Microsoft will pay $3 million in penalty in the US for selling software to sanctioned companies in Russia, Cuba, Iran and Syria from 2012 to 2019.
The majority of the apparent violations involved blocked Russian entities or persons located in the Crimea region of Ukraine, and occurred as a result of the Microsoft Entities’ failure to identify and prevent the use of its products by prohibited parties, according to the US Department of the Treasury.
“The settlement amount reflects Office of Foreign Assets Control’s (OFAC) determination that the conduct of the Microsoft Entities was non-egregious and voluntarily self-disclosed, and further reflects the significant remedial measures Microsoft undertook upon discovery of the apparent violations,” it said in a statement.
According to an enforcement notice from OFAC, Microsoft, Microsoft Ireland, and Microsoft Russia failed to oversee who was buying the company’s software and services through third-party partners.
Between July 2012 and April 2019, the Microsoft Entities engaged in 1,339 apparent violations of multiple OFAC sanctions programmes when they sold software licenses, activated software licenses, and/or provided related services from servers and systems located in the US and Ireland to SDNs, blocked persons, and other end users located in Cuba, Iran, Syria, Russia, and the Crimea region of Ukraine.
“The causes of these apparent violations included the lack of complete or accurate information on the identities of the end customers for Microsoft’s products,” said the Treasury.
The total value of these sales and related services was $12,105,189.79.
Microsoft Russia employees may have also intentionally tried to defeat the company’s due diligence efforts, according to the US agency.
A Microsoft spokesperson said that “Microsoft takes export control and sanctions compliance very seriously, which is why after learning of the screening failures and infractions of a few employees, we voluntarily disclosed them to the appropriate authorities”.