Whether you work in your company’s Fraud, Assurance, Compliance or Legal department you’ll benefit from looking into this latest chapter of the Ericsson bribery saga, especially if you think it couldn’t happen to you.
In 2017, I wrote about Ericsson’s record of bribery around the world from 2000 to 2016, and in “Ericsson Bribery Part 2” I noted the steps Ericsson had taken towards building an anti-bribery culture and related compliance regime.
In December 2019, the US Securities and Exchange Commission (SEC) announced that Ericsson had signed a deferred-prosecution agreement and paid the SEC and Department of Justice (DoJ) penalties of over USD1bn in relation to allegations from 2011 to 2017.
The Leak
Since Ericsson had implemented international anti-bribery standards and replaced the CEO who oversaw the corruption, I thought the deferred-prosecution agreement was the end of the story, so I was disappointed when I saw this Ericsson press release from 8th February 2022:
Ericsson has received questions from media regarding past compliance related matters in Iraq. It appears media will focus on the conduct of business in unstable regions where terrorist organizations and corruption are present and employees’ safety may be at risk.
In 2019, Ericsson conducted an internal investigation, under its own initiative. This investigation, that was conducted together with external counsel, related to compliance concerns about the Company’s business in Iraq. The investigation, which focused on the conduct of Ericsson employees, vendors and suppliers, sought to determine whether breaches of the Company’s Code of Business Ethics had occurred. The investigation concluded in late 2019. In response to identified issues, the Company undertook personnel and process remediation.
As a result of the media inquiries, we are reviewing our investigation and will compare with information presented by media. If new information emerges, the Company will take further action.
In order to be transparent, Ericsson has chosen to disclose this information. As of now, we will not be able to provide further public comment on this matter.
This immediately raised the question of whether the Iraq activity was covered by the deferred-prosecution agreement and, if not, has the investigation been disclosed to the SEC and DoJ? After receiving a letter with detailed questions from the International Consortium of Investigative Journalists (ICIJ) and its media partners, Ericsson changed its position, decided it would be able to provide further comment and, on 15th February, published an updated, and more forthcoming press release which provides some background to its issues in Iraq:
Unusual expense claims in Iraq, dating back to 2018, triggered a review that uncovered compliance concerns about breaches of the company’s Code of Business Ethics. Investigations of these concerns led to a subsequent and detailed internal investigation that was undertaken by Ericsson in 2019, supported by external legal counsel.
The investigation included the conduct of Ericsson employees, vendors and suppliers in Iraq during the period 2011-2019. It found serious breaches of compliance rules and the Code of Business Ethics. It identified evidence of corruption-related misconduct, including: Making a monetary donation without a clear beneficiary; paying a supplier for work without a defined scope and documentation; using suppliers to make cash payments; funding inappropriate travel and expenses; and improper use of sales agents and consultants. In addition, it found violations of Ericsson’s internal financial controls; conflicts of interest; non-compliance with tax laws; and obstruction of the investigation.
The investigating team also identified payments to intermediaries and the use of alternate transport routes in connection with circumventing Iraqi Customs, at a time when terrorist organizations, including ISIS, controlled some transport routes. Investigators could not determine the ultimate recipients of these payments. Payment schemes and cash transactions that potentially created the risk of money laundering were also identified.
Ericsson invested significant time and resources to understand these matters. The investigation could not identify that any Ericsson employee was directly involved in financing terrorist organizations.
As a result of the investigation, several employees were exited from the company and multiple other disciplinary and other remedial actions were taken. This included closing gaps in our internal processes in the region and incorporating lessons from the investigation into our ethics and compliance program.
Furthermore, Ericsson terminated a number of third-party relationships and prioritized the Iraq country business for enhanced training and awareness activities, policies and procedures, and third-party management processes.
Ericsson is continuing to work with external counsel to review the findings and remediation resulting from the 2019 investigation to identify any additional measures that the company should take.
Extensive media coverage of this story, including Ericsson’s apparent admission that it may have paid money to terrorists, drove down the share price and wiped USD4.4bn from its market valuation. On the same day, the International Consortium of Investigative Journalists (ICIJ) posted its own press release, stating that Ericsson had not addressed specific questions put by its journalists and that ICIJ and its partners would publish its findings soon…
On 27th February, ICIJ published its ‘Ericsson List’, in which it provides details from Ericsson’s investigation report, compiled after reviewing millions of emails and interviewing current and former Ericsson employees and suppliers. To give you a flavour, it includes:
- USD90mn paid to an Iraqi middle-man between 2013 and 2018. Ericsson’s report states that substantial portions were used to pay bribes or flowed into foreign accounts whose ownership was unknown.
- USD500,000 raised with false purchase orders for ‘warehouse security’ but used to make a ‘commission payment’ to a telco chairman.
- USD5mn paid to the middle-man’s ‘sister company’ in Jordan. It was reported that the sister company provided fake registration details and was secretly owned by an old school friend of the middle-man. The investigators were unable to identify the ultimate beneficiary for this money.
- USD171,000 paid to militant groups to provide safe passage for trucks carrying Ericsson equipment through ISIS areas. The route, nicknamed ‘The Speedway’, avoided Iraqi customs. An Ericsson contractor arranged the payments, which were made in cash.
- USD181,000 raised by a scrappage scheme which sold decommissioned cell site equipment. The report states that the spend covered ‘hotels, dinners, bonuses for contractors, parties, personal expenses, taxis and miscellaneous expenses. This process does not follow any of the four Ericsson routines for handling cash’.
- USD2mn paid to a ‘business intelligence’ consultant with no clear role.
- USD98,000 paid for travel, gifts, entertainment and pocket money for 10 Iraqi Ministry of Defence staff during contract negotiations in 2014. The report states ‘Offering pocket money and payment of travel costs is a breach of the Ericsson Anti-Corruption Group Directive dated December 2012’.
ICIJ reports that the largest leaked report was prepared by Ericsson with the assistance of a U.S. law firm and includes interviews with 28 witnesses and a review of 22.5 million emails and 4 terabytes of documents covering the period from 2011 to 2019. The leaked documents appear to reveal that, as Ericsson was entering into a deferred-prosecution agreement with the U.S. Department of Justice, the company was investigating allegations of further wrongdoing in more than a dozen other countries, which suggests that Ericsson corruption and wrongdoing covered more years and more countries than previously disclosed.
Too Many Questions
So, is the reported Iraq activity covered by the deferred-prosecution agreement and, if not, has the investigation been disclosed to the SEC and DoJ? Nobody’s talking. When ICIJ asked about Ericsson, the SEC and DoJ declined to comment. Ericsson CEO Borje Ekholm is reported as saying that the previous settlement agreement limits Ericsson’s ability to comment.
The Billion Dollar Question
Since Ericsson hasn’t disputed their existence or content, I’m assuming the leaked documents are genuine. I also assume that the conclusions are accepted by the company, since it commissioned these investigations. If the Iraq activity was covered by the deferred-prosecution agreement, I would expect the SEC to say so and end damaging market speculation. SEC hasn’t said that Ericsson has disclosed matters covered by the agreement and it hasn’t said that Ericsson disclosed matters that were not material; it remains silent. If the Iraq activity is not covered, it would be reasonable to expect further penalties. The next issue is whether the previous billion dollar penalty took advantage of any credits under the DoJ fine sentencing guidelines. These include credits for:
- Voluntary self-disclosure
- Full co-operation
- Timely and appropriate remediation
Credits of up to 50% were available, but it was necessary to qualify on all three criteria to obtain the maximum credit. If Ericsson received credit previously for ‘full co-operation’ and is shown to have withheld relevant information, that credit may be cancelled and the original penalties increased, in addition to any penalties which may be applied for any new or undisclosed corrupt activity.
What Was the Monitor Doing?
SEC’s 2019 press release notes that:
Ericsson has agreed to pay more than $1 billion to the SEC and the U.S. Department of Justice and to install an independent compliance monitor.
It goes on to say that:
The remedial measures required by our settlement, including the appointment of an independent compliance monitor, reflect the Commission’s commitment to preventing these serious violations of our laws.
My understanding of this arrangement is that the monitor is appointed or approved by the SEC, but paid for by the subject, Ericsson. The agreement required Ericsson to retain an independent compliance monitor for at least three years and an Ericsson press release in June 2020 states:
The monitor’s main responsibilities include reviewing Ericsson’s compliance with the terms of the settlement and evaluating the Company’s progress in implementing and operating its enhanced compliance program and accompanying controls as well as providing recommendations for improvements.
What do you think – has Ericsson complied with the terms of the settlement? If the SEC is so committed to “preventing these serious violations of our laws”, why didn’t the monitor detect and disclose the further suspicious activity? Did the monitor know about the compliance issues in Iraq? If they did know, did they report them to SEC? If they didn’t know, are there other issues they have failed to identify?
Did the CEO Know?
Ericsson appointed Borje Ekholm as CEO in October 2016. He wasn’t accountable for the deferred-prosecution activity, which occurred during the tenure of the previous CEO, but he is accountable for Iraq. Ekholm was brought in to turn the company around and it now appears that Ericsson’s corporate culture might be the hardest part of the job. In an interview with the Financial Times, which covered Iraq, Ekholm talks of encountering ‘watermelon KPIs’ when he first took over, which were ‘green on the outside, and red on the inside’. In other words, bad news was being hidden. The Financial Times reports that since he arrived, all Ericsson employees have to complete anti-bribery and corruption training and sign a code of business ethics. He wants to install a ‘speak-up culture’ where staff are unafraid to speak out, about a snag in product development or an issue in compliance.
There is that journey we are going through. I don’t think we’re anywhere near where we want to be. But there are changes such as more robust discussions. We can never get rid of the history. We just need to deal with it as much as we can.
Ekholm was CEO when the deferred-prosecution agreement (covering 2011-2017) was announced by the SEC on 6 December 2019. The leaked investigation report is said to be dated 11 December 2019, less than a week later. Ericsson’s press release admits the Iraq investigation found serious breaches of compliance rules and the Code of Business Ethics during the period 2011-2019.
In October 2021, Ericsson disclosed that it had received correspondence from the DoJ stating that it had breached the terms of the deferred-prosecution agreement by failing to provide certain documents and factual information. Ekholm is reported to have told Swedish journalists the matter was unrelated to Iraq. This suggests the DoJ will be looking into multiple breaches if the Iraq disclosures are supported with evidence.
It seems unlikely to me that the CEO was unaware of the Iraq investigation when the deferred-prosecution agreement was concluded. And, having signed that agreement, don’t you think the SEC and DoJ would expect to be told of further serious breaches of compliance rules? Me too, so I guess we’re both wondering what advice the US lawyers gave to Ericsson.
After its previous admitted violations, I hope that Ericsson investigated the reported corruption and disclosed its findings to the relevant authorities. I hope Ericsson is silent because it has already done the right thing and the authorities are silent because they are assessing the circumstances before making official announcements regarding any changes and/or penalties. I’m also wondering if Ekholm is a speak-up CEO or a watermelon CEO…
Is There More to Come?
Whilst media coverage has focused on the corruption itself, I’ve been more interested in the apparent process failures and Ericsson’s subsequent investigation, remediation and communication (or lack of it). This time, I don’t think it’s the end of the story, as ICIJ also reported that it reviewed two documents which detailed payments made in Lebanon and Portugal in 2020. This sounds like a teaser for more investigations and future disclosures.
There is no substitute for real world corruption examples. If it can happen at Ericsson, it can happen anywhere. ICIJ’s reporting provides numerous excellent learning examples for those who deal with corruption and those who may be held accountable for it. I recommend you review the details and decide how much protection your own risk processes and controls would provide.
