Telefónica Pays $85M on FCPA Fails
The Latin American telecom giant Telefónica settled FCPA charges late last week, paying $85 million and reminding everyone that at least for now (and possibly for a good long while yet), the world of corporate compliance and FCPA enforcement continues to turn. Let’s take a look at the lessons we can learn here.
The Justice Department announced the settlement last Friday, and in many ways it’s a routine FCPA enforcement action. The accusations are that in 2014, Telefónica’s Venezuela subsidiary set up sham consulting contracts with middle men in that country, to bribe government officials during a currency auction. Telefónica sent roughly $29 million in corrupt payments to those intermediaries, and in exchange received the lion’s share of currency the Venezuelan government had put up for sale.
Why Telefónica would do this at all is a fascinating example of corruption in action.
Telefónica received revenue from its customers in Venezuelan bolivars, which were (and still are) essentially worthless because the Venezuelan economy is a basket case. So from time to time the government there runs an auction to let companies exchange their bolivars into U.S. dollars. The companies can then use those dollars to buy equipment or services from their suppliers — who, like any sane business, accept U.S. dollars rather than bolivars.
The scheme worked as follows. Telefónica Venezolana (business names always sound so cool in Spanish!) recruited two of its suppliers to make $28.9 million in payments to an intermediary and his shell company; the intermediary then sent at least some of that cash to Venezuelan officials as bribes.
When auction time came, the Venezuelan government awarded Telefónica $110 million, roughly 65 percent of all the U.S. dollars offered at that auction. Telefónica then repaid its suppliers (and concealed its bribe) by buying equipment from them at inflated prices, and using proceeds of the $110 million to pay for it.
Lesson One: The Cost of Poor Compliance
Telefónica ultimately agreed to an $85 million criminal penalty and a three-year deferred prosecution agreement. Let’s take a look at those details to see what they tell us about the need for effective compliance programs.
As described in the DPA, at first Telefónica’s compliance response was somewhat underwhelming. The company didn’t voluntarily self-disclose its misconduct and therefore received no self-disclosure credit, and “in the initial phases of the department’s investigation” the company failed to produce required evidence in a prompt fashion. That slow-walking “affected investigative efforts by the department and reduced the impact of Telefónica Venezolana’s cooperation,” as the DPA phrased it.
And while Telefónica had no prior criminal history, the company did settle civil FCPA violations with the Securities and Exchange Commission back in 2019, for faulty internal accounting controls at its Brazil subsidiary. That action resulted in a $4.25 million civil penalty and a cease-and-desist order, which apparently didn’t take since we’re here again now.
All that said, Telefónica eventually did get with the program and started cooperating. That included making regular factual presentations to prosecutors based on what Telefónica learned during its internal investigation; making overseas employees available for interviews in the United States; and producing a “significant” number of documents to prosecutors while navigating foreign data privacy laws.
Telefónica took numerous remedial actions too. That included, among other things: firing the offending employees; naming a chief compliance officer with direct access to the audit committee of the board; and overhauling its approval process for transactions with non-standard pricing, including the compliance function reviewing all such transactions globally.
Now let’s do some math. According to the U.S. Sentencing Guidelines, the criminal penalty for Telefónica’s offenses could be anywhere from $101 million to $203 million. The Justice Department then decided that given Telefónica’s aggravating factors (no self-disclosure, slow start to cooperation, and so forth), the penalty should be at the 5th percentile of that range, which is $106.1 million.
Then came Telefónica’s later cooperation and compliance program remediation, which led prosecutors to deduct 20 percent from that $106.1 million. That’s how we arrive at a criminal penalty of $85 million.
Why the Math Matters
Now imagine a world where Telefónica had a strong compliance program from the start. Even if the company then suffered this bribes-for-dollars scandal (because nobody’s perfect), that strong compliance program would have led to voluntary self-disclosure, full cooperation from Day 1, and all the remediation discussed above.
That strong compliance program would meet the criteria of the Justice Department’s Corporate Enforcement Policy, and Telefónica would have been eligible for at least a 50 percent discount from the bottom end of that $101 million to $203 million range. Half of $101 million is $50.5 million — that is, $35 million less than what the real Telefónica, with its numerous compliance missteps, is actually paying.
These are just back-of-the-envelope estimates, of course, but they remind us yet again that a strong compliance program does save a company money. Remember, in most FCPA enforcement actions you also need to disgorge ill-gotten proceeds, too. Couple those points together, and you can make a better case to the powers that be at your organization that a strong compliance program is its own reward.
Lesson Two: Supplier-Assisted Fraud
The other interesting point in this case is that Telefónica worked with its suppliers to arrange the bribery scheme. We don’t usually see that; usually, the offending company just works directly with the corrupt intermediaries. Here, Telefónica added an extra layer of obfuscation by asking the suppliers to work with the corrupt intermediaries.
How should compliance officers think about a corruption risk like that?
One obvious step would be to extend your anti-corruption due diligence procedures to all suppliers who might possibly get involved in a corruption scheme, rather than the obvious candidates such as business agents or consultants. For example, in the Telefónica case, the suppliers in question provided Telefónica with infrastructure components for telecom networks. Folks like that don’t fit the “fixer” profile we usually see in FCPA cases.
My question is how you’d do that. The compliance team would need to work more closely with the procurement function, and weave your anti-corruption procedures into sourcing and contract management procedures. If your business has no dedicated procurement function, the task will be that much more splintered, and centralizing all information for one global view of your supplier corruption profile will be difficult.
You’d also need to be more adroit at monitoring supplier transactions, to sniff out over-priced deals that might be cover for a slush fund. Again, at an abstract level that’s not new; compliance teams have had detailed documentation requirements for third-party agents for years, where the agent elaborates on exactly what services he’s providing and whether the price is commensurate with going rates.
Now you’d need to do the same for, say, equipment purchases. That could require some sophisticated new analytics and expertise on standard pricing. Little surprise that one of Telefónica’s remediation steps was “overhauling its approval process for transactions with non-standard pricing,” and giving the compliance function a review of all such transactions globally. How would you achieve the same transparency at your own organization?
That’s enough for today. Clearly the Telefónica case is a call worth accepting.