Ericsson announced Wednesday the Department of Justice determined the Swedish telecommunications company breached its obligations under a 2019 deferred prosecution agreement (DPA) for a second time.

Ericsson’s disclosure followed media reports regarding a leaked internal investigation report, obtained by the International Consortium of Investigative Journalists, pointing to evidence the company engaged in a “pattern of bribery and corruption” with terrorist group ISIS.

Ericsson last month confirmed it uncovered evidence of “corruption-related misconduct” that occurred in its Iraq operations between 2011 and 2019. According to the company, it first recognized the potential for compliance failures in Iraq in 2018, when “unusual expense claims” triggered a review about potential breaches of its code of business ethics.

DPA breaches: On Tuesday, the Department of Justice informed Ericsson the “disclosure made by the company prior to the DPA about its internal investigation into conduct in Iraq in the period 2011 until 2019 was insufficient,” the company stated. “Furthermore, it determined that the company breached the DPA by failing to make subsequent disclosure related to the investigation post-DPA.”

“At this stage, it is premature to predict the outcome of this matter,” Ericsson added. The company said it is in communication with the Justice Department “regarding the facts and circumstances of the breach determination and is committed to cooperating.”

This is the second time Ericsson has made such a statement, after the company in October disclosed the Justice Department determined it breached its DPA “by failing to provide certain documents and factual information.”

Case background: In December 2019, Ericsson entered a $1 billion settlement with U.S. authorities to resolve a long-running investigation into violations of the Foreign Corrupt Practices Act (FCPA). According to Ericsson’s admissions at the time, beginning in 2000 and continuing until 2016, the company conspired with others to violate the FCPA by engaging in a longstanding scheme to pay bribes, falsify books and records, and fail to implement reasonable internal accounting controls.

As part of its DPA, Ericsson agreed to an independent compliance monitor for a period of three years. That monitorship remains in effect.

In its latest response, the company stated, “Based on our current review, we believe the situation described in the media reports on the conduct of Ericsson employees, vendors, and suppliers in Iraq going back to 2011 is covered by Ericsson’s 2019 internal investigation.”

Ethics and compliance enhancements: In January 2020, Ericsson described in a regulatory filing how it has enhanced its ethics and compliance program—investments that “enabled us to identify and investigate the misconduct in Iraq,” the company stated this week.

During its internal investigation, Ericsson said at the time it identified breaches of its code of business ethics and the FCPA in six countries: China, Djibouti, Indonesia, Kuwait, Saudi Arabia, and Vietnam.

“The investigation could not identify that any Ericsson employee was directly involved in financing terrorist organizations,” Ericsson stated. It added that, based on its current assessment, “we do not believe [the media reports] change this conclusion.”

Following its investigation, Ericsson said it terminated several employees and took other disciplinary and remedial actions, including “closing gaps in our internal processes in the region and incorporating lessons from the investigation into our ethics and compliance program.”

Further, Ericsson said it terminated several third-party relationships and “prioritized the Iraq country business for enhanced training and awareness activities, policies and procedures, and third-party management processes.”