If compliance officers learn just one lesson from Telia Company following its recent $956 million global bribery settlement, it’s this: Acceptance is the first step to recovery.

As any compliance officer whose company has ever been entangled in a bribery and corruption investigation already knows, most resolutions with authorities begin years before they end. Telia is no exception. Long before the Sweden-based telecommunications company reached a global settlement with U.S. and Dutch authorities and agreed to any financial sanctions, it had already begun its long journey on the road to recovery.

The wrongdoing at issue started in 2007 and continued until at least 2010, over which period senior managers at Telia paid bribes to a government official in Uzbekistan—the daughter of the late Uzbek President Islam Karimov—in exchange for entering the country’s telecommunications market. Telia carried out this scheme by acquiring an existing Uzbek telephone operator, Coscom, in 2007 and providing the government official with a 26 percent ownership stake. Telia and Coscom structured and concealed the bribes through various payments including to a shell company that certain Telia and Coscom management knew was beneficially owned by the foreign official.

Over the course of the scheme, Telia admitted to making at least $330 million in illicit payments—bribes that were approved by Telia senior executives and the board of directors.

But it was not until 2012, when Swedish media brought to light the potential illicit payments, that Swedish authorities began a criminal investigation. Telia, too, opened an internal investigation, enlisting the help of external experts to ensure no stone was left unturned.

Two years later, U.S. and Dutch authorities launched their own investigations into the allegations, “from which time we have worked diligently with authorities across those markets and in Sweden,” Telia President and CEO Johan Dennelind said during a Sept. 22 press conference at its corporate headquarters in Sweden. Ultimately, the U.S. and Dutch authorities concluded that the company’s conduct was in violation of the U.S. Foreign Corrupt Practices Act and Dutch law.

Even before U.S. and Dutch authorities launched investigations, Telia had already started to take remedial actions, beginning in 2013 with the departure of its former chief executive officer, Lars Nyberg, and the establishment of an entirely new board of directors. “Since 2013, the new board and management have worked diligently and responsibly to understand what went wrong, to remedy what has been broken, and to regain trust from all our stakeholders,” Dennelind said.

“What was very important to the outcome of this case, notwithstanding the financial sanction, was the company’s swift response in terms of cleaning house, replacing them with hiring the right people, and implementing a real compliance program that they could demonstrate to the government was effective and robust.”
David Stuart, Partner, Cravath, Swaine & Moore

The Department of Justice said Telia received “significant credit” for its “extensive remedial measures and cooperation.” Besides terminating all individuals involved in the misconduct, Telia has been working to revamp its global compliance program in several significant ways:

Implemented an anti-bribery and anti-corruption (ABAC) compliance program: In 2013, Telia implemented for the first time an ABAC compliance program. The Telia board of directors, group executive management, and chief ethics and compliance officer are responsible for the governance and compliance frameworks required to implement the ABAC compliance program. This program is further supported by a group-wide whistleblowing process and “Speak-Up Line.”

Adopted a risk-based approach: Companies in the Eurasia region, where the bribery occurred, received priority in the execution of independent country, institutional, and operational ABAC risk assessments in 2013 and 2014. In 2015, risk mitigation action plans were formulated and implemented in the Eurasia region, and follow-up self-risk assessments were conducted; in 2016, action plans were updated. Self-risk assessments were also carried out in Sweden and Europe for the first time.

Carried out extensive training: By 2016, over 2,000 Telia employees received ABAC compliance face-to-face training, and over 4,300 completed ABAC e-learning. Furthermore, all country ethics and compliance officers are now required to complete anti-bribery or compliance certification through anti-bribery organization TRACE International or the Society of Corporate Compliance and Ethics. Due diligence experts are encouraged to do the same.

Revamped its corporate governance structure: At Telia, program implementation is the responsibility of local line organizations as well as group functions, with strong support from the ethics and compliance network. This network includes group and regional ethics and compliance officers, as well as coordinators in each local company who act as focal points of contact for other compliance activities, including for due diligence experts in high-risk markets and the group special investigations office, which handles internal investigations concerning potential corruption or fraud.

Third-party due diligence: The purpose of third party due care, according to the company’s ABAC policy, is to enforce its ABAC principles throughout the supply chain and to all third parties it engages with. “Our ABAC policy requires risk-based due diligence on third parties and inclusion of an anti-corruption clause in high-risk engagement contracts,” the policy states.

Negotiating the settlement. Since receiving an initial resolution proposal from the U.S. and Dutch authorities in September 2016, Telia has engaged in constructive discussions with each authority. Through these discussions, Telia was given the opportunity to demonstrate what improvements it had made to its responsible business program, compliance program, and its anti-corruption compliance program, Dennelind said.

Those considerations were recognized and accounted for to the tune of a 25 percent maximum discount off the bottom of the otherwise-applicable U.S. Sentencing Guidelines fine range. Furthermore, the Department of Justice determined that an independent compliance monitor was unnecessary.

Telia on its own continues to enhance its compliance program and internal controls to reduce the risk of future wrongdoing. The company’s goals for 2018 include, for example, ensuring that all employees are aware of its ABAC requirements and are familiar with the channels for reporting concerns and potential violations.

Under the terms of its global resolution, Telia will pay a total of $457,169,977 in disgorgement of profits and prejudgment interest with the SEC, and the SEC agreed to credit any disgorged profits that Telia pays to the Swedish Prosecution Authority (SPA) or the Public Prosecution Service of the Netherlands (Openbaar Ministrie, or OM), up to half of the total.

Additionally, Telia will pay the OM a criminal penalty of $274 million, for a total criminal penalty of $548,603,972, and a total resolution amount of more than $1 billion.  The Department of Justice agreed to credit the criminal penalty paid to the OM as part of its agreement with the company, and the SEC agreed to credit the $40 million in forfeiture paid to the Department of Justice as part of its agreement with the company.  Thus, the combined total amount of criminal and regulatory penalties paid by Telia and Coscom to the U.S., Dutch, and Swedish authorities will be $965,773,949.

The settlement marked “an important day for Telia Company as we come to the closure of a serious and difficult process that has been ongoing for over four years,” Dennelind said. “We are accepting our responsibility for historic wrongdoings. Wrongdoings come with a cost.”

“What was very important to the outcome of this case, notwithstanding the financial sanction, was the company’s swift response in terms of cleaning house, replacing them with the right people, and implementing a real compliance program that they could demonstrate to the government was effective and robust,” says David Stuart, a partner at law firm Cravath, Swaine & Moore and lead U.S. counsel to Telia and its subsidiaries.

Demonstrating to the government the efficacy of Telia’s compliance efforts was achieved, in part, by Telia’s compliance team meeting face-to-face with the Department of Justice and the Securities and Exchange Commission during negotiations. Having the compliance team meet with authorities, answer questions, and show them evidence of the company’s compliance controls and processes working really helped, Stuart says.

“We have accounted for our solid sustainability work and the major cultural changes that have taken place within the company during the last few years, which have been important factors enabling us to have a constructive dialogue and for the outcome of the settlement,” Marie Ehrling, Telia’s board chair, said in a statement. “These changes within the company are also a very important platform for shaping the new Telia Company.”

Aside from being prepared to demonstrate what remedial measures the company has taken, it’s important for other companies that may one day face a criminal investigation to know going into it that the government’s level of preparedness with respect to the facts of a case is “almost always at a really high level,” says Rachel Skaistis, a partner at Cravath who was lead U.S. counsel in the case with Stuart.

Even if the company conducts a thorough internal investigation, reviews millions of pages of documents, and interviews employees, “regulators have a lot of fact-finding tools that the company does not,” Skaistis adds. They can talk to former employees, talk to employees at other companies, serve subpoenas, and much more. The warning here: Don’t think you can pull the wool over their eyes; it’s not going to happen.

The settlement also ends all known corruption-related investigations concerning Telia. “That doesn’t mean we’re free to do whatever we want,” Dennelind said. “If something goes wrong, we may be investigated again.”

During the press conference, Jonas Bengtsson, Telia’s general counsel, said “authorities have confirmed that there are no other investigations in any countries worldwide.”

The settlement comes at a particularly important time as Telia continues to makes a strategic exit out of Eurasia, which is a “work in progress” that started in September 2015, Dennelind said. The company now has its sights sets on the Nordic and Baltics, where it has decided to divest its assets, he said.

Telia’s decision to divest its Eurasia operations brings about another important point for other legal and compliance professionals when engaging with enforcement authorities: “Regular and candid communication is important,” Stuart says. Keeping in touch with authorities, updating them on company matters and developments so that they don’t learn about them for the first time in the press—such as the decision to exit from a certain high-risk region—is very important to building and maintaining credibility and trust with authorities, he says.

A bribery investigation is just the start of a long recovery process that often takes years, and does not stop with the settlement. Dennelind put it best: “We have come a long way to establish a more sustainable company with a strong focus on governance and compliance—but it is a never-ending journey as we aspire to embed this into our culture making sure that all employees understand the importance of doing the right thing all the time. The resolution and related financial sanction … is a painful reminder of what happens if we don’t.”