Tag: SAP

Categories
FCPA Compliance Report

FCPA Compliance Report – Jay Rosen on SAP’s Road to FCPA Compliance

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Jay Rosen who discusses the recent FCPA enforcement action involving the software giant SAP.

Jay Rosen is a seasoned compliance professional with a deep understanding of the SAP FCPA enforcement case. His perspective on the topic of SAP’s FCPA enforcement case and the importance of cooperation and self-disclosure is shaped by his belief that self-disclosure is paramount in any FCPA investigation or enforcement action. He points out that SAP did not initially self-disclose, but began to cooperate only after investigative reports were made public in South Africa. Despite this, Rosen acknowledges SAP’s commendable efforts in providing regular, prompt, and detailed updates to the fraud section, producing relevant documents, and undertaking extensive remediation actions. He underscores the importance of conducting a root cause analysis, implementing data analytics, and enhancing compliance programs and internal controls, asserting that companies can recover if they follow these steps and use data-driven analytics to counterbalance any negative facts. Join Tom Fox and Jay Rosen as they delve deeper into this topic on this episode of the FCPA Compliance Report.

Key Highlights:

  • The facts and underlying bribery schemes
  • Lack of self-disclosure and what it means
  • Extensive cooperation
  • Extensive remediation
  • A superior result achieved

Resources:

Jay Rosen on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

 

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

The SAP FCPA Enforcement Action-Part 5: Lessons Learned

We conclude our series on the initial Foreign Corrupt Practices Act (FCPA) enforcement action. It involved the German software giant SAP. While the conduct which led to the enforcement action occurred for a lengthy period of time and was literally worldwide in scope, the response by SAP is to be both noted and commended. The hard and impressive work that SAP did during the pendency of the investigation and enforcement action led to a very favorable result for the company in the reduced amount of its assessed fine and penalty as well as the fact that no monitor was mandated by the Department of Justice (DOJ) or Securities and Exchange Commission (SEC). Today, in our final post, we review key lessons learned from the SAP enforcement action.

Remediation

SAP did an excellent job in its remedial efforts. Whether SAP realized as a recidivist of the dire straits it was in after the publicity in South Africa around is corruption or some other reason, the company made major steps to create an effective, operationalized compliance program which met the requirement of the Hallmarks of an Effective Compliance Program as laid out in the 2020 FCPA Resource Guide, 2nd edition.

The remedial actions by SAP can be grouped as follows.

  1. Root Cause, Risk Assessment and Gap Analysis. Here the company conducted a root cause analysis of the underlying conduct then remediating those root causes, conducted a gap analysis of internal controls, remediating those found lacking; and then performed a comprehensive risk assessment focusing on high-risk areas and controls around payment processes, using the information obtained to enhance its compliance risk assessment process;
  2. Enhancement of Compliance. Here the company significantly increasing the budget, resources, and expertise devoted to compliance; restructuring its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership; enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties; enhanced its reporting, investigations and consequence management processes;
  3. Change in sales models. On the external sales side, SAP eliminated its third-party sales commission model globally, and prohibiting all sales commissions for public sector contracts in high-risk markets and enhanced compliance monitoring and audit programs, including the creation of a well-resourced team devoted to audits of third-party partners and suppliers. On the internal side, SAP adjusted internal compensation incentives to align with compliance objectives and reduce corruption risk;
  4. Data Analytics. Here SAP expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally; and comprehensively used data analytics in its risk assessments.

Data Analytics

The references to data analytics and data driven compliance warrant additional consideration. SAP not only did incorporate data analytics into its third-party program but also expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally. The SEC Order also noted that SAP had implemented data analytics to identify and review high- risk transactions and third-party controls. The SAP DPA follows the Albemarle FCPA settlement by noting that data analytics is now used by SAP to measure the compliance program’s effectiveness. This language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions access to all company data; this is the second time it has been called out in a FCPA settlement agreement in this manner. Additionally, it appears that by using data analytics, SAP was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation; thereby avoiding a monitor.

Holdbacks

Next was the holdback actions engaged in by SAP. The DPA noted, SAP withheld bonuses totaling $109,141 during the course of its internal investigation from employees who engaged in suspected wrongdoing in connection with the conduct under investigation, or who both (a) had supervisory authority over the employee(s) or business area engaged in the misconduct and (b) knew of, or were willfully blind to, the misconduct, and further engaged in substantial litigation to defend its withholding from those employees, which qualified SAP for an additional fine reduction in the amount of the withheld bonuses under the DOJ’s Compensation Incentives and Clawbacks Pilot Program.

Self-Disclosure

While this factor was not present in the SAP enforcement action, the message sent by the DOJ could not be clearer on not simply the expectation of the DOJ for self-disclosure but also the very clear and demonstrable benefits of self-disclosure. Under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist, resulted in it not receiving a reduction of at least 50% and up to 75% from the low end of the U.S.S.G. fine range but rather at 40% from above the low end. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. It’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy. The DOJ’s message could not be any clearer.

Extensive Cooperation

There were also lessons to be garnered from SAP’s cooperation with the DOJ. While there was no mention of the super duper, extra-credit giving extensive remediation which Kenneth Polite discussed last year; when SAP began to cooperate, it moved to extensively cooperate. The DPA noted SAP “immediately beginning to cooperate after South African investigative reports made public allegations of the South Africa-related misconduct in 2017 and providing regular, prompt, and detailed updates to the Fraud Section and the Office regarding factual information obtained through its own internal investigation, which allowed the government to preserve and obtain evidence as part of its independent investigation…” Most interestingly, the DPA reported that SAP imaged “the phones of relevant custodians at the beginning of the Company’s internal investigation, thus preserving relevant and highly probative business communications sent on mobile messaging applications.” This is clear instruction around messaging apps in FCPA enforcement actions.

Resources

SEC Order

DOJ DPA

Categories
Blog

The SAP FCPA Enforcement Action-Part 4: The Fines: Self-Disclose, Self-Disclose, Self-Disclose

We continue our exploration of the SAP Foreign Corrupt Practices Act (FCPA) enforcement action. Today we go full geek in a look at the fine and penalty and most importantly what the fine and penalty communicate about what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) want from companies embroiled in a FCPA investigation. First the numbers.

DOJ

According to the Deferred Prosecution Agreement, the criminal fine and penalty is in the amount of $63,590,859, equal to approximately 54% of the Criminal Penalty ($63,700,000), reduced by $109,141 under the Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks. Additionally, the DOJ agreed to a “credit toward the Criminal Penalty the amount paid by the Company to authorities in South Africa for violations of South African law related to the same conduct described in the Statement of Facts, up to a maximum of $55,100,000 (the “Penalty Credit Amount”).”

SEC

According to the SEC Order, “SAP acknowledges that the Commission is not imposing a civil penalty based upon the imposition of an $ 118.8 million criminal fine as part of SAP’s resolution with the United States Department of Justice.” However, SAP did agree to disgorgement in the following amount, $85,046,035 and prejudgment interest of $13,405,149, for a total payment of $98,451,184. SAP received a disgorgement offset of up to $59,455,779 based on the U.S. dollar value for any payments made or to be made to the Government of South Africa or a South African state-owned entity in any parallel proceeding against Respondent in South Africa.

The SEC Order also reported these additional fines and penalties.

  • On March 15, 2022, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the DWS conduct described above and paid ZAR 11 344.78 million ($21.4 million), which represented reimbursement of the entire amount SAP received from DWS under the 2015 and 2016 deals with DWS.
  • On October 18, 2023, SAP entered into a settlement agreement with the South African Special Investigative Unit and others relating to the Transnet conduct described above, pursuant to which it paid ZAR 214.39 million (approximately $11.42 million based on the exchange rate on the date of payment).
  • On November 1, 2023, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the Eskom conduct described above, pursuant to which it paid ZAR 500 million (approximately $26.63 million based on the exchange rate on the date of payment).

The bottom line, as reported by the FCPA Blog is SAP agreed to pay a $118.8 million criminal penalty to the DOJ and an administrative forfeiture of $103.4 million to the SEC. SAP has also paid approximately $59.4 million to various South African authorities, for which they received a penalty credit of $55 million from the DOJ.

Fine Calculation

Let’s start with the DOJ. The basis comes from the US Sentencing Guidelines.  From the DPA we note the following:

  1. The November 1, 2023 U.S.S.G. are applicable to this matter.
  2. Offense Level. Based upon U.S.S.G. § 2Cl.1, the total offense level is 42, calculated as follows:
  • 2Cl.l(a)(2) Base Offense Level 12
  • 2Cl.l(b)(l) More than One Bribe +2
  • § 2Cl.l(b)(2), 2Bl.l(b)(l)(M) +24

Benefit (More than $ 65,000,000)

  • 2C 1.1 (b )(3) Involvement of High-Level Public Official +4

TOTAL                                                                                      42

  1. Base Fine Based upon U.S.S.G. § 8C2.4(d), the base fine is

$ I50,000,000.

  1. Culpability Score. Based upon U.S.S.G. § 8C2.5, the culpability score is

6, calculated as follows:

  • 8C2.5(a) Base Culpability Score 5
  • 8C2.5(b )(3)(B)(i) Unit had 200 or more employees + 3

and High-Level Personnel

  • 8C2.5(g)(2) Cooperation, Acceptance -2

TOTAL                                                                                      6

Calculation of Fine Range:

Base Fine                                                                     $ I50,000,000

Multipliers                                                       1.2 (min) / 2.4 (max)

Fine Range                                     $180,000,000 to $360,000,000

The key area to noted is the highlighted line entitled “§ 8C2.5(g)(2) Cooperation, Acceptance”.

The reason this line is so critical is that it is the one area under the US Sentencing Guidelines that a company can receive a discount or at least credit for actions it has taken to reduce the multiplier and thereby reduce the overall fine range. In the Sentencing Guidelines it states,

(g)       Self-Reporting, Cooperation, and Acceptance of Responsibility 

 If more than one applies, use the greatest:

  8C2.5(g)(1) (1)       If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or

 8C2.5(g)(2) (2)       If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or

 8C2.5(g)(3) (3)       If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point.

All this means a company if company self-discloses to the DOJ, it can receive a 5-point discount off the overall multiplier. SAP did not self-disclose so it lost this discount. If SAP had self-disclosed the multiplier range would have been something like 0.7 to 1.4, making the fine range $126 million to $252 million. From there the discount under the Sentencing Guidelines led the following “The Fraud Section and the Office and the Company agree, based on the application of the Sentencing Guidelines, that the appropriate criminal penalty is $118,800,000 (the “Criminal Penalty”). This reflects a 40% discount off the 10th percentile of the Sentencing Guidelines fine range.” By my estimation, this failure to self-disclose cost SAP an additional $20,000,000 under the Sentencing Guidelines alone.

But the analysis does not end there as the overall fine and penalty is also governed by the Corporate Enforcement Policy, under which a company can garner a full declination if the following criteria are met (1) self-disclosure, (2) extensive cooperation, (3) extensive remediation, and (4) profit disgorgement. Obviously, SAP failed to meet this burden as it did not self-disclose so a full Declination was never in the cards. But the company could and did receive credit under the Corporate Enforcement Policy with a monetary penalty in the amount of $63,590,859, equal to approximately 54% of the Criminal Penalty. There was a further reduction of the overall criminal fine, reduced by $109,141 under the DOJ’s Pilot Program Regarding Compensation Incentives and Clawbacks.

Moreover, under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist, resulted in it not receiving a reduction of at least 50% and up to 75% will generally not be from the low end of the U.S.S.G. fine range but rather at the 40% amount noted above. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. It’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy.

While all these numbers might be enough to make your head swim (as it did mine); the significance and why I went through it in this detail is that the DOJ is clearly sending the message that self-disclosure is the single most important thing a company can do in any FCPA investigation or enforcement action. Kenneth Polite said that when announcing the updated Corporate Enforcement Policy in January 2023; it was enshrined the new Monitor Selection Policy as the number one reason for a company not having a monitor required. I heard Fraud Section head Glenn Leon say it as well at Compliance Week 2023 in a Fireside Chat with Billy Jacobsen.

The DOJ’s message could not be any clearer. Self-disclose; Self-disclose; Self-disclose.

 Resources

SEC Order

DOJ DPA

Join us tomorrow where we conclude with lessons learned for the compliance professional.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: The SAP Foreign Corrupt Practices Act Enforcement Action

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the recent Foreign Corrupt Practices Act (FCPA) enforcement action involving the ERP software giant SAP.

The recent $220 million fine imposed on German software giant SAP for violations of the FCPA underscores the critical role of internal audits in maintaining corporate compliance. Despite having a comprehensive FCPA compliance program, SAP’s lack of control over its subsidiaries led to bribery activities, a situation that Tom and Matt believe could have been prevented with a robust internal audit function. Fox emphasized the need for strong internal audits to identify and address issues within different parts of an organization. Similarly, Kelly underscored the importance of internal audits in identifying and rectifying control lapses. To delve deeper into this topic and understand the implications of the SAP case, join Tom Fox and Matt Kelly on this episode of Compliance into the Weeds. 

Key Highlights:

  • The bribery schemes and geographic scope
  • What is culture?
  • Third parties and corruption risks
  • The fine and penalty
  • The comeback
  • Lessons learned for the compliance professional

Resources:

Matt on Radical Compliance

Tom 

Tom on the FCPA Compliance and Ethics Blog

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

The SAP FCPA Enforcement Action-Part 2: The Box Score of Corruption

We continue our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement involving the German software company, SAP. The company agreed to pay the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) approximately $222 million in penalties and disgorgement. SAP also entered into a three-year deferred prosecution agreement (DPA) with the Department of Justice imposing a $118.8 million criminal penalty and an administrative forfeiture of $103.4 million. Today we look at SAP’s compliance program requirements for third parties, the Box Score of corruption, the corrupt agents and the bribery schemes used across the globe by SAP.

The Box Score

The breadth and scope of SAP’s illegal conduct was simply stunning, literally running across the globe. For those not keeping scoring at home, I put together a Box Score of the location/entity bribed, the amount of the bribe (where reported) and the benefit obtained by SAP. Once again, it was simply stunning.

Location and Entity Where Bribe Paid Amount of Bribe Revenue Generated
South Africa-Transnet $562,215 $4.4MM
South Africa-Transnet $1MM $6.58MM
South Africa- City of Johannesburg $120K $13.16MM
South Africa-Eskom $5.18MM $28.58MM
South Africa-Dept. Water and Sanitation (DWS) $527,460 $35.4MM
Malawi Not reported $1.1MM
Tanzania-Ports Authority

 

 Not reported $828K
Ghana National Petroleum Corporation

 

 $400K $1.20MM
Indonesian Ministry of Communication and Information Technology

 

 $67,380 $268,135

 
Indonesian Ministry of Maritime Affairs and Fisheries

 

 App. $5000 $80,500
Indonesia- PT Pertamina

 

 Not reported $13K
Indonesia- Pemda DKI

 

 Not reported $383K
Indonesia- PT Angkasa Pura I

 

 Not reported $1.09MM
Indonesia- PT Angkasa Pura II

 

 Not reported $2.53MM
Azerbaijan- State Oil Company

 

 $3000 $1.6MM
Totals Reported in Settlement Docs-$7.8 Reported by DOJ-$103,369,765

SAP Policies and Procedures

SAP used third parties, monikered as Business Development Partners (“BDPs”), which were eligible to earn commissions for SAP sales on which they assisted. Moreover, as noted in the SEC Order, “SAP’s internal policies and procedures for working with third parties required employees to conduct due diligence to assess risk and ensure: (1) That a third party had no relations (as a family member) to the SAP customer or a potential customer, and (2) That the third party was not a government official, government employee, political party official or candidate, or officer or employee of any public international organization or an immediate family member of any of these. In addition, with respect to BDPs, all sales commission contracts had to be in writing and clearly define the services to be provided and the related business and payment terms.”

SAP’s internal controls went on to require its subsidiaries and employees were “to use a model agreement that included standard commission rates and to follow a standardized internal approval process, which required the involvement and approval of the local legal department or compliance officer, the subsidiary’s local managing director, and its local chief financial officer. In cases where a BDP agreement required non-standard terms, regional management had to provide additional approvals. The policy documents explicitly state that they were put into place to ensure that no relationship with a third party would be used to inappropriately influence a business decision or pay bribes to government officials.”

The Corrupt Agents

In the corruption involving the South African entity Transnet, the SEC Order noted that “SA Intermediary 1 ever being present at meetings with Transnet, nor does SA Intermediary 1 appear to have a credible IT background or experience.” Regarding another corruption agent call SA Intermediary 2, it stated, “SAP South Africa paid approximately $1 million in commission fees to SA Intermediary 2, a South African 3D printing firm despite the fact that it provided no tangible services to SAP. SAP South Africa and its employees knew about the red flags relating to SA Intermediary 2’s ownership. The former director of SA Intermediary 2 admitted that the entity had “no expertise” or skills to provide meaningful services on the Transnet deal and also said he had no knowledge of SA Intermediary 2 providing any services. During an SAP-initiated audit of SA Intermediary 2, the third party failed to provide evidence of any services performed.” Indeed the DOJ Information noted that in a 2017 review by SAP in 2017, “revealed that Intermediary 2 had no financial statements (audited or unaudited), had not filed any returns for employee tax purposes, and found no signs of activity at Intermediary 2’s claimed business address.

When it came to Eskom, the SEC Order noted, “SA Intermediary 3, a purported IT consultant on the Eskom project. SA Intermediary 3, however, never performed any services. Instead, SAP South Africa’s Managing Director instructed SAP South Africa employees to perform the consulting work in SA Intermediary 3’s stead and still paid the entity a total of $1.6 million. Notably, officials at Eskom approved these payments despite SA Intermediary 3’s absence on the project. SAP also retained SA Intermediary 2 to perform vague services on Eskom contracts dated March, 2016 and November 2016 that, as a 3D printing company, SA Intermediary 2 was unqualified to perform. Regardless, SAP South Africa paid SA Intermediary 2 a total of $5.18 million in consulting fees.”

The Bribery Schemes

The thing which struck me about the bribery schemes was that they were so pedestrian, yet they permeated SAP from 2014-2022. Yet there very pedestrian nature serves not only as a warning for companies and compliance professionals but also as a road map for compliance program monitoring, improvement and remediation. From the very start of the corruption in South Africa, SAP employees began to avoid, evade and violation SAP internal compliance requirements.

  1. South Africa

In South Africa, in addition to the bribery schemes noted in the section above, where payments were made for non-existence work or services billed by the corrupt agents, “bank records indicate that shortly after the deal closed, SA Intermediary 1 paid $562,215, characterized as “loans,” to an individual known to be involved in making bribe payments.” In SAP’s contract with the City of Johannesburg, the SEC Order noted, “In addition to these cash payments, SAP South Africa paid for trips to New York for government officials in May and September 2015, including the officials’ meals and golf outings on the trips.” The DOJ Information reported that these payments were recorded in SAP books and records as ‘sales commission payments.’ Finally, in the contract involving the DWS, the SEC Order stated, “The local business partners were paid at a 14.9% commission rate, the maximum allowed under SAP policy without approval from the Board. SAP South Africa employees engaged both BDPs at the highest commission percentage allowed, staying under the 15% commission rate so as to avoid the need to obtain higher level approvals, and authorized the payment despite the local partners’ failure to meet deliverables relating to the DWS transactions.” The DOJ Information further noted that the bribe payment was routed through a second corrupt agent, in an attempt to conceal the criminal nature of the bribe.

2. Indonesia

The SEC Order noted that in “Indonesia, Intermediary 1 used fake training invoices to issue payments that created slush funds to pay bribes. Employees at Indonesia Intermediary 1 created shell companies to generate these false expenses. Some of the false invoices generated kickback payments to employees at the Indonesia Intermediary 1, some paid for customer excursions, and others generated cash payments to government officials at state-owned entities.” Next, “Indonesia Intermediary 1 employees, paid for shopping excursions and dining for a BP3TI official and his wife during a June 2018 trip to New York City, in route to attending the 2018 SAP Sapphire Conference in Orlando, Florida.” Additionally travel expenses, gifts, meals and entertainment was paid for by the Indonesian Intermediaries.

3. Azerbaijan

Lastly, in Azerbaijan, a mid-level SAP employee provided improper gifts in December 2021 and January 2022 to multiple SOCAR officials in an effort to close the deal. The SEC Order stated, “Several SOCAR officials received gifts totaling approximately $3,000, well above SAP’s gift limit of $30. Text messages indicate that the employee was rewarding senior officials who supported, and were directly responsible for, approving the pending sale. The employee also prepared a fake Act of Acceptance between SOCAR and an SAP Azerbaijan partner, which she submitted to the SAP contract booking team on February 4, 2022. SOCAR signed the real Act of Acceptance on May 12, 2022. Evidence indicates that the employee was attempting to claim a commission on the deal before her pending promotion to SAP Azerbaijan Managing Director became effective, after which she would not be eligible to earn additional compensation from the sale.”

Once again, the thing that struck me about all these schemes is there is really nothing new, innovative or particularly novel about any of these bribery schemes. It speaks to the basic blocking and tackling which every compliance program needs to engage in at due diligence and then throughout the life cycle of the third-party relationship.

Join us tomorrow where we consider the comeback made by SAP after the investigation began.

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending January 13, 2024

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for compliance professionals, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  1. Trump took payments from China as president.  (WaPo)
  2. Clyde & Co. was fined for breaching AML. (Reuters)
  3. The world’s top 3 trading companies allegedly paid bribes.  (Bloomberg)
  4. SAP has yet another FCPA enforcement action.  (FCPA Blog)
  5. Boeing CEO says ‘this can never happen again’ (yet again). (Reuters)
  6. Gold bars are a sign of a statesman—Bob Menendez.  (NYT)
  7. When de-risking leads to more risks, or at least newer risks,.  (WSJ)
  8. Boeing is facing more fallout over the 737 MAX.  (WaPo)
  9. China ABC campaign to go after ‘ants and flies. (CNN)
  10. Singapore completes a corruption probe.  (Bloomberg)

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day here.

Connect with Tom:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

SAP Trade Sanctions Enforcement Action


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into SAP trade sanction enforcement action. Some of the issues we consider are:

  • What were the underlying facts?
  • How did SAP allow products to get to Iran for so long?
  • How did SAP achieve a NPA even with aggrieved factors?
  • How was the financial penalty calculated?
  • What were the remedial steps SAP engaged in?
  • Why does this enforcement action point towards the need for a more holistic approach to risk?

 Resources
Matt’s blog post on Radical Compliance:
 SAP Nailed on Sanctions Violations