Top Menu

Issues To Consider From The Microsoft Enforcement Action


This prior post went in-depth into the recent Microsoft Foreign Corrupt Practices Act enforcement action and this post continues the analysis by highlighting additional issues to consider.


As highlighted in this prior post, Microsoft was reportedly under FCPA scrutiny in various countries since early 2013. Thus, from start to finish the various facets of the company’s FCPA scrutiny lasted an unconscionable 6.5 years. If the DOJ and SEC want their FCPA enforcement programs to be viewed as credible and effective, they must resolve instances of FCPA scrutiny much quicker.

This is particularly true given that the DOJ stated:

“MS Hungary received full credit for its cooperation with the Fraud Section and the Office’s investigation, including conducting a thorough internal investigation, making regular factual presentations to the Fraud Section and the Office, producing documents to the Fraud Section and the Office from foreign countries in ways that did not implicate foreign data privacy laws, and collecting, analyzing, organizing, and translating voluminous evidence and information for the Fraud Section and the Office.”

In the words of the SEC:

“Microsoft’s cooperation included timely sharing of facts developed during the course of an internal investigation and voluntarily producing and translating documents.”

Damed If You Do, Damned If You Don’t

At its core, the Microsoft enforcement action concerned inflated margins and discounts.

Microsoft did have policies and procedures concerning margins and discounts. As stated by the DOJ:

“Microsoft required its employees to record all sales information, including prices and discounts, accurately. To that end, Microsoft maintained policies and procedures governing the ability of Microsoft sales personnel to offer discounts below estimated retail prices. These policies and procedures were intended to ensure consistency in Microsoft pricing and to avoid improper use of discounts by sales personnel. These policies controlled discounting practices by, among other things, requiring sales personnel to obtain different levels of approval depending on the size of the discount that they intended to offer the customer.”

“Sales personnel who wished to offer a discount above a certain minimum threshold were required to obtain approval from a member of the Microsoft Business Desk, which was responsible for reviewing and approving or denying requests for discounts. The Microsoft Business Desk was managed by Microsoft personnel in Redmond, Washington, but had employees around the world. Although each licensing deal was different, Microsoft issues guidance to Microsoft Business Desk employees who reviewed requests for discounts to ensure that they considered appropriate factors in determining whether to approve a discount.”

As stated by the SEC:

“Under Microsoft’s policies and procedures, Microsoft employees were required to record details of all sales transactions accurately, including prices, discounts and justification for any additional discount requests beyond the standard. For services transactions, Microsoft’s policies required that employees and subcontractors accurately record their time worked on a project in Microsoft’s internal timekeeping system.”

You can bet the farm that if Microsoft did not have policies and procedures concerning margins and discounts that the government would have found an internal control violation.

However, Microsoft did have such policies and procedures yet MS Hungary employees lied (a word not often found in FCPA enforcement actions) to Microsoft Business Desk personnel tasked with monitoring this issue and otherwise provided false and misleading information.

As stated by the DOJ:

“A MS Hungary executive and other employees falsely represented to Microsoft that discounts from Microsoft’s estimated retail prices for government contracts were necessary to conclude deals with Hungarian government agencies.”

“MS Hungary personnel made false representations to the Microsoft Business Desk about the need for, and purpose of, the discounts in order to obtain the Microsoft Business Desk’s approval for the discounts.”

“The Microsoft Business Desk approved the discount, unaware [that MS Hungary Executive and Manager] had intentionally misrepresented Agency 1’s budget, the status of negotiations, and the need for the discount.”

“The Microsoft Business Desk approved the requested discounts based on the false representations of the MS Hungary employee.”

“MS Hungary employees … lied to Microsoft Business Desk employees to obtain approval for discounts on software licenses to be sold to Hungarian government agencies.”

As stated by the SEC:

“To obtain approval for the discounts, MS Hungary employees provided false justifications to support the need for the discounts”

“The justifications provided to Microsoft’s Business desk to secure the additional discounts were false …”

“Moreover, MS Hungary employees and subcontractors falsely recorded their purported work performed on various service engagements in Microsoft’s timekeeping system.”

The end result?

Why of course Microsoft violated the internal controls provisions.

In the words of the DOJ:

“Microsoft did no exercise meaningful oversight during the relevant time period to ensure that discounts that Microsoft approved were passed on to MS Hungary’s end customers instead of being used to facilitate the corrupt scheme.”

In the words of the SEC:

“Microsoft failed to devise and maintain a sufficient systems of internal accounting controls throughout the relevant time period.”

The Microsoft enforcement action thus represents yet another damned if you, damned if you don’t theory of enforcement akin to strict liability.

No-Charged Bribery Disgorgement

Despite the many media headlines containing the “bribery” word in recent days, Microsoft was not charged with or found to be in violation of FCPA’s anti-bribery provisions. Rather, the SEC’s enforcement action against Microsoft involved findings concerning the FCPA’s books and records and internal controls provisions.

Nevertheless, 100% of the SEC’s $16.5 million enforcement action consisted of disgorgement and prejudgment interest. This represents yet another example of no-charged bribery disgorgement (in other words the SEC seeking a disgorgement remedy in the absence of FCPA anti-bribery charges or findings).

As highlighted in this previous post (and numerous prior posts thereafter), so-called no-charged bribery disgorgement is troubling. Among others, Paul Berger (here) (a former Associate Director of the SEC Division of Enforcement) has stated that “settlements invoking disgorgement but charging no primary anti-bribery violations push the law’s boundaries, as disgorgement is predicated on the common-sense notion that an actual, jurisdictionally-cognizable bribe was paid to procure the revenue identified by the SEC in its complaint.” Berger noted that such “no-charged bribery disgorgement settlements appear designed to inflict punishment rather than achieve the goals of equity.”

Machine Learning

The Microsoft employee e-mail announcing the enforcement action containing the following interesting portion.

“We’ve increased our capability to prevent potential violations by using machine learning to help identify transactions and automatically flag those that pose heightened compliance risk. We now run billions of dollars of deals in 57 countries through this program and have a team apply additional scrutiny to these transactions. Not only are we committed to improving and expanding this program for our own use, we are offering our technology and know-how to other companies so that they can take advantage of it as well.”

FCPA Institute - Zoom (May 16-18, 2023)

Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.

Learn More and Register

Powered by WordPress. Designed by WooThemes