Compliance lessons from VimpelCom

Ethics, compliance, and audit executives have yet another real-life bribery case to add to their growing library of epic anti-corruption compliance failures—this one resulting in the sixth largest Foreign Corrupt Practices Act enforcement action of all time.

The latest poster child: Amsterdam-based telecommunications company VimpelCom and its wholly owned Uzbek subsidiary, Unitel, which entered into resolutions with the U.S. government agencies last month and agreed to pay more than $795 million in total fines and penalties.

According to the companies’ admissions, VimpelCom and Unitel, through various executives and employees, paid bribes to an Uzbek government official to enter and continue operating in the Uzbek telecommunications market. The companies structured and concealed the bribes through various payments to a shell company that certain VimpelCom and Unitel management knew was beneficially owned by the foreign official. In total, VimpelCom paid more than $114 million in bribery payments between 2006 and 2012.

If companies take only one lesson from VimpelCom’s FCPA enforcement action, it’s the importance of implementing robust internal controls. “This case demonstrates a failure of internal controls at every turn,” says Ryan Rohlfsen, a partner in the government enforcement group of Ropes & Gray. “The failure of adequate internal controls was a key component in allowing the conduct to occur and flourish.”

To be clear, this is a case of blatant disregard of anti-corruption laws. Rather than choose to implement and enforce an effective anti-corruption compliance program, certain VimpelCom executives sought ways to circumvent controls to conduct corrupt business transactions. “The wrongdoing, which we deeply regret, is unacceptable,” VimpelCom Chief Executive Officer Jean-Yves Charlier, said in a statement in response to the settlement.

“This type of intentional conduct can circumvent even the best anti-corruption internal controls, but the most effective compliance programs are risk-based and compliance dollars are best spent related to business in higher-risk countries or where contracts and interactions involve foreign officials,” says Andrew Mohraz, a partner with law firm Bryan Cave. “A compliance program should have tailored policies and procedures related to the consideration, retention, and monitoring of third-party consultants and agents, which seemed to be lacking in this case.”

“This case demonstrates a failure of internal controls at every turn.”
Ryan Rohlfsen, Partner, Ropes & Gray

Most concerning is that VimpelCom’s finance committee and board of directors reviewed and approved financial transactions without proper diligence and supervision, despite having expressed concerns about the structure of the deal and potential FCPA issues. Although certain senior executives and management withheld material information concerning the $114 million in bribe payments made to the shell company, the board and outside counsel nonetheless failed to properly identify and verify the beneficial owner of that shell company.

“This issue highlights the need to conduct appropriate due diligence to avoid these issues in the first place,” says Rohlfsen. “Particularly in evaluating significant business opportunities, boards should seek to ensure that management—and its advisers—have vetted and considered these issues.”

Overall, the case sends a clear message about “the critical role that compliance, legal, and audit can play in preventing and detecting illegal conduct,” Rohlfsen adds. “Not only can up-front diligence and review flag possible issues for boards and audit committees, but also follow-up monitoring and auditing can help further help ensure that company funds are being spent lawfully and appropriately.”

Cooperation credit

Once VimpelCom caught wind of the Justice Department’s investigation—and only until that point—did they acknowledge the wrongdoing and agree to “promptly resolve their criminal liability on an expedited basis.” Despite VimpelCom’s disregard of anti-corruption laws, these actions were enough to get the Justice Department to reduce the fine by 45 percent from the bottom of the U.S. Sentencing Guidelines range.

Specifically, VimpelCom received a 25 percent reduction for its full cooperation, and an additional 20 percent reduction for its “prompt acknowledgement of wrongdoing and willingness to resolve its criminal liability on an expedited basis,” according to the deferred prosecution agreement.

The end result was a $460.3 million criminal penalty, instead of the recommended Sentencing Guidelines range of between $836 million and $1.67 billion. VimpelCom would have received more significant credit, the Justice Department said, had they voluntarily self-disclosed the misconduct following the results of their internal investigation. By the Justice Department continuing to provide greater transparency in the way it calculates penalty amounts, other companies can better predict the monetary outcome of their own FCPA investigations.

THE CORRUPTION SCHEME

Below is an excerpt of the Justice Department’s complaint against Unitel, describing the corruption scheme.
VimpelCom Corruptly Entered the Uzbek Market in 2005 and 2006 14. In 2005, as part of a plan of expansion into the CIS region, VimpelCom sought to acquire an Uzbek telecommunications company. Two companies under consideration for acquisition were Unitel LLC, the second largest operator in Uzbekistan with approximately 300,000 subscribers, and Buztel, which was a much smaller operator with only 2,500 subscribers. Although there was a sound business case for purchasing Unitel LLC alone, VimpelCom ultimately purchased Buztel, as well. Certain VimpelCom management knew that Foreign Official held an indirect interest in Buztel, and that purchasing Buztel would ensure foreign official’s support for VimpelCom’s entry into the Uzbek telecommunications market
As reflected in the minutes of a December13, 2005 VimpelCom finance committee meeting, certain  VimpelCom management explained that “due to certain political reasons (and this message should be taken by us as is), Buztel should be considered as an entry ticket into [the] Uzbekistan market and the buyer of Buztel would be considered a preferred buyer of Unitel.” Certain VimpelCom management explained that it was “more important to follow the political requirements suggested for entry into the market versus [the] questionable risk of acquisition of Unitel as [a] standalone” and VimpelCom would be “in opposition to a very powerful opponent and bring [the] threat of revocation of licenses after the acquisition of Unitel [as a] stand-alone.
According to minutes of  the  meeting,  a  VimpelCom  finance committee member questioned the wisdom of purchasing Buztel when Unitel LLC was of a size sufficient for nation-wide coverage and when the $60 million purchase price for Buztel could be better spent developing Unitel LLC's network. The minutes reflect that same member also “expressed concern on the structure of the deal and FCP A issues” and noted “that if [VimpelCom] goes into this deal under this structure and if the structure violates the FCPA picture, [VimpelCom’s] name could be damaged.
The finance committee voted to move forward with the acquisition process with the understanding that VimpelCom’s board should consider whether to “enter Uzbekistan through acquisitions of both Buztel (as a condition of entry into the market) and Unitel, ... provided, however, that all issues related to FCPA should be resolved” or “to bid for Unitel only with understanding that potentially it may be more expensive and is connected with risks of business development without [the] local partner.”
Source: Justice Department

In addition to its cooperation efforts, VimpelCom said it has significantly strengthened its internal controls and compliance efforts, including terminating the officers and employees “who were complicit in the unlawful payments or otherwise failed their responsibilities,” the DPA stated.

Additionally, since the launch of the investigation, VimpelCom said it has substantially upgraded its anti-corruption compliance program and has retained new leaders of its legal, compliance, and financial gatekeeper functions, including the appointment of a new group chief compliance officer. “We have taken, and will continue to take, strong measures to embed a culture of integrity across the group,” VimpelCom CEO Charlier said.

Global collaboration

The VimpelCom resolution is yet another stark example of how large-scale investigations into bribery and corruption are increasingly a multinational affair, involving law enforcement authorities from around the world. The VimpelCom FCPA resolution, in particular, is “one of the most significant coordinated international and multi-agency resolutions in the history of the FCPA,” Assistant Attorney General Leslie Caldwell said in a statement.

“In recent years, U.S. enforcement officials have been building and enhancing relationships with their counterparts across the globe,” Mohraz says. “Those relationships were significant contributors to the VimpelCom resolution and will continue to bear fruit in future corruption investigations.”

One significant aspect of this case was the “extensive cooperation on asset forfeiture, particularly of involved individuals,” says Rohlfsen. “This shows an increased focus on individuals and concrete actions against not only bribe payers, but also the recipients.”

In addition to the settlement amount, for example, the Justice Department also has filed two civil complaints seeking a total of $850 million in forfeiture. The assets sought to be forfeited are currently located in accounts in Switzerland, Belgium, Luxembourg, and Ireland. 

In addition to enforcement authorities from around the world collaborating more on corruption investigations, the Internal Revenue Service-Criminal Investigation (IRS-CI) unit is increasingly playing a role, as well. In this case, VimpelCom and Unitel’s admission of guilt “demonstrates the skill and tenacity of IRS Criminal Investigation special agents when it comes to delving underneath layers of financial transactions designed to conceal illegal payments for gain,” Chief Richard Weber of the IRS-CI said in a statement.

“IRS-CI pledges to continue our efforts on the international stage to stop corrupt financial schemes such as this one,” Weber added. The $223 million FCPA settlement that Alcoa World Alumina reached with the government in 2014 is another prominent example where the IRS-CI played a prominent role.

The aftermath of VimpelCom’s actions are not over yet, as this is yet one more example of deliberate misconduct that could—and should—drive the Justice Department to follow through on its new promises to prosecute individuals more vigorously under the Yates Memo.

“The Justice Department held no punches here in criticizing VimpelCom management for withholding from outside counsel relevant information about the company’s FCPA risk,” says Mohraz. “It’s a matter of time until we know more facts about the actions by executives and the full scope of liability.”