This chapter discusses private investigations in Nigeria. It discusses the matters leading to them and the primary drivers behind them. New this year is a discussion of the Nigerian Data Protection Regulation introduced by the Nigerian Information Technology Development Agency, which is the first law explicitly protecting privacy rights of individuals in Nigeria and arguably making Nigeria a viable location for data processing services.
- Due diligence investigation
- Asset tracing with a view to recovery
- The development of data protection regulation in Nigeria
- External investigators in internal investigations
Referenced in this article
- Foreign Corrupt Practices Act
- UK Anti Bribery Act
- Nigerian Data Protection Regulation
- Nigerian Information Technology Development Agency
- Asset Management Corporation of Nigeria
While lawyers in private practice undertaking investigations on behalf of private corporate clients remains an uncommon occurrence in Nigeria, there are indications that clients are beginning to appreciate the value of instructing lawyers to assist with some investigatory work. One area in which the engagement of lawyers appears to be increasing is in the provision of enhanced due diligence for clients seeking to learn more about proposed business partners.
There are numerous companies that offer due diligence services. These services are increasingly performed through automated systems, involving databases and the use of artificial intelligence. For jurisdictions such as Nigeria that are considered to be high risk, reliance on the results of such automated processes can never be a substitute for the local knowledge and skill that providers of specialist investigation services are able to offer.
One major challenge that is encountered is that some clients requiring due diligence services tend to view such services as a commodity and, on occasion, are unwilling to incur the sort of expenditure that will be involved where a bespoke service is called for. Clients that do understand and accept that a bespoke service will necessarily involve increased expenditure are those for whom the consequences of not conducting thorough due diligence could be extremely grave. These clients tend to be US-based or controlled, or have securities listed on a US exchange, primarily because the US authorities are the most aggressive and efficient in enforcement matters. Clients with potential exposure to US enforcement proceedings will frequently require inquiries to seek to obtain information beyond the type of material provided in internet-based reports obtained outside Nigeria. Essentially, what has been requested has tended to require more detailed knowledge of the subjects of the inquiry.
The types of investigations that clients have requested in recent times have included matters about which clients regularly have concerns, such as the review of internal investigations into instances of fraud revealed by internal audits, identifying process lapses and advising on ways of addressing them, as well as advising on whether there were grounds to take disciplinary action (up to and including dismissals) against identified individuals and advising on the procedural steps to be taken to effect decisions on the types of disciplinary action decided upon.
One unusual set of instructions required the firm to take a close look at the corporate structure of a client’s competitor to try to understand how the competitor was able to outbid the client on contracts, while still adhering to applicable rules and regulations. This involved developing a profile of the directors of the competing company from numerous sources, identifying related companies and linking the information collected in an effort to understand how the competitor was able to offer such terms to customers.
Instructions from a client, who had been the victim of a securities fraud that resulted in the loss of the equivalent of several million dollars, required a considerable effort to identify assets held by the company that perpetrated the fraud. As it was clear that the value of assets held by the company itself was considerably less than the loss suffered by the client, investigations were conducted to identify assets held by the company’s chief executive and members of his immediate family.
The Asset Management Corporation of Nigeria, a statutory corporation created in 2010 to enable banks to remove non-performing loan assets from their balance sheets, has continued to be a source of instruction to conduct investigations to find assets against which action could be taken to seek to recover value for the corporation. In one particular instance, a review of transactions between a defaulting customer and another company operating from the same premises resulted in the discovery that directors from the defaulting customer and the second company had combined to form a third company, also operating from the same address, raising suspicions that the third company had been created to enable the defaulting customer to avoid its liabilities. In another instance, a review of the companies in which a particular individual was involved revealed a pattern where the individual would create new companies, operating from premises he owned, charge the companies rent for the use of the premises, run up debts, then put the companies into liquidation. He would then register new companies and continue the process.
Other investigations that the Asset Management Corporation of Nigeria has been called upon to conduct have been in response to reports by anonymous whistleblowers alleging fraud or other misdeeds on the part of senior officials, requiring external counsel to conduct internal investigations and interview staff in an effort to ascertain whether the allegations made had any validity.
The Asset Management Corporation of Nigeria has continued to receive instructions to conduct independent investigations on behalf of individuals and corporations under investigation outside Nigeria on allegations of having been involved in some sort of misconduct that has taken place in Nigeria. A feature of most of these instructions has been that they have come either directly from a United States corporation, or from a Nigerian company that was managed by a United States corporation or in which a United States corporation had either a majority or controlling interest. Nigerian companies continue not to be inclined to use external counsel for such matters, and where the need for an external investigation is envisaged – usually in circumstances where financial misconduct is a feature – audit firms tend to be the first port of call.
Nigeria, still regarded as a ‘difficult’ jurisdiction, does not feature as frequently in Foreign Corrupt Practices Act (FCPA) enforcement proceedings as it once did. Perhaps as a result of this, the Asset Management Corporation of Nigeria has not been involved in any FCPA-related matters in the past two years.
In the past, external counsel had to conduct separate inquiries to validate (or otherwise) investigations previously conducted by both internal and external auditors where non-Nigerian parent corporations were concerned with establishing facts in instances where there were suspicions of bribery, fraud and other misdeeds in Nigerian subsidiaries and affiliates. Unlike the process today, these investigations tended to be one of a number of investigations conducted. Typically, there would first be some sort of internal audit or inquiry. This would often be followed up by a separate inquiry conducted by external auditors and, finally, inquiries conducted by external counsel. The external counsel could be from outside Nigeria and may or may not have worked with local Nigerian counsel, or Nigerian counsel working with in-house counsel from within and outside the country. These inquiries tended in the past to be totally uncoordinated, and usually one inquiry would follow the other. Today, such investigations are more likely be coordinated, with external counsel working with in-house counsel, and internal and external auditors. The focus of these exercises was usually to establish facts and determine what, if any, remedial action was required. In most of such cases, there were rarely, if ever, any major concerns about whether or not the corporations themselves had been engaged in any unlawful or improper conduct.
FCPA, Organisation for Economic Co-operation and Development anti-bribery and UK Bribery Act provisions have required corporations to have more and more elaborate internal compliance provisions and procedures. Many of these corporations have turned to external bodies to help them in the formulation of these procedures and to local external counsel for help in ensuring that these procedures are capable of working and in designing processes to test the procedures. Local external counsel will also be called in where the procedures appear to have failed to assist in evaluating what damage may have been caused, and remedying any problems. The firm engaged, on a full-time basis, a certified fraud examiner to support its work in this area and assist in providing clients with advice on processes to reduce the scope for losses from fraud, and enable the speedy identification of circumstances that could occasion loss.
In addition to the types of activities set out above, external counsel in Nigeria are being called upon to advise on or participate in the conduct of internal investigations. Where these investigations are at the behest of or for the benefit of non-Nigerian corporations with interests in Nigeria, the concern is frequently to ensure that local laws are complied with, as well as to provide local Nigerian insights into applicable foreign laws that bind the non-Nigerian corporations. For example, Nigeria’s data protection and privacy laws were, until recently, more or less non-existent when compared with laws in the United States and many European countries. During 2018, the National Information Technology Development Agency (NITDA), which is charged with providing regulations in this area, conducted consultations that resulted in the issuance of the Nigerian Data Protection Regulations (NDPR). The regulations are primarily intended for all bodies that collect customers’ data. They are being actively enforced by NITDA and persons found to be in breach of the privacy rights of any data subject are liable to be fined based on the number of data subjects they are responsible for. Smaller data controllers (fewer than 10,000 data subjects) are liable to be fined up to the larger of 1 per cent of their annual gross revenue or 10 million naira. Larger data controllers are liable to pay the larger of 2 per cent of their annual gross revenue or 10 million naira. The NDPR limits the circumstances in which customer data can be lawfully processed without express consent of the data subject. These include situations where processing is:
- necessary for performance of a contract or for performance of a task at the request of the subject;
- in compliance with a legal obligation;
- necessary in order to protect vital interests of the data subject or another natural person; or
- where it is necessary for public interest reasons or in the exercise of an official public mandate.
Other situations that have arisen have been where there has been some enforcement action outside Nigeria. Some corporations have addressed the problems solely from a non-Nigerian perspective only to be confronted later with Nigerian enforcement activity, and the prospect of having to address, and possibly meet, sanctions in Nigeria that are essentially a repetition of what had been faced elsewhere. There is, therefore, a need to be aware of this danger and seek to obtain local advice at the earliest time. Given the somewhat poor performance of Nigerian enforcement agencies, many corporations may be tempted not to address such problems in as robust a manner as they might have in their home jurisdictions. What needs to be remembered is that such poor performance is unlikely to persist indefinitely. The performance of most local enforcement agencies is improving, and in spite of present difficulties, is likely to continue to improve. There are no limitation laws in Nigeria with regard to criminal conduct, so not paying attention to these matters is hardly a sound, or wise, choice.
Growing mergers and acquisition activity, and the search for new markets in a global economy that has seen little growth in developed economies, has resulted in more and more enhanced due diligence being required in relation to acquisitions in Nigeria. This development has expanded the work that Nigerian practitioners are being called upon to perform – they are being called upon more and more to provide background advice on Nigerian individuals and their corporate and business interests. It is likely that this will become an increasingly significant area for Nigerian practitioners engaged in this area of work.