Deloitte last month published its final report reviewing how Norwegian telecommunications company Telenor handled its 33 percent ownership stake in VimpelCom, which reached a $795 million settlement in March with U.S. and Dutch prosecutors for paying bribes to a government official in Uzbekistan.

In its report, Deloitte did not find that any Telenor employees engaged in corrupt activity, but it did uncover internal weaknesses in Telenor.

A central part of the Deloitte report related to Telenor’s handling of a serious matter in 2011, when an employee raised concerns of potential corruption to executives in Telenor and to Telenor nominated board members in VimpelCom. This concern, however, was not shared with Telenor’s then CEO, Jon Fredrik Baksaas, until March 2014 and then to the Telenor board in December 2014.

Based on its observations, Deloitte shared the following learning points that, perhaps, other companies engaged in joint ventures can learn from:

The CEO, as a general policy, should not have the responsibility of being on the board of joint ventures. When critical events occur in a joint venture that could have material adverse effects to Telenor, the VimpelCom case shows how challenging it is for a CEO of Telenor to be on a board of a listed joint venture. Not only does this create such a situation a significant challenge for the CEO in handling confidential issues and conflict of interest matters, but also creates challenging issues for individuals and bodies in Telenor that are tasked with monitoring and oversight responsibilities.

It’s important that Telenor employees being nominated by Telenor as board members on significant joint ventures are provided with the necessary support in order to carry out their board duties, according to the report. The support structure needs to be organized in such a manner, however, that individuals are not faced with challenging confidentiality issues and potential conflict of interest issues. Telenor has already implemented measures to deal with this issue.

When critical events in a joint venture with potential material adverse effects to Telenor occur, the CEO should have the ability to make decisions and take actions based on the collective knowledge of relevant individuals. If not, decisions and actions with unexpected material adverse effects may be taken, that subsequently cannot be justified by pointing to confidentiality issues within a management team.

How this should be managed depends on the facts and circumstances and needs to be evaluated on a case-by-case basis. “Education, including case scenario training, for the individuals that might face such issues in their role as board members in joint ventures and for other relevant individuals, will be valuable in order to support individuals how to act in critical situations, prior to potential occurrence,” the report stated.

When critical events in a joint venture with potential material adverse effects for Telenor have occurred, it’s important for Telenor management to ensure that such issues are addressed in a holistic manner. Telenor management should ensure that critical information that is provided to those charged with oversight (the board and sub-committees) is reviewed appropriately.

“When critical events occur, it’s important that Telenor’s board members, who may not be as close to the issue as management is, are being provided with information enabling them to grasp the seriousness of the issue at hand,” the report stated. “if such a review is not performed, individuals preparing the information may overlook information that is important to convey.”

Telenor’s CEO should not selected the individuals to be nominated as board members of VimpelCom supervisory board, as historically has been the case. Such selection has been based on specific qualifications finding the appropriate individuals to fill such challenging positions.

“We do support the measures already taken by Telenor to involve the board of directors in the nomination process of members of the VimpelCom supervisory board, thereby setting a stage for formulating the expectations to the Telenor nominees from a Telenor board perspective,” the report stated. “We will also recommend that board members of significant joint ventures meet with the Telenor board of directors on a regular basis; the purpose of such meetings should be for the board of directors to render their perspectives on issues that they view important to Telenor, and not to share confidential information.”

Corporate governance

Telenor has since initiated several measures to improve its corporate governance policies and procedures. This initiative also involves an external governance review that among others include:

Improvements in Telenor’s enterprise risk management policies and procedures;

Changes in governance in order to achieve a more unified and consistent compliance function within the Telenor group. (Several work streams related to the ethics and compliance function have been initiated at an earlier stage);

Changes in the processes of appointing Telenor employees as board members of significant subsidiaries and in significant non-controlled companies, clarifying Telenor’s expectations to board members nominated by Telenor and how such board members should be rendered support and offered education as deemed necessary;

Changes to the governance over “merger & acquisition” processes in order to secure that critical elements are considered at the right time and with the appropriate care as facts and circumstances may require; and

Changes to Telenor’s performance management system with the aim to secure that non-financial performance criteria as ethical business conduct and other sustainability matters are better clarified through concrete key performance measures (KPI) and how such KPIs should be followed up by management.

An external review of Telenor’s ant-corruption program was initiated by the board in February 2015 and finalized in December 2015. “We have been informed that relevant changes have or are in the process of being implemented,” the report stated.

Revised joint venture principles

As part of this overall corporate governance project, Telenor has clarified its ownership principles towards joint ventures in which Telenor doesn’t have operational and financial control, but has a significant shareholding and is represented on the board by Telenor nominated board members.

The revised ownership principles require Telenor to perform comprehensive risk assessments procedures, including improved integrity due diligence procedures of the joint venture partner, and of other important business partners including suppliers to the joint venture to avoid being involved in unethical business conduct.

“It is our understanding that ‘audit rights’ into the joint venture for the respective joint venture partners will be a general Telenor requirement, if not restricted by corporate veil or other restrictions, to be agreed upon prior to the establishment of the joint venture,” the report stated. “According to the principles, exit strategies should also be agreed upon prior to the investment.”

Additionally, Telenor, prior to entering into such an investment, shall see to that other joint venture partners agree to the governing principles for the joint venture. The principles also outline Telenor’s obligation to systematically follow up the joint venture’s implementation of, and compliance with, its ethical standards and governance framework. Telenor management must regularly review joint venture performance, governance, and compliance.

In summary, joint ventures of Telenor must:

Operate within relevant rules and regulations and a risk-based governance framework in line with recognized international standards;

Operate within a risk-based compliance and anti-corruption program in line with recognized international standards; and

Actively ensure that that its board and shareholders receive correct, clear and up-to-date information on relevant matters.

In addition the revised ownership principles for joint ventures outline policies and procedures for Telenor nominated board members such as:

Expectations to Telenor’s nominated board members as to focus on compliance and governance will be formulated and communicated;

If deemed necessary by Telenor, ensure one Telenor nominated board member has specific competence in governance and compliance issues. If Telenor, as a shareholder, needs to establish a formal process to follow up a joint venture the following is outlined in the revised ownership principles;

Assign responsibility for investor dialogue with the Joint Venture to a dedicated function within Telenor;

Develop an annual dialogue plan and document the dialogue; and

Ensure that adequate questions regarding governance and compliance are asked and answered.

“We shall learn from this demanding case and use it to build an even stronger Telenor,” Gunn Wærsted, chair of Telenor’s board, said in a statement. “We have already implemented actions to strengthen governance procedures and the awareness of what our ethical guidelines demand of our leaders. Now we will thoroughly study the report and consider if the initiatives are sufficient.”