Our Africa Anti-Corruption Practice has previously outlined key considerations for handling internal investigations and remediation of compliance issues in Africa.  Here, we take a closer look at a particular aspect of remediation, the root cause analysis.  After the dust settles on an investigation identifying misconduct, a root cause analysis can serve as the most effective tool to determine why the misconduct occurred and what can be done to prevent it in the future.  Drawing on a longer article we recently published in Global Investigations Review’s 2021 Europe, Middle East, and Africa Investigations Review, we describe below strategies and methodologies for conducting root cause analyses, focusing on specific considerations for companies operating in Africa.

Key Takeaways:

  • Companies should promptly conduct root cause analyses following investigations that identify misconduct, in order to meet enforcement authority expectations and pinpoint all the underlying causes of misconduct.
  • There is no “one size fits all” approach to conducting a root cause analysis, and companies should consider adapting root cause analysis methodologies developed in other contexts.
  • Building on their risk assessments, companies investigating misconduct in Africa should consider whether specific challenges of operating on the continent may serve as the root causes underlying compliance issues.

***

Done properly, a root cause analysis is distinct from an investigation, which is focused on identifying misconduct and its immediate causes, or the resultant remedial actions (e.g., employee discipline), which seek to address and correct the control failures and employee actions identified through an investigation.  Rather, a root cause analysis is designed to explore deeper systemic and cultural issues that have allowed or encouraged the misconduct to occur in the first place.  By identifying those root causes, a company can develop strategies to prevent the reoccurrence of misconduct and address any underlying compliance issues and control failures that may present broader risks.

In the last five years, United States enforcement agencies, particularly the U.S. Department of Justice (“DOJ”), have made clear their expectation that companies conduct root cause analyses in the face of misconduct.  In fact, DOJ has noted that the ability to “conduct a thoughtful root cause analysis of misconduct” is a hallmark of an effective compliance program.[1]  Further evidencing this expectation, in the context of U.S. Foreign Corrupt Practices Act enforcement actions, DOJ may require a company to demonstrate that it has conducted a root cause analysis in order to earn credit for appropriate remediation, and is increasingly including a root cause analysis requirement in deferred prosecution agreements.[2]  This trend extends beyond the United States — for example, in 2018 the Agence Francaise Anticorruption referred to root cause analyses in the context of guidance on auditing anti-corruption compliance programs.[3]

While enforcement agencies increasingly expect companies to perform root cause analyses, they have offered limited guidance on how to conduct such exercises.  Thus, when considering methodologies for conducting an effective root cause analysis, companies may be well-served by drawing on existing processes and methodologies that have been developed in other contexts, including in response to safety failures, security incidents, or product defects.  Some of the most commonly used root cause analysis methodologies include:

  • Five Whys Method: After a problem is identified, ask “why” five or more times in order to get at the core of an issue.
  • Ishikawa or Fishbone Method: Create a visual cause-and-effect model with the problem as the head of a fish, the primary causes as the bones of the fish, and the underlying root causes as sub-branches supporting each bone.
  • Logic Tree Method: Visually set out the events in a hierarchical structure leading to the problem. For each event, include a node noting the cause and/or effect of that event.
  • Fault Tree Analysis: Start with the problem and list the possible causes in a hierarchical format. For each cause, continue to identify the underlying events or issues until a “tree” is developed with various root causes.

Regardless of the methodology used, it is critical that a root case analysis consider broader underlying causes of the misconduct, including business pressures, misalignment of incentives, cultural issues, personnel issues, and/or the capacity of the compliance function to address misconduct and root cases.  An effective root cause analysis should also develop a structured, replicable process and produce written work product.

At the outset of a root cause analysis, a company should consider the appropriate team for the exercise.  As discussed further in our article, a multifunctional team, including individuals from compliance and other control functions along with members of relevant business lines, can be particularly effective.  Companies should also consider whether to involve counsel in the exercise and whether they intend to claim the protection of the attorney-client privilege or work product doctrine over the exercise.

Companies operating in Africa may have an important set of cultural, regulatory, and capacity factors that they should consider when conducting root cause analyses.  While these factors are by no means unique to Africa, and may be present to some degree in many emerging markets, they may present more acutely in Africa and in combinations that tend to compound compliance risks.  For example:

  • Geographic and operational isolation: In our experience, geographic and cultural distance between subsidiary operations in Africa and headquarters in the U.S. or Europe can pose a range of challenges. These can include the pure logistical challenges of headquarters personnel visiting the subsidiary, as well as challenges achieving local management buy-in to compliance policies that are perceived as unworkable on the ground and not tailored to the challenges of operating in Africa.
  • New market entry and integration issues: In cases where expansion was accomplished via acquisition of a business already operating in Africa, inadequate integration and failure to implement and train employees on a compliance program can result in significant compliance and controls challenges.
  • Security issues: Physical security risks may result in necessary engagement with police or government security forces, which can raise corruption and compliance risks.
  • Regulatory issues, local ownership, and local content: Underdeveloped local regulations coupled with individual discretion can result in systemic corruption. Further, local shareholder and content regulations can create compliance risks, as they allow for channeling money, business, or other things of value to government officials or their affiliates.

This article was prepared by Covington attorneys qualified to practice law in the United States.  It does not constitute legal advice.  If you have further questions about your compliance programs, how to conduct due diligence on a local partner, or Covington’s anti-corruption work in Africa, please contact Ben Haley at bhaley@cov.com, Jennifer Saperstein at jsaperstein@cov.com, Noam Kutler at NKutler@cov.com, or Ishita Kala at ikala@cov.com

***

[1] U.S. Dep’t of Justice, “Evaluation of a Corporate Compliance Program,” June 2020, 17, https://www.justice.gov/criminal-fraud/page/file/937501/download; U.S. Dep’t of Justice and U.S. Sec. and Exchange Comm., “A Resource Guide to the U.S. Foreign Corrupt Practices Act: Second Edition,” July 2020, 67, https://www.justice.gov/criminal-fraud/file/1292051/download.

[2] U.S. Dep’t of Justice, “FCPA Corporate Enforcement Policy,” March 2019, 3, https://www.justice.gov/criminal-fraud/file/838416/download; see, e.g., United States v. Herbalife Nutrition Ltd., Deferred Prosecution Agreement, C-9 (August 28, 2020), https://www.justice.gov/usao-sdny/press-release/file/1312196/download; United States v. Beam Suntory Inc., Deferred Prosecution Agreement, C-9 (October 23, 2020), https://www.justice.gov/opa/press-release/file/1331666/download.

[3] Agence Francaise Anticorruption, Guidelines to help private and public sector entities prevent and detect corruption, influence peddling, extortion by public officials, unlawful taking of interest, misappropriation of public funds and favouritism (2018), https://www.agence-francaise-anticorruption.gouv.fr/files/2018-10/French_Anticorruption_Agency_Guidelines.pdf.

Photo of Benjamin Haley Benjamin Haley

Ben Haley leads the firm’s White Collar and Anti-Corruption Practice in the Middle East and Africa and is a chair of the firm’s broader Africa Practice. With deep experience representing clients before regulators in high-profile white collar and disputes matters and a history operating on…

Ben Haley leads the firm’s White Collar and Anti-Corruption Practice in the Middle East and Africa and is a chair of the firm’s broader Africa Practice. With deep experience representing clients before regulators in high-profile white collar and disputes matters and a history operating on the ground in emerging markets, he helps clients assess and mitigate a wide range of complex legal and compliance risks.

Complementing his investigations and dispute resolution practice, Ben has a broad-based compliance advisory practice, helping clients proactively manage compliance risk in areas including anti-corruption, trade controls, anti-money laundering, fraud, and data privacy.

Ben represents corporate and individuals clients in a wide range of investigations and disputes, including:

  • Investigations under the U.S. Foreign Corrupt Practices Act (“FCPA”).
  • Investigations into anti-money laundering, financial crimes, anti-terrorism, and sanctions and export control issues.
  • Securities fraud and accounting matters.
  • Board investigations and shareholder litigation.
  • Insurance recovery.

Ben also regularly advises clients on a range of regulatory compliance and corporate governance issues. His compliance advisory practice includes:

  • Performing risk and compliance program assessments.
  • Leading compliance reviews on business partners and assisting companies with third-party risk management processes.
  • Conducting forensic accounting reviews and testing and enhancing financial controls.
  • Advising on market entry, cross-border transactions, and pre-acquisition diligence and post-acquisition integration.
  • Assisting companies in designing, implementing, and maintaining best-in-class compliance programs.

In recent years, Ben has steered a number of clients to successful resolutions and declinations in complex FCPA and corporate fraud matters with the U.S. Department of Justice and Securities Exchange Commission. In his advisory practice, Ben has served as lead compliance counsel on a number of major M&A and investment transactions. He has developed special expertise assisting clients in leveraging technology in their compliance programs, including assisting one of the world’s largest consumer goods companies in the design and implementation of an award-winning compliance data analytics and monitoring system.

Ben has been described by the Chief Compliance Officer of one of his clients as “[a]n outstanding senior lawyer and advisor,” and “a guiding light for all things compliance advisory in Africa,” whose “advice is crystal clear, covers all angles and is business friendly.”

Photo of Jennifer Saperstein Jennifer Saperstein

Co-chair of Covington’s Anti-Corruption practice, Jennifer Saperstein is an experienced compliance counselor who advises clients on anti-corruption, anti-bribery, and ethics issues. She is also a key member of the firm’s Institutional Culture and Social Responsibility practice.

Named a Compliance “Rising Star” by Law360…

Co-chair of Covington’s Anti-Corruption practice, Jennifer Saperstein is an experienced compliance counselor who advises clients on anti-corruption, anti-bribery, and ethics issues. She is also a key member of the firm’s Institutional Culture and Social Responsibility practice.

Named a Compliance “Rising Star” by Law360, Jennifer frequently conducts risk assessments and compliance program assessments, and develops anti-corruption compliance programs for clients across a wide range of industries. She has particular experience implementing technology-based solutions to enhance compliance programs, including the use of data analytics and systems for third party management. As part of her practice, Jennifer regularly assists companies with anti-corruption due diligence and compliance integration in connection with acquisitions, asset purchases, joint ventures, and other investment transactions. Jennifer also leads cross-cutting compliance projects to help companies build and improve their compliance programs across areas of regulatory expertise, bringing together teams of regulatory experts to provide integrated advice and implement compliance program best practices.

Drawing on her experience conducting risk and compliance program assessments, Jennifer advises clients in matters involving institutional culture and social responsibility. In recent years, she has assisted boards committees and management of large institutions in conducting complex investigations regarding institutional racism and diversity, equity, and inclusion (DEI) practices. She is often called upon to assist with investigations of misconduct, workplace culture assessments, and civil rights audits.

Jennifer has been described by the Chief Compliance Officer at one of her Fortune 500 clients as “the rare outside counsel who really understands what it is like to work in-house at a company where we have to balance risk with business needs.”

Photo of Noam Kutler Noam Kutler

Noam Kutler specializes in representing companies and individuals in complex cross-border investigations involving the U.S. Department of Justice, the Securities and Exchange Commission, Inspectors General, and other federal and state regulators.

He has helped guide numerous clients to successful resolutions of inquiries involving…

Noam Kutler specializes in representing companies and individuals in complex cross-border investigations involving the U.S. Department of Justice, the Securities and Exchange Commission, Inspectors General, and other federal and state regulators.

He has helped guide numerous clients to successful resolutions of inquiries involving allegations of fraud, financial irregularities, violations of the Foreign Corrupt Practices Act (FCPA), and the False Claims Act (FCA). He often leads investigative efforts in parallel with advising companies on comprehensive compliance reviews and remedial actions.

Noam has represented companies and individuals in both federal and state court. In these matters, he regularly has lead responsibility over a variety of substantive areas including:

  • questions of privilege;
  • jurisdiction;
  • enforcement of subpoenas;
  • document preservation; and
  • the application of various criminal statutes.

He has also advised companies in the lead up to and in the midst of compliance monitorships, and is regularly called upon to help negotiate sensitive issues on behalf of his clients.