Last week, telecommunications company VimpelCom was hit with a $397.5 million FCPA enforcement action for a corporation-wide corruption scheme involving conduct in Uzbekistan.
Coming in at nearly $400 million, this settlement is the 5th largest FCPA settlement amount of all time. Leading an unethical organization comes at a high cost.
What went wrong at VimpelCom? Here are the key takeaways from the resolution documents (DOJ):
The company failed to implement a system for conducting, recording, and verifying due diligence on third parties, including joint venture partners, consultants, reseller companies, and suppliers to uncover their true nature, beneficial ownership, and possible corruption risks.
The company knowingly failed to require that all consulting agreements be for bona fide services, that agreed-upon payments were commensurate with the services to be performed, and that services paid for were, in fact, performed.
The company knowingly failed to conduct meaningful auditing or testing of its consultant agreements, invoices, and payments, and failed to conduct adequate investigations of corruption complaints.
The company had no policy regarding payments to bank accounts located in places where the contractual partner neither performed work nor had operations.
The company knowingly failed to implement and maintain adequate controls for approving and transacting with reseller companies and intermediaries to ensure that reseller companies were scrutinized and that single-source contracting decisions were justified.
Company management knowingly failed to implement and maintain adequate controls governing processes concerning conflicts of interest.
The company failed to enforce price thresholds that determined the required level of approval authority, failure to retain documentation of deliverables for contracts, and failure to adequately classify and obtain approvals for purported charitable contributions that were made in exchange for state-provided assets.
The company had severe deficiencies in its general compliance function and its anticorruption compliance policies and procedures.
The company’s only anticorruption policy was encapsulated in two, high-level paragraphs in its code of conduct.
The company did not have a specific anti-corruption policy and training, to the extent it existed at all, was inadequate and ad hoc.
While the magnitude of the VimpelCom enforcement action was not common, in the resolution documents the enforcement agencies spoke to a broader community and the message is this: It’s time to shape up your compliance program; you’ve been warned.
Indeed, the VimpelCom enforcement action was just the latest FCPA enforcement action in an already busy year in enforcement.
Including VimpelCom, in the past two weeks alone there have been four corporate FCPA enforcement actions against companies in diverse industries (telecom, pharma, technology) resulting in approximately $440 million in criminal and civil settlement amounts.
Considering the current enforcement climate, bribery risks should be top of mind in your organization.
After all, the best way to prevent FCPA risk and scrutiny is to lead your organization in building an ethical workplace culture.
This includes engaging compliance training for all employees so that they can spot risk in their specific job functions.
Click to learn how to lower your FCPA risk with
FCPA expert, Professor Mike Koehler.
Have a workplace question for our experts? Leave a comment or email email@example.com!