Last week the Justice Department (DOJ) announced a resolution of the long standing Foreign Corrupt Practices Act (FCPA) enforcement action involving Telefonaktiebolaget LM Ericsson (Ericsson), a multinational networking and telecommunications equipment and services company headquartered in Sweden. The matter was stunning in the total amount of fines and penalties assessed, coming in at over $1 billion, consisting of a criminal fine assessed by the DOJ at just over $520 million. Separately, the Securities and Exchange Commission (SEC) assessed profit disgorgement of nearly $540 million. Over the course of this week I have considered the Ericsson FCPA enforcement action. Today, I conclude by reviewing the criminal penalty sustained by Ericsson, its actions during the pendency of the enforcement action which led to a double whammy in its fine calculation and cost the company an additional $95 million above what it could have paid as a criminal penalty.

The documents reference herein consist of the following:

1. DOJ Press Release (Press Release);
2. SEC Complaint against Ericsson (SEC Compliant);
3. DOJ Deferred Prosecution Agreement with Ericsson (DPA);
4. Ericsson Egypt Ltd. Plea Agreement (Ericsson Egypt Plea Agreement);
5. DOJ Superseding Information with Ericsson Egypt (Ericsson Egypt Information); and
6. DOJ Information with Ericsson (Ericsson Information)

Failures in Internal Controls

There was a clear failure in internal control by Ericsson. They were generally classed into one of three categories: (1) ineffective internal controls; (2) lack of controls and (3) management override of internal controls. Management entered into sham consulting agreements. The ineffective internal controls were the authorization of payments to the consultants while knowing or recklessly ignoring red flags which indicated a high probability that at least a portion of these commissions were bribe payments. The lack of controls generally revolved around consultants with which there was no written contract and/or due diligence was not started until almost one year after the contracts were signed.

One of the key lessons for the compliance profession is that the use of basic tech solutions can also be used in conjunction with and as an internal control. Moreover, there were three current tech solutions which almost every company has in place that can act as internal controls and facilitate a best practices compliance program. The first is a contract management system to provide contracting consistency and allowing comparisons of contract terms and conditions. The second is an ERP system, such as SAP or Oracle, for processing payments. This would have allowed information on offshore payments to known money laundering jurisdictions to be routed to the compliance function. It could also have prevented the appending of corrupt third parties to previously approved agents, distributors, joint venture (JV) partners and other third parties which had been properly vetted to do business with Ericsson. The third is an automated business cycle process tech which can be run seamlessly during the pre-contracting process.

FCPA Corporate Enforcement Policy

The DOJ has made clear in numerous enforcement actions in 2019 the benefits of self-disclosure, cooperation and remediation. Ericsson did not avail itself of the full range of credits to reduce its overall fines and penalties. According to the DPA, Ericsson “did not receive full credit for cooperation and remediation pursuant to the FCPA Corporate Enforcement Policy, [citation omitted], because it did not disclose allegations of corruption with respect to two relevant matters, produced certain relevant materials in an untimely manner, and did not timely and fully remediate, including by failing to take adequate disciplinary measures with respect to certain executives and other employees involved in the misconduct”. Unpacked, there are two key areas of failure by Ericsson during the investigation.

First, Ericsson did not self-disclose. Second, the company apparently did not disclose matters involving bribery and corruption that it either uncovered during the investigation or was otherwise aware of during this time frame. Finally, Ericsson also fell short in its remediation and failed to receive full credit for its failure to take disciplinary actions against executives and employees involved in the bribery and corruption at issue. When you realize these same failures are taken into account twice in the penalty assessment phase, you see that through this course of conduct, Ericsson cost itself upwards of an additional $95 million in penalties.

Further, when you read the FCPA Corporate Enforcement Policy, together with the Benczkowski Memo and the Criminal Division’s Evaluation of Corporate Compliance Program, 2019 Guidance, you see not only the roadmap to a lower penalty and greater credit but also a roadmap to avoiding a corporate monitor, of which Ericsson did not avail itself.

Telecom Takes Over

Perhaps the largest lesson is that telecom is now the Number 1 industry for FCPA enforcement actions. Ericsson’s fine and penalty have put them second place in the FCPA Blog’s all-time Top Ten FCPA Enforcements and also Number 2 on the all-time Disgorgement List. But, perhaps more interesting, telecom now has four of the top six of all-time FCPA enforcement actions, as identified below:

2. Telefonaktiebolaget LM Ericsson(Sweden): $1.06 billion in 2019
3. Telia Company AB(Sweden): $965 million in 2017
4. MTS(Russia): $850 million in 2019
5. VimpelCom(Netherlands): $795 million in 2016

Telecom has all the hallmarks of a high-risk industry, with almost all business transactions (other than the sale of phones and accessories) outside the US involving foreign government or state-owned enterprises (SOE). This means if your company is in this industry it needs to start scrubbing its operations which have any government or SOE touchpoints. It is not simply the straight-forward bribery schemes used by Ericsson but also in the area of gifts, travel and entertainment. Living in the top city in the world for FCPA enforcement and working most of my professional life in the industry which experienced the first FCPA-industry sweep, I can attest that government will be looking closely at other telecom companies. Given the steep premium that Ericsson paid for not self-disclosing, not fully cooperating and not fully remediating during the pendency of the enforcement action, this final lesson may be the most lasting.

To read my complete series on the Ericsson FCPA enforcement action, see:

Part 1-Overview

Part 2-The Bribery Schemes

Part 3-Failures in Internal Controls

Part 4-The Double Whammy in Penalties

[View source.]