Komply
The Question
Why does compliance in a South African business only get taken seriously the week before an audit?
I've sat on the finance side of that scramble — a POPIA obligation, a BEE scorecard, a SARS filing, all treated as a single annual event instead of an ongoing condition. The Information Regulator has been prosecuting POPIA breaches since February 2025. SARS went fully digital the same year. Most of the businesses I know are still managing all of it from a folder that gets opened twice a year.
What I Built
Continuous monitoring across the four things that actually get an SA business in trouble: POPIA, B-BBEE, SARS, and FSCA where it applies. One dashboard, a monthly report, instead of a binder nobody looks at until something goes wrong.
The POPIA layer runs on the same audit engine behind Auto Alpha Advisory's own scans — Komply is the compliance-specific wrapper around it, not a second scanner. The BEE module is a calculator built to the real verification methodology: EME and QSE classification, ownership flow-through, the sub-minimum knock-downs that catch people out. It's labelled honestly as indicative, because an actual certificate still needs a SANAS-accredited verification agency to sign off.
What I Learned
That label was the real decision. It would have been easy to build a scorecard that spits out a confident-looking number and let people assume it was a certificate. The number is genuinely useful for tracking whether you're improving month to month — it just isn't the number a verification agency will hand you. Where a tool has a real limit, it's cheaper to say so on the page than to let a client find out after they've relied on it.
Status
Live at getkomply.co.za. POPIA and B-BBEE modules shipped and sellable. SARS and FSCA extend the same pattern next.