As highlighted in this prior post, in 2012 Oracle resolved a $2 million SEC Foreign Corrupt Practices Act enforcement action finding that “Oracle violated the books and records and internal accounting controls provisions of the FCPA by failing to prevent Oracle India Private Limited from keeping unauthorized side funds at distributors from 2005 to 2007.”
As a condition of settlement, Oracle consented to the entry of a final judgment, among other things, “permanently enjoining it from future violations” of the books and records and internal controls provisions and in resolving the matter the SEC noted the “significant enhancements” Oracle made to its FCPA compliance program.
Yesterday, the SEC announced a $22.9 million FCPA enforcement action against Oracle “to resolve charges that it violated provisions of the FCPA when subsidiaries in Turkey, the United Arab Emirates, and India created and used slush funds to bribe foreign officials in return for business between 2016 and 2019.”
In resolving a second FCPA enforcement action, Oracle becomes the 20th corporate FCPA repeat offender (see here for the list).
In summary fashion, this administrative order states:
“This matter concerns violations of the anti-bribery, books and records, and internal accounting controls provisions of the FCPA by Oracle Corporation (“Oracle”), a Texas headquartered technology company, resulting from conduct undertaken by agents and employees of certain of its subsidiaries. From at least 2014 through 2019 (the “Relevant Period”), employees of Oracle subsidiaries based in India, Turkey, and the United Arab Emirates (collectively, the “Subsidiaries”) used discount schemes and sham marketing reimbursement payments to finance slush funds held at Oracle’s channel partners in those markets. The slush funds were used both to (i) bribe foreign officials, and/or (ii) provide other benefits such as paying for foreign officials to attend technology conferences around the world in violation of Oracle’s internal policies.”
The order provides the following relevant background:
“During the Relevant Period, Oracle exercised control over its subsidiaries. Oracle’s legal, audit, and compliance functions were centrally coordinated from its U.S. headquarters within the United States and implemented on a regional basis. Additionally, Oracle consolidated the Subsidiaries’ financial statements into Oracle’s financial statements.
The employees of Oracle’s subsidiaries reported up to the parent company through lines of business (“LOB”). LOB heads set the financial and business targets for their respective LOB by region or territory, not by country or subsidiary. Consistent with the LOB structure, certain employees in Oracle’s organization moved between Oracle subsidiaries to perform different roles or even while performing the same role.
During the Relevant Period, Oracle used both a direct and indirect sales model. Under the direct model, Oracle transacted directly with customers, and the customers paid Oracle directly. Under the indirect method, Oracle transacted through various types of distributors, including value added distributors (“VADs”) and value added resellers (“VARs”). Oracle utilized a global on-boarding and due diligence process for these channel partners that Oracle implemented at the regional and country levels. Oracle only permitted its subsidiaries to work with VADs or VARs who were accepted to its Oracle Partner Network (“OPN”). Similarly, Oracle prohibited its subsidiaries from conducting business with companies removed from the OPN.
While Oracle used the indirect sales model for a variety of legitimate business reasons, such as local law requirements or to satisfy payment terms, it recognized since at least 2012 that the indirect model also presented certain risks of abuse – including the creation of improper slush funds.”
Under the heading “Improper Use of Discounts,” the order states:
“According to Oracle’s policies, an employee was only supposed to request a discount from a product’s list price for a legitimate business reason. Oracle used a three-tier system for approving discount requests above designated amounts, depending on the product. Depending on the amount of the discount, Oracle at times required subsidiary employees to obtain approval from an approver in a subsidiary other than that of the employee seeking the discount. For the highest level of discounts, Oracle required the subsidiary employee to obtain approval from an Oracle headquarters designated approver. Typical discount justifications referred to budgetary caps at end customers or competition from other original equipment manufacturers. However, while Oracle policy mandated that all discount requests be supported by accurate information and Oracle reviewers could request documentary support, Oracle policy did not require documentary support for the requested discounts – even at the highest level.
As a result, Oracle Subsidiary employees were able to implement a scheme whereby larger discounts than required for legitimate business reasons were used in order to create slush funds with complicit VADs or VARs. The channel partners profited from the scheme by keeping a portion of the excess deal margin.”
Under the heading “Improper Use of Marketing Reimbursements,” the order states:
“During the Relevant Period, Oracle allowed its sales employees at the Subsidiaries to request purchase orders meant to reimburse VADs and VARs for certain expenses associated with marketing Oracle’s products. As long as the purchase orders were under $5,000, first-level supervisors at the Subsidiaries could approve the purchase order requests without any corroborating documentation indicating that the marketing activity actually took place. For example, Oracle Turkey sales employees opened purchase orders totaling approximately $115,200 to VADs and VARs in 2018 that were ostensibly for marketing purposes and were individually under this $5,000 threshold.
Oracle subsidiary employees based in Turkey and the United Arab Emirates requested sham marketing reimbursements to VADs and VARs as a way to increase the amount of money available in the slush funds held at certain channel partners. The direct supervisors of these sales employees, who were complicit in the scheme, approved the fraudulent requests.”
Regarding conduct in Turkey, the order finds:
“From 2009 – 2019, Oracle Turkey used both excessive discounts and sham marketing reimbursement payments to create off-book slush funds at its two VADs. Internally, Oracle Turkey sales employees referred to the accounts as “havuz,” which means “pool” or “kumbara,” which means “moneybox,” and used the accounts for purposes that were prohibited under Oracle’s internal policies. Oracle Turkey employees routinely used the slush funds to pay for the travel and accommodation expenses of end-user customers, including foreign officials, to attend annual technology conferences in Turkey and the United States, including Oracle’s own annual technology conference. In some instances, these funds were also used to pay for the travel and accommodation expenses of foreign officials’ spouses and children, as well as for side trips to Los Angeles and Napa Valley.
Oracle Turkey employees used these slush funds for roughly a decade. Oracle Turkey’s management, including the country leader, knew of and condoned the practice. Given how these schemes were implemented, Oracle lacks records regarding the full size and scope of how these off-book slush funds were used.
In May 2018, Oracle Turkey was attempting to win a lucrative contract with Turkey’s Ministry of Interior (“MOI”) related to the ongoing creation of an emergency call system for Turkish citizens (“112 Project”), for which Oracle Turkey had previously provided services. The sales account manager for the MOI (“Turkey Sales Representative”), with the knowledge of the then-country leader, sought to improperly influence relevant officials and planned a week-long trip to California for four MOI officials that was likely paid for with funds from a VAD account. Ostensibly, the purpose of the trip was for the MOI officials to attend a meeting at Oracle’s headquarters in California with a senior Oracle executive. But the meeting at Oracle’s headquarters only lasted approximately fifteen to twenty minutes. During the rest of the week, the Turkey Sales Representative entertained the MOI officials in Los Angeles and Napa Valley and took them to a theme park. On May 31, 2018, Oracle received a large follow-on order related to the 112 Project.
In order to fund the MOI officials’ leisure trip, the Turkey Sales Representative needed to request a non-standard discount. Accordingly, the Turkey Sales Representative requested an excessive discount for the 112 Project by claiming the MOI had budgetary restraints and that Oracle Turkey was facing stiff competition from other original equipment manufacturers. Oracle headquarters personnel in the United States relied on the Turkey Sales Representative’s claim of competition when it approved the discount, but they did not require proof. In reality, the MOI did not conduct a competitive bidding process for this contract. Instead, the MOI required any bidders that responded to the tender offer to include Oracle products in their bid.
The same Turkey Sales Representative involved with the 112 Project also directed cash bribes to officials at Turkey’s Social Security Institute (“SSI”). According to a spreadsheet the Turkey Sales Representative maintained, the Turkey Sales Representative was tracking how much potential margin he could create from a discount request six months before he finalized a deal with the SSI in 2016. Then, three months before he closed the deal, the Turkey Sales Representative met with an intermediary for the SSI officials (“Intermediary”). The subject of the calendar entry for the meeting read, “Those who think big are meeting up.”
In order to fund the bribes in connection with the 2016 SSI deal, the Turkey Sales Representative again falsely claimed he needed a significant discount due to intense competition from other original equipment manufacturers. An Oracle employee located in the U.S. approved the discount due to the deal’s size. As before, no additional documentary support for the justification was required. However, instead of intense competition, Turkey’s public procurement records that were available at the time indicated that the SSI required Oracle products to fulfill the tender, which precluded competition from other original equipment manufacturers. The Turkey Sales Representative used the excess margin to increase the amount of money kept in a slush fund maintained by the VAD for the deal.
In 2017, the same Turkey Sales Representative used a VAR to create a slush fund for SSI officials related to a database infrastructure order (“Turkey VAR”). As with the other examples, a significant discount was approved by Oracle headquarters personnel in the United States without documentary support. A spreadsheet maintained by the Turkey Sales Representative shows an excessive margin of approximately $1.1 million, only a portion of which was used to purchase legitimate products such as software licenses.
The Turkey VAR only kept a nominal amount for itself and while following instructions from the Turkey Sales Representative, the Turkey VAR passed the majority of the funds to other entities, including an entity controlled by the Intermediary. The Intermediary-controlled entity that was responsible for providing the cash bribes to SSI officials received at least $185,605.”
Regarding conduct in the UAE, the order finds:
“From at least 2014 to 2019, certain Oracle UAE sales employees used both excessive discounts and marketing reimbursement payments to maintain slush funds at VARs. In some instances, the sales people referred to slush funds that they maintained over a period of time at a specific VAR as a “wallet.” Oracle UAE sales employees directed the VARs how to spend the funds, and used the wallets to pay for the travel and accommodation expenses of end customers, including foreign officials, to attend Oracle’s annual technology conference in violation of Oracle’s internal policies.
In 2018 and 2019, an Oracle UAE sales account manager (“UAE Sales Representative”) for a UAE state-owned entity (“SOE”) paid approximately $130,000 in bribes to the SOE’s Chief Technology Officer in return for six different contracts over the same period. The first three bribes were funded with the assistance of two complicit VARs through an excessive discount and paid through another entity (“UAE Entity”) that was not an Oracle approved VAR for public sector transactions and whose sole purpose was to make the bribe payments. For the final three deals, the UAE Entity was the actual entity that contracted with the UAE SOE despite the fact that Oracle’s deal documents represented an Oracle approved partner as the VAR for the deal.”
Regarding conduct in India, the order finds:
“In 2019, Oracle India sales employees also used an excessive discount scheme in connection with a transaction with a transportation company, a majority of which was owned by the Indian Ministry of Railways (“Indian SOE”). In January 2019, the sales employees working on the deal, citing intense competition from other original equipment manufacturers, claimed the deal would be lost without a 70% discount on the software component of the deal. Due to the size of the discount, Oracle required an employee based in France to approve the request. The Oracle designee provided approval for the discount without requiring the sales employee to provide further documentary support for the request. In fact, the Indian SOE’s publicly available procurement website indicated that Oracle India faced no competition because it had mandated the use of Oracle products for the project. One of the sales employees involved in the transaction maintained a spreadsheet that indicated $67,000 was the “buffer” available to potentially make payments to a specific Indian SOE official. A total of approximately $330,000 was funneled to an entity with a reputation for paying SOE officials and another $62,000 was paid to an entity controlled by the sales employees responsible for the transaction.”
Based on the above, the order finds that Oracle violated the FCPA’s anti-bribery, books and records, and internal controls provisions. Without admitting or denying the SEC’s findings, Oracle agreed to cease and desist from committing violations of the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and to pay approximately $7.9 million in disgorgement and a $15 million penalty.
Under the heading “Commission Consideration of Oracle’s Cooperation and Remedial Efforts,” the order states:
“In determining to accept the Offer, the Commission considered that Oracle self-reported certain unrelated conduct, remedial acts it undertook, and cooperation afforded the Commission Staff.
Oracle’s cooperation included sharing facts developed in the course of its own internal investigations, voluntarily providing translations of key documents, and facilitating the staff’s requests to interview current and former employees of Oracle’s foreign subsidiaries.
Oracle’s remediation includes: (i) terminating senior regional managers and other employees involved in the misconduct and separating from employees with supervisory responsibilities over the misconduct; (ii) terminating distributors and resellers involved in the misconduct; (iii) strengthening and expanding its global compliance, risk, and control functions, including the creation of over 15 new positions and teams at headquarters and globally; (iv) improving aspects of its discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls; (v) increasing oversight of, and controls on, the purchase requisition approval process; (vi) limiting financial incentives and business courtesies available to third parties, particularly in public sector transactions; (vii) improving its customer registration and payment checking processes and making other enhancements in connection with annual technology conferences; (viii) enhancing its proactive audit functions; (ix) introducing measures to improve the level of expertise and quality of its partner network and reducing substantially the number of partners within its network; (x) enhancing the procedures for engaging third parties, including the due diligence processes to which partners are subjected; (xi) implementing a compliance data analytics program; and (xii) enhancing training and communications provided to employees and third parties regarding anti-corruption, internal controls, and other compliance issues.”
In the SEC release, SEC FCPA Unit Chief Charles Cain stated:
“The creation of off-book slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle’s Turkey, UAE, and India subsidiaries. This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company’s operations.”
FCPA Institute - Zoom (May 16-18, 2023)
Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.Learn More and Register