BUBU: From talking to action

Policy brief (SC/o1/19) 1. Issue IN A BID TO GROW THE LOCAL content and empower local service providers, the Government of Uganda developed the

Policy brief (SC/o1/19)

1. Issue

IN A BID TO GROW THE LOCAL content and empower local service providers, the Government of Uganda developed the Buy Uganda, Build Uganda (BUBU) Policy. This policy encourages all organizations operating in Uganda to prioritize local service providers.

However, many Ministries, Directorates, and Agencies (MDAs) source and pay for services directly to foreign companies. This practice not only leads to loss of the much needed foreign exchange without any benefit to the local economy, but it also exposes GOU to national security risks specifically cyber risks. The current approach to ‘Open International Bidding’ procurements is strategically unsustainable, exploitative and risky.

1.2 How other countries support local content

We are living in everchanging times known as the VUCA (volatile, uncertain, complex and ambiguous) age. The fast pace of change is driven by new technologies like the Internet of Things (IoT) and Robotics which have given rise to Big Data, which drive Artificial Intelligence, Robotics, and Machine Learning. Taken together, the world is interconnected than before. These developments have given rise to cybersecurity risks.

Today, countries are prioritizing cyber weaponry and warfare capabilities to develop both offensive and defensive weapons to protect their countries.

To this end, governments use public procurement as a strategic tool for national cyberwarfare capacity building.

Unfortunately, Uganda is lagging behind this race and therefore the country could be exposed to risks of cyber attacks, intellectual property theft, and therefore losing national competitiveness in this critical national agenda arena. There is a need to change the policy over national procurements by various MDAs beyond mere due diligence.

1.3 Public procurement as a tool for National Defense

Countries now implement deliberate policies to develop locally registered companies. The strategy deployed encourages global companies to open local branches, reduces contract management costs over the project lifecycle and above all facilitates skills transfer to nationals.

The policy implemented is SIMPLE, yet effective.

PDEs are encouraged to make all procurements ‘open’ to local and international bidders. As a result, international bidders are encouraged to apply. For example in Kenya, many government tenders are available, https://www.tenders.go.ke/website, the national procurement portal. A quick check on any listed tender shows that the majority are “open tender”, indicating that they are open to all. See Figure 1.

Figure 1: Tender details

But there is a catch.

When you download the bid document to try your luck, you find that as an International Vendor, you cannot bid directly. See Figure 2.

Figure 2: Minimum requirements for bidding in Kenya

As you can see in Figure 2, you must be a locally registered company to fulfill requirements MR 2, MR 3, MR 4, MR 9 and MR 10. Similar requirements apply to recently published tender, TENDER NO. CBK/011/2019-2020 is available at https://www.tenders.go.ke/website/tender/Details/VLMIOF.

Figure 3: Bidding requirements

The catch is that whether Tender is open to International Bidders or not, you must be a locally registered company to meet the mandatory requirements. How else can a company obtain a Certificate of Tax Compliance unless it is registered in Kenya? Other countries do the same. I am aware that Uganda too requires companies to submit such documents when bidding. Unfortunately for Uganda, this requirement seems to apply only for local contracts.

Our experience

Since 2010, our firm has undertaken several projects in different African countries, Asia and UAE. In all these countries, we must offer a competitive service that no local firm can offer competitively like us. Even then, we are required to have a Trading License, VAT registration in our company names, Anti-corruption self-declaration form, and National ID for Team Leader!

Taken together, only locally registered vendors can meet such requirements. The policy has thus forced international companies to open local branches. For this reason, in Kenya, top global companies have regional offices that house local subsidiaries. And now Rwanda is sharing the spoils. Same story in Tanzania. The same strategy applies to other economies in Europe and Asia! “If you want to work with our government, first establish a subsidiary locally or work through a local company, in which nationals own the majority shares.” This policy helps countries to develop faster.

In East Africa, for example, Kenyans are considered to have more expertize because of the exposure they get working with global companies, the majority of which have made Nairobi, Kenya’s capital, as their regional office. It is not by accident that Cisco Systems, General Electric, IBM, Intel, Visa, Facebook and so many other companies listed here, have established offices in Nairobi. Try searching “List of International Companies with Offices in Uganda” and you may wonder!

To establish a subsidiary or a local office, a global company must meet registration requirements, which might include having a national as a shareholder. This requirement exposes such people to advanced technologies, high-level strategic discussions which ultimately transforms their thinking thereby closing the skills gap. 

For my company, we have to always identify a locally registered company to partner to fulfill the bidding requirements. In the end, we share over 40% to 50% of the net revenue from the project with the local partner, thereby spending the money in the country. Even more, we must train the local partner in the services we offer so that they can provide customer support after the project setup. The contracts we sign – whether with government agencies or private companies, do not allow external consultants providing support for more than three to six months after implementation. This means we must do total knowledge transfer. After the project, the local people have all skills and know-how which improves their competitiveness and has a transformative effect on the economy as a whole in terms of local capacity and confidence building. 

In the end, we identify a local partner. Sign a Memorandum of Understanding that compels us to train their local staff in our technologies and tools. Aware that the government spends a lot of money on project support – whereby in case of a small glitch after project setup, the Procurement and Disposal Entity (PDE) spends a lot of money on ait ticket, hotel accommodation for an external consultant. This is usually a hidden cost in contracts.

Recommended policy changes
1. Change the PPDA law to require ALL international vendors to supply to the government through local companies. This will improve knowledge transfer and or compel large companies to establish local branches in Uganda which will provide employment opportunities
2. Avoid signing government contracts with foreign-registered companies. Recommend that they find local partners to work with, which the government can then sign contracts with. That way, the government has local people to enforce contract fulfillment. For example, the ‘big 4’ firms operate under this kind of arrangement. This has provided the muchneeded skills transfer, capacity building and exposure of local professionals to best practices. imagine if all government consultancies were made without local partners?
3. Prohibit PDEs from paying directly to an International vendor’s bank account in a foreign bank. This makes the government lose much-needed tax revenue. Let the local vendor transfer the money.

Countries that have ‘protected’ their local vendors have strategically supported the national cybersecurity agenda.

Why change the policy?

The requirement for international vendors to partner with locals to transfer knowledge and skills to locally registered companies provides the much-needed skills and know-how. In many advanced countries, international vendors never access critical installations. That is a reserve for vetted nationals.

I cannot imagine any country with strategic intentions to secure her physical and cyber borders allowing any international vendor access to their cyber weaponry and cyberwarfare labs without the requirements to conduct total skills transfer to the local experts.  By requiring such vendors to work through nationals, there is capacity building and sustainable service provision.

To this end, countries are now careful with the kinds of vendors they use. We have read in the papers global companies having challenges doing business. Why? Threats to national cybersecurity are real. A hardware keylogger located within the mobile phone or computer kernel could cause lifetime security compromise without any idea of the breach vector. Even if you uninstall the apps, the danger remains! However, when you have local vendors work with your suppliers to do the work, it becomes difficult to get some of these attack vectors seamless.

By Mustapha B Mugisa, Mr, Strategy. Email: strategy@summitcl.com.

Leave a Reply

Your email address will not be published. Required fields are marked *