Yesterday, the SEC announced a Foreign Corrupt Practices Act books and records and internal controls enforcement action against Oracle Corporation.
With the enforcement action, the dilution of FCPA enforcement has reached a new level. The only allegations against Oracle itself is that it failed to audit distributor margins against end user prices and that it failed to audit third party payments made by distributors. It is common for large multi-national companies to have hundreds, if not thousands, of distributors. Because of this, audits Oracle was held liable for not conducting are not practical or cost-effective absent red flags suggesting improper conduct. The SEC did not allege any such red flag issues. In fact, the SEC alleges that Oracle’s Indian subsidiary “concealed” and kept “secret” the conduct from Oracle. Congress did not intend for the FCPA’s books and records and internal control provisions to be a strict liability statute. The SEC used to recognize this. However, it no longer does as once again demonstrated by the Oracle action.
