The schemes relied on Oracle resellers and distributors in India, Turkey and the United Arab Emirates
Oracle will pay $23 million in a settlement with the US government over bribery schemes foreign company sales representatives and partners allegedly perpetrated for about three years.
This is the second time the Texas-based database services and cloud vendor has been caught creating slush funds overseas, according to the US Securities and Exchange Commission (SEC). The new charges are for schemes perpetrated by Oracle's subsidiaries in Turkey, the United Arab Emirates and India.
Oracle did not admit or deny the SEC's findings, which cover actions committed between 2016 and 2019. But Oracle did take steps to prevent the schemes in the future, according to the SEC.
Oracle will pay $8 million in disgorgement - which is based on the profits made from wrongful conduct - plus a $15 million penalty.
In a statement to CRN, Oracle Corporate Communications Vice President Michael Egbert said, "The conduct outlined by the SEC is contrary to our core values and clear policies, and if we identify such behaviour, we will take appropriate action."
The SEC decided to settle with Oracle due in part to the company cooperating with the investigation, sharing information, providing translations of key documents and facilitating interviews with current and former employees of the foreign subsidiaries.
In a statement about the settlement, Charles Cain, the SEC's Foreign Corrupt Practices Act (FCPA) unit chief, said that the schemes highlight "the critical need for effective internal accounting controls throughout the entirety of a company's operations."
The Capital Markets Board of Turkey, Emirates Securities and Commodities Authority and the Securities and Exchange Board of India assisted the SEC with the investigation, according to the SEC.
The Oracle subsidiaries used slush funds to pay for foreign officials attending technology conferences, a violation of Oracle policies and procedures. In some instances, Turkey subsidiary employees paid for officials' families to accompany them to international conferences and "side trips" to California. Oracle's actions violated the FCPA, according to the SEC.
The SEC last sanctioned Oracle in 2012 for violating the FCPA when an Oracle subsidiary secretly set aside about $2 million from the company's books to make payments to "phony vendors in India." Some of the phony vendors were storefronts that didn't provide any services to Oracle, with Oracle India employees covering their tracks with fake invoices.
Oracle paid a $2 million penalty to settle the 2012 charges, which related to actions Oracle India took between 2005 to 2007, according to the SEC.
Oracle fires employees involved
Oracle fired senior regional managers and employees involved in the misconduct and separated from employees with supervisory responsibilities over the misconduct, according to the SEC. It terminated distributors and resellers involved in the misconduct.
To prevent further misconduct, Oracle strengthened and expanded its global compliance, risk and control functions, creating 15 new related positions and teams at Oracle, according to the SEC.
Oracle also improved its discount approval process, added transactional controls, increased control over the purchase acquisition approval process and limited financial incentives and business courtesies for third parties, especially in public sector transactions.
The company also improved customer registration and payment checking processes related to its technology conferences and reduced "substantially" the number of partners in its Oracle PartnerNetwork, according to the SEC. The company enhanced the due diligence processes for third parties, started a compliance data analytics programme and improved anti-corruption training for employees and third parties.
VARs used for schemes, SEC says
In the SEC cease-and-desist order against Oracle, the agency notes that Oracle's channel partner programme and Oracle value-added resellers (VARs) and value-added distributors (VADs) were part of the scheme.
"While Oracle used the indirect sales model for a variety of legitimate business reasons, such as local law requirements or to satisfy payment terms, it recognised since at least 2012 that the indirect model also presented certain risks of abuse - including the creation of improper slush funds," according to the order.
As part of the scheme, sales employees at Oracle subsidiaries requested purchase orders meant to reimburse resellers and distributors for expenses related to marketing Oracle's products. If the orders were under $5,000, first-level supervisors could approve the orders without corroborating documentation proving that the resellers and distributors did any work.
"Oracle subsidiary employees based in Turkey and the United Arab Emirates requested sham marketing reimbursements to VADs and VARs as a way to increase the amount of money available in the slush funds held at certain channel partners," according to the SEC.
"The direct supervisors of these sales employees, who were complicit in the scheme, approved the fraudulent requests."
The SEC continued: "Oracle Subsidiary employees were able to implement a scheme whereby larger discounts than required for legitimate business reasons were used in order to create slush funds with complicit VADs or VARs. The channel partners profited from the scheme by keeping a portion of the excess deal margin."
Oracle Turkey schemes allegedly included theme park visit
Between 2009 and 2019, Oracle Turkey employees "routinely used the slush funds to pay for the travel and accommodation expenses of end-user customers, including foreign officials, to attend annual technology conferences in Turkey and the United States, including Oracle's own annual technology conference," according to the SEC.
"In some instances, these funds were also used to pay for the travel and accommodation expenses of foreign officials' spouses and children, as well as for side trips to Los Angeles and Napa Valley," according to the SEC.
The SEC continued: "Oracle Turkey's management, including the country leader, knew of and condoned the practice. Given how these schemes were implemented, Oracle lacks records regarding the full size and scope of how these off-book slush funds were used."
In 2016, an Oracle Turkey sales representative implemented a scheme where he falsely claimed that he needed a significant discount on a deal with Turkey's Social Security Institute (SSI) due to intense competitions from other vendors.
An Oracle employee in the US approved the deal but asked for no additional documentation to justify the discount.
"Instead of intense competition, Turkey's public procurement records that were available at the time indicated that the SSI required Oracle products to fulfill the tender, which precluded competition from other original equipment manufacturers," according to the SEC.
"The Turkey Sales Representative used the excess margin to increase the amount of money kept in a slush fund maintained by the VAD for the deal."
The next year, the same Oracle Turkey sales representative used a reseller working on a database infrastructure order to make a slush fund for SSI officials. Oracle U.S. personnel approved "a significant discount" for the deal, generating a margin of about $1.1 million, "only a portion of which was used to purchase legitimate products such as software licences," according to the SEC.
"The Turkey VAR only kept a nominal amount for itself and while following instructions from the Turkey Sales Representative, the Turkey VAR passed the majority of the funds to other entities, including an entity controlled by (an SSI) Intermediary," according to the SEC.
"The Intermediary-controlled entity that was responsible for providing the cash bribes to SSI officials received at least $185,605."
In 2018, the same Oracle Turkey employee "sought to improperly influence" officials with Oracle's Ministry of Interior (MOI) for work on the country's 112 emergency call system.
The Oracle Turkey employee brough four ministry officials on a week-long trip to California "that was likely paid for with funds from a VAD account," according to the SEC.
The Oracle Turkey sales account manager told Oracle headquarters personnel that he needed an excessive, non-standard discount for the project because of the ministry's "budgetary restraints" and "stiff competition from other original equipment manufacturers," according to the SEC.
"In reality, the MOI did not conduct a competitive bidding process for this contract," according to the SEC. "Instead, the MOI required any bidders that responded to the tender offer to include Oracle products in their bid."
At the time, Oracle was headquartered in Redwood Shores, California. During the California trip, ministry officials spent about 15 minutes at Oracle's headquarters. They spent the rest of the week with the Oracle Turkey employee in Los Angeles, Napa Valley and an unnamed theme park.
Oracle Turkey received "a large follow-on order related to the" emergency call system project, according to the SEC.
The Oracle UAE scheme
Meanwhile, Oracle United Arab Emirates (UAE) sales employees used excessive discounts and marketing reimbursement payments to make slush funds - nicknamed "wallets" - at resellers from at least 2014 to 2019, according to the SEC.
"Oracle UAE sales employees directed the VARs how to spend the funds, and used the wallets to pay for the travel and accommodation expenses of end customers, including foreign officials, to attend Oracle's annual technology conference in violation of Oracle's internal policies."
An Oracle UAE sales account manager for a state-owned entity paid about $130,000 in bribes to the entity's chief technology officer for six contracts between 2018 and 2019. Two resellers helped to fund the first three bribes with excessive discounts. The bribes were paid through an entity that was not an Oracle-approved reseller for public sector transactions.
The only purpose for the entity was making bribes, although it was also used as a reseller for the final three deals despite not being an approved Oracle reseller for public sector transactions, according to the SEC.
The Oracle India scheme
Oracle India sales employees used excessive discounts for a transportation company majority-owned by India's Ministry of Railways in 2019.
As part of the scheme, Oracle India sales employees sought a 70% discount on software as part of the deal, citing intense competition from other vendors. An Oracle employee in France approved the request without requesting further documents. In actuality, the publicly available procurement website for the deal said Oracle products were mandated anyway.
"One of the sales employees involved in the transaction maintained a spreadsheet that indicated $67,000 was the ‘buffer' available to potentially make payments to a specific Indian" official, according to the SEC.
"A total of approximately $330,000 was funneled to an entity with a reputation for paying (Indian) officials and another $62,000 was paid to an entity controlled by the sales employees responsible for the transaction."
A version of this article was first published on Computing's sister publication CRN.