November 25, 2019

Case-sensitive sanctions screening software may have contributed to apparent NKSR violations by Apple

The Office of Foreign Assets Control of the US Department of Justice has resolved its investigation into apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations (FNKSR), 31 CFR part 598, by Apple, Inc.  According to OFAC, Apple appears to have violated the FNKSR by dealing in the property of SIS, d.o.o., a Slovenian software company listed on OFAC’s list of Specially Designated Nationals and Blocked Persons.  

The Enforcement Information provided by OFAC indicates that Apple entered into an application development agreement with SIS in 2008, and that SIS and its majority owner were designated pursuant to the Foreign Narcotics Kingpin Designation Act, 21 USC §§ 1901-1908, in February 2015.  At that time, OFAC published the address, registration number, and tax identification number of SIS, as well as a photograph of Savo Stjepanovic, the majority owner of SIS, who had been designated along with the company.  It appears that Apple’s sanctions screening tool failed to identify that SIS and its owner had been added to the SDN list, possibly because the tool failed to equate SIS d.o.o. with SIS DOO, as the company’s name was written in Apple’s system.  According to OFAC, Apple’s compliance process also failed to identify the “account administrator” listed in SIS’ App Store developer account with the Stjepanovic on the SDN list because the tool only screened individuals listed as “developers.”  OFAC claims that in the months following the designation, Apple continued to host software applications owned by SIS, allowed downloads and sales of the blocked apps, received payments from users downloading the blocked SIS apps, permitted SIS to sell its apps to two other developers, and remitted funds to SIS regularly.  Eventually, the SIS software was transferred to two different companies, to which Apple continued transferring payments.

In February 2017, after enhancing its sanctions screening tool, Apple identified SIS as a potential SDNTK and suspended further payments to one of the two transferee companies.  However, Apple continued making payments to the second transferee company, according to the Enforcement Information, and in all, made 47 payments for the blocked apps after SIS was listed as an SDN, and collected a total of $1,152,868 from customers who downloaded SIS apps over a 54 month period.

OFAC’s settlement with Apple requires the payment of $466,912.  In determining the appropriate monetary penalty, OFAC considered as mitigating factors the small volume of payments associated with the apparent violations, Apple’s clean record over the five years preceding the date of the apparent violations, and Apple’s responsiveness to OFAC’s requests for information.  Apple has confirmed that it has enhanced its compliance program by increasing the role of the Global Export and Sanctions Compliance Senior Manager, by mandating sanctions training for all employees, and by reconfiguring and expanding the scope of its primary sanctions screening tool.  OFAC found Apple’s failure to take corrective actions in a timely manner as an aggravating factor, along with Apple’s status as a large and sophisticated global organization.  OFAC also determined that, based on the number of apparent violations and the length of time over which they occurred, Apple’s conduct demonstrated a reckless disregard for US sanctions requirements.

OFAC Enforcement Information |