NDB Technical ICT Strategy

Statement of User Requirements — Addendum
Post-Delivery Scope Additions

Prepared by: Genesis Analytics / ThoughtLab

Date: March 2026

Classification: Confidential

Supplements: NDB Statement of User Requirements (February 2026)

1. Purpose

This addendum supplements the NDB Statement of User Requirements (SOUR) delivered in February 2026. Following the initial delivery, two additional stakeholder engagement sessions were conducted with business units that were not included in the original 15-session scope. Their requirements are captured here and should be read alongside the main SOUR document.

These requirements do not replace any existing content in the February 2026 SOUR. They extend it with two new domains: Agency and Universal Services, and Resource Mobilisation and Fund Administration.

2. Additional Sessions Conducted

Session Stakeholder Role Date
Agency and Universal Services Walkthrough Shudu (Chodewa) Agency and Universal Services Manager (transitioning to Brokerage) 17 March 2026
Resource Mobilisation and Fund Administration Walkthrough Bosa Resource Mobilisation Manager / Fund Administration 19 March 2026
Legal Services Walkthrough Ndogozo Manamad, Khoralentin Taiti, Gakoso Gilebemang Legal Services / Company Secretary / Data Protection Officer March 2026

3. Domain: Agency and Universal Services

Context: NDB's Agency unit currently operates as an insurance agency working exclusively with one underwriter. The unit is in the process of securing a brokerage licence, which will allow it to partner with multiple underwriters across life and short-term products. The unit operates 100% manually and has no current digital footprint. Digitalisation is planned as part of the bank's Horizon 2 strategy.

Architecture note: The target architecture as defined in the main ICT strategy accommodates the Agency unit's future requirements. The layered, integration-led architecture allows insurance applications to interface with the ERP and core systems via the API gateway layer without requiring structural rework. No changes to the target architecture are required; this addendum formalises the requirement for this interface.
3
Must Have
2
Should Have
1
Could Have
ID Requirement Current State To-Be State Priority Workstream Source
AGN-001 Insurance application integration with ERP via API layer No integration. Agency operates independently of NDB systems. Insurance application (bankassurance system) interfaces with NDB ERP via the integration/API gateway layer. Shared services (HR, payroll, finance) consumed from NDB systems at a fee. Must Integration Agency Walkthrough, 17 Mar 2026
AGN-002 Bankassurance system procurement (Horizon 2) No bankassurance system in place. All processes manual. A dedicated bankassurance / insurance management platform procured and integrated into the target architecture in Horizon 2, enabling the agency to manage policies, commissions, and reporting digitally. Must Core Platforms Agency Walkthrough, 17 Mar 2026
AGN-003 Multi-underwriter capability Single underwriter only (Botswana Life). Platform supports onboarding and management of multiple underwriters across life and short-term insurance products, consistent with the brokerage licence ambition. Must Core Platforms Agency Walkthrough, 17 Mar 2026
AGN-004 Fee management and intercompany billing Manual calculation and processing of fees charged to NDB for shared services. System supports automated fee calculation and intercompany billing for services consumed from NDB (HR, payroll, finance, strategy) with clear reporting separation between agency and NDB P&L. Should ERP Agency Walkthrough, 17 Mar 2026
AGN-005 Shared NDB digital channels for agency products No digital channel for agency products. Agency insurance products surfaced to customers through the NDB CX platform (mobile app, web portal) as part of the commercial bank product suite. Should CX Platform Agency Walkthrough, 17 Mar 2026
AGN-006 Commission and performance reporting Manual reporting on commissions and policy performance. Automated commission tracking and performance dashboards by underwriter, product, and advisor. Could Data / ERP Agency Walkthrough, 17 Mar 2026

4. Domain: Resource Mobilisation and Fund Administration

Context: NDB's Resource Mobilisation unit onboards and administers third-party funds (government grants, climate finance, donor funds) on behalf of fund owners. Each fund has unique reporting requirements, beneficiary types, and expense structures. Currently the unit uses SAP with manual customisation per fund, which is time-consuming and limits scalability. The unit foresees significant growth in fund administration volumes in line with NDB's strategy, particularly around green and agricultural financing.

Architecture note: The target architecture accommodates these requirements within the core systems layer and CX/experience API layer. A dedicated grant administration module (separate from the lending-focused SAP configuration) is identified as a key system requirement to avoid continued manual customisation and to enable off-balance-sheet fund management at scale.
4
Must Have
3
Should Have
1
Could Have
ID Requirement Current State To-Be State Priority Workstream Source
RMFA-001 Dedicated grant administration module with configurable fields per fund SAP customised manually for each fund. Separate company codes created per fund. Time-consuming and not scalable. A dedicated grant administration module (within ERP or as a standalone system) that supports rapid fund onboarding with configurable data fields, beneficiary types, and reporting structures per fund without requiring bespoke development each time. Must ERP / Core Platforms Fund Admin Walkthrough, 19 Mar 2026
RMFA-002 Off-balance-sheet fund accounting Separate company codes created in SAP to isolate fund balance sheets from NDB's own balance sheet. Manual and error-prone. Native off-balance-sheet fund structure with separate chart of accounts per fund, ensuring clean financial separation between NDB's balance sheet and administered funds. Reporting clearly delineated per fund. Must ERP Fund Admin Walkthrough, 19 Mar 2026
RMFA-003 Configurable chart of accounts and expense categories per fund Expense line items manually configured in SAP per fund engagement. No template-based approach. Fund onboarding supports definition of fund-specific expense categories (e.g. solar panels, fertiliser, labour) mapped to a configurable chart of accounts. Changes per fund do not require developer intervention. Must ERP Fund Admin Walkthrough, 19 Mar 2026
RMFA-004 Fund impact and compliance reporting Manual reports prepared per fund. Data pulled from SAP with significant manual effort. Reporting format differs per fund owner's requirements. Automated fund reporting engine: configurable report templates per fund, capturing beneficiary data, disbursements, expense breakdown, and impact metrics (e.g. employment levels, demographics, agricultural activity). Exportable to fund owner formats. Must Data / ERP Fund Admin Walkthrough, 19 Mar 2026
RMFA-005 Multi-stage approval workflow for grant disbursements Approval process is manual and paper-based. Multiple sign-off layers before disbursement with no digital tracking. Configurable digital approval workflow: application intake, review, approval stages, and disbursement authorisation all tracked in system. Audit trail maintained per transaction. SLA tracking on approval turnaround. Should CX / Core Platforms Fund Admin Walkthrough, 19 Mar 2026
RMFA-006 Digital beneficiary application portal Beneficiaries submit physical files. NDB staff manually load application data into SAP. Digital application portal for beneficiaries to apply for grants online. Data captured at source, reducing manual data entry. Portal configurable per fund program with fund-specific application fields. Should CX Platform Fund Admin Walkthrough, 19 Mar 2026
RMFA-007 Beneficiary status tracking and communication No self-service status visibility for beneficiaries. Status communicated manually. Beneficiaries can view application status, disbursement history, and outstanding requirements through the digital portal. Automated notifications at key workflow milestones. Should CX Platform Fund Admin Walkthrough, 19 Mar 2026
RMFA-008 Fund template library Each fund set up from scratch in SAP. No reusable templates. Library of fund templates covering common program types (grants, subsidies, loan facilities, climate programs). New funds instantiated from template with minimal configuration, reducing onboarding time. Could ERP / Core Platforms Fund Admin Walkthrough, 19 Mar 2026

5. Domain: Legal Services

Context: NDB's Legal Services department covers four sub-functions: legal advisory, data protection (DPO), company secretariat, and procurement oversight. The team is internally and externally facing, supporting all business units across the bank. Currently the department relies heavily on email and manual processes for work intake and tracking. Key systems in use are Microsoft 365 (underutilised), Juta, LexisNexis, Diligent (board management SaaS), and the New Gen Procurement System (unstable, legislation gaps, prior data breach incidents).

Architecture note: All legal requirements are accommodated within the target architecture. Internal colleague-facing capabilities (work management, records, knowledge management) sit within the integration and experience layers. Data protection regulatory tooling integrates with the data architecture and IAM layers. The procurement system is a standalone platform interfacing via the API gateway. No structural changes to the target architecture are required.

Note: Two non-system items (M365 optimisation and DPO governance designation) are captured separately as notes below the requirements table.
5
Must Have
3
Should Have
1
Could Have
ID Requirement Current State To-Be State Priority Workstream Source
LEG-001 Legal matter and work intake management system Instructions received via email to individual inboxes. No visibility across the team, no SLA tracking, no formal allocation or status tracking. Centralised matter management / work intake system: instructions logged, allocated, tracked through workflow stages with SLA monitoring and team-wide visibility. Interface with internal business units for instruction submission. Must Colleague Experience / Integration Legal Walkthrough
LEG-002 Records and knowledge management system Contracts, board minutes, legal advice, and other outputs stored in fragmented shared drives. Not easily searchable or retrievable. No contract expiry alerting. Organisation-wide knowledge management platform: structured storage of contracts, minutes, advice, and legal documents. Searchable, accessible with appropriate access controls. Automated alerts for contract renewal milestones and key dates. SharePoint or equivalent capability. Must Colleague Experience / Data Legal Walkthrough
LEG-003 Procurement management system replacement New Gen Procurement System in use but unstable, not fully aligned to parastatal procurement legislation, and has had data breach incidents (bidder data exposure). Covers tenders only, not RFQs or full procurement lifecycle. Full-lifecycle procurement platform aligned to Botswana parastatal procurement legislation: RFQs, tenders, evaluation, adjudication, and award. Bidder self-service interface. Secure, stable, and compliant. Replaces New Gen Procurement System. Must ERP / Core Platforms Legal Walkthrough
LEG-004 Collections and litigation case management system External attorneys managed via email and manual tracking. No end-to-end visibility on collections matters. Incidents of attorneys/deputy sheriffs mismanaging matters (standing down sales, alleged misconduct) with limited ability to monitor. Case management system for collections and litigation: matter tracking from instruction to resolution, external attorney interface, milestone and deadline tracking, audit trail per matter. Supports monitoring of external service provider conduct and escalation. Must Colleague Experience / Integration Legal Walkthrough
LEG-005 Data protection regulatory technology (RegTech) platform No dedicated data protection management system. DPO manages data subject access requests, data tagging, and compliance tracking manually. RegTech platform for data protection: data subject access request (DSAR) management, data tagging and classification across the organisation, internal compliance workflows, third-party data sharing controls, and regulatory reporting. Aligned to Botswana Data Protection Act. Must Cyber / Compliance Legal Walkthrough
LEG-006 Board secretariat automation Board action items tracked manually in shared drives. Board calendar managed via Outlook invites. Board member tenures, sitting fees, and retainer payments tracked manually. Board secretariat management module (within or alongside Diligent): automated tracking of board action items linked to meeting minutes, reminders tied to board calendar, board member tenure alerts, sitting fee and retainer payment automation. Should Colleague Experience Legal Walkthrough
LEG-007 Digitised legislative update feed Subscriptions to Juta and LexisNexis, but local Botswana legislation updates are slow. Team relies on informal digital sources (social media) for timely updates, which introduces risk. Automated legislative monitoring and alerting service: real-time or near-real-time alerts for new Botswana legislation, amendments, regulations, and government bulletins relevant to banking, procurement, and data protection. Authoritative source only. Should Colleague Experience / Data Legal Walkthrough
LEG-008 AI-assisted legal research and document review Legal research done manually using Juta and LexisNexis. Contract and document review is manual and time-consuming. AI tooling integrated into legal workflows: legal research assistance, contract review and clause analysis, and procurement bid evaluation support. Tooling assessed for authenticity, accuracy, and regulatory acceptability before adoption. Should Data / AI Legal Walkthrough
LEG-009 AI-assisted procurement bid evaluation Bid evaluation is manual. Large tender submissions reviewed by small team with high time and effort cost. AI tooling to assist procurement team in reviewing and scoring bid submissions against evaluation criteria, flagging anomalies, and supporting adjudication. Human sign-off retained on all award decisions. Could ERP / AI Legal Walkthrough

Notes (non-system items)

The following items were raised in the Legal Services walkthrough but are not formal system requirements. They are captured here for completeness and should be addressed as part of the broader programme governance and change management workstreams.
Reference Note Recommended Action
LEG-NOTE-001 Microsoft 365 optimisation: The Legal team has a full M365 subscription but uses only Word and Outlook. SharePoint, Teams, Forms, and Power Automate are available but not adopted due to lack of training and awareness. Conduct an M365 capability assessment for the Legal team. Develop a targeted adoption and training programme before investing in new platforms. Many of the work management and records requirements (LEG-001, LEG-002) may be partially addressable through existing M365 tooling.
LEG-NOTE-002 DPO governance designation: The Data Protection Officer is not currently a formal stakeholder in data architecture and system implementation decisions. This creates risk as new systems are onboarded and data flows change. Formally include the DPO as a required sign-off stakeholder in the data architecture governance process. This is a process and governance change, not a system requirement. Should be addressed in the programme governance structure established as part of execution planning (Outcome 5).

6. Impact on Existing Deliverables

Deliverable Impact Action
SOUR (February 2026) Three new domains added: Agency (6 requirements), Resource Mobilisation / Fund Administration (8 requirements), Legal Services (9 requirements + 2 non-system notes). Total requirements increases from 214 to 237. Read this addendum alongside the main SOUR. Incorporate into next revision if a formal update is required.
Requirements Traceability Matrix 23 new requirements (AGN-001 to AGN-006, RMFA-001 to RMFA-008, LEG-001 to LEG-009) to be added to the matrix with appropriate workstream, stage, and strategic priority mappings. Update traceability matrix. AGN requirements map primarily to Stage 2. RMFA requirements map to Stage 1 (off-balance-sheet, reporting) and Stage 2 (portal, workflow). LEG requirements map primarily to Stage 1 (work management, records, procurement) with some Stage 2 (AI, DPO RegTech).
ICT Tech Strategy (Target Architecture) No structural changes required. Architecture accommodates both domains via integration layer (Agency) and core systems / CX layer (Fund Admin). An architecture note has been added in sections 3 and 4 above. Optional: add a brief callout note to the architecture slides confirming Agency and Fund Admin are accommodated.
Business Cases Fund Admin requirements may warrant a new business case or addition to an existing one (e.g. ERP replacement or CX build). Agency requirements fold into Horizon 2 CX and core platform work. Assess whether a standalone Fund Admin business case is warranted given growth projections. Agency requirements to be incorporated into Horizon 2 planning.


Genesis Analytics / ThoughtLab | NDB Technical ICT Strategy | SOUR Addendum | March 2026 | Confidential