Top Issues to Watch in Africa: 2021

Can African governments head off a sustained spike in the spread of COVID-19 and recover economically in 2021? How will the Biden administration engage the continent? Will companies implement more effective due diligence efforts in their supply chains to prevent human rights abuses? What impact will efforts to battle corruption and mitigate climate change have in the coming year? Covington’s Africa Practice offers insights on these questions and other key issues that will define 2021 on the continent.

COVID-19 Recovery: Since Africa confirmed its first COVID-19 case in February 2020, every country has been affected, leading to over 100 million cases and two million deaths. The World Health Organization applauded African governments for their swift responses which curtailed wide-spread infections but contributed to the region’s first economic recession in twenty-five years. Over the last month, Africa has been hit hard by a second wave of COVID-19. Daily case rates have increased to almost twice the rates in July and August 2020, prompting South Africa, among other nations, to re-impose severe measures aimed at preventing deaths.

In 2021, we expect African governments to build on the Partnership to Accelerate COVID-19 Testing, an initiative that expanded the continent’s capacity for testing, contact tracing and treatment. We also expect more support for the Africa Medical Supplies Platform, an online marketplace to help lower the cost of accessing COVID-19 test kits and personal protective equipment). Procuring and distributing the COVID-19 vaccine is a key priority for government leaders across the continent. The IMF expects that nearly half of Africa’s 54 countries will return to growth rates over four percent in 2021.

Biden and Africa: Given the economic downturn in the US, COVID infection rates and a focus on accountability related to the January 6th insurrection at the U.S. Capitol, expectations should be measured for quick U.S. engagement in the continent. Nevertheless, Biden has called for a global summit on democracy, which will include some African governments and civil society leaders. This is more relevant than ever given the democratic back-sliding on the continent and the need to reaffirm democratic principles globally. We will be watching to see whether the Biden administration continues negotiations on the U.S.-Kenya Free Trade Agreement, how it supports the implementation of the African Continental Free Trade Agreement and the future of the African Growth and Opportunity Act, scheduled to expire in 2025. We will also be watching how the Biden administration translates the priority it will place on climate change into its relations with African governments. Finally, the Biden administration will have to develop a response to the intensifying security threats in the Sahel, Somalia, and northern Mozambique.

Digital Economy: Increased internet penetration, cloud computing, Internet of Things (IoT), Industry 4.0, and advanced technology have taken root in Africa and have been accelerated during the COVID-19 pandemic. As such, many African countries have sought to develop regulatory and institutional frameworks to integrate their digital economies to enable digital transactions and participate in global digital trade. Thus far, only a few African countries have implemented legislation to regulate the protection of personal data, cross-border transfers of data, cybersecurity and electronic transactions, all of which have been identified as key elements for a digital economy. South Africa, Kenya, and Egypt are the latest countries that have enacted a comprehensive set of data protection regulations and have established data protection authorities. We will be monitoring new country regulations that seek to protect the right to privacy and ensure the protection of personal data of its citizens in 2021, while paying special attention to how nations throughout the content seek to harmonize their respective national regulations.

Business and Human Rights: For companies doing business in Africa, continued U.S. enforcement actions related to forced labor and the ongoing development of legislative proposals related to due diligence will be key issues to watch in 2021 from a human rights perspective. We anticipated an increased number of enforcement actions from the Customs and Border Protection (“CBP”) in 2020, and ultimately the agency issued 15 Withhold Release Orders (“WROs”) compared to the six issued in 2019. CBP also imposed the first penalty for forced labor violations since the passage of the Trade Facilitation and Trade Enforcement Act in 2015, collecting $575,000. Likewise, on October 20, 2020, CBP issued the first forced labor Finding since 1996, in relation to stevia sourced in China. This is worth noting as a formal Finding requires conclusive evidence of forced labor, a higher standard than the reasonable suspicion necessary for issuance of a WRO. We anticipate ongoing aggressive enforcement actions from CPB, and as it pertains to Africa, CBP’s ongoing investigation into forced labor in the cocoa supply chain in West Africa will be of consequence to companies engaged in the chocolate business.

In addition, the European Commission is set to introduce legislation on mandatory human rights due diligence of EU companies, as announced by European Commissioner for Justice Didier Reynders. The new law could also make provisions for corporate liability and access to remedies for victims of abuse. The European Commission also launched a public consultation on sustainable corporate governance, which is open until February 8, 2021, and addresses these plans for mandatory human rights due diligence. Notably, this consultation takes into account the European Parliament report put forward by Lara Wolters, Member of the European Parliament, and particularly recommends that the Commission’s proposal apply to both EU companies and non-EU “limited liability undertakings”, requiring due diligence across entire value chains “inside or outside the EU”. Furthermore, the Second Revised Draft of the UN Treaty on Business and Human Rights is scheduled to be discussed further, with proposals requiring State Parties to introduce mandatory human rights due diligence measures on all transnational corporations within their territory. For companies dealing in Africa, these proposals together raise interesting questions on scope, the framing of a due diligence duty, the willingness of States to become parties, and the forms of enforcement.

 Anti-corruption: As we noted in a recent client advisory, we have observed an upward trend in recent years in anti-corruption enforcement activity in Africa, including cross-border cooperation between African law enforcement authorities and their counterparts in the U.S. and UK. Looking ahead to 2021 and beyond, we see no reason to expect this trend to reverse.

In South Africa, the Commission of Inquiry into Allegations of State Capture (the “Zondo Commission”), created in 2018, has now held over 300 days of testimony focused on fraud and corruption during the administration of former President Jacob Zuma. In 2020, we saw the wide-ranging State Capture investigations begin to bear more fruit in terms of high-profile prosecutions, with none more significant than the November 2020 institution of corruption and money-laundering charges against African National Congress Secretary General Ace Magashule relating to an asbestos removal contract in the Free State. Aided by recent rule changes enabling Zondo Commission investigators to share evidence for use in criminal prosecutions, we expect that 2021 will see more high-profile prosecutions growing out of the Zondo Commission’s work.

Angola has also seen a flurry of recent investigative enforcement activity focused on alleged corruption and money laundering by family members and associates of former President José Filomeno dos Santos. As with the State Capture investigations in South Africa, the so-called “Luanda Leaks” scandal in Angola has drawn scrutiny from numerous foreign law enforcement authorities, including authorities in the U.S., Portugal, and the Netherlands.

The African Development Bank (“AfDB”) also has become more active in recent years in bringing suspension and debarment proceedings in relation to fraudulent and corrupt practices in AfDB-financed projects. While the World Bank remains the most active enforcer of its suspension and debarment regime among multilateral development banks, 2020 was the most active year in the history of the AfDB in terms of the number of debarments.

Against this backdrop, companies operating in Africa are well advised to focus on building compliance programs that account for guidance from international enforcement authorities, but that are also tailored to the unique challenges of doing business on the continent. This includes focusing on core risks, such as local content requirements and empowerment transactions, conducting effective internal investigations, and remediating identified compliance issues in a timely and appropriate manner.

Elections: There are 14 presidential and parliamentary elections scheduled for 2021 on the continent. Several of these contests are noteworthy for different reasons and are highlighted here. In Uganda, President Yoweri Museveni, who has maintained power since 1986, won a sixth term in a January 14 election characterized by violence and controversy. In South Sudan, President Salva Kiir’s transitional government comes to an end this year after two postponements of national elections and a three-year extension. The government will be challenged to reach national unity without a power-sharing deal of the country’s warring parties. Somalia, where presidential elections are scheduled for February 8, faces greater political violence in the wake of the withdrawal of U.S. special operation forces from the country by President Trump. In Libya, the December 2021 presidential and parliamentary elections provide an opportunity for democratic reform in the context of the ceasefire deal between the internationally-recognized Government of National Accord led by President Fayez al-Sarraj and the eastern-based Libyan National Army led by military general Khalifa Haftar. The outcome will be important for rebuilding the country after the 2011 overthrow of former President Muammar Gaddafi. Finally, in Ethiopia, conflict between the Tigray People’s Liberation Front and Prime Minister Abiy Ahmed threatens a nation that has been a pillar of stability in the Horn of Africa. Elections are scheduled for June 5..

 Project Finance: As is the case in other markets, infrastructure investments are key to reigniting Africa’s economic growth and development in the wake of the COVID-19 pandemic. According to the AfDB, the infrastructure funding gap is in excess of $100 billion a year. However, despite the impact of the COVID-19 pandemic on African economies, we have seen development finance institutions, both in and outside of Africa, taking active steps to prioritize economic development projects in Africa in an effort to close the infrastructure funding gap. For example, the U.S. International Development Finance Corporation (“DFC”) recently deployed a new equity instrument in an amount of $171 million, expanded its portfolio in Africa, and launched new initiatives to address the economic and health consequences of the COVID-19 pandemic. DFC’s new equity instrument allows it to invest in funds in support of development and foreign policy objectives where lending and insurance alone have been insufficient. This is in the form of direct equity investments into companies or projects in the developing world which will have developmental impact, or otherwise advance U.S. foreign policy. The equity instrument also allows for a range of new investments by DFC, complementing the then Overseas Private Investment Corporation’s already robust funds program. As a financial tool, direct equity provides DFC with greater flexibility to: (i) invest in early and growth-stage companies; (ii) partner with other financial institutions; and (iii) enable investees to scale operations more efficiently to create greater development impact.

Regionally, the AfDB approved a $7 million grant from the Sustainable Energy Fund for Africa for technical assistance in setting up a mini-grid acceleration initiative to meet the needs of the continent’s fast-evolving renewable mini-grid industry. Other significant financings include the AfDB’s $500,000 grant agreement concluded between AfDB and the Government of Uganda for financing of micro, small and medium enterprises to boost business linkages on the East African Crude Oil Pipeline technical assistance project, and a $120 million loan to fund the construction of a 50MW hydropower plant in Western Tanzania.

These financings provide renewed hope for Africa’s economic recovery. We expect to see more investment by development finance institutions particularly in the clean energy sector in 2021.

Climate Change: In 2020, East Africa had the worst outbreak of desert locusts in decades. Countries across Africa had devastating floods and now face a looming threat of drought on account of a La Niña event. The COVID-19 crisis has aggravated the effect of these conditions.

The COVID-19 crisis led the Bureau of the Conference of Parties to postpone the 2020 UN Climate Change Conference, COP 26, to 2021. With this delay, Africa has the most to lose. On the agenda for COP 26 are issues left unresolved from December 2019, including guidance for Paris Agreement Article 6 carbon market and non-market mechanisms, common timeframes, and long-term financing—key shortcomings of COP 25. These issues remain particularly important to Africa, which experts have identified as most vulnerable to climate change impacts and poised to benefit from developed countries delivering on their pledge to jointly raise $100 billion per year in climate financing in 2020. The African Group of Negotiators on Climate Change issued a response to the decision to postpone the COP 26, calling on developed countries to agree on a path forward to close the climate finance gap. We will be watching how countries approach climate financing in the coming year.

We will also be watching countries’ responses to the United Nations Environment Program’s annual emissions gap report, which measures the disparity between the world’s current path and the actions needed to effectively manage climate change. According to the December 2020 findings, countries would need to roughly triple their current emissions, cutting pledges to limit the Earth’s warming in line with Paris Agreement targets. Although there was a decrease in greenhouse gas emissions during the COVID-19 pandemic in 2020, that decrease will have a “negligible long-term impact” on climate change unless countries alter their policies and behavior.

Inside Privacy Audiocast: Episode 6 – View from Johannesburg Part II: Top Data Policy Trends to Look Out For in Africa

Recently, there has been a significant level of attention given to data protection and privacy matters on the Continent, and in the just the past year, we have seen new laws proposed or enacted in places like Nigeria, Egypt, Kenya, and of course South Africa, although prior to that, places like Morocco, Ghana and Mali sought fit to regulate in this space, passing their own data protection laws. In 2014, the African Union adopted its convention on cybersecurity and data protection, which 14 countries have signed, and a number have ratified. As things currently stand, nearly half the countries making up the region have enacted comprehensive data privacy laws. The data protection landscape in Africa is a fascinating place, reflecting some interesting trends.

Today’s episode is Part II of our “View from Johannesburg” series and features Dan Cooper and Robert Kayihura. Click here to view Part I of our series and download our Key Takeaways from the episode.

Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside Privacy Blog to receive notifications on new episodes.

African governments ease COVID-19 restrictions and reopen economies

A growing number of African countries have begun to ease COVID-19 related regulatory restrictions. Some countries, such as Kenya, Rwanda, and Senegal resumed international flights in August, while other countries like South Africa and Nigeria are only now opening their borders. For a continent that slipped into recession for the first time in a quarter century due to the pandemic, the reopening is a welcome step toward restoring economic growth across Africa.

This is a significant development considering the swift action that many African governments took in the early days of the pandemic. Many African nations introduced some of the world’s most stringent regulations that placed restrictions on the movement of people domestically and halted international travel from high-risk areas, including Asia, Europe, and the United States. The World Health Organization has praised Africa’s coronavirus response, attributing it to the significant decrease in infection rates over the past few months. Given the relatively low number of infections, a number of government’s across the continent have begun easing COVID-19 related restrictions and re-opening economies. According to the World Health Organization (WHO) and the Africa Centre for Disease Control, the number of daily confirmed cases has been on the decline for about two months, with the continent accounting for just under 5 percent of cases globally and 3.6 percent of deaths, from a population of more than one billion people.

After a strict lockdown period which resulted in gross domestic product contraction of an annualized 51 percent in the second quarter of 2020, South Africa moved from Alert Level 2 to Alert Level 1 of the Risk Adjusted Strategy on midnight of September 20, 2020. This change allowed for, among other things, the re-opening of international borders with some restrictions. As part of the gradual return to regular economic and social activity, government revised regulations relating to gatherings, travel, and curfews for commercial activities. Social, religious, political and other gatherings are permitted under Alert Level 1, as long as the number of people does not exceed 50 percent of the normal capacity of a venue, up to a maximum of 250 people for indoor gatherings and 500 people for outdoor gatherings. Strict health protocols, such as washing or sanitizing hands, social distancing and mask-wearing, remain in place.

The pandemic has devastated the economy of Africa’s most populous country, Nigeria, resulting in a 61 percent year-on-year contraction in the second quarter of 2020, with the World Economic Forum projecting that the economy is set for its worst recession in four decades. The fall in global oil prices, the industry that generates 90 percent of Nigeria’s export revenues, has resulted in increased unemployment.  International flights to and from Nigeria resumed on September 5, 2020, following a five month suspension. Hospitality establishments have been allowed to resume operations at 50 percent capacity, while schools and university have also started re-opening.

With Kenya reporting 38,115 positive cases of the coronavirus as of September 27, 2020, the East African country is considering ways to re-open the economy. A highly contested topic is the re-opening of schools, originally scheduled for January 2020. In the meantime, travel restrictions have been eased allowing the tourism sector to resume operations following months of closure.

For further information, please reach out to Covington’s COVID-19 Task Force at, Witney Schneidman at or Mosa Mkhize at

Inside Privacy Audiocast: Episode 5 – View From Johannesburg Part I: GDPR vs. POPIA – What Should Businesses Be Considering?

On June 22, 2020, the South African President announced that certain provisions of POPIA would take effect on July 1, provisions which most regard as essential to the statute, such as those imposing conditions on the lawful processing of personal information, procedures for handling complaints, and general enforcement provisions. Only days later, the South African Information Regulator issued his own statement welcoming the coming into force of these crucial provisions, including those giving the regulator the power to impose administrative fines of up to 10 million ZAR (or over 500,000 Euros). Although there will be a 12-month grace period, organizations subject to the law are acting now.

Today’s episode is Part I of our “View from Johannesburg” series, and features Dan Cooper, Shivani Naidoo and Ahmed Mokdad.

View our Key Takeaways from the episode.

Covington’s Inside Privacy Audiocast offers insights into topical global privacy issues and trends. Subscribe to our Inside Privacy Blog to receive notifications on new episodes.


South Africa Eases COVID-19 Restrictions

South Africa Eases COVID-19 Restrictions

On September 16, 2020, President Cyril Ramaphosa announced that South Africa would move from Alert Level 2 to Alert Level 1 of Risk Adjusted Strategy as of midnight on September 20, 2020. This is in part in response to the relatively low levels of infections and the government led interventions to combat the spread of COVID-19. While South Africa has confirmed over 650,000 infections and has suffered 15,000 deaths, recent data illustrates that the number of new cases has substantially decreased—from nearly 14,000 new daily cases on July 24, 2020 at its peak, to just 1,555 new cases on September 20.

This announcement comes a few days after the Minister of Cooperative Governance and Traditional Affairs (COGTA) announced the extension of the national state of disaster from 15 September 2020 to 15 October 2020, as published in Government Gazette 43713. The reason for the extension of the national state of disaster is to grant government the authority required to continue updating existing legislation and contingency arrangements undertaken to address the impact of the pandemic.

Eased restrictions

The following activities are permitted under Alert Level 1:


  • Gatherings will be allowed as long as the number of people do not exceed 50% of the normal capacity of a venue—up to a maximum of 250 people for indoor gatherings and 500 people for outdoor gatherings;
  • Maximum capacity at funerals has been increased from 50 to 100 people;
  • Night vigils are still prohibited;
  • Venues such as gyms and recreational facilities may have 50% of total capacity; and,
  • Existing restrictions on sporting events remain in place.


  • The government will gradually ease restrictions on international travel for business and leisure from October 1 – subject to containment measures. A list of permitted countries will be published and based on the latest scientific data;
  • International travel will only be allowed through the main border ports or through OR Tambo International, Cape Town International, or King Shaka International;
  • Travelers will need to provide a negative coronavirus certificate or will be put into quarantine at their own cost; and
  • All travelers will be required to install the COVID-19 alert level app, which helps the government facilitate effective contract tracing.


  • The evening curfew will apply between midnight and 4:00 a.m.;
  • Alcohol for home consumption can be sold between 9:00 a.m. and 5:00 p.m., Monday to Friday;
  • Consumption of alcohol at restaurants, taverns etc. will be allowed subject to adherence to the curfew; and,
  • More government facilities and services will return.

Regulations which give effect to the eased restrictions were published on September 17, 2020 under Government Gazette No 43725.

For further information, please reach out to Covington’s COVID-19 Task Force at, Mosa Mkhize at and/or Shivani Naidoo at




Africa Compliance Minute Series – What Does DOJ’s Recent Guidance on Compliance Programs Mean for Companies Operating in Africa?

In a recent client alert, we explored the U.S. Department of Justice’s (“DOJ”) June 2020 update to its guidance on Evaluation of Corporate Compliance Programs (the “DOJ Guidance”).

In this series of posts, our Africa Anti-Corruption Practice will be focusing on the key takeaways from the DOJ Guidance through the lens of companies operating in Africa, starting with a foundational question: Why does guidance issued by U.S. law enforcement authorities matter to companies operating in Africa?

Strictly speaking, the DOJ Guidance does not “require” anything of companies, regardless of where they are headquartered, incorporated, or operate. Even for U.S. companies, the DOJ Guidance is not a prescriptive regulation with the force of law. Rather, it is a guidance document that is “meant to assist [U.S.] prosecutors in making informed decisions as to whether, and to what extent, [a] corporation’s compliance program was effective at the time of [an] offense, and is effective at the time of a charging decision or resolution.” This evaluation by prosecutors can impact various aspects of a DOJ enforcement action, including the form of resolution (e.g., guilty plea vs. deferred prosecution agreement), the monetary penalty imposed, and other compliance-related obligations imposed in a settlement (e.g., self-reporting requirements or independent compliance monitorships).

Although the DOJ Guidance is on the surface intended as guidance for prosecutors, DOJ is undoubtedly speaking to a corporate audience as well. By providing the framework under which U.S. prosecutors evaluate compliance programs, the DOJ Guidance provides an “answer key” of sorts, allowing companies to test the effectiveness of their compliance programs before they come under the scrutiny of prosecutors.

For companies operating in Africa that have the most significant exposure to U.S. law (e.g., affiliates or partners of U.S.-headquartered or U.S.-listed companies), the reasons for heeding the DOJ Guidance are obvious – the DOJ Guidance will provide the “rules of the game” in the event that the company finds itself defending its compliance program before DOJ.

For companies with less meaningful ties to the U.S., which may face less significant risks of prosecution under U.S. law, the DOJ Guidance is still highly relevant for several reasons:

1 — The DOJ Guidance Reflects International Best Practice and Provides a Useful Evaluative Framework for Compliance Programs

The DOJ Guidance is by no means the only guidance that companies should consider in designing, implementing, and evaluating their compliance programs, and companies are well served by considering other sources of guidance that may be relevant to their programs. That said, the DOJ Guidance is largely reflective of emerging international best practice, regardless of the particular legal exposure that a company operating in Africa may face. Indeed, many other sources of compliance program guidance echo best practice that U.S. authorities have articulated and refined over the past several years based on their experience investigating and prosecuting hundreds of foreign bribery and other economic crime cases.

We have also found the DOJ Guidance to be among the most detailed and user-friendly sources of guidance in this area, particularly when read together with enforcement precedents. By focusing on three pillars: (1) program design; (2) implementation, resourcing, and empowerment; and (3) practical effectiveness, the DOJ Guidance provides a useful evaluative framework that should help companies better organize program assessment and enhancement exercises, and explain those steps to business stakeholders. We have found that the DOJ Guidance can be fairly easily translated into a series of questions in different program areas to enable a program assessment.

2 — The DOJ Guidance May Provide the Standards by Which A Company’s Program is Judged by Business Partners and Other Stakeholders

As we have previously discussed in a post outlining the business case for investing in compliance programs, separate from satisfying the expectations of enforcement authorities, having an effective compliance program that meets international standards can help to drive commercial success, including by giving companies a competitive advantage in interactions with key stakeholders such as customers, business partners, and investors. That is particularly true where such stakeholders are themselves subject to U.S. law and have mature compliance programs built around U.S. standards.

In the procurement context, for example, many of our clients evaluate the strength of their suppliers’ compliance programs alongside traditional commercial criteria such as price and quality of services. In addition, lenders and investors are increasingly factoring compliance considerations into their decision-making processes. Finally, in an environment where issues such as sustainability and human rights are driving consumer and employee choices, companies should be prepared for integrity issues to become increasingly relevant to consumers and employees, who may “vote with their feet” if they are unsatisfied with a company’s commitment to compliance. Being able to demonstrate that a company has a compliance program consistent with the DOJ Guidance can often go some way in satisfying such stakeholders.

3 — The Reach of U.S. Law and Increasing Enforcement Activity in Europe and Africa

Finally, given the potential reach of U.S. law (which in some circumstances can be triggered by fleeting connections to the U.S., such as correspondent bank transactions flowing through U.S. financial institutions), it is difficult for a company operating in Africa to completely insulate itself from exposure to violations of U.S. law. In the event that a company finds itself in a DOJ investigation, its compliance program will be judged by the standards set forth in the DOJ Guidance regardless of whether the company is headquartered, incorporated, or listed in the United States.

Along similar lines, with increasing enforcement activity by authorities in Europe and Africa, a company that builds its compliance program around the DOJ Guidance and similar sources of international best practice guidance will be better positioned to engage with such authorities.














Africa Compliance Minute Series – Acting Early to Save You Later: The Importance of Taking Corrective Action During the Course of an Investigation

In a recent contribution to the CovAfrica blog, our Africa Anti-Corruption Practice outlined key considerations for handling internal investigations in Africa.  Here we take a deeper dive into one of the most important, and challenging, aspects of internal investigations – remediation, drawing on a longer article we recently published in Global Investigations Review’s 2020 Europe, Middle East, and Africa Investigations Review.

Key Takeaways:

  • Taking corrective action during the course of an investigation can put a swift end to any ongoing misconduct and help a company avoid further losses or liability.
  • A company will often have enough information early in its investigation to take steps to mitigate the risk of continued harm to the company.
  • Promptly investigating and addressing identified risks can help to narrow the scope of the investigation and save a company time and money.


Even companies with the most robust compliance programs can expect to identify misconduct at some point. How a company responds to and remediates those issues can have a tremendous impact on the scope of its legal exposure and the collateral risks that come with compliance failures, such as reputational damage, debarment from eligibility for government or multilateral development bank-financed contracts, and other adverse commercial consequences.

Taking corrective action during the course of an investigation, rather than waiting until the end of the investigation, can help a company put a swift end to any ongoing misconduct and avoid further losses or liability that may be caused by control deficiencies underlying the misconduct. Swift action of this sort also aligns with the expectations of international enforcement authorities. For example, the U.S. Department of Justice (“DOJ”) may recommend reduced penalties or decline to prosecute a company based in part on the company’s “timely and appropriate remediation in [FCPA] matters.”

While identifying the root cause of a particular compliance issue may require a company to engage in a thorough analysis of its controls, operations, and culture—which is often not feasible midway through an investigation—a company will often have enough information during an investigation to take effective remedial action. For example, if a company determines early in an investigation that one of its business partners has made improper payments on the company’s behalf, but additional investigation is needed to determine who at the company was involved in authorizing such payments and the amounts at issue, the company can still take steps to mitigate the risk, such as putting a freeze on payments to the partner or even terminating the relationship with the partner altogether.

Companies can also narrow the scope of an investigation by taking swift action to mitigate risks identified in the course of the investigation. For instance, in the business partner example discussed above, by promptly freezing payments or terminating the partner, the company may be able to save itself the time and expense of having to take burdensome and potentially costly or impracticable remedial steps that might be expected if the company was to continue doing business with the partner (e.g., auditing the partner’s books and records, securing assurances sufficient to gain comfort that improper payments will not be made going forward, and conducting enhanced monitoring of future payments).

Remediating during the course of an investigation also may be essential in enabling the company to avoid the burdensome compliance measures that are sometimes imposed in enforcement actions, such as a requirement to engage an independent compliance monitor at the company’s expense.

Taking swift remedial action, especially against third parties, can be challenging in Africa due to a variety of factors, including local content and shareholding requirements that limit the pool of qualified partners or vendors as replacements. The challenges associated with taking remedial actions against a third party also may be particularly acute in Africa due to the fact that the business environment places a premium on relationships and collaboration. Terminating a particular third party may lead to significant adverse effects on a business, including operational disruptions, loss of goodwill in a community or with government stakeholders, and even physical security risks. Organizations may thus be required to weigh meaningful risks associated with ceasing to engage in business with a particular third party against the significant compliance risks that such a relationship may pose if they fail to take appropriate remedial action.

Notwithstanding the challenges that promptly acting to address compliance issues can present, doing so is almost certain to pay off in the long run as a company navigates the legal, commercial, and reputational consequences of identified misconduct.


South Africa Eases COVID-19 Restrictions with the Transition to Alert Level 2

On August 15, 2020, the Minister of Cooperative Governance and Traditional Affairs (COGTA) announced the extension of the national state of disaster. The national state of disaster was declared under Government Gazette No 43096 of 15 March 2020 (and extended by Government Gazette Nos 646 of June 5, 2020 and 765 of July 13, 2020), from August 15, 2020 to September 15, 2020. The reason for the extension of the national state of disaster is linked to the need “to continue augmenting the existing legislation and contingency arrangements undertaken by organs of state to address the impact of the disaster”. On the same day, President Cyril Ramaphosa announced a decision to transition the country from Alert Level 3 to Alert Level 2 of the Risk Adjusted Strategy, following consultation with the National Coronavirus Command Council, Cabinet and the President’s Coordinating Council.

Government Gazette No. 43620 sets out the revised restrictions that will govern this period effective 00H01 on August 18, 2020. The following restrictions have been lifted:

  • All inter-provincial travel.
  • Accommodation, hospitality venues, and tours may operate in accordance with approved protocols to ensure social distancing.
  • Restaurants, bars, and taverns may operate according to strict guidelines with respect to hours of operation and numbers of people who may gather at any given time.
  • The sale of tobacco products will be permitted.
  • The sale of alcohol may proceed for on-site consumption in licensed establishments until 22:00. Liquor outlets may sell alcohol for off-site consumption from Monday through Thursday from 09:00 to 17:00.
  • Restrictions on family and social visits may resume, though all should exercise extreme caution and undertake such visits only where necessary.

For further information, please reach out to Covington’s COVID-19 Task Force at, Robert Kayihura at, and/or Mosa Mkhize at



Making Your Intentions Known in Contract: Complex Formulae

As project finance becomes more widespread in Africa, government officials, bankers and developers will all become exposed to the complex documentation that comes with it. Some of the payment mechanisms can be very complicated and lawyers are often asked to include “worked examples” in the documentation. A recent case looked at the use of worked examples in contracts governed by English law. The court concluded the following:

  • worked examples are integral parts of finance and other commercial contracts;
  • it is often only when narratives and formulae are worked through that their true effect can properly be seen;
  • where there is more than one worked example, consistency among the examples (in this case the inclusion of a missing step), strongly suggests that this was a deliberate choice by the drafter; and
  • it is inherently more probable that the parties’ true bargain is to be found in the worked examples.

Important Takeaways from This Case

  • English law legal drafters should strongly consider including worked examples where complex formulae are used;
  • they should include more than one worked example; and
  • boilerplate construction clauses should be carefully drafted to ensure they do not contribute to any confusion concerning the precedence of worked examples.

One of the issues that the case does not address is that parties in a project financing also often rely on agreed and audited computer models when determining whether or not loans can be drawn or dividends paid. This case gives no guidance on what should happen if that computer model does not accurately reflect the terms of the loan documentation. This issue should be specifically addressed in the relevant documentation.

Case reference: Altera Voyageur Production Ltd v Premier Oil E&P UK Ltd [2020] EWHC 1891 (Comm) (17 July 2020)

If you have any questions concerning the material discussed in this client alert, please contact the following members of our Project Development and Finance Practice:

Steven Gamble                                  +27 823 305 689          
Graham Vinter                                   +44 20 7067 2062        


An Update on South Africa’s 2013 Protection of Personal Information Act

President Cyril Ramaphosa announced on June 22, 2020, that certain sections of the Protection of Personal Information Act, 2013 (Act 4 of 2013) (“POPIA”) would become effective on July 1, 2020.  POPIA gives effect to the right to privacy in section 14 of the Constitution of the Republic of South Africa, 1996 (Act 108 of 1996).  POPIA will impact all responsible parties that collect, store, process and / or disseminate personal information as part of their business activities.  POPIA defines a responsible party as “a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information”.  The commencement of these essential provisions contained in POPIA, now position South Africa in line with global best practice on data protection and privacy.  The commencement of POPIA signifies a great advance for the South African data protection and privacy legal landscape.


Since 2013, POPIA has been put into operation incrementally, with a number of sections of POPIA having been implemented in April 2014 (i.e. the definitions; legislation pertaining to the establishment and operation of the South African Information Regulator (“Information Regulator”); the power for the Minister of Justice and the Information Regulator to make and publish Regulations to give effect to POPIA and the procedural sections relating thereto).  The incremental implementation of POPIA was largely due to the publication of the draft EU General Data Protection Regulations (“GDPR”) in 2013 and its commencement thereafter in May 25, 2018, which guided and informed the South African legislature in the drafting of POPIA.  The South African legislature has ensured that POPIA mirrors the essential provisions contained in the GDPR.  For example, under the GDPR, as under POPIA, individuals have a right to request the deletion of their information or request a limitation of the processing of their information in certain instances, and all businesses now have a duty to report any data breach to the Information Regulator within 72 hours of becoming aware of the breach, where practicable.

POPIA provisions effective as of July 1, 2020

The POPIA provisions effective as of July 1, 2020 pertain to:

  • the conditions for the lawful processing of personal information.;
  • the regulation pertaining to the processing of special personal information;
  • codes of conduct issued by the Information Regulator;
  • procedures for dealing with complaints;
  • provisions regulating direct marketing by means of unsolicited electronic communication and the general enforcement of POPIA; and
  • all forms of processing of personal information must, within 1 year after the commencement of the section, be made to conform to POPIA.  In other words, all private and public entities will need to ensure compliance with POPIA by July 1, 2021 (see section 114(1) of POPIA)

See No. R. 21 of 2020 in Government Gazette no. 11136, Vol. 660 No 43461 dated June 22, 2020 sections 2 to 38; sections 55 to 109; section 111; and sections 114 (1), (2) and (3).

Sections 110 and 114(4) of POPIA will take effect June 30, 2021.  The delay in relation to the commencement of sections 110 and 114(4) is as a result of the fact that these sections pertain to the amendment of laws and the effective transfer of functions of the Promotion of Access to Information Act, 2000 (Act 2 of 2000) (“PAIA”) from the South African Human Rights Commission to the Information Regulator, which is yet to be concluded.

Key POPIA Provisions

With the commencement of POPIA, businesses operating within this space must demonstrate that they have implemented measures prescribed under and in terms of POPIA and its regulations, to ensure that personal information in its possession are protected from any unauthorized access, loss and/or use.  For example, Regulation 4 (Responsibilities of Information officers) read together with sections 55 to 56 of POPIA make provision for the appointment of an information officer, who must ensure that:

  • “a compliance framework is developed, implemented, monitored and maintained;
  • a personal information impact assessment is done to ensure that adequate measures;
  • and standards exist in order to comply with the conditions for the lawful processing of personal information;
  • a manual is developed, monitored, maintained and made available as prescribed in sections 14 and 51 of the PAIA;
  • internal measures are developed together with adequate systems to process request for information or access thereto; and
  • internal awareness sessions are conducted regarding the provisions of POPIA, regulations made in terms of POPIA, codes of conduct, or information obtained from the Information Regulator”.
  • POPIA also requires businesses to incorporate suitable technical and security measures to protect personal information, in line with the volume, nature, and sensitivity of the personal information in a business’s possession.

POPIA provides data subjects who are affected by a data breach the right to institute a claim against a business that has inadequately stored information.  Data subjects will not be required to prove that the business storing and/or processing the information was negligent in doing so.  This means that, POPIA empowers data subjects to institute claims against parties responsible for their personal information on a strict liability basis.

Furthermore, section 114(1) is of particular importance as it states that all forms of processing of personal information must, within 1 year after the commencement of the section, be made to conform to POPIA, which means that both public and private entities must ensure compliance with the POPIA by July 1, 2021.  However, it stands to reason that all entities subject to POPIA should attempt to comply with the provisions of the POPIA as soon as possible in order to give effect to the right of privacy.

Businesses should note that once POPIA is in full force and effect, non-compliance with POPIA may result in administrative fines of up to R10 million, imprisonment, civil damages and most importantly, reputational harm.


For further information on POPIA, please contact Robert Kayihura at or Shivani Naidoo at