Michaela Ahlberg created a compliance program from scratch when she was hired in 2013 by Swedish telecommunications firm Telia following allegations of corruption in its foreign business dealings.
She gained unusually direct access to the board and involvement with the legal team as it negotiated with U.S. regulators in a case eventually settled by Telia.
Michaela recounted her experience and lessons learned in creating a new and strengthened compliance regime, a task which included creating country risk assessments and establishing a whistleblower hotline. She also discussed the prospects for sustaining a compliance culture after the case dies down and “exhaustion” sets in.
Julie DiMauro: Can you tell us about how you came on board as chief ethics and compliance officer at Telia, at the time called TeliaSonera.
Michaela Ahlberg: I was brought in the same year as a new board and a new chief executive officer — the prior board had not been reelected at the annual general meeting, and the CEO, Lars Nyberg, voluntarily stepped down.
Basically the timeline is as follows: In 2013, media accounts in Sweden received word from an inside-Telia source who had complained within the company but not been given any attention that corrupt activity was going on at a high level of the business.
This led to a scandal within Sweden, prompting Telia to hire a Swedish law firm to investigate, which then led to a published account of their findings, showcasing some truth to this person’s allegations.
The firm also noted that there had been a lot of red flags of corruption in general, and that doing business in Uzbekistan necessitated a far strong compliance program and compliance controls than the firm had in place.
Institutional investors and the Swedish government (which owned about 37 percent of TeliaSonera) demanded that the board of directors be replaced. New directors with a new board chairperson were brought on board, with the new chair (Marie Ehrling) immediately deciding to revisit the risk-laden jurisdictions in which the company did business. She also brought in the law firm Norton Rose Fulbright to conduct further investigations and hired the new CEO and me, the firm’s first ethics and compliance officer.
Julie DiMauro: Telia did not have an actual, functioning compliance department in place before then?
Michaela Ahlberg: It did not. The compliance duties had been scattered among different departments at Telia, with many of them landing in the legal department, which either could not or did not handle a lot of the issues that ended up being a problem for the firm. They just did not know the nuances of compliance and ethics policies and procedures, and really didn’t have the time to deal with a lot of them.
Julie DiMauro: So, Norton Rose conducted its investigation and saw patterns of misconduct. Were individuals named at that point?
Michaela Ahlberg: Yes, the Norton Rose attorneys found that the misconduct was wide-ranging, but that higher ups were largely responsible for the directives handed out, leading to unlawful and/or unethical conduct. Besides Nyberg, two other high-level executives were personally charged in Sweden — one of them is Tero Kivisaari who headed up the Eurasia business side – and the third went unnamed.
No resolution has come of those charges at this point, and I’m not overly surprised, as Swedish bribery law only makes individuals liable, not businesses, and the burden of proof is so hard to reach. It was quite rare for Swedish people to even see a CEO charged.
Julie DiMauro: So tell us about this totally new ethics and compliance program at the company — what you instituted and your relationship to the new CEO and board.
Michaela Ahlberg: I reported directly to the new CEO, although I also had direct access to the ethics and sustainability committee of the board. I communicated my findings, initiatives and queries to them. To be honest, that’s really somewhat unusual in Sweden, as few compliance officers have direct access to a board committee.
I will say, though, that I was given substantive resources to work with in building the program and never got a “no” when it came to spending to support it.
And I was able, after some initial hesitancy by the new head of legal, to attend many meetings he was having with the DOJ and SEC. This really helped me directly interface with regulators and tell them what I was doing on the ground, so to speak.
We started with a country-based risk assessment of where Telia was doing business and conducted leadership training on bribery and other financial crimes. We established a whistleblower hotline, instituted in 18 languages, tapping the skills of a project manager I had hired from within Telia, who helped me with that and with new policy tools for employees to easily access and a new code of conduct.
I had employees in the procurement department and my new head of special investigations help set up a due diligence program, and although we used vendors for such things as receiving whistleblower concerns, we kept a lot of the expertise in-house.
My prior experience at Nokia in Dallas, Texas, taught me a lot about the U.S. standards for compliance programs — the “Ten Hallmarks of an Effective Compliance Program” outlined by the DOJ and SEC in 2012 in their Resource Guide to the FCPA. These had not really been introduced in Sweden, even though businesses were subject to the FCPA by having their securities listed on U.S. stock exchanges.
Julie DiMauro: When did you leave Telia, and is the program you designed still at Telia, operating just as strongly?
Michaela Ahlberg: I left as the deferred prosecution agreement was announced in 2017. And I’d say that I think the strength of the program has endured.
What I am concerned with, though, is the level of exhaustion that set in after the many investigations, the media attention, and after this new compliance program demanded new and onerous things of people for the first time. It’s normal to see some backlash after employees endure all of that over several years. However, the infrastructure remains, and the company’s challenge now is to make sure it goes beyond the exhaustion to keep the program operating in a position of strength and operating with the top executives’ vocal backing.
Encouragingly, two year ago, Telia decided to divest its Eurasia business — seven companies — and those businesses now have the strong ethics and compliance program that we built at Telia’s home business, leaving us confident they were ready for other ownership. The U.S. authorities took notice of the work we did at branch locations, like those Eurasia ones.
Julie DiMauro: Can you tell me about the cooperation credit you received from the DOJ for having cooperated and taken steps to remediate — even completely build anew — the corporate compliance program? Telia received credit even though the firm did not voluntary disclose violations, which was cited as a limiting factor to further leniency.
Michaela Ahlberg: Telia received an aggregate 25 percent discount off the bottom of the U.S. Sentencing Guidelines range for cooperation, which included a thorough internal investigation, regular presentations to the DOJ, voluntarily making former employees available for interviews with the DOJ, and producing documents. The DOJ also noted in its settlement order that the company had instituted a comprehensive, new anti-corruption program with new policies, procedures and controls of such quality that a monitor was not deemed necessary for the deferment period.
Telia did not voluntarily disclose these incidents to the relevant authorities, but, suffice it to say, choosing to do so is an incredibly difficult decision for a business to make.
Julie DiMauro: What are you doing now that your work at Telia is complete?
Michaela Ahlberg: I am sharing my time between Stockholm and the lovely south of France and have started my own business called The Grey Zone. And I am writing a book on corporate conduct, compliance and ethics with a former colleague.
Julie DiMauro is a regulatory compliance expert whose analysis appears on Thomson Reuters’ Regulatory Intelligence subscription service designed for compliance and risk professionals in financial services. Follow her on Twitter @Julie_DiMauro and email her here.
A version of this post was first published by Thomson Reuters Regulatory Intelligence and appears here with Thomson Reuters’ permission.