Microsoft and Microsoft Hungary, a wholly owned subsidiary, have reached a settlement with U.S. authorities and will pay $25.3 million in combined criminal and civil penalties to resolve the government’s investigation into violations of the Foreign Corrupt Practices Act.

The FCPA investigation by the Department of Justice and the Securities and Exchange Commission arose out of a bid-rigging and bribery scheme in connection with the sale of Microsoft software licenses to Hungarian government agencies. According to Microsoft Hungary’s admissions, the violations began by at least 2013 and continued until at least 2015.

In furtherance of that scheme, Microsoft Hungary executives and employees falsely represented to Microsoft that steep discounts were necessary to conclude deals with resellers who bid for the opportunity to sell Microsoft licenses to government customers. In actuality, the savings were instead used for corrupt purposes, falsely recorded as “discounts,” and stored in various tools and databases on Microsoft servers in the United States in violation of the FCPA.

Under the settlement, announced Monday, Microsoft Hungary will pay a criminal penalty of more than $8.75 million. It has also entered into a non-prosecution agreement.

The Justice Department said it reached this resolution based on several factors. First, although Microsoft Hungary did not voluntarily self-disclose the misconduct, it received credit for its and Microsoft’s “substantial cooperation” with the investigation and for “taking extensive remedial measures,” the Justice Department said.

As a Microsoft spokesperson told Compliance Week last year in response to the investigation, “As soon as we became aware in 2014 of potential wrongdoing in our Hungarian subsidiary, we moved quickly to pursue a detailed investigation and hold people accountable.”

Specifically, the Justice Department acknowledged Microsoft Hungary terminated four licensing partners and Microsoft implemented an “enhanced system of compliance and internal controls, company-wide, to address and mitigate corruption risks.”

Furthermore, beginning in 2014, “we also developed a comprehensive response to concerns we had around how partners and resellers were using discounts,” the Microsoft spokesperson explained. “Since then, we’ve implemented a new global program to ensure transparency around discounts for government customers. This requires partners to pass on discounts to these customers and ensures a formal confirmation from the customer that they are aware of the discount.”

Since 2017, Microsoft has developed and used AI-based technology “to better identify compliance risks, including around the use of these types of discounts,” the spokesperson said.

Accordingly, the criminal penalty reflects a 25 percent reduction off the bottom of the applicable U.S. Sentencing Guidelines fine range for the company’s full cooperation and remediation.

SEC matter

In a related matter, Microsoft agreed to pay to the SEC disgorgement and prejudgment interest totaling approximately $16.56 million to settle FCPA charges for the conduct in Hungary, as well as concerning three other foreign-based subsidiaries. In addition to Hungary, the SEC also found Microsoft’s subsidiaries in Saudi Arabia and Thailand “provided improper travel and gifts to both foreign government officials and employees of non-government customers funded through slush funds maintained by Microsoft’s vendors and resellers,” the agency said.

The SEC further found Microsoft’s subsidiary in Turkey “provided an excessive discount to an unauthorized third party in a licensing transaction for which Microsoft’s records do not reflect any services provided.”

The SEC’s order states Microsoft violated the books-and-records and internal accounting controls provisions of Sections 13(b)(2)(A) and 13(b)(2)(B) of the Securities Exchange Act of 1934. Without admitting or denying the SEC’s findings, Microsoft consented to a cease-and-desist order and agreed to pay disgorgement of $13.8 million and prejudgment interest of about $2.8 million.

In addition to the remediation efforts mentioned above, the SEC order further acknowledged that “Microsoft’s cooperation included timely sharing of facts developed during the course of an internal investigation and voluntarily producing and translating documents.”