On February 1, 2016, the Securities and Exchange Commission (“SEC”) announced that software manufacturer SAP SE (“SAP”) has agreed to pay $3.7 million in disgorgement of profits plus interest to settle charges that it violated the Foreign Corrupt Practices Act (“FCPA”) when unlawfully procuring business in Panama. The SEC’s investigation found that the SAP’s internal controls were deficient, which allowed a former SAP executive to pay $145,000 in bribes to a senior Panamanian government official and offer bribes to two others in order to secure sales contracts. The SAP executive, Vicente E. Garcia, was charged by the SEC in a separate enforcement action last year that included a parallel criminal action – the result of which was that Mr. Garcia was sentenced to 22 months in prison.
SAP is a software manufacturer headquartered in Germany. Most of its sales are executed through a network of worldwide corporate partners, including in Panama. The SEC’s investigation uncovered a bribery scheme involving the provision of large discounts of up to 82% to SAP’s Panamanian partner, who used the excessive discounts to create a slush fund out of which to pay bribes and kickbacks to Panamanian officials on Mr. Garcia’s behalf. According to the SEC order instituting cease-and-desist proceeding, Mr. Garcia had concealed his scheme from others at SAP, circumvented SAP’s internal controls, and justified the excessive discounts by falsifying SAP’s internal approval forms.
The SEC found that:
- SAP had no requirements for heightened anti-corruption scrutiny for large discounts, and Mr. Garcia was therefore able to use his position to evade the basic procedures for approval of discounts;
- SAP falsely recorded the slush fund as legitimate discounts on the books of SAP’s Mexican subsidiary, and the figures were subsequently consolidated into SAP’s financial statements;
- SAP failed to devise and maintain a sufficient system of internal accounting controls to provide reasonable assurances that the discounts were recorded in accordance with U.S. Generally Accepted Accounting Principles;
On the basis of these findings, the SEC concluded that SAP violated the internal controls provisions and the books and records provisions of the FCPA. Without admitting or denying the findings, SAP consented to the entry of the cease-and-desist order and agreed to pay disgorgement of $3.7 million in earned profits from SAP’s software sales to the Panamanian government plus prejudgment interest of $188,896.
The charges serve as a stark reminder that the FCPA does more than simply prohibit the payment of bribes to foreign public officials – it is being enforced as imposing positive obligations on companies to take certain actions designed to prevent bribery. In particular, publicly traded companies on U.S. stock exchanges must make and keep books, records and account which accurately and fairly reflect all transactions (see §78m(b)(2)(A), the “books and records offence”) and must maintain a system of internal accounting control to provide reasonable assurances that transactions are all above board (see §78m(b)(2)(B), the “internal controls provision”).
Therefore, it is not enough for a company to direct its employees or agents from paying bribes. It must also maintain books and records and set up internal controls designed to ensure bribery does not occur. Such internal controls include, among other things:
- a control environment that covers the tone set by the organization regarding integrity and ethics;
- risk assessments;
- control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties);
- information and communication; and
This U.S. enforcement case is relevant to Canadian companies because Canada has also, as of July 2013, introduced similar requirements to keep accurate books and records in the Corruption of Foreign Public Officials Act, which applies not only to publicly traded companies, but also to Canadian privately owned companies. This case also serves as an important reminder that companies operating overseas can become exposed to anti-corruption enforcement risks based on actions of re-sellers and other representatives.
We have previously commented on the importance of having robust and effective compliance programs in place and undertaking timely investigations. The SAP’s settlement reaffirms the importance of implementing anti-corruption compliance programs, which include strict management oversight of overseas operations and readiness to conduct a thorough investigations if there is any indication of wrongdoing. Companies without proper compliance programs in place, with all the relevant elements including books and records compliance and a requirement to undertake timely investigations, should set out to establish such controls in order to avoid, or minimize, future regulatory enforcement including fines and jail terms for culpable officers and other employees.