After a seven-year investigation, IBM settled SEC charges that IBM had violated internal controls and books and records provisions of the Foreign Corrupt Practices Act.1 IBM agreed to disgorge $5.3 million and to pay a $2 million penalty and $2.7 million in prejudgment interest.2 IBM did not disclose the cost of the internal investigation, or whether the Department of Justice continues to investigate.


The SEC’s case included FCPA violations by IBM’s Chinese subsidiaries (“IBM-China”). IBM-China sold hardware, software, and other services to customers owned or controlled by the Chinese government. Those contracts sometimes called for IBM-China to provide offsite training to officials. IBM policies prohibited payment for side trips or stopovers unrelated to the training programs, and it required all travel to be pre-approved.

More than 100 IBM-China employees found a way to circumvent this policy. According to a complaint filed last week in U.S. District Court for the District of Columbia, the employees made use of a local travel agency to pay for government officials’ travel that (1) had not been approved; (2) included unapproved sightseeing itineraries or other deviations from approved travel; (3) had little or no business content; and (4) involved per diem and improper gifts. The SEC faulted IBM for failing to detect at least 114 instances of this misconduct from 2004 through 2009.


The SEC’s complaint also alleges that employees of IBM-Korea, a Korean subsidiary, and LG IBM, a majority-owned joint venture, paid more than $200,000 in cash bribes to officials at sixteen South Korean government entities in exchange for help securing $54 million in government procurement contracts for mainframe and personal computers. Employees of IBM-Korea and LG IBM allegedly delivered shopping bags filled with South Korean Won to key government decision makers.

The SEC charged that at least one bribe was paid through LG IBM’s local business partner. According to the complaint, the business partner was compensated by LG IBM through the overpayment of installation charges. The complaint also alleges IBM-Korea and LG IBM provided free notebook computers to government employees and paid for improper travel and entertainment expenses.

Interestingly, some of the alleged conduct goes back to 1998, and none of it occurred after 2003. The SEC action appears to have been prompted by IBM’s 2004 disclosure that the South Korean government had brought bid-rigging and bribery charges against IBM-Korea, LG IBM, and several employees.3 Both companies paid fines to the South Korean government, a number of individuals were convicted and sentenced, and IBM-Korea was temporarily debarred from government contracting in South Korea.4 IBM subsequently dissolved LG IBM.5


This was not IBM’s first FCPA-related settlement with the SEC. In 2000, IBM paid $300,000 to settle an SEC claim that IBM’s Argentine subsidiary had paid $4.5 million in bribes in connection with a $250 million contract.6 In addition to paying the civil fine, IBM fired the Argentine employees involved in the bribery and agreed to enhance its internal controls.


Anti-corruption policies are only as robust as the controls that enforce their compliance. The ability to detect third-party conduits for improper payments remains the Achilles’ heel of many programs. IBM’s experience underscores the importance of establishing and maintaining an FCPA compliance program that can monitor the conduct of consultants, business partners, and other agents overseas, as well as company employees. Internal controls should be sufficient to prevent and detect FCPA violations.7