00

For regulatory interpretation, assessment guidance, compliance strategy, and coordination with regulators.

Legal Department

Email: legal@napsa.co.zm
Phone: +260 211 123 456 (Ext. 5300)
Hours: Monday-Friday 08:00-17:00

For legal interpretation of regulations, contract reviews, and liaison with external legal counsel.

IT Support Helpdesk

Email: itsupport@napsa.co.zm
Phone: +260 211 123 456 (Ext. 7000)
Hours: 24/7 Support

For technical issues with the ERM system, report generation, and dashboard access.

REGULATORY EMERGENCY HOTLINE

Phone: +260 977 123 456 (24/7)
For: Urgent regulator inquiries, data breaches requiring notification, critical non-compliance issues, regulator audit support