Apple violated US sanctions as a result of a negligent approach to compliance, according to the US Office of Foreign Assets Control (OFAC).
The Cupertino company voluntarily disclosed that the App Store had inadvertently violated sanctions against a Slovenian developer for more than two years…
The WSJ reports that while OFAC was pleased Apple disclosed the violation as soon as it realized what it had done, the incident revealed that the company’s approach to sanctions compliance during that time had been ‘reckless.’
Apple allegedly entered into an app development agreement with SIS d.o.o., an app developer based in Trzin, Slovenia, in 2008, according to the settlement agreement between OFAC and Apple.
In February 2015, OFAC blacklisted SIS and its majority owner Savo Stjepanovic for allegedly being part of an international steroid trafficking network. As a result of the designations, any property that SIS or Mr. Stjepanovic had an interest in were blocked, and U.S. individuals and entities were prohibited from dealing with them. In May 2017, OFAC removed Mr. Stjepanovic and SIS from its blacklist.
During the time SIS was blacklisted, Apple made 47 payments related to the company’s blocked apps, including making payments directly to SIS, OFAC said. Apple also collected about $1.2 million from customers that downloaded SIS’s apps.
OFAC said the span of time over which the alleged violations happened and the multiple points of failure within Apple’s sanctions compliance program showed “reckless disregard for U.S. sanctions requirements,” according to the agreement.
How was Apple reckless? The agreement identified two basic failures on Apple’s part, the first of them rather hard to fathom by a company with Apple’s software expertise: a simple pattern-matching failure.
On the day Mr. Stjepanovic and SIS were blacklisted, Apple ran the new designations against its app developer account holder names. But the company’s sanctions-screening tool failed to identify SIS as a blacklisted entity because Apple’s system listed the company as “SIS DOO,” rather than “SIS d.o.o” on OFAC’s list, according to the agreement.
Apple allegedly failed to identify Mr. Stjepanovic as a blacklisted individual in its system as well, because Apple didn’t screen all individual users associated with an App Store account at the time, according to the agreement.
It was the combination of these two failures which meant that Apple violated US sanctions for such a lengthy period. OFAC says that Apple agreed to pay a $467,000 fine, and has since made appropriate changes to its compliance program.
FTC: We use income earning auto affiliate links. More.