Tag: FCPA

Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

Post author By admin
Post date October 24, 2022
No Comments on Great Structures Week I: Vitruvius, the Brooklyn Bridge and Compliance

Welcome to the Greetings and Felicitations, a podcast where I explore topics that might not seem directly related to compliance but influence our profession. In this special series, I consider many structural engineering concepts are apt descriptors for an anti-corruption compliance program. In this episode 1, I consider the Roman architect Vitruvius and what makes a structure great. Highlights include:

· The Vitruvius Triad.

· Compliance Program formulations.

· What are form, function, and structure

· Continuous risk and continuous risk management.

· Risks assessments after Covid 19.

Resources

“Understanding the World’s Greatest Structures: Science and Innovation from Antiquity to Modernity,” taught by Professor Stephen Ressler from The Teaching Company.

Tags Brooklyn Bridge, compliance, compliance programs, FCPA, FCPA Resource Guide, risk, Vitruvius

GalloCast

Gallocast – Episode 4 – October 2022

Post author By admin
Post date October 21, 2022
No Comments on Gallocast – Episode 4 – October 2022

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight on compliance brought to you by the co-CEOs of ComplianceLine. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the dinner table. Hosted by Tom Fox, the Voice of Compliance. Topics in this episode include:

ComplianceLine rebranded to Ethico. How does this reflect the overall products and services of the organization in 2022 and beyond.
The Oracle FCPA Enforcement Action. What are some key lessons for compliance?
The Monaco Memo. Focus on employee incentives and clawbacks.
Employees having two jobs post pandemic. When is it a conflict of interest?
Quiet quitting and the opportunity for employee engagement.

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Tags clawbacks, compliance incentives, Ethico, FCPA, Gio Gallo, incentives, Monaco Memo, Nick and Gio Gallo, Nick Gallo, Oracle, quiet quitting

Blog

Ongoing Compliance Assessments: FCPA, UK Bribery Act and OCED Best Practices

Post author By admin
Post date October 11, 2022
No Comments on Ongoing Compliance Assessments: FCPA, UK Bribery Act and OCED Best Practices

One of the requirements consistent throughout the Principles of Federal Prosecution of Business Organization (US Sentencing Guidelines) and its section on corporate compliance programs; the Organization for Economic Co-operation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics, and Compliance, and the UK Bribery Act’s Consultative Guidance is the need for continued assessment of an anti-corruption and anti-bribery compliance program. This posting will review the specifics of each of these documents and will provide to the compliance and ethics practitioner some ideas on how to implement what each of these protocols stress is key component of any best practices compliance program.

US Sentencing Guidelines

The US Sentencing Guidelines state that there should be periodic reviews of a company’s compliance program, utilizing internal resources, such as a company’s Internal Audit function, and outside professional consultants. The OECD Good Practice states that a compliance program should be periodically re-assessed and re-evaluated to take into account any new developments. The UK Bribery Act Consultative Guidance, recently released by the UK Ministry of Justice, requires ongoing monitoring and review by noting that a compliance program and procedures should be reviewed regularly and a company should consider whether an “external verification [of the compliance program] would help.”

Speaking at the Compliance Week 2010 Annual Conference, Assistant Attorney General for the Criminal Division of the US Department of Justice, Lanny Breuer, indicated that such an external verification or assurance of the effectiveness of a compliance program is a key component to assist a company in maintaining a ‘best practices’ FCPA compliance program. He noted that it is through a mechanism such as an ongoing assessment that a company could continue to evaluate its own compliance program with reference to compliance standards which are evolving on a world wide basis.

OECD

In this same speech, Breuer cited as a benchmark for a best practices compliance and ethics program the protocols set forth in the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance. In this protocol the OECD suggested that “periodic reviews of the ethics and compliance programs or measures, designed to evaluate and improve their effectiveness in preventing and detecting foreign bribery, taking into account relevant developments in the field, and evolving international and industry standards.” Writing in the Society of Corporate Compliance and Ethics Magazine (SCCE) (Vol. 7 / No. 3), Russ Berland explained that this guidance meant that companies should regularly reassess their anti-bribery and anti-corruption compliance program to evaluate and improve its overall effectiveness. Although he did not give a time frame for this regular assessment, Berland noted that any such assessment “should take into account new developments in the area and evolving standards.

UK Bribery Act

Principle Six of the UK Bribery Act’s Consultation Guidance discusses the need for ongoing monitoring and review. The Principle states “The commercial organization institutes monitoring and review mechanisms to ensure compliance with relevant policies and procedures and identifies any issues as they arise. The organization implements improvements where appropriate.” The reasons for this continued monitoring was to ensure that if, external events like government changes, corruption convictions, or negative press reports occur, an appropriate compliance response is triggered. The Guidance noted that it would be prudent for companies to consult the publications of relevant trade bodies or regulators that could highlight examples of good or bad practice. Organizations should also ensure that their procedures take account of external methods of issue identification and reporting as a result of the statutory requirements applying to their supporting institutions, for example money laundering regulations reporting by accountants and solicitors.

The Consultative Guidance provided advice for companies which covered several specific suggestions. The senior management of higher risk and larger organizations may wish to consider whether to commission external verification or assurance of the effectiveness of anti-bribery and anti-corruption policies. An independent review can provide to a company, which is undergoing structural change or entering new markets, with an insight into the strengths and weaknesses of its anti-bribery policies and procedures and in identifying areas for improvement. Such independent assessment would also enhance a company’s credibility with business partners or to restore market confidence following the discovery of a bribery incident, to help meet the requirements of both voluntary or industry initiatives and any future pre-qualification requirements.

Ongoing Assessment as ‘Best Practices’

All three cornerstones of guidance available to the Foreign Corrupt Practices Act (FCPA) compliance practitioner include ongoing assessments as a key component of any best practices program. The text of each document and the remarks by commentators make clear the reasons for such an ongoing assessment. Not only do best practices evolve but companies and business evolve. An assessment is key to measuring where your program currently stands to allow you to know where it needs to be updated.

Attention should be paid to who and how the assessment is conducted. The entity, be it a law firm; professional consultant or other, which designed the FCPA compliance program for your company should not be the assessor. Such assessment would obviously be a conflict of interest. Additionally a drafter usually has blind spots when assessing one’s own work. An outside FCPA compliance professional should be engaged to assess your compliance policy, at no less than every two years, to review and make recommendations to keep your program at the best practices standard.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

Tags Bribery Act, compliance, FCPA, Lanny Breuer, OECD, ongoing assessment

FCPA Compliance Report

Oracle FCPA Enforcement Action

Post author By admin
Post date October 10, 2022
No Comments on Oracle FCPA Enforcement Action

In this episode, I take on a solo pod to discuss and consider the Oracle FCPA enforcement action brought by the Securities and Exchange Commission.

Key areas we discuss on this podcast are:

Background facts.
Same facts in same country?
Failure of a paper program.
The need for data analytics.
Where is the DOJ?
What are the lesson learned going forward?

Resources

For a White Paper on the Oracle FCPE enforcement action, email tfox@tfoxlaw.com

Tags bribery, corruption, Distributors, FCPA, Oracle, SEC

Blog

Oracle: FCPA Recidivist Part 4 – the Comeback and DOJ

Post author By admin
Post date October 7, 2022
No Comments on Oracle: FCPA Recidivist Part 4 – the Comeback and DOJ

After revisiting “Parking in India” from 2012, we return to explore more from the Foreign Corrupt Practices Act (FCPA) recidivist Oracle Corporation. We previously reviewed the bribery schemes in general and how they worked in practice. Given not simply the recidivist status but the nature and location of the bribery schemes, one might reasonably ask questions about the resolution. Quite simply, how did Oracle achieve the result they did?

The Comeback

Under the FCPA Corporate Enforcement Policy, as developed by the Department of Justice (DOJ), the requirements for leniency were (1) self-disclosure, (2) extensive cooperation during the investigation and (3) thorough remediation up to the conclusion of the matter. Under the recent Monaco Memo, this prong 3 was further explained as creating a compliance program to address the issues which led to the compliance program and then testing that program prior to the conclusion of the resolution. While the Securities and Exchange Commission (SEC) does not have a similar written Policy they have followed the DOJ’s lead on since the implementation of the FCPA Corporate Enforcement Policy in November 2017.

In the 2022 Order, it specified there was some type of self-disclosure. The Order stated, “the Commission [SEC] considered that Oracle self-reported certain unrelated conduct, remedial acts it undertook, and cooperation afforded the Commission Staff.” This is one of the most oblique references to self-disclosure seen in an FCPA enforcement action. It is not clear what the ‘unrelated conduct’ might have been nor how it related to the FCPA violations. Whatever this unrelated conduct was, it was self-disclosed to the SEC and apparently that self-disclosure was enough to satisfy the SEC that self-disclosure had occurred.

The next requirement is thorough cooperation with the SEC during the investigation. Here the Order stated, “Oracle’s cooperation included sharing facts developed in the course of its own internal investigations, voluntarily providing translations of key documents, and facilitating the staff’s requests to interview current and former employees of Oracle’s foreign subsidiaries.” Each one of these factors should be digested by every compliance officer to understand what the SEC thinks is important. It may be different from the DOJ, particularly after the Monaco Memo, but these actions are all clearly important to the SEC.

Finally, of course, is the remediation. Here the Order specified several actions in greater detail than in most Orders. The Order stated, “Oracle’s remediation includes:

terminating senior regional managers and other employees involved in the misconduct and separating from employees with supervisory responsibilities over the misconduct;
terminating distributors and resellers involved in the misconduct;
strengthening and expanding its global compliance, risk, and control functions, including the creation of over 15 new positions and teams at headquarters and globally;
improving aspects of its discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls;
increasing oversight of, and controls on, the purchase requisition approval process;
limiting financial incentives and business courtesies available to third parties, particularly in public sector transactions;
improving its customer registration and payment checking processes and making other enhancements in connection with annual technology conferences;
enhancing its proactive audit functions;
introducing measures to improve the level of expertise and quality of its partner network and reducing substantially the number of partners within its network;
enhancing the procedures for engaging third parties, including the due diligence processes to which partners are subjected;
implementing a compliance data analytics program; and
enhancing training and communications provided to employees and third parties regarding anti-corruption, internal controls, and other compliance issues.”

Resources

These changes appear to be extensive and potentially significant within the greater Oracle compliance program. There was increased resources made available to Oracle through an increase in head count (15 new positions), restructuring of compliance groups and creation of new compliance teams. Additionally, the implementation of a compliance data analytics program would also fall under additional resources. Finally, Oracle moved to more proactive auditing.

Discipline

There were terminations of Oracle employees including “senior regional managers and other employees involved in the misconduct” in addition to the termination of distributors and resellers involved in the misconduct. While not tied to a disciplinary role but clearly in the less is more approach Oracle substantially reduced the number of business partners within its network.

Training

Next was in the area of training. There was enhanced “training and communications provided to employees and third parties regarding anti-corruption, internal controls, and other compliance issues.” This would seem to indicate enhanced training for those remaining business partners.

Internal Controls

Finally, there was the area of internal controls enhancement. Here there were improvements in the following areas: (a) discounting by improving aspects of the Oracle discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls; (b) procurement through the increased oversight of, and controls on, the purchase requisition approval process; (c) removal of perverse incentives by limiting financial motivations and business courtesies available to third parties; (d) basic GTE by improving its customer registration and payment checking processes and making other enhancements in connection with Oracle technology conferences.

DOJ

Obviously, recidivist behavior is one of the key areas the DOJ focused on in the Monaco Memo. It is one of the factors the DOJ assesses in any resolution of an enforcement action. The Monaco Memo does note that civil penalties over five years old will be given lesser weight so perhaps the 2012 SEC FCPA enforcement action involving Oracle’s conduct in India plays into the SEC analysis here. There is also the question of a monitor for a company with recidivist behavior which Oracle avoided in this SEC resolution. In the Monaco Memo, two of the areas of evaluation are:

Whether, at the time of the resolution and after a thorough risk assessment, the corporation has implemented an effective compliance program and sufficient internal controls to detect and prevent similar misconduct in the future;
Whether, at the time of the resolution, the corporation has adequately tested its compliance program and internal controls to demonstrate that they would likely detect and prevent similar misconduct in the future;

While the SEC Order lays out in detail the remediation, there is no information on any testing performed by Oracle on the new components of its compliance program or on its controls.

As yet there is no information on a DOJ resolution. Given the tenor of the most recent DOJ announcements including the Monaco Memo, and the subsequent speech by Principal Associate Deputy Attorney General Marshall Miller and speech by Assistant Attorney General Kenneth A. Polite, it appears that recidivism will be greatly frowned upon. Also, unclear would be whether the DOJ would require a monitor based upon the remediation made by Oracle as reported in the SEC Order. As noted, there is no indication of testing of the compliance program enhancements. All in all, lots of questions for the DOJ and we will have to wait for a DOJ resolution to see if we can begin to answer some of them.

Please join me tomorrow where I conclude this series by considering what does it all mean for the compliance professional.

Tags DOJ, FCPA, Internal Controls, Oracle, remediation, SEC

From the Editor's Desk

September and October in Compliance Week

Post author By admin
Post date October 7, 2022
No Comments on September and October in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

In this month’s episode, we look back at top stories in CW from September around the FCPA enforcement actions involving GOL and Oracle, the Monaco Doctrine as reflected in the Monaco Memo, and the SEC spanking of banks for nearly $2MM over employees using messaging apps. We discussed the ESG virtual event and previewed the CW 2022 in Europe, which will be held in Scotland, and the virtual 3^rd Party Risk conference, scheduled for December.

We conclude with a look at some of the top sports stories, including a look at the Tua Tagavoiloa and the NFL concussion protocols, and ask Kyle how he would have covered; the Boston Celtic’s imbroglio regarding its suspended head coach Ime Udoka and Aaron Judge and his season for the ages.

Tags Compliance Week, FCPA, GOL, Ime Udoka, Monaco Doctrine, Monaco Memo, Oracle, SEC, Tua Tagavoiloa

Blog

Oracle: FCPA Recidivist Part 5 – What Does It All Mean?

Post author By admin
Post date October 7, 2022
No Comments on Oracle: FCPA Recidivist Part 5 – What Does It All Mean?

In this post, we conclude our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving the now recidivist Oracle Corporation. This enforcement action was concluded with the Securities and Exchange Commission (SEC) resulting in an Order. After having examined the background facts and bribery schemes in some details, we turn to what does it all mean for FCPA enforcement going forward and what lessons can the compliance profession draw from Oracle’s missteps.

Paper Programs Fail

One of the most prominent lessons to be garnered from this matter is that paper compliance programs Do Not Work. That may sound like perhaps the most basic truism in all of compliance but here we are in 2022, looking at a major multinational organization which had a ‘check-the-box’ compliance program around distributors and it eventually bit them in the backside.

After having its first FCPA enforcement action in 2012 involving distributors in India, where deep and unwarranted discounts were used to create a pot of slush funds to pay bribes, Oracle instituted a requirement for a ‘second set of eyes’ outside the business unit for unusual or excessive discounts. According to its policies regarding distributors, a valid and legitimate business reason was required to provide a discount to a distributor. Oracle used a three-tier system for approving discount requests above designated amounts, depending on the product. In the first level, Oracle at times allowed subsidiary employees to obtain approval from an approver in a subsidiary other than that of the employee seeking the discount. At the next level and for higher level of discounts, Oracle required the subsidiary employee to obtain approval from another geographic region and the final level (and for the highest discounts) was from someone at the Oracle corporate headquarters. So far so good.

The problem was there was no requirement for evidence of a business justification to support the requested discount. The Order noted, “Oracle reviewers could request documentary support, Oracle policy did not require documentary support for the requested discounts – even at the highest level.” A statement of why you need a discount without any supporting documents as evidence is simply that – a statement. In other words, there was no way for a higher-level approver to determine if such a request was valid or fraudulent. Ronald Reagan was on to a basic compliance concept when he intoned “Trust, but verify.” Those words still ring true as a basic requirement in any compliance program.

Data Analytics

The Oracle enforcement action emphasized why data analytics is mandatory for any current compliance program. In addition to creating slush funds through discounts to distributors, slush funds were created through fraudulent reimbursement requests for expenses associated with marketing Oracle’s products. If the request were under $5,000, business unit level supervisors at the subsidiaries could approve them without any corroborating documentation indicating that the marketing activity actually took place. In one example from the Order, it noted that an Oracle Turkey sales employees obtained such fraudulent reimbursements totaling approximately $115,200 in 2018 that were “ostensibly for marketing purposes and were individually under this $5,000 threshold.” There was apparently no one looking to see who and how often these reimbursement requests were made by any single employee or approved by any supervisor.

This is as basic a fraud scheme as one can imagine. Think of employee gift, travel and entertainment (GTE) reimbursement where anything over $100 must be preapproved. One BD type or one business unit routinely submits requests after purchases of $99.99 so no preapproval is required. The supervisor approves it, and it is automatically paid to the employee. One reimbursement at $99.99 may not raise a red flag but multiple requests should. The same concept holds true in this situation. However, no one at Oracle was looking at this bigger picture. This is where a data analytics program would pick up such anomalies and flag it for closer inspection and investigation. Oracle appears to have realized this through part of its remediation which included the implementation of a compliance data analytics program moving to proactive auditing.

Internal Control Upgrades

Putting in compliance enhancements to remediate your control failures is a key part to any FCPA enforcement resolution. In this area, there were improvements in the following capacities: (a) in distributor discounting by improving aspects of the Oracle discount approval process and increasing transparency in the product discounting process through the implementation and expansion of transactional controls; (b) in the Oracle procurement process through the increased oversight of, and controls on, the purchase requisition approval process; (c) by the removal of perverse incentives by limiting financial motivations and business courtesies available to third parties; (d) in basic gifts, travel and entertainment policies (GTE) by improving its customer registration and payment checking processes in connection with Oracle technology conferences.

Basic GTE

I cannot believe that in 2022 we are talking about companies that still do not have the most basic GTE policies in force. Since at least 2007, the Department of Justice (DOJ) made clear what was appropriate in business travel, business courtesies and business entertainment. Oracle’s 112 Project decidedly was not as it was designed to appear as a business trip to Oracle’s home office (then in California) related to Oracle’s bid on a project. However, the trip was designed to be a sham to hide boondoggle travel for four government officials. The alleged business meeting at the corporate headquarters lasted only 15 minutes and for the rest of the week, the Oracle BD folks entertained the government officials in Los Angeles and Napa Valley and then took them to a “theme park” in the greater Los Angeles area. Any travel involving government officials or any other covered persons under the FCPA should be submitted to and approved by your compliance function, including costs and the itinerary.

There was much to consider from the SEC enforcement action under the FCPA involving Oracle. We still have not heard from the DOJ. There may be more to come….

Tags compliance, corruption, Data Analytics, DOJ, FCPA, GTE, Internal Controls, Oracle, SEC

Compliance Into the Weeds

The Oracle FCPA Enforcement Action

Post author By admin
Post date October 5, 2022
No Comments on The Oracle FCPA Enforcement Action

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we look at the recently announced SEC Foreign Corrupt Practices Act enforcement action involving Oracle. Highlights include:

Recidivist behavior in some countries with similar schemes.
Policy, procedure, and internal controls failures.
Why no monitor.
Compliance programs lessons learned.
What about the DOJ?

Resources

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Background
The Schemes in Action
Parking in India
The Comeback and DOJ
What it all means

Tags bribery, corruption, Distributors, FCPA, Oracle, Policies and Procedures, recidivist, SEC

Blog

Oracle: FCPA Recidivist Part 3 – Parking in India

Post author By admin
Post date October 5, 2022
No Comments on Oracle: FCPA Recidivist Part 3 – Parking in India

This week we are exploring the 2022 Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC) involving Oracle Corporation. As we have noted, Oracle is now a recidivist FCPA violator, having been involved with a similar enforcement action back in 2012. I thought it would instructive to review that prior enforcement action to see what the bribery schemes were, if Oracle lived up to the remediation steps it took in 2012 and what it might all mean for the 2022 enforcement action.

According to the 2012 Complaint, the scheme worked as follows: Oracle India would identify and work with the end user customers in selling products and services to them and negotiating the final price. However, the purchase order would be placed by the customer with Oracle India’s distributor. This distributor would then purchase the licenses and services directly from Oracle, and resell them to the customer at the higher price than had been negotiated by Oracle India. The difference between what the government end user paid the distributor and what the distributor paid Oracle typically is referred to as “margin” which the distributor generally retains as payment for its services. That description sounds like most distributor relationships but this was not what got Oracle into trouble.

The Bribery Scheme

As further specified in the 2012 Compliant, “certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin inside funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses.” The 2012 Compliant noted, “about $2.2 million in funds were improperly “parked” with the Company’s distributors.” To compound this problem, employees of Oracle India concealed the existence of this side fund from Oracle in the US and hence there was an incorrect accounting in Oracle’s books and records.

The 2012 Complaint further noted, “Oracle India’s parked funds created a risk that they potentially could be used for illicit means, such as bribery or embezzlement” and then went on to highlight such an instance which occurred in May 2006, where Oracle India secured a $3.9 million deal with India’s Ministry of Information Technology and Communications. Oracle’s distributor accepted payment from the end user for the full $3.9 million. Under the direction of Oracle India’s then Sales Director, the distributor sent approximately $2.1 million to Oracle, which Oracle booked as revenue on the transaction. Oracle India employees then directed the distributor to keep approximately $151,000 as payment for the distributor’s services. The Oracle India employees further instructed the distributor to “park” the remaining approximately $1.7 million to be used for disbursement towards “marketing development purposes.” Some two months later, an Oracle India employee provided the distributor with eight invoices for payments to third party vendors, in amounts ranging from approximately $110,000 to $396,000. These invoices were later determined to be false. Further, none of these third parties, which were just storefronts and provided no services on the deal, were on Oracle’s approved vendor list.

Failure of Internal Audit

All of the above were in violation of Oracle’s internal policies, however the 2012 Compliant specified that “Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds” and prior to 2009 “the Company failed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure.” Oracle failed to either (1) seek transparency in its dealing with the distributor and (2) audit third party payments made by the distributors on Oracle’s behalf” both of which would have enabled the Company to check that payments were made to appropriate recipients. Indeed, the scheme only came to Oracle’s attention during an unrelated “local tax inquiry to Oracle’s India distributor”. This sounds reminiscent of HP Germany where a routine Bavarian Provincial tax audit picked up the suspicious payments which lead to a FCPA investigation.

2012 Remedial Steps

However, even with the above listed failures of Oracle’s compliance program, the Company did take Maxim Three of McNulty’s Maxim’s to heart: What did you do to remedy it? The 2012 Complaint indicated that the person in charge of supply chain at the Indian subsidiary resigned and left the company. An internal investigation was undertaken and four employees of the Indian subsidiary who had actual knowledge of the scheme were terminated. Additionally, “Oracle took other remedial measures to address the risk and controls related to parked funds, including: conducting additional due diligence in its partner transactions in India so that Oracle had greater transparency into end user pricing in government contracts; terminating its relationship with the distributor involved in the transactions at issue; directing its distributors not to allow the creation of side funds; requiring additional representations and warranties from distributors to include the fact that no side funds exist; and enhancing training for its partners and employees to address anti-corruption policies.”

So, what exactly did “directing its distributors not to allow the creation of side funds; requiring additional representations and warranties from distributors to include the fact that no side funds exist; and enhancing training for its partners and employees to address anti-corruption policies” entail for Oracle employees and business operations going forward, leading to the 2022 enforcement action? Since the events leading to the 2012 enforcement action were centered in India, one might reasonably assume that Oracle would prioritize all of these remedial steps in India and add more focused monitoring in India to make sure the remediate steps were implemented and followed. In the case of Oracle India, apparently not.

Join me tomorrow where we explore the comeback by Oracle leading to the 2022 enforcement action and explore questions related to the Department of Justice (DOJ) and where they may stand on the Oracle matter.

Tags 2012 Oracle FCPA Enforcement action, corruption, Distributors, FCPA, India, Oracle, SEC

Blog

Oracle: FCPA Recidivist Part 2 – Schemes in Action

Post author By admin
Post date October 4, 2022
No Comments on Oracle: FCPA Recidivist Part 2 – Schemes in Action

Oracle Corporation now joins the ignominious group of Foreign Corrupt Practices Act (FCPA) recidivists. Last week, in a Press Release, the Securities and Exchange Commission (SEC) announced an enforcement action which required Oracle to pay more than $23 million to resolve charges that it violated the FCPA when “subsidiaries in Turkey, the United Arab Emirates (UAE), and India created and used slush funds to bribe foreign officials in return for business between 2014 and 2019.” The recidivist label comes from the sad fact that the SEC sanctioned Oracle in connection with the creation of slush funds.

In 2012, Oracle resolved charges relating to the creation of millions of dollars of side funds by Oracle India, which created the risk that those funds could be used for illicit purposes. This means we have a company using the same scheme, in the same country only two years after the resolution of another FCPA violation. Yesterday, I laid out the broad parameters of the bribery schemes so that compliance professionals could study them in detail to determine if they need to review their programs. Today, we consider the schemes as they were used in the three countries identified in the SEC Order as Turkey, UAE and India.

Turkey

According to the SEC Order, there were three types of bribery schemes in Turkey; the VAD Accounts, the 112 Project and the SSI Deals. Under the VAD Accounts, as discussed yesterday, “Oracle Turkey employees routinely used the slush funds to pay for the travel and accommodation expenses of end-user customers, including foreign officials, to attend annual technology conferences in Turkey and the United States, including Oracle’s own annual technology conference.” These slush funds “were also used to pay for the travel and accommodation expenses of foreign officials’ spouses and children, as well as for side trips to Los Angeles and Napa Valley.”

All of this means that Oracle Turkey was not only engaging in bribery and corruption during the time from the 2012 enforcement action, but carried it on for seven years after the conclusion of the 2012 enforcement action. It was also done with the full knowledge and support of the Turkey country manager. Finally, since at least 2007, it was well known that payment for the travel and accommodation expenses of foreign officials’ spouses and children, as well as payment for side trips made by foreign officials was clear FCPA violation.

112 Project involved an attempt by Oracle Turkey to win a lucrative contract with Turkey’s Ministry of Interior (“MOI”) related to the ongoing creation of an emergency call system for Turkish citizens, the “112 Project”; hence the internal Oracle terminology. 112 Project was designed to appear as a business trip to Oracle’s home office (then in California) related to Oracle’s bid on the project. However, it turned out the trip was a sham to hide boondoggle travel for four MOI officials. The alleged business meeting at the corporate headquarters lasted only 15 minutes and for the rest of the week, the Turkey Sales Representative entertained the MOI officials in Los Angeles and Napa Valley and then took them to a “theme park” (I wonder what ‘theme park’ there could be in the greater Los Angeles area?) Once again, this type of sham travel has long been identified as FCPA violative.

Finally, there were the SSI Deals. These involved the same Turkish Sales Representative as in 112 Project and directed cash bribes to officials at Turkey’s Social Security Institute (“SSI”). This corrupt sales representative had the temerity to maintain a spreadsheet tracking how much potential margin he could create from a discount request six months before he finalized a deal with the SSI in 2016. To fund the bribe payments, he used the VAR Program we previously detailed which claimed a discount was needed to beat the competition. However, the bid was a sole source bid limited to Oracle products.

In another corrupt transaction, once again the same Turkey Sales Representative used another VAR to create a slush fund for SSI officials related to a database infrastructure order. His spreadsheet showed an excessive margin of approximately $1.1 million, only a portion of which was used to purchase legitimate products such as software licenses.

UAE

Using the rather amazing code name of ‘Wallets”, Oracle UAE employees paid for the travel and accommodation expenses of end customers, including foreign officials, to attend Oracle’s annual technology conference in violation of Oracle’s internal policies. As noted in the Order, in 2018 and 2019, an Oracle UAE sales account manager paid approximately $130,000 in bribes to the State-Owned Enterprise’s (SOE) Chief Technology Officer (CTO) to obtain six different contracts over this period. The first three bribes were funded “through an excessive discount and paid through another entity (“UAE Entity”) that was not an Oracle approved VAR for public sector transactions and whose sole purpose was to make the bribe payments. For the final three deals, the UAE Entity was the actual entity that contracted with the UAE SOE despite the fact that Oracle’s deal documents represented an Oracle approved partner as the VAR for the deal.”

India

In perhaps the most incredulous scheme, Oracle India sales employees used an excessive discount scheme for a transaction which was owned by the Indian Ministry of Railways. Oracle India claimed a discount was needed based on competition but “the Indian SOE’s publicly available procurement website indicated that Oracle India faced no competition because it had mandated the use of Oracle products for the project.” Once again, a spreadsheet was made that indicated $67,000 was the “buffer” available to potentially make payments to a specific SOE official. A total of approximately $330,000 was made available for payments and another $62,000 was paid to an entity controlled by the sales employees responsible for the transaction.

Please join me tomorrow where I look back at the 2012 Oracle FCPA enforcement action to see what, if anything, Oracle learned from that sordid tale.

Tags bribery, corruption, FCPA, Oracle, SEC

Recent Posts

Recent Comments

Categories

What are you looking for?