Written by Thomas Kendra, Partner in Hogan Lovells’ Paris international arbitration practice & also co-head of Hogan Lovells’ Paris-Africa group

The general growth of compliance

The focus on compliance is growing worldwide: whilst once a term that concerned only a sub-set of specialist industries, compliance is now becoming an essential concern for all companies. For instance, since 2010, the amount of ‘Compliance Officer’ positions held in the United States has risen by almost 50%.^[1] This development is spurred in large part by shifting global priorities more generally. An obvious example is the increased focus on environmental sustainability, which has in turn given rise to a range of environmentally focused regimes demanding strict compliance: in the 2022 Hogan Lovells Global Compliance Survey Steering the Course,82% of the compliance leaders consulted stated that identifying risk pertaining to the Environment (such as climate impact), Social issues (such as impact on local communities) and Governance (such as internal diversity profile of employees and senior management) (together ESG) is a current and future priority in their business strategy.^[2] The world’s ever-increasing digitalisation is another factor influencing compliance, with regulators charged to keep pace with technological developments in order to guard against misuse.

This article takes a look at the issue of compliance from an African perspective. It begins with a brief snapshot of global trends, and notably the developments in Europe, before turning to the impact of such advances on Africa. Here we can see that business practices, while still in the development phase, are rapidly changing to conform with both international norms and also to keep up with the numerous reforms taking place across the continent. We then briefly review two specific regimes to serve as examples of the nature of measures being put in place: Rwanda has made great strides in respect of corruption, and its 2021 Companies Law demonstrates its continued efforts to progress in this regard; meanwhile, the Côte d’Ivoire’s data protection regime has been in place for almost ten years and has since served as a benchmark for many other African jurisdictions. All current indicators suggest that such changes on the continent will only continue, meaning that corporates and legal advisers situated on the continent, irrespective of specific jurisdiction, would be well placed to focus their attention on compliance issues, in order to keep up with the way in which business is developing.

A snapshot of Europe, a reference point for compliance

The focus on compliance within Europe has grown exponentially in recent years. The UK Bribery Act (the UKBA) is now over ten years old – the UKBA was lauded as raising the bar for global anti-corruption standards and it continues to grow in significance, as seen with the recent first ever UK corporate conviction for the bribing of another person; the bribes related to mining contracts across Africa and caused harms worth USD 128m. Since the UKBA’s introduction, there has been a marked increase globally in the amount of comparable regulation: in Hogan Lovells’ 2016 survey on anti-bribery and corruption procedures, 69% of compliance leaders surveyed stated that regulatory pressure was increasing; in Hogan Lovells’ 2020 survey into the same topic, this figure had hardly changed, with 68% still feeling that regulatory pressure was on the rise.^[3] An example of such additional regulation was France’s Loi Sapin 2 (2016), which created a new French anti-corruption regime related to transparency and risk mitigation – the Loi Sapin 2 is focused on prevention as much as cure, with a large focus on educating large companies on the measures they should have in place. France has also pioneered in other ways, such as through their introduction of the Law on Vigilance (2017), which is forcing greater transparency on the part of large companies operating in France. The Law on Vigilance requires companies (of the requisite size) to create and publish detailed “vigilance plans” in respect of items such as their supply chains. Though still somewhat novel, the Law on Vigilance is already leading to a host of varied, ongoing actions. The specific issues being raised – such as in respect of crude oil drilling in Uganda, deforestation in Brazil, and indigenous rights in Mexico – have focused largely on the community and/or environmental impact of global projects led by French companies.

The rising focus on transparency and compliance is also evident when taking a more continent wide perspective, with the EU on the verge of introducing its own comprehensive “vigilance” legislation: following the approval of a law to “obligate human rights and environmental due diligence” for companies, the European Commission is now in the process of preparing the concrete legislative proposal; this process has naturally triggered much discussion amongst businesses set to be affected. Furthermore, the EU has already introduced items such as: (1) the Sustainable Finance Disclosure Regulation, which sets out criteria by which to classify different financial products according to their sustainability characteristics; and (2) the EU Taxonomy for Sustainable Activities, which seeks to define objectively certain types of “environmentally sustainable economic activities”. These types of regulation essentially look to define what it means to be ‘green’, and in turn create an objective standard to comply with.

Where does Africa currently fit in?

The conversation regarding compliance in Africa has often, historically, been in respect of problems or difficulties encountered on the continent. For example, World Duty Free v Kenya (2006) is often seen as the landmark corruption arbitration following its determination on the arbitrability of corruption. The case concerned a contract for the right to operate duty-free shops in Kenya’s international airports; the contract was, the tribunal found, procured via illegal corruption, a fact not absolved by the allegedly “customary practice” in Kenya to make payments to government officials in advance of doing business (a practice termed “harambee” in the arbitration). Over 15 years later and the same issues are still arising, with the Paris Court of Appeal in March 2022 setting aside an arbitral award in the case of Le Groupement Santullo Sericom v Gabon on the basis that the public works contracts at the heart of the dispute were procured through corruption. These cases speak to a wider problem: to take the example of Gabon, according to the Brookings Institution an estimated USD 26.2bn left the country between 1980 and 2018 in illicit financial flows (IFFs) (i.e. illegal capital transfers such as through corruption, crime, terrorism, and tax evasion), a figure equal to 13.6% of the country’s total trade in the same period; more broadly, panel members for the United Nations Economic Commission for Africa estimated in 2013 that around USD 50bn in IFFs departs from West Africa alone each year^[4]; and, in 2015, Transparency International’s “Africa Survey” found that 22% of Africans who had been in contact with a public service in the previous 12 months said they had paid a bribe.^[5]

However, whilst issues still exist, Africa is nonetheless making clear strides in the compliance sphere. The Oxford Business Group’s Governance, Risk Management and Compliance Report (2022), undertaken in respect of Western and Central Africa,states that, in summary, compliance standards for the researched jurisdictions are “improving across the board” – below, we highlight some of these specific improvements and analyse the factors facilitating and/or compelling their development.

Firstly, in terms of reasons underpinning shifting African practice, global regulatory changes are directly material: the African economy is highly globalised, and so wide-ranging measures adopted by legislators outside of Africa can have a direct effect on African companies. For example, referring back to the French Law on Vigilance,any African entity with over 10,000 employees, and where some of those employees are based in France, comes within the Law’s remit, hence demonstrating the potential influence of European legislation on African compliance.

Secondly, such global regulatory changes also have a more indirect effect, given that the international actors doing business in Africa are bound to comply with the new standards; these obligations in turn affect how those international companies are able to conduct business in Africa. For example, where a European actor is required to assess the compliance standards throughout the totality of its supply chain (as required by some of the legislation discussed above), that actor will be prevented from dealing with any African entities whose compliance standards are insufficiently transparent. Indeed, referring to Hogan Lovells’ 2022 Steering the Course survey, 81% of compliance leaders stated that “integrated ESG programs will positively impact their organisation’s reputation”. In other words, even where not directly required by regulation, European actors are starting to implement stricter regimes also from a reputational standpoint. In turn, African entities dealing with these European partners are compelled to improve their standards, in order to comply with the requirements of their counterparts.

Thirdly, and similarly, European compliance standards are also relevant in Africa given their influence on securing European investment. For example, the rise of ‘green finance’ and ESG-focussed investment is ever more important: research by Bloomberg has forecast that the value of ESG investment will reach almost USD 50bn by 2025 (or a third of all global assets under management).^[6] In order to procure such investment, African entities are required a) to implement rigorous ESG policies in order to be eligible for ‘green financing’ and b) to implement adequate transparency such that prospective investors can verify their compliance and eligibility.

Furthermore, and of more influence even than the indirect influence of European developments, there is also a rapidly expanding system of controls being introduced in a range of African jurisdictions. Looking first at the Finance Sector, out of 26 jurisdictions surveyed by the Official Monetary and Financial Institutions Forum think-tank, 17 had some sustainability-focussed policies (up from 12 in 2021).^[7] Some of the recent changes included the central bank of Uganda’s introduction of its strategic five-year plan, which includes the promotion of a “sustainable financial system”, whilst South Africa, Mauritius, Kenya, and Egypt all require for banks “to take climate change into account” when managing risk and reporting. Similarly, in 2019, the Bank of Ghana implemented sustainability principles that aim to promote: risk management; robust ESG practices; gender equality; financial inclusion, and resource efficiency. Meanwhile, in the same year, the National Bank of Rwanda created the requirement for banks to prepare an overall report explaining the link between their financial performance and their social, environmental and economic impact. Finally, in terms of non-ESG banking regulation, La Commission Bancaire de L’Afrique Centrale (COBAC) has steadily introduced a range of measures over recent years to improve banks’ compliance with prudential reserve ratios. Similarly, in August 2019, the Bank of Ghana revoked the licences of 23 insolvent financial companies “in a bid to bolster confidence in the country’s banking sector”, whilst the Central Bank of Nigeria revoked the licences of seven payment platforms and 42 microfinance banks in December 2020 “as part of a wider drive to create a more credible financial system amid a trend of new financial technology firms and other non-traditional banking services entering the market”.^[8] Moving away from finance, there has also been a recent surge of regulation in the data protection sphere. The world’s ever-increasing digitisation has rendered data protection more pertinent than ever, and recent legislative shifts suggest that Africa is reacting to meet this concern. As of the end of 2021 there existed comprehensive data laws in 33 African countries, many of which are based on international models such as the European GDPR or the California Consumer Privacy Act, such as Côte d’Ivoire’s Protection of Personal Data Law which is examined in more detail below.

A closer look: the examples of Rwanda and Côte d’Ivoire

Rwanda’s approach to Corporate Governance

Rwanda has made incredibly impressive strides in respect of corruption. In 2021, Rwanda ranked 52 on Transparency International’s Global “Corruption Perceptions Index”, having been as low as 121 in 2006. Rwanda’s 2021 placement was only bettered by four other African countries.^[9] Similarly, in 1996, Rwanda’s Control of Corruption – judged according to the World Bank’s World Governance Indicators – was in approximately the 30^th percentile globally, whereas in 2018 it had risen to approximately the 70^th percentile.The World Bank comments that, “[i]n 20 years, Rwanda has moved from a high level of corruption to a level on par with middle income countries. Its success in reducing administrative corruption—the type of corruption captured in international corruption assessments—is unprecedented for a country at Rwanda’s level of economic development”.^[10]

Numerous factors have facilitated Rwanda’s development. Various bodies to tackle, monitor and receive reports of corruption were formed, such as the Office of the Ombudsman, the Office of the Auditor General, and the National Tender Board in the early 2000s, and the Rwanda National Police’s Inspectorate of Police Services and Ethics in 2013. Steps were taken to alter the discourse and “de-normalise” corrupt practice, such as by publicising high-profile corruption cases, and regularly publishing a “convict database” to “name and shame” any individuals convicted for corruption.

In 2007, Rwanda began shaping certain regulation in accordance with the Doing Business report, and in 2009 created a steering committee to focus on business entry, licensing reform, legislative changes, taxes and trade logistics, construction permits, and property registration. The Doing Business project provides objective measures of business regulations and their enforcement across 190 economies and selected cities at the subnational and regional level.^[11] Rwanda’s changes included an overhaul of the Company Law, which permitted individuals to establish a business using a standard form, rather than being obligated to use a notary, as well as the introduction of a law regulating the distribution of information from credit bureaus. This credit law led to the country’s first private credit bureau, which provides wider coverage than the public registry because it includes information from utilities. In December 2011, the public registry stopped issuing credit reports, and now only the private bureau shares credit information.

Despite its evident advances, Rwanda continues to take action to continue its progress. In August 2020, the Rwandan government established the Financial Intelligence Centre to monitor suspicious financial transactions, freeze and seize suspicious funds, provide and exchange information with other countries’ financial intelligence authorities, and issue regulations on administrative misconduct and sanctions. On 5 February 2021, Rwanda again overhauled its approach to corporate law, via the implementation of the Law Governing Companies (Law no. 007/2021 of 5 February 2021). This new law introduced new transparency requirements in respect of beneficial ownership. Companies, via either their secretary or their board, must maintain a register of beneficial owners which includes beneficial ownership information from the previous 10 years. A company will incur liability if it fails to keep adequate records, whilst individuals themselves also face fines or imprisonment if found to disclose false information on shareholding or beneficial ownership. Other changes introduced by the Law include defining the purpose of a Community Benefit Company, stating it should have a positive impact on society and the environment.

Today, Rwanda’s Ease of Doing Business rank is second behind only the Mauritius among Sub-Saharan African jurisdictions.^[12]

Côte d’Ivoire – Data Protection and Cybersecurity

As Africa continues to digitise, which inevitably leads to an ever more concentrated store of potentially accessible personal data, strict data regulation, and compliance with that regulation, is key for protecting Africa’s citizens. Via its implementation in 2013 of Law 2013-450 on the Protection of Personal Data (the Law), Côte d’Ivoire helped set the pace for data protection in Africa. The chief regulator in respect of the Law is the Telecommunications/ICT Regulatory Authority of Côte d’Ivoire (ARTCI). ARTCI are in charge of items such as enforcement and granting relevant approvals, but they also assist from an advisory standpoint, such as through public awareness campaigns to educate individuals about their rights and informing companies about proper and effective practice. For example, in October 2022, ARTCI established the Permanent Exchange Framework Initiative, which “aims to be an inclusive melting pot where innovative ideas are discussed, concrete ideas suggested, and relevant proposals made for a better application of [the] Law.” The Law itself is founded upon four key principles and largely mirrors the EU’s GDPR: personal data must be treated in a fair and lawful manner (Article 15); consent must be given for the processing of personal data (Article 14); personal data should only be held and processed for a pre-determined duration and for an express, legitimate purpose (Article 16), and the degree or amount of personal data processed should be proportional (Article 16). As discussed above, though not yet continent wide, regimes like that of Côte d’Ivoire are increasingly prevalent throughout Africa: Zambia, Rwanda and Zimbabwe all enacted concrete legislation in 2021, and as of February 2022, Malawi, Eswatini, The Gambia, South Sudan and Ethiopia all had draft bills in place.^[13]

What’s next for African compliance?

Compliance is evidently a broad concept with many subsets – it effectively encapsulates the duty to adhere to all manner of legal and regulatory requirements, industry standards and community expectations. This article has largely focused on three key aspects of compliance, namely: ESG compliance; data protection and cyber-security; and corruption. Of these, as discussed, the data protection landscape in Africa is advancing at speed, and even where regulation is not yet in place the International Association of Privacy Professionals reports that “[t]he enactment of data protection legislation across Africa bodes well for the future.”^[14] Conversely, corruption concerns undeniably remain an issue, with Sub-Saharan Africa obtaining the lowest global average score in the Corruption Perception Index as of 2021. Indeed, a majority of citizens in 18 countries surveyed by Afrobarometer in 2019-2020 felt that “corruption increased in their country during the previous year and their government is doing too little to control it.”^[1^5] In short, just as is the case for developing economies globally, there remains work to do on all sides to help turn the tide in respect of corruption.

As for African ESG compliance, progress arguably lies somewhere between the two: KPMG’s 2021 East Africa CEO survey revealed that 40 percent of the region’s company chiefs are still reluctant to implement ESG programmes for fear they will reduce financial performance; however, evidence suggests that this balance will soon shift, and that Africa could be on the precipice of truly overhauling ESG standards across the continent. The International Monetary Fund has agreed to lend Rwanda approximately USD 310 million under a new tool intended to help nations bolster their defences against climate change. In response, National Bank of Rwanda Governor John Rwangombwa has stated that “we are now working on… what policy measures we need to take, what regulatory measures we need to put in place to support these bigger government efforts.” Mr. Rwangombwa’s comments demonstrate the place of compliance within climate action more generally: according to the Africa Venture Capital Association Sustainability Study in 2021, more than 97% of Limited Partnerships in Africa have ESG considerations in their process from the investment’s inception;^[16] meanwhile, the European Investment Bank, following a 2021 survey of 78 sub-Saharan African banks, summarised to say that “African financial institutions are moving quickly to increase green lending and digital innovation.”^[17] As this focus on green investment continues to grow, so too must the regulation (and complementary compliance) in this regard, in order to ensure that Africa can increasingly attract such investment. Regulatory reform, if sufficiently far-reaching and well considered, will help ensure that such investment is being genuinely and effectively employed for its purported aims, in a manner that suits Africa’s economic and environmental development.

Co-authored by:

Julien KAVARUGANDA, a partner in the firm K-Solutions and former president of the Rwandan bar, and
Mr Yves-Joël ESSE, Compliance Manager at the bank BCI – BNP PARIBAS in Côte d’Ivoire, as well as
Mr. William Kassy Kadio, Head of the Dematerialisation Department at the ARTCI (Autorité de Régulation des Télécommunications de Côte d’Ivoire)

^[1]https://www.statista.com/statistics/1086150/compliance-officers-employment-usa/#:~:text=In%202021%2C%20there%20were%20334%2C340,when%20it%20stood%20at%20204%2C000.

^[2] https://stc3.hoganlovellsabc.com/

^[3] https://stc.hoganlovellsabc.com/

^[4] https://www.un.org/africarenewal/magazine/december-2013/africa-loses-50-billion-every-year

^[5] https://www.transparency.org/en/publications/people-and-corruption-africa-survey-2015

^[6] https://african.business/2022/06/finance-services/african-pension-funds-lead-the-way-on-esg/

^[7] https://www.reuters.com/business/finance/more-african-countries-implementing-esg-finance-policies-study-2022-10-13/

^[8] https://oxfordbusinessgroup.com/sites/default/files/blog/specialreports/963241/ASCOMA_Focus_Report_EN.pdf

^[9] https://tradingeconomics.com/country-list/corruption-rank?continent=africa

^[10] https://openknowledge.worldbank.org/bitstream/handle/10986/34564/Rwanda-s-Anti-Corruption-Experience-Actions-Accomplishments-and-Lessons.pdf?sequence=1&isAllowed=y

^[11] https://archive.doingbusiness.org/en/about-us

^[12] https://archive.doingbusiness.org/en/rankings?region=sub-saharan-africa