In 2016 SAP (a German software company with American Depository Shares registered with the SEC) resolved a $3.9 million Foreign Corrupt Practices Act enforcement action.
As highlighted here, in 2019 the company disclosed additional FCPA scrutiny and stated: “SAP has received communications and whistleblower information alleging conduct that may violate anti-bribery laws in South Africa, the United States (including the U.S. Foreign Corrupt Practices Act (FCPA)), and other countries.”
Yesterday, SAP joined the ever-growing FCPA repeat offender club as the DOJ and SEC announced (here and here) related FCPA enforcement actions against the company. The net FCPA settlement amount is $102.5 million: DOJ ($63.6 million) and SEC ($38.9 million).
This criminal information alleges in summary fashion:
“In or about and between 2013 and 2018, SAP, through certain of its agents, knowingly and willfully conspired and agreed with others to (i) offer and pay money and other things of value to foreign officials in South Africa and Indonesia to secure improper advantages in order to obtain and retain business with departments, agencies, and instrumentalities of foreign governments … and (ii) maintain false books, records, and accounts that did not accurately and fairly reflect the transactions and dispositions of the assets of SAP …”.
In furtherance of the schemes …, SAP and its co-conspirators made bribe payments and provided other things of value intended for the benefit of South African and Indonesian foreign officials, delivering money in the form of cash payments, political contributions, and wire and other electronic transfers, along with luxury goods acquired during shopping trips. In carrying out the schemes …, SAP and its co-conspirators used the means and instrumentalities of interstate commerce.
With respect to certain conduct in South Africa, and in furtherance of the schemes …, SAP also made payments to third parties with no legitimate business purpose and created false business records regarding the nature and designation of such payments and the accuracy of SAP South Africa’s financial reporting. Those false records were subsequently refiected in SAP’s consolidated financials and associated filings with the SEC. From the schemes and conduct described herein, SAP obtained profits totaling $103,396,765.”
Under the heading “The South Africa Conspiracy,” the information alleges:
“In or about and between 2013 and 2017, through its agents, including SAP Africa, SAP South Africa, and SAP Employees 1-4, SAP engaged in a scheme to bribe South African officials and to falsify SAP’s books, records, and accounts, all with the goal of obtaining improper advantages for SAP in connection with various contracts between and among SAP and South African departments, agencies, and instrumentalities. In furtherance of this conspiracy, SAP relied, in part, on third party intermediaries to facilitate payments to South African officials and SAP engaged other third parties with no legitimate business purpose, and thereafter falsified SAP’s books and records regarding its payments to those third parties.”
SAP Africa is described as a “wholly owned and controlled subsidiary of SAP, located in South Africa and operating in various countries throughout Africa, that sold and maintained SAP software, and provided other professional services, on behalf of SAP. SAP Africa was an “agent” of an “issuer,” SAP …”.
SAP South Africa is described as a “wholly owned and controlled subsidiary of SAP, located and operating in South Africa, that sold and maintained SAP software, and provided other professional services, on behalf of SAP. SAP SA was an “agent” of an “issuer,” SAP …”.
SAP Employees 1-4 are described as South African citizens employed by either SAP Africa or SAP South Africa.
The information describes the following “Foreign Government Entities, Foreign Officials and Third Party Intermediaries.”
- “City of Johannesburg (“CoJ”) was a municipality in Johannesburg, South Afnca, that administered certain city services to its constituents. Such services included electricity, waste and sanitation, and solid waste management, among others. CoJ was controlled by the government of South Africa and performed functions that South Africa treated as its own.”
- “Department of Water and Sanitation (“DWS”) was a South African state-owned and state-controlled custodian of water services that operated to protect and manage the delivery of effective and safe water supply within South Africa. DWS was controlled by the government of South Afirica and performed functions that South Africa treated as its own.”
- “City of Tshwane (“CoT”) was a municipality in or around the area of Gauteng Province and Pretoria, South Africa. CoT delivered various municipal services to its residents, including agricultural assistance, law enforcement, and transportation services, among others. CoT was controlled by the government of South Africa and performed functions that South Africa treated as its own.”
- “Eskom Holdings Limited (“Eskom”) was a South African state-owned and state-controlled energy company headquartered in Sunninghill, South Africa, that operated to generate and transmit electricity in South Africa. The South African government was the sole owner of Eskom shares. Eskom was controlled by the government of South Africa and performed functions that South Africa treated as its own.”
- “Intermediaries 1 -5 … were South African companies that worked with, and on behalf of, SAP South Africa in its efforts to provide software and services to South African departments, agencies, and instrumentalities.”
- “CoJ Official 1,” a South African citizen whose identity is known to the United States and the Company, was a high-ranking executive of the City of Johannesburg.”
- “DWS Official 1,” a South African citizen whose identity is known to the United States and the Company, was a high-ranking executive of the Department of Water and Sanitation.”
- “Gauteng Official 1 a South African citizen whose identity is known to the United States and the Company, was an executive on the Gauteng Gambling Board and a director of multiple South African business entities.”
Under the heading “Bribery of South African Government Officials and Falsification of Books and Records,” the information alleges in pertinent part:
“In or about and between 2013 and 2017, acting as agents of SAP and for its benefit, SAP Employees 1-4 engaged in bribery of South African officials in order to obtain and retain business with South African departments, agencies, and instrumentalities. In addition, in connection with the scheme to pay bribes to South African officials, they also conspired to falsify SAP’s books, records, and accounts.
To accomplish the objectives of the scheme, SAP, through its agents, engaged in communications among co-conspirators and with South African officials, relying on email, messaging apps, and other forms of communication that used the means and instrumentalities of interstate commerce.
In or about August 2016, SAP provided software and professional services to CoJ pursuant to an ongoing contract (the “2015-2016 CoJ Contract”). The 2015-2016 CoJ Contract more than quintupled SAP’s revenue from previous contracts SAP SA had entered into with CoJ. In obtaining and retaining the 2015-2016 CoJ Contract, SAP relied on Intermediary 1 as a conduit for bribe payments, which were delivered in approximately August 2016.
On or about August 26, 2016, SAP SA, acting on the authorization of SAP Employee 2 and others, transmitted approximately 2,200,000 South African rand (approximately $155,555 in 2016) to Intermediary 1. The payment was falsely recorded in SAP SA’s books and records as a “Sales Commission.”
On or about August 29, 2016, Intermediary 1 transferred approximately 2,200,000 South African rand to an entity understood by the Managing Director of Intermediary 1 and SAP Employee 2 to be associated with a CoJ official.
In or around November 2016, SAP, acting through its agents, including SAP Employee 1 and Employee 4, paid a bribe to DWS Official 1 to obtain or retain its contract to provide software and services to DWS (the “DWS Contract”). SAP routed its bribe payment through Intermediary 2, which then passed the payment through another entity in an attempt to conceal the nature of the payment.
On or about November 29, 2016, and in connection with the DWS Contract, SAP Employee 4 approved payment of a bribe of approximately 3,000,000 South African rand (approximately $215,800 in 2016) to DWS Official 1, which was routed through Intermediary 2. Upon receiving the funds from SAP, in an attempt to avoid detection, on or about November 29, 2016, Intermediary 2 paid the bribe to another corporate entity, for eventual forwarding to or for the benefit of DWS Official 1.
In obtaining the DWS Contract, SAP undertook the unusual step of engaging two third party intermediaries. Each intermediary was paid a commission of 14.9 percent of SAP’s revenue from the DWS Contract—the maximum percentage allowable per third party payment without requiring significantly higher-level approvals within the Company. Nevertheless, SAP Employee 4 approved the engagement of Intermediary 2, along with another third party intermediary entity.
SAP conducted only limited due diligence of Intermediary 2 during its onboarding in 2015. Subsequent review by SAP in 2017 revealed that Intermediary 2 had no financial statements (audited or unaudited), had not filed any returns for employee tax purposes, and found no signs of activity at Intermediary 2’s claimed business address.
After the bribe was paid, SAP Employee 4 and the Director of Intermediary 2 discussed the bribe, as well as ongoing investigative efforts that might uncover the scheme. The two individuals discussed the importance of destroying any documents associated with the transaction, and the need to fabricate an explanation for the payment. During the conversation, SAP Employee 4 and the Director of Intermediary 2 further referenced the participation of SAP Employee 1 and another SAP employee in the scheme to obtain business with DWS.
SAP, through SAP SA and others, also engaged multiple third parties to obtain business with various departments, agencies, and instrumentalities of South Africa. Those third parties, including Intermediary 3, Intermediary 4, and Intermediary 5, received payments that SAP SA falsely booked as “commissions” and other similar payments when, in fact, SAP Employee 1 and SAP Employee 2, among others, knew that the payments were made in exchange for no legitimate services.
On or about January 27,2016 and January 19, 2017, executives of SAP Africa and SAP South Africa falsely certified to the operating effectiveness of internal controls over financial reporting, which included payments falsely booked as “commissions” and other, similar expenses …
On or about March 29, 2016 and February 28,2017, SAP filed Form 20-F with the SEC for the fiscal years ended December 31, 2015 and December 31, 2016, respectively. The Form 20-F filings were submitted through the SEC’s EDGAR system, which located its severs in the Eastern District of Virginia. Those Form 20-F filings included SAP’s consolidated financial statements, which in turn incorporated the books and records of SAP and its subsidiaries, including SAP South Africa, and the false certifications …”.
Under the heading “The Indonesia Conspiracy,” the information alleges in summary fashion:
“Between approximately 2015 and 2018, SAP, through its agents, including but not limited to SAP Indonesia and its personnel, engaged in a scheme to bribe Indonesian officials, to obtain improper business advantages for SAP in connection with various contracts between and among SAP and Indonesian departments, agencies, and instrumentalities. In furtherance of the conspiracy, SAP and its agents, either directly or through third party intermediaries, provided or offered payments and other things of value to and for the benefit of foreign officials.”
SAP Indonesia is described as “a wholly owned and controlled subsidiary of SAP, located and operating in Indonesia, that sold and maintained SAP software, and provided other professional services, on behalf of SAP. SAP Indonesia was an “agent” of an “issuer,” SAP …”.
The information describes the following “Foreign Government Entities, Foreign Officials and Third Party Intermediaries.”
- “Balai Penyedia dan Pengelola Pembiayaan Telekomunikasi dan Informatika (“BPSTI”) was an Indonesian state-owned and state-controlled Telecommunications and Information Accessibility Agency, operating under the auspices of the Indonesian Ministry of Communication and Information. BPSTI was controlled by the government of Indonesia and performed functions that Indonesia treated as its own.”
- “The Kementerian Kelautan dan Perikanan (“KKP”) was the Indonesian Ministry of Maritime Affairs and Fisheries, led by the Indonesian Minister of Maritime Affairs and Fisheries, and developed and implemented policies in the marine and fisheries sector, among other activities. KKP was controlled by the government of Indonesia and performed functions that Indonesia treated as its own.
- “Intermediary 6 … was an Indonesian company that worked with, and on behalf of, SAP Indonesia in its efforts to provide software and services to multiple Indonesian departments, agencies, and instrumentalities.”
- “BP3TI Official 1,” an Indonesian citizen … was a high-ranking executive of BP3TI.”
- “KKP Official 1,” an Indonesian citizen … was a high-ranking executive of KKP.”
Under the heading “Bribery of Indonesian Government Officials” the information alleges in pertinent part:
“In or about March 2018, SAP Indonesia, acting for the benefit of SAP, obtained multiple contracts to provide software and services to BP3TI … In obtaining and retaining the 2018 BP3TI Contracts, SAP, acting through its agents, provided things of value to multiple Indonesian government officials and their family members.
[I]n or around June 2018, multiple officials of BP3TI, including BP3TI Official 1 and at least one family member of BP3TI Official 1, traveled to the United States. During the trip, they were accompanied by SAP Employee 6 who was, at the time, employed by Intermediary 6. SAP Employee 6 paid for shopping sprees for BP3TI Official 1 and a family member, purchasing handbags, keychains, novelties, gifts and other items.
On or about June 8,2018, SAP Employee 6, using the means and instrumentalities of interstate commerce, sent text messages from the United States to other co-conspirators in Indonesia, updating them on the purchases and sending pictures of the shopping trip. SAP Employee 6 had a budget of approximately $10,000 over five days and, during that time, also bought BP3TI Official 1 a luxury watch.”
Based on the above allegations, the information charges SAP with one count of conspiracy to violate the FCPA’s anti-bribery provisions and to falsify books and records and one count of conspiracy to violate the FCPA’s anti-bribery provisions.
The criminal charges were resolved through this three year deferred prosecution agreement.
The DPA sets forth the following relevant considerations.
“a. the nature and seriousness of the offense conduct … including multi-year schemes to pay bribes benefitting South African and Indonesian officials in order to obtain and retain contracts, and associated falsification of the Company’s books and records regarding payments to third-party intermediaries in South Africa, all of which resulted in profits of approximately $103,396,765 to the Company;
b. the Company did not receive voluntary disclosure credit … because it did not voluntarily and timely disclose to the Fraud Section and the Office the conduct …;
c. the Company received credit for its cooperation with the Fraud Section and the Office’s investigation … because it cooperated with their investigation and demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct; the Company also received credit for its substantial cooperation and timely remediation pursuant to the Criminal Division’s Corporate Enforcement and Voluntary Self-Disclosure Policy. The Company’s cooperation included, among other things, (i) immediately beginning to cooperate after South African investigative reports made public allegations of the South Africa-related misconduct in 2017 and providing regular, prompt, and detailed updates to the Fraud Section and the Office regarding factual information obtained through its own internal investigation, which allowed the government to preserve and obtain evidence as part of its independent investigation; (ii) producing relevant documents and other information to the Fraud Section and the Office from multiple foreign countries expeditiously, while navigating foreign data privacy and related laws; (iii) at the request of the Fraud Section and the Office, voluntarily making Company officers and employees available for interviews; (iv) taking significant affirmative steps to. facilitate interviews while addressing witness security concerns; (v) raising and resolving potential deconfliction issues between the Company’s internal investigation and the investigation being conducted by the Fraud Section and the Office; (vi) promptly collecting, analyzing, and organizing voluminous information, including complex financial information, at the request of the Fraud Section and the Office; (vii) translating voluminous foreign language documents to facilitate and expedite review by the Fraud Section and the Office; and (viii) imaging the phones of relevant custodians at the beginning of the Company’s internal investigation, thus preserving relevant and highly probative business communications sent on mobile messaging applications;
d. the Company provided to the Fraud Section and the Office all relevant facts known to it, including information about the individuals involved in the conduct … and conduct disclosed to the Fraud Section and the Office prior to the Agreement;
e. the Company also received credit pursuant to the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy because it engaged in timely remedial measures, including: (i) conducting an analysis of the root causes of the underlying conduct and gap analysis, and undertaking appropriate remediation to address those root causes and enhance its compliance program and related controls; (ii) undertaking a comprehensive risk assessment focusing on high risk areas and controls around payment processes and enhancing its regular compliance risk assessment process, including by incorporating comprehensive operational and compliance data into its risk assessments; (iii) eliminating its third-party sales commission model globally, and prohibiting all sales commissions for public sector contracts in high-risk markets; (iv) significantly increasing the budget, resources, and expertise devoted to compliance and restructuring its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership; (v) enhancing its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties; (vi) enhancing its reporting, investigations and consequence management processes; (vii) adjusting compensation incentives to align with compliance objectives and reduce corruption risk; (viii) enhancing and expanding compliance monitoring and audit programs, planning, and resources, including developing a well-resourced team devoted to audits of third-party partners and suppliers; (ix) expanding its data analytics capabilities to cover over 150 countries, including all high-risk countries globally; and (x) promptly disciplining any and all employees involved in the misconduct.
f. the Company withheld bonuses totaling $109,141 during the course of its internal investigation from employees who engaged in suspected wrongdoing in connection with the conduct under investigation, or who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct and (b) knew of, or were willfully blind to, the misconduct, and further engaged in substantial litigation to defend its withholding from those employees, qualifying the Company for an additional fine reduction in the amount of the withheld bonuses under the Criminal Division’s March 2023 Compensation Incentives and Clawbacks Pilot Program (“Pilot Program”);
g. the Company has enhanced and has committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement (Corporate Compliance Program);
h. based on the Company’s remediation and the state of its compliance program, and the Company’s agreement to report to the Fraud Section and the Office as set forth in Attachment D to this Agreement (Compliance Reporting Requirements), the Fraud Section and the Office determined that an independent compliance monitor was unnecessary;
i. the Company has had prior criminal and civil resolutions with authorities in the United States and elsewhere, including, as relevant here, a non-prosecution agreement in 2021 with the Department’s National Security Division, as well as administrative agreements with the Departments of Commerce and Treasury, following the Company’s voluntary self-disclosure of potential export law violations; the Company also entered into a resolution in 2016 with the Securities and Exchange Commission (“SEC”) concerning alleged FCPA violations in Panama;
j. the Company’s agreement to resolve concurrently a separate investigation by the SEC relating, in part, to the conduct described in the Statement of Facts and its agreement to pay $85,046,035 in disgorgement; and the Company’s anticipated resolution with authorities in South Africa relating to the South Africa portion of the conduct described in the Statement of Facts, which resolutions the Fraud Section and the Office are crediting in connection with the criminal penalty and disgorgement specified in this Agreement;
k. the Company has agreed to continue to cooperate with the Fraud Section and the Office in any ongoing investigation …;
l. accordingly, after considering (a) through (k) above, the Fraud Section and the Office have determined that the appropriate resolution in this case is a deferred prosecution agreement and a criminal penalty of $118,800,000, which reflects a discount of 40 percent off the tenth percentile of the otherwise-applicable Sentencing Guidelines fine range, taking into account the Company’s cooperation and remediation, as well as its prior history, pursuant to the Corporate Enforcement and Voluntary Self-Disclosure Policy; and disgorgement in the amount of $103,396,765.”
The DPA sets forth an advisory guidelines fine range of $180 – $360 million and states:
“The Fraud Section and the Office and the Company agree, based on the application of the Sentencing Guidelines, that the appropriate criminal penalty is $118,800,000 (the “Criminal Penalty”). This reflects a 40 percent discount off the 10th percentile of the Sentencing Guidelines fine range.
The Company and the Fraud Section and the Office agree that the Company will pay a monetary penalty in the amount of $63,590,859, equal to approximately fifty-four percent of the Criminal Penalty ($63,700,000), reduced by $109,141 under the Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks, to the United States Treasury … The Fraud Section and the Office agree to credit toward the Criminal Penalty the amount paid by the Company to authorities in South Africa for violations of South African law related to the same conduct described in the Statement of Facts, up to a maximum of $55,100,000 (the “Penalty Credit Amount”), within twelve months of the execution of this Agreement.”
Under heading “Forfeiture and Disgorgemet,” the DPA states in pertinent part:
“The Company hereby admits …. that at least $103,396,765, representing the proceeds traceable to the commission of the offense, is forfeitable to the United States (the “Forfeiture Amount”).”
The Fraud Section and the Office agree to credit toward the Forfeiture Amount any proceeds traceable to the commission of the offense that are disgorged by the Company to the SEC and South African authorities, including repayments to customers of any of the transactions listed in the Statement of Facts, up to a maximum amount of $103,396,765 (the “Forfeiture Credit Amount”). Should any amount of the Forfeiture Credit Amount not be paid to the SEC and South African authorities and in connection with the Company’s resolutions with those authorities within twelve months of the execution of this Agreement, the Company agrees that it shall make a payment of any remaining unpaid portion of the Forfeiture Credit Amount by wire transfer pursuant to instructions provided by the Fraud Section and the Office no later than 10 business days after one year from the date of the Agreement.”
In the DOJ release, said U.S. Attorney Jessica Aber for the Eastern District of Virginia stated:
“SAP has accepted responsibility for corrupt practices that hurt honest businesses engaging in global commerce. We will continue to vigorously prosecute bribery cases to protect domestic companies that follow the law while participating in the international marketplace.”
Acting Assistant Attorney General Nicole Argentieri of the Justice Department’s Criminal Division stated:
“SAP paid bribes to officials at state-owned enterprises in South Africa and Indonesia to obtain valuable government business. [This] resolution—our second coordinated resolution with South African authorities in just over a year—marks an important moment in our ongoing fight against foreign bribery and corruption. We look forward to continuing to strengthen our relationship with South African authorities and others around the world. This case demonstrates not only the critical importance of coordinated international efforts to combat corruption, but also how our corporate enforcement policies incentivize companies to be good corporate citizens, by cooperating with our investigations and appropriately remediating, so that we can take strong action to address misconduct.”
Assistant Director in Charge Donald Always of the FBI’s Los Angeles Field Office stated:
“This successful resolution against SAP is another example of the power of relationships and persistence. The sustained diligence by the prosecution team and continuous collaboration with South African law enforcement, regulators, and prosecutors identified corrupt activity in multiple countries. The FBI will continue our nonstop efforts to identify, investigate, and prosecute companies willfully engaging in corrupt activities around the world.”
Postal Inspector in Charge of Criminal Investigations Eric Shen stated:
“When the mails are used in furtherance of a fraud or corruption scheme, borders are not an obstacle for U.S. Postal Inspectors. Postal inspectors, with our FBI law enforcement partners and Justice Department prosecutors, followed the wide-spread trail of bribes and corruption from South Africa to Indonesia. This joint effort resulted in the defendant company paying a significant criminal penalty and agreeing to long-term remedial measures.”
This SEC administrative order is based on the same core conduct alleged in the DOJ action – plus additional conduct – and states in summary fashion:
“This matter concerns SAP’s violations of the anti-bribery, books and records, and internal accounting controls provisions of the Foreign Corrupt Practices Act. SAP is a global software company headquartered in Walldorf, Germany. From at least December 2014 through December 2018, SAP employed third-party intermediaries and consultants in various schemes to make improper payments to government officials in order to obtain and retain business in South Africa, Greater Africa (Malawi, Kenya, Tanzania, and Ghana), and Indonesia. Additionally, an SAP Azerbaijan employee provided improper gifts to a government official in order to obtain and retain business in Azerbaijan in January 2022.
SAP failed to make and keep accurate books and records and failed to devise and maintain a sufficient system of internal accounting controls necessary to detect and prevent the improper payments. The bribes were inaccurately recorded as legitimate business expenses in SAP’s books and records. SAP failed to implement sufficient internal accounting controls over the engagement of, and payments to, third parties and lacked sufficient entity level controls over its subsidiaries in South Africa, Greater Africa, Indonesia, and Azerbaijan.”
The order begins with the following background.
“SAP sells software licenses and related services. Its operations are currently divided into seven regions: (1) North America region, (2) Latin America/Caribbean (LAC) region, (3) the Europe/Middle East/Africa (EMEA) North region, (4) EMEA South region, (5) the Middle and Eastern Europe MEE region, (6) Asia Pacific/Japan region, and (7) Greater China region. Revenues are allocated to these seven regions based on the location of the customer. SAP’s global business is executed through its numerous subsidiaries and the subsidiaries’ financial statements are consolidated into SAP’s financial statements. SAP conducts its business by using local business partners, consultants, resellers, value added resellers and other intermediaries.
While SAP uses third parties for a variety of legitimate business reasons, it knows that the use of third parties can increase the risk of improper payments being made to secure business. In the past, these included Business Development Partners (“BDPs”), which were eligible to earn commissions for SAP sales on which they assisted. The BDP program was terminated in 2018.
During the relevant time frame, SAP’s internal policies and procedures for working with third parties required employees to conduct due diligence to assess risk and ensure: (1) That a third party had no relations (as a family member) to the SAP customer or a potential customer, and (2) that the third party was not a government official, government employee, political party official or candidate, or officer or employee of any public international organization or an immediate family member of any of these. In addition, with respect to BDPs, all sales commission contracts had to be in writing and clearly define the services to be provided and the related business and payment terms. SAP subsidiaries and employees were required to use a model agreement that included standard commission rates and to follow a standardized internal approval process, which required the involvement and approval of the local legal department or compliance officer, the subsidiary’s local managing director, and its local chief financial officer. In cases where a BDP agreement required non-standard terms, regional management had to provide additional approvals. The policy documents explicitly state that they were put into place to ensure that no relationship with a third party would be used to inappropriately influence a business decision or pay bribes to government officials.
SAP’s wholly-owned subsidiaries—SAP South Africa, SAP Africa, SAP Indonesia and SAP Azerbaijan—repeatedly violated these internal policies to engage in bribery schemes with the help of third party intermediaries from at least December 2014, to obtain or retain business. Because the payments were made by third parties acting outside of SAP’s own systems, SAP lacks sufficient records to determine with specificity the full scope of the bribe schemes.”
Under the heading “SAP South Africa” the order finds:
“SAP South Africa retained multiple third party consultants in South Africa to offer or pay bribes to government officials or intermediaries in order to obtain contracts with public sector customers. SAP South Africa recorded the payments as legitimate business expenses in SAP’s books and records, despite the fact that certain intermediaries could not show that they provided the services for which they had been contracted.
On December 23, 2014, SAP South Africa closed on a $4.4 million deal with South African state-owned rail and logistics company, Transnet, with an intermediary third party (“SA Intermediary 1”) purportedly acting as a BDP. SA Intermediary 1 is a South African tech company, known for various corrupt business activities, and is controlled by a South African-based family. According to the terms of the deal, SA Intermediary 1 was to receive a 10% commission for the deal and was to perform certain deliverables. In reality, it did not perform any actual work for SAP. There is no record of SA Intermediary 1 ever being present at meetings with Transnet, nor does SA Intermediary 1 appear to have a credible IT background or experience. Furthermore, bank records indicate that shortly after the deal closed, SA Intermediary 1 paid $562,215, characterized as “loans,” to an individual known to be involved in making bribe payments.
SAP South Africa and its employees used another intermediary also controlled by the same South African-based family (“SA Intermediary 2”), which was also known as a conduit for bribing government officials, to help it secure a September 30, 2015 contract valued at $6.58 million with Transnet. SAP South Africa paid approximately $1 million in commission fees to SA Intermediary 2, a South African 3D printing firm despite the fact that it provided no tangible services to SAP. SAP South Africa and its employees knew about the red flags relating to SA Intermediary 2’s ownership. The former director of SA Intermediary 2 admitted that the entity had “no expertise” or skills to provide meaningful services on the Transnet deal and also said he had no knowledge of SA Intermediary 2 providing any services. During an SAP-initiated audit of SA Intermediary 2, the third party failed to provide evidence of any services performed.
SAP South Africa again used SA Intermediary 2 in connection with a June 1, 2016 contract with the South African Revenue Service.
SAP South Africa also paid bribes in order to obtain a December 29, 2015 contract with the City of Johannesburg valued at $13.16 million for a license consolidation. SAP did so with the help of two BDPs, each of whom were contracted to receive a 10% commission. In August 2016, an SAP South Africa account executive directed one of the partners to make an improper ZAR 2.2 million (approximately $120,000) payment to an account for an entity known to be involved with corrupt activities. Chat messages between the SAP South Africa local account executive and a City of Johannesburg employee corroborate that the local account executive directed, and the business partner made, the improper payment. In addition to these cash payments, SAP South Africa paid for trips to New York for government officials in May and September 2015, including the officials’ meals and golf outings on the trips.
In November 2016, SAP South Africa closed a deal with Eskom, a state-owned entity and the largest producer of electricity in South Africa, to renew software licenses for approximately $28.58 million. Internally, SAP South Africa set aside several million dollars from this renewal fee to pay SA Intermediary 3, a purported IT consultant on the Eskom project. SA Intermediary 3, however, never performed any services. Instead, SAP South Africa’s Managing Director instructed SAP South Africa employees to perform the consulting work in SA Intermediary 3’s stead and still paid the entity a total of $1.6 million. Notably, officials at Eskom approved these payments despite SA Intermediary 3’s absence on the project. SAP also retained SA Intermediary 2 to perform vague services on Eskom contracts dated March, 2016 and November 2016 that, as a 3D printing company, SA Intermediary 2 was unqualified to perform. Regardless, SAP South Africa paid SA Intermediary 2 a total of $5.18 million in consulting fees.
Finally, SAP South Africa used two local BDPs in connection with obtaining deals valued at $35.4 million with South African public sector customer, Department of Water and Sanitation (“DWS”) in December 2015 and July 2016. The local business partners were paid at a 14.9% commission rate, the maximum allowed under SAP policy without approval from the Board. SAP South Africa employees engaged both BDPs at the highest commission percentage allowed, staying under the 15% commission rate so as to avoid the need to obtain higher level approvals, and authorized the payment despite the local partners’ failure to meet deliverables relating to the DWS transactions.”
Under the heading “SAP Greater Africa” the order finds:
“SAP Africa used resellers to conduct business throughout Greater Africa, including a Zimbabwe-based reseller (“GA Intermediary 1”) that was used to conduct business in Malawi, Tanzania, Ghana, and Kenya. GA Intermediary 1 engaged in bid-rigging and arranged corrupt payments to government officials in connection with SAP Africa deals in all four countries between 2014 and 2018.”
The order references business with the government of Malawi, the Tanzania Ports Authority, Ghana National Petroleum Corporation, and the Kenya Revenue Authority.
According to the order:
“While GA Intermediary 1 was suspended on September 12, 2018, after red flags surfaced indicating it was paying bribes to officials at the Tanzania Ports Authority and the Kenya Revenue Authority, SAP Africa allowed the reseller to start resales later in 2018 despite the continuing presence of red flags. SAP Africa ultimately terminated GA intermediary 1 in July 2019.”
Under the heading “SAP Indonesia,” the order finds in pertinent part:
“During the relevant time, the SAP Indonesia public sector market consisted almost entirely of indirect sales through local Value Added Resellers (“VARs”). SAP Indonesia, with its VARs, engaged in a variety of schemes in Indonesia to make, offer, or attempt to make improper payments to government officials at eight state-owned-entities—Balai Penyedia dan Pengelola Pemdiayaan Telekomunikasi dan Informatika (“BP3TI”), the Ministry of Maritime Affairs and Fisheries, the Social Ministry, PT Pertamina, Pemda DKI, PT Mass Rapid Transit (“MRT”) Jakarta, PT Angkasa Pura I, and PT Angkasa Pura II—to obtain or retain contracts with those customers. The schemes were orchestrated by two SAP Indonesia account executives who worked with at least one VAR (“Indonesia Intermediary 1”) known for a pattern of corrupt business dealings and paying bribes. In some cases, SAP Indonesia and Indonesia Intermediary 1 used fake training invoices to issue payments that created slush funds to pay bribes. Employees at Indonesia Intermediary 1 created shell companies to generate these false expenses. Some of the false invoices generated kickback payments to employees at the Indonesia Intermediary 1, some paid for customer excursions, and others generated cash payments to government officials at state-owned entities.
The two SAP Indonesia account executives orchestrating the schemes told employees at Indonesia Intermediary 1 to do “whatever was needed” to secure deals. WhatsApp messages between the account executives and employees of Indonesia Intermediary 1 show requests for “baggage” and “envelopes,” both understood to be codes for bribes to government officials. In certain cases, photographs and videos evidence cash payments made to government officials. One of the SAP Indonesia local account executives admitted facilitating and, in some cases, personally making payments to public sector clients while he was an employee of Indonesia Intermediary 1. He also said that SAP VARs were active participants in these efforts and specifically named Indonesia Intermediary 1 as helping with these schemes. Two Indonesia Intermediary 1 employees also admitted to facilitating payments to government officials.”
Under the heading “SAP Azerbaijan” the order finds:
“An SAP Azerbaijan employee provided improper gifts to government officials in connection with a May 2022 deal with the State Oil Company of the Republic of Azerbaijan (SOCAR) valued at $1,645,703. SAP Azerbaijan’s mid-level employee provided improper gifts in December 2021 and January 2022 to multiple SOCAR officials in an effort to close the deal. Several SOCAR officials received gifts totaling approximately $3,000, well above SAP’s gift limit of $30. Text messages indicate that the employee was rewarding senior officials who supported, and were directly responsible for, approving the pending sale. The employee also prepared a fake Act of Acceptance between SOCAR and a SAP Azerbaijan partner, which she submitted to the SAP contract booking team on February 4, 2022. SOCAR signed the real Act of Acceptance on May 12, 2022. Evidence indicates that the employee was attempting to claim a commission on the deal before her pending promotion to SAP Azerbaijan Managing Director became effective, after which she would not be eligible to earn additional compensation from the sale.”
Under the heading “SAP Had Inaccurate Books and Records and Insufficient Accounting Controls to Detect or Prevent Bribery,” the order finds:
“The bribe payments made by SAP South Africa, SAP Africa, SAP Indonesia, and SAP Azerbaijan were inaccurately recorded as legitimate commission or other expenses in SAP’s books and records. SAP lacked the internal accounting controls sufficient to detect or prevent such payments. Specifically, SAP lacked adequate due diligence and vetting to properly assess risk and approve payments to the third parties it worked with in these jurisdictions.
SAP did not adequately address the high risk of bribery and corruption in South Africa, Greater Africa, Indonesia, and Azerbaijan and did not implement sufficient internal accounting controls to address those risks. The company failed to implement sufficient payment approval controls to ensure that services were actually rendered, or expenses were actually incurred, before issuing payments to third parties. Although SAP had a corporate anti-corruption policy in place during the relevant time period, SAP had insufficient formal monitoring, or internal controls in place, to ensure that SAP South Africa, SAP Africa, SAP Indonesia, or SAP Azerbaijan were adhering to the relevant policies.
Lastly, SAP lacked entity level controls over SAP South Africa, SAP Africa, SAP Indonesia, and SAP Azerbaijan because of the lack of oversight over personnel in those jurisdictions.”
Based on the above, the SEC found that SAP violated the FCPA’s anti-bribery, books and records and internal controls provisions.
The order states:
“Respondent is liable to the U.S. Securities and Exchange Commission for disgorgement of $85,046,035 and prejudgment interest of $13,405,149, for a total payment of $98,451,184. Respondent shall receive a disgorgement offset of up to $59,455,779 based on the U.S. dollar value (based on the exchange rate on the date of the payment) of any payments made or to be made to the Government of South Africa or a South African state-owned entity reflected by evidence acceptable to the Commission staff in its sole discretion, in a parallel proceeding against Respondent in South Africa. Such evidence of payment shall include a copy of the wire transfer or other evidence of the amount of the payment, the date of the payment, and the name of the government agency or state-owned entity to which payment was made. To receive this offset, Respondent must make the above-identified payments within 365 days from the date of this Order. Any amounts not paid as an offset within the specific time shall be immediately due to the U.S. Securities and Exchange Commission. Respondent shall, within 30 days of the entry of this Order, pay disgorgement of $25,590,256 and prejudgment interest of $13,405,149 for a total payment of $38,995,405 to the Securities and Exchange Commission …”.
The order also states:
“SAP acknowledges that the Commission is not imposing a civil penalty based upon the imposition of an $ 118.8 million criminal fine as part of SAP’s resolution with the United States Department of Justice.”
On March 15, 2022, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the DWS conduct described … and paid ZAR 11 344.78 million ($21.4 million), which represented reimbursement of the entire amount SAP received from DWS under the 2015 and 2016 deals with DWS.
On October 18, 2023, SAP entered into a settlement agreement with the South African Special Investigative Unit and others relating to the Transnet conduct described …, pursuant to which it paid ZAR 214.39 million (approximately $11.42 million based on the exchange rate on the date of payment).
On November 1, 2023, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the Eskom conduct described …, pursuant to which it paid ZAR 500 million (approximately $26.63 million based on the exchange rate on the date of payment).”
Under the heading “Cooperation and Remediation,” the order states:
“In determining to accept the Offer of Settlement, the Commission considered SAP’s self-reporting of certain conduct, remedial acts promptly undertaken by Respondent, and the significant cooperation afforded the Commission staff. SAP cooperated in the Commission’s investigation by identifying and timely producing key documents identified in the course of its own internal investigation, providing the facts developed in its internal investigation, and making current or former employees available to the Commission staff.
SAP’s remedial efforts included: (i) termination of employees and third parties responsible for the misconduct, (ii) elimination of the BDP program; (iii) enhancements to internal accounting and compliance controls; (iv) implementation of analytics to identify and review high-risk transactions and third party controls; (v) strengthening and expansion of the ethics and compliance organization; (vi) enhancements to its code of conduct, policies and procedures regarding gifts and hospitality, and the use of third parties; (vii) increased training of employees on anti-bribery issues; and (viii) establishment of an enhanced whistleblower platform.”
In the SEC release, Charles Cain, Chief of the SEC Division of Enforcement’s FCPA Unit, stated:
“Our order holds SAP accountable for misconduct that spanned seven jurisdictions and persisted for several years and serves as a stark reminder of the need for global companies to be attuned to both the risks of their business and the need to maintain adequate entity-level controls over all their subsidiaries.”
In this release, SAP stated:
“As noted in the settlement agreements, SAP conducted a thorough and extensive investigation into historical misconduct and fully cooperated with the authorities. SAP separated from all responsible parties more than five years ago and has since significantly enhanced its global compliance program and related internal controls. Our significant remediation efforts, combined with our full and proactive cooperation with the authorities, have led to full resolutions of these matters. SAP has zero tolerance for those who do not adhere to the company’s compliance policies and procedures. SAP remains vigilant in maintaining the highest standards of ethics and compliance so that, together with a global network of customers, partners, suppliers, employees, and thought leaders, SAP can help the world run better and improve people’s lives.”
Kwame Manley of Paul Hastings represented SAP.
Elevate Your FCPA Research
There are several subject matter tags in this post. However, only subscribers to FCPA Professor's premium search feature can see and use them in research. Efficient and cost-effective FCPA research is just a click away.