Ericsson has launched a sweeping review into evidence it uncovered regarding misconduct in Iraq and the subsequent disclosure of those findings after the Department of Justice (DOJ) warned the Swedish telecommunications firm of a second breach of its 2019 deferred prosecution agreement (DPA).

The review, announced Monday, will be led by new Chief Legal Officer Scott Dresser and feature external counsel and the input of the company’s independent compliance monitor as required by its DPA. Dresser, in a conference call with shareholders Tuesday, estimated the timeline of the review to run “a number of months.”

“The most important thing at the moment is that we undertake the review and engage with the DOJ,” Dresser said.

Ericsson last month announced it uncovered evidence of “corruption-related misconduct” that occurred in its Iraq operations between 2011 and 2019. The disclosure came ahead of media reports suggesting the company engaged in a “pattern of bribery and corruption” with terrorist group ISIS.

According to Ericsson, it first recognized the potential for compliance failures in Iraq when “unusual expense claims” dating back to 2018 triggered a review about potential breaches of its code of business ethics. An initial investigation launched in 2019 determined the code was violated.

On March 1, the DOJ informed Ericsson the “disclosure made by the company prior to the DPA about its internal investigation into conduct in Iraq in the period 2011 until 2019 was insufficient,” the company stated. “Furthermore, it determined that the company breached the DPA by failing to make subsequent disclosure related to the investigation post-DPA.”

The DPA was agreed to by Ericsson in December 2019 as part of a $1 billion settlement reached with U.S. authorities.

Since the announcement of the DOJ’s finding, Ericsson has been on damage control, including the hiring of Dresser that became effective Monday. In conducting his review, Dresser vowed full transparency and cooperation with the DOJ as the two sides discuss the issues identified in the breach notice regarding Iraq.

“The question at hand with the DOJ is whether at the time disclosure around the Iraq matter was made sufficiently to them,” he said. “That’s what we’re discussing with them.”

Dresser said it was “too premature to predict any outcomes” regarding potential consequences to come from the DOJ.

Ericsson Chief Executive Börje Ekholm also addressed shareholders Tuesday, acknowledging he instructed the findings of the 2019 investigation to be disclosed to the DOJ. Pressed for details by a shareholder on when the agency was informed, Ekholm declined to comment further.

“I think most companies in a similar situation to us wouldn’t go into the exact details of the internal workings in a company,” he said.

Ericsson Board Chairman Ronnie Leten announced Monday that Ekholm “has the full confidence of the board, not only in regard to driving the company’s performance, but also in regard to the ethical and compliance transformation of the organization, which he continues to lead.”

Ekholm said Tuesday he is confident the company’s ethics and compliance program “has improved dramatically” since the Iraq misconduct took place. Chief Compliance Officer Laurie Waddy echoed that point, saying, “Today we’re in a much better position to prevent reoccurrence but also to more quickly uncover and respond to misconduct when it does occur.”

Waddy said the ethics and compliance team at Ericsson has grown from 21 employees in 2019 to more than 100 currently, with practitioners on the ground in high-risk countries to directly provide guidance to workers in the region. Ericsson has exited more than 250 employees since 2019 for violations of its code of business ethics.

In 2021, the DOJ alerted Ericsson it determined the company violated terms of the DPA the first time for failing to provide certain documents and factual information.