 By Pam Fulmer
If your business financed an Oracle NetSuite ERP implementation through Oracle Credit Corporation or Oracle America, Inc. and received a collection demand from Banc of America Leasing & Capital, LLC or Bank of America N.A., or another bank, you may have been told that you must keep making payments even if the software was never delivered, never worked, or was sold to you through misrepresentation. There are ways to attack the clause under California law, but Oracle and its assignees have developed a clever scheme that shifts risk to the Oracle customer and gives Oracle leverage in settlement discussions. When a NetSuite implementation fails — and industry litigation makes clear that this seems to happen with some frequency — Oracle customers quickly discover an uncomfortable reality. The company that sold them the software and promised a successful implementation has already sold off the right to collect their payments. Oracle Credit Corporation (OCC), Oracle's captive financing subsidiary or Oracle America, Inc. itself (collectively “Oracle”), assigned the payment stream to a third-party bank almost immediately after the contract was signed. That bank, often Banc of America Leasing & Capital, LLC (“BALC”) or Bank of America N.A. (“BANA”) or a Wells Fargo entity, now shows up demanding full payment and citing a clause in the financing agreement that says, in effect, you agreed to pay the Assignee no matter what. At last count since 2020, BALC had filed over 70 collections lawsuits in San Mateo Superior Court in California alone seeking to enforce these assignments against Oracle customers. This clause — sometimes called a "hell or high water" provision or a "waiver of defenses" clause — is a deliberate piece of transaction engineering. Although we do not have the actual agreement between Oracle and the Bank of America entities (yet), it appears from public filings that Oracle monetizes the payment stream almost on day one, mitigating its own financial exposure for failed implementations and leaving customers with an ongoing obligation to a bank that claims it bears no responsibility for Oracle's performance. The practical effect of this arrangement is to exert enormous pressure on the Oracle customer—it finds itself fighting a battle on the one hand to get Oracle to right the project and deliver the promised solution, and on the other it faces a possible collections action and a hit to its credit. Third party banks pressing for payment give Oracle leverage in settlement discussions with its customer. This creates cash flow pressure and a tactical advantage for Oracle. The clause shifts risk and inconvenience to the customer but doesn't eliminate their legal rights against Oracle — it just makes exercising those rights more expensive and burdensome. The question California courts must answer is whether that arrangement is actually enforceable. Legal arguments exist that it may not be. What the Clause Actually Says We are able to ascertain the language of the typical OCC Payment Plan Agreement from public court filings. Here is a screenshot of the actual clause, which was a part of an exhibit to a Complaint brought by BALC against an Oracle customer. BALC's litigation position rests entirely on that clause. Its argument is that the customer contractually waived every defense it could ever raise against Oracle — fraud, breach of contract, failure to deliver — and that BALC, as assignee, is entitled to enforce that waiver. In legal terms, BALC is claiming the functional equivalent of "holder in due course" status: the right to collect a payment obligation free from any defense related to the underlying transaction. And indeed that is the argument that some of these Oracle assignees have raised in litgation against Oracle customers. Although the Oracle customer can still assert defenses in litigation against Oracle, it shifts the burden to the customer. It makes it risky for the customer to stop paying when Oracle fails to perform and thereby puts Oracle in the driver’s seat. However, BALC’s argument may fail under California law for at least five independent reasons. Why the Clause May Not Hold Up The statute that could save BALC expressly requires good faith and lack of notice — conditions BALC cannot meet. California Commercial Code Section 9403 governs exactly this situation: waiver-of-defense clauses in assigned financing agreements. It makes such clauses enforceable by an assignee, but only if that assignee took the assignment for value, in good faith, and without notice of the defense being waived. This is not a loophole — it is the core of the statute. BALC has filed over 60 collection actions against Oracle customers arising from Oracle/OCC assignments in San Mateo County Superior Court alone. Multiple court cases, legal industry publications, and news coverage appear to document Oracle's pattern of overselling NetSuite's capabilities and failing to deliver working implementations. By no later than 2021, any institutional lender systematically acquiring OCC assignments had access to — and reason to know of — that pattern. That is because when the banks try to collect the customers explain that Oracle failed to deliver a working system, and the customers tell that directly to BALC or BANA when they try to enforce the assignment. The response—too bad. Pay anyway or face a contract where payments have been accelerated and a collections action. Under these circumstances where the banks are aware of a multitude of implementation failures with multiple Oracle clients claiming fraud, it makes any argument that these banks were innocent strangers to the transaction seem implausible. The statute that would make the clause work against customers may expressly deny the banks the benefit of it. California Civil Code Section 1668 voids any clause that purports to exempt a party from its own fraud. This statute is unambiguous: contracts that have the object, directly or indirectly, of exempting anyone from responsibility for their own fraud are against the policy of California law and are void. If Oracle's sales representatives misrepresented NetSuite's capabilities as multiple Plaintiffs in lawsuits against Oracle contend, then a clause in a subsidiary's financing agreement that requires the customer to keep paying regardless of that fraud is precisely what Section 1668 prohibits. OCC is either a subsidiary or affiliate of Oracle. BALC is OCC's assignee. Neither can stand at a greater legal distance from Oracle's fraud than Oracle itself. The clause was procured through the same fraud it purports to waive. Even setting aside public policy, a contractual waiver signed under the influence of fraudulent misrepresentation is itself voidable. No rational businessperson agrees, in the abstract, to pay in full for software that is never delivered. Court cases allege that customers signed these agreements because Oracle's representatives told them the implementation would succeed, that the SuiteSuccess methodology was proven, and that their industry's needs would be met out of the box. Oracle customers have alleged that those representations were false. If the entire contract — including the embedded waiver clause — was induced by that fraud, California law allows customers to rescind it on that basis. The clause is unconscionable. California Civil Code Section 1670.5 allows courts to refuse to enforce a contract clause that was unconscionable at the time it was made. Arguments can be made that the "hell or high water" clause satisfies both requirements. Procedurally, it appears in a pre-printed, non-negotiable financing form presented to a small or mid-sized business by one of the world's largest software companies at the tail end of a long DocuSign — there is no meaningful opportunity to negotiate. Substantively, a clause requiring unconditional payment even in the face of fraud, total non-performance, and a completely non-functional ERP system is so one-sided that it eliminates the most basic protection a contracting party has: the right to withhold payment when the other party doesn't perform. California's Supreme Court has held that the more substantively oppressive a clause, the less procedural unconscionability is needed to strike it down. This clause is arguably about as substantively oppressive as commercial contract terms get. Enforcing the clause would constitute unjust enrichment. California does not permit a party to be enriched at the expense of another under circumstances where it would be unjust to retain the benefit. Allowing BALC to collect the full contract price for software that was never implemented — while the customer simultaneously had to find and pay for an alternative ERP system — would give Oracle and BALC the economic benefit of a transaction whose only consideration was never delivered. That is textbook unjust enrichment, and California law provides equitable remedies for it. The Broader Picture These five arguments are not alternative theories of the same claim — they are independent, stacking grounds for relief, each sufficient on its own. Together, they reflect a California legal framework that has never been designed to let one contracting party use a subsidiary and an affiliated bank to insulate itself from the financial consequences of its own fraud and breach. The "hell or high water" clause is not meaningless in every context. If Oracle delivered a working implementation and the customer simply regretted the purchase, the clause would likely hold. But in the case of systematic misrepresentation, total implementation failure, and an assignee that knew exactly what it was collecting on, California law provides customers with a robust set of defenses — statutory, contractual, and equitable — to attack the provision. Businesses receiving collection demands from Banc of America Leasing & Capital or Bank of America, N.A., arising from Oracle NetSuite financing agreements should not assume that the presence of this clause in their contract means they have no options. The law in California is more protective than Oracle and BALC's litigation posture suggests. Tactical Law advises companies in disputes with Oracle assignees over failed Oracle ERP contracts.
0 Comments
By Pam Fulmer
Your company receives a letter from Oracle’s License Management Services. It is politely worded but unmistakably serious. Oracle is exercising its contractual audit rights and would like your organization to cooperate in a review of your software deployments. For many companies, the instinct at this moment is to cooperate fully, correct any genuine issues, and resolve the matter quickly. That instinct, while understandable, is exactly what Oracle is counting on. What follows the audit letter is not a neutral compliance review. It is the opening move in a carefully engineered revenue strategy that Oracle’s own employees have described in federal court filings as “Audit, Bargain, Close” — or ABC. Understanding how this strategy works, what rights you actually have, and how experienced legal counsel can level the playing field is the difference between a six-figure settlement on your terms and an eight-figure capitulation on Oracle’s. The “Audit, Bargain, Close” Strategy: What We Know from Court Records The term “Audit, Bargain, Close” did not originate with Oracle’s critics. It originated inside Oracle itself. In a class action securities lawsuit against Oracle, a consolidated complaint alleged, based on statements from nine former Oracle employees identified with specificity, that Oracle systematically used coercive audit practices to manufacture cloud subscription revenue. “The sales team would identify large clients they thought they could get more money out of and threaten them with audits… frequently, neither sales nor LMS had real evidence that customers targeted for audits were noncompliant, but the mere threat of an audit would put customers under so much pressure that they had no choice but to agree to Oracle’s demands.” — Former Oracle Employee, Federal Court Filing This is not a fringe allegation. The complaint describes in granular detail a system in which Oracle’s License Management Services (LMS) also know as Global License Advisory Services (GLAS) — the internal audit arm — and Oracle’s sales division operated in close coordination, with sales identifying audit targets and, in some cases, drafting the threatening audit letters that LMS then sent to customers. A federal court allowed the case to proceed on a narrow securities fraud theory, finding the allegations legally sufficient to state a plausible claim. The three phases of the strategy, along with what your company should do, break down as follows: AUDIT Sales/LMS identify target accounts — often with no real evidence of non-compliance. Soft audit inquiry or formal LMS letter sent. Do not respond informally. Retain legal counsel immediately. Channel all communications through a single designated contact. BARGAIN Oracle presents inflated "shock number" compliance gap, then offers a "discount" if you purchase cloud subscriptions or a ULA. Challenge the methodology. Independently verify all findings. Do not accept Oracle's numbers without scrutiny — they are frequently overstated. CLOSE Oracle leverages quarter-end deadlines and fear of copyright litigation to pressure a fast settlement on its terms. Understand Oracle's fiscal calendar. Deadlines are artificial. A settlement built around your legal position is far stronger than one built around Oracle's timeline. The result: customers who should never have faced a compliance bill pay millions. And Oracle books it as cloud revenue growth. Five Oracle Audit Tactics Your Legal Team Needs to Know 1. The “Soft Audit” Disguised as a Friendly Review Not all Oracle audit pressure arrives with a formal LMS letter. Oracle also deploys what the industry calls “soft audits” — informal outreach from Oracle sales representatives framed as a complimentary license review, a compliance health check, or even an account management call. This is what is going on when you get a call from Oracle about your Java SE deployments. In practice, an informal review carries no contractual audit protections for the customer. There are no defined timelines, no scope limitations, and no formal dispute rights. Customers who participate under the impression that they have “nothing to hide” frequently discover that Oracle’s sales team has collected enough data to generate a large compliance claim — and a cloud subscription proposal to resolve it. Legal note: You are not obligated to cooperate with an informal Oracle review. Only a formal audit notice from Oracle’s LMS or legal counsel invokes your contractual audit obligations. Treat any Oracle compliance outreach as potentially adversarial until you have reviewed your contract and consulted counsel. 2. The “Shock Number”: How Oracle Builds Its Opening Position When Oracle’s LMS presents audit findings, the initial compliance gap figure is almost always dramatically overstated. This is not an accident. Oracle’s auditors appear to be incentivized to identify maximum potential exposure, and they routinely rely on non-contractual policies — particularly the Oracle Partitioning Policy governing VMware virtualization — as if those policies were binding contractual terms. The Oracle Partitioning Policy states that Oracle software running in a VMware environment must be licensed for every physical processor core in the entire cluster, not just the hosts where Oracle is actually deployed. This policy is not part of Oracle’s standard Master License Agreement. It is a unilaterally published document that explicitly states it “may not be incorporated into any contract” and is subject to change without notice. Yet Oracle’s auditors apply it as if customers agreed to it. The practical effect: a company running Oracle database on three hosts in a forty-host VMware cluster may receive an audit claim demanding licenses for all forty hosts. The shock number exists to make the eventual settlement — which might only cover the three actual hosts — feel like a victory for the customer, even if the customer overpays relative to its genuine contractual obligations. Legal note: Oracle’s non-contractual policies cannot expand your license obligations beyond what your actual signed agreements require. A detailed legal analysis of your specific Oracle contracts is essential before responding to any audit findings. 3. Java SE: The New Enforcement Frontier Oracle’s Java enforcement activity represents one of the most significant changes in the enterprise software audit landscape since 2023. Following Oracle’s shift to a per-employee Java SE subscription model, Oracle launched an aggressive global campaign to identify organizations using Oracle’s Java Development Kit without the required commercial subscription. Oracle tracks Java downloads by matching IP addresses to organizations. Companies are being contacted for Java compliance regardless of whether they have any other Oracle products. Gartner has projected that by 2026, at least one in five organizations using Java will face an Oracle audit. Oracle has been targeting companies with as few as fifty employees purely over Java usage, and the pricing model — applied per employee across the entire organization regardless of actual Java use — can produce cost increases exceeding 800 percent compared to prior licensing structures. Java audits follow the same ABC pattern. The soft audit begins with an inquiry from Oracle’s Java sales team, often referencing Oracle’s download records as evidence of non-compliance. Or the Oracle team says that they are there to help you ensure that your data is secure. Organizations that respond without counsel frequently provide far more information than their contracts require, which Oracle then uses to build a large non-compliance claim. Legal note: Oracle’s per-employee Java pricing model has been challenged as an overreach relative to actual usage. Companies may have grounds to contest both the scope of Oracle’s audit claims and the retroactive fee demands that frequently accompany them. 4. The Quarter-End Close Pressure Oracle’s fiscal year ends on May 31. Its quarterly deadlines follow this calendar (August 31, November 30, and then February 28). Oracle’s audit and sales teams know this calendar intimately, and they use it deliberately. As Oracle approaches a quarter-end, the pressure on audit targets intensifies. Proposals that were presented as final become “special offers” with deadline language. Sales teams become more accessible. Discounts appear. The implicit message is that the deal available today will not be available next week. These deadlines are artificial. Oracle’s contractual audit rights do not expire at quarter-end. The “deal” usually does not evaporate but comes back the next quarter and is often better. What Oracle is doing is leveraging its own internal sales cycle against you — creating urgency that has no legal foundation but enormous psychological effect on companies that are not prepared for it. Legal note: Any settlement offer involving Oracle cloud subscriptions, Unlimited License Agreements, or license true-ups should be reviewed carefully by experienced licensing counsel before signature. Settlements signed under artificial deadline pressure often contain terms that create new and expensive obligations for years afterward. 5. Default-Enabled Features: The Trap Oracle Installs for You Court filings in Oracle related litigation include an allegation: that Oracle configured its on-premises software products to automatically install additional options and management packs in an enabled state, without informing customers that these features were active or that using them required additional licenses. Once a customer was found “using” these features — even unknowingly — Oracle’s LMS had a basis for a compliance claim. This pattern is most prevalent with Oracle Database Enterprise Edition, which ships with a wide range of options — Partitioning, Advanced Security, Diagnostics Pack, Tuning Pack, and others — that require separate licenses. Database administrators frequently enable features or run queries that inadvertently activate options. Oracle’s LMS audit scripts are designed to identify these activations, which Oracle treats as evidence of unlicensed use regardless of whether the customer had any knowledge or intent. Legal note: Unintentional feature activation is a common and frequently challenged basis for Oracle audit claims. The fact that a feature was activated does not necessarily mean a license was required or that the customer is liable for retroactive fees. These findings are defensible with the right technical and legal analysis. Oracle Is Not Alone: Quest Software and the Growing Audit Threat Oracle is the most prominent practitioner of aggressive software audit tactics, but it is not the only one. Quest Software — which makes widely-used database tools including Toad, Spotlight, and a range of products that manage Oracle and SQL Server environments — has adopted audit strategies that closely mirror Oracle’s playbook. Quest’s audit activity frequently targets organizations that use Quest tools in virtualized environments or across shared infrastructure, asserting broad license obligations based on deployment configurations that customers did not understand to trigger additional license requirements. Quest, like Oracle, tends to present inflated initial findings and then offer to resolve the matter through subscription upgrades or expanded license purchases. What Oracle Doesn’t Want You to Know: Your Contractual Rights Oracle’s audit process is designed to feel inevitable and one-sided. It is neither. Your Oracle Master Agreement contains specific provisions that define and limit Oracle’s audit rights, and those provisions exist to protect you. Key rights that companies frequently overlook include:
One of the most important things you can do in an Oracle audit is to understand what you agreed to — not what Oracle says you agreed to. Those are frequently very different things. What to Do Before Oracle Comes Knocking: A Practical Framework Before the Audit Letter: Proactive Steps
When the Letter Arrives: Immediate Response
During Negotiations: Protecting Your Position
The Bottom Line: Knowledge Is the Most Powerful Audit Defense Oracle’s “Audit, Bargain, Close” strategy works because most organizations are unprepared for it. They do not know what their contracts say. They do not understand that Oracle’s non-contractual policies are not legally binding. They do not realize that the shock number is designed to be challenged. They respond to artificial urgency with real concessions. The companies that fare best in Oracle audits — and in the audits conducted by Quest, IBM, Microsoft, and other aggressive publishers — share a common characteristic: they treat the audit as a legal matter from the first contact, not from the moment they have already provided the publisher with everything it needs to build its case. Our firm has represented companies across a wide range of industries in Oracle and other audit defense, Oracle and NetSuite ERP litigation, and disputes with other enterprise software publishers. We understand these audit playbooks in depth — including the contractual arguments that work, the technical defenses that matter, and the negotiating strategies that achieve real outcomes. If your organization has received an Oracle audit letter or an informal inquiry about Java — or if you want to understand your exposure before one arrives — we invite you to contact us for a confidential consultation. |
By Tactical Law Attorneys and From Time to Time Their Guests
|
RSS Feed
tactical law group llp |
COPYRIGHT TACTICAL LAW GROUP LLP 2016-20235 ALL RIGHTS RESERVED
|
Legal Disclaimer: Contents may contain attorney advertising under the laws of some states. Prior results do not guarantee a similar outcome.