Trusted by Zambia’s leading organisations
Enterprise risk management, AML/CFTP sanctions screening, control assessments, and regulatory reporting — wired together, audit-ready, and built for teams that have to move quickly.
Trusted by Zambia’s leading organisations
The system already speaks your language. Open it on day one and the register, the filing calendar, and the regulator roster are already populated — you don’t start from a blank spreadsheet.
Schedule regulatory submissions, exec packs, and operational dashboards. Pull live from the register, format to mandated layouts, deliver as PDF / Excel — no copy-paste, no version drift.
Compliance, risk, and ICT leaders across the region run their day on Ontech Solutions — from board-level oversight to the daily filings that keep regulators satisfied.
Goodfellow Finance
IDC
REA
ZICTA
GeePay
MLSS
Akros Research
NATSAVE Bank
The same risk-and-compliance fabric, configured for the obligations and operating realities of your sector. One platform — sector-tailored controls, registers, and reporting templates.
Prudential reporting, financial-crime defence, and operational-risk oversight wired together — from BoZ returns to FIC filings to Basel III alignment.
Capital adequacy, liquidity, large-exposure returns, fit-and-proper governance — all driven from a single register.
FIC-aligned CDD, EDD on PEPs, real-time sanctions screening on a 1.5M-record corpus, STR/CTR auto-aggregation.
Cyber Security Act CII obligations, operational-loss tracking, third-party-risk register, incident-to-RCSA flow.
Insurance Act 2021 obligations, PIA solvency monitoring, and claim-side AML checks — in one operational view that keeps the board, the regulator, and the underwriter in sync.
Solvency margin ≥10% and capital adequacy ≥150% tracked continuously with auditor-certified annual statements.
Beneficiary screening on every claim, adverse-media checks, fraud pattern detection, full case audit trail.
Citizen-ownership ratios, complaint-handling SLAs, conduct-of-business obligations — reported to PIA on cycle.
ZICTA licensing, subscriber-data privacy, and the new Cyber Security Act framework converge here. Compliance is a daily operational concern, not a quarterly box-tick.
Licensing returns, consumer-protection disclosures, electronic-transaction safeguards on every digital touchpoint.
Critical Information Infrastructure designation, annual cybersecurity audit, mandatory incident notification to the Agency.
Data Protection Act 2021 controller registration, lawful-basis logging, subject-access workflows, retention controls.
BoZ MFI directives, branch-level RCSA, and small-ticket KYC. Designed for the operational reality of high-volume, low-value lending across many touchpoints.
BoZ-specified prudential thresholds, capital and liquidity returns, conduct-of-business audits.
Risk-tiered onboarding for low-value lending, source-of-funds checks, periodic re-screening.
Per-branch self-assessment, control testing, evidence capture — rolled up into the corporate register.
Workplace safety, environmental compliance, and supply-chain due diligence in one operational fabric — where line incidents and EIA cycles share the same audit trail.
Hazard registers, risk assessments, incident reporting, safety-committee minutes — aligned to OHS Act 2010.
Environmental licensing, EIA tracking, pollution control, annual ZEMA returns generated from live operational data.
Vendor due diligence, ongoing monitoring, Food Safety Act compliance for FMCG, contract repository.
Procurement integrity, anti-corruption controls, and ministry-level audit roll-up — built for organisations where every decision is on the record and every record gets requested.
ZPPA-compliant procurement methods, supplier eligibility, debarment register, contract-award audit trail.
Asset disclosure for designated officers, conflict-of-interest registers, ACC reporting workflows, whistleblower triage.
Multi-ministry register consolidation, immutable audit log, board-ready reporting from a single source of truth.
NAPSA, NHIMA, Workers’ Compensation, and PIA pension-scheme reporting in one operational dashboard. Mandatory contributions and member data managed with the rigour they require.
Monthly NAPSA, NHIMA, and Workers’ Compensation reconciliation with auto-generated reminder cycles.
DPA 2021 controls on member records, lawful-basis logging, retention policy enforcement, subject-access ready.
Funding ratio, contribution arrears, claim-payout latency — with PIA pension-scheme returns generated on cadence.
ERB licensing, electricity and petroleum-sub-sector obligations, environmental monitoring — in one operational system where licence conditions, returns, and field incidents all live together.
Energy Regulation Act 2019 licence tracking, tariff approval workflows, technical-standards conformance.
Electricity Act 2019 generation/distribution licences, petroleum product-quality checks, in-transit-loss management.
ZEMA environmental returns, OHS field-incident logging, community-impact records aligned to licence conditions.
Each module is independently usable, but together they form a connected risk & compliance fabric — every decision is traceable, every alert is owned, every report is one click away.
Risk register, taxonomy, RCSA workflow, KRI alerting, heatmaps, and incident handling — anchored to ISO 31000 and COSO.
Live sanctions, PEP and adverse-media screening on a 1.5M-record corpus. Fuzzy match, transliteration, alias expansion.
Branch- and unit-level self-assessment, control testing, evidence capture, and roll-up into the corporate register.
Define thresholds, ingest from systems of record, alert on breach. Trends visible to executives in real time.
Map obligations to controls across 6 international frameworks (ISO 27001, SOX, GDPR, Basel III, COSO, NIST) and 11 regional frameworks.
Every decision, every policy change, every screening result — preserved with user, timestamp, and immutable evidence.
The suite ships with a growing library of compliance modules. Use what you need today; new modules slot in without re-platforming.
Onboarding workflows, risk-tier scoring, periodic re-screening, document evidence, and client-360 view.
Alerts → triage → investigation → resolution. SLAs, escalation paths, and disposition reasons captured against the case.
Course catalog, mandatory modules, certificates, and quiz scoring — assignable by role or department.
Publish policies, track read-and-attest, version control, and timed re-attestation cycles.
Onboarding due diligence, ongoing monitoring, contract repository, and vendor risk scoring.
Audit universe, risk-based planning, fieldwork tracking, finding-to-action linkage, and executive summary reports.
Filing calendar wired to every regulator. Projects 19 known cadences across BoZ, ZRA, FIC, NAPSA, NHIMA, PIA, ZEMA, ACC, PACRA, ZmCSA over 30 / 60 / 90 / 365 days.
Tiered roster — assignee → manager → CRO — advances automatically as items pass overdue thresholds. Email and SMS dispatch built in.
30/14/7/3/1-day advance pings, due-day notice, and overdue alerts. Per-framework override (e.g. tighter SMS cadence on AML obligations).
Designed for insurers, banks, pension administrators, and any institution where risk and compliance are board-level concerns. Hardened for production: TLS, RBAC, audit trail, JWT auth, and rate-limited login at the edge.