Microsoft fined $3M for software sales to sanctioned countries – 10 April

Microsoft to Pay $3 Million Penalty for Selling Software to Sanctioned Companies in Russia.

• Microsoft has agreed to pay a $3 million penalty in the United States for selling software to sanctioned companies in Cuba, Iran, Russia, and Syria between 2012 and 2019. The majority of the apparent violations involved blocked Russian entities or persons located in Crimea and were a result of Microsoft’s failure to prevent the use of its products by prohibited parties, according to the US Department of the Treasury.
• Microsoft, Microsoft Ireland, and Microsoft Russia failed to oversee who was buying the company’s software and services through third-party partners. The Microsoft Entities engaged in 1,339 apparent violations of multiple OFAC sanctions programs, resulting in sales and related services worth $12,105,189.79.
• The causes of these apparent violations included the lack of complete or accurate information on the identities of the end customers for Microsoft’s products. Microsoft takes export control and sanctions compliance very seriously, and after learning of screening failures and infractions of a few employees, voluntarily disclosed them to the appropriate authorities.
• According to an enforcement notice from OFAC, Microsoft Russia employees may have intentionally tried to defeat the company’s due diligence efforts. However, the settlement amount reflects OFAC’s determination that the conduct of the Microsoft Entities was non-egregious and voluntarily self-disclosed, and further reflects the significant remedial measures Microsoft undertook upon discovery of the apparent violations.
• The violations occurred when the Microsoft Entities sold software licenses, activated software licenses, and/or provide related services from servers and systems located in the US and Ireland to SDNs, blocked persons, and other end-users located in Cuba, Iran, Syria, Russia, and Crimea. Microsoft’s failure to identify and prevent the use of its products by prohibited parties led to apparent violations, as the company lacked complete or accurate information on the identities of its end customers.
• This incident highlights the importance of companies ensuring compliance with export control and sanctions regulations, particularly when doing business with prohibited parties. It also underscores the need for companies to have effective screening measures in place to identify and prevent sales to prohibited parties. Microsoft’s voluntary disclosure and remedial measures serve as an example of best practices for other companies to follow.