When DOJ acts, they like to make a splash. While the FCPA Paparazzi have been lamenting the “slow down” in FCPA enforcement actions and the increase in case closings, DOJ still makes its mark when it acts, and I expect more DOJ actions in the last quarter of 2015.

DOJ’s latest salvo was the criminal plea of a former SAP official, a US citizen, for conspiracy to violate the FCPA. The SAP official bribed Panamanian officials to secure a series of government technology contracts. As usual, the conspiracy included an advisor and two consultants, and one of SAP’s channel partners, to pay two foreign officials and an agent of a third foreign official in exchange for the contracts. The SAP official also settled an SEC enforcement action for bribery and books and records violations.

The bribes were paid through sham contracts and false invoices, and were funded through discounts. SAP’s channel partner secured the contract and SAP’s software was included at a price tag of $2 million. Additional contracts were later awarded as part of the technology upgrade project.

Significantly, DOJ did not announce any resolution with SAP. The SAP official agreed to cooperate with the government and DOJ and the SEC may be conducting a broader investigation involving SAP’s activities in other countries.

SAP is one of many high-tech companies that are currently or have been the subject of FCPA enforcement actions, including Hewlett-Packard, Microsoft, Cisco, IBM, Oracle and others. The list is becoming a who’s who of high-tech companies and underscores the importance that high-tech compliance officials dedicate more time and resources to implementing ethics and compliance programs.

Third party risks are high in the high-tech industry. High-tech companies rely on a complex set of channel partners, distributors, value-added resellers, and resellers. The complexity of the multi-layered channel brings about significant risk that someone in the distribution chain might engage in bribery.

The challenge for high-tech companies is to build a due diligence and risk monitoring system that is tailored to the risks, supported by management and the sales staff, and has adequate resources. A vigilant monitoring program, along with active monitoring efforts is vital to the ultimate impact of risk mitigation strategies.

Many high-tech companies retain a start-up mentality — meaning they are used to building as a start-up company and are slow to recognize the need to grow infrastructure, like compliance programs, needed to support a global corporate operation. It is part of the burden of being so successful. With the increased focus on high-tech companies as a new enforcement priority, high-tech leaders need to reexamine their program and enhance their controls to catch up with other industries facing comparable risks.

DOJ’s latest guilty plea demonstrates its continuing focus on individual prosecutions, although there are still a lot of questions as to the nature and scope of that commitment. We still have not seen individual criminal prosecutions from cases that appear to be important candidates like Avon.

Where DOJ has been slow this year in the enforcement arena, the SEC has been more active in both corporate and individual prosecutions. We still have another quarter to go, but as we know from last year, DOJ usually saves its biggest for the end of the year.