Conducting Effective Internal Investigations in Africa

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight


The key elements of conducting an effective internal investigation in Africa are in many respects the same as in other geographies. Bedrock principles of sound investigative practice, such as the need to preserve evidence in a timely manner, and the need to fully follow the facts where they lead, remain a constant for a credible and reliable investigation, wherever it occurs. But our experience on the ground in Africa teaches us that investigations on the continent can present special challenges. Below we explore some of those challenges and offer practical guidance on how best to navigate them.

Preservation of relevant data

The need to focus on data preservation at the outset of an investigation is not unique to investigations in Africa. Considered, risk-based and proportionate data preservation steps are the foundation on which all credible internal investigations are built. In our experience, investigations in Africa can present a rare mix of challenges on this front, which, if not carefully managed, can undermine a company’s efforts to conduct an effective investigation.

Recent reports from the State Capture inquiry in South Africa remind us that the risk of spoliation of evidence in investigations in Africa is very real. In January 2019, a former senior executive of South African government contractor Bosasa gave evidence that the company engaged in widespread document destruction efforts to keep incriminating evidence out of the hands of government investigators, including deleting documents off company servers under the pretence of a fake server crash, and physically destroying computers and hard-copy records.[1]

While it can be difficult to prevent this type of deliberate destruction of evidence, there are steps that companies can take to minimise the risk of spoliation. For example, while issuing document preservation notices can be a necessary and appropriate step in many internal investigations, companies should consider whether such notices may lead to document destruction efforts, effectively ‘tipping off’ employees and providing a roadmap on what documents should be destroyed. To effectively mitigate this risk, companies might take preservation efforts before issuing preservation notices; such steps can include preservation of back-up tapes or taking snapshots of server data. In some circumstances, more invasive methods may be called for, such as taking unannounced forensic images of employee devices and collecting hard-copy records. Even steps such as these require a significant amount of planning and coordination (eg, consultation with local IT personnel), which itself could result in tipping off culpable employees. For these reasons, among others, it is often necessary to enlist the support of qualified forensic technology professionals to assist in preserving relevant electronic evidence.

Companies should also be mindful of the reality that employees in Africa regularly communicate regarding work-related matters on non-company communications channels, such as personal email, SMS messaging or WhatsApp. Regardless of a company’s official policy on whether their employees are permitted to use such channels for company business, enforcement authorities are likely to inquire about efforts to collect relevant data from these sources, and may question the credibility of a company’s investigation if the company cannot provide assurances that it has collected and reviewed relevant communications from all data sources. The US Department of Justice (DOJ) has focused on this issue in both individual investigations and statements of Department policy. For example, in its January 2019 indictment of several former Credit Suisse employees in the Mozambique Tuna Bonds investigation, DOJ alleged that these employees used personal email accounts to conspire with Mozambican officials and evade Credit Suisse’s internal controls.[2] And in the recently revised FCPA Corporate Enforcement Policy, DOJ provided that companies seeking full credit for effective remediation in an enforcement action must ‘implement[ ] appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications’.[3]

This leaves companies in a challenging position, given the privacy concerns and practical difficulties that come with efforts to collect data from non-company communications platforms. Having to work through these challenges for the first time under the time pressure of a live investigation, with the risk of spoliation as the hours pass, is never ideal. Companies will be better positioned to move swiftly if they have analysed the relevant privacy and employment law issues incident to such data collection before any investigation arises, and crafted appropriate policies informed by such analysis. For example, if the local data privacy law allows it, a company might impose obligations on employees to retain any work-related data contained on non-company communications channels, and make all personal devices on which such data is retained available on demand for collection by the company.

Privilege considerations

Companies conducting internal investigations in Africa should be mindful of privilege considerations from the outset of their investigations, and should not assume that investigations will be subject to the protections of privilege. Under well-established principles of US law, internal investigations conducted for the purposes of providing a company with legal advice will typically be subject to the protections of the attorney–client privilege. Additionally, if an investigation is conducted in anticipation of litigation (eg, a claim by a whistleblower or a government enforcement action), it may also be subject to the protections of the US attorney work product doctrine. Under English law, the legal advice privilege, which applies to communications between a lawyer and client that are made in connection with the provision of legal advice to the client, can similarly be applied to internal investigations conducted for the purposes of providing legal advice to a company (though the privilege applies to communications with a narrower range of company personnel – sometimes referred to as a ‘control group’). And similar to the US attorney work product doctrine, the English litigation privilege applies to communications between a lawyer and client, or between the lawyer or client and any third parties, for the purpose of obtaining information or advice in connection with existing or contemplated litigation. While there are important differences between US and English privilege law that may impact the extent to which communications and investigative materials prepared in the course of an investigation will be protected from disclosure to third parties, US and English law generally provide a fairly predictable framework governing internal investigations.

In African jurisdictions, the law of privilege is not as developed as it is in the US and UK, and the application of the privilege to internal investigations is far more uncertain. For example, there is typically uncertainty under domestic privilege laws on questions such as whether employee interviews conducted during investigations are subject to claims of privilege (and if so, whether the privilege applies only to the control group or more broadly); whether communications with third parties assisting in an investigation (eg, forensic accountants) are protected; and whether the attorney work product or litigation privilege applies at all to internal investigations, and if so, when it is triggered (eg, whether it requires a live government investigation). Given these uncertainties, companies should consider, at the outset of any investigation, which substantive laws are relevant. For example, do the facts under investigation suggest the possibility of jurisdiction under the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act? If so, it may be fairly said that the purposes of the investigation include providing legal advice on US or UK law. That alone may not protect communications and documents relating to the investigation from disclosure to local authorities (particularly in jurisdictions where the law of the forum is generally applied to resolve privilege disputes), but it may leave the company better positioned to resist such disclosure in the local jurisdiction, and to argue in a potential US or UK enforcement action that privilege applies. Additionally, investigators should consider retaining local counsel to determine the scope of the legal privileges that apply in each relevant jurisdiction. Finally, if relevant privileges apply in one country but not another, attorneys should consider ways to protect communications and work product within the scope of each relevant privilege. For example, where applicable, investigators can document that communications are being made for purposes of advising on issues of US or UK law, and ensure that the investigation team includes attorneys qualified in the relevant jurisdictions. In addition, company counsel can at the outset of an investigation issue a memorandum memorialising the purpose of the investigation and its relation to matters of US or UK law.[4]

Cooperation by witnesses and third parties

Internal investigations in Africa can present special challenges when it comes to cooperation by employees and third parties. In our experience, it is not uncommon for employees in Africa to be hesitant to cooperate in an investigation. This may result simply from a lack of familiarity with the process of internal investigations. However, investigators should be mindful of the possibility that employees asked to cooperate in an investigation may have concerns about adverse employment consequences. These concerns can be particularly acute in isolated subsidiary operations where employee reporting lines do not extend beyond local management. Worse yet, as evidenced in several recent high-profile investigations in Africa, employees may have concerns over violent reprisals.[5]

Companies can address these cooperation concerns in several ways. Companies can specify cooperation obligations and expectations in employment policies and agreements, as well as in training and communications regarding compliance matters. Additionally, when investigations arise, it is often good practice for companies to communicate with employees who may be involved in fact-gathering efforts before they are interviewed to provide information about the investigative process and outline cooperation obligations and expectations. These communications may include assurances on the company’s anti-retaliation policies. Finally, companies should take any reported threats of violence against cooperating employees seriously, and promptly seek to address them. This may involve consultations with corporate security personnel or independent security consultants. It may also necessitate personnel actions.

With respect to third parties, companies should consider appropriate contractual provisions to enable access to relevant books and records, as well as making individuals available for interviews. Such provisions can include audit rights, as well as affirmative obligations to provide reasonable cooperation in company investigations. Armed with these provisions, a company is on a far better footing in seeking to secure cooperation from a third party. However, invoking contractual provisions alone may not be enough, and companies should consider what potential commercial leverage they may have over third parties. For example, imposing a freeze on payments pending the provision of the requested information can be an effective tool. Special care should be taken in discussions with third parties, as this is where privilege claims are often at their weakest and the risk of leaks is often at its greatest.

Reporting obligations

Companies conducting investigations in Africa also need to be mindful of potential statutory reporting obligations. For example, in South Africa, The Prevention and Combating of Corrupt Activities Act (PRECCA) includes a provision imposing an obligation to report bribery offences, as well as offences relating to theft, extortion and forgery.[6] This provision, at section 34, requires that ‘[a]ny person who holds a position of authority and who knows or ought reasonably to have known or suspected’ that any other person has committed a covered offence, ‘must report such knowledge or suspicion or cause such knowledge or suspicion to be reported to any police official’. Notably, section 34 extends to a range of private individuals in addition to government officials, including ‘a member of a close corporation’, ‘the executive manager of any bank or other financial institution’, ‘any partner in a partnership’ and ‘any person who is responsible for the overall management and control of the business of an employer’. Section 34 does not impose a timeline for making such a report, and it does not impose an affirmative obligation to investigate.

Kenya’s Bribery Act, which came into force in January 2017, imposes a similar reporting obligation.[7] Section 14 of the Bribery Act provides that ‘[e]very state officer, public officer, or any other person holding a position of authority in a public or private entity shall report to the [Kenyan Ethics and Anti-Corruption Commission (EACC)] within a period of twenty-four hours any knowledge or suspicion of instances of bribery.’ The Bribery Act does not define ‘position of authority’ or provide further guidance on the ‘knowledge or suspicion’ standard.

Any company conducting an investigation of conduct in South Africa or Kenya should consider these reporting obligations at the outset of an internal investigation and as the investigation progresses. With limited guidance on key aspects of these laws, including the quantum of evidence required to trigger the reporting obligation, companies should seek local law advice on the application of these standards, and assess as the facts are developed whether there is an obligation to report. In cross-border matters, particularly those involving US or UK enforcement authorities, companies also need to consider how a report under either PRECCA or Kenya’s Bribery Act may need to be coordinated with any disclosures to foreign enforcement authorities to preserve credit for voluntary disclosure and cooperation in a foreign investigation.

Understanding common corruption schemes and related control issues

Companies conducting internal investigations in Africa should draw upon lessons learned from prior enforcement activity to help focus investigations and identify potential control weaknesses. Prior anti-corruption enforcement matters can provide a roadmap of sorts in planning and executing investigations, giving investigators an idea of where to look when investigating potential corruption and fraud matters.

Given that roughly 90 per cent of FCPA enforcement actions typically involve third-party relationships (eg, finders and intermediaries), third parties should always be a focus in corruption investigations in Africa. Beyond this focus on third parties, we see a number of more specific recurring themes that are worth considering.

Local shareholding

For many multinational businesses operating in Africa, having a local partner who holds some economic interest in a subsidiary or joint venture is a fact of life. Local equity stakes are frequently legally mandated or remnants of historical ownership structures. Regardless, we have seen a number of enforcement matters where local shareholding has been alleged as a vehicle for corruption, most commonly where a local interest is controlled by a government or parastatal official through a family member or associate, with corrupt transfers of value being carried out through dividend payments or related-party transactions with suppliers. This type of scheme was alleged in two matters involving Angola, the 2013 FCPA resolution involving oilfield equipment and services provider Weatherford, and the 2019 resolution involving medical product and services provider Fresenius Medical Care.[8] Along similar lines, in 2015, the SEC brought an enforcement action against Hitachi Ltd, alleging that its South African Black Economic Empowerment partner was a front for the African National Congress.[9]

Local content requirements

Local content requirements create a number of significant compliance and fraud risks. They may create convenient opportunities to channel money or other things of value (eg, jobs) to government or parastatal entity officials, their families or affiliates. The most obvious way that this can happen is for a company to contract with a local content provider for overpriced, or even non-existent, goods or services. Even if government or parastatal officials are not the beneficiaries of local content transactions, these transactions can raise self-dealing concerns, because they present opportunities for employees to steer lucrative contracts to relatives or associates. An example of how local content suppliers can be a vehicle for corrupt transfers of value comes in the 2017 SEC enforcement action against oilfield services company Halliburton, where the SEC alleged that to obtain lucrative oilfield services contracts, Halliburton contracted with an Angolan company owned by a former Halliburton employee who was the friend and neighbour of a parastatal official with authority to approve Halliburton subcontracts.[10]

Cash generation schemes

In any investigation involving corruption or fraud, investigators should be focused on how money or other items of value were transferred. This not only drives fact development on the conduct at issue (eg, the nature and extent of improper payments, and who executed and approved them), but allows a company to identify control weaknesses to be remediated. In Africa, we have observed a number of common schemes to generate cash that may be used for improper payments. One method is the use of ‘ghost employees’ (ie, non-existent employees) to generate payroll payments for illicit uses.[11] Another is the use of fictitious transactions (eg, purchases of materials or services that are never actually delivered).[12] In our experience in Africa, reimbursement of employee travel and entertainment expenses is also a common means of generating cash for a wide variety of uses. Finally, it is not uncommon in Africa for companies to pay vendors through cash expense processes rather than through more robust accounts-payable processes. While this method of paying vendor expenses does not necessarily mean that payments are being used for corrupt purposes, it may raise broader control issues and issues with inaccurate books and records. For this reason, a review of cash controls is often a critical part of an internal investigation in Africa.

Remediation considerations

From the outset of any internal investigation, companies should be thinking about how to address any compliance issues through remedial actions. This includes taking personnel action (eg, garden leave or termination) against those employees for whom there are concerns that they may have engaged in unethical or unlawful conduct; freezing outstanding payments or terminating relationships with third parties where misconduct is suspected or identified; and improving policies, procedures and controls that mitigate risks associated with the issues identified during the investigation. Taking corrective action during the investigation – rather than waiting until the end – is not only consistent with the expectations of enforcement authorities, it may also help to narrow the scope of an investigation by mitigating the risk of ongoing misconduct.

In our experience in Africa, implementation of remedial steps can be more challenging than in other environments for a variety of reasons. In a business environment that often puts a premium on relationships and collaboration, terminating a long-time employee or third party may cause considerable operational disruption. Moreover, many businesses in Africa face significant issues of physical security, geographical and operational isolation, and capacity constraints, meaning that finding qualified employees or vendors as replacements can be exceedingly difficult. In many markets in which we have assisted clients, we find that the pool of operationally qualified suppliers and employees is thin, and dealing with politically exposed persons is unavoidable. Finally, implementation of remedial actions and appropriate follow-up to ensure that enhanced controls ‘stick’ can be a challenge, particularly if compliance personnel are not stationed in the relevant operation.

For all these reasons, effective remediation of compliance issues in Africa typically requires early and robust stakeholder engagement. For example, as early as possible in the process of developing remediation plans, compliance professionals should have discussions on the operational impact of terminating an employee or supplier. This stakeholder engagement may require outreach to government officials who are used to dealing with particular individuals or representatives, meaning that it is often critical to have advice on matters of government affairs. Finally, this is an area where we believe it is often necessary to have company compliance personnel or representatives of the company (eg, outside counsel) on the ground in the relevant operation to assist in remediation activities, including specialised training, small-group workshops or discussions with management, and walk-throughs of enhanced controls.


[1] See Kyle Cowan, Bosasa Destroyed 40,000 Documents to Stymie SIU Probe – Agrizzi, News24 (23 January 2019), available at:; Affidavit of Angelo Agrizzi paras. 31.1-31.7, Commission of Inquiry Into State Capture (15 January 2019) (hereinafter ‘Agrizzi Affidavit’), available at:

[2] See US v. Jean Boustani et al, Indictment, 1:18-cr—00681-WFK (E.D.N.Y., 3 January 2019), available at:

[3] US Dep’t of Justice, Justice Manual Section 9-47.120, FCPA Corporate Enforcement Policy (March 2019), available at:

[4] See generally Steven E Fagell, Benjamin S Haley, Anthony Vitarelli, Practical Guidance for Maintaining Privilege Over an Internal Investigation, Practising Law Institute (2014), available at:; Jennifer L Saulino and Matthew V Miller, Practical Guidance for Maintaining Privilege and Work Product Protection in Cross-Border Internal Investigations (4 February 2019), available at

[5] See Pieter du Toit, State Capture Talking Points: Death Threats and Duduzane’s Merc, News24 (24 August 2018), available at:; Shuki Sadeh, Bribery Scandal at Israeli Construction Giant Blows Cover Off Its Business Practices in Africa, Haaretz (9 March 2018), available at:

[6] Prevention and Combating of Corrupt Activities Act 12 of 2004 (S. Afr.), available at:

[7] The Bribery Act, No. 47 (2016), Kenya Gazette Supplement No. 197, available at:

[8] US v. Weatherford International Ltd, Deferred Prosecution Agreement, Statement of Facts paras. 15-20, No. 13-CR-733 (SD Tex, 26 November 2013), available at:; In Re: Fresenius Medical Care AG & Co KGaA, Non-Prosecution Agreement, Statement of Facts paras. 16–29 (25 February 2019) (hereinafter ‘Fresenius NPA’), available at:

[9] SEC v. Hitachi Ltd, Compliant, No. 1:15-cv-01573 (DDC 28 September 2015), available at:

[10] In the Matter of the Halliburton Company et al, SEC Exchange Act Release No. 81222 (27 July 2017), available at:

[11] See, eg, US v. Panalpina World Transport (Holding) Ltd, Deferred Prosecution Agreement, Statement of Facts para. 53, No. 4:10-cr-00769 (SD Tex 4 November 2010), available at:; Agrizzi Affidavit paras. 16.2–16.5.

[12] See, eg, Agrizzi Affidavit para. 13.5 (describing fictitious sales of alcohol); Fresenius NPA, Statement of Facts para. 24 (describing payment of $560,000 for purported ‘Temporary Storage Services,’ where no storage services were provided).

Unlock unlimited access to all Global Investigations Review content