OFAC reaches $2.1 million settlement with German software company

Financial Crimes OFAC Department of Treasury Enforcement Sanctions Iran OFAC Designations Of Interest to Non-US Persons Department of Justice Settlement

On April 29, OFAC announced a more than $2.1 million settlement with a Germany-based software company for 190 apparent violations of the Iranian Transactions and Sanctions Regulations. According to OFAC’s website notice, between June 2013 and January 2018, the company “authorized 13 sales of [company] software licenses, 169 sales of related maintenance services and updates, and eight sales of cloud-based subscription services.” Third-party resellers, which the company allegedly referred to as “pass-through entities” in Turkey, the United Arab Emirates (UAE), Germany, and Malaysia, sold the software licenses and related maintenances services and updates, OFAC noted.

In arriving at the settlement amount, OFAC considered various aggravating factors, including that the company (i) demonstrated reckless disregard and failed to exercise sufficient caution or care for U.S. economics sanctions by failing to act on audit findings regarding sanction risk or warnings from compliance, and by ignoring whistleblower complaints; (ii) failed to have an adequate compliance program for a company of its size; (iii) had information to conclude that the software and cloud services were being utilized by entities and end-users in Iran and were supported from the US; and (iv) “is a sophisticated software company with significant international operations and has numerous foreign subsidiaries.”

OFAC also considered various mitigating factors, including that the company (i) cooperated with OFAC’s investigation; (ii) has undertaken remedial measures, including terminating the users connected to the third-country entities, the partners who participated in the sales to Iranian companies, and five employees who were found to have “knowingly engaged in the sale of. . . products to Iran”; (iii) has prohibited downloads of software, support, and maintenance from embargoed countries; (iv) implemented a risk-based export control framework for partners that requires a stringent review of proposed sales by a third-party auditor; (v) created an upgraded compliance program; and (vi) hired new employees responsible for export control and trade sanctions compliance.

Separately, the DOJ announced that the company agreed to pay a $8 million fine and entered into a Non-Prosecution Agreement as a result of its voluntary disclosure to the DOJ and “extensive cooperation and strong remediation.” Pursuant to the agreement, the company “will disgorge $5.14 million of ill-gotten gain.”