Sanctions Screening Software Isn’t Foolproof

Sanctions Screening Software Isn’t Foolproof

Last week the Treasury Department’s Office of Foreign Assets Control (OFAC) announced that it had reached an agreement with Apple, Inc., to resolve apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations (“FNKSR”). Apple allegedly violated the FNKSR by hosting, selling, and facilitating the transfer of software applications developed by SIS, d.o.o. (“SIS”), a Slovenian software company. While the $470,000 settlement is the equivalent of a rounding error for the trillion-dollar company, the interesting part of the settlement agreement was the level of detail regarding Apple’s sanctions screening missteps and their resulting commitments to improve. The settlement highlights the importance of detailed screening procedures for the use of sanctions screening software and adequate employee training to resolve potential red flags.

Apple entered into an app development agreement with SIS in 2008. On February 24, 2015, OFAC added SIS and its director/majority owner, Savo Stjepanovic, to its List of Specially Designated Nationals and Blocked Persons (the SDN List) for their role in an international steroid trafficking ring led by a Mihael Karner. As part of the announcement, OFAC provided SIS’s address, registration number, tax ID number, Mr. Stjepanovic’s date of birth and passport number as well as a diagram titled “KARNER Steroid Trafficking Network” linking SIS and Mr. Stjepanovic. Apple used its sanctions screening tool to screen app developer account holder names, but the tool failed to identify SIS as a blocked entity. According to Apple, the tool failed to match the upper case “SIS DOO” in Apple’s system with the SDN List’s lower-case version of “SIS d.o.o.” even though the system did match an address for SIS. Note that the term “d.o.o.” is a standard corporate suffix in Slovenia to identify limited liability corporations.

In addition to missing SIS, ties to Mr. Stjepanovic went undetected by Apple’s screening software tool. Mr. Stjepanovic was listed as an “account administrator” in SIS’s App Store developer account and not as a “developer.” According to Apple, the company’s compliance procedures in place at the time did not screen all individual users identified in an App Store account but limited its search to those identified as “developers.” As a result, Apple continued to host SIS’s apps in the App store, allowed downloads and sales, received payments from App Store users downloading the app, permitted SIS to transfer and sell its apps to two other developers, and remitted funds on a monthly basis. It was not until February 2017 that Apple identified SIS as a potential hit following enhancements to its sanctions screening tool. In that two-year period, Apple had made 47 payments associated with the blocked apps and collected a little over $1.1 million from App Store customers who had downloaded SIS apps.

As part of the enforcement announcement, OFAC highlighted various measures that Apple has undertaken to minimize risks in the future, including:

  • An increased role for the Global Export and Sanctions Compliance Senior Manager in the escalation and review process;
  • Reconfiguration of its primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country-specific business suffixes;
  • Annual review of the tool’s logic and configuration;
  • Expanded sanctions screening to include app developers as well as their designated payment beneficiaries and associated banks;
  • Updated employee instructions to review potential SDN matches flagged by the primary sanctions tools; and
  • Mandatory training for all employees on export and sanctions regulations.

Apple isn’t the only company to have software screening issues come to light before OFAC. Earlier this fall, General Electric Company (“GE”), on behalf of three current and former GE subsidiaries [Getsco Technical Services, Inc.; Bentley Nevada; and GE Betz (collectively, the “GE Companies”)], agreed to settle potential civil liability for alleged violations of the Cuban Assets Control Regulations for accepting payment from the Cobalt Refinery Company (“Cobalt”) for invoices issued to GE’s Canadian customer. Although Cobalt had appeared on the SDN List since June 1995, the company’s status as an SDN went undetected by sanctions screening software used by the GE Companies because the software had been screening for an acronym used by Cobalt (“Corefco”), rather than its full legal entity name as listed on the checks received by the GE Companies and listed on the SDN List.

Similarly, in 2018, JP Morgan Chase Bank also received a Finding of Violation from OFAC for violations of the FNKSR and the Syrian Sanctions Regulations when it processed transactions and maintained accounts for six customers identified on the SDN List. The software screening system they had in place from 2007 to 2013 failed to identify customer names with hyphens, initials, or additional middle or last names as potential matches to similar or identical names on the SDN List. Additionally, employees failed to further investigate the potential red flags despite similarities in names, addresses, and dates of birth.

Each of these cases provides a snapshot as to how minor breakdowns in the sanctions screening software and/or accompanying employee procedures can result in potential violations going undetected. As described in its Framework for OFAC Compliance Commitments published on May 2, 2019, root causes of screening software deficiencies arise when organizations fail to update their screening software to incorporate updates to the SDN List or the Sectoral Sanctions Identifications List, fail to include pertinent identifiers like SWIFT Business Identifier Codes for financial institutions, or did not account for alternative spellings of prohibited parties or countries (i.e., Habana instead of Havana). When selecting a screening software solution, it’s important to ensure that the solution is capable of recognizing each data element and is able to conduct fuzzy logic searches to identify potential matches.

However, even with these features added, a screening software tool will only be as effective as the accompanying procedures used to implement the software. Companies should screen customers, intermediaries, or other parties involved in the transaction, including those mentioned in commercial and financial documents in order to identify sanctioned destinations, parties, or dealings. Further, procedures should detail a process for employees to escalate a hit for further review to resolve potential matches. This requires training employees on the importance of sanctions screening as well as the company’s specific policies and procedures to vet information and react to potential red flags.

In short, while most screening software tools are comprehensive, the human element is key. Operators have to be adept at operating the screens, analyzing the results, and following up with additional scrutiny when warranted.  Otherwise, the right tool may produce the wrong outcome.

Recent Posts

ECCNs Explained: Decoding Export Classification Numbers
What Is Export Control? A Guide to International Trade Compliance
Navigating Global Trade: Understanding The Importance of an Export Compliance Program
What is SNAP-R and Its Role in Export Compliance?
How do I get ITAR Certified?
What is Export Classification?
Elements of a Comprehensive Export Compliance Program (ECP) Manual
Exporting 101: The Differences Between HS Codes and Schedule B Numbers
Why the Harmonized System is Not Just About Customs Duties Anymore
On your mark, Get Set…The I-129 Race
CTP Updates

Latest Posts

Man, in denim long sleeve shirt, scratching his head as he looks at shelves filled with blue binders.

ECCNs Explained: Decoding Export Classification Numbers

Cut through the complexities of Export Control Classification Numbers (ECCNs) with our expert assistance. Learn how CTP can help your business navigate export regulations, ensuring compliance and success in international trade.

Read More
Blue Arrow Icon
Container Ship, Followed by Tugboat, Passing a Busy Port

What Is Export Control? A Guide to International Trade Compliance

Discover the essentials of export control compliance for exporters. Learn how CTP's expert services can help you understand and comply with ITAR, EAR, and other regulations to ensure your company's ongoing success in global trade.

Read More
Blue Arrow Icon
A woman in a blue suit jacket holding a tablet, standing in an active warehouse with a forklift and pallets of goods in the background

Navigating Global Trade: Understanding The Importance of an Export Compliance Program

An Export Compliance Program (ECP), ensures that all their responsibilities are addressed at the right time and in the right way.

Read More
Blue Arrow Icon
Contact Us

How Can CTP Help You?

Please complete the form.
A member of the CTP team will be in touch soon!

Phone Icon
Email Icon
Location Ping Icon
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
All rights reserved 2024 © CTP, Inc. | Privacy Policy