You cannot say the government does not communicate its expectations around Foreign Corrupt Practices Act enforcement. The SEC concluded its investigation around the illegal activity engaged in by former SAP International Vice President of Global and Strategic Accounts, Vicente Garcia, for bribery and corruption in sales to certain government officials in Panama; all in violation of the FCPA. This enforcement action presents some clear signs about where FCPA enforcement will be headed into 2016 and beyond.

In December 2015 Garcia was sentenced to 22 months in prison for bribing officials in Panama to win government contracts. Garcia admitted that he conspired with others, including advisers and consultants to SAP, to pay bribes to two Panamanian government officials, as well as to the agent of a third government official, with the understanding that a portion of the money would be paid to the third official. Garcia used sham contracts and false invoices to disguise the bribes. The money shot in this case was set out in the Justice Dept. press release, which stated “Garcia further admitted that he believed paying such bribes was necessary to secure both the initial contract and additional Panamanian government contracts.”

In February, SAP resolved the SEC civil action via a cease-and-desist order. The bribery scheme netted a Panamanian SAP channel ops partner at least one contract valued at $14.5 million and SAP itself “secured government sales contracts of approximately $3.7 million.” Based on this finding, SAP agreed to pay profit disgorgement of $3.7 million and prejudgment interest of $188,896 as penalties. While the profit disgorgement and prejudgment interest are relatively low in any FCPA enforcement actions, there are several factors that may point the direction of enforcement going forward.

The first and most obvious factor was the individual prosecution of Garcia. Clearly the Justice Dept. securing a guilty plea from Garcia and his subsequent sentencing is the direction the Department wants to go. The Yates Memo, released in September 2015, was not in place during this enforcement action, yet its import is clearly felt or at least portended by this case.

The intersection of criminal and civil enforcement was also laid out in the Yates Memo as a way forward for prosecutors. The SAP civil action and Garcia criminal matter speak to this convergence as well. It will be interesting to see how Justice and the SEC interact in this vein going forward. Along this path was the use of the Internal Revenue Service - Criminal Investigation (IRS-CI) that has skills and experience in looking at financial patterns and tracing money. As FCPA violations are tied to other legal violations, for example money laundering or fraud, the IRS-CI can comb through financial records to find patterns in payments. The IRS-CI has significant experience in investigating corporate shell structures, which can be part of an ongoing criminal attempt to obtain bribes and then conceal the location of the money.

The second factor was the manner in which the funds were generated to supply the bribery scheme. This is very instructive for the compliance professional moving forward. Most interestingly, Garcia attempted to fund the bribes in the most tried and true manner, through a corrupt third party, brought in at the last minute to facilitate the transaction. However, his attempt to get this corrupt agent through the SAP due diligence process was rejected by the company’s compliance department.

Clearly the Justice Dept. securing a guilty plea from Garcia and his subsequent sentencing is the direction the Department wants to go. The Yates Memo, released in September 2015, was not in place during this enforcement action, yet its import is clearly felt or at least portended by this case.

To get around this, Garcia used a previously existing partner, who was given an extraordinary discount. This distributor would then sell the products at list price and the difference was then used to create the pot of money to pay the bribes to the corrupt Panamanian officials. Once this scheme was in place, where the discount could fund the slush fund, it was used to facilitate sales of SAP software, which generated the $3.7 million in profit for the company.

This scheme to generate funds for a bribery slush fund led SAP to undertake an extensive review of its channel ops partner program in Latin America. This included analyzing “partner profit margin data especially in comparison to discounts so that any trends could be spotted and high profit margin transactions could be identified for further investigation and review.” As a structural change to its compliance program, SAP “elevated the status of its Chief Compliance Officer (CCO) by having the person now report directly to the CFO, who is a member of the Executive Board, and gave the CCO the authority to independently terminate employees and partner contracts.”

For the compliance professional going forward, this clearly points to not only the structural change brought about which gave more authority to the CCO but also the move to ongoing transaction monitoring, which is the next evolution in compliance. I think the enforcement action also points to some areas that bear consideration by compliance. These areas include:

Timing of contract award. Vis-à-vis payment to a third party at, or near, the award of a contract may indicate that monies paid to a third party are being used to pay a bribe.

Amount of contract. Determine if a channel ops partner contract is changed during its term. If there is no corresponding business justification, this may be evidence of corruption. The cease-and-desist order noted the changes in channel ops partner were approved by Garcia. Was there a second set of eyes on this process? If so, was the information justifying the change verified?

How was a payment made and to whom? This analysis will look at the methods of payment and delivery of payments.

Employee expense reports. While most corruption investigations focus on payments to agents, you should also look more closely at employee expense reports to see if any overall patterns are developing that might indicate corrupt payments are being made elsewhere.

The importance of a strong company internal audit investigative team. During an internal investigation it is important to speak with the business unit controller because they decide how payments are categorized.

Internal controls. Finally, the internal controls must not only be put in place, but the effectiveness of said controls needs to be checked going forward. Garcia was obviously able to manipulate and evade apparently robust controls that were in place.

The final point to consider from the SAP enforcement action is profit disgorgement. While some commentators have argued that due to its history as an equitable remedy, profit disgorgement should only be available if a company is charged with violating the FCPA’s anti-bribery provisions. However, as appealing as that argument might be, there is nothing in the legislation enabling profit disgorgement that requires a direct tie. So while this may be an instance of the SEC striking out into new legal territory, there is nothing that requires adherence to the equitable antecedents of this remedy. Indeed, the legal change in the Securities and Exchange Act that allowed profit disgorgement spoke to the Commission’s general authority to levy penalties and was not tied to any bribery violation under the FCPA.

The conclusion of the FCPA civil enforcement action against SAP, together with the sentencing of SAP’s former employee, Vicente Garcia, in December provide clear signals where enforcement may be heading. Are you listening? 

Continue the conversation at Compliance Week Europe: 7-8 November at the Crowne Plaza Brussels. Join us as we look at changes in global anti-corruption regulations, slave labour risks in your supply chain, and how to detect fraud, to name just a few topics. Learn more