Last year, when SAP’s Latin American sales leader resolved a parallel DOJ/SEC FCPA enforcement action, the question remained: would there also be an enforcement action against SAP?
Earlier this week, the SEC answered that question by announcing an enforcement action against SAP - the first FCPA enforcement action in 2016.
The SAP action is based on the same core conduct alleged in the prior individual action and the company agreed to pay approximately $3.9 million.
In summary fashion, the SEC’s order states:
“This matter concerns violations of the books and records and internal controls provisions of the FCPA by SAP SE (“SAP”). The violations occurred due to deficient internal controls, which allowed SAP’s former Vice-President of Global and Strategic Accounts, Vicente E. Garcia, to discount the software price to a former SAP local partner at a level sufficient to permit Garcia and the local partner to pay $145,000 in bribes to one senior Panamanian government official, and offer bribes to two others. Through these bribes, Garcia secured government sales contracts of approximately $3.7 million for SAP, and also self-profited through kickbacks. By excessively discounting the SAP software, Garcia created a slush fund that the partner used to pay the bribes and kickbacks. Garcia concealed his scheme from others at SAP, circumvented SAP’s internal controls, and justified the excessive discounts by falsifying SAP’s internal approval forms.
“The deep discounts that Garcia used to create the slush fund were falsely recorded as legitimate discounts on the books of SAP’s Mexican subsidiary, which were subsequently consolidated into SAP’s financial statements. In addition, SAP failed to devise and maintain an adequate system of internal accounting controls sufficient to provide reasonable assurances that these improper payments to government officials did not occur.”
As a result of the corrupt conduct and bribery scheme, SAP was able to sell software to the Panamanian government through four contracts from 2010 to 2013, generating approximately $3.7 million in revenue to SAP.
The SEC order focuses on SAP’s “insufficient internal controls”:
“SAP lacked adequate internal controls to ensure that discounts to local partners were not improperly used… SAP employees, had wide latitude in seeking and approving discounts to local partners, and employees’ explanations for the discounts were accepted without verification. There were also no requirements for heightened anti-corruption scrutiny for large discounts. [The] indirect reporting structure at SAP created gaps in supervising Garcia that provided him the opportunity to use the large discounts for creating a slush fund for bribes. Because of the deficient controls, Garcia was able to provide the partner with deep enough discounts to enable him to implement the bribery scheme, which continued unabated for over four years.”
Notwithstanding the above, the SEC also outlines SAP’s cooperation with government agencies:
“When SAP learned of the conduct as a result of the SEC’s inquiry, SAP conducted a thorough internal investigation and extensively cooperated with the SEC’s investigation by, among other things: (i) conducting an internal investigation; (ii) voluntarily producing approximately 500,000 pages of documents and other information quickly, identifying significant documents and translating documents from Spanish; (iii) conducting witness interviews, sharing PowerPoint presentations and timelines; (iv) facilitating an interview of Garcia at work at SAPI offices in Miami without alerting him to the investigation into his conduct; and (v) initiating a third party audit of the local partner.
“After being alerted to Garcia’s misconduct, SAP terminated Garcia and undertook remediation efforts to uncover any other possible misconduct and to improve its FCPA compliance. Specifically, SAP audited all recent public sector Latin American transactions, regardless of Garcia’s involvement, to analyze partner profit margin data especially in comparison to discounts so that any trends could be spotted and high profit margin transactions could be identified for further investigation and audit. SAP also implemented new policies and procedures to detect and prevent similar issues from recurring in the future. For example, SAP elevated the status of its Chief Compliance Officer (“CCO”) by having that person now report directly to the CFO, who is a member of the Executive Board, and gave the CCO authority to independently terminate employees and partner contracts. SAP conducted, and continues to conduct, regular anti-corruption training, as well as anti-corruption audits through its internal audit function. In determining to accept the Offer, the Commission considered remedial acts undertaken by Respondent and cooperation afforded the Commission staff.”
Here are some key takeaways from the first FCPA enforcement action in 2016:
- Companies need sufficient internal controls to flag pricing discount schemes and other misconduct that leads to bribery schemes.
- Even though SAP responded well and cooperated with the DOJ and SEC when alerted to their employee’s misconduct, SAP was not proactive enough to exemplify solid internal controls and a compliance program that could flag misconduct.
- SAP was held strictly liable for a violation of the FCPA's books and records and internal controls provisions. So, an ounce of prevention is worth exponentially more than the same amount of remedial work.
What does this mean for you? It appears that companies will be automatically on the hook for books and records and internal controls violations when a company employee is prosecuted for bribery offenses.
It also means that the FCPA enforcement agencies are sending a message that they expect your compliance programs to be substantive and effective.
This is the perfect time to audit corporate compliance programs and ensure they are effective while we’re still Q1; we anticipate aggressive enforcement actions in 2016.
Have a workplace question for our experts? Leave a comment or email email@example.com!