South Africa: After months of speculation, the Department of Employment and Labour in South Africa has provided guidance in relation to vaccination policies within the workplace. On 11 June 2021, the Minister published an amendment to the Consolidated Direction on Occupational Health and Safety Measures in Certain Workplaces (Directive), which makes provision for employers to implement a mandatory vaccination policy in its workplace.
Implementing the policy
Before an employer implements such a policy, it must undertake a risk assessment within 21 days of the Directive being published, i.e. by 2 July 2021. This risk assessment must:
• take into consideration the employer’s operational requirements;
• indicate whether it intends to implement a mandatory vaccination policy;
• identify which employees it will require to be vaccinated based on the risk of acquiring COVID-19 at work, or the risk of severe COVID-19 symptoms due to the employee’s age or co-morbidities; and
• be conducted in accordance with section 8 and 9 of the Occupational Health and Safety Act, which places a duty on the employer to maintain a working environment for its employees and other persons that is safe and, as far as reasonably practicable, free from health risks.
Developing a plan
The employer must then develop a plan which sets out the measures it will implement to ensure the workplace is safe for its employees. This plan should indicate whether the employer intends to make the vaccine mandatory for any employees, and must identity the employees who will be required to be vaccinated, the process which will be followed to ensure compliance with the Directive and whether the employer plans to make the vaccine mandatory as and when it becomes available to employees. Any employer who is of the opinion that the vaccination of its employees is necessary for their health and safety may implement a mandatory vaccination policy. The employer’s risk assessment should, however, support this requirement and indicate that there is a legitimate need for the workforce to be vaccinated.
Right to refuse
The Directive sets out guidelines to employers when drafting and implementing a mandatory vaccination policy. In terms of the guidelines, importance is placed on “public health, the constitutional rights of employees and the efficient operation of the employer’s business.” Where an employer makes vaccination mandatory, it must notify each employee identified in the plan that such employee must be vaccinated as and when the vaccination is available to them, and that the employee may consult with a health and safety worker or trade union representative, should the employee wish to do so. Further, the employer must inform the employee of their right to refuse the vaccine on medical or constitutional grounds. These grounds are specified in the guidelines and makes provision for an employee to refuse the vaccine on the medical basis of a “contra‑indication” of the vaccine (i.e. an allergic reaction to the first dose of the vaccine or to a component of the vaccine), or the constitutional basis of the employee’s right to bodily integrity and/or right to freedom of conscience, religion, thought, belief and opinion, as set out in section 12 and 15 of the Constitution.
The Directive prescribes that where an employee does raise one of these objections, the employer is required to counsel the employee, refer such an employee for a medical evaluation for any allergic reaction to the vaccine and, where necessary, reasonably accommodate the employee in accordance with the Code of Good Practice: Employment of People with Disabilities, as published in terms of the Employment Equity Act. Such reasonable accommodation may include allowing the employee to work offsite, at home, in isolation at the workplace, or in limited circumstance, the employer may require the employee to work with a N95 mask.
Where an employer does implement a mandatory vaccination policy and an employee refuses to be vaccinated, the employer must ensure that the grounds for refusal are considered fully and that the employee is consulted in relation to the grounds raised. However, should the employer be unable to reasonably accommodate the employee and the employee continues to refuse to be vaccinated, an incapacity procedure must be followed before the employer may terminate the employee’s contract.
Paid time off
In terms of section 4(1)(k) of the Directive, employers must give employees paid time off at the date and time of their vaccination, regardless of whether such vaccination is in terms of a vaccination policy or not, and sick leave must be used should an employee experience any adverse side effects from the vaccine. An employer may request proof of the vaccination when returning to work, or proof that the vaccination will take place during working hours. Where an employee is vaccinated in terms of the mandatory vaccination plan, the employer must afford the employee paid time off for adverse side effects of the vaccine, even if the employee has exhausted their sick leave entitlement. Alternatively, the employer may lodge a claim with the Compensation Fund, in terms of the Compensation for Occupational Injuries and Diseases Act. In addition, the employer should organize transport to and from the vaccination site, if possible, for employees identified in the mandatory vaccination policy.
In order to comply with the Directive, employers must update their risk assessment of the workplace, taking into consideration any employees who are required to be vaccinated. Employers must take notice of the timeframe afforded by the Directive and ensure that the plan is in place before the 21 day period has lapsed. It is important for employers to conduct the risk assessment objectively and determine the actual need for vaccinations in the workplace and amongst certain categories of employees. Further, any objection raised by an employee should be considered seriously and the employer should try to accommodate such employee where possible. However, the employer may dismiss the employee for incapacity as a last resort.
By Kirsty Gibson, Associate, and Johan Botes, Partner and Head of the Employment & Compensation Practice, Baker McKenzie Johannesburg
Data Privacy and How It Affects Your Business
Data privacy, defined by Tech target is a discipline intended to keep data safe against improper access, theft or loss. One of the triads of cybersecurity is confidentiality and this has to do with data privacy. The world has become a global village and data privacy issues are now more relevant than they ever were before.
In 2009, a popular brand in America had a serious breach of its systems. For 18 months, hackers had access to the brand’s data and were able to get customers credit card details and personally identifiable information undetected. How did this happen? and how can you make sure that this doesn’t happen to your organization? The answer is simple, you need to pay attention to data privacy. As long as your business collects personal identifiable information, your business has a duty to protect the confidentiality of the people who have given you that information.
Sometimes, the obligation to protect data is beyond a moral right. In Europe for example, you have the GDPR (General Data Protection Regulation), in America you have applicable laws like Health Insurance Portability and Accountability Act of 1996 (HIPAA) which demand data privacy. In Nigeria, privacy rights draw from the Constitution of the Federal Republic of Nigeria (1999) (as amended) and can also be found in the Nigerian Data Protection Regulation, 2019.
All these laws show you that as a business owner, you are not only expected to protect data, you are under an obligation by law in some cases to protect certain types of data. The question is, how do you protect data and ensure that the privacy rights of your customers are respected?
- Employ a CISO: You should consider employing a Chief Information Security Officer (CISO) if your organization is large, who would be in charge of formulating policies to protect data privacy as well as other valuable data in your organization. Actions like these can prevent competitors from getting valuable data from your company, ensure your company complies with relevant laws on data privacy and thus win customers’ confidence in your brand.
- Implement good information security policies and procedures: You would also need to create good policies on information security. Ensure documents with sensitive data on customers are password protected, ensure that firewalls and anti-malware software are installed to fight off malicious cyber-attacks aimed at stealing customer data and create trainings for staff handling sensitive data.
- Don’t collect data you don’t need: Where you don’t need to collect customer data, don’t do it. Only ask customers to give you the information relevant to the service you are providing for them.
- Don’t keep data longer than you need it: Where you don’t need data anymore, and no law requires that you keep it, destroy it. Where a customer has indicated that they want their account deleted, or they don’t want to share their data with your company anymore, ensure that the data is destroyed.
- Properly destroy data that is no longer useful to you: The same way you receive data through a process, you need to understand that destroying data is also a process. Data is not destroyed simply because you put it in the recycle bin and deleted it from the recycle bin. Ensure that data is properly destroyed when it’s no longer useful.
At the end of the day, data privacy is important for businesses in the world today. I hope these tips would help you choose to take steps to protect your customers data in every part of your business and ensure the data privacy rights of your customers are respected.
Article by: Morenike George-Taylor CDMP, County Support Director & Data Governance Expert
Kenya: Country-by-country reporting thresholds introduced from 1 January 2023
Tax image credit: Getty
The Kenyan Government, in its latest Finance Act 2022, has enacted some key changes in the area of direct tax, including an important update on the country-by-country (CbC) reporting threshold for multinational companies.
What is country-by-country reporting?
Corporates and connected persons, such as groups of companies and multinational entities (MNEs) usually face complex compliance risks. To address the potential gaps and mismatches in various tax systems globally, the Organization for Economic Co-operation and Development (OECD) introduced Action 13 CbC reporting as part of its Base Erosion and Profit Shifting (BEPS) Action Plan. Under BEPS Action 13, MNEs are required to prepare a CbC report with aggregate data on the allocation of income, profit, taxes paid and economic activity amongst all the jurisdictions in which they operate. This report must be shared with the tax administrations in these jurisdictions, for use in high-level transfer pricing and BEPS risk assessments. Part of the solution provided by Action 13 is to require countries to adopt legislation dealing with the filing of CbC reports in their jurisdiction.
Finance Act 2022 updates of CbC
The Kenyan Government has introduced a threshold for CbC reporting with the effect from 1 January 2023. The threshold introduced in the Finance Act is for companies with gross revenues of KES 95 billion (EUR 790 million approximately) or more, including extraordinary and investment income. From 1 January 2023, a parent entity or a constituent entity of a MNE group that is tax resident in Kenya, and that has a gross turnover of over KES 95 billion, will be required to file a CbC report of its financial and economic activities in Kenya, as well as all other jurisdictions in which the MNE has a taxable presence.
The report must contain all information of the group’s aggregate revenue, profit or losses before tax, income tax paid, income tax accrued, accumulated earnings, number of employees, tangible and intangible assets, cash and cash equivalents and any other information as requested by the Kenya Revenue Authority (KRA).
Information to be contained in the master and local bundle.
The Finance Act requires a master file that must contain the following:
- A detailed overview of the group and the group’s growth engines.
- A description of the supply chain of the key products and services.
- The group’s research and development policy.
- A description of each constituent entity’s contribution to value creation.
- Information about intangible assets and the group intercompany agreements associated with them.
- Information on any transfer of intangible assets within the group during the tax period, including the identity of the constituent entities involved, the countries in which those intangible assets are registered and the consideration paid as part of the transfer.
- Information about financing activities of the group.
- The consolidated financial statements of the group.
- Tax rulings made in respect of the group.
- Any other information requested by the KRA.
The local file must contain:
- Details and information of the resident constituent activities within the multinational enterprise group.
- The management structure of the resident constituent entity.
- Business strategies, including structuring, description of the material-controlled transaction, the resident. constituent entity’s business and competitive environment.
- International transactions concluded by the resident constituent entity.
- Amounts received by the entity.
- Any other information requested.
Exceptions to the CbC report filing requirement
The Finance Act provides certain exceptions to the filing requirements for a resident constituent entity of an MNE group. If a non-resident surrogate parent entity already files a CbC report for the group with the tax authorities of its tax jurisdiction, the jurisdiction in which the non-resident surrogate parent entity is resident requires a CbC report in terms of its domestic legislation, under the following conditions:
- The tax authorities of the jurisdiction where the non-resident surrogate parent entity have an exchange of information agreement with the KRA.
- The tax authority in the jurisdiction where the non-resident surrogate parent is resident has not notified the KRA of a systematic failure.
- The non-resident parent entity has notified the competent authority in the jurisdiction of its tax residence and that the entity is the designated surrogate parent entity of the group.
The reporting requirements brought by the Finance Act 2022 are consistent with the OECD’s BEPS Action Plan 13 guidelines and the three-tiered documentation approach, which is relevant to the reporting of related-party transactions and aligns with the four minimum standards under the OECD’s BEPS project.
It is important for parent entities of MNEs operating in Kenya to note the additional compliance burden which is imposed by this new legislative update. Multinationals that would be affected by the new legislative update should review their current transfer pricing documentation and compliance processes to ensure that they are in line with the new reporting requirements under the Finance Act 2022, by 1 January 2023. Failure to comply with the CbC reporting requirements will be an offense in Kenya and subject to a fine not exceeding KES 1 million (EUR 8200 approximately), a prison term not exceeding three years, or both, upon conviction.
By: Francis Mayebe, Candidate Attorney, overseen by Virusha Subban, Partner and Head of the Tax Practice, Baker McKenzie Johannesburg
Companies Act: The Role Of A Shareholder And Director
1.1. PURCHASING SHARES IN A PRIVATE COMPANY AS PER SECTION 39(2) OF THE COMPANIES ACT
Section 39(2) of the Companies Act (herein referred to as the “Act”), provides that each shareholder of a private company has a right before any other person who is not a shareholder of that company, to be offered and to subscribe for a percentage of the shares to be issued with equal voting power of that shareholder’s general voting rights immediately before the offer is made, where the company is then compelled to make an offer to all of its voting shareholders pro rata to their respective percentages of the total number of voting rights, before it may issue any shares to a third party.
1.1.1. WHO IS BOUND BY THE SHAREHOLDER AGREEMENT
The binding force of the Shareholders Agreement stems from the law of contract, whereas section 15(6) of the Act, governs the status of a Company’s MOI and all MOIs need to be filed and registered with CIPC. The disadvantage of a Shareholders Agreement is that it binds only those shareholders who are party to it. It does not bind any other shareholders, unless they consent to be bound.
1.1.2. WHAT IS A SUBSCRIPTION AGREEMENT
A subscription agreement is a formal agreement between a company and an investor to buy shares of a company at an agreed-upon price. The subscription agreement contains all the required details. It is used to keep track of outstanding shares and share ownership (who owns what and how much) and mitigate any potential legal disputes in the future regarding share payout subscription agreement will include the details about the transaction, the number of shares being sold and the price per share, and any legally binding confidentiality agreements and clauses.
1.1.3. SUBSCRIPTION OF SHARES AGREEMENT
In the event that the Company proposes to issue any shares, other than shares issued in terms of options or conversion rights in terms of section 39(1)(b), or capitalisation shares in terms of section 47 or if the consideration for any shares that are issued or to be issued is in the form of an instrument such that the value of the consideration cannot be realised by the Company until a date after the time the shares are to be issued, or is in the form of an agreement for future services, future benefits or future payment by the subscribing party.
1.2. WHAT IS THE ROLE OF A DIRECTOR OF A PRIVATE COMPANY AS PER SECTION 76 OF THE COMPANIES ACT
By accepting their appointment to the position, directors and prescribed officers agree that they will perform their duties to a certain standard, and it is a reasonable assumption of the shareholders that every individual director and prescribed officer will apply their particular skills, experience and intelligence to the advantage of the company.
The Act codifies the standard of directors’ conduct in section 76. The standard sets the bar for directors very high. The intention of the legislature seems to be to encourage directors to act honestly and to bear responsibility for their actions – directors should be accountable to shareholders and other stakeholders for their decisions and their actions. However, with the standard set so high, the unintended consequence may be that directors would not be prepared to take difficult decisions or expose the company to risk.
Since calculated risk taking and risk exposure form an integral part of any business, the Companies Act includes a number of provisions to ensure that directors are allowed to act without constant fear of personal exposure to liability claims. In this regard, the Companies Act has codified the business judgement rule, and provides for the indemnification of directors under certain circumstances, as well as the possibility to insure the company and its directors against liability claims in certain circumstances.
The Act makes no distinction between executive, non-executive or independent non-executive directors. The standard, and consequent liability where the standard is not met, applies equally to all directors.
In terms of this standard, a director (or other person to whom section 76 applies), must exercise his or her powers and perform his or her functions. these are the following;
- In good faith and for a proper purpose.
- In the best interest of the company, and
- With the degree of care, skill and diligence that may reasonably be expected.
1.3. BREACH OF FIDUCIARY DUTY
The Companies Act prohibits a director from using the position of director, or any information obtained while acting in the capacity of a director, to gain an advantage for himself or herself, or for any other person (other than the company or a wholly-owned subsidiary of the company), or to knowingly cause harm to the company or a subsidiary of the company.
Directors have a fiduciary duty to act in the best interest of the company as a whole. Directors owe this duty to the company as a legal entity, and not to any individual, or group of shareholders – not even if the majority shareholder appointed the director.
Directors are obliged to act in good faith in the best interest of the company. They should act within the bounds of their powers, and always use these powers for the benefit of the company. Where a director transgresses his or her powers, the company might be bound by his or her action, but he or she can be held personally liable for any loss suffered as a result of the transgression.
In discharging any board or committee duty, a director is entitled to rely on one or more employees of the company, legal counsel, accountants or other professional persons, or a committee of the board of which the director is not a member. However, the director does not transfer the liability of the director imposed by this Act onto such employees. Directors of a company may be held jointly and severally liable for any loss, damage or costs sustained by the company as a result of a breach of the directors’ fiduciary duty or the duty to act with care, skill and diligence.
The Act sets out a range of actions for which directors may be held liable for any loss, damage or costs sustained by the company. These actions include the following; Acting in the name of the company without the necessary authority Being part of an act or omission while knowing that the intention was to defraud shareholders, employees or creditors Signing financial statements that were false or misleading in a material respect.
1.4. CIVIL CLAIM AGAINST THE DIRECTOR
Section 77(3)(b) of the Act, as read with section 22 of the Act, penalises and holds directors personally liable to the company for any loss incurred through knowingly carrying on the business of the company recklessly, with gross negligence, with intent to defraud any person or for any fraudulent purpose.
Shareholders play a critical role in terms of the South African Companies Act of 2008, with reference to the affairs of the company. Just any contract, shareholders agreement is the essential document that binds the relationship of shareholders who are a party to it. Notwithstanding the existence of Memorandum of Incorporation, (MOI) one of the roles of a shareholder is the appointment of directors. Therefore, the MOI provides “mechanism of power equilibrium” between the shareholders and directors of the company. In that the shareholders using their voting rights can authorize critical transactions and any dividends proposed by the directors.
As discussed above, subscription agreement is a contract that is between the company and investor for the purchase of shares at an agreed price. Such an agreement will have the terms and conditions agreed upon and can also be used to track any outstanding shares thus to mitigate possible legal disputes. Last but not least any director of the company ought to measure to the defined standard as per section 76 of the Companies Act, thus with reference to skills, experience and intelligence. In terms of the Act, directors ought to act with utmost honesty and should bear responsibility for their actions, as they are obligated to act in good faith and for the best interest of the company.
In conclusion, should there be any breach of the fiduciary duty by the director, section 77 (3) (b) of the Act read with section 22 of the Act penalizes and holds the directors personally liable to the company for any loss incurred through knowing conducting the affairs of the company recklessly with gross negligence. In such instances the veil of protection will be lifted so as to protect the company as a separate entity.
We acknowledge Dr Maribanyana Lebeko who is part of the advisory for Simanye Clinic for his assistance with respect to compilation, editing and proofreading of this article.