Microsoft has been under Foreign Corrupt Practices Act scrutiny since early 2013 (see here  for the prior post). Yesterday, the DOJ and SEC announced here  and here  an aggregate $25.3 million enforcement action against the company and a Hungarian subsidiary concerning conduct in Hungary, Saudi Arabia, Thailand and Turkey.
The enforcement action involved a DOJ component involving a non-prosecution agreement  involving MS Hungary in which the entity agreed to pay a $8.8 million criminal penalty and an SEC administrative order  against Microsoft finding violations of the FCPA’s books and records and internal controls provisions in which the company agreed, without admitting or denying the SEC’s findings, to pay disgorgement and prejudgment interest of approximately $16.5 million.
The conduct at issue concerned MS Hungary described as a direct, wholly-owned subsidiary of Microsoft with headquarters in Budapest, Hungary which promoted and marketed the sale of licenses for various Microsoft software and provides services to those products.
According to the NPA:
‘From approximately 2013 to June 2015, a senior executive and other employees of MS Hungary participated in a scheme to inflate margins in the Microsoft sales channel, which were used to fund improper payments under the FCPA. More specifically, a MS Hungary executive and other employees falsely represented to Microsoft that discounts from Microsoft’s estimated retail prices for government contracts were necessary to conclude deals with Hungarian government agencies. The savings represented by the discounts, however, were not passed along in full by TPIs to the Hungarian government customers to reduce the end customer price. Instead, the inflated margins were used to fund improper payments under the FCPA in connection with the sale of Microsoft software to Hungarian government agencies. MS Hungary, therefore, knowingly and willfully caused Microsoft, a U.S. issuer, to falsely record as discounts in its books and records amounts that were used to fund improper payments under the FCPA. In total, MS Hungary caused Microsoft to report false discounts for a number of licensing deals. The subject licensing deals resulted in profits to Microsoft of $14,586,325 attributable to the sales and marketing activities of MS Hungary.”
Under the heading “The Corrupt Scheme Perpetrated by MS Hungary” the NPA states in pertinent part:
“From at least 2013 to June 2015, a MS Hungary executive and certain employees, including Executive 1 [Papp, a high-level executive at MS Hungary], Manager 1 [Sagyibo, a manager overseeing the Public Sector at MS Hungary], and Employee 1 [Tordai, a Public Sector Account Executive at MS Hungary], were involved in a bid rigging and bribery scheme to create inflated margins in the Microsoft sales channel that were used to fund improper payments under the FCPA in connection with the sale of Microsoft software to Hungarian government agencies.
Two licensing deals [one involving a Hungarian government agency that purchased Microsoft software in 2013 and the second a Hungarian government agency that purchased Microsoft software in 2014]… illustrate the scheme, which generally worked as follows. MS Hungary personnel obtained information about the Hungarian government customer’s budget, which sometimes was supported by European Union (“EU”) funding made available to Hungary, for a particular licensing deal before the tender. In addition, certain MS Hungary employees, including Executive 1, Manager 1, and Employee 1, knew in advance of the completion of the tender which TPI was going to win the tender. MS Hungary would then arrange to sell the licenses for a substantially discounted price. To do so, MS Hungary personnel made false representations to the Microsoft Business Desk about the need for, and purpose of, the discounts in order to obtain the Microsoft Business Desk’s approval for the discounts. Such discounts were not true discounts, however, because they were not passed along in full by TPIs to the government agency end user, which paid at or near the maximum amount available for the licensing deals at issue. Instead, with knowledge of certain MS Hungary employees, including Executive 1, Manager 1, and Employee 1, the false discounts created inflated margins in the Microsoft sales channel that were used to make improper payments under the FCPA.
The inflated margins created through this scheme by MS Hungary personnel were not used to reduce the end customer price, but instead were used for corrupt purposes and, moreover, were falsely recorded as “discounts” and stored in various tools and databases on Microsoft servers in the United States. These false discounts were consolidated into Microsoft’s financial records and were used to support Microsoft’s financial reporting to the Securities and Exchange Commission (“SEC”). As such, MS Hungary caused the inflated margins created through the scheme to be falsely recorded as legitimate discounts in Microsoft’s books, records, and accounts.”
Under the heading “MS Hungary Caused Microsoft To Falsify Its Books, Records and Accounts” the NPA states:
“During the relevant time period, MS Hungary knowingly caused Microsoft to record and maintain false books, records, and accounts in connection with the foregoing corrupt scheme.
… MS Hungary employees, including Executive 1, Manager 1, and Employee 1, lied to Microsoft Business Desk employees to obtain approval for discounts on software licenses to be sold to Hungarian government agencies. The discounts were false because they were not passed on in full by TPIs to the end customers and were used for an illegal purpose. In securing the subject licensing deals involving discounts approved by the Microsoft Business Desk, MS Hungary caused records to be created that documented the fraudulent discounts, which were then falsely recorded and maintained at Microsoft. As a direct, wholly owned subsidiary of Microsoft, MS Hungary’s books, records, and accounts were consolidated into Microsoft’s financial records.
The false records were recorded and maintained by Microsoft in several ways. First, the false discounts — and in some instances the false justifications for those discounts — were recorded in a Microsoft on-line tool with a server located in Bellevue, Washington. Second, the false discounts were included as part of the deal documents that were stored on the same server located in Bellevue, Washington, and in an online repository of Microsoft business documents with a server located in Phoenix, Arizona. Third, false records from the MS Hungary licensing deals at issue were stored in a Microsoft Business Desk database located in Bellevue, Washington.”
The NPA was based on the following:
“(a) MS Hungary did not receive voluntary disclosure credit because it did not voluntarily and timely disclose to the Fraud Section and the Office the conduct described in the Statement of Facts;
(b) MS Hungary received full credit for its cooperation with the Fraud Section and the Office’s investigation, including conducting a thorough internal investigation, making regular factual presentations to the Fraud Section and the Office, producing documents to the Fraud Section and the Office from foreign countries in ways that did not implicate foreign data privacy laws, and collecting, analyzing, organizing, and translating voluminous evidence and information for the Fraud Section and the Office;
(c) MS Hungary and Microsoft provided to the Fraud Section and the Office all relevant facts known to them, including information about the individuals involved in the conduct described in the Statement of Facts and conduct disclosed to the Fraud Section and the Office prior to the Agreement;
(d) MS Hungary and Microsoft engaged in extensive remedial measures, including: (1) taking disciplinary action against four MS Hungary employees; (2) terminating four Hungarian licensing partners; (3) enacting new discount transparency and pass-through requirements; (4) conducting a company-wide initiative to elicit reports of potential anticorruption concerns; (5) conducting training about business conduct standards based in part on the conduct described in the Statement of Facts; (6) implementing new controls for high-risk deals; (7) implementing new controls to prevent third-party intermediaries from placing licensing orders with MS Hungary before receiving end customer purchase orders; (8) creating an expanded transaction monitoring initiative at the regional level; and (9) developing and using data analytics to help identify highrisk transactions;
(e) MS Hungary and Microsoft have enhanced and are committed to continuing to enhance their compliance programs and internal controls to ensure that their compliance programs satisfy the minimum elements set forth in the Corporate Compliance Program attached hereto as Attachment C;
(f) based on MS Hungary’s and Microsoft’s remediation and the state of their compliance programs, and MS Hungary’s and Microsoft’s agreement to report to the Fraud Section and the Office as set forth in Attachment D to this Agreement, the Fraud Section and the Office determined that an independent compliance monitor was unnecessary as part of this resolution;
(g) the nature and seriousness of the offense conduct, including the involvement of a high-level executive at MS Hungary and the extensiveness of the scheme to inflate margins that were used to make improper payments under the FCPA and the fact that Microsoft did not exercise meaningful oversight during the relevant time period to ensure that discounts that Microsoft approved were passed on to MS Hungary’s end customers instead of being used to facilitate the corrupt scheme described in the Statement of Facts. Although this failure of oversight at Microsoft did not amount to a criminal violation by the parent company, it was a discretionary factor that the Fraud Section and the Office considered in entering into a criminal resolution with MS Hungary;
(h) MS Hungary has no prior criminal history;
(i) MS Hungary and Microsoft have agreed to continue to cooperate with the Fraud Section and the Office in any ongoing investigation of the conduct of MS Hungary and Microsoft, their subsidiaries and affiliates, and their officers, directors, employees, agents, business partners, distributors, and consultants relating to violations of the FCPA;
(j) MS Hungary has agreed to disgorge $13,780,733 in profits and $2,784,417.92 in prejudgment interest to the Securities and Exchange Commission (“SEC”) in connection with the SEC’s parallel investigation of overlapping conduct; and
(k) accordingly, after considering (a) through (j) above, the Fraud Section and the Office believe that an appropriate resolution of this case is a non-prosecution agreement for MS Hungary and an aggregate discount of 25% off of the bottom of the applicable United States Sentencing Guidelines (“U.S.S.G.” or “Guidelines”) fine range.”
Pursuant to the three-year NPA, MS Hungary agreed to pay a monetary penalty of approximately $8.8 million. During the NPA, MS Hungary agreed to report to the DOJ, at no less than 12 month intervals, “regarding remediation and implementation of the compliance program and internal controls, policies, and procedures” described in the NPA.
The administrative order was based on the same core Hungary conduct alleged in the DOJ action, plus additional conduct in Saudi Arabia, Thailand and Turkey. In summary fashion, the order finds:
“This matter concerns violations of the books and records and internal accounting controls provisions of the FCPA by Microsoft Corporation, a technology and software solutions provider, related to its operations in Hungary, Saudi Arabia, Thailand and Turkey.
As described below, from at least 2013 through 2015, Microsoft’s wholly-owned subsidiary in Hungary provided payments intended for foreign government officials in order to obtain business for Microsoft. The payments were made through third party vendors, consultants, distributors and resellers, including in circumstances where there was no evidence of any services provided by the third parties. Improper payments were also funded through excessive discounts that Microsoft’s senior executives in Hungary approved based on vague justifications without ensuring they were passed on to the end government customers.
In addition, in 2014 executives in Microsoft’s wholly-owned subsidiary in Turkey approved an excessive discount in a transaction involving an unauthorized third party in connection with a government tender in circumstances where there is no evidence of services provided by the third party. In addition, from 2012 through 2015 Microsoft’s wholly-owned subsidiaries in Saudi Arabia and Thailand provided improper travel and gifts and other things of value to both foreign government officials and employees of non-government customers, respectively, through slush funds maintained by their third party vendors and resellers.
Microsoft failed to make and keep adequate documentation related to third party vendors, consultants, distributors and resellers and failed to devise and maintain a sufficient system of internal accounting controls throughout the relevant time.”
The order states as follows regarding Microsoft’s sales model:
“In many overseas markets, Microsoft sells its software licenses, in certain volumelicensing programs, through distributor and/or third party resellers called a Licensing Solution Partner (“LSP”). The LSPs are supposed to be authorized and approved by Microsoft. The third parties purchase the licenses and other products from Microsoft regional entities, such as MIOL, to sell to end customers, sometimes through additional third party vendors.
Microsoft does not directly enter into contracts with end customers. Instead, in certain foreign countries, a separate Microsoft subsidiary, MIOL, enters into framework licensing agreements with Microsoft’s government end customers. The framework licensing agreement sets forth the terms and conditions for Microsoft license purchases and usage by the government end customers. Typically, after a government end customer issues a tender, LSPs submit bids, and the winning bidder purchases the licenses from MIOL for resale to the end customer. The end customer and the LSP then sign a separate supply agreement reflecting, among other things, the final price and other terms agreed between the LSP and the end customer.
Microsoft maintains estimated retail prices for its software. Government and other large customers often expect to receive discounts from the estimated retail prices because of their size and negotiating power. To ensure consistent pricing with its LSPs in tenders, MIOL offers a standard discounted sale price to approved LSPs which reflected a built in margin. When bidding in a tender, LSPs can lower their price offered to end customers to be competitive. Microsoft also allows for additional discounts with its LSPs under certain circumstances and with certain approvals. Discounts above certain thresholds must be approved by Microsoft’s Business Desk, which had employees around the world. Microsoft expected that any additional approved discounts be passed on to the end customers.
In addition to licensing software, Microsoft also sells consulting and other services to help customers develop, deploy and manage its server and desktop solutions and provides training and certification on various Microsoft products. Microsoft’s subsidiaries routinely subcontract with third parties to provide these services.
Under Microsoft’s policies and procedures, Microsoft employees were required to record details of all sales transactions accurately, including prices, discounts and justification for any additional discount requests beyond the standard. For services transactions, Microsoft’s policies required that employees and subcontractors accurately record their time worked on a project in Microsoft’s internal timekeeping system.”
In addition to the same core allegations regarding Hungary alleged in the DOJ action, the SEC’s order further states:
“From 2014 through 2015, MS Hungary paid third party subcontractors to provide services in connection with MS Hungary consulting service engagements provided to Hungarian government end customers. However, for some subcontractors, Microsoft records do not reflect what services, if any, they provided and MS Hungary employees admitted that certain subcontractors falsely recorded work performed on various engagements. MS Hungary inaccurately recorded the work provided as legitimate transactions in its books and records. Moreover, MS Hungary employees and subcontractors falsely recorded their purported work performed on various service engagements in Microsoft’s timekeeping system.”
Regarding Saudi Arabia, the order finds:
“Between 2012 through 2014, employees in Microsoft’s Saudi Arabian subsidiary diverted at least $440,000 of funds, intended to be used for marketing and developing business proposals with Microsoft’s partners, to a slush fund that was used to pay travel expenses for Saudi government employees and for gifts, furniture, laptops, tablets and other equipment for government agencies. MS Saudi Arabia funded the slush fund through larger than usual discounts and payments to two of its vendors and two of its LSPs. The fund was maintained by two of Microsoft’s vendors, who disbursed it at the direction of MS Saudi Arabia employees. The vendors received a payment for serving as the conduit for purchasing the gifts and arranging the travel. While Microsoft records do not accurately reflect the total amount and use of the funds, approximately $270,000 was used to pay for travel by government customers and approximately $35,000 for gifts and other services for government customers. Additionally, approximately $130,000 was paid for commissions and service fees to the vendors for their roles.”
Regarding Thailand, the order finds:
“Between January 2013 and April 2015, a MS Thailand employee along with an employee of a MS Thailand LSP provided more than $100,000 in gifts and travel to employees of non-government banking customers while MS Thailand was engaged in business with the end customers.
Specifically, an employee of a MS Thailand LSP established an account funded through discounts provided by Microsoft on transactions, ostensibly to pay for training MS Thailand end customers on Microsoft’s software. However, instead of using the money for training, the MS Thailand employee and the MS Thailand LSP employee used the proceeds to purchase technology equipment and pay for travel for employees of MS Thailand’s nongovernment end customers. As part of this scheme, the MS Thailand employee would direct the MS Thailand LSP employee to submit a false purchase order for “training” to one of MS Thailand’s training vendors. The vendors would submit an invoice in connection with the purchase order that would then be paid from the training account held at the LSP. As with Saudi Arabia, the vendors received a “commission” payment “fee” for providing the false purchase order.”
Regarding Turkey, the order finds:
“In July 2014, Turkey’s Ministry of Culture issued a public tender for Microsoft licenses and related services. The tender was awarded to a system integrator that was not an authorized MS Turkey LSP. An MS Turkey employee did not disclose the role of the system integrator in the transaction, and instead directed an authorized LSP to work on the transaction with the system integrator. The MS Turkey employee also negotiated the payments terms between the system integrator and LSP. In connection with the deal, MS Turkey approved an additional 7% discount on the transaction beyond the standard discount. Microsoft’s records do not reflect what services, if any, the system integrator provided, and the authorized reseller informed Microsoft that it provided the services on the transaction. Moreover, there is no evidence the additional discount was passed on to the government customer.”
Based on the above findings, the SEC found that Microsoft violated the FCPA’s books and records and internal controls provisions. Under the heading “Microsoft’s Remedial Efforts and Cooperation,” the order finds:
“In determining to accept the Offer, the Commission considered remedial acts undertaken by Respondent and cooperation afforded the Commission staff. Microsoft’s remediation included enhancing its internal accounting controls and compliance programs, taking disciplinary action against four MS Hungary employees, terminating four Hungarian licensing partners, enacting new discount transparency and pass-through requirements, creating an expanded transaction monitoring initiative at the regional level, and developing and using data analytics to help identify high-risk transactions. Microsoft’s cooperation included timely sharing of facts developed during the course of an internal investigation and voluntarily producing and translating documents.”
Without admitting or denying the SEC’s findings, Microsoft agreed to cease and desist from committing or causing any future violations of the FCPA’s books and records and internal controls provisions and agreed to pay disgorgement of $13,780,733 and prejudgment interest of $2,784,417. The order further states that the SEC is not imposing a civil penalty based upon the imposition of an $8.75 million criminal penalty as part of MS Hungary’s resolution with the DOJ.
Kathryn Ruemmler and Jonathan Su (Latham & Watkins) and Darryl Lew and Courtney Hague Andrews (White & Case) represented Microsoft entities.
On the day of the enforcement action, Microsoft’s stock closed up approximately 1.3%.
On its blog , Microsoft posted the following e-mail from President Brad Smith to company employees.
“Subject: There is no room for compromise when it comes to ethical business practices
I’m disappointed to share some news today that I hope we’ll never need to repeat – about the announcement of an agreement with the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to settle claims of violations of the Foreign Corrupt Practices Act, or FCPA.
More specifically, it was announced that our Hungarian subsidiary has entered into a Non Prosecution Agreement, or NPA, with the DOJ and we have agreed to a Cease and Desist Order with the SEC. This follows Microsoft’s cooperation with a multi-year government investigation, reported previously , into potential violations of the FCPA between 2012 and 2015. (An NPA is a public contract between the DOJ and a company in which the company agrees to take certain actions; it does not involve the filing of any charges in court. The SEC Cease and Desist Order similarly is based on an agreement and doesn’t involve a court filing.)
As the DOJ stated today, it has concluded that between 2013 and June 2015 “a senior executive and some other employees at Microsoft Hungary participated in a scheme to inflate margins in the Microsoft sales channel, which were used to fund improper payments under the FCPA.” As the DOJ explained, a Microsoft Hungary executive and other Hungary employees “falsely represented” to Microsoft itself that these discounts were needed. But that doesn’t absolve the company of legal responsibility for what happened. These employees failed to pass to customers the discounts they claimed were needed to close a deal, and instead, the DOJ concluded that “the inflated margins were used to fund improper payments.”
At one level, we should all recognize that this misconduct involved a small number of employees at Microsoft Hungary, all of whom are no longer with the company. We’re fortunate to have in place today a new set of leaders at our Hungarian subsidiary who are committed to the company’s high ethical standards.
But it’s even more important that we take the time to learn from this moment, applying some broader lessons that are even more fundamental:
First, today’s settlements involved employee misconduct that was completely unacceptable. We conducted our own investigation and provided complete information to the DOJ and SEC. In Hungary, where the most concerning conduct took place, we fired four Microsoft Hungary employees over three years ago and terminated relationships with four resellers. Some of the resellers responded by complaining to local regulators in an attempt to restore their business and some of the employees responded by suing us. We’re grateful that local courts and regulators have backed up our decision to cut all ties with individuals and businesses that, in our view, behaved in a wholly unethical manner. We’re also grateful that the agreements with both the DOJ and SEC recognize the extent of our cooperation and the DOJ agreed that we deserved the maximum credit allowable for cooperation in determining a monetary penalty.
We were deeply disappointed and embarrassed when we first learned about these events several years ago, and we hope that all of the steps we’ve since taken, including today’s settlement, send a strong message. As a company, we do not tolerate employees and partners who willfully break policies that go to fundamental issues of business integrity. Ultimately, the world will successfully root corruption out of the global economy only if individuals, businesses, and governments everywhere stand up and deliver the message together that they will not stand for conduct that facilitates corruption. Even if there are days like today when it’s difficult to be on the hot seat and serve as such a messenger, it’s a message the world needs to hear.
Second, we appreciate that strong words need to be backed by effective deeds. The first critical step, taken more than five years ago, was to learn from these issues and identify our own opportunities for improvement, especially in the systems and controls that reduce the risk that even a small number of employees and resellers can evade our policies. We’ve learned a lot from the work leading to today’s announcement and have continued to build on these efforts in a way that’s important for the issues in Hungary, as well as in three other countries described by the SEC today, and more globally as well.
We’ve focused on a process of continuous improvement that has led to a number of changes, including the following:
- We have created a discount transparency program for public sector sales, ensuring that we require that our channel partners pass discounts on to government customers and that we tell these customers about the discounts provided for their benefit. The goal is to help ensure that the value of the discount isn’t used for improper purposes, which was the major concern in Hungary. We continue to work to improve this process to help ensure that customers gain the benefit of any discounts we provide.
- We’ve strengthened our anti-corruption program to meet the highest standards for such programs, including ISO 37001, the new Anti-Bribery Management System Standard. An independent organization accredited to conduct reviews under this standard has certified, based on all the work that we’ve done since these issues came to our attention, that our Hungarian subsidiary’s program meets ISO 37001.
- We’ve increased our capability to prevent potential violations by using machine learning to help identify transactions and automatically flag those that pose heightened compliance risk. We now run billions of dollars of deals in 57 countries through this program and have a team apply additional scrutiny to these transactions. Not only are we committed to improving and expanding this program for our own use, we are offering our technology and know-how to other companies so that they can take advantage of it as well.
We recognize that no business process can offer a perfect guarantee of eliminating all global instances of a human frailty that is as old as humanity itself. That’s why we need strong laws and effective enforcement by agencies such as the DOJ and the SEC in the United States and around the world. And it’s why across the business community we need not only to be vigilant but committed to putting the world’s most advanced technology to work to help fulfill the strong ethical principles that the public rightfully expects us to uphold.
Finally, I want to offer some words to each of you – our more than 140,000 Microsoft employees. Satya and every member of the company’s Senior Leadership Team readily recognize that the overwhelming majority of you are committed to doing business ethically and consistently with our high standards. Today’s announcement is a testament in part to the big problems that can be created by a few people. It took misdeeds by only a few people between 2012 and 2015 to lead to today’s $26 million settlement with two government agencies. That entire amount relates to conduct in Hungary, just one of the more than 120 countries in which we do business.
As a company, we need to keep working on improving the systems that help us prevent bad conduct but we need your help as well.
As all of you know firsthand, over the last several years we’ve focused not only on strengthening our processes, but our employee engagement and training. There’s never a good reason to compromise one’s integrity and we hope and expect that if you see something that seems inconsistent with our policies or our values, you’ll bring it to our attention so that little problems don’t become larger.
Ethical business conduct will always remain a team sport. We’re grateful for the support you’ve provided for this work around the world, and as we go forward, it’s critical that every individual employee come to work in the morning with the appreciation that you’re both our first and last line of defense.
It’s a never-ending job that deserves our focus and attention each and every day.
Elevate Your FCPA Research
There are several subject matter tags in this post. However, only subscribers to FCPA Professor's premium search feature can see and use them in research. Efficient and cost-effective FCPA research is just a click away.