Microsoft agreed to pay more than $3 million in penalties for selling software to sanctioned individuals and entities in Russia, Iran, Syria and Cuba between 2012 and 2019. According to the US Department of the Treasury, “most of the violations were against blocked Russian entities or persons located within the Crimea region of Ukraine”. The company will pay approximately $2.98 million to the Treasury’s Office of Foreign Assets Control (or OFAC), and $347.631 to the Department of Commerce. It settled for $624,000.13, but it will be given a credit for the agreement with Treasury.
An enforcement notice from OFAC states that Microsoft, Microsoft Ireland and Microsoft Russia failed in their duty to monitor who was purchasing the software and services of the company through third-party suppliers. Microsoft sold products to companies it could legally handle, and then these companies sold the software to companies that shouldn’t have been allowed to access Microsoft products. The notice states that Microsoft was not given, or obtained, accurate information about the final end customers of its products in certain volume-licensing programmes involving sales through intermediaries.
According to the Treasury, this is only one instance of Russia trying out sanctions avoidance
Microsoft Russia employees might have tried to undermine the company’s due diligence efforts. This release contains details about a Russian company involved in oil and gas infrastructure. Microsoft rejected the application before “certain Microsoft Russia employees successfully used that pseudonym to place orders for the company”. These employees were fired but OFAC states that the fact “underscores” the persistence of Russian Federation actors to evade U.S sanctions.
According to the Treasury, Microsoft also had other weaknesses in its compliance procedures. It was able to access information that would have alerted it that a sanctioned party was using its software, but it failed to do so for many reasons. It failed to properly combine its information, and it didn’t scan for all restricted parties. According to the Treasury, its lists did not include companies majority-owned or Chinese names. These are often the names of customers who applied to buy the software.
Microsoft may feel that the fines are a small amount of money, particularly when the Treasury estimates that the company made around $12 million in sales. The Treasury stated that Microsoft had “demonstrated reckless disregard for U.S. sanction,” but it appears to be giving the company some slack due to how it handled this situation. The announcement stated that Microsoft was the one who discovered the violations and investigated them. After reporting them to the government, the company made “significant” improvements to its enforcement policies and procedures.
“Microsoft treats export control compliance and sanctions compliance very seriously. This is why, after learning about the screening failures, infractions, and other violations of a few employees we voluntarily disclosed them the appropriate authorities,” stated David Cuddy, a spokesperson of the company. “We cooperated fully in their investigation and are happy with the settlement.”
Microsoft may make important changes to its policies in the future. This was all before Russia invaded Ukraine in 2014. However, since then, the number of sanctions against Estonia has risen. Many of these sanctions relate to technology sales. Microsoft isn’t the only one who could face consequences for selling restricted technology to Russia. An Estonian national was charged earlier this week by the Department of Justice for allegedly selling US electronic and hacking tools to Russian military.