Yesterday,the SEC announced (here) a Foreign Corrupt Practices Act books and records and internal controls enforcement action against Oracle Corporation.

With the enforcement action, the dilution of FCPA enforcement has reached a new level.   The only allegations against Oracle itself is that it failed to audit distributor margins against end user prices and that it failed to audit third party payments made by distributors.  It is common for large multi-national companies to have hundreds, if not thousands, of distributors.  Because of this, audits Oracle was held liable for not conducting are not practical or cost-effective absent red flags suggesting improper conduct. The SEC did not allege any such red flag issues.  In fact, the SEC alleges that Oracle’s Indian subsidiary “concealed” and kept “secret” the conduct from Oracle.  Congress did not intend for the FCPA’s books and records and internal control provisions to be a strict liability statute.  The SEC used to recognize this.  However, it no longer does as once again demonstrated by the Oracle action.

In reading the Oracle action, I was reminded of a 1981 speech by Harold Williams (Chairman of the SEC) regarding the FCPA books and records and internal control provisions.  See here for the prior post.  Williams stated that the provisions are not “independent unrestrained mandate[s] to the Commission to establish novel or unprecedented corporate recordkeeping standards.”  Williams further stated as follows.  “Depending on the circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

Back to the SEC’s enforcement action against Oracle.

The SEC complaint (here) states in summary fashion as follows.

“This matter involves violations of the books and records and internal controls provisions of the FCPA by Oracle Corporation.  From 2005 to 2007, certain employees of Oracle’s Indian subsidiary Oracle India Private Limited (“Oracle India”) secretly ‘parked’ a portion of the proceeds from certain sales to the Indian government and put the money to unauthorized use, creating the potential for bribery or embezzlement.  These Oracle India employes structured more than a dozen transactions so that a total of around $2.2 million was held by the Company’s distributors and kept off Oracle India’s corporate books.  The Oracle India employes would then direct its distributor to disburse payments out of the unauthorized side funds to purported local ‘vendors.’  Several of the ‘vendors’ were merely storefronts that did not provide any services.  Oracle failed to accurately record these side funds on the Company’s books and records, and failed to implement or maintain a system of effective internal accounting controls to prevent improper side funds in violation of the FCPA, which requires public companies to keep books and records that accurately reflect their operations.”

Specifically, the SEC complaint states as follows.

“On approximately 14 occasions related to 8 different government contracts between 2005 and 2007, certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses. Some of the recipients of these payments were not on Oracle’s approved local vendor list; indeed, some of the third parties did not exist and were merely storefronts.  Because the Oracle India employees concealed the existence of the side fund, Oracle did not properly account for these side funds. These funds constituted prepaid marketing expenses incurred by Oracle India and should have been recorded as an asset and rolled up to Oracle’s corporate books and records. These marketing expenses should then have been reflected in the income statement once they were used. Instead, the parked funds were not reflected on Oracle India’s books and were not properly recorded as prepaid marketing expenses. This incorrect accounting in turn affected Oracle’s books and records.  Between 2005 and 2007, government customers paid Oracle India’s distributors at least $6.7 million on these sales, with Oracle receiving approximately $4.5 million in revenue, resulting in about $2.2 million in funds improperly ‘parked’ with the Company’s distributors.”

The SEC further alleged as follows.

“Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds.  For example, Oracle knew distributor discounts created a margin of cash from which distributors received payments for their services.  Before 2009, however, the company failed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure.  In addition, although Oracle maintained corporate policies requiring approvals for payment of marketing expenses, Oracle failed to seek transparency in or audit third party payments made by distributors on Oracle India’s behalf.  This control would have enabled Oracle to check that payments wer made to appropriate recipients.”

Based on the above conduct, the SEC charged Oracle with FCPA books and records and internal controls violations.

In the SEC’s release, Marc Fagel (Director of the SEC’s San Francisco Regional Office) stated as follows.  “Through its subsidiary’s use of secret cash cushions, Oracle exposed itself to the risk that these hidden funds would be put to illegal use.  It is important for U.S. companies to proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds.”  As noted in the release, without admitting or denying the SEC’s allegations, Oracle consented to the entry of a final judgment ordering the company to pay a $2 million penalty and permanently enjoining it from future books and records and internal control violations.  The release further states as follows.  “The settlement takes into account Oracle’s voluntary disclosure of the conduct in India and its cooperation with the SEC’s investigation, as well as remedial measures taken by the company, including firing the employees involved in the misconduct and making significant enhancements to its FCPA compliance program.”

It is typical for the DOJ and SEC to announce FCPA enforcement actions on the same day.  Thus, the absence of a parallel DOJ enforcement action as to the alleged conduct at issue suggests that there will be no DOJ enforcement action, a good result given the SEC’s allegations and for the reasons stated above.

However, it may be premature to conclude that Oracle’s FCPA scrutiny is over.  As noted in this prior post, in September 2011, the Wall Street Journal reported that the DOJ was investigating ”whether Oracle employees or agents acting on the company’s behalf made improper payments in Africa in order to land sales of database and applications software.”

*****

The SEC’s enforcement action against Oracle  is not the first time distributor margin payments have served as the basis of an FCPA enforcement action.  See here for the 2005 enforcement action against InVison, specifically the Thailand allegations.  However, in that action the SEC alleged that the company was aware of the “high probability” that the margin was being used for improper purposes.