Microsoft fined more than $25 million after Hungary subsidiary exploits kickback
The three-year operation saw ill-gotten profits used for bribes to government officials
Microsoft has agreed to pay a total of $25.3 million in criminal and civil fines to settle a case involving the software giant's employees in Hungary conducting an illicit operation to bribe government officials.
Between 2012 and 2015, employees at Microsoft Hungary inflated margins of software sales to value-added resellers (VARs) and partners to fund the pay-offs to officials in Hungary and other countries.
"Instead of passing on the discounts to Microsoft's government customers, the discounts were used to fund improper payments intended for foreign government officials to secure software license sales for Microsoft," read the US Security and Exchange Commission's (SEC) report.
Employees sold software to partners at heavily discounted prices - in some cases up to 27.85% - who then sold the software close to retail prices, according to the Washington Post. Poor accounting controls in Saudi Arabia, Turkey and Thailand were cited as the reason for the delay in detecting the abuse by the Microsoft Hungary executives.
Microsoft Hungary agreed to pay $8.7 million in criminal penalties to the US Department of Justice as part of a three-year non-prosecution agreement which was made as a result of the company's extensive co-operation with law enforcement and redial measures, including the termination of four licensing partners and greater company-wide compliance controls.
The remaining fine is to be paid to the SEC in the sum of $16.6 million, based on the complete payback of the $13.78 million the "improper payments" generated for the company, plus an additional $2.78 million in interest.
Microsoft's president Brad Smith sent an extensive email to every company employee on Tuesday with the subject line: "There is no room for compromise when it comes to ethical business practices."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"We were deeply disappointed and embarrassed when we first learned about these events several years ago, and we hope that all of the steps we've since taken, including today's settlement, send a strong message," Smith wrote.
"As a company, we do not tolerate employees and partners who willfully break policies that go to fundamental issues of business integrity," he added.
Microsoft has taken a number of steps to ensure any potential future abuse will be prevented or detected much more quickly.
These measures included a discount transparency programme for public sector sales so government customers receive their rightful discounts and know about them, too. This is to ensure the value of the discount isn't used for improper purposes - the main concern in the Hungary operation.
The company's anti-corruption programme has also been strengthened to meet the latest guidelines and machine learning has been embedded to automatically identify transactions that present a heightened compliance risk.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.