Skip to content
Photo of Benjamin Haley

Benjamin Haley

Ben Haley leads the firm's White Collar and Anti-Corruption Practice in the Middle East and Africa and is a chair of the firm's broader Africa Practice. With deep experience representing clients before regulators in high-profile white collar and disputes matters and a history operating on the ground in emerging markets, he helps clients assess and mitigate a wide range of complex legal and compliance risks.

Complementing his investigations and dispute resolution practice, Ben has a broad-based compliance advisory practice, helping clients proactively manage compliance risk in areas including anti-corruption, trade controls, anti-money laundering, fraud, and data privacy.

Ben represents corporate and individuals clients in a wide range of investigations and disputes, including:

Investigations under the U.S. Foreign Corrupt Practices Act (“FCPA”).
Investigations into anti-money laundering, financial crimes, anti-terrorism, and sanctions and export control issues.
Securities fraud and accounting matters.
Board investigations and shareholder litigation.
Insurance recovery.

Ben also regularly advises clients on a range of regulatory compliance and corporate governance issues. His compliance advisory practice includes:

Performing risk and compliance program assessments.
Leading compliance reviews on business partners and assisting companies with third-party risk management processes.
Conducting forensic accounting reviews and testing and enhancing financial controls.
Advising on market entry, cross-border transactions, and pre-acquisition diligence and post-acquisition integration.
Assisting companies in designing, implementing, and maintaining best-in-class compliance programs.

In recent years, Ben has steered a number of clients to successful resolutions and declinations in complex FCPA and corporate fraud matters with the U.S. Department of Justice and Securities Exchange Commission. In his advisory practice, Ben has served as lead compliance counsel on a number of major M&A and investment transactions. He has developed special expertise assisting clients in leveraging technology in their compliance programs, including assisting one of the world's largest consumer goods companies in the design and implementation of an award-winning compliance data analytics and monitoring system.

Ben has been described by the Chief Compliance Officer of one of his clients as “[a]n outstanding senior lawyer and advisor,” and “a guiding light for all things compliance advisory in Africa,” whose “advice is crystal clear, covers all angles and is business friendly.”

Contact:Read more about Benjamin HaleyEmail

Kenya has released its first National Artificial Intelligence Strategy (2025–2030), a landmark document on the continent that sets out a government-led vision for ethical, inclusive, and innovation-driven AI adoption. Framed as a foundational step in the country’s digital transformation agenda, the strategy articulates policy ambitions that will be of interest to global companies developing, deploying, or investing in AI technologies across Africa.

While the strategy is explicitly domestic in focus, its framing—and the architecture of its governance, infrastructure, and data pillars—reflects a broader trend, i.e., the localization of global AI governance norms in high-growth, emerging markets.

What the Strategy Means for Global Technology Governance

The strategy touches on several themes that intersect with enterprise risk, product development, and regulatory foresight for multinationals:

  • Data governance and sovereignty: Kenya signals a strong intent to develop AI within national parameters, grounded in local data ecosystems. The strategy explicitly references data privacy, cybersecurity, and ethics as core enablers of the AI ecosystem. For global companies with cloud-based models or cross-border data transfer frameworks, these developments may signal localization pressures or evolving consent standards.
  • Sector-specific use cases: Healthcare, agriculture, financial services, and public administration are named as strategic AI priorities. Companies operating in the life sciences, health tech, or diagnostics space should watch closely for how regulatory authorities may interpret and apply ethical or risk-based AI guidelines—especially where AI is used in clinical decision-making, diagnostics, or personalized medicine.
  • Public-private AI infrastructure development: The strategy envisages expanded digital infrastructure, data centers, and cloud resources, as well as national research hubs. This may create commercial opportunities—but could also trigger localization requirements or procurement-related restrictions, particularly for telecommunications and hyperscale cloud providers.
  • Future legal frameworks: The current strategy is not itself a binding legal instrument, but it points to future policy development—especially around governance, regulatory oversight, and risk classification of AI systems. Teams advising on AI risk, litigation exposure, and AI-assisted products (including generative tools) will want to track the next wave of draft legislation and implementation guidance.

Continue Reading Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in Africa

The Information Regulator recently published its Guidance Note on Direct Marketing (“Guidance Note”), providing clarity on how personal information can be lawfully processed under the Protection of Personal Information Act (“POPIA”). The Guidance Note offers actionable steps for organizations to align their marketing practices with these principles, fostering responsible marketing that complies with both the letter and spirit of the law.

In this blog, we briefly examine POPIA’s rules on direct marketing, and some of the key highlights from the Guidance Note.

How Direct Marketing is Regulated under POPIA

POPIA regulates direct marketing by establishing strict conditions for the lawful processing of personal information. It requires “responsible parties” (more commonly known as ‘controllers’) to ensure that personal data is collected and used transparently, fairly, and only for a specific, legitimate purpose.

For direct marketing:

  • Consent is the default requirement for unsolicited electronic communications (e.g., emails, SMSs, and automated calls). Section 69 of POPIA explicitly prohibits such communications unless the data subject has given prior consent or is an existing customer under specific conditions.
  • Legitimate interests may only serve as a justification for non-electronic direct marketing (e.g., postal mail or in-person promotions) under section 11, provided the responsible party conducts a legitimate interest assessment and complies with all conditions for lawful processing.

These rules emphasize data subjects’ control over their personal information, highlighting the importance of consent and the right to object.Continue Reading Long-Awaited POPIA Guidance on Direct Marketing Published by South Africa’s Information Regulator

October 17, 2023, Covington Alert

What You Need to Know

  • On October 4, 2023, Deputy Attorney General Lisa Monaco provided new and expanded policy guidance on corporate criminal enforcement, announcing a new Mergers and Acquisitions Safe Harbor Policy (“Safe Harbor Policy”).
  • The Safe Harbor Policy provides acquiring companies an opportunity to avoid criminal charges if they voluntarily self-disclose misconduct at acquired companies within six months of a merger or acquisition (“M&A”), fully cooperate in any DOJ investigation, engage in timely and appropriate remediation within one year of the transaction closing date, and pay restitution or disgorgement, as appropriate.
  • The Safe Harbor Policy—which we expect will be formalized in writing and incorporated into the Justice Manual—appears to draw heavily on policies and guidance from the Criminal Division dating back to 2008, but that will now be formalized, clarified, and applied across the Department, with different parts of the Department “tailor[ing] its application . . . to fit their specific enforcement regime.”
  • As with all of the Department’s recent policy announcements concerning the benefits of voluntary disclosure, significant questions remain. We discuss some of those below, and we will be watching to see how DOJ applies the Safe Harbor Policy in practice. At a minimum, however, companies should ensure that their pre- and post-closing diligence and integration processes are designed to quickly identify legacy or ongoing misconduct at acquired companies so that they may have an opportunity to consider the expected benefits and burdens associated with a voluntary disclosure under the Safe Harbor Policy.
  • In addition to announcing the Safe Harbor Policy, Deputy Attorney General Monaco noted a “dramatic” expansion in national security enforcement, new enforcement tools that the Department is deploying, continued focus on incentivizing companies to seek compensation clawbacks from individual wrongdoers, and even more policy changes to come. Deputy Attorney General Monaco’s announcement follows recent shifts in enforcement remedies sought by the Department, such as divestiture in certain criminal antitrust cases—an unprecedented remedial measure.

Continue Reading DOJ Provides Further Voluntary Disclosure Incentives, This Time Linked to M&A Transactions, and Signals Other Areas of Focus

Our Africa Anti-Corruption Practice has previously outlined key considerations for handling internal investigations and remediation of compliance issues in Africa.  Here, we take a closer look at a particular aspect of remediation, the root cause analysis.  After the dust settles on an investigation identifying misconduct, a root cause analysis can
Continue Reading Africa Compliance Minute Series – Getting to the Root of the Problem: Considerations for Conducting an Effective Root Cause Analysis

In Episode 12 of our Inside Privacy Audiocast, together with special guest Advocate Pansy Tlakula, Chairperson of the Information Regulator of South Africa, we discussed the Information Regulator’s mandate, and the implementation of data protection legislation in South Africa.  Now, with less than a month to go before South Africa’s


Continue Reading Final Countdown to POPIA Compliance – Five Critical Steps to Take Before July 1st, 2021

Can African governments head off a sustained spike in the spread of COVID-19 and recover economically in 2021? How will the Biden administration engage the continent? Will companies implement more effective due diligence efforts in their supply chains to prevent human rights abuses? What impact will efforts to battle corruption


Continue Reading Top Issues to Watch in Africa: 2021


Continue Reading Africa Compliance Minute Series – What Does DOJ’s Recent Guidance on Compliance Programs Mean for Companies Operating in Africa?


Continue Reading Africa Compliance Minute Series – Acting Early to Save You Later: The Importance of Taking Corrective Action During the Course of an Investigation

 With African governments increasingly taking strong actions to impede the spread of the COVID-19 virus – including in a number of jurisdictions, imposing full lockdowns – we are able to provide assistance to our clients, financial institutions, developmental finance organizations, companies and organizations on the continent. We are available to


Continue Reading Covington’s Ability to Help Respond to the COVID-19 Pandemic in Africa

In Part 2 of our business and human rights series to mark World Human Rights Day, we discuss the increasing recognition of the linkages between human rights abuses and corruption, and how companies can find efficiencies in their efforts to address these overlapping risks.

Corruption and adverse human rights impacts
Continue Reading Corruption and Human Rights: Inextricably Linked