Raphael V. Estrada, AVP of Compliance, AT&T Mexico
In 2017, on a rainy summer afternoon in Mexico City, news breaks on the radio, about Odebrecht—a Brazilian construction company that could be linked to Mexico’s president and entourage in the financing of his campaign back in 2011. The report also mentions the involvement of former government officials from different Latin American countries, in different corruption schemes. I consider this a topic worth mentioning in my next morning presentation, which happens to be on corruption.
Most of the audience is aware of the case; nevertheless, the reference causes little surprise or commentary. Mexican society’s acceptance of corruption as “normal” is a formidable challenge when trying to implement an anticorruption program in Mexico. It is a daunting task in a society that has proved in the past to be indifferent to myriad notorious corrupt acts from different political actors.
Combatting corruption from within the company requires not only putting in place the traditional checks and balances, controls and policies of a program, but also changing the frame of mind of employees and third parties to create a new norm of not accepting these types of acts.
Our first step in tailoring our anticorruption program was to decide whether to pursue the colossal task of obtaining permits with internal resources or by employing third parties. We opted for the latter, due to the size of the task, as well as the complexity, since it involved three levels of government (federal, state and municipal) across the country.
This was not an easy choice, since a prominent case here in Mexico, involving Walmart’s relationship with third parties, was still under investigation by the U.S. Department of Justice, and investigation costs amounted to hundreds of millions of dollars, before counting the fine.
Therefore, we had to design an end-to-end process to carefully and thoroughly vet, select, train, and oversee our third parties.
We started by creating a policy that clearly stated our expectations and boundaries when working with third parties. Then, we spread this policy using intense trainings both live and online for our employees, and by creating controls that went beyond the traditional three-way match found in regular accounting controls.
Then came the vetting process of our third parties. In our industry, vendors more frequently used to compete on price and service, but never on reputation or past interactions with government entities and/or officials.
Training their employees posed another challenge, since we needed to explain our values, policies and laws to the most exposed and vulnerable link of the chain: those that deal on a daily basis with authorities at all levels.
Therefore, we generated material based on real cases related to their day-to-day job,. These had the desired effect, and sparked many questions and comments based on employees’ experiences, which served to further enhance our training material.
For four years, we have repeated this cycle and refined it along the way, with great results. I am gratified that our employees tell us that they feel proud when they walk into a meeting representing AT&T Mexico, and that they perceive how others recognize AT&T Mexico as a company that has contributed to changing the way to do business in Mexico.
Nevertheless, I believe that our program should be taken to the next level, one in which we can expand the boundaries of oversight of our third parties. So, I have set a road map to certify our vendors not only at the beginning of the vetting process and through the traditional due diligence, but in all stages of their operations and relationship with us. Among other goals, we want to ensure that human and physical resources are adequate to their operations, and fully comply with local laws and regulations.
As a first step, we envision performing an “on desk” audit, where third parties will be required to provide information related to their employees, disclosing whether they have government officials that serve as employees, shareholders, partners, or are in any way related to the company We also want to know if any employee has a family member working for AT&T Mexico. At the operational level, we will check their supervision functions and the segregation of duties. We will also review their policies and procedures related to reimbursements and payments to government entities or officials.
As a second step, we will conduct on-site inspections of our third parties, in order to validate the consistency of their operations, probing processes related to hiring personnel and the way they handle sensitive topics such as hiring current or former government officials, conflicts of interest, and background checks.
In relation to the process of acquiring permits, we will validate it from end to end, including their management of improper solicitations from authorities, as well as their escalation procedures and reporting.
On the accounting side, we will verify that they track proof of travel expenses for the current and prior fiscal years, the source of financing these expenses (advance payments, loans, etc.), the means to expend (wire transfer, petty cash, debit cards, etc.), their process to obtain reimbursements, and their schedule of authorizations.
In addition, we will review their accounts payable procedures, in order to determine how payments to authorities match up with filing papers and related permits.
We are aware that at the end of this exercise, most third parties will have gaps in one or more areas. We will assign each third party a risk score across different areas, which will result in an overall score for the third party. Then, we will coordinate with each third party to prepare a tailored plan, in order to harmonize all reviewed areas with our expectations, and to enhance areas of opportunity in their program and practices.
Periodic updates will follow, to ensure that commitments are met and that any change in our policies or regulations will be properly implemented by third parties.
I am confident that these steps will not only increase awareness in our third parties and their employees of the controls available to help combat corruption, but also will enhance the inclination to do the right thing without compromise. I hope our third parties will understand that Mexico can have a better future if we deter improper conduct in all our spheres of influence and demand the same from our authorities.
About the Author:
Raphael V. Estrada is a Assistant Vice President of Compliance for AT&T in Mexico, a role he has held for five years. He has 26 years of experience in the telecom sector. He holds a degree in electrical engineering and an MBA from Universidad Iberoamericana.