Microsoft agreed to pay more than $3 million in fines for selling software to sanctioned entities and individuals in Cuba, Iran, Syria, and Russia from 2012 to 2019. The US Treasury Department says that “the majority of apparent violations involving banned Russian entities or persons are located in the Crimea region of Ukraine.” and that the company will pay approximately $2.98 million to the Treasury’s Office of Foreign Assets Control (OFAC) and $347,631 to the Department of Commerce. (It was settled for $624,013 but will receive a credit for its agreement with the Treasury.)
According to an OFAC enforcement notice, Microsoft, Microsoft Ireland, and Microsoft Russia failed to supervise who was purchasing the company’s software and services through third-party partners. Basically, Microsoft has sold things to companies that do could I dealt with it legally, but then those companies turned around and sold it to companies that shouldn’t have been able to get Microsoft products. “In some volume licensing programs that involve sales by intermediaries, Microsoft is not provided with, nor otherwise obtained, complete or accurate information about the end customers of its products,” the notice read.
The Treasury Department says this is just one example of Russia trying to circumvent sanctions
Microsoft Russia employees may also have intentionally tried to defeat the company’s due diligence efforts. The release includes details about a Russian oil and gas infrastructure company that Microsoft screened and rejected before “some Microsoft Russia employees succeeded in using an alias for that subsidiary to arrange requests on behalf of the company.” Those employees were fired, but OFAC says the fact “underscores the continuing efforts of actors in the Russian Federation to evade US sanctions.”
The Treasury also says that Microsoft has some other loopholes in its compliance procedures. Apparently there have been cases where it had information that should have alerted it to the fact that a sanctioned party was using its products, but it didn’t find out for a number of reasons. That includes not compiling its information properly and the fact that it wasn’t vetting all of the banned parties — its lists didn’t include companies that were majority owned by a sanctioned company, and it didn’t include Cyrillic or Chinese names. , which customers often provided when they were applying to purchase the software, according to the Treasury Department.
The fines might seem like a small drop in the bucket for Microsoft, especially when the Treasury Department says the company collected about $12 million in sales. However, despite the Treasury Department saying that Microsoft “has shown a reckless disregard for US sanctions,” it appears to be discounting the company a fair amount of laxity for the way it handled the situation. According to the announcement, it was Microsoft that discovered the violations, investigated them, and then reported them to the government itself, and the company made “significant” changes to compile its policies and enforcement procedures.