On August 29, 2019, the Securities and Exchange Commission ("Commission" or "SEC") agreed to resolve an enforcement action against Juniper Networks, Inc. ("Juniper" or the "Company"), a Silicon Valley-based cybersecurity and networking firm, over alleged violations of the internal accounting controls and books and records provisions of the Foreign Corrupt Practices Act ("FCPA") related to discounting practices and travel benefits provided by its subsidiaries and representative offices in Russia and China.1   Under the settlement, Juniper neither admitted nor denied the allegations and agreed to pay a total of $11.7 million in sanctions. In early 2018, the Company announced in an SEC filing that the Department of Justice ("DOJ") had closed its inquiry into a matter involving FCPA violations.2

The Commission alleged that certain employees of the Russian representative office of the Company's Delaware subsidiary, JNN Development Corp. ("JNN"), from 2008 to 2013, purported to offer increased discounts to end-user customers. In reality, the discounts were not passed on to customers but instead were retained by JNN's third-party channel partners in off-book accounts called "common funds."

According to the Order, the common funds were used by local JNN employees and intermediaries to pay for travel for end-user customers and their family members, including some foreign officials—travel that the Commission called "excessive, inconsistent with Juniper policy, predominantly leisure in nature, and [having] little to no legitimate business purpose." Order ¶ 11. Travel destinations included international tourist cities in Italy and Portugal, and national parks and amusement parks in the United States, places without Juniper facilities, industry specific conferences, or other legitimate business justifications. The SEC asserted that the travel was "directly linked" to future bookings, citing one case where a JNN employee stated in an approval request that the "purpose of the trip" was to meet with a "top [state-owned customer] manager to speed up Q2 bookings." Id.

Another travel scheme allegedly arose in Juniper's subsidiaries in Hong Kong and Shanghai (together "Juniper China"), from 2009 to 2013. Local employees of Juniper China covered the cost of travel and entertainment for customers, including some foreign officials, that was excessive and contravened Juniper's policies. In some cases, these Juniper China employees submitted falsified trip agendas to Juniper's Legal Department. According to the Order, the agendas deceptively understated the true proportion of leisure and entertainment on these trips. In other cases, employees bypassed the approval process altogether. Order ¶ 14. The SEC alleged that these compliance failures were compounded by Juniper Legal employees within the region regularly approving events that had already taken place, in contravention of the Company's pre-approval policy. Order ¶ 15.

The Order contains no allegations that the benefits in China were provided with the intent to obtain business or other favorable treatment. In addition, while the Order requires the payment of disgorgement, none of the conduct in Russia or China described in the Order is tied to any particular business obtained.

Despite numerous references in the Order to Juniper subsidiary employees providing things of value to foreign officials, the Commission charged only books and records and internal accounting controls violations. The Commission did not bring an anti-bribery charge, perhaps because of the tenuous connection of the conduct to the United States or perhaps due to the fairly scant evidence in the Order of corrupt intent.

Although the conduct described in the Order and the penalties are relatively modest by today's FCPA standards, the case is notable in a number of respects. Among other things:

  • The action highlights the importance of compliance controls around pricing and discounts, particularly in the technology industry where business models typically involve heavy reliance on third-party channel partners and deep discounts. Providing standard pricing and discount guidance and requiring robust approval procedures for non-standard discounts are key controls to help prevent third parties from using excess margins improperly.
  • Relatedly, while due diligence and contracting procedures are important controls when interacting with third parties, it may be necessary or appropriate in some cases to conduct audits of third parties or take other monitoring steps in order to detect some schemes. Ongoing monitoring of third-party relationships is often the place where compliance programs have gaps.
  • The case is a helpful reminder that travel and entertainment continue to be FCPA risk areas. Even though such conduct often does not involve high dollar amounts and may be difficult, as it appeared in this case, to tie directly to efforts to obtain business, the U.S. enforcement authorities, particularly the SEC, will not hesitate to pursue enforcement action where there is evidence of control failures or efforts by employees to subvert existing controls. The fact that Legal personnel apparently overlooked pre-approval requirements in the Company's own procedures undoubtedly was considered problematic by the SEC.
  • The Order also noted that employees used personal devices in an effort to thwart detection. Order ¶ 12. U.S. authorities have increasingly focused on the use of personal devices and the use of informal chat and text applications. Not only are such communications methods disfavored by enforcement authorities, they also often create impediments to conducting a full internal investigation of potential wrongdoing, particularly in light of the growth of personal privacy legislation around the globe. Companies should take steps to train employees on proper use of such communications methods and provide guidance so that business communications are accessible and can be retained as appropriate.
  • The SEC also emphasized Juniper's failure to remediate the conduct after it became aware of it. Although the conduct in Russia became known to Juniper in 2009, and although the Company instructed its employees to stop, those remedial efforts "were ineffective," the SEC said, and the activity continued until 2013. Order ¶ 12. The case is another example of a company facing penalties in part for failing to address problems when they are detected.
  • The SEC imposed a civil penalty approximately one-third greater than the amount of the disgorgement, which is unusual, particularly in a case where the company was credited for cooperating with the Commission's investigation. Specifically, the Commission imposed a civil monetary penalty of $6.5 million, in addition to $4 million in disgorgement and $1.3 million in prejudgment interest. While it is difficult to discern the reasoning behind such a result based only on the public papers, the result may reflect the SEC's dim view of the conduct but inability to tie the conduct directly to profits associated with it.
  • Although the Company did not voluntarily disclose the conduct, the SEC noted the Company's cooperation and remediation, which included, among other things, enhancing controls to include pre-approval of non-standard discounts, channel partner marketing expenses, and "even certain operating expenses in high risk markets." As noted above, compliance procedures and approvals relating to discounts and third-party expenditures are increasingly important elements of an effective compliance program.

Footnote

1 SEC Cease and Desist Order ("Order") (Aug. 29, 2019).

2 Juniper Networks, Form 8-K (Feb. 9, 2018).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.