Lessons Learned from Ericsson’s DPA Breach: An Internal Investigation Nightmare (Part III of III)
This is not your typical FCPA enforcement action Lessons Learned column. Instead, Ericsson’s breach of its DPA presents a laundry list of internal investigation errors – as a practitioner in this area, this is the nightmare scenario. It is a cautionary tale for all investigators, whether conducted by internal staff or outside counsel.
Before getting into the nitty-gritty of the internal investigation deficiencies, I would initially observe that these failures occurred in an environment that lacked fundamental culture improvements. Ericsson’s original violations occurred over a 16 year period and were pervasive and systemic. Its culture was rotten and promoted bribery as a means to an important end – making money.
Overarching Culture Deficiencies: The internal investigation missteps occurred in this culture, even during the initial years of remediation. The failures to disclose partially reflect failures of various actors, including outside counsel. Ericsson leadership and senior management responsible for oversight and direction of outside counsel appear to have failed to strictly scrutinize the actions of outside counsel. This is not to excuse the errors made by outside counsel outlined below but to recognize that Ericsson’s weak culture contributed to these errors. If Ericsson were truly committed to changing its ethical culture, perhaps the potential errors may have been caught or prevented.
Justice Department Interactions and Representations: The Ericsson case stands as a testament to the importance of accurate, complete and robust by outside counsel and company representatives to the Department of Justice. Senior management and outside counsel have to establish an effective working relationship with transparency, coordination and full disclosures. Building on this foundation, outside counsel has to make sure that interactions with DOJ are carefully crafted and reflect an appropriate balance between disclosure and ongoing issues prior to disclosure.
Email Data Omission: Ericsson’s investigation omitted a key email document relating to the Djibouti bribery scheme. It is even more disturbing that several versions of the email chain were produced, except for one important email that was in Italian. It is unclear if Ericsson failed to discover the document because it was in Italian. Thee search terms should have included foreign language translations given Ericsson’s use of Italian (and probably other languages).
The omitted email message, which was critical, should have been captured by the search of relevant custodian data for key executives. In this case, the missed email was between two critical custodians – the Head of the Customer Unit in North East Africa and a High-Level Executive. The failure to capture all relevant custodian data, especially given the specific roles, and the fact that the message was in Italian, is inexplicable.
But let’s be honest – mistakes can occur. That is not meant to excuse the failure – there should have been a secondary check or backup procedure to ensure that a key, responsive document was not missed.
Outside Counsel Miscues: The breaches and omissions rest squarely with prior outside counsel. First, the February 2018 Email alleged that a broad conspiracy among top officials and China senior executives to cover up a conspiracy in China’s use of third-party agents and payment of large amounts of money in exchange for little to no services.
When received, Ericsson top management and outside counsel followed up on this important email. For some unexplained reason, however, neither Ericsson nor outside counsel informed DOJ of this email. There is no reason for such a failure. Apparently, outside counsel investigated this allegation but failed to disclose the email or the results of the investigation to DOJ.
Outside counsel miscues stemming from the Iraq investigation are even more disturbing. In light of the potential incendiary nature of the allegations linking Ericsson’s bribery activities to potential terrorist payments, the investigation and the issue should have been a key priority, especially given the reputational risks.
While it is clear that outside counsel committed serious errors, the failures underscore the importance of senior executive and management engagement in the overall internal investigation and interactions with DOJ. In the end, senior executives have to manage the overall process and engage with outside counsel at each and every step – it is an important check on every internal investigation. Both senior management and outside counsel failed to operate in accordance with proper coordination, verification and checks to ensure accuracy.
Document Retention and Omission of Hard Copy and USB Stored Evidence: When conducting document searches, outside counsel and senior management have to confirm access to all potentially responsive documents. In this day and age of electronic data, companies usually have historical hard copy documents. A document retention policy is critical to understanding where potential electronic and hard copy documents may be stored. Companies that implement such policies usually begin with a catalogue of all of its “documents. Including historical hard copies. In many cases, companies may have hard copy documents stored in warehouses.