VimpelCom FCPA case demonstrates significant internal controls failures
Many practitioners focus on prongs one and three—prevention and remediation. However, the detect prong is equally important and not infrequently less utilized. This was most apparent when the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) recently announced a top-10 Foreign Corrupt Practices Act (FCPA) settlement with the Netherlands-based telecommunications company, VimpelCom Ltd.
This settlement was around its nearly 10 bribery schemes to obtain and retain business in Uzbekistan. There were various schemes used to fund bribes to Gulnara Karimova, the eldest daughter of Uzbek President Islam Karimov in exchange for access to the country's telecoms market.
A press release from the DOJ says that,
VimpelCom entered into a deferred prosecution agreement in connection with a criminal information charging the company with conspiracy to violate the anti-bribery and books and records provisions of the FCPA, and a separate count of violating the internal controls provisions of the FCPA. Pursuant to its agreement with the department, VimpelCom agreed to pay a total criminal penalty of $230,163,199.20 to the United States, including $40 million in criminal forfeiture. VimpelCom also agreed to implement rigorous internal controls, retain a compliance monitor for a term of three years and cooperate fully with the department’s ongoing investigation, including its investigation of individuals.
The failure of internal controls to detect any bribery was clear in the multiple bribery schemes used to fund the bribes. These schemes included a fraudulent stock purchase scheme, a scheme involving multimillion dollar payments through front companies to shell companies controls by Ms. Karimova, and fraudulent payments through corrupt third parties and other schemes.
VimpelCom’s internal control failures were numerous and, at the end of the day, very costly. The failures up and down the VimpelCom and Unitel chain are simply mind-boggling. Basic internal controls were lacking or were completely overridden in selecting and using the resellers for services the company did not need nor want.
Further, the company did not have any system for conducting, recording, or verifying due diligence on third parties. The company did not require that consulting agreements or other contracts with third parties be for actual services or have any way to verify services were performed. There was a lack of appropriate controls around payments to single sourced vendors and a failure to audit third parties.
All companies need to closely examine their internal controls surrounding bribery for weaknesses and failures. A misstep here, as seen with too many, can be costly.
Recommended for You
SOX and Internal Controls Process ImprovementView Slideshow
About the Author
Tom Fox practiced law in Houston for 30 years before founding Advanced Compliance Solutions, which assists companies with anti-corruption and anti-bribery compliance programs. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously division counsel with Halliburton Energy Services, Inc. He is now one of the country's leading experts on the Foreign Corrupt Practices Act and anti-corruption and anti-bribery compliance. Tom is the author of the award-winning FCPA Compliance and Ethics Blog and the international best-selling books Lessons Learned on Compliance and Ethics and Best Practices Under the FCPA and Bribery Act. His latest book is Effective Leadership Skills in Compliance: CCO 3.0 and Beyond. He writes and speaks across the globe on anti-corruption and anti-bribery compliance programs.