By: Danielle Hatch

Apple, Inc. voluntarily disclosed to the Office of Foreign Assets Control (OFAC) its violations related to the Foreign Narcotics Kingpin Sanctions Regulations (FNKSR). In 2008 Apple entered into an app development agreement with SIS, d.o.o. (SIS), a Slovenian software company. In 2015 the company, and its director and majority owner, Savo Stjepanovic were added to the SDN list for their involvement in foreign narcotics trafficking.

Apple had a screening system in place and screened all companies and developers, but it failed to identify that SIS was now on the SDN List because there was not an exact match. The SDN List added the company name as SIS D.O.O. and Apple listed the company as SIS d.o.o., because this was not an exact match due to capitalization their screening system didn’t not pick up the change. Apple’s system did match the addresses for SIS but it took over two years before Apple realized that SIS and Stjepanovic were on the SDN List.

Between 2015 and 2017 Apple made 47 payments associated with SIS and collected $1,152,868 from customers who downloaded SIS apps while the company and its owner were on the SDN List.

The statutory maximum civil monetary penalty applicable in this case is $74,331,860, however that amount was drastically decreased by OFAC for the following reasons:

Specifically, OFAC determined the following to be aggravating factors:

  • Based on the number of Apparent Violations, the length of time over which the Apparent Violations occurred, and the multiple points of failure within the company’s sanctions compliance program, policies, and procedures, the conduct demonstrated reckless disregard for U.S. sanctions requirements;
  • Apple’s payments to SIS and for the blocked apps conferred significant economic benefit to SIS and its owner, as Apple’s App Store appears to have been the main business for SIS around the time it was designated; and
  • Apple is a large and sophisticated organization operating globally with experience and expertise in international transactions.

OFAC found the following to be an aggravating factor with respect to three Apparent Violations that occurred after Apple identified SIS as an SDNTK in February 2017:

  • Apple failed to take corrective actions in a timely manner after identifying SIS as an SDNTK, and continued to make payments for the download of blocked apps for multiple months.

OFAC determined the following to be mitigating factors:

  • The volume and total amount of payments underlying the Apparent Violations was not significant compared to the total volume of transactions undertaken by Apple on an annual basis;
  • Apple has not received a penalty notice or Finding of Violation from OFAC in the five years preceding the date of the transaction giving rise to the Apparent Violations; and
  • Apple responded to numerous requests for information in a prompt manner. Additionally, Apple has confirmed that it has terminated the conduct that led to the Apparent Violations and has undertaken the following measures as part of its compliance commitments to minimize the risk of recurrence of similar conduct in the future:
  • Increased the role of the Global Export and Sanctions Compliance Senior Manager in the escalation and review process;
  • Reconfigured the primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country-specific business suffixes, and implemented an annual review of the tool’s logic and configuration;
  • Expanded sanctions screening to include not only app developers, but also their designated payment beneficiaries and associated banks;
  • Updated the instructions for employees to review potential SDN List matches flagged by the primary sanctions screening tool; and
  • Implemented mandatory training for all employees on export and sanctions regulations.


OFAC Notice: