By John L. Guerra
Editor, GRC & Fraud Software Journal
Vicente Garcia, SAP International’s former vice president of global and strategic accounts. now sits in a federal prison serving a 22-month sentence for bribing foreign officials.
Because SAP neither maintained internal controls nor properly audited Garcia’s Panamanian software contracts, the global software company was held liable for Garcia’s crimes.
Garcia pled guilty to one count under the Foreign Corrupt Practices Act (FCPA) in August 2015 for bribing Panamanian government officials in a successful attempt to win large software contracts for SAP. The U.S. Securities and Exchange Commission also ordered him to pay $85,000 in disgorgements, equal to the amount of kickbacks he received from the software sales.
SAP takes the blame
The big fines went to Waldorf, Germany-based SAP, which develops GRC software – and a solution to help companies avoid breaking the FCPA. On Feb. 1, SAP paid the SEC a $3.9 million fine, which represents the company’s profit over the life of the bribed contracts plus interest, SEC said.
It is a powerful reminder of how vital GRC software and associated audit and regulatory compliance policies are to a company’s bottom line. The lesson: No company, no matter how accomplished, is immune from hidden activities by its employees.
Garcia hid activities from bosses
Here’s how the SEC says Garcia circumvented SAP’s internal controls to successfully operate his scheme, which the SEC says ran from 2009 to 2013:
- Garcia inserted himself into the business opportunity by convincing SAP bosses that as vice president of global and strategic accounts, he should be in charge of the Panamanian government market. “Initially this endeavor was led by local SAP sales employees in Mexico,” the SEC said.
- Garcia used his personal Yahoo! e-mail account when communicating with Panamanian government officials.
- He wrote Panamanian officials using SAP letterhead to “document” fictitious meetings and itineraries.
- Garcia did not inform higher ups at SAP when a Panamanian lobbyist told him he had to bribe three Panamanian officials to win contracts.
- Garcia discussed with connections (again via personal e-mail) plans to pay bribes and receive kickbacks. He even included spreadsheets outlining bribe payments in those emails.
- According to the SEC, Garcia created two fake contracts with the stated purpose that “no trace remains if SAP conducts an audit … I made it as simple as possible and made it look like a real contract.”
SAP audits failed to find scheme
To fund his bribes, the SEC said, Garcia sold SAP software at 82 percent discount to an SAP partner company in Mexico. The partner then resold the software at a much higher price to the Panamanian government.
The profit from those sales created a self-sustaining slush fund for further bribes. That ensured bribe money would not come directly from SAP accounts, the SEC said.
Once the discounts were falsely recorded as legitimate discounts on the books of SAP’s Mexican subsidiary, they were subsequently consolidated into SAP’s financial statements.
SEC requires FCPA scrutiny
The SEC’s order for SAP to pay $3.9 million cited, among other control deficiencies, the “wide latitude provided to SAP employees in seeking and approving discounts to local partners, and the acceptance of discounts without company verification or anti-corruption scrutiny.”
International companies with agents operating in foreign countries are required to ensure that employees operate under the law. That requires constant contact with overseas employees and auditing of contracts and other agreements.
SAP, the SEC said, failed to “devise and maintain an adequate system of internal accounting controls sufficient to prevent or detect improper payments to government officials.”