United States: No Oracle Could Have Foreseen Oracle's FCPA Settlement

Previously published by Law360, New York, September 05, 2012.

On Aug. 16, the U.S. Securities and Exchange Commission announced a settlement with Oracle Corporation in which the California software company agreed to pay a $2 million penalty to settle charges that it violated the books and records and internal controls provisions of the U.S. Foreign Corrupt Practices Act.¹ Notably absent from the enforcement action was any allegation of an improper payment to a foreign government official — an element present in practically all other FCPA enforcement actions to date.

This enforcement action is significant because it shows that the SEC has broadened the scope of its FCPA enforcement to an unprecedented level. The SEC complaint alleges that Oracle violated the FCPA by failing to record "side funds" on its books and records and by failing to prevent its wholly owned subsidiary from creating the funds, which in turn created "a risk that [the funds] potentially could be used for illicit means, such as bribery or embezzlement."

The complaint does not allege that Oracle or its subsidiary made any improper payments. By bringing an enforcement action based solely on the failure to record funds and the failure to prevent conduct that creates the mere potential for bribery, the Oracle settlement marks a departure from the SEC's past enforcement practices.

The SEC complaint alleges that between 2005 and 2007, Oracle India Private Limited inflated margins typically retained by its distributors and instructed its distributors to hold the additional margins in unauthorized side funds in order to pay third parties. Oracle's business practice in India involved selling the company's software licenses and services to distributors, who in turn would sell the same licenses and services to end user customers at a higher price, retaining the margin as profit to the distributor.

The SEC alleged that in approximately 14 such transactions related to eight separate government contracts, Oracle India inflated the margins between the distributor and end user prices of the Oracle products and instructed distributors to retain the extra margin in side funds. Oracle India then instructed its distributors to use the side funds to pay third-party vendors, "purportedly for marketing and development expenses," even though some of the third-party vendors did not exist. Over the course of two years, Oracle India amassed approximately $2.2 million in side funds intended for third-party payments.

The SEC alleged that Oracle violated the FCPA in two ways. First, Oracle failed to account for the side fund as assets in its books and records, despite that the Oracle India employees "concealed the existence of the side fund." Second, Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the side funds. The SEC noted as an example that Oracle knew that distributor discounts created a margin of cash from which distributors received payment for services, yet failed to audit and compare the distributors' margin against the end user price to ensure excess margins were not being built into the price.

The SEC also noted that although Oracle had policies requiring approvals for payment of marketing expenses, Oracle failed to seek transparency in or audit third-party payments made by distributors on Oracle India's behalf, which would have allowed Oracle to check that payments were made to appropriate recipients.

While a violation of the FCPA's books and records or internal controls provisions does not require the making of an improper payment, the overwhelming majority of the SEC's FCPA enforcement actions against corporations have included allegations of an improper payment. For example, in the last two months, the SEC settled books and records and internal controls charges with Pfizer Inc. and Orthofix International NV where the SEC alleged that the companies failed to accurately record improper payments to government officials and lacked internal controls to prevent and detect such payments.

The SEC's enforcement action against Oracle makes clear that companies risk liability for failure to comply with the FCPA books and records and internal controls provisions even in the absence of any improper payments. Indeed, that is the message from Marc J. Fagel, director of the SEC's San Francisco regional office, who was quoted in the SEC's press release announcing the settlement as saying that through its subsidiary's use of secret side funds, "Oracle exposed itself to the risk that these hidden funds would be put to illegal use." Fagel cautioned U.S. companies to "proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds."

Because of this increased risk of liability, it is critical that companies that have shares listed on U.S. exchanges or are otherwise subject to the FCPA books and records and internal controls provisions assess their accounting procedures and controls through an expanded lens. Prevention of improper payments to government officials may not be sufficient to avoid the risk of noncompliance with the FCPA's books and records and internal controls provisions. Companies should also ensure that they record all funds and implement accounting controls to detect and eliminate any accounting practices — such as creation of unaccounted-for side funds — that could potentially be exploited to make unauthorized payments, including improper payments to government officials.

Footnotes

^{1 Press Release, Sec. and Exch. Comm'n, SEC Charges Oracle Corporation with FCPA Violations Related to Secret Side Funds In India, Aug. 16, 2012, available at http://www.sec.gov/news/press/2012/2012- 158.htm ; Complaint, SEC v. Oracle Corp. No. 1:12-cv-04310-CRB (N.D. Cal. Aug. 16, 2012).}

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.