Sign in Subscribe
By Zahn Alimbay in Program Effectiveness

What can we learn from Ericsson?

What can we learn from Ericsson?

On March 28, Ericsson announced that the independent compliance Monitor appointed by the US DOJ approved its Anti-corruption program and confirmed it is functioning effectively. [i]This opens the door to ending the four-year company’s monitorship. As a repeat corporate offender, Ericsson needed to do much to reach this milestone.

What can we learn from Ericsson’s compliance journey?

Backgrounder

In 2019, Swedish telecom giant Ericsson entered a more than $1 billion settlement with the US DOJ over the US FCPA violations that occurred between 2000 and 2016 and involved its operations in China, Vietnam, Djibouti, Kuwait, and Indonesia. In 2023, the DOJ determined that Ericsson violated the terms of the 2019 Deferred Prosecution Agreement. The company pleaded guilty to original charges and was fined a further $206 million. As a result of both actions, Ericsson has been subject to independent monitoring since 2019.

As a condition of ending the monitorship, Ericsson was required to design and implement an effective Compliance Program.

I looked into how Ericsson approached this enormous task, and this is what I found out[ii]:

Design

Ericsson’s Ethics and Compliance program design[iii] mirrors the requirements of the US DOJ’s Evaluation of Corporate Compliance Program guidance (upd. March 2023) and the SEC and DOJ’s guidance included in “A Resource Guide to the U.S. Foreign Corrupt Practices Act” – the length and breadth you would expect from a top-of-the-class program.

Whether the US FCPA applies to a firm or not, these documents set the standard for designing and implementing a holistic, risk-based compliance program—something every organisation with an international footprint needs.

Ericsson's compliance program covers (workplace) ethics, anti-bribery and corruption, conflicts of interest, anti-money laundering and competition law. From my experience, I can safely extend this to other areas of compliance, such as sanctions and export controls, anti-fraud and various forms of financial crime.

Prioritising efforts  

Ericsson prioritised its focus along four main areas:

  • Tone at the top (leadership) and integrity-led culture,
  • Third party risks
  • Strengthening compliance function and investigation capabilities
  • Redesigning internal controls

This is also something I always recommend doing – prioritise risks and apply efforts and resources where they matter. 

Standards of Conduct

Ericsson enhanced its Code of Business Ethics to define expectations, principles, and requirements for employee conduct. It also established an ethical decision-making framework and engagement with internal and external stakeholders, promoting and supporting Speak Up. Employees are required to periodically acknowledge their understanding of the conduct rules.

Setting clear (and easy-to-understand) rules and expectations from the outset is essential for building a solid foundation. The same is true for a decision-making process. While Ericsson has not published its ethical decision-making model, there are plenty of examples that Compliance teams can use. One of those is a Decision-Making Guide adopted during my tenure at QatarEnergy in 2019 (QatarEnergy Code of Conduct.pdf).

Embedding in Business & Testing Effectiveness

While many organisations have adopted adequate anti-corruption and business conduct policies nowadays, the biggest issue affecting Compliance program effectiveness is how those standards are embedded into business processes. This is particularly important, considering that business process issues appear to have contributed to Ericsson’s misconduct in the past.

In this case, Ericsson drove this process through what they call a Business Critical Transformation, an organisation-wide initiative led by business leaders and supported by compliance to ensure that compliance processes were fully embedded in the business and operated as intended through clear standards, process requirements, training and ongoing monitoring.

I can only agree with the approach. A few years earlier, when I and my team at QatarEnergy embarked on our Compliance Journey, we intuitively adopted the same approach through an organisation-wide Governance Transformation Initiative as a foundation for embedding compliance standards and controls into the management, business and reporting processes (re-designing some of them along the way). That assured ownership and implementation accountability, with centralised reporting and implementation tracking. Progress is monitored and tested to ensure those achieve the intended results.     

Leadership and Culture

Ericsson told us that its efforts to strengthen its compliance program were underpinned by transforming the company’s culture and operationalising enhanced governance to enable it to operate responsibly and with integrity. Their declared focus is on fostering a culture of transparency, collaboration, ethical decision-making and risk management.

Leadership communication, risk escalation and oversight by the executive business risk committee are important hallmarks of this process.

Accountability is an essential element here, too. Ericsson’s approach is to drive individual accountability through performance management, incentives, and compensation and evaluate senior executives based on pre-defined integrity criteria. This is very much in line with the DOJ guidance.

Training and Communication

Their approach to training appears to be founded on two principles:

  • Building a risk-based awareness around ethics, compliance and regulatory subjects, and employee conduct in the circumstances, and
  • Tailored learning styles to fit different target groups depending on the risk levels.

With this, they aim to build a knowledge foundation in core subjects through mandatory online training, with enhanced content and targeted delivery for risk-based roles and leaders focusing on ethical dilemmas to help build situational awareness.

This is a warranted approach. Here at Comhla, we have also observed that when it comes to training and communication, one size does not fit all. The mode of delivery (online or face-to-face), the content and the way this content is delivered (and by whom) lead to different results. To maximise effectiveness, organisations shall communicate their standards and expectations and train employees in a way that fits the audience.

There is something else I would like to highlight: Measuring employee perception. As part of their annual employee survey, they included questions about the perception of the Company’s commitment to ethical and responsible practices and whether employees feel safe to Speak Up. Both data points help to measure the state of corporate culture in the organisation. The latter is significant, as it helps to assess the level of psychological safety. Something I talked about in my earlier posts. I would strongly encourage every organisation to do this.

While Ericsson does not necessarily mention it in its disclosures, the steps it took to strengthen ethical leadership, communication, and training will eventually have a positive effect on workplace ethics, too. In particular, fostering moral attentiveness, moral engagement, clarity of expectation, and organisational justice will ultimately create an environment where misconduct is not tolerated from within.  

After reviewing Ericsson’s disclosures, it does appear to me that the company undertook a comprehensive review of its processes and compliance modus operandi and implemented a robust program (beyond what is required for regulatory compliance purposes). As we all know, there is never a point when you can simply say the program is designed and implemented and the work is now complete. As business, market, and regulatory environments constantly change, the Compliance program must continuously evolve and adjust. This is a continuous process.

However important the compliance program and process design are, none of this will matter without fostering the “right” culture in an organisation. This equally applies to Ericsson.

If you are embarking on your own compliance transformational journey and need help designing and enhancing your compliance program, get in touch with us. We are here to help!

 See you next Saturday!

Comhla Intelligent Compliance

At Comhla, we are driven by a mission to revolutionise the way organisations approach compliance and misconduct prevention. By leveraging our in-depth governance, compliance and internal control expertise, actionable data insights and cutting-edge applied research in organisational science, we help our customers build effective regulatory and compliance management to safeguard their license to operate, protect the bottom line and enhance reputation as responsible businesses.

Follow us on LinkedIn: https://www.linkedin.com/company/comhlaic 

Learn More https://comhla.co

We aim to publish once a fortnight. The information provided in this newsletter is not intended to and does not render legal, accounting, tax, or other professional advice or services.

 

Endnotes:

[i] Ericsson Press-Release: Independent Monitor certifies Ericsson’s Compliance Program https://www.ericsson.com/en/press-releases/2024/3/independent-monitor-certifies-ericssons-compliance-program

 [ii] Sustainability and Corporate Responsibility report  https://www.ericsson.com/4933e6/assets/local/investors/documents/2023/sustainability-and-corporate-responsibility-report-2023-en.pdf, and Ericsson Annual Report 2023 https://www.ericsson.com/4933e7/assets/local/investors/documents/2023/annual-report-2023-en.pdf  

 [iii] Ethics and Compliance program https://www.ericsson.com/en/about-us/sustainability-and-corporate-responsibility/responsible-business/ethics--compliance-program

Subscribe to Breaking the Mould

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe