April 27, 2010
VIA EDGAR
Securities and Exchange Commission
Division of Corporation Finance
100 F Street, N.E.
Washington, D.C. 20549-7010
Attention: Cecilia Blye, Chief, Office of Global Security Risk
Division of Corporation Finance
100 F Street, N.E.
Washington, D.C. 20549-7010
Attention: Cecilia Blye, Chief, Office of Global Security Risk
| Re: | Symantec Corporation Form 10-K for the Fiscal Year Ended April 3, 2009 Filed June 1, 2009 File No. 000-17781 |
Ladies and Gentlemen:
This letter responds to the comments of the Staff of the Securities and Exchange Commission (the “Staff”) set forth in the letter dated March 17, 2010, from Ms. Cecilia Blye to Mr. Enrique T. Salem of Symantec Corporation (together with its subsidiaries, the “Company”). For your convenience, we have set forth below the Staff’s comment in italicized text, and the Company’s response follows immediately after the comment.
| 1. | General. | |
| We note the disclosure on pages 4 and 39 that you operate in Latin America, the Middle East, and Africa; regional references generally understood to encompass Cuba, Iran, Syria and Sudan. In addition, we are aware of an October 2009 news report that PRO TECHnology, which has offices in Iran and Sudan, is your Platinum Partner. | ||
| Cuba, Iran, Sudan, and Syria are countries that are identified by the State Department as state sponsors of terrorism, and are subject to U.S. economic sanctions and export controls. We note that yourForm 10-K does not include specific disclosure regarding contacts with Cuba, Iran, Sudan, or Syria. Please describe to us the nature and extent of your past, current, and anticipated contacts with Cuba, Iran, Sudan, and Syria, if any, whether through subsidiaries, distributors, or other direct or indirect arrangements. Your response should describe any products, equipment, technology, software, or services that you have provided into Cuba, Iran, Sudan, or Syria, directly or indirectly, and any agreements, commercial arrangements, or other contacts you have had with the governments of those countries or entities controlled by those governments. |
Response:
General Overview
Symantec advises the Staff that Symantec has not directly provided any products, equipment, technology, software, or services into Cuba, Iran, Sudan, or Syria at any time since these respective countries have been identified by the State Department as state sponsors of terrorism. Further, to Symantec’s knowledge, none of Symantec’s distributors or resellers have provided any of Symantec’s products, equipment, technology, software or service into any of such countries since they were so indentified. In addition, Symantec has no agreements, commercial arrangements or other contacts with the governments of those countries or, to Symantec’s knowledge, entities controlled by those governments.
By way of background, Symantec advises the Staff that as part of Symantec’s global compliance under the laws of the United States and other countries in which Symantec conducts business, Symantec does not conduct business or maintain contact with countries identified by the State Department as state sponsors of terrorism, or persons who reside within, or are nationals of, such states. Symantec’s contracts with customers and channel partners contain restrictions and prohibitions on conducting business with, within, or with nationals of countries as to which such business is restricted under the laws of the United States (or applicable laws of other countries).
Additionally, Symantec’s order process includes automated screening of all parties to a transaction against the lists of restricted and prohibited parties published by applicable U.S. and international governmental agencies. Symantec personnel are trained to investigate proposed transactions with persons appearing on such list and to determine whether Symantec may lawfully proceed with the transaction in accordance with applicable laws and company policies. Symantec supplementally informs the Staff that it maintains trade compliance personnel in the United States, Ireland and Singapore for this purpose.
Nature of Operations in Latin America, the Middle East and Africa
Symantec does not conduct business with any persons in Cuba, Iran, Sudan or Syria, or any nationals of these countries. In addition, Symantec’s channel partners are contractually prohibited from the marketing, distribution or sale of any Symantec products, directly or indirectly, to any embargoed country, and from having any contact with any person or entity in any embargoed country in connection with Symantec business. In particular, Symantec contractually excludes Cuba, Iran, Sudan and Syria from its authorized distribution territories, and prohibits contact with persons in these countries or nationals of these countries in connection with Symantec products and services. Additionally, channel partners of Symantec are required to adhere to the terms and conditions of the Symantec Partner Program, which includes similar restrictive contractual language and is supplemented by a comprehensive export control statement in Symantec’s Partner Program guide for each region (please see Appendix A).
Symantec does not accept orders directly from customers, nor through channel partners, where the product that is the subject of the order would be destined for Cuba, Iran, Sudan, or Syria. Symantec has not been made aware of exports by channel partners to Cuba, Iran, Sudan, or Syria.
Relationship with ProTechnology
Specifically with respect to the October 2009 news report naming ProTechnology as a Platinum Partner, and referring to offices in Iran and Sudan, Symantec’s business with ProTechnology is focused in the United Arab Emirates, the Kingdom of Saudi Arabia, and Jordan. ProTechnology primarily
purchases through Symantec distribution partners in the region. Additionally, ProTechnology has represented to Symantec that their office in Iran has been closed for two (2) years.
The Symantec Partner Program requirements for designation as a Platinum Partner are described in Appendix B, Symantec Partner Program Requirements, Europe Middle East and Africa. Iran, Sudan and Syria are excluded from Symantec’s territory definition of C Countries (Rest of EMEA) in accordance with the restrictions under United States and other local law. To the best of Symantec’s knowledge, Symantec’s transactions involving ProTechnology do not and have not included the provision any of products, equipment, technology, software or service into Iran, Sudan, or Syria.
*****
In addition, Symantec acknowledges that:
| • | the company is responsible for the adequacy and accuracy of the disclosure in the filings; | ||
| • | staff comments or changes to disclosure in response to staff comments do not foreclose the Commission from taking any action with respect to the filings; and | ||
| • | the company may not assert staff comments as a defense in any proceeding initiated by the Commission or any person under the federal securities laws of the United States. |
*****
Please direct any comments or questions regarding this filing to me at 650-527-6177 or to Scott C. Taylor, Executive Vice President, General Counsel and Secretary of the Company, at 650-527-6634.
| Very truly yours, | ||||
| /s/ Phillip A. Bullock | ||||
| Phillip A. Bullock | ||||
| Senior Vice President and Chief Accounting Officer Symantec Corporation | ||||
| cc: | Enrique T. Salem, President and Chief Executive Officer James A. Beer, Executive Vice President and Chief Financial Officer Daniel J. Winnike, Fenwick & West LLP Jana Barsten, KPMG LLP |
Appendix A: PartnerNet Guidance to Channel Partners
Symantec Corporation is committed to ensuring its compliance with United States export control laws and the laws of each country in which Symantec does business. Compliance includes providing Symantec partners with information intended to introduce them to their obligations with respect to United States export control laws and the laws of other countries that may affect Symantec software products and services (“controlled technology”).
Please review your agreement with Symantec, in which you are granted permission to distribute or resell Symantec products and services. You will note a section dedicated to notifying you of your basic obligations to comply with export control laws. Symantec products and services may be provided from various locations and Symantec recommends that your compliance program cover the export control laws of the United States, the European Union, Singapore and any destination country to which you sell Symantec products and services. Compliance with these laws may require you to submit reports to the U.S. and other national Governments on your export activity. You are obligated comply with all applicable laws and regulations, whether foreign, federal, state or local, relating to the marketing, manufacture and distribution of controlled technology, including any such laws or regulations relating to the export, re-export or import of Symantec products and services. Symantec is not able to provide you with comprehensive information on how to comply with these laws and therefore, recommends that you consult an expert or legal advisor to create a compliance program within your organization. Information found on Symantec websites are for notification purposes only and should not be relied upon as legal advice. You will have to maintain this compliance at your own expense.
Under United States export control laws, controlled technology is assigned an Export Control Classification Number (ECCN) by the U.S. Department of Commerce, Bureau of Industry and Security (BIS) in the Commerce Control List (CCL). This is the basic classification indicating the level of control for an item. Given the appropriate ECCN, you should consult the Export Administration Regulations (EAR) or counsel to determine the appropriate license type and eligible countries for export purposes. The code number assigned by BIS to products that it has classified against the CCL is called the Commodity Classification Automated Tracking System (CCATS) number. Symantec can provide the CCATS number for all of its products classified. Symantec endeavors to publish commonly requested material to its websites and you may contact Symantec if you have any questions regarding the published information.
As a distributor or reseller, you are the exporter and importer of record, and will be responsible for any fees, duties, or taxes related to such activity. As the exporter of record, your are required to take any and all actions necessary to comply with applicable laws, including making determinations of final destination
© 2006-2009 Symantec Corporation. All rights reserved. Symantec Corporation confidential and proprietary information.
Symantec Confidential Information — For Internal Legal Use Only
of Symantec products licensed to end-users in the authorized territory that may be intended for re-export or transfer to a location outside of the territory. Since certain Symantec products and services are controlled under the EAR and may be subject to the approval of the United States Department of Commerce prior to export, any export, directly or indirectly, of controlled technology, in contravention of the EAR, or any other applicable law, regulation or order, is prohibited, including but not limited to the laws of members of the European Union and Singapore. All Symantec products and services are prohibited for export or re-export to Cuba, Iran, North Korea, Sudan, and Syria and to any country or its nationals subject to embargo or sanction (e.g. Afghanistan, Iraq), or to any entity or person for which an export license is required per any relevant restricted party list. Use or facilitation of Symantec products or controlled technology in connection with chemical, biological, or nuclear weapons, or missiles, drones or space launch vehicles capable of delivering such weapons is prohibited, in accordance with U.S. law.
More specifically, you cannot sell any Symantec Product that is controlled for export purposes, and, in particular those goods identified as “dual use” items under the European Union legislation or as applicable, Irish or Singaporean regulations, to any military entity or to any other entity for any military purpose without first obtaining the appropriate individual validated license for that specific transaction from the relevant authority.
Certain Symantec products and services must be approved by license, or otherwise approved, prior to the completion of any sale, or shipment. You may contact Symantec for information normally required from a product manufacturer to enable you to submit your request or application for a license, or other required approval. You are responsible for obtaining and maintaining in effect all licenses, permits and authorizations required for the performance of your legal obligations under your agreement with Symantec.
It is your sole responsibility to review the laws and sanctions lists published by the United States, your domestic trade authority, and other governments. The following is an introductory list of regulations to which certain Symantec products and services are subject:
| • | United States Export Administration Regulations as amended. | ||
| • | United States Department of Commence Denial and Probation Orders. | ||
| • | U.S. Department of Commerce Denied Persons, Entities and Unverified Lists. | ||
| • | U.S. Department of State’s Debarred List. | ||
| • | U.S. Department of Treasury’s lists of Specially Designated Nationals, Specially Designated Narcotics Traffickers or Specially Designated Terrorists. | ||
| • | European Regulations (including Council Regulation EC No 1334/2000 of 22 June 2000). |
© 2006-2009 Symantec Corporation. All rights reserved. Symantec Corporation confidential and proprietary information.
Symantec Confidential Information — For Internal Legal Use Only
| • | Irish Department of Enterprise Trade and Employment regulations including reporting compliance. | ||
| • | Singapore Strategic Goods Control regulations including reporting compliance. | ||
| • | Symantec encourages you to review the information on the following government-sponsored websites as part of your compliance program: | ||
| • | U.S. Department of Commerce, Bureau of Industry and Security (BIS), website at: http://www.bis.doc.gov. | ||
| • | U.S. Department of Treasury, Office of Foreign Assets Control (OFAC), website at: http://www.treas.gov/offices/enforcement/ofac/ | ||
| • | Ireland Department of Enterprise Trade and Employment (DETE) website at: http://www.entemp.ie/ | ||
| • | Singapore Strategic Goods Control website at: http://www.customs.gov.sg/stgc/topNav/hom/ | ||
| • | France Central Directorate for Information Systems Security (Direction Centrale de la Securite des Systemes d’Information (DCSSI)) website at: http://www.ssi.gouv.fr | ||
| • | United Nations website at: http://www.un.org/search/ ; http://www.un.org/sc/ctc/countryreports.shtml | ||
| • | Denied Parties Lists at: http://www.bis.doc.gov/complianceandenforcement/liststocheck.htm |
© 2006-2009 Symantec Corporation. All rights reserved. Symantec Corporation confidential and proprietary information.
APPENDIX B: EMEA SPP Country List
A Countries: United Kingdom and South Africa | ||
B Countries: France, Germany, Ireland, Italy, The Netherlands, Saudi Arabia, and United Arab Emirates | ||
C Countries: Rest of EMEA. See below for list of countries: | ||
| Albania | Cameroon | Finland | Kyrgyzstan | Mayotte | Russia | |||||
| Algeria | Cape Verde | Gabon | Latvia | Moldova | Spain | |||||
| Andorra | Chad | Gambia | Lebanon | Monaco | Swaziland | |||||
| Angola | Comoros | Georgia | Lesotho | Morocco | Sweden | |||||
| Armenia | Congo | Ghana | Liechtenstein | Mozambique | Switzerland | |||||
| Austria | Cote d’Ivoire | Greece | Lithuania | Namibia | Tanzania | |||||
| Azerbaijan | Croatia | Greenland | Luxembourg | New Caledonia | United Republic of Togo | |||||
| Bahrain | Cyprus | Guinea | Macedonia | Niger | Tunisia | |||||
| Belarus | Czech Republic | Hungary | Madagascar | Nigeria | Turkey | |||||
| Belgium | Denmark | Iceland | Malawi | Norway | Uganda | |||||
| Benin | Djibouti | Israel | Maldives | Oman | Ukraine | |||||
| Bosnia & Herzegovina | Egypt | Jordan | Mali | Pakistan | Uzbekistan | |||||
| Botswana | Equatorial Guinea | Kazakhstan | Malta | Poland | Yemen | |||||
| Bulgaria | Estonia | Kenya | Mauritania | Portugal | Zambia | |||||
| Burkina Faso | Ethiopia | Kuwait | Mauritius | Qatar | Zimbabwe |