On August 16, 2012, the Securities & Exchange Commission (“SEC”) charged Oracle Corp. with violations of the Foreign Corrupt Practices Act (“FCPA”) arising out of its failure to prevent its subsidiary in India from secretly setting aside money that was used to make unauthorized payments to vendors. The SEC’s Complaint alleged that Oracle’s India subsidiary structured transactions with India’s government that allowed local distributors to “park” $2.2 million of proceeds outside Oracle’s books and records, thus “creating the potential for bribery or embezzlement.” Based on these allegations, the SEC charged Oracle with violating the FCPA’s books and records provisions and internal control provisions. Oracle agreed to pay $2 million to settle the charges. This SEC enforcement action highlights the FCPA risks arising from foreign subsidiary operations of technology and other companies, and underscores the need for companies operating abroad to have effective controls in place to eliminate any possible opportunities for illicit payments through local partners.
Oracle’s Operations in India
Oracle, the California-based enterprise software company and provider of computer hardware products and services, operates in India through its wholly owned subsidiary Oracle India Pvt. Ltd. (“Oracle India”). According to the SEC’s Complaint, during the relevant 2005-2007 time period, Oracle India’s typical business model involved selling software licenses and services through local distributors. Oracle India was heavily involved in identifying and working with end-user customers, selling products and services to them and negotiating the final price. The purchase order, however, was placed by the customer with Oracle India’s distributor. The distributor bought the licenses and services directly from Oracle and then resold them to the customer at the higher price that had been negotiated by Oracle India. The difference between what the customer paid the distributor and what the distributor paid Oracle was the margin retained by the distributor as payment for its services.
Alleged Misconduct by Oracle’s Subsidiary and Distributor
The SEC’s complaint alleges that on approximately 14 occasions related to eight different government contracts between 2005 and 2007, certain Oracle India employees created extra margins between the end-user and distributor price, and directed the distributor to hold the extra margin in side funds that would purportedly be used for marketing and development purposes. Accordingly, as part of this scheme, government customers paid Oracle India’s distributor at least $6.7 million on sales, but Oracle only received $4.5 million in revenue, resulting in about $2.2 million in funds improperly “parked” with the company’s distributor.
At the direction of certain Oracle India employees, the distributor then made payments out of the side funds to third-parties, supposedly for marketing and development expenses. However, some of the recipients of these payments were not on Oracle’s approved local vendor list. Further, some of the third-parties did not exist as bona fide entities and were merely storefronts that provided no legitimate services to Oracle. In some instances, Oracle India employees documented these payments with fake invoices.
Violations of FCPA’s Books and Records and Internal Control Provisions
Even though Oracle India employees concealed the existence of the side funds from Oracle, the SEC charged Oracle with failing to properly account for these side funds. According to the SEC, these funds constituted marketing expenses incurred by Oracle India that should have been rolled up to Oracle’s corporate books and records. Instead, the parked funds were not reflected on Oracle India’s books and this incorrect accounting in turn affected Oracle’s books and records.
The SEC also charged Oracle with failing to devise and maintain a system of effective internal controls that would have prevented the improper use of company funds. For example, Oracle knew that distributor discounts created a margin of cash from which distributors received payments for their services. However, the company failed to audit and compare the distributor’s margin against the end-user price to ensure excess margins were not being built into the pricing structure. In addition, although Oracle maintained corporate policies requiring approvals for payment of marketing expenses, Oracle failed to seek transparency in or audit third-party payments made by distributors on Oracle India’s behalf. The SEC alleged that this control would have enabled Oracle to check that payments were made to appropriate recipients.
In announcing the charges, Marc J. Fagel, director of the SEC’s San Francisco office, stated that “through its subsidiary’s use of secret cash cushions, Oracle exposed itself to the risk that these hidden funds would be put to illegal use.” Mr. Fagel warned that “it is important for U.S. companies to proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds.”
Remedial Measures and Penalties
Oracle consented to the entry of a final judgment ordering the company to pay a $2 million penalty and permanently enjoining it from future violations of these FCPA provisions. In reaching this settlement, the SEC explicitly took into account Oracle’s voluntary disclosure of the conduct in India and its cooperation with the SEC’s investigation, as well as substantial remedial measures taken by the company to improve FCPA compliance.
For instance, the SEC’s complaint explicitly noted that by November 2007, Oracle India’s senior sales manager had resigned and left Oracle India. Further, as a result of the company’s internal investigation, Oracle terminated four other Oracle India employees based on their knowledge that Oracle India parked funds at its distributors. In addition, Oracle took other remedial measures to address the risks and controls related to parked funds, including: conducting additional due diligence in its partner transactions in India so that Oracle had greater transparency into end-user pricing in government contracts; terminating its relationship with the distributor involved in the transactions at issue; directing its distributors not to allow the creation of side funds; requiring additional representations and warranties from distributors to include the fact that no side funds exist; and enhancing training for its partners and employees to address anti-corruption.
Among other things, this SEC enforcement action against Oracle:
- Makes clear the significant exposure faced by technology companies from activities at the subsidiary level, regardless of actual knowledge by the U.S. parent;
- Highlights the risks associated with doing business through distributors or joint ventures; and
- Underscores the importance of internal controls and the policing of compliance measures.
* * *
With substantial experience in helping companies handle FCPA training, compliance, and investigations, as well as transactional counseling and due diligence, we are available to answer any questions you may have, including addressing the heightened risks faced by companies with global operations. If you would like additional information, please contact R. Todd Cronan, who chairs the firm’s Securities Litigation & White Collar Defense Group, John J. Egan, Anthony McCusker, or William J. Schnoor, who lead the firm’s Technology Companies Group, or the Goodwin Procter attorney with whom you typically consult.