The recent resolution by the Justice Department and the SEC with Telefonaktiebolaget LM Ericsson,1 the Swedish telecommunications multinational commonly referred to as “Ericsson,” involved the filing of an information by the Justice Department and a complaint by the SEC where violations of the internal controls were alleged in addition to violations of the record-keeping and anti-bribery provisions. In terms of the internal controls violations,2 the pleadings provide insight as to the type of factors that need to be considered in ensuring that an issuer has adequate internal controls in the context of anti-bribery compliance considerations.
In a manner similar to what is alleged in the complaint,3 the information summarizes the internal control violations as follows:
LM EMICSSON, through certain of its employees and agents who were responsible for implementing and overseeing a system of reasonable internal accounting controls, failed to implement internal accounting controls relating to: (a) proper documentation and accounting for payments to agents and consultants, including the ultimate recipients of the payments and the reasons for the payments; (b) due diligence for the retention of third party agents and consultants; (c) ensuring due diligence was completed and a fully executed contract was entered with a third pay could before the third party could begin providing services; (d) ensuring that payments were commensurate with the services to be performed by third parties and that services paid for were performed; and (e) oversight procedures by personnel at LM ERICSSON for third party retention and payment.4
Of particular note is the focus on the third parties and the need to document and monitor who are the “ultimate recipients” of payments to third parties. In essence, more is involved than simply making a payment. The due diligence and monitoring must take into consideration whether the payment is being passed through as part of questionable scheme. For this reason, specific steps are suggested to ensure that the internal controls are adequate.
As suggested, the internal controls should require that due diligence be completed and a contract executed with compliance provisions before any work is performed and before any payment is made. A further step is ensuring that the payments are “commensurate with the services to be performed.” If the payments are much larger than what is reasonable, or if advance payments are involved,5 the likelihood of payments being passed through to others is heightened. And finally, there must be ongoing “oversight” or monitoring of third parties and payments to third parties.
1Information, United States v. Telefonaktiebolaget LM Ericsson, 19-cr-00884, (S.D.N.Y., filed Dec. 6, 2019), ECF No. 3; Complaint, SEC v. Telefonaktiebolaget LM Ericsson, Case No. 19-cv-11214 (S.D.N.Y., filed Dec. 6, 2019), ECF No. 1.
215 U.S.C. § 78m(b)(2)(B).
4Information, supra note 1, at ¶ 114.
5Complaint, supra note 1, at ¶ 84(e).