FOIA CONFIDENTIAL TREATMENT
REQUESTED BY NETAPP, INC.: NTAP-2012.1
April 23, 2012
CERTAIN PORTIONS OF THIS LETTER HAVE BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATEMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS. OMITTED INFORMATION HAS BEEN REPLACED IN THIS LETTER WITH A PLACEHOLDER IDENTIFIED BY THE MARK “[***]”.
Via EDGAR and Overnight Delivery
Ms. Cecilia Blye
Chief, Office of Global Security Risk
Division of Corporate Finance
Securities and Exchange Commission
Washington, DC 20549
| Re: | NetApp, Inc. |
Form 10-K for the Fiscal Year Ended April 29, 2011
Filed June 23, 2011
File No. 0-27130
Dear Ms. Blye:
NetApp, Inc. (“NetApp” or the “Company”) respectfully submits this correspondence in response to the Securities and Exchange Commission’s (“SEC” or “Commission”) comment letter, dated December 15, 2011, concerning the Company’s Form 10-K for the fiscal year ended April 29, 2011 (the “Comment Letter”).
Confidential Treatment Request
Because of the commercially sensitive nature of the information contained herein, this submission is accompanied by a request for confidential treatment for selected portions of the letter pursuant to the Commission’s Rule 83 (17 C.F.R. § 200.83). We have filed a separate letter with the Office of Freedom of Information and Privacy Act Operations in connection with the confidential treatment request. Omitted information has been replaced in this letter with a placeholder identified by the mark “[***]”.
Company Comment Response
To facilitate your review of the Company’s responses, your comments are reproduced below in italicized, bold type, followed, in turn, by our response. Please do not hesitate to contact us regarding questions or clarifications to the responses outlined below.
| 1. | We are aware of recent news reports that hardware and software sold by your subsidiary are being used by the Syrian government to archive e-mails as part of a nationwide Internet surveillance system being used to monitor people in Syria. In particular, we note reports that as early as March 11, 2010, your products appeared in |
| Securities and Exchange Commission April 23, 2012 Page 2 |
FOIA CONFIDENTIAL TREATMENT REQUESTED BY NETAPP, INC.: NTAP-2012.1 |
| blueprints for the surveillance system being implemented in Syria, and that certain employees of your subsidiary discussed via e-mail how to configure your equipment after it was delivered to Syria. As you know, Syria is designated as a state sponsor of terrorism by the State Department, and is subject to U.S. economic sanctions and export controls. |
Please describe to us the nature, duration, and extent of your past, current, and anticipated contacts with Syria, whether through subsidiaries, distributors, resellers, vendors, or other direct or indirect arrangements. Your response should describe any products, equipment, components, technology, software, information, support, and services, including but not limited to software updates or hardware repairs, that you have provided or intend to provide into Syria, directly or indirectly, and any agreements, commercial arrangements, or other contacts you have had with the government of Syria or entities controlled by the Syrian government. Please address specifically the aforementioned reports of Syrian government use of your products in surveillance activities.
As a global company in the data storage industry with over 12,000 employees in 150 offices worldwide, NetApp is committed to compliance with the U.S. export controls laws and regulations and maintains an extensive export controls compliance program as described more fully in our response to Comment 4 below. NetApp takes any allegation of a potential violation of export controls laws seriously and maintains a policy of promptly addressing such issues.
NetApp does not maintain operations in Syria, and it is a clear violation of the Company’s policy to provide any products, equipment, components, technology, software, information, support or services, including updates and repairs, to Syria without a license, directly or indirectly, or to have agreements, or commercial arrangements with the government of Syria or entities controlled by the Syrian government. [***].
The Company is aware of the news reports referenced by the Commission. Following the publication of media reports in November 2011 asserting that NetApp’s products, along with products from other U.S. technology companies, may have been shipped to Syria through a third party, the Company immediately engaged outside counsel to conduct a review of the matter, notified the Department of Commerce, Bureau of Industry and Security (“BIS”) of the internal review and conveyed the Company’s intention to cooperate with the U.S. government. The Company also contacted the Treasury Department’s Office of Foreign Assets Control (“OFAC”), alerting OFAC to the media reports concerning Syria. The Company disclosed the internal review and media reports in its Form 10-Q for the fiscal quarters ended October 28, 2011 and January 27, 2012, which were filed with the Commission in December 2011 and March 2012, respectively.
2
| Securities and Exchange Commission April 23, 2012 Page 3 |
FOIA CONFIDENTIAL TREATMENT REQUESTED BY NETAPP, INC.: NTAP-2012.1 |
The internal review is ongoing. At this juncture, the review has found no evidence that NetApp, Inc. or any of its subsidiaries directly exported products to the Syrian government or any other individual or entity in Syria. [***].
| 2. | You disclose on page 54 and 113 that you derive revenues from Latin America, the Middle East, and Africa, regions that can be understood to include Cuba, Iran, and Sudan. Cuba, Iran and Sudan are designated as state sponsors of terrorism by the State Department and are subject to U.S. economic sanctions and export controls. Please describe to us the nature, duration, and extent of your past, current, and anticipated contacts with Cuba, Iran, and Sudan, if any, whether through subsidiaries, distributors, resellers, vendors, or other direct or indirect arrangements. Your response should describe any products, equipment, components, technology, software, information, support, and services, including but not limited to software updates or hardware repairs, that you have provided or intend to provide into those countries, directly or indirectly, and any agreements, commercial arrangements, or other contacts you have had with the governments of those countries or entities controlled by those governments. |
NetApp does not maintain operations in Cuba, Iran, or Sudan, and it is a clear violation of the Company’s policy to provide any products, equipment, components, technology, software, information, support or services, including updates and repairs, to Cuba, Iran, or Sudan without a license, directly or indirectly, or to have agreements, or commercial arrangements with the governments of Cuba, Iran, or Sudan, or entities controlled by these governments. [***]. To comply with its U.S. export controls obligations, NetApp has designed a compliance program – known as the Global Internal Compliance Program (“Global ICP”) – to detect risk factors and “red flags,” address proposed or actual contacts with sanctioned countries and prevent any illegal business with such sanctioned countries. The compliance program informs and instructs employees on how to deal with such situations and outlines a procedure for dedicated compliance personnel, the Global Trade Compliance Group (“GTC Group”), to investigate any issues.
| 3. | Please tell us whether, to the best of your knowledge, understanding, and belief, any products, equipment, components, software, or technology you have provided or intend to provide, directly or indirectly, into Cuba, Iran, Sudan, and/or Syria are controlled items included in the Commerce Control List. If so, tell us whether any such item have military uses, and describe such possible uses of which you are aware. Also, advise us whether, to the best of your knowledge, understanding, and belief, any such items have been put to military uses by Cuba, Iran, Sudan, and/or Syria, and discuss any such uses of which you are aware. |
3
| Securities and Exchange Commission April 23, 2012 Page 4 |
FOIA CONFIDENTIAL TREATMENT REQUESTED BY NETAPP, INC.: NTAP-2012.1 |
[***] Certain of the Company’s products are controlled items included in the Commerce Control List. The hardware products are classified under ECCN 5A002.a.1, the proprietary software under ECCN 5D002.c.1, and spare parts under EAR99, 5A991.b, and 5D992.b. [***].
| 4. | You stated in a letter to us dated March 12, 2010, and currently you state on your website, that you “actively employ comprehensive policies, procedures, and systems to ensure compliance with U.S. export control and economic sanction laws and regulations.” Please describe for us your current policies, procedures, and systems to ensure compliance with U.S. economic sanction laws and export control regulations, and tell us whether you have undertaken any additional measures or implemented enhanced controls in light of the reported use of your products by the Syrian government. |
NetApp’s Global ICP is an extensive export controls compliance program and accompanying export controls infrastructure and is available to NetApp employees on the Company’s intranet. The Global ICP includes policies, procedures, and systems for ensuring compliance with U.S. export controls laws and regulations. The Global ICP expresses the Company’s commitment to global trade compliance and expressly states that it is the Company’s policy to comply with the U.S. export controls laws.
The Global ICP includes: a clear expression of the Company’s commitment to export controls compliance; a detailed policy available to NetApp personnel; training of relevant personnel; automated systems to facilitate screening for potentially problematic end-users; processes for identifying “red flags” for possible diversion of NetApp products; dedicated global trade compliance personnel; a general anonymous reporting hotline for employees to raise any concerns; an export controls-specific email address dedicated to employee questions and concerns; and an assessment function.
As part of the Global ICP, the Company maintains the GTC Group, headed by an export controls professional with over 30 years’ experience in the industry, supported by export controls specialists as well as by lawyers in the Company’s legal department. The GTC Group’s charter is to develop and maintain effective import/export compliance programs and procedures that meet applicable trade laws. The GTC Group is responsible for educating and training NetApp personnel and reviewing the Company’s compliance with applicable export controls laws. The GTC Group also classifies NetApp’s products for export. Finally, the GTC Group is empowered to conduct regular reviews of NetApp compliance with the Global ICP, make recommendations on how to improve compliance, and take corrective actions when necessary. NetApp views dedicated global trade compliance personnel as an important piece of its compliance program.
As part of its export controls compliance infrastructure, NetApp has implemented a customer screening program that includes third-party automation software to screen all known parties to a transaction. The program requires NetApp employees to collect certain categories of information concerning prospective NetApp customers and transactions and screens those
4
| Securities and Exchange Commission April 23, 2012 Page 5 |
FOIA CONFIDENTIAL TREATMENT REQUESTED BY NETAPP, INC.: NTAP-2012.1 |
customers for restricted parties, embargoed and restricted countries, and high-risk customer behavior or characteristics, also known as “red flags,” indicating possible concerns of product diversion. The process also includes screens to determine the end-use of the products. If “red flags” or substantial risk factors are found, an additional level of diligence and scrutiny is executed in order to vet fully the legality of the proposed transaction.
Importantly, the Global ICP contains a specific process for NetApp employees seeking internal consultation regarding the propriety of specific export transactions, including an escalation chain reporting system with the legal department and/or senior management.
To further enhance its Global ICP, NetApp [***], is strengthening U.S. trade law contractual terms in its customer agreements and is implementing additional measures to reinforce NetApp employees’ awareness regarding the importance of compliance with U.S. export controls and economic sanctions laws, including how to identify and handle high risk transactions and the risks of diversion.
| 5. | You state on your website that you have notified the U.S. government about a news report regarding use of your products by the Syrian government. Please tell us which U.S. government agency or agencies you have notified about the matter, and tell us the current status of your dealings with the agency or agencies to which you refer. |
Following the publication of media reports in November 2011 asserting that NetApp’s products may have been shipped to Syria through a third party, the Company immediately engaged outside counsel to conduct a review of the matter, notified BIS of the internal review and conveyed the Company’s intention to cooperate with the U.S. government. In mid-December 2011, the Company also contacted OFAC, alerting OFAC to the media reports concerning Syria, NetApp’s BIS notice, and its ongoing review of the matter. Since notifying BIS and OFAC, NetApp’s outside counsel has remained in contact with BIS concerning the review.
| 6. | Please discuss for us the materiality of the contacts with Cuba, Iran, Sudan, and/or Syria you describe in response to the foregoing comments, and whether those contacts constitute a material investment risk for your security holders. You should address materiality in quantitative terms, including the approximate dollar amounts of any associated revenues, assets, and liabilities for the last three fiscal years and the subsequent interim period. Also, address materiality in terms of qualitative factors that a reasonable investor would deem important in making an investment decision, including the potential impact of corporate activities upon a company’s reputation and share value. As you know, various state and municipal governments, universities, and other investors have proposed or adopted divestment or similar initiatives regarding investment in companies that do business with U.S.-designated state sponsors of terrorism. Your materiality analysis should address the potential impact of the investor |
5
| Securities and Exchange Commission April 23, 2012 Page 6 |
FOIA CONFIDENTIAL TREATMENT REQUESTED BY NETAPP, INC.: NTAP-2012.1 |
| sentiment evidenced by such actions directed toward companies that have contacts with Cuba, Iran, Sudan, or Syria. In this regard, you should discuss specifically the above-referenced news reports about Syrian government use of your products in surveillance activities. |
As noted above, the Company does not have operations in Cuba, Iran, Syria or Sudan and maintains a strict policy of prohibiting unlicensed business with these sanctioned countries.
In quantitative terms, [***].
With respect to qualitative factors that a reasonable investor would deem important, [***]. NetApp is committed to compliance with the U.S. export controls and economic sanctions laws, evidenced by its compliance program and dedicated global compliance personnel, and maintains a strict policy against doing unlicensed business with Syria and other sanctioned countries. At this juncture, the internal review has found no evidence that NetApp, Inc. or any of its subsidiaries directly exported products to the Syrian government or any other individual or entity in Syria. The Company is in contact with BIS and intends to cooperate with the U.S. government. The Company is taking steps to enhance its compliance regime and further educate its employees regarding, among other things, the risks of diversion.
Notwithstanding these factors, there is a risk that the Company could face adverse action from the government [***] or suffer reputational harm due to ongoing publicity that may affect investor sentiment. NetApp has disclosed the risks that a potential investor may deem material in each of its Quarterly Reports on Form 10-Q filed with the Commission since November 2011. For example, in the Company’s recent Form10-Q for the period ending January 27, 2012, the Company stated in its Risk Factors section:
“Even though we take precautions to prevent our products from being shipped to U.S.-sanctioned targets, our products could be shipped to those targets by our channel partners, despite such precautions. For instance, media reports starting in November 2011 have asserted that certain of our products were delivered to Syria through a third party vendor possibly in violation of U.S. export-control laws. We have publicly stated that we condemn any illegal shipments of our products to Syria, notified BIS of an internal review we are conducting and our intention to cooperate, and have offered our assistance to the U.S. government. We are aware that three U.S. senators have sent letters to the departments of Commerce and State requesting an investigation into how our products came into the possession of the Syrian government and asking that certain penalties be considered, such as suspension or debarment from conducting business with the U.S. government until the conclusion of a governmental investigation into the matters asserted in the media. If we are found to have violated U.S. export control laws, we may be subject to various penalties available under the laws, any of which could have a material and adverse impact on our business, operating results and financial position. Even if we are not found to have violated such laws, the political and media scrutiny surrounding any governmental investigation of us, including any suspension or debarment from conducting business with the
6
| Securities and Exchange Commission April 23, 2012 Page 7 |
FOIA CONFIDENTIAL TREATMENT REQUESTED BY NETAPP, INC.: NTAP-2012.1 |
U.S. government, could cause us significant financial and reputational harm and distract senior executives from managing our normal day-to-day operations, which could have a material and adverse impact on our business, operating results and financial position.”
*****
The Company acknowledges that:
| • | The Company is responsible for the adequacy and accuracy of the disclosure in the Company’s Form 10-K for the Fiscal Year Ended April 29, 2011; |
| • | Staff comments or changes to disclosure in response to Staff comments do not foreclose the Commission from taking any action with respect to the Company’s Form 10-K for the Fiscal Year Ended April 29, 2011; and |
| • | The Company may not assert Staff comments as a defense in any proceeding initiated by the Commission or any person under the federal securities laws of the United States. |
If you have any further questions or comments, please direct these either to me at (408) 822-8700 or to Steve Bochner of Wilson Sonsini Goodrich & Rosati, the Company’s external counsel, at (650) 354-4110. Thank you for your assistance.
| Sincerely, |
| /s/ Matthew Fawcett |
| Matthew Fawcett |
| Senior Vice President, General Counsel and Secretary, |
| NetApp, Inc. |
| cc: | Nicholas Noviello, Executive Vice President Finance and |
Chief Financial Officer, NetApp, Inc.
Deanna Butler, Senior Director – Legal, NetApp, Inc.
Steve Bochner, Wilson Sonsini Goodrich & Rosati, P.C.
7