The Securities and Exchange Commission (SEC) just changed the way companies have to think about Foreign Corrupt Practices Act (FCPA) compliance. This is how FCPA enforcement usually goes: an improper payment is made to a government official, an investigation takes place, and the SEC and/or the Department of Justice (DOJ) steps in to enforce the Act and slaps the offenders with violations, fines, and penalties. Not this time.
On August 16th the SEC charged Oracle Corporation (Oracle) with violating the books and records and internal controls provisions of the FCPA before an improper payment was ever made. The violations were based on the idea that funds that are unaccounted for create a risk of bribery and embezzlement. In this case, an Indian subsidiary of Oracle, Oracle India, structured transactions with India’s government so that there were exaggerated margins between the distributor and the buyer price. Oracle India employees had the distributors hold or “park” the extra money, around $2.2 million, in side funds for “marketing development purposes.” Then the distributors were told to make payments to local vendors that were actually just storefronts that did not actually provide any services. Fake invoices were used to document the payments.
What is notable about this case is that there are no allegations of payments to government officials. Instead, the SEC complaint alleged that Oracle failed to accurately record the side funds and create and maintain a system of effective internal controls to prevent improper use of the funds. Essentially the SEC is using its books and records and internal controls provisions to penalize Oracle for exposing itself to risk; the risk that the hidden funds could have been used for improper or illegal payments.
This type of enforcement sends a serious message to the business community about proactive measures and FCPA compliance. Marc J. Fagel, Director of the SEC’s San Francisco Regional Office, urged businesses to be proactive, saying “It is important for U.S. companies to proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds.” The SEC took Oracle’s cooperation, voluntary disclosure, and remedial measures into account, and Oracle agreed to settle the charges for $2 million.
The bottom line is – Do not wait for a violation to happen to think about the FCPA, the SEC isn’t waiting to enforce it!