Oracle to pay $23M to settle FCPA violations in three countries

The SEC said Tuesday that Oracle subsidiaries in Turkey and the UAE also used slush funds to pay foreign officials to attend international technology conferences, in some cases paying for family to accompany them or for side trips to California.

Without admitting or denying the agency’s allegations, Oracle agreed to cease and desist from further violations of the anti-bribery, books and records, and internal accounting control provisions of the FCPA. Oracle will pay approximately $8 million in disgorgement and a $15 million penalty.

“The creation of off-book slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle’s Turkey, UAE, and India subsidiaries,” said Charles Cain, chief of the SEC’s FCPA Unit, in a press release. “This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company’s operations.”

This is Oracle’s second FCPA violation involving slush funds. In 2012, the company paid $2 million to resolve SEC charges related to millions of dollars of side funds stashed by Oracle India.

Compliance considerations: Oracle subsidiaries in India, Turkey, and the UAE created slush funds using various methods, according to the SEC’s order.

The subsidiaries accomplished this because Oracle used an indirect payment system in which customers transacted some sales through distributors and resellers. While these intermediaries were vetted by Oracle’s corporate team in the United States, the system itself presented certain risks of abuse, including the creation of improper slush funds, the SEC said.

Oracle subsidiary employees allegedly worked with complicit intermediaries to create slush funds by improperly requesting larger-than-necessary discounts for certain customers. The company’s policies and procedures did not require documentation for these discount requests, and slush funds were created with the difference, the SEC said.

In another alleged scheme, Oracle subsidiary employees would create sham marketing expense purchase orders for intermediaries, making sure to keep the requests below $5,000, which was the threshold amount for documentation. Oracle Turkey sales employees were able to open purchase orders totaling approximately $115,200 for intermediaries in 2018.

Oracle Turkey used slush funds for about a decade, from 2009-19, to pay for bribes, travel, and accommodation for end users in violation of the company’s internal policies, according to the SEC. In 2018, Oracle Turkey won a large contract with the Turkish government after flying several influential Turkish government officials to California, likely paid for with slush funds generated by improper discounts and sham marketing purchase orders, the agency alleged.

In the UAE, Oracle employees allegedly used approximately $130,000 in slush funds to bribe UAE state employees to obtain six different contracts from 2018-19.

In India, Oracle employees developed a slush fund by requesting a 70 percent discount on company software for India’s railway system, purportedly because there was intense competition for the bid, even though the railway already mandated the use of Oracle products for the project. An Oracle employee in France approved the discount without requesting further documentation, the SEC said.

As part of its remediation, Oracle fired senior regional managers and employees involved in the alleged FCPA violations and terminated contracts with complicit distributors and resellers. The company strengthened and expanded its global compliance, risk, and control functions and added more than 15 related positions globally.

New policies and procedures were implemented to increase oversight over approval of discounts and purchase requisitions, limit financial incentives for third parties, enhance internal audit, and improve due diligence when onboarding new distributors and resellers. A greater emphasis was placed on training employees to understand the company’s anti-corruption policies, internal controls, and other compliance issues.

Oracle response: “The conduct outlined by the SEC is contrary to our core values and clear policies, and if we identify such behavior, we will take appropriate action,” said Michael Egbert, vice president of Oracle corporate communications, in an emailed statement.