On August 12, the Colombian Superintendency of Industry and Commerce announced that it was fining Uber Technologies $629,000 for obstructing a regulatory visit in October 2017. According to the Superintendency, “Uber urges employees not to give information to regulators and to block access to company computers” and implemented those policies during the visit.
The Superintendency also meted out fines to two Uber legal staff members and one Uber manager, in amounts ranging from $1,469 to $7,344. It asserted that those three Uber employees “collaborated and executed the obstruction of the mentioned administrative visit and the incompletion of the orders and instructions imparted by the Superintendency.” It also declared it “proven that these people gave evasive and incomplete declarations about their roles and functions inside the company, and about their knowledge of the corporate structure of Uber Colombia.”
Reuters reported that Colombia “has not specifically regulated transport services like Uber, but has said it will suspend for 25 years the licenses of drivers caught working for the platform.” It also noted that “Uber has repeatedly drawn the ire of authorities in Colombia, where use of the service is widespread but illegal.”
Last month, the Superintendency announced that Uber would have four months to improve its data security, in the wake of the Uber 2016 data breach that resulted in compromising the data of 57 million Uber users, including approximately 267,000 Colombian residents. In addition, police authorities in Bogota closed an Uber Driver Care Center because the center did not have a certificate for an automatic door on the premises. Uber reportedly objected to the closure and stated that it would bring legal action to challenge the closure.
Note: Because Uber stated that it had not officially been informed of the fine but would examine it once it was informed, at the moment there is no final resolution of the matter. Even so, regulatory compliance officers should regard this official action as an opportunity to revisit their policies and procedures for how to respond to regulatory interactions and requests for information.
If a company finds itself in a fractious relationship with a primary regulator in some jurisdiction, that company – at least if its products or services are deemed legal in that jurisdiction – needs to do more than simply be appropriately responsive and timely when that regulator seeks information to carry out its mandate. In parallel with its day-to-day interactions with that regulator, it must also pursue discussions with senior regulators to damp down the fractiousness and to improve mutual understanding.
Senior business leaders, in other words, must make clear to their executives and managers that conflict management, not conflict promotion, is essential to the long-term management of business-regulator relationships. That point should be reinforced in internal training, and in meetings to prepare for regulatory inspections or examinations.