This week we are exploring the 2022 Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC) involving Oracle Corporation. As we have noted, Oracle is now a recidivist FCPA violator, having been involved with a similar enforcement action back in 2012. I thought it would instructive to review that prior enforcement action to see what the bribery schemes were, if Oracle lived up to the remediation steps it took in 2012 and what it might all mean for the 2022 enforcement action.

According to the 2012 Complaint, the scheme worked as follows: Oracle India would identify and work with the end user customers in selling products and services to them and negotiating the final price. However, the purchase order would be placed by the customer with Oracle India’s distributor. This distributor would then purchase the licenses and services directly from Oracle, and resell them to the customer at the higher price than had been negotiated by Oracle India. The difference between what the government end user paid the distributor and what the distributor paid Oracle typically is referred to as “margin” which the distributor generally retains as payment for its services. That description sounds like most distributor relationships but this was not what got Oracle into trouble.

The Bribery Scheme

As further specified in the 2012 Compliant, “certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin inside funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses.” The 2012 Compliant noted, “about $2.2 million in funds were improperly “parked” with the Company’s distributors.” To compound this problem, employees of Oracle India concealed the existence of this side fund from Oracle in the US and hence there was an incorrect accounting in Oracle’s books and records.

The 2012 Complaint further noted, “Oracle India’s parked funds created a risk that they potentially could be used for illicit means, such as bribery or embezzlement” and then went on to highlight such an instance which occurred in May 2006, where Oracle India secured a $3.9 million deal with India’s Ministry of Information Technology and Communications. Oracle’s distributor accepted payment from the end user for the full $3.9 million. Under the direction of Oracle India’s then Sales Director, the distributor sent approximately $2.1 million to Oracle, which Oracle booked as revenue on the transaction. Oracle India employees then directed the distributor to keep approximately $151,000 as payment for the distributor’s services. The Oracle India employees further instructed the distributor to “park” the remaining approximately $1.7 million to be used for disbursement towards “marketing development purposes.” Some two months later, an Oracle India employee provided the distributor with eight invoices for payments to third party vendors, in amounts ranging from approximately $110,000 to $396,000. These invoices were later determined to be false. Further, none of these third parties, which were just storefronts and provided no services on the deal, were on Oracle’s approved vendor list.

Failure of Internal Audit

All of the above were in violation of Oracle’s internal policies, however the 2012 Compliant specified that “Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds” and prior to 2009 “the Company failed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure.” Oracle failed to either (1) seek transparency in its dealing with the distributor and (2) audit third party payments made by the distributors on Oracle’s behalf” both of which would have enabled the Company to check that payments were made to appropriate recipients. Indeed, the scheme only came to Oracle’s attention during an unrelated “local tax inquiry to Oracle’s India distributor”. This sounds reminiscent of HP Germany where a routine Bavarian Provincial tax audit picked up the suspicious payments which lead to a FCPA investigation.

2012 Remedial Steps

However, even with the above listed failures of Oracle’s compliance program, the Company did take Maxim Three of McNulty’s Maxim’s to heart: What did you do to remedy it? The 2012 Complaint indicated that the person in charge of supply chain at the Indian subsidiary resigned and left the company. An internal investigation was undertaken and four employees of the Indian subsidiary who had actual knowledge of the scheme were terminated. Additionally, “Oracle took other remedial measures to address the risk and controls related to parked funds, including: conducting additional due diligence in its partner transactions in India so that Oracle had greater transparency into end user pricing in government contracts; terminating its relationship with the distributor involved in the transactions at issue; directing its distributors not to allow the creation of side funds; requiring additional representations and warranties from distributors to include the fact that no side funds exist; and enhancing training for its partners and employees to address anti-corruption policies.”

So, what exactly did “directing its distributors not to allow the creation of side funds; requiring additional representations and warranties from distributors to include the fact that no side funds exist; and enhancing training for its partners and employees to address anti-corruption policies” entail for Oracle employees and business operations going forward, leading to the 2022 enforcement action? Since the events leading to the 2012 enforcement action were centered in India, one might reasonably assume that Oracle would prioritize all of these remedial steps in India and add more focused monitoring in India to make sure the remediate steps were implemented and followed. In the case of Oracle India, apparently not.

Join me tomorrow where we explore the comeback by Oracle leading to the 2022 enforcement action and explore questions related to the Department of Justice (DOJ) and where they may stand on the Oracle matter.