Oracle’s FCPA Violations: A Lesson in Managing Third-Party Distributor Risks (Part II of II)
Oracle’s SEC settlement for $23 million underscores the power of the FCPA provisions mandating effective internal controls and accurate books and records. As everyone knows, these provisions can be applied to a wide-range of conduct beyond foreign bribery. The SEC recognizes the power of these provisions and have used them in a variety of settings.
Oracle has now fallen under the enforcement sword twice — the first time in 2012, Oracle’s India subsidiary maintained off-the-books accounts which created significant risks of bribery. The SEC, however, was unable to prove that the funds actually were used for bribery purposes. Notwithstanding this settlement, it is not clear that Oracle took the matter to heart and engaged in a broad remedial project to eliminate risks of internal control and books and records violations. Indeed, if there is anything a company could learn from the Oracle enforcement actions it is that once burned a company should undertake a broad remedial effort to eliminate the possibility of future violations.
Between 2014 and 2019, the Oracle subsidiaries in India, Turkey and the United Arab Emirates used discount schemes and marketing reimbursement payments to maintain slush funds to pay bribes and provide financial benefit to foreign officials. Oracle exercised control over its subsidiaries from its central headquarters in the United States. The employees at Oracle’s subsidiaries reported up to the parent through specific Lines of Business heads, who set financial and business performance targets by region or territory (not by country or subsidiary).
Oracle used direct and indirect sales models. Under the direct model, Oracle transacted business with the customers and received payment from the customers. Under the indirect model, Oracle transacted business through different categories of distributors, including value-added distributors (“VADs”) and value-added resellers (“VARs”). Oracle on-boarded channel partners through a globally-defined due diligence process that was implemented at the regional and country levels. Oracle subsidiaries were only allowed to work with VAD or VARs that were approved by the Oracle Partner Network (“OPN”).
Improper Use of Discounts
Oracle used a three-tier system for approving discounts above designated amounts for specific products. Every discount had to be supported by a legitimate business reason. Depending on the level of the discount, designated managers at the regional or headquarter level had to approve the proposed discount. In many cases, discounts were approved when needed for a customer to remain within budgetary caps or to meet a competitor’s offer. Oracle’s discount policy did not require a requestor to submit documentation to support the request
Oracle subsidiary employees circumvented the discount requirements by providing larger discounts than required for legitimate business reasons. As a result, with the assistance of VADs and VARs, Oracle subsidiaries were able to create slush funds for illicit purposes. The channel partners profited from the scheme by keeping a portion of the excess deal margin.
Improper Marketing Reimbursements
Oracle allowed its sales employees to request purchase orders to reimburse VADs and VARs for certain marketing expenses. As long as the purchase orders were less than $5000, first-level supervisors could approve the payment without any documentation requirement. For example, in Turkey, Oracle sales employees arranged to reimburse VADs and VARs for a total of $115,200 in 2018 using individual purchase orders that were each under the $5000 threshold.
Oracle subsidiaries in Turkey and the UAE used this scheme to increase funds to VARs and VADs to increase the amount of the slush funds. The direct supervisors involved in the schemes approved these orders.
Oracle Turkey Subsidiary
During the period 2009 to 2019, Oracle Turkey used excessive discounts and sham marketing reimbursements to create slush funds at its two VADs. Oracle Turkey exmployees referred to the accounts as “havuz,” which means “pool” or “kumbara,” which means “moneybox,” and used the accounts for improper purposes.
Oracle Turkey employees routinely used the slush funds to pay for travel or lodging expenses for end-user customers, including foreign officials, to attend technology conferences. In some instances, the funds were used to pay for travel and lodging expenses of foreign officials’ spouses and children, and for side trips to Los Angeles and Napa Valley.
Oracle Turkey’s management, including the country leaders, knew about and condoned the practice.
In one particular case, in 2018, Oracle Turkey sought to win a valuable contract with Turkey’s Ministry of Interior (“MOI”) to establish an emergency call system for Turkey. Oracle Turkey employees, with the knowledge of the country leader, arranged for a week-long trip to California for four MOI officials paid from the VAD account. The meeting was allegedly for a meeting at Oracle’s headquarters with a senior executive, but the meeting only lasted 15 to 20 minutes. For the rest of the week, the MOI officials were entertained in Los Angeles and Napa Valley. To fund the trip, a Turkey employee requested a large discount.
In one particular case, in 2018, Oracle Turkey sought to win a valuable contract with Turkey’s Ministry of Interior (“MOI”) to establish an emergency call system for Turkey. Oracle Turkey employees, with the knowledge of the country leader, arranged for a week-long trip to California for four MOI officials paid from the VAD account. The meeting was allegedly for a meeting at Oracle’s headquarters with a senior executive, but the meeting only lasted 15 to 20 minutes. For the rest of the week, the MOI officials were entertained in Los Angeles and Napa Valley. To fund the trip, a Turkey employee requested a large discount.
Oracle was subsequently awarded the valuable emergency service contracts. To fund the trip, a Turkey employee requested a large discount for the contract, claiming that it was needed to meet competition.
The same Turkey employees were involved in paying bribes to officials at Turkey’s Social Security Institute (“SSI”). Oracle Turkey arranged for a large discount based on the unsubstantiated discount to fund bribes to the relevant government officials. The same employee used a VAR to create a slush fund for an intermediary and SSI officials related to a database infrastructure order.
Oracle UAE
From 2014 to 2019, Oracle UAE sales employees used excessive discounts and marketing reimbursement payments to maintain slush funds at VARs. The sales employees referred to them as a “wallet,” and used the funds to pay for travel and accommodations for foreign officials to attend Oracle conferences.
In 2018 and 2019, an Oracle UAE sales account manager for a UAE state-owned entity paid $130,000 in bribes to the SOE’s CTO in return for six different contracts. The first three bribery payments were funded with the assistance of two VARs using excessive discounts. The bribes were paid by an unauthorized UAE entity. For the other three contracts, the unapproved UAE entity was used to pay the bribes.
Oracle India
In 2019, Oracle India sales employees used an excessive discount scheme with a state-owned transportation company. To fund the scheme, the employee secured a 70 percent discount on the project, claiming that intense competition required such a large discount. An Oracle manager in France approved the discount without requiring any documented justification. The Indian SOE’s website indicated that there was no competition for the contract. Another Oracle employee maintained a spreadsheet showing that $67,000 was the “buffer” available for making bribery payments to a specific Indian government official. A total of $330,000 was funneled to an entity with a reputation for paying SOE officials, and another $62,000 was paid to an entity controlled by several Oracle sales employees.