The African Growth and Opportunity Act (AGOA) has served as the cornerstone of the U.S.-Africa commercial relationship for more than two decades but it is set to expire on September 30, 2025. While the legislation’s unilateral trade preferences have provided economic benefits for countries across sub-Saharan Africa, AGOA as a whole remains underutilized. To ensure continuity in U.S-African trade ties, the United States must grapple with the legislation’s potential reauthorization now, with a particular focus on how the utilization of AGOA might be improved.

Just a renewal of AGOA won’t be enough to achieve this ambitious vision, though. Instead, the Biden administration should double-down on its partnership with AGOA beneficiaries and ensure that each country makes greater use of the program, including through National AGOA Strategies, in a manner that promotes regional and continental value chains.

Continue Reading How the Biden Administration can Make AGOA More Effective

If there is a silver lining to most crises, the accelerated move toward digitized commerce globally and in Africa may be one positive outcome of the COVID-enforced lockdown. It is welcome news there that the South African Minister of Communications and Digital Technologies (“Minister”) published the Draft National Data and Cloud Policy (in Government Gazette no. 44389) (“Draft Policy”) for public comment. The Draft Policy seeks to create an enabling environment for the provision of data and cloud services in an effort to move “towards a data intensive and data driven South Africa” that ensures social and economic development and inclusivity. The Draft Policy affects a few key areas, which we briefly highlight below.

The objectives of the Draft Policy are to:

  • Encourage universal access to broadband connectivity, along with access to data and cloud services;
  • Eliminate regulatory barriers and enable competition in the data and cloud sector;
  • Implement effective measures to ensure the security of cloud infrastructure;
  • Create institutional mechanisms to govern data and cloud services;
  • Support the development of small, medium, and micro enterprises (“SMMEs”);
  • Promote research, innovation, and technological developments in relation to cloud;
  • Increase the government’s capacity to deliver relevant data and cloud-based services to the public;
  • Promote data sovereignty and security with respect to South African data; and
  • Encourage alignment with the Fourth Industrial Revolution (“4IR”), the OECD Framework and standards adopted by the European Union.

Draft Policy proposal relating to digital infrastructure

The Draft Policy recognizes that digital transformation in South Africa relies upon further developing electronic communication networks, mobile communication networks, and cloud and data infrastructure services in the country.

In relation to universal access and service delivery obligations, the Draft Policy recommends a government-backed digital platform and for all South African citizens to be provided with an online identity in order to receive services more easily.

The Draft Policy discusses the need for a Wireless Open Access Network (“WOAN”) “to extend the digital infrastructure footprint and services” across the country. The Draft Policy also refers to various measures to ensure the deployment of electronic communication infrastructure, which will help to bridge the digital divide by ensuring universal access to cloud and data infrastructure services for all South Africans.

The Draft Policy also proposes that existing networks of state-owned enterprises, such as Sentech and Broadband Infraco, be consolidated to form a State Digital Infrastructure Company (“SDIC”), which will provide network connectivity for the State. Continue Reading Overview of South Africa’s Draft National Data and Cloud Policy

Our Africa Anti-Corruption Practice has previously outlined key considerations for handling internal investigations and remediation of compliance issues in Africa.  Here, we take a closer look at a particular aspect of remediation, the root cause analysis.  After the dust settles on an investigation identifying misconduct, a root cause analysis can serve as the most effective tool to determine why the misconduct occurred and what can be done to prevent it in the future.  Drawing on a longer article we recently published in Global Investigations Review’s 2021 Europe, Middle East, and Africa Investigations Review, we describe below strategies and methodologies for conducting root cause analyses, focusing on specific considerations for companies operating in Africa.

Key Takeaways:

  • Companies should promptly conduct root cause analyses following investigations that identify misconduct, in order to meet enforcement authority expectations and pinpoint all the underlying causes of misconduct.
  • There is no “one size fits all” approach to conducting a root cause analysis, and companies should consider adapting root cause analysis methodologies developed in other contexts.
  • Building on their risk assessments, companies investigating misconduct in Africa should consider whether specific challenges of operating on the continent may serve as the root causes underlying compliance issues.


Done properly, a root cause analysis is distinct from an investigation, which is focused on identifying misconduct and its immediate causes, or the resultant remedial actions (e.g., employee discipline), which seek to address and correct the control failures and employee actions identified through an investigation.  Rather, a root cause analysis is designed to explore deeper systemic and cultural issues that have allowed or encouraged the misconduct to occur in the first place.  By identifying those root causes, a company can develop strategies to prevent the reoccurrence of misconduct and address any underlying compliance issues and control failures that may present broader risks.

In the last five years, United States enforcement agencies, particularly the U.S. Department of Justice (“DOJ”), have made clear their expectation that companies conduct root cause analyses in the face of misconduct.  In fact, DOJ has noted that the ability to “conduct a thoughtful root cause analysis of misconduct” is a hallmark of an effective compliance program.[1]  Further evidencing this expectation, in the context of U.S. Foreign Corrupt Practices Act enforcement actions, DOJ may require a company to demonstrate that it has conducted a root cause analysis in order to earn credit for appropriate remediation, and is increasingly including a root cause analysis requirement in deferred prosecution agreements.[2]  This trend extends beyond the United States — for example, in 2018 the Agence Francaise Anticorruption referred to root cause analyses in the context of guidance on auditing anti-corruption compliance programs.[3]

While enforcement agencies increasingly expect companies to perform root cause analyses, they have offered limited guidance on how to conduct such exercises.  Thus, when considering methodologies for conducting an effective root cause analysis, companies may be well-served by drawing on existing processes and methodologies that have been developed in other contexts, including in response to safety failures, security incidents, or product defects.  Some of the most commonly used root cause analysis methodologies include:

  • Five Whys Method: After a problem is identified, ask “why” five or more times in order to get at the core of an issue.
  • Ishikawa or Fishbone Method: Create a visual cause-and-effect model with the problem as the head of a fish, the primary causes as the bones of the fish, and the underlying root causes as sub-branches supporting each bone.
  • Logic Tree Method: Visually set out the events in a hierarchical structure leading to the problem. For each event, include a node noting the cause and/or effect of that event.
  • Fault Tree Analysis: Start with the problem and list the possible causes in a hierarchical format. For each cause, continue to identify the underlying events or issues until a “tree” is developed with various root causes.

Regardless of the methodology used, it is critical that a root case analysis consider broader underlying causes of the misconduct, including business pressures, misalignment of incentives, cultural issues, personnel issues, and/or the capacity of the compliance function to address misconduct and root cases.  An effective root cause analysis should also develop a structured, replicable process and produce written work product.

At the outset of a root cause analysis, a company should consider the appropriate team for the exercise.  As discussed further in our article, a multifunctional team, including individuals from compliance and other control functions along with members of relevant business lines, can be particularly effective.  Companies should also consider whether to involve counsel in the exercise and whether they intend to claim the protection of the attorney-client privilege or work product doctrine over the exercise.

Companies operating in Africa may have an important set of cultural, regulatory, and capacity factors that they should consider when conducting root cause analyses.  While these factors are by no means unique to Africa, and may be present to some degree in many emerging markets, they may present more acutely in Africa and in combinations that tend to compound compliance risks.  For example:

  • Geographic and operational isolation: In our experience, geographic and cultural distance between subsidiary operations in Africa and headquarters in the U.S. or Europe can pose a range of challenges. These can include the pure logistical challenges of headquarters personnel visiting the subsidiary, as well as challenges achieving local management buy-in to compliance policies that are perceived as unworkable on the ground and not tailored to the challenges of operating in Africa.
  • New market entry and integration issues: In cases where expansion was accomplished via acquisition of a business already operating in Africa, inadequate integration and failure to implement and train employees on a compliance program can result in significant compliance and controls challenges.
  • Security issues: Physical security risks may result in necessary engagement with police or government security forces, which can raise corruption and compliance risks.
  • Regulatory issues, local ownership, and local content: Underdeveloped local regulations coupled with individual discretion can result in systemic corruption. Further, local shareholder and content regulations can create compliance risks, as they allow for channeling money, business, or other things of value to government officials or their affiliates.

This article was prepared by Covington attorneys qualified to practice law in the United States.  It does not constitute legal advice.  If you have further questions about your compliance programs, how to conduct due diligence on a local partner, or Covington’s anti-corruption work in Africa, please contact Ben Haley at, Jennifer Saperstein at, Noam Kutler at, or Ishita Kala at


[1] U.S. Dep’t of Justice, “Evaluation of a Corporate Compliance Program,” June 2020, 17,; U.S. Dep’t of Justice and U.S. Sec. and Exchange Comm., “A Resource Guide to the U.S. Foreign Corrupt Practices Act: Second Edition,” July 2020, 67,

[2] U.S. Dep’t of Justice, “FCPA Corporate Enforcement Policy,” March 2019, 3,; see, e.g., United States v. Herbalife Nutrition Ltd., Deferred Prosecution Agreement, C-9 (August 28, 2020),; United States v. Beam Suntory Inc., Deferred Prosecution Agreement, C-9 (October 23, 2020),

[3] Agence Francaise Anticorruption, Guidelines to help private and public sector entities prevent and detect corruption, influence peddling, extortion by public officials, unlawful taking of interest, misappropriation of public funds and favouritism (2018),

What if a wall could restore degrading land or save biodiversity? Imagine that it stretched from Senegal to Djibouti, was about three times the size of the Great Barrier Reef, and made entirely of trees and vegetation. With an influx of funding from a coalition of international development banks and governments, that wall is one step closer to becoming reality.

In 2007, the African Union launched the Great Green Wall initiative, as part of Declaration 137 VIII. The goal was to restore Africa’s degraded landscape by planting vegetation about 10 miles wide and over 4,000 miles long in the Sahel region, at the southern edge of the Sahara desert.  The goal has since evolved to address not only degradation, but land use, peacebuilding, and climate change. Continue Reading Africa’s Great Green Wall

In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate, and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s Protection of Personal Information Act, 2013 (“POPIA”) is set to go into full effect on July 1, 2021, it is critical for organizations operating in South Africa to ensure that they are ready if and when the Information Regulator comes knocking.

It is only when organizations start their POPIA journey that they realize just how wide the POPIA net is cast, and that very few businesses fall outside of its reach.  The road to POPIA compliance should be viewed as a marathon, and not a sprint.  While implementing and maintaining an effective POPIA compliance program will take continued effort and resources well beyond the July 1, 2021 go-live date, here we outline five steps to which companies subject to POPIA should give their attention in the short term. Continue Reading Final Countdown to POPIA Compliance – Five Critical Steps to Take Before July 1st, 2021

Can African governments head off a sustained spike in the spread of COVID-19 and recover economically in 2021? How will the Biden administration engage the continent? Will companies implement more effective due diligence efforts in their supply chains to prevent human rights abuses? What impact will efforts to battle corruption and mitigate climate change have in the coming year? Covington’s Africa Practice offers insights on these questions and other key issues that will define 2021 on the continent.

COVID-19 Recovery: Since Africa confirmed its first COVID-19 case in February 2020, every country has been affected, leading to over 100 million cases and two million deaths. The World Health Organization applauded African governments for their swift responses which curtailed wide-spread infections but contributed to the region’s first economic recession in twenty-five years. Over the last month, Africa has been hit hard by a second wave of COVID-19. Daily case rates have increased to almost twice the rates in July and August 2020, prompting South Africa, among other nations, to re-impose severe measures aimed at preventing deaths. Continue Reading Top Issues to Watch in Africa: 2021

Recently, there has been a significant level of attention given to data protection and privacy matters on the Continent, and in the just the past year, we have seen new laws proposed or enacted in places like Nigeria, Egypt, Kenya, and of course South Africa, although prior to that, places like Morocco, Ghana and Mali sought fit to regulate in this space, passing their own data protection laws. In 2014, the African Union adopted its convention on cybersecurity and data protection, which 14 countries have signed, and a number have ratified. As things currently stand, nearly half the countries making up the region have enacted comprehensive data privacy laws. The data protection landscape in Africa is a fascinating place, reflecting some interesting trends.

Today’s episode is Part II of our “View from Johannesburg” series and features Dan Cooper and Robert Kayihura. Click here to view Part I of our series and download our Key Takeaways from the episode.

Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside Privacy Blog to receive notifications on new episodes.

A growing number of African countries have begun to ease COVID-19 related regulatory restrictions. Some countries, such as Kenya, Rwanda, and Senegal resumed international flights in August, while other countries like South Africa and Nigeria are only now opening their borders. For a continent that slipped into recession for the first time in a quarter century due to the pandemic, the reopening is a welcome step toward restoring economic growth across Africa.

This is a significant development considering the swift action that many African governments took in the early days of the pandemic. Many African nations introduced some of the world’s most stringent regulations that placed restrictions on the movement of people domestically and halted international travel from high-risk areas, including Asia, Europe, and the United States. The World Health Organization has praised Africa’s coronavirus response, attributing it to the significant decrease in infection rates over the past few months. Given the relatively low number of infections, a number of government’s across the continent have begun easing COVID-19 related restrictions and re-opening economies. According to the World Health Organization (WHO) and the Africa Centre for Disease Control, the number of daily confirmed cases has been on the decline for about two months, with the continent accounting for just under 5 percent of cases globally and 3.6 percent of deaths, from a population of more than one billion people. Continue Reading African governments ease COVID-19 restrictions and reopen economies

On June 22, 2020, the South African President announced that certain provisions of POPIA would take effect on July 1, provisions which most regard as essential to the statute, such as those imposing conditions on the lawful processing of personal information, procedures for handling complaints, and general enforcement provisions. Only days later, the South African Information Regulator issued his own statement welcoming the coming into force of these crucial provisions, including those giving the regulator the power to impose administrative fines of up to 10 million ZAR (or over 500,000 Euros). Although there will be a 12-month grace period, organizations subject to the law are acting now.

Today’s episode is Part I of our “View from Johannesburg” series, and features Dan Cooper, Shivani Naidoo and Ahmed Mokdad.

View our Key Takeaways from the episode.

Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside Privacy Blog to receive notifications on new episodes.


South Africa Eases COVID-19 Restrictions

On September 16, 2020, President Cyril Ramaphosa announced that South Africa would move from Alert Level 2 to Alert Level 1 of Risk Adjusted Strategy as of midnight on September 20, 2020. This is in part in response to the relatively low levels of infections and the government led interventions to combat the spread of COVID-19. While South Africa has confirmed over 650,000 infections and has suffered 15,000 deaths, recent data illustrates that the number of new cases has substantially decreased—from nearly 14,000 new daily cases on July 24, 2020 at its peak, to just 1,555 new cases on September 20.

This announcement comes a few days after the Minister of Cooperative Governance and Traditional Affairs (COGTA) announced the extension of the national state of disaster from 15 September 2020 to 15 October 2020, as published in Government Gazette 43713. The reason for the extension of the national state of disaster is to grant government the authority required to continue updating existing legislation and contingency arrangements undertaken to address the impact of the pandemic. Continue Reading South Africa Eases COVID-19 Restrictions