Top Menu

Friday Roundup


Ironic, scrutiny update, and for the reading stack. It’s all here in the Friday roundup.


As highlighted in this previous post, in February 2016 SAP (a German company with American Depository Shares registered with the SEC) resolved a $3.9 million FCPA enforcement action based on conduct in Panama and was ordered to cease and desist from committing or causing any violations and any future violations of the FCPA’s books and records and internal controls case.

Fresh off its 2016 FCPA enforcement action, SAP again became the subject of FCPA scrutiny. (See here for the prior post). Indeed, yesterday the Wall Street Journal reported:

Continue Reading

Friday Roundup


Former SEC FCPA Unit Chief Kara Brockmeyer on declinations and voluntary disclosure, Wal-Mart’s global chief ethics and compliance officer on increased standardization in global anti-corruption efforts, scrutiny updates, French first, and for the reading stack.

It’s all here in the Friday Roundup.

Former SEC FCPA Unit Chief Kara Brockmeyer On Declinations and Voluntary Disclosure

Brockmeyer is profiled in this recent Corporate Crime Report Q&A. (See here for a recent FCPA Flash podcast with Brockmeyer).

Continue Reading

Fresh Off Its 2016 FCPA Enforcement Action, SAP Is Again Under FCPA Scrutiny


As highlighted in this previous post, in February 2016 SAP (a German company with American Depository Shares registered with the SEC) resolved an FCPA enforcement action based on conduct in Panama. Without admitting or denying the SEC’s finding’s in an administrative order the company agreed to pay approximately $3.9 million and the SEC ordered the company to cease and desist from committing or causing any violations and any future violations of the FCPA’s books and records and internal controls case.

Fresh off this 2016 FCPA enforcement action, SAP is again under FCPA scrutiny.

Continue Reading

Issues To Consider From The SAP Enforcement Action


Coming in at a “mere” $3.9 million settlement, this week’s SAP enforcement action will not make anyone’s list of “significant” enforcement actions.

Yet, as highlighted in this post, the enforcement action raises several significant (and alarming) issues.

Sole Actor

In the minds of some, rogue employees are figments of the corporate apologists imagination and no enforcement action has ever been based on the conduct of just one individual.

This has always been an off-target observation and the SAP action is yet another example of a company being the victim of a rogue employee (technically the individual was not even an employee of SAP, but rather a subsidiary company).

As stated by the SEC, SAP has 272 subsidiaries, its business is conducted through a network of more than 11,500 partners that provide an additional workforce of 280,000 individuals. The SAP enforcement action was based on the conduct of Vicente Garcia and set forth below in pertinent part is what the SEC found.

  • Garcia “created a slush fund” that was used to pay the bribes and kickbacks
  • Garcia “concealed his scheme from others at SAP”
  • Garcia “circumvented SAP’s internal controls”
  • Garcia “justified the excessive discounting by falsifying SAP’s internal approval forms”
  • Garcia “self-profited through kickbacks”
  • Garcia used his “personal e-mail” in connection with the scheme
  • All of Garcia’s accomplices were “others outside of SAP” (a term used by the SEC multiple times)

Ineffective Internal Controls?

Notwithstanding the above, in the perfect hindsight driven, would have, could have, should have world in which the SEC’s resides, the SEC states that SAP’s “deficient internal controls” “allowed” Garcia to engage in the improper conduct.

When analyzing whether SAP had “reasonable” internal controls (the statutory standard after all) consider the following SEC statements.

  • “In June 2009, SAP conducted an internal investigation and found that Garcia violated its internal Code of Business Conduct when he invited an executive of Petroleos Mexicanos (“PEMEX”), the Mexican national oil company, to an SAP marketing event at the Monaco Grand Prix. SAP did not find any attempt to improperly influence any government official in connection with the 2008 PEMEX sale. As a result of the internal investigation, SAP revised its policies prohibiting government officials or employees from attending any “hospitality” event, which it defined as any event where business constitutes less than 80% of the event.”
  • “One of the four contracts was a software license sale to the Panamanian social security agency, which was initially proposed to be a direct sale with the assistance of local partners. In order to facilitate the bribery scheme, the existing partners were replaced with a new local Panamanian partner. This last-minute change, and other red flags, triggered an SAP compliance review which resulted in SAP rejecting Garcia’s request to pay a commission to the local partner. Therefore, Garcia and others began looking for other ways to advance the bribery scheme. Finally, in the fall of 2010, Garcia finalized an indirect sale of the software license to the agency through the local partner, who, with Garcia’s assistance, ultimately sought and obtained an 82% discount on SAP’s sale price to the local partner. Garcia caused various approval forms to be submitted that misstated the reasons for the large discount. Garcia stated that the discounts were necessary to compete with other software companies in establishing a relationship with the government of Panama when, in fact, the discounts were necessary to fund and pay bribes to government officials. Garcia and others planned to sell SAP software to the local partner at an 82% discount, who in turn would sell the software at significantly higher prices to the Panamanian government and use part of the profits from the sale to pay bribes.
  • The underlying activity which SAP was faulted for in the enforcement action – large customer discounts – was something “SAP routinely” provided to “local partners for legitimate reasons.”

Based on the above SEC findings, the SAP enforcement joins prior FCPA enforcement actions against Oracle and H-P (also technology companies) as being truly alarming. (See this prior post highlighting how the former Assistant Chief of the DOJ’s FCPA Unit blasted various aspect of SEC FCPA enforcement including in the Oracle action – observations which equally apply to the SAP action).

What makes the enforcement actions alarming is not only the key statutory language of “reasonable,” but also prior SEC enforcement agency guidance. As highlighted numerous times on these pages, the most extensive SEC FCPA guidance states as follows.

“The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company. But, an adequate system of internal controls means that, when such breaches do arise, they will be isolated rather than systemic, and they will be subject to a reasonable likelihood of being uncovered in a timely manner and then remedied promptly. Barring, of course, the participation or complicity of senior company officials in the deed, when discovery and correction expeditiously follow, no failing in the company’s internal accounting system would have existed. To the contrary, routine discovery and correction would evidence its effectiveness.”

No-Charged Bribery Disgorgment

The SAP enforcement action is the latest example of the SEC ordering disgorgement even though the offending company was not charged with violating the FCPA’s anti-bribery provisions.

As highlighted in this previous post, so-called no-charged bribery disgorgement is troubling.

Among others, Paul Berger (here) (a former Associate Director of the SEC Division of Enforcement) has stated that “settlements invoking disgorgement but charging no primary anti-bribery violations push the law’s boundaries, as disgorgement is predicated on the common-sense notion that an actual, jurisdictionally-cognizable bribe was paid to procure the revenue identified by the SEC in its complaint.” Berger noted that such “no-charged bribery disgorgement settlements appear designed to inflict punishment rather than achieve the goals of equity.”

2016 FCPA Enforcement Begins With SEC Action Against SAP


When Vicente Garcia (a former head of Latin American sales for SAP) resolved a parallel DOJ / SEC FCPA enforcement action in August 2015 (see here for the prior post), the question remained: would there also be a Foreign Corrupt Practices Act enforcement action against SAP?

Yesterday, the SEC answered that question in the affirmative by announcing an enforcement action against SAP (a German company with American Depository Shares registered with the SEC).

The SAP action is the first FCPA enforcement action of 2016.

Based on the same core conduct alleged in the prior Garcia action, SAP, without admitting or denying the SEC’s finding’s in an administrative order, agreed to pay approximately $3.9 million.

In summary fashion, the order states:

“This matter concerns violations of the books and records and internal controls provisions of the FCPA by SAP SE (“SAP”), a European Union corporation headquartered in Waldorf, Germany. The violations occurred due to deficient internal controls, which allowed SAP’s former Vice-President of Global and Strategic Accounts, Vicente E. Garcia, to discount the software price to a former SAP local partner at a level sufficient to permit Garcia and the local partner to pay $145,000 in bribes to one senior Panamanian government official, and offer bribes to two others. Through these bribes, Garcia secured government sales contracts of approximately $3.7 million for SAP, and also self-profited through kickbacks. By excessively discounting the SAP software, Garcia created a slush fund that the partner used to pay the bribes and kickbacks. Garcia concealed his scheme from others at SAP, circumvented SAP’s internal controls, and justified the excessive discounts by falsifying SAP’s internal approval forms.”

“The deep discounts that Garcia used to create the slush fund were falsely recorded as legitimate discounts on the books of SAP’s Mexican subsidiary, which were subsequently consolidated into SAP’s financial statements. In addition, SAP failed to devise and maintain an adequate system of internal accounting controls sufficient to provide reasonable assurances that these improper payments to government officials did not occur.”

According to the order:

“Garcia, as a senior vice-president of SAP responsible for sales in Latin America, used his knowledge of the availability of discounts to push through large discounts in order to create a slush fund from which the local partner was able to pay the bribes. SAP routinely provides large discounts to local partners for legitimate reasons that Garcia used to justify the illegitimate discounts. Once Garcia obtained approval of the discounts based on his falsified justification forms, the bribes were then paid from the local partner.”


As a result of Garcia’s conduct in the bribery scheme, SAP, with its local partner, was able to sell software to the Panamanian government through four contracts from 2010 to 2013. These contracts generated revenues of approximately $3.7 million to SAP.

The deep discounts that Garcia used to create the slush fund were falsely recorded as legitimate discounts on the books of SAP Mexico, which were subsequently consolidated into SAP’s financial statements.”

Under the heading “SAP’s Insufficient Internal Controls,” the order states:

“SAP lacked adequate internal controls to ensure that discounts to local partners were not improperly used. SAP’s system required employees to electronically submit requests within SAP to obtain approval of discounts to local partners. SAP employees, however, had wide latitude in seeking and approving discounts to local partners, and employees’ explanations for the discounts were accepted without verification. There were also no requirements for heightened anti-corruption scrutiny for large discounts. Garcia was therefore able to evade the basic approval procedures by taking advantage of his position and his knowledge of how discounts were approved. Furthermore, the nature of Garcia’s reporting structure made it easy for him to implement the bribery scheme. Although Garcia was located in Miami and employed by SAPI, he variously reported to supervisors employed by other regional subsidiaries and used employees from other subsidiaries such as SAP Mexico to execute the sales to the Panamanian government. This indirect reporting structure at SAP created gaps in supervising Garcia that provided him the opportunity to use the large discounts for creating a slush fund for bribes. Because of the deficient controls, Garcia was able to provide the partner with deep enough discounts to enable him to implement the bribery scheme, which continued unabated for over four years.”

Based on the above findings, the order finds that SAP violated the FCPA’s books and records and internal controls provisions.

Without admitting or denying the SEC’s findings, SAP agreed to pay disgorgement of $3.7 million “representing ill-gotten gains received in connection with the bribery scheme” and prejudgment interest of $188,896.

Under the heading “SAP’s Cooperation and Remediation,” the order states:

“When SAP learned of the conduct as a result of the SEC’s inquiry, SAP conducted a thorough internal investigation and extensively cooperated with the SEC’s investigation by, among other things: (i) conducting an internal investigation; (ii) voluntarily producing approximately 500,000 pages of documents and other information quickly, identifying significant documents and translating documents from Spanish; (iii) conducting witness interviews, sharing Power-Point presentations and timelines; (iv) facilitating an interview of Garcia at work at SAPI offices in Miami without alerting him to the investigation into his conduct; and (v) initiating a third party audit of the local partner.

After being alerted to Garcia’s misconduct, SAP terminated Garcia and undertook remediation efforts to uncover any other possible misconduct and to improve its FCPA compliance. Specifically, SAP audited all recent public sector Latin American transactions, regardless of Garcia’s involvement, to analyze partner profit margin data especially in comparison to discounts so that any trends could be spotted and high profit margin transactions could be identified for further investigation and audit. SAP also implemented new policies and procedures to detect and prevent similar issues from recurring in the future. For example, SAP elevated the status of its Chief Compliance Officer (“CCO”) by having that person now report directly to the CFO, who is a member of the Executive Board, and gave the CCO authority to independently terminate employees and partner contracts. SAP conducted, and continues to conduct, regular anti-corruption training, as well as anti-corruption audits through its internal audit function.

In determining to accept the Offer, the Commission considered remedial acts undertaken by Respondent and cooperation afforded the Commission staff.”

In this release, Kara Brockmeyer (Chief of the SEC’s FCPA Unit) stated: “SAP’s internal controls failed to flag Garcia’s misconduct as he easily falsified internal approval forms and disguised his bribes as discounts.”

According to reports, SAP was represented by Patrick Robbins (Shearman & Sterling).

Powered by WordPress. Designed by WooThemes